2 * Copyright (c) 2022 Stefan Sperling <stsp@openbsd.org>
3 * Copyright (c) 2016-2019, 2020-2021 Tracey Emery <tracey@traceyemery.net>
4 * Copyright (c) 2004, 2005 Esben Norby <norby@openbsd.org>
5 * Copyright (c) 2004 Ryan McBride <mcbride@openbsd.org>
6 * Copyright (c) 2002, 2003, 2004 Henning Brauer <henning@openbsd.org>
7 * Copyright (c) 2001 Markus Friedl. All rights reserved.
8 * Copyright (c) 2001 Daniel Hartmeier. All rights reserved.
9 * Copyright (c) 2001 Theo de Raadt. All rights reserved.
11 * Permission to use, copy, modify, and distribute this software for any
12 * purpose with or without fee is hereby granted, provided that the above
13 * copyright notice and this permission notice appear in all copies.
15 * THE SOFTWARE IS PROVIDED "AS IS" AND THE AUTHOR DISCLAIMS ALL WARRANTIES
16 * WITH REGARD TO THIS SOFTWARE INCLUDING ALL IMPLIED WARRANTIES OF
17 * MERCHANTABILITY AND FITNESS. IN NO EVENT SHALL THE AUTHOR BE LIABLE FOR
18 * ANY SPECIAL, DIRECT, INDIRECT, OR CONSEQUENTIAL DAMAGES OR ANY DAMAGES
19 * WHATSOEVER RESULTING FROM LOSS OF USE, DATA OR PROFITS, WHETHER IN AN
20 * ACTION OF CONTRACT, NEGLIGENCE OR OTHER TORTIOUS ACTION, ARISING OUT OF
21 * OR IN CONNECTION WITH THE USE OR PERFORMANCE OF THIS SOFTWARE.
26 #include <sys/types.h>
27 #include <sys/queue.h>
45 #include "got_error.h"
47 #include "got_reference.h"
54 TAILQ_HEAD(files, file) files = TAILQ_HEAD_INITIALIZER(files);
56 TAILQ_ENTRY(file) entry;
62 struct file *newfile(const char *, int, int);
63 static void closefile(struct file *);
64 int check_file_secrecy(int, const char *);
67 int yyerror(const char *, ...)
68 __attribute__((__format__ (printf, 1, 2)))
69 __attribute__((__nonnull__ (1)));
70 int kw_cmp(const void *, const void *);
76 TAILQ_HEAD(symhead, sym) symhead = TAILQ_HEAD_INITIALIZER(symhead);
78 TAILQ_ENTRY(sym) entry;
85 int symset(const char *, const char *, int);
86 char *symget(const char *);
90 static struct gotd *gotd;
91 static struct gotd_repo *new_repo;
92 static int conf_limit_user_connections(const char *, int);
93 static struct gotd_repo *conf_new_repo(const char *);
94 static void conf_new_access_rule(struct gotd_repo *,
95 enum gotd_access, int, char *);
96 static int conf_protect_ref_namespace(char **,
97 struct got_pathlist_head *, char *);
98 static int conf_protect_tag_namespace(struct gotd_repo *,
100 static int conf_protect_branch_namespace(
101 struct gotd_repo *, char *);
102 static int conf_protect_branch(struct gotd_repo *,
104 static enum gotd_procid gotd_proc_id;
117 %token PATH ERROR LISTEN ON USER REPOSITORY PERMIT DENY
118 %token RO RW CONNECTION LIMIT REQUEST TIMEOUT
119 %token PROTECT NAMESPACE BRANCH TAG
121 %token <v.string> STRING
122 %token <v.number> NUMBER
130 | grammar repository '\n'
135 yyerror("invalid timeout: %lld", $1);
143 const char *type = "seconds";
148 yyerror("invalid number of seconds: %s", $1);
154 switch ($1[len - 1]) {
174 $$.tv_sec = strtonum($1, 0, INT_MAX / mul, &errstr);
176 yyerror("number of %s is %s: %s", type,
187 main : LISTEN ON STRING {
188 if (!got_path_is_absolute($3))
189 yyerror("bad unix socket path \"%s\": "
190 "must be an absolute path", $3);
192 if (gotd_proc_id == PROC_LISTEN) {
193 if (strlcpy(gotd->unix_socket_path, $3,
194 sizeof(gotd->unix_socket_path)) >=
195 sizeof(gotd->unix_socket_path)) {
196 yyerror("%s: unix socket path too long",
205 if (strlcpy(gotd->user_name, $2,
206 sizeof(gotd->user_name)) >=
207 sizeof(gotd->user_name)) {
208 yyerror("%s: user name too long", __func__);
217 connection : CONNECTION '{' optnl conflags_l '}'
218 | CONNECTION conflags
220 conflags_l : conflags optnl conflags_l
224 conflags : REQUEST TIMEOUT timeout {
225 if ($3.tv_sec <= 0) {
226 yyerror("invalid timeout: %lld", $3.tv_sec);
229 memcpy(&gotd->request_timeout, &$3,
230 sizeof(gotd->request_timeout));
232 | LIMIT USER STRING NUMBER {
233 if (gotd_proc_id == PROC_LISTEN &&
234 conf_limit_user_connections($3, $4) == -1) {
242 protect : PROTECT '{' optnl protectflags_l '}'
243 | PROTECT protectflags
245 protectflags_l : protectflags optnl protectflags_l
249 protectflags : TAG NAMESPACE STRING {
250 if (gotd_proc_id == PROC_GOTD ||
251 gotd_proc_id == PROC_REPO_WRITE) {
252 if (conf_protect_tag_namespace(new_repo, $3)) {
259 | BRANCH NAMESPACE STRING {
260 if (gotd_proc_id == PROC_GOTD ||
261 gotd_proc_id == PROC_REPO_WRITE) {
262 if (conf_protect_branch_namespace(new_repo,
271 if (gotd_proc_id == PROC_GOTD ||
272 gotd_proc_id == PROC_REPO_WRITE) {
273 if (conf_protect_branch(new_repo, $2)) {
282 repository : REPOSITORY STRING {
283 struct gotd_repo *repo;
285 TAILQ_FOREACH(repo, &gotd->repos, entry) {
286 if (strcmp(repo->name, $2) == 0) {
287 yyerror("duplicate repository '%s'", $2);
293 if (gotd_proc_id == PROC_GOTD ||
294 gotd_proc_id == PROC_AUTH ||
295 gotd_proc_id == PROC_REPO_WRITE) {
296 new_repo = conf_new_repo($2);
299 } '{' optnl repoopts2 '}' {
303 repoopts1 : PATH STRING {
304 if (gotd_proc_id == PROC_GOTD ||
305 gotd_proc_id == PROC_AUTH ||
306 gotd_proc_id == PROC_REPO_WRITE) {
307 if (!got_path_is_absolute($2)) {
308 yyerror("%s: path %s is not absolute",
313 if (realpath($2, new_repo->path) == NULL) {
314 yyerror("realpath %s: %s", $2,
317 * Give admin a chance to create
318 * missing repositories at run-time.
320 if (errno != ENOENT) {
323 } else if (strlcpy(new_repo->path, $2,
324 sizeof(new_repo->path)) >=
325 sizeof(new_repo->path))
326 yyerror("path too long");
332 if (gotd_proc_id == PROC_AUTH) {
333 conf_new_access_rule(new_repo,
334 GOTD_ACCESS_PERMITTED, GOTD_AUTH_READ, $3);
339 if (gotd_proc_id == PROC_AUTH) {
340 conf_new_access_rule(new_repo,
341 GOTD_ACCESS_PERMITTED,
342 GOTD_AUTH_READ | GOTD_AUTH_WRITE, $3);
347 if (gotd_proc_id == PROC_AUTH) {
348 conf_new_access_rule(new_repo,
349 GOTD_ACCESS_DENIED, 0, $2);
356 repoopts2 : repoopts2 repoopts1 nl
363 optnl : '\n' optnl /* zero or more newlines */
375 yyerror(const char *fmt, ...)
382 if (vasprintf(&msg, fmt, ap) == -1)
383 fatalx("yyerror vasprintf");
385 logit(LOG_CRIT, "%s:%d: %s", file->name, yylval.lineno, msg);
391 kw_cmp(const void *k, const void *e)
393 return (strcmp(k, ((const struct keywords *)e)->k_name));
399 /* This has to be sorted always. */
400 static const struct keywords keywords[] = {
401 { "branch", BRANCH },
402 { "connection", CONNECTION },
405 { "listen", LISTEN },
406 { "namespace", NAMESPACE },
409 { "permit", PERMIT },
410 { "protect", PROTECT },
411 { "repository", REPOSITORY },
412 { "request", REQUEST },
416 { "timeout", TIMEOUT },
419 const struct keywords *p;
421 p = bsearch(s, keywords, sizeof(keywords)/sizeof(keywords[0]),
422 sizeof(keywords[0]), kw_cmp);
430 #define MAXPUSHBACK 128
432 unsigned char *parsebuf;
434 unsigned char pushback_buffer[MAXPUSHBACK];
435 int pushback_index = 0;
443 /* Read character from the parsebuffer instead of input. */
444 if (parseindex >= 0) {
445 c = parsebuf[parseindex++];
454 return (pushback_buffer[--pushback_index]);
457 c = getc(file->stream);
459 yyerror("reached end of file while parsing "
464 c = getc(file->stream);
466 next = getc(file->stream);
471 yylval.lineno = file->lineno;
473 c = getc(file->stream);
489 if (pushback_index < MAXPUSHBACK-1)
490 return (pushback_buffer[pushback_index++] = c);
502 /* Skip to either EOF or the first real EOL. */
505 c = pushback_buffer[--pushback_index];
521 unsigned char buf[8096];
522 unsigned char *p, *val;
529 while (c == ' ' || c == '\t')
530 c = lgetc(0); /* nothing */
532 yylval.lineno = file->lineno;
535 while (c != '\n' && c != EOF)
536 c = lgetc(0); /* nothing */
538 if (c == '$' && parsebuf == NULL) {
544 if (p + 1 >= buf + sizeof(buf) - 1) {
545 yyerror("string too long");
548 if (isalnum(c) || c == '_') {
558 yyerror("macro '%s' not defined", buf);
577 } else if (c == '\\') {
578 next = lgetc(quotec);
581 if (next == quotec || c == ' ' || c == '\t')
583 else if (next == '\n') {
588 } else if (c == quotec) {
591 } else if (c == '\0') {
592 yyerror("syntax error");
595 if (p + 1 >= buf + sizeof(buf) - 1) {
596 yyerror("string too long");
601 yylval.v.string = strdup(buf);
602 if (yylval.v.string == NULL)
603 err(1, "yylex: strdup");
607 #define allowed_to_end_number(x) \
608 (isspace(x) || x == ')' || x ==',' || x == '/' || x == '}' || x == '=')
610 if (c == '-' || isdigit(c)) {
613 if ((unsigned)(p-buf) >= sizeof(buf)) {
614 yyerror("string too long");
618 } while (c != EOF && isdigit(c));
620 if (p == buf + 1 && buf[0] == '-')
622 if (c == EOF || allowed_to_end_number(c)) {
623 const char *errstr = NULL;
626 yylval.v.number = strtonum(buf, LLONG_MIN,
629 yyerror("\"%s\" invalid number: %s",
644 #define allowed_in_string(x) \
645 (isalnum(x) || (ispunct(x) && x != '(' && x != ')' && \
646 x != '{' && x != '}' && \
647 x != '!' && x != '=' && x != '#' && \
650 if (isalnum(c) || c == ':' || c == '_') {
653 if ((unsigned)(p-buf) >= sizeof(buf)) {
654 yyerror("string too long");
658 } while (c != EOF && (allowed_in_string(c)));
662 if (token == STRING) {
663 yylval.v.string = strdup(buf);
664 if (yylval.v.string == NULL)
665 err(1, "yylex: strdup");
670 yylval.lineno = file->lineno;
679 check_file_secrecy(int fd, const char *fname)
683 if (fstat(fd, &st)) {
684 log_warn("cannot stat %s", fname);
687 if (st.st_uid != 0 && st.st_uid != getuid()) {
688 log_warnx("%s: owner not root or current user", fname);
691 if (st.st_mode & (S_IWGRP | S_IXGRP | S_IRWXO)) {
692 log_warnx("%s: group writable or world read/writable", fname);
699 newfile(const char *name, int secret, int required)
703 nfile = calloc(1, sizeof(struct file));
708 nfile->name = strdup(name);
709 if (nfile->name == NULL) {
714 nfile->stream = fopen(nfile->name, "r");
715 if (nfile->stream == NULL) {
717 log_warn("open %s", nfile->name);
722 check_file_secrecy(fileno(nfile->stream), nfile->name)) {
723 fclose(nfile->stream);
733 closefile(struct file *xfile)
735 fclose(xfile->stream);
741 parse_config(const char *filename, enum gotd_procid proc_id,
742 struct gotd *env, int require_config_file)
744 struct sym *sym, *next;
745 struct gotd_repo *repo;
747 memset(env, 0, sizeof(*env));
750 gotd_proc_id = proc_id;
751 TAILQ_INIT(&gotd->repos);
753 /* Apply default values. */
754 if (strlcpy(gotd->unix_socket_path, GOTD_UNIX_SOCKET,
755 sizeof(gotd->unix_socket_path)) >= sizeof(gotd->unix_socket_path)) {
756 fprintf(stderr, "%s: unix socket path too long", __func__);
759 if (strlcpy(gotd->user_name, GOTD_USER,
760 sizeof(gotd->user_name)) >= sizeof(gotd->user_name)) {
761 fprintf(stderr, "%s: user name too long", __func__);
765 gotd->request_timeout.tv_sec = GOTD_DEFAULT_REQUEST_TIMEOUT;
766 gotd->request_timeout.tv_usec = 0;
768 file = newfile(filename, 0, require_config_file);
770 return require_config_file ? -1 : 0;
773 errors = file->errors;
776 /* Free macros and check which have not been used. */
777 TAILQ_FOREACH_SAFE(sym, &symhead, entry, next) {
778 if ((gotd->verbosity > 1) && !sym->used)
779 fprintf(stderr, "warning: macro '%s' not used\n",
784 TAILQ_REMOVE(&symhead, sym, entry);
792 TAILQ_FOREACH(repo, &gotd->repos, entry) {
793 if (repo->path[0] == '\0') {
794 log_warnx("repository \"%s\": no path provided in "
795 "configuration file", repo->name);
800 if (proc_id == PROC_GOTD && TAILQ_EMPTY(&gotd->repos)) {
801 log_warnx("no repository defined in configuration file");
809 uid_connection_limit_cmp(const void *pa, const void *pb)
811 const struct gotd_uid_connection_limit *a = pa, *b = pb;
815 else if (a->uid > b->uid);
822 conf_limit_user_connections(const char *user, int maximum)
825 struct gotd_uid_connection_limit *limit;
829 yyerror("max connections cannot be smaller 1");
832 if (maximum > GOTD_MAXCLIENTS) {
833 yyerror("max connections must be <= %d", GOTD_MAXCLIENTS);
837 if (gotd_auth_parseuid(user, &uid) == -1) {
838 yyerror("%s: no such user", user);
842 limit = gotd_find_uid_connection_limit(gotd->connection_limits,
843 gotd->nconnection_limits, uid);
845 limit->max_connections = maximum;
849 limit = gotd->connection_limits;
850 nlimits = gotd->nconnection_limits + 1;
851 limit = reallocarray(limit, nlimits, sizeof(*limit));
853 fatal("reallocarray");
855 limit[nlimits - 1].uid = uid;
856 limit[nlimits - 1].max_connections = maximum;
858 gotd->connection_limits = limit;
859 gotd->nconnection_limits = nlimits;
860 qsort(gotd->connection_limits, gotd->nconnection_limits,
861 sizeof(gotd->connection_limits[0]), uid_connection_limit_cmp);
866 static struct gotd_repo *
867 conf_new_repo(const char *name)
869 struct gotd_repo *repo;
871 if (name[0] == '\0') {
872 fatalx("syntax error: empty repository name found in %s",
876 if (strchr(name, '\n') != NULL)
877 fatalx("repository names must not contain linefeeds: %s", name);
879 repo = calloc(1, sizeof(*repo));
881 fatalx("%s: calloc", __func__);
883 STAILQ_INIT(&repo->rules);
884 TAILQ_INIT(&repo->protected_tag_namespaces);
885 TAILQ_INIT(&repo->protected_branch_namespaces);
886 TAILQ_INIT(&repo->protected_branches);
888 if (strlcpy(repo->name, name, sizeof(repo->name)) >=
890 fatalx("%s: strlcpy", __func__);
892 TAILQ_INSERT_TAIL(&gotd->repos, repo, entry);
899 conf_new_access_rule(struct gotd_repo *repo, enum gotd_access access,
900 int authorization, char *identifier)
902 struct gotd_access_rule *rule;
904 rule = calloc(1, sizeof(*rule));
908 rule->access = access;
909 rule->authorization = authorization;
910 rule->identifier = identifier;
912 STAILQ_INSERT_TAIL(&repo->rules, rule, entry);
916 refname_is_valid(char *refname)
918 if (strlen(refname) < 5 || strncmp(refname, "refs/", 5) != 0) {
919 yyerror("reference name must begin with \"refs/\": %s",
924 if (!got_ref_name_is_valid(refname)) {
925 yyerror("invalid reference name: %s", refname);
933 conf_protect_ref_namespace(char **new, struct got_pathlist_head *refs,
936 const struct got_error *error;
937 struct got_pathlist_entry *pe;
942 got_path_strip_trailing_slashes(namespace);
943 if (!refname_is_valid(namespace))
945 if (asprintf(&s, "%s/", namespace) == -1) {
946 yyerror("asprintf: %s", strerror(errno));
950 error = got_pathlist_insert(&pe, refs, s, NULL);
951 if (error || pe == NULL) {
954 yyerror("got_pathlist_insert: %s", error->msg);
956 yyerror("duplicate protected namespace %s", namespace);
965 conf_protect_tag_namespace(struct gotd_repo *repo, char *namespace)
967 struct got_pathlist_entry *pe;
970 if (conf_protect_ref_namespace(&new, &repo->protected_tag_namespaces,
974 TAILQ_FOREACH(pe, &repo->protected_branch_namespaces, entry) {
975 if (strcmp(pe->path, new) == 0) {
976 yyerror("duplicate protected namespace %s", namespace);
985 conf_protect_branch_namespace(struct gotd_repo *repo, char *namespace)
987 struct got_pathlist_entry *pe;
990 if (conf_protect_ref_namespace(&new,
991 &repo->protected_branch_namespaces, namespace) == -1)
994 TAILQ_FOREACH(pe, &repo->protected_tag_namespaces, entry) {
995 if (strcmp(pe->path, new) == 0) {
996 yyerror("duplicate protected namespace %s", namespace);
1005 conf_protect_branch(struct gotd_repo *repo, char *branchname)
1007 const struct got_error *error;
1008 struct got_pathlist_entry *new;
1011 if (strncmp(branchname, "refs/heads/", 11) != 0) {
1012 if (asprintf(&refname, "refs/heads/%s", branchname) == -1) {
1013 yyerror("asprintf: %s", strerror(errno));
1017 refname = strdup(branchname);
1018 if (refname == NULL) {
1019 yyerror("strdup: %s", strerror(errno));
1024 if (!refname_is_valid(refname)) {
1029 error = got_pathlist_insert(&new, &repo->protected_branches,
1031 if (error || new == NULL) {
1034 yyerror("got_pathlist_insert: %s", error->msg);
1036 yyerror("duplicate protect branch %s", branchname);
1044 symset(const char *nam, const char *val, int persist)
1048 TAILQ_FOREACH(sym, &symhead, entry) {
1049 if (strcmp(nam, sym->nam) == 0)
1054 if (sym->persist == 1)
1059 TAILQ_REMOVE(&symhead, sym, entry);
1063 sym = calloc(1, sizeof(*sym));
1067 sym->nam = strdup(nam);
1068 if (sym->nam == NULL) {
1072 sym->val = strdup(val);
1073 if (sym->val == NULL) {
1079 sym->persist = persist;
1080 TAILQ_INSERT_TAIL(&symhead, sym, entry);
1085 symget(const char *nam)
1089 TAILQ_FOREACH(sym, &symhead, entry) {
1090 if (strcmp(nam, sym->nam) == 0) {
1099 gotd_find_repo_by_name(const char *repo_name, struct gotd *gotd)
1101 struct gotd_repo *repo;
1104 TAILQ_FOREACH(repo, &gotd->repos, entry) {
1105 namelen = strlen(repo->name);
1106 if (strncmp(repo->name, repo_name, namelen) != 0)
1108 if (repo_name[namelen] == '\0' ||
1109 strcmp(&repo_name[namelen], ".git") == 0)
1117 gotd_find_repo_by_path(const char *repo_path, struct gotd *gotd)
1119 struct gotd_repo *repo;
1121 TAILQ_FOREACH(repo, &gotd->repos, entry) {
1122 if (strcmp(repo->path, repo_path) == 0)
