1 /*
2  * Copyright (c) 2022 Stefan Sperling <stsp@openbsd.org>
3  * Copyright (c) 2015 Ted Unangst <tedu@openbsd.org>
4  *
5  * Permission to use, copy, modify, and distribute this software for any
6  * purpose with or without fee is hereby granted, provided that the above
7  * copyright notice and this permission notice appear in all copies.
8  *
9  * THE SOFTWARE IS PROVIDED "AS IS" AND THE AUTHOR DISCLAIMS ALL WARRANTIES
10  * WITH REGARD TO THIS SOFTWARE INCLUDING ALL IMPLIED WARRANTIES OF
11  * MERCHANTABILITY AND FITNESS. IN NO EVENT SHALL THE AUTHOR BE LIABLE FOR
12  * ANY SPECIAL, DIRECT, INDIRECT, OR CONSEQUENTIAL DAMAGES OR ANY DAMAGES
13  * WHATSOEVER RESULTING FROM LOSS OF USE, DATA OR PROFITS, WHETHER IN AN
14  * ACTION OF CONTRACT, NEGLIGENCE OR OTHER TORTIOUS ACTION, ARISING OUT OF
15  * OR IN CONNECTION WITH THE USE OR PERFORMANCE OF THIS SOFTWARE.
16  */
17 
18 #include <sys/types.h>
19 #include <sys/queue.h>
20 #include <sys/uio.h>
21 
22 #include <errno.h>
23 #include <event.h>
24 #include <limits.h>
25 #include <pwd.h>
26 #include <grp.h>
27 #include <sha1.h>
28 #include <stdint.h>
29 #include <stdio.h>
30 #include <stdlib.h>
31 #include <imsg.h>
32 #include <unistd.h>
33 
34 #include "got_error.h"
35 
36 #include "gotd.h"
37 #include "log.h"
38 #include "auth.h"
39 
40 static int
41 parseuid(const char *s, uid_t *uid)
42 {
43 	struct passwd *pw;
44 	const char *errstr;
45 
46 	if ((pw = getpwnam(s)) != NULL) {
47 		*uid = pw->pw_uid;
48 		if (*uid == UID_MAX)
49 			return -1;
50 		return 0;
51 	}
52 	*uid = strtonum(s, 0, UID_MAX - 1, &errstr);
53 	if (errstr)
54 		return -1;
55 	return 0;
56 }
57 
58 static int
59 uidcheck(const char *s, uid_t desired)
60 {
61 	uid_t uid;
62 
63 	if (parseuid(s, &uid) != 0)
64 		return -1;
65 	if (uid != desired)
66 		return -1;
67 	return 0;
68 }
69 
70 static int
71 parsegid(const char *s, gid_t *gid)
72 {
73 	struct group *gr;
74 	const char *errstr;
75 
76 	if ((gr = getgrnam(s)) != NULL) {
77 		*gid = gr->gr_gid;
78 		if (*gid == GID_MAX)
79 			return -1;
80 		return 0;
81 	}
82 	*gid = strtonum(s, 0, GID_MAX - 1, &errstr);
83 	if (errstr)
84 		return -1;
85 	return 0;
86 }
87 
88 static int
89 match_identifier(const char *identifier, gid_t *groups, int ngroups,
90     uid_t euid, gid_t egid)
91 {
92 	int i;
93 
94 	if (identifier[0] == ':') {
95 		gid_t rgid;
96 		if (parsegid(identifier + 1, &rgid) == -1)
97 			return 0;
98 		if (rgid == egid)
99 			return 1;
100 		for (i = 0; i < ngroups; i++) {
101 			if (rgid == groups[i])
102 				break;
103 		}
104 		if (i == ngroups)
105 			return 0;
106 	} else if (uidcheck(identifier, euid) != 0)
107 		return 0;
108 
109 	return 1;
110 }
111 
112 const struct got_error *
113 gotd_auth_check(struct gotd_access_rule_list *rules, const char *repo_name,
114     uid_t euid, gid_t egid, int required_auth)
115 {
116 	struct gotd_access_rule *rule;
117 	enum gotd_access access = GOTD_ACCESS_DENIED;
118 	struct passwd *pw;
119 	gid_t groups[NGROUPS_MAX];
120 	int ngroups = NGROUPS_MAX;
121 
122 	pw = getpwuid(euid);
123 	if (pw == NULL) {
124 		if (errno)
125 			return got_error_from_errno("getpwuid");
126 		else
127 			return got_error_set_errno(EACCES, repo_name);
128 	}
129 
130 	if (getgrouplist(pw->pw_name, pw->pw_gid, groups, &ngroups) == -1)
131 		log_warnx("group membership list truncated");
132 
133 	STAILQ_FOREACH(rule, rules, entry) {
134 		if (!match_identifier(rule->identifier, groups, ngroups,
135 		    euid, egid))
136 			continue;
137 
138 		access = rule->access;
139 		if (rule->access == GOTD_ACCESS_PERMITTED &&
140 		    (rule->authorization & required_auth) != required_auth)
141 			access = GOTD_ACCESS_DENIED;
142 	}
143 
144 	if (access == GOTD_ACCESS_DENIED)
145 		return got_error_set_errno(EACCES, repo_name);
146 
147 	if (access == GOTD_ACCESS_PERMITTED)
148 		return NULL;
149 
150 	/* should not happen, this would be a bug */
151 	return got_error_msg(GOT_ERR_NOT_IMPL, "bad access rule");
152 }