Blame

Date:
Message:
getpwuid() returns NULL without setting errno if no user is found pointed out by millert@
Actions:
History | Blob | Raw File
  1 0ccf3acb 2022-11-16 stsp /*

  2 0ccf3acb 2022-11-16 stsp  * Copyright (c) 2022 Stefan Sperling <stsp@openbsd.org>

  3 0ccf3acb 2022-11-16 stsp  * Copyright (c) 2015 Ted Unangst <tedu@openbsd.org>

  4 0ccf3acb 2022-11-16 stsp  *

  5 0ccf3acb 2022-11-16 stsp  * Permission to use, copy, modify, and distribute this software for any

  6 0ccf3acb 2022-11-16 stsp  * purpose with or without fee is hereby granted, provided that the above

  7 0ccf3acb 2022-11-16 stsp  * copyright notice and this permission notice appear in all copies.

  8 0ccf3acb 2022-11-16 stsp  *

  9 0ccf3acb 2022-11-16 stsp  * THE SOFTWARE IS PROVIDED "AS IS" AND THE AUTHOR DISCLAIMS ALL WARRANTIES

 10 0ccf3acb 2022-11-16 stsp  * WITH REGARD TO THIS SOFTWARE INCLUDING ALL IMPLIED WARRANTIES OF

 11 0ccf3acb 2022-11-16 stsp  * MERCHANTABILITY AND FITNESS. IN NO EVENT SHALL THE AUTHOR BE LIABLE FOR

 12 0ccf3acb 2022-11-16 stsp  * ANY SPECIAL, DIRECT, INDIRECT, OR CONSEQUENTIAL DAMAGES OR ANY DAMAGES

 13 0ccf3acb 2022-11-16 stsp  * WHATSOEVER RESULTING FROM LOSS OF USE, DATA OR PROFITS, WHETHER IN AN

 14 0ccf3acb 2022-11-16 stsp  * ACTION OF CONTRACT, NEGLIGENCE OR OTHER TORTIOUS ACTION, ARISING OUT OF

 15 0ccf3acb 2022-11-16 stsp  * OR IN CONNECTION WITH THE USE OR PERFORMANCE OF THIS SOFTWARE.

 16 0ccf3acb 2022-11-16 stsp  */

 17 0ccf3acb 2022-11-16 stsp 

 18 0ccf3acb 2022-11-16 stsp #include <sys/types.h>

 19 0ccf3acb 2022-11-16 stsp #include <sys/queue.h>

 20 0ccf3acb 2022-11-16 stsp #include <sys/uio.h>

 21 0ccf3acb 2022-11-16 stsp 

 22 0ccf3acb 2022-11-16 stsp #include <errno.h>

 23 0ccf3acb 2022-11-16 stsp #include <event.h>

 24 0ccf3acb 2022-11-16 stsp #include <limits.h>

 25 0ccf3acb 2022-11-16 stsp #include <pwd.h>

 26 0ccf3acb 2022-11-16 stsp #include <grp.h>

 27 0ccf3acb 2022-11-16 stsp #include <sha1.h>

 28 0ccf3acb 2022-11-16 stsp #include <stdint.h>

 29 0ccf3acb 2022-11-16 stsp #include <stdio.h>

 30 0ccf3acb 2022-11-16 stsp #include <stdlib.h>

 31 0ccf3acb 2022-11-16 stsp #include <imsg.h>

 32 ddbe612c 2022-11-17 stsp #include <unistd.h>

 33 0ccf3acb 2022-11-16 stsp 

 34 0ccf3acb 2022-11-16 stsp #include "got_error.h"

 35 0ccf3acb 2022-11-16 stsp 

 36 0ccf3acb 2022-11-16 stsp #include "gotd.h"

 37 ddbe612c 2022-11-17 stsp #include "log.h"

 38 0ccf3acb 2022-11-16 stsp #include "auth.h"

 39 0ccf3acb 2022-11-16 stsp 

 40 0ccf3acb 2022-11-16 stsp static int

 41 0ccf3acb 2022-11-16 stsp parseuid(const char *s, uid_t *uid)

 42 0ccf3acb 2022-11-16 stsp {

 43 0ccf3acb 2022-11-16 stsp 	struct passwd *pw;

 44 0ccf3acb 2022-11-16 stsp 	const char *errstr;

 45 0ccf3acb 2022-11-16 stsp 

 46 0ccf3acb 2022-11-16 stsp 	if ((pw = getpwnam(s)) != NULL) {

 47 0ccf3acb 2022-11-16 stsp 		*uid = pw->pw_uid;

 48 0ccf3acb 2022-11-16 stsp 		if (*uid == UID_MAX)

 49 0ccf3acb 2022-11-16 stsp 			return -1;

 50 0ccf3acb 2022-11-16 stsp 		return 0;

 51 0ccf3acb 2022-11-16 stsp 	}

 52 0ccf3acb 2022-11-16 stsp 	*uid = strtonum(s, 0, UID_MAX - 1, &errstr);

 53 0ccf3acb 2022-11-16 stsp 	if (errstr)

 54 0ccf3acb 2022-11-16 stsp 		return -1;

 55 0ccf3acb 2022-11-16 stsp 	return 0;

 56 0ccf3acb 2022-11-16 stsp }

 57 0ccf3acb 2022-11-16 stsp 

 58 0ccf3acb 2022-11-16 stsp static int

 59 0ccf3acb 2022-11-16 stsp uidcheck(const char *s, uid_t desired)

 60 0ccf3acb 2022-11-16 stsp {

 61 0ccf3acb 2022-11-16 stsp 	uid_t uid;

 62 0ccf3acb 2022-11-16 stsp 

 63 0ccf3acb 2022-11-16 stsp 	if (parseuid(s, &uid) != 0)

 64 0ccf3acb 2022-11-16 stsp 		return -1;

 65 0ccf3acb 2022-11-16 stsp 	if (uid != desired)

 66 0ccf3acb 2022-11-16 stsp 		return -1;

 67 0ccf3acb 2022-11-16 stsp 	return 0;

 68 0ccf3acb 2022-11-16 stsp }

 69 0ccf3acb 2022-11-16 stsp 

 70 0ccf3acb 2022-11-16 stsp static int

 71 0ccf3acb 2022-11-16 stsp parsegid(const char *s, gid_t *gid)

 72 0ccf3acb 2022-11-16 stsp {

 73 0ccf3acb 2022-11-16 stsp 	struct group *gr;

 74 0ccf3acb 2022-11-16 stsp 	const char *errstr;

 75 0ccf3acb 2022-11-16 stsp 

 76 0ccf3acb 2022-11-16 stsp 	if ((gr = getgrnam(s)) != NULL) {

 77 0ccf3acb 2022-11-16 stsp 		*gid = gr->gr_gid;

 78 0ccf3acb 2022-11-16 stsp 		if (*gid == GID_MAX)

 79 0ccf3acb 2022-11-16 stsp 			return -1;

 80 0ccf3acb 2022-11-16 stsp 		return 0;

 81 0ccf3acb 2022-11-16 stsp 	}

 82 0ccf3acb 2022-11-16 stsp 	*gid = strtonum(s, 0, GID_MAX - 1, &errstr);

 83 0ccf3acb 2022-11-16 stsp 	if (errstr)

 84 0ccf3acb 2022-11-16 stsp 		return -1;

 85 0ccf3acb 2022-11-16 stsp 	return 0;

 86 0ccf3acb 2022-11-16 stsp }

 87 0ccf3acb 2022-11-16 stsp 

 88 0ccf3acb 2022-11-16 stsp static int

 89 0ccf3acb 2022-11-16 stsp match_identifier(const char *identifier, gid_t *groups, int ngroups,

 90 0ccf3acb 2022-11-16 stsp     uid_t euid, gid_t egid)

 91 0ccf3acb 2022-11-16 stsp {

 92 0ccf3acb 2022-11-16 stsp 	int i;

 93 0ccf3acb 2022-11-16 stsp 

 94 0ccf3acb 2022-11-16 stsp 	if (identifier[0] == ':') {

 95 0ccf3acb 2022-11-16 stsp 		gid_t rgid;

 96 0ccf3acb 2022-11-16 stsp 		if (parsegid(identifier + 1, &rgid) == -1)

 97 0ccf3acb 2022-11-16 stsp 			return 0;

 98 ddbe612c 2022-11-17 stsp 		if (rgid == egid)

 99 ddbe612c 2022-11-17 stsp 			return 1;

100 0ccf3acb 2022-11-16 stsp 		for (i = 0; i < ngroups; i++) {

101 ddbe612c 2022-11-17 stsp 			if (rgid == groups[i])

102 0ccf3acb 2022-11-16 stsp 				break;

103 0ccf3acb 2022-11-16 stsp 		}

104 0ccf3acb 2022-11-16 stsp 		if (i == ngroups)

105 0ccf3acb 2022-11-16 stsp 			return 0;

106 0ccf3acb 2022-11-16 stsp 	} else if (uidcheck(identifier, euid) != 0)

107 0ccf3acb 2022-11-16 stsp 		return 0;

108 0ccf3acb 2022-11-16 stsp 

109 0ccf3acb 2022-11-16 stsp 	return 1;

110 0ccf3acb 2022-11-16 stsp }

111 0ccf3acb 2022-11-16 stsp 

112 0ccf3acb 2022-11-16 stsp const struct got_error *

113 0ccf3acb 2022-11-16 stsp gotd_auth_check(struct gotd_access_rule_list *rules, const char *repo_name,

114 ddbe612c 2022-11-17 stsp     uid_t euid, gid_t egid, int required_auth)

115 0ccf3acb 2022-11-16 stsp {

116 0ccf3acb 2022-11-16 stsp 	struct gotd_access_rule *rule;

117 0ccf3acb 2022-11-16 stsp 	enum gotd_access access = GOTD_ACCESS_DENIED;

118 ddbe612c 2022-11-17 stsp 	struct passwd *pw;

119 ddbe612c 2022-11-17 stsp 	gid_t groups[NGROUPS_MAX];

120 ddbe612c 2022-11-17 stsp 	int ngroups = NGROUPS_MAX;

121 0ccf3acb 2022-11-16 stsp 

122 ddbe612c 2022-11-17 stsp 	pw = getpwuid(euid);

123 e18d071f 2022-11-20 stsp 	if (pw == NULL) {

124 e18d071f 2022-11-20 stsp 		if (errno)

125 e18d071f 2022-11-20 stsp 			return got_error_from_errno("getpwuid");

126 e18d071f 2022-11-20 stsp 		else

127 e18d071f 2022-11-20 stsp 			return got_error_set_errno(EACCES, repo_name);

128 e18d071f 2022-11-20 stsp 	}

129 ddbe612c 2022-11-17 stsp 

130 ddbe612c 2022-11-17 stsp 	if (getgrouplist(pw->pw_name, pw->pw_gid, groups, &ngroups) == -1)

131 ddbe612c 2022-11-17 stsp 		log_warnx("group membership list truncated");

132 ddbe612c 2022-11-17 stsp 

133 0ccf3acb 2022-11-16 stsp 	STAILQ_FOREACH(rule, rules, entry) {

134 0ccf3acb 2022-11-16 stsp 		if (!match_identifier(rule->identifier, groups, ngroups,

135 0ccf3acb 2022-11-16 stsp 		    euid, egid))

136 0ccf3acb 2022-11-16 stsp 			continue;

137 0ccf3acb 2022-11-16 stsp 

138 0ccf3acb 2022-11-16 stsp 		access = rule->access;

139 0ccf3acb 2022-11-16 stsp 		if (rule->access == GOTD_ACCESS_PERMITTED &&

140 0ccf3acb 2022-11-16 stsp 		    (rule->authorization & required_auth) != required_auth)

141 0ccf3acb 2022-11-16 stsp 			access = GOTD_ACCESS_DENIED;

142 0ccf3acb 2022-11-16 stsp 	}

143 0ccf3acb 2022-11-16 stsp 

144 0ccf3acb 2022-11-16 stsp 	if (access == GOTD_ACCESS_DENIED)

145 0ccf3acb 2022-11-16 stsp 		return got_error_set_errno(EACCES, repo_name);

146 0ccf3acb 2022-11-16 stsp 

147 0ccf3acb 2022-11-16 stsp 	if (access == GOTD_ACCESS_PERMITTED)

148 0ccf3acb 2022-11-16 stsp 		return NULL;

149 0ccf3acb 2022-11-16 stsp 

150 0ccf3acb 2022-11-16 stsp 	/* should not happen, this would be a bug */

151 0ccf3acb 2022-11-16 stsp 	return got_error_msg(GOT_ERR_NOT_IMPL, "bad access rule");

152 0ccf3acb 2022-11-16 stsp }