op public repos

Blob

Date:: Tue Jan 3 09:09:56 2023 UTC
Message:: introduce connection options to gotd.conf Allow administrators to tweak the default authentication and request timeouts if needed, and to tweak the limit of concurrent connections for specific user accounts. with several tweaks from and ok op@
Actions:: History | Blame | Raw File
1 /*
2  * Copyright (c) 2022 Stefan Sperling <stsp@openbsd.org>
3  * Copyright (c) 2015 Ted Unangst <tedu@openbsd.org>
4  *
5  * Permission to use, copy, modify, and distribute this software for any
6  * purpose with or without fee is hereby granted, provided that the above
7  * copyright notice and this permission notice appear in all copies.
8  *
9  * THE SOFTWARE IS PROVIDED "AS IS" AND THE AUTHOR DISCLAIMS ALL WARRANTIES
10  * WITH REGARD TO THIS SOFTWARE INCLUDING ALL IMPLIED WARRANTIES OF
11  * MERCHANTABILITY AND FITNESS. IN NO EVENT SHALL THE AUTHOR BE LIABLE FOR
12  * ANY SPECIAL, DIRECT, INDIRECT, OR CONSEQUENTIAL DAMAGES OR ANY DAMAGES
13  * WHATSOEVER RESULTING FROM LOSS OF USE, DATA OR PROFITS, WHETHER IN AN
14  * ACTION OF CONTRACT, NEGLIGENCE OR OTHER TORTIOUS ACTION, ARISING OUT OF
15  * OR IN CONNECTION WITH THE USE OR PERFORMANCE OF THIS SOFTWARE.
16  */
17 
18 #include <sys/types.h>
19 #include <sys/socket.h>
20 #include <sys/queue.h>
21 #include <sys/uio.h>
22 
23 #include <errno.h>
24 #include <event.h>
25 #include <limits.h>
26 #include <pwd.h>
27 #include <grp.h>
28 #include <sha1.h>
29 #include <signal.h>
30 #include <stdint.h>
31 #include <stdio.h>
32 #include <stdlib.h>
33 #include <string.h>
34 #include <imsg.h>
35 #include <unistd.h>
36 
37 #include "got_error.h"
38 #include "got_path.h"
39 
40 #include "gotd.h"
41 #include "log.h"
42 #include "auth.h"
43 
44 static struct gotd_auth {
45 	pid_t pid;
46 	const char *title;
47 	struct gotd_repo *repo;
48 } gotd_auth;
49 
50 static void auth_shutdown(void);
51 
52 static void
53 auth_sighdlr(int sig, short event, void *arg)
54 {
55 	/*
56 	 * Normal signal handler rules don't apply because libevent
57 	 * decouples for us.
58 	 */
59 
60 	switch (sig) {
61 	case SIGHUP:
62 		break;
63 	case SIGUSR1:
64 		break;
65 	case SIGTERM:
66 	case SIGINT:
67 		auth_shutdown();
68 		/* NOTREACHED */
69 		break;
70 	default:
71 		fatalx("unexpected signal");
72 	}
73 }
74 
75 int
76 gotd_auth_parseuid(const char *s, uid_t *uid)
77 {
78 	struct passwd *pw;
79 	const char *errstr;
80 
81 	if ((pw = getpwnam(s)) != NULL) {
82 		*uid = pw->pw_uid;
83 		if (*uid == UID_MAX)
84 			return -1;
85 		return 0;
86 	}
87 	*uid = strtonum(s, 0, UID_MAX - 1, &errstr);
88 	if (errstr)
89 		return -1;
90 	return 0;
91 }
92 
93 static int
94 uidcheck(const char *s, uid_t desired)
95 {
96 	uid_t uid;
97 
98 	if (gotd_auth_parseuid(s, &uid) != 0)
99 		return -1;
100 	if (uid != desired)
101 		return -1;
102 	return 0;
103 }
104 
105 static int
106 parsegid(const char *s, gid_t *gid)
107 {
108 	struct group *gr;
109 	const char *errstr;
110 
111 	if ((gr = getgrnam(s)) != NULL) {
112 		*gid = gr->gr_gid;
113 		if (*gid == GID_MAX)
114 			return -1;
115 		return 0;
116 	}
117 	*gid = strtonum(s, 0, GID_MAX - 1, &errstr);
118 	if (errstr)
119 		return -1;
120 	return 0;
121 }
122 
123 static int
124 match_identifier(const char *identifier, gid_t *groups, int ngroups,
125     uid_t euid, gid_t egid)
126 {
127 	int i;
128 
129 	if (identifier[0] == ':') {
130 		gid_t rgid;
131 		if (parsegid(identifier + 1, &rgid) == -1)
132 			return 0;
133 		if (rgid == egid)
134 			return 1;
135 		for (i = 0; i < ngroups; i++) {
136 			if (rgid == groups[i])
137 				break;
138 		}
139 		if (i == ngroups)
140 			return 0;
141 	} else if (uidcheck(identifier, euid) != 0)
142 		return 0;
143 
144 	return 1;
145 }
146 
147 static const struct got_error *
148 auth_check(struct gotd_access_rule_list *rules, const char *repo_name,
149     uid_t euid, gid_t egid, int required_auth)
150 {
151 	struct gotd_access_rule *rule;
152 	enum gotd_access access = GOTD_ACCESS_DENIED;
153 	struct passwd *pw;
154 	gid_t groups[NGROUPS_MAX];
155 	int ngroups = NGROUPS_MAX;
156 
157 	pw = getpwuid(euid);
158 	if (pw == NULL) {
159 		if (errno)
160 			return got_error_from_errno("getpwuid");
161 		else
162 			return got_error_set_errno(EACCES, repo_name);
163 	}
164 
165 	if (getgrouplist(pw->pw_name, pw->pw_gid, groups, &ngroups) == -1)
166 		log_warnx("group membership list truncated");
167 
168 	STAILQ_FOREACH(rule, rules, entry) {
169 		if (!match_identifier(rule->identifier, groups, ngroups,
170 		    euid, egid))
171 			continue;
172 
173 		access = rule->access;
174 		if (rule->access == GOTD_ACCESS_PERMITTED &&
175 		    (rule->authorization & required_auth) != required_auth)
176 			access = GOTD_ACCESS_DENIED;
177 	}
178 
179 	if (access == GOTD_ACCESS_DENIED)
180 		return got_error_set_errno(EACCES, repo_name);
181 
182 	if (access == GOTD_ACCESS_PERMITTED)
183 		return NULL;
184 
185 	/* should not happen, this would be a bug */
186 	return got_error_msg(GOT_ERR_NOT_IMPL, "bad access rule");
187 }
188 
189 static const struct got_error *
190 recv_authreq(struct imsg *imsg, struct gotd_imsgev *iev)
191 {
192 	const struct got_error *err;
193 	struct imsgbuf *ibuf = &iev->ibuf;
194 	struct gotd_imsg_auth iauth;
195 	size_t datalen;
196 	uid_t euid;
197 	gid_t egid;
198 
199 	log_debug("authentication request received");
200 
201 	datalen = imsg->hdr.len - IMSG_HEADER_SIZE;
202 	if (datalen != sizeof(iauth))
203 		return got_error(GOT_ERR_PRIVSEP_LEN);
204 
205 	memcpy(&iauth, imsg->data, datalen);
206 
207 	if (imsg->fd == -1)
208 		return got_error(GOT_ERR_PRIVSEP_NO_FD);
209 
210 	if (getpeereid(imsg->fd, &euid, &egid) == -1)
211 		return got_error_from_errno("getpeerid");
212 
213 	if (iauth.euid != euid)
214 		return got_error(GOT_ERR_UID);
215 	if (iauth.egid != egid)
216 		return got_error(GOT_ERR_GID);
217 
218 	log_debug("authenticating uid %d gid %d", euid, egid);
219 
220 	err = auth_check(&gotd_auth.repo->rules, gotd_auth.repo->name,
221 	    iauth.euid, iauth.egid, iauth.required_auth);
222 	if (err) {
223 		gotd_imsg_send_error(ibuf, PROC_AUTH, iauth.client_id, err);
224 		return err;
225 	}
226 
227 	if (gotd_imsg_compose_event(iev, GOTD_IMSG_ACCESS_GRANTED,
228 	    PROC_AUTH, -1, NULL, 0) == -1)
229 		return got_error_from_errno("imsg compose ACCESS_GRANTED");
230 
231 	return NULL;
232 }
233 
234 static void
235 auth_dispatch(int fd, short event, void *arg)
236 {
237 	const struct got_error *err = NULL;
238 	struct gotd_imsgev *iev = arg;
239 	struct imsgbuf *ibuf = &iev->ibuf;
240 	struct imsg imsg;
241 	ssize_t n;
242 	int shut = 0;
243 
244 	if (event & EV_READ) {
245 		if ((n = imsg_read(ibuf)) == -1 && errno != EAGAIN)
246 			fatal("imsg_read error");
247 		if (n == 0)	/* Connection closed. */
248 			shut = 1;
249 	}
250 
251 	if (event & EV_WRITE) {
252 		n = msgbuf_write(&ibuf->w);
253 		if (n == -1 && errno != EAGAIN)
254 			fatal("msgbuf_write");
255 		if (n == 0)	/* Connection closed. */
256 			shut = 1;
257 	}
258 
259 	for (;;) {
260 		if ((n = imsg_get(ibuf, &imsg)) == -1)
261 			fatal("%s: imsg_get", __func__);
262 		if (n == 0)	/* No more messages. */
263 			break;
264 
265 		switch (imsg.hdr.type) {
266 		case GOTD_IMSG_AUTHENTICATE:
267 			err = recv_authreq(&imsg, iev);
268 			if (err)
269 				log_warnx("%s: %s", gotd_auth.title, err->msg);
270 			break;
271 		default:
272 			log_debug("%s: unexpected imsg %d", gotd_auth.title,
273 			    imsg.hdr.type);
274 			break;
275 		}
276 
277 		imsg_free(&imsg);
278 	}
279 
280 	if (!shut) {
281 		gotd_imsg_event_add(iev);
282 	} else {
283 		/* This pipe is dead. Remove its event handler */
284 		event_del(&iev->ev);
285 		event_loopexit(NULL);
286 	}
287 }
288 
289 void
290 auth_main(const char *title, struct gotd_repolist *repos,
291     const char *repo_path)
292 {
293 	struct gotd_repo *repo = NULL;
294 	struct gotd_imsgev iev;
295 	struct event evsigint, evsigterm, evsighup, evsigusr1;
296 
297 	gotd_auth.title = title;
298 	gotd_auth.pid = getpid();
299 	TAILQ_FOREACH(repo, repos, entry) {
300 		if (got_path_cmp(repo->path, repo_path,
301 		    strlen(repo->path), strlen(repo_path)) == 0)
302 			break;
303 	}
304 	if (repo == NULL)
305 		fatalx("repository %s not found in config", repo_path);
306 	gotd_auth.repo = repo;
307 
308 	signal_set(&evsigint, SIGINT, auth_sighdlr, NULL);
309 	signal_set(&evsigterm, SIGTERM, auth_sighdlr, NULL);
310 	signal_set(&evsighup, SIGHUP, auth_sighdlr, NULL);
311 	signal_set(&evsigusr1, SIGUSR1, auth_sighdlr, NULL);
312 	signal(SIGPIPE, SIG_IGN);
313 
314 	signal_add(&evsigint, NULL);
315 	signal_add(&evsigterm, NULL);
316 	signal_add(&evsighup, NULL);
317 	signal_add(&evsigusr1, NULL);
318 
319 	imsg_init(&iev.ibuf, GOTD_FILENO_MSG_PIPE);
320 	iev.handler = auth_dispatch;
321 	iev.events = EV_READ;
322 	iev.handler_arg = NULL;
323 	event_set(&iev.ev, iev.ibuf.fd, EV_READ, auth_dispatch, &iev);
324 	if (event_add(&iev.ev, NULL) == -1)
325 		fatalx("event add");
326 
327 	event_dispatch();
328 
329 	auth_shutdown();
330 }
331 
332 static void
333 auth_shutdown(void)
334 {
335 	log_debug("%s: shutting down", gotd_auth.title);
336 	exit(0);
337 }