Blob

Date:
Message:
add a gotd "listen" process which watches the unix socket ok op@
Actions:
History | Blame | Raw File
1 /*

2  * Copyright (c) 2022 Stefan Sperling <stsp@openbsd.org>

3  * Copyright (c) 2016-2019, 2020-2021 Tracey Emery <tracey@traceyemery.net>

4  * Copyright (c) 2004, 2005 Esben Norby <norby@openbsd.org>

5  * Copyright (c) 2004 Ryan McBride <mcbride@openbsd.org>

6  * Copyright (c) 2002, 2003, 2004 Henning Brauer <henning@openbsd.org>

7  * Copyright (c) 2001 Markus Friedl.  All rights reserved.

8  * Copyright (c) 2001 Daniel Hartmeier.  All rights reserved.

9  * Copyright (c) 2001 Theo de Raadt.  All rights reserved.

10  *

11  * Permission to use, copy, modify, and distribute this software for any

12  * purpose with or without fee is hereby granted, provided that the above

13  * copyright notice and this permission notice appear in all copies.

14  *

15  * THE SOFTWARE IS PROVIDED "AS IS" AND THE AUTHOR DISCLAIMS ALL WARRANTIES

16  * WITH REGARD TO THIS SOFTWARE INCLUDING ALL IMPLIED WARRANTIES OF

17  * MERCHANTABILITY AND FITNESS. IN NO EVENT SHALL THE AUTHOR BE LIABLE FOR

18  * ANY SPECIAL, DIRECT, INDIRECT, OR CONSEQUENTIAL DAMAGES OR ANY DAMAGES

19  * WHATSOEVER RESULTING FROM LOSS OF USE, DATA OR PROFITS, WHETHER IN AN

20  * ACTION OF CONTRACT, NEGLIGENCE OR OTHER TORTIOUS ACTION, ARISING OUT OF

21  * OR IN CONNECTION WITH THE USE OR PERFORMANCE OF THIS SOFTWARE.

22  */

24 %{

25 #include <sys/time.h>

26 #include <sys/types.h>

27 #include <sys/queue.h>

28 #include <sys/stat.h>

30 #include <ctype.h>

31 #include <err.h>

32 #include <errno.h>

33 #include <event.h>

34 #include <imsg.h>

35 #include <limits.h>

36 #include <sha1.h>

37 #include <stdarg.h>

38 #include <stdlib.h>

39 #include <stdio.h>

40 #include <string.h>

41 #include <syslog.h>

42 #include <unistd.h>

44 #include "got_error.h"

45 #include "got_path.h"

47 #include "log.h"

48 #include "gotd.h"

50 TAILQ_HEAD(files, file)		 files = TAILQ_HEAD_INITIALIZER(files);

51 static struct file {

52 	TAILQ_ENTRY(file)	 entry;

53 	FILE			*stream;

54 	char			*name;

55 	int			 lineno;

56 	int			 errors;

57 } *file;

58 struct file	*newfile(const char *, int);

59 static void	 closefile(struct file *);

60 int		 check_file_secrecy(int, const char *);

61 int		 yyparse(void);

62 int		 yylex(void);

63 int		 yyerror(const char *, ...)

64     __attribute__((__format__ (printf, 1, 2)))

65     __attribute__((__nonnull__ (1)));

66 int		 kw_cmp(const void *, const void *);

67 int		 lookup(char *);

68 int		 lgetc(int);

69 int		 lungetc(int);

70 int		 findeol(void);

72 TAILQ_HEAD(symhead, sym)	 symhead = TAILQ_HEAD_INITIALIZER(symhead);

73 struct sym {

74 	TAILQ_ENTRY(sym)	 entry;

75 	int			 used;

76 	int			 persist;

77 	char			*nam;

78 	char			*val;

79 };

81 int	 symset(const char *, const char *, int);

82 char	*symget(const char *);

84 static int		 errors;

86 static struct gotd		*gotd;

87 static struct gotd_repo		*new_repo;

88 static struct gotd_repo		*conf_new_repo(const char *);

89 static void			 conf_new_access_rule(struct gotd_repo *,

90 				    enum gotd_access, int, char *);

91 static enum gotd_procid		 gotd_proc_id;

93 typedef struct {

94 	union {

95 		long long	 number;

96 		char		*string;

97 	} v;

98 	int lineno;

99 } YYSTYPE;

101 %}

103 %token	PATH ERROR ON UNIX_SOCKET UNIX_GROUP USER REPOSITORY PERMIT DENY

104 %token	RO RW

106 %token	<v.string>	STRING

107 %token	<v.number>	NUMBER

108 %type	<v.number>	boolean

110 %%

112 grammar		:

113 		| grammar '\n'

114 		| grammar main '\n'

115 		| grammar repository '\n'

118 boolean		: STRING {

119 			if (strcasecmp($1, "1") == 0 ||

120 			    strcasecmp($1, "yes") == 0 ||

121 			    strcasecmp($1, "on") == 0)

122 				$$ = 1;

123 			else if (strcasecmp($1, "0") == 0 ||

124 			    strcasecmp($1, "off") == 0 ||

125 			    strcasecmp($1, "no") == 0)

126 				$$ = 0;

127 			else {

128 				yyerror("invalid boolean value '%s'", $1);

129 				free($1);

130 				YYERROR;

132 			free($1);

134 		| ON { $$ = 1; }

135 		| NUMBER { $$ = $1; }

138 main		: UNIX_SOCKET STRING {

139 			if (gotd_proc_id == PROC_LISTEN) {

140 				if (strlcpy(gotd->unix_socket_path, $2,

141 				    sizeof(gotd->unix_socket_path)) >=

142 				    sizeof(gotd->unix_socket_path)) {

143 					yyerror("%s: unix socket path too long",

144 					    __func__);

145 					free($2);

146 					YYERROR;

149 			free($2);

151 		| UNIX_GROUP STRING {

152 			if (strlcpy(gotd->unix_group_name, $2,

153 			    sizeof(gotd->unix_group_name)) >=

154 			    sizeof(gotd->unix_group_name)) {

155 				yyerror("%s: unix group name too long",

156 				    __func__);

157 				free($2);

158 				YYERROR;

160 			free($2);

162 		| USER STRING {

163 			if (strlcpy(gotd->user_name, $2,

164 			    sizeof(gotd->user_name)) >=

165 			    sizeof(gotd->user_name)) {

166 				yyerror("%s: user name too long", __func__);

167 				free($2);

168 				YYERROR;

170 			free($2);

174 repository	: REPOSITORY STRING {

175 			struct gotd_repo *repo;

177 			TAILQ_FOREACH(repo, &gotd->repos, entry) {

178 				if (strcmp(repo->name, $2) == 0) {

179 					yyerror("duplicate repository '%s'", $2);

180 					free($2);

181 					YYERROR;

185 			if (gotd_proc_id == PROC_GOTD) {

186 				new_repo = conf_new_repo($2);

188 			free($2);

190 		| REPOSITORY STRING {

191 			struct gotd_repo *repo;

193 			TAILQ_FOREACH(repo, &gotd->repos, entry) {

194 				if (strcmp(repo->name, $2) == 0) {

195 					yyerror("duplicate repository '%s'", $2);

196 					free($2);

197 					YYERROR;

201 			if (gotd_proc_id == PROC_GOTD) {

202 				new_repo = conf_new_repo($2);

204 			free($2);

205 		} '{' optnl repoopts2 '}' {

209 repoopts1	: PATH STRING {

210 			if (gotd_proc_id == PROC_GOTD) {

211 				if (!got_path_is_absolute($2)) {

212 					yyerror("%s: path %s is not absolute",

213 					    __func__, $2);

214 					free($2);

215 					YYERROR;

217 				if (strlcpy(new_repo->path, $2,

218 				    sizeof(new_repo->path)) >=

219 				    sizeof(new_repo->path)) {

220 					yyerror("%s: path truncated", __func__);

221 					free($2);

222 					YYERROR;

225 			free($2);

227 		| PERMIT RO STRING {

228 			if (gotd_proc_id == PROC_GOTD) {

229 				conf_new_access_rule(new_repo,

230 				    GOTD_ACCESS_PERMITTED, GOTD_AUTH_READ, $3);

233 		| PERMIT RW STRING {

234 			if (gotd_proc_id == PROC_GOTD) {

235 				conf_new_access_rule(new_repo,

236 				    GOTD_ACCESS_PERMITTED,

237 				    GOTD_AUTH_READ | GOTD_AUTH_WRITE, $3);

240 		| DENY STRING {

241 			if (gotd_proc_id == PROC_GOTD) {

242 				conf_new_access_rule(new_repo,

243 				    GOTD_ACCESS_DENIED, 0, $2);

248 repoopts2	: repoopts2 repoopts1 nl

249 		| repoopts1 optnl

252 nl		: '\n' optnl

255 optnl		: '\n' optnl		/* zero or more newlines */

256 		| /* empty */

259 %%

261 struct keywords {

262 	const char	*k_name;

263 	int		 k_val;

264 };

266 int

267 yyerror(const char *fmt, ...)

269 	va_list ap;

270 	char *msg;

272 	file->errors++;

273 	va_start(ap, fmt);

274 	if (vasprintf(&msg, fmt, ap) == -1)

275 		fatalx("yyerror vasprintf");

276 	va_end(ap);

277 	logit(LOG_CRIT, "%s:%d: %s", file->name, yylval.lineno, msg);

278 	free(msg);

279 	return (0);

282 int

283 kw_cmp(const void *k, const void *e)

285 	return (strcmp(k, ((const struct keywords *)e)->k_name));

288 int

289 lookup(char *s)

291 	/* This has to be sorted always. */

292 	static const struct keywords keywords[] = {

293 		{ "deny",			DENY },

294 		{ "on",				ON },

295 		{ "path",			PATH },

296 		{ "permit",			PERMIT },

297 		{ "repository",			REPOSITORY },

298 		{ "ro",				RO },

299 		{ "rw",				RW },

300 		{ "unix_group",			UNIX_GROUP },

301 		{ "unix_socket",		UNIX_SOCKET },

302 		{ "user",			USER },

303 	};

304 	const struct keywords *p;

306 	p = bsearch(s, keywords, sizeof(keywords)/sizeof(keywords[0]),

307 	    sizeof(keywords[0]), kw_cmp);

309 	if (p)

310 		return (p->k_val);

311 	else

312 		return (STRING);

315 #define MAXPUSHBACK	128

317 unsigned char *parsebuf;

318 int parseindex;

319 unsigned char pushback_buffer[MAXPUSHBACK];

320 int pushback_index = 0;

322 int

323 lgetc(int quotec)

325 	int c, next;

327 	if (parsebuf) {

328 		/* Read character from the parsebuffer instead of input. */

329 		if (parseindex >= 0) {

330 			c = parsebuf[parseindex++];

331 			if (c != '\0')

332 				return (c);

333 			parsebuf = NULL;

334 		} else

335 			parseindex++;

338 	if (pushback_index)

339 		return (pushback_buffer[--pushback_index]);

341 	if (quotec) {

342 		c = getc(file->stream);

343 		if (c == EOF)

344 			yyerror("reached end of file while parsing "

345 			    "quoted string");

346 		return (c);

349 	c = getc(file->stream);

350 	while (c == '\\') {

351 		next = getc(file->stream);

352 		if (next != '\n') {

353 			c = next;

354 			break;

356 		yylval.lineno = file->lineno;

357 		file->lineno++;

358 		c = getc(file->stream);

361 	return (c);

364 int

365 lungetc(int c)

367 	if (c == EOF)

368 		return (EOF);

369 	if (parsebuf) {

370 		parseindex--;

371 		if (parseindex >= 0)

372 			return (c);

374 	if (pushback_index < MAXPUSHBACK-1)

375 		return (pushback_buffer[pushback_index++] = c);

376 	else

377 		return (EOF);

380 int

381 findeol(void)

383 	int c;

385 	parsebuf = NULL;

387 	/* Skip to either EOF or the first real EOL. */

388 	while (1) {

389 		if (pushback_index)

390 			c = pushback_buffer[--pushback_index];

391 		else

392 			c = lgetc(0);

393 		if (c == '\n') {

394 			file->lineno++;

395 			break;

397 		if (c == EOF)

398 			break;

400 	return (ERROR);

403 int

404 yylex(void)

406 	unsigned char buf[8096];

407 	unsigned char *p, *val;

408 	int quotec, next, c;

409 	int token;

411 top:

412 	p = buf;

413 	c = lgetc(0);

414 	while (c == ' ' || c == '\t')

415 		c = lgetc(0); /* nothing */

417 	yylval.lineno = file->lineno;

418 	if (c == '#') {

419 		c = lgetc(0);

420 		while (c != '\n' && c != EOF)

421 			c = lgetc(0); /* nothing */

423 	if (c == '$' && parsebuf == NULL) {

424 		while (1) {

425 			c = lgetc(0);

426 			if (c == EOF)

427 				return (0);

429 			if (p + 1 >= buf + sizeof(buf) - 1) {

430 				yyerror("string too long");

431 				return (findeol());

433 			if (isalnum(c) || c == '_') {

434 				*p++ = c;

435 				continue;

437 			*p = '\0';

438 			lungetc(c);

439 			break;

441 		val = symget(buf);

442 		if (val == NULL) {

443 			yyerror("macro '%s' not defined", buf);

444 			return (findeol());

446 		parsebuf = val;

447 		parseindex = 0;

448 		goto top;

451 	switch (c) {

452 	case '\'':

453 	case '"':

454 		quotec = c;

455 		while (1) {

456 			c = lgetc(quotec);

457 			if (c == EOF)

458 				return (0);

459 			if (c == '\n') {

460 				file->lineno++;

461 				continue;

462 			} else if (c == '\\') {

463 				next = lgetc(quotec);

464 				if (next == EOF)

465 					return (0);

466 				if (next == quotec || c == ' ' || c == '\t')

467 					c = next;

468 				else if (next == '\n') {

469 					file->lineno++;

470 					continue;

471 				} else

472 					lungetc(next);

473 			} else if (c == quotec) {

474 				*p = '\0';

475 				break;

476 			} else if (c == '\0') {

477 				yyerror("syntax error");

478 				return (findeol());

480 			if (p + 1 >= buf + sizeof(buf) - 1) {

481 				yyerror("string too long");

482 				return (findeol());

484 			*p++ = c;

486 		yylval.v.string = strdup(buf);

487 		if (yylval.v.string == NULL)

488 			err(1, "yylex: strdup");

489 		return (STRING);

492 #define allowed_to_end_number(x) \

493 	(isspace(x) || x == ')' || x ==',' || x == '/' || x == '}' || x == '=')

495 	if (c == '-' || isdigit(c)) {

496 		do {

497 			*p++ = c;

498 			if ((unsigned)(p-buf) >= sizeof(buf)) {

499 				yyerror("string too long");

500 				return (findeol());

502 			c = lgetc(0);

503 		} while (c != EOF && isdigit(c));

504 		lungetc(c);

505 		if (p == buf + 1 && buf[0] == '-')

506 			goto nodigits;

507 		if (c == EOF || allowed_to_end_number(c)) {

508 			const char *errstr = NULL;

510 			*p = '\0';

511 			yylval.v.number = strtonum(buf, LLONG_MIN,

512 			    LLONG_MAX, &errstr);

513 			if (errstr) {

514 				yyerror("\"%s\" invalid number: %s",

515 				    buf, errstr);

516 				return (findeol());

518 			return (NUMBER);

519 		} else {

520 nodigits:

521 			while (p > buf + 1)

522 				lungetc(*--p);

523 			c = *--p;

524 			if (c == '-')

525 				return (c);

529 #define allowed_in_string(x) \

530 	(isalnum(x) || (ispunct(x) && x != '(' && x != ')' && \

531 	x != '{' && x != '}' && \

532 	x != '!' && x != '=' && x != '#' && \

533 	x != ','))

535 	if (isalnum(c) || c == ':' || c == '_') {

536 		do {

537 			*p++ = c;

538 			if ((unsigned)(p-buf) >= sizeof(buf)) {

539 				yyerror("string too long");

540 				return (findeol());

542 			c = lgetc(0);

543 		} while (c != EOF && (allowed_in_string(c)));

544 		lungetc(c);

545 		*p = '\0';

546 		token = lookup(buf);

547 		if (token == STRING) {

548 			yylval.v.string = strdup(buf);

549 			if (yylval.v.string == NULL)

550 				err(1, "yylex: strdup");

552 		return (token);

554 	if (c == '\n') {

555 		yylval.lineno = file->lineno;

556 		file->lineno++;

558 	if (c == EOF)

559 		return (0);

560 	return (c);

563 int

564 check_file_secrecy(int fd, const char *fname)

566 	struct stat st;

568 	if (fstat(fd, &st)) {

569 		log_warn("cannot stat %s", fname);

570 		return (-1);

572 	if (st.st_uid != 0 && st.st_uid != getuid()) {

573 		log_warnx("%s: owner not root or current user", fname);

574 		return (-1);

576 	if (st.st_mode & (S_IWGRP | S_IXGRP | S_IRWXO)) {

577 		log_warnx("%s: group writable or world read/writable", fname);

578 		return (-1);

580 	return (0);

583 struct file *

584 newfile(const char *name, int secret)

586 	struct file *nfile;

588 	nfile = calloc(1, sizeof(struct file));

589 	if (nfile == NULL) {

590 		log_warn("calloc");

591 		return (NULL);

593 	nfile->name = strdup(name);

594 	if (nfile->name == NULL) {

595 		log_warn("strdup");

596 		free(nfile);

597 		return (NULL);

599 	nfile->stream = fopen(nfile->name, "r");

600 	if (nfile->stream == NULL) {

601 		/* no warning, we don't require a conf file */

602 		free(nfile->name);

603 		free(nfile);

604 		return (NULL);

605 	} else if (secret &&

606 	    check_file_secrecy(fileno(nfile->stream), nfile->name)) {

607 		fclose(nfile->stream);

608 		free(nfile->name);

609 		free(nfile);

610 		return (NULL);

612 	nfile->lineno = 1;

613 	return (nfile);

616 static void

617 closefile(struct file *xfile)

619 	fclose(xfile->stream);

620 	free(xfile->name);

621 	free(xfile);

624 int

625 parse_config(const char *filename, enum gotd_procid proc_id,

626     struct gotd *env)

628 	struct sym *sym, *next;

630 	memset(env, 0, sizeof(*env));

632 	gotd = env;

633 	gotd_proc_id = proc_id;

634 	TAILQ_INIT(&gotd->repos);

636 	/* Apply default values. */

637 	if (strlcpy(gotd->unix_socket_path, GOTD_UNIX_SOCKET,

638 	    sizeof(gotd->unix_socket_path)) >= sizeof(gotd->unix_socket_path)) {

639 		fprintf(stderr, "%s: unix socket path too long", __func__);

640 		return -1;

642 	if (strlcpy(gotd->unix_group_name, GOTD_UNIX_GROUP,

643 	    sizeof(gotd->unix_group_name)) >= sizeof(gotd->unix_group_name)) {

644 		fprintf(stderr, "%s: unix group name too long", __func__);

645 		return -1;

647 	if (strlcpy(gotd->user_name, GOTD_USER,

648 	    sizeof(gotd->user_name)) >= sizeof(gotd->user_name)) {

649 		fprintf(stderr, "%s: user name too long", __func__);

650 		return -1;

653 	file = newfile(filename, 0);

654 	if (file == NULL) {

655 		/* just return, as we don't require a conf file */

656 		return (0);

659 	yyparse();

660 	errors = file->errors;

661 	closefile(file);

663 	/* Free macros and check which have not been used. */

664 	TAILQ_FOREACH_SAFE(sym, &symhead, entry, next) {

665 		if ((gotd->verbosity > 1) && !sym->used)

666 			fprintf(stderr, "warning: macro '%s' not used\n",

667 			    sym->nam);

668 		if (!sym->persist) {

669 			free(sym->nam);

670 			free(sym->val);

671 			TAILQ_REMOVE(&symhead, sym, entry);

672 			free(sym);

676 	if (errors)

677 		return (-1);

679 	return (0);

682 static struct gotd_repo *

683 conf_new_repo(const char *name)

685 	struct gotd_repo *repo;

687 	if (strchr(name, '\n') != NULL) {

688 		fatalx("%s: repository names must not contain linefeeds: %s",

689 		    getprogname(), name);

692 	repo = calloc(1, sizeof(*repo));

693 	if (repo == NULL)

694 		fatalx("%s: calloc", __func__);

696 	STAILQ_INIT(&repo->rules);

698 	if (strlcpy(repo->name, name, sizeof(repo->name)) >=

699 	    sizeof(repo->name))

700 		fatalx("%s: strlcpy", __func__);

702 	TAILQ_INSERT_TAIL(&gotd->repos, repo, entry);

703 	gotd->nrepos++;

705 	return repo;

706 };

708 static void

709 conf_new_access_rule(struct gotd_repo *repo, enum gotd_access access,

710     int authorization, char *identifier)

712 	struct gotd_access_rule *rule;

714 	rule = calloc(1, sizeof(*rule));

715 	if (rule == NULL)

716 		fatal("calloc");

718 	rule->access = access;

719 	rule->authorization = authorization;

720 	rule->identifier = identifier;

722 	STAILQ_INSERT_TAIL(&repo->rules, rule, entry);

725 int

726 symset(const char *nam, const char *val, int persist)

728 	struct sym *sym;

730 	TAILQ_FOREACH(sym, &symhead, entry) {

731 		if (strcmp(nam, sym->nam) == 0)

732 			break;

735 	if (sym != NULL) {

736 		if (sym->persist == 1)

737 			return (0);

738 		else {

739 			free(sym->nam);

740 			free(sym->val);

741 			TAILQ_REMOVE(&symhead, sym, entry);

742 			free(sym);

745 	sym = calloc(1, sizeof(*sym));

746 	if (sym == NULL)

747 		return (-1);

749 	sym->nam = strdup(nam);

750 	if (sym->nam == NULL) {

751 		free(sym);

752 		return (-1);

754 	sym->val = strdup(val);

755 	if (sym->val == NULL) {

756 		free(sym->nam);

757 		free(sym);

758 		return (-1);

760 	sym->used = 0;

761 	sym->persist = persist;

762 	TAILQ_INSERT_TAIL(&symhead, sym, entry);

763 	return (0);

766 char *

767 symget(const char *nam)

769 	struct sym *sym;

771 	TAILQ_FOREACH(sym, &symhead, entry) {

772 		if (strcmp(nam, sym->nam) == 0) {

773 			sym->used = 1;

774 			return (sym->val);

777 	return (NULL);