search:
summary | log | graphiclog1 | graphiclog2 | commit | commitdiff | tree | refs | edit | fork
blame | history | raw | HEAD
remove dependency of gitwrapper, gotctl, and gotsh on object_parse.c
[got-portable.git] / gotd / parse.y
blob8ebf4b83dbc2a957e8463aa6ad76e0f721af95dd
1 /*
2 * Copyright (c) 2022 Stefan Sperling <stsp@openbsd.org>
3 * Copyright (c) 2016-2019, 2020-2021 Tracey Emery <tracey@traceyemery.net>
4 * Copyright (c) 2004, 2005 Esben Norby <norby@openbsd.org>
5 * Copyright (c) 2004 Ryan McBride <mcbride@openbsd.org>
6 * Copyright (c) 2002, 2003, 2004 Henning Brauer <henning@openbsd.org>
7 * Copyright (c) 2001 Markus Friedl. All rights reserved.
8 * Copyright (c) 2001 Daniel Hartmeier. All rights reserved.
9 * Copyright (c) 2001 Theo de Raadt. All rights reserved.
10 *
11 * Permission to use, copy, modify, and distribute this software for any
12 * purpose with or without fee is hereby granted, provided that the above
13 * copyright notice and this permission notice appear in all copies.
14 *
15 * THE SOFTWARE IS PROVIDED "AS IS" AND THE AUTHOR DISCLAIMS ALL WARRANTIES
16 * WITH REGARD TO THIS SOFTWARE INCLUDING ALL IMPLIED WARRANTIES OF
17 * MERCHANTABILITY AND FITNESS. IN NO EVENT SHALL THE AUTHOR BE LIABLE FOR
18 * ANY SPECIAL, DIRECT, INDIRECT, OR CONSEQUENTIAL DAMAGES OR ANY DAMAGES
19 * WHATSOEVER RESULTING FROM LOSS OF USE, DATA OR PROFITS, WHETHER IN AN
20 * ACTION OF CONTRACT, NEGLIGENCE OR OTHER TORTIOUS ACTION, ARISING OUT OF
21 * OR IN CONNECTION WITH THE USE OR PERFORMANCE OF THIS SOFTWARE.
22 */
23
24 %{
25 #include <sys/time.h>
26 #include <sys/types.h>
27 #include <sys/queue.h>
28 #include <sys/stat.h>
29
30 #include <ctype.h>
31 #include <err.h>
32 #include <errno.h>
33 #include <event.h>
34 #include <imsg.h>
35 #include <limits.h>
36 #include <pwd.h>
37 #include <sha1.h>
38 #include <sha2.h>
39 #include <stdarg.h>
40 #include <stdlib.h>
41 #include <stdio.h>
42 #include <string.h>
43 #include <syslog.h>
44 #include <unistd.h>
45
46 #include "got_error.h"
47 #include "got_path.h"
48 #include "got_reference.h"
49
50 #include "log.h"
51 #include "gotd.h"
52 #include "auth.h"
53 #include "listen.h"
54
55 TAILQ_HEAD(files, file) files = TAILQ_HEAD_INITIALIZER(files);
56 static struct file {
57 TAILQ_ENTRY(file) entry;
58 FILE *stream;
59 char *name;
60 int lineno;
61 int errors;
62 } *file;
63 struct file *newfile(const char *, int, int);
64 static void closefile(struct file *);
65 int check_file_secrecy(int, const char *);
66 int yyparse(void);
67 int yylex(void);
68 int yyerror(const char *, ...)
69 __attribute__((__format__ (printf, 1, 2)))
70 __attribute__((__nonnull__ (1)));
71 int kw_cmp(const void *, const void *);
72 int lookup(char *);
73 int lgetc(int);
74 int lungetc(int);
75 int findeol(void);
76
77 TAILQ_HEAD(symhead, sym) symhead = TAILQ_HEAD_INITIALIZER(symhead);
78 struct sym {
79 TAILQ_ENTRY(sym) entry;
80 int used;
81 int persist;
82 char *nam;
83 char *val;
84 };
85
86 int symset(const char *, const char *, int);
87 char *symget(const char *);
88
89 static int errors;
90
91 static struct gotd *gotd;
92 static struct gotd_repo *new_repo;
93 static int conf_limit_user_connections(const char *, int);
94 static struct gotd_repo *conf_new_repo(const char *);
95 static void conf_new_access_rule(struct gotd_repo *,
96 enum gotd_access, int, char *);
97 static int conf_protect_ref_namespace(char **,
98 struct got_pathlist_head *, char *);
99 static int conf_protect_tag_namespace(struct gotd_repo *,
100 char *);
101 static int conf_protect_branch_namespace(
102 struct gotd_repo *, char *);
103 static int conf_protect_branch(struct gotd_repo *,
104 char *);
105 static enum gotd_procid gotd_proc_id;
106
107 typedef struct {
108 union {
109 long long number;
110 char *string;
111 struct timeval tv;
112 } v;
113 int lineno;
114 } YYSTYPE;
115
116 %}
117
118 %token PATH ERROR LISTEN ON USER REPOSITORY PERMIT DENY
119 %token RO RW CONNECTION LIMIT REQUEST TIMEOUT
120 %token PROTECT NAMESPACE BRANCH TAG
121
122 %token <v.string> STRING
123 %token <v.number> NUMBER
124 %type <v.tv> timeout
125
126 %%
127
128 grammar :
129 | grammar '\n'
130 | grammar main '\n'
131 | grammar repository '\n'
132 ;
133
134 timeout : NUMBER {
135 if ($1 < 0) {
136 yyerror("invalid timeout: %lld", $1);
137 YYERROR;
138 }
139 $$.tv_sec = $1;
140 $$.tv_usec = 0;
141 }
142 | STRING {
143 const char *errstr;
144 const char *type = "seconds";
145 size_t len;
146 int mul = 1;
147
148 if (*$1 == '\0') {
149 yyerror("invalid number of seconds: %s", $1);
150 free($1);
151 YYERROR;
152 }
153
154 len = strlen($1);
155 switch ($1[len - 1]) {
156 case 'S':
157 case 's':
158 $1[len - 1] = '\0';
159 break;
160 case 'M':
161 case 'm':
162 type = "minutes";
163 mul = 60;
164 $1[len - 1] = '\0';
165 break;
166 case 'H':
167 case 'h':
168 type = "hours";
169 mul = 60 * 60;
170 $1[len - 1] = '\0';
171 break;
172 }
173
174 $$.tv_usec = 0;
175 $$.tv_sec = strtonum($1, 0, INT_MAX / mul, &errstr);
176 if (errstr) {
177 yyerror("number of %s is %s: %s", type,
178 errstr, $1);
179 free($1);
180 YYERROR;
181 }
182
183 $$.tv_sec *= mul;
184 free($1);
185 }
186 ;
187
188 main : LISTEN ON STRING {
189 if (!got_path_is_absolute($3))
190 yyerror("bad unix socket path \"%s\": "
191 "must be an absolute path", $3);
192
193 if (gotd_proc_id == PROC_LISTEN) {
194 if (strlcpy(gotd->unix_socket_path, $3,
195 sizeof(gotd->unix_socket_path)) >=
196 sizeof(gotd->unix_socket_path)) {
197 yyerror("%s: unix socket path too long",
198 __func__);
199 free($3);
200 YYERROR;
201 }
202 }
203 free($3);
204 }
205 | USER STRING {
206 if (strlcpy(gotd->user_name, $2,
207 sizeof(gotd->user_name)) >=
208 sizeof(gotd->user_name)) {
209 yyerror("%s: user name too long", __func__);
210 free($2);
211 YYERROR;
212 }
213 free($2);
214 }
215 | connection
216 ;
217
218 connection : CONNECTION '{' optnl conflags_l '}'
219 | CONNECTION conflags
220
221 conflags_l : conflags optnl conflags_l
222 | conflags optnl
223 ;
224
225 conflags : REQUEST TIMEOUT timeout {
226 if ($3.tv_sec <= 0) {
227 yyerror("invalid timeout: %lld", $3.tv_sec);
228 YYERROR;
229 }
230 memcpy(&gotd->request_timeout, &$3,
231 sizeof(gotd->request_timeout));
232 }
233 | LIMIT USER STRING NUMBER {
234 if (gotd_proc_id == PROC_LISTEN &&
235 conf_limit_user_connections($3, $4) == -1) {
236 free($3);
237 YYERROR;
238 }
239 free($3);
240 }
241 ;
242
243 protect : PROTECT '{' optnl protectflags_l '}'
244 | PROTECT protectflags
245
246 protectflags_l : protectflags optnl protectflags_l
247 | protectflags optnl
248 ;
249
250 protectflags : TAG NAMESPACE STRING {
251 if (gotd_proc_id == PROC_GOTD ||
252 gotd_proc_id == PROC_REPO_WRITE) {
253 if (conf_protect_tag_namespace(new_repo, $3)) {
254 free($3);
255 YYERROR;
256 }
257 }
258 free($3);
259 }
260 | BRANCH NAMESPACE STRING {
261 if (gotd_proc_id == PROC_GOTD ||
262 gotd_proc_id == PROC_REPO_WRITE) {
263 if (conf_protect_branch_namespace(new_repo,
264 $3)) {
265 free($3);
266 YYERROR;
267 }
268 }
269 free($3);
270 }
271 | BRANCH STRING {
272 if (gotd_proc_id == PROC_GOTD ||
273 gotd_proc_id == PROC_REPO_WRITE) {
274 if (conf_protect_branch(new_repo, $2)) {
275 free($2);
276 YYERROR;
277 }
278 }
279 free($2);
280 }
281 ;
282
283 repository : REPOSITORY STRING {
284 struct gotd_repo *repo;
285
286 TAILQ_FOREACH(repo, &gotd->repos, entry) {
287 if (strcmp(repo->name, $2) == 0) {
288 yyerror("duplicate repository '%s'", $2);
289 free($2);
290 YYERROR;
291 }
292 }
293
294 if (gotd_proc_id == PROC_GOTD ||
295 gotd_proc_id == PROC_AUTH ||
296 gotd_proc_id == PROC_REPO_WRITE) {
297 new_repo = conf_new_repo($2);
298 }
299 free($2);
300 } '{' optnl repoopts2 '}' {
301 }
302 ;
303
304 repoopts1 : PATH STRING {
305 if (gotd_proc_id == PROC_GOTD ||
306 gotd_proc_id == PROC_AUTH ||
307 gotd_proc_id == PROC_REPO_WRITE) {
308 if (!got_path_is_absolute($2)) {
309 yyerror("%s: path %s is not absolute",
310 __func__, $2);
311 free($2);
312 YYERROR;
313 }
314 if (realpath($2, new_repo->path) == NULL) {
315 yyerror("realpath %s: %s", $2,
316 strerror(errno));
317 /*
318 * Give admin a chance to create
319 * missing repositories at run-time.
320 */
321 if (errno != ENOENT) {
322 free($2);
323 YYERROR;
324 } else if (strlcpy(new_repo->path, $2,
325 sizeof(new_repo->path)) >=
326 sizeof(new_repo->path))
327 yyerror("path too long");
328 }
329 }
330 free($2);
331 }
332 | PERMIT RO STRING {
333 if (gotd_proc_id == PROC_AUTH) {
334 conf_new_access_rule(new_repo,
335 GOTD_ACCESS_PERMITTED, GOTD_AUTH_READ, $3);
336 } else
337 free($3);
338 }
339 | PERMIT RW STRING {
340 if (gotd_proc_id == PROC_AUTH) {
341 conf_new_access_rule(new_repo,
342 GOTD_ACCESS_PERMITTED,
343 GOTD_AUTH_READ | GOTD_AUTH_WRITE, $3);
344 } else
345 free($3);
346 }
347 | DENY STRING {
348 if (gotd_proc_id == PROC_AUTH) {
349 conf_new_access_rule(new_repo,
350 GOTD_ACCESS_DENIED, 0, $2);
351 } else
352 free($2);
353 }
354 | protect
355 ;
356
357 repoopts2 : repoopts2 repoopts1 nl
358 | repoopts1 optnl
359 ;
360
361 nl : '\n' optnl
362 ;
363
364 optnl : '\n' optnl /* zero or more newlines */
365 | /* empty */
366 ;
367
368 %%
369
370 struct keywords {
371 const char *k_name;
372 int k_val;
373 };
374
375 int
376 yyerror(const char *fmt, ...)
377 {
378 va_list ap;
379 char *msg;
380
381 file->errors++;
382 va_start(ap, fmt);
383 if (vasprintf(&msg, fmt, ap) == -1)
384 fatalx("yyerror vasprintf");
385 va_end(ap);
386 logit(LOG_CRIT, "%s:%d: %s", file->name, yylval.lineno, msg);
387 free(msg);
388 return (0);
389 }
390
391 int
392 kw_cmp(const void *k, const void *e)
393 {
394 return (strcmp(k, ((const struct keywords *)e)->k_name));
395 }
396
397 int
398 lookup(char *s)
399 {
400 /* This has to be sorted always. */
401 static const struct keywords keywords[] = {
402 { "branch", BRANCH },
403 { "connection", CONNECTION },
404 { "deny", DENY },
405 { "limit", LIMIT },
406 { "listen", LISTEN },
407 { "namespace", NAMESPACE },
408 { "on", ON },
409 { "path", PATH },
410 { "permit", PERMIT },
411 { "protect", PROTECT },
412 { "repository", REPOSITORY },
413 { "request", REQUEST },
414 { "ro", RO },
415 { "rw", RW },
416 { "tag", TAG },
417 { "timeout", TIMEOUT },
418 { "user", USER },
419 };
420 const struct keywords *p;
421
422 p = bsearch(s, keywords, sizeof(keywords)/sizeof(keywords[0]),
423 sizeof(keywords[0]), kw_cmp);
424
425 if (p)
426 return (p->k_val);
427 else
428 return (STRING);
429 }
430
431 #define MAXPUSHBACK 128
432
433 unsigned char *parsebuf;
434 int parseindex;
435 unsigned char pushback_buffer[MAXPUSHBACK];
436 int pushback_index = 0;
437
438 int
439 lgetc(int quotec)
440 {
441 int c, next;
442
443 if (parsebuf) {
444 /* Read character from the parsebuffer instead of input. */
445 if (parseindex >= 0) {
446 c = parsebuf[parseindex++];
447 if (c != '\0')
448 return (c);
449 parsebuf = NULL;
450 } else
451 parseindex++;
452 }
453
454 if (pushback_index)
455 return (pushback_buffer[--pushback_index]);
456
457 if (quotec) {
458 c = getc(file->stream);
459 if (c == EOF)
460 yyerror("reached end of file while parsing "
461 "quoted string");
462 return (c);
463 }
464
465 c = getc(file->stream);
466 while (c == '\\') {
467 next = getc(file->stream);
468 if (next != '\n') {
469 c = next;
470 break;
471 }
472 yylval.lineno = file->lineno;
473 file->lineno++;
474 c = getc(file->stream);
475 }
476
477 return (c);
478 }
479
480 int
481 lungetc(int c)
482 {
483 if (c == EOF)
484 return (EOF);
485 if (parsebuf) {
486 parseindex--;
487 if (parseindex >= 0)
488 return (c);
489 }
490 if (pushback_index < MAXPUSHBACK-1)
491 return (pushback_buffer[pushback_index++] = c);
492 else
493 return (EOF);
494 }
495
496 int
497 findeol(void)
498 {
499 int c;
500
501 parsebuf = NULL;
502
503 /* Skip to either EOF or the first real EOL. */
504 while (1) {
505 if (pushback_index)
506 c = pushback_buffer[--pushback_index];
507 else
508 c = lgetc(0);
509 if (c == '\n') {
510 file->lineno++;
511 break;
512 }
513 if (c == EOF)
514 break;
515 }
516 return (ERROR);
517 }
518
519 int
520 yylex(void)
521 {
522 unsigned char buf[8096];
523 unsigned char *p, *val;
524 int quotec, next, c;
525 int token;
526
527 top:
528 p = buf;
529 c = lgetc(0);
530 while (c == ' ' || c == '\t')
531 c = lgetc(0); /* nothing */
532
533 yylval.lineno = file->lineno;
534 if (c == '#') {
535 c = lgetc(0);
536 while (c != '\n' && c != EOF)
537 c = lgetc(0); /* nothing */
538 }
539 if (c == '$' && parsebuf == NULL) {
540 while (1) {
541 c = lgetc(0);
542 if (c == EOF)
543 return (0);
544
545 if (p + 1 >= buf + sizeof(buf) - 1) {
546 yyerror("string too long");
547 return (findeol());
548 }
549 if (isalnum(c) || c == '_') {
550 *p++ = c;
551 continue;
552 }
553 *p = '\0';
554 lungetc(c);
555 break;
556 }
557 val = symget(buf);
558 if (val == NULL) {
559 yyerror("macro '%s' not defined", buf);
560 return (findeol());
561 }
562 parsebuf = val;
563 parseindex = 0;
564 goto top;
565 }
566
567 switch (c) {
568 case '\'':
569 case '"':
570 quotec = c;
571 while (1) {
572 c = lgetc(quotec);
573 if (c == EOF)
574 return (0);
575 if (c == '\n') {
576 file->lineno++;
577 continue;
578 } else if (c == '\\') {
579 next = lgetc(quotec);
580 if (next == EOF)
581 return (0);
582 if (next == quotec || c == ' ' || c == '\t')
583 c = next;
584 else if (next == '\n') {
585 file->lineno++;
586 continue;
587 } else
588 lungetc(next);
589 } else if (c == quotec) {
590 *p = '\0';
591 break;
592 } else if (c == '\0') {
593 yyerror("syntax error");
594 return (findeol());
595 }
596 if (p + 1 >= buf + sizeof(buf) - 1) {
597 yyerror("string too long");
598 return (findeol());
599 }
600 *p++ = c;
601 }
602 yylval.v.string = strdup(buf);
603 if (yylval.v.string == NULL)
604 err(1, "yylex: strdup");
605 return (STRING);
606 }
607
608 #define allowed_to_end_number(x) \
609 (isspace(x) || x == ')' || x ==',' || x == '/' || x == '}' || x == '=')
610
611 if (c == '-' || isdigit(c)) {
612 do {
613 *p++ = c;
614 if ((unsigned)(p-buf) >= sizeof(buf)) {
615 yyerror("string too long");
616 return (findeol());
617 }
618 c = lgetc(0);
619 } while (c != EOF && isdigit(c));
620 lungetc(c);
621 if (p == buf + 1 && buf[0] == '-')
622 goto nodigits;
623 if (c == EOF || allowed_to_end_number(c)) {
624 const char *errstr = NULL;
625
626 *p = '\0';
627 yylval.v.number = strtonum(buf, LLONG_MIN,
628 LLONG_MAX, &errstr);
629 if (errstr) {
630 yyerror("\"%s\" invalid number: %s",
631 buf, errstr);
632 return (findeol());
633 }
634 return (NUMBER);
635 } else {
636 nodigits:
637 while (p > buf + 1)
638 lungetc(*--p);
639 c = *--p;
640 if (c == '-')
641 return (c);
642 }
643 }
644
645 #define allowed_in_string(x) \
646 (isalnum(x) || (ispunct(x) && x != '(' && x != ')' && \
647 x != '{' && x != '}' && \
648 x != '!' && x != '=' && x != '#' && \
649 x != ','))
650
651 if (isalnum(c) || c == ':' || c == '_') {
652 do {
653 *p++ = c;
654 if ((unsigned)(p-buf) >= sizeof(buf)) {
655 yyerror("string too long");
656 return (findeol());
657 }
658 c = lgetc(0);
659 } while (c != EOF && (allowed_in_string(c)));
660 lungetc(c);
661 *p = '\0';
662 token = lookup(buf);
663 if (token == STRING) {
664 yylval.v.string = strdup(buf);
665 if (yylval.v.string == NULL)
666 err(1, "yylex: strdup");
667 }
668 return (token);
669 }
670 if (c == '\n') {
671 yylval.lineno = file->lineno;
672 file->lineno++;
673 }
674 if (c == EOF)
675 return (0);
676 return (c);
677 }
678
679 int
680 check_file_secrecy(int fd, const char *fname)
681 {
682 struct stat st;
683
684 if (fstat(fd, &st)) {
685 log_warn("cannot stat %s", fname);
686 return (-1);
687 }
688 if (st.st_uid != 0 && st.st_uid != getuid()) {
689 log_warnx("%s: owner not root or current user", fname);
690 return (-1);
691 }
692 if (st.st_mode & (S_IWGRP | S_IXGRP | S_IRWXO)) {
693 log_warnx("%s: group writable or world read/writable", fname);
694 return (-1);
695 }
696 return (0);
697 }
698
699 struct file *
700 newfile(const char *name, int secret, int required)
701 {
702 struct file *nfile;
703
704 nfile = calloc(1, sizeof(struct file));
705 if (nfile == NULL) {
706 log_warn("calloc");
707 return (NULL);
708 }
709 nfile->name = strdup(name);
710 if (nfile->name == NULL) {
711 log_warn("strdup");
712 free(nfile);
713 return (NULL);
714 }
715 nfile->stream = fopen(nfile->name, "r");
716 if (nfile->stream == NULL) {
717 if (required)
718 log_warn("open %s", nfile->name);
719 free(nfile->name);
720 free(nfile);
721 return (NULL);
722 } else if (secret &&
723 check_file_secrecy(fileno(nfile->stream), nfile->name)) {
724 fclose(nfile->stream);
725 free(nfile->name);
726 free(nfile);
727 return (NULL);
728 }
729 nfile->lineno = 1;
730 return (nfile);
731 }
732
733 static void
734 closefile(struct file *xfile)
735 {
736 fclose(xfile->stream);
737 free(xfile->name);
738 free(xfile);
739 }
740
741 int
742 parse_config(const char *filename, enum gotd_procid proc_id,
743 struct gotd *env, int require_config_file)
744 {
745 struct sym *sym, *next;
746 struct gotd_repo *repo;
747
748 memset(env, 0, sizeof(*env));
749
750 gotd = env;
751 gotd_proc_id = proc_id;
752 TAILQ_INIT(&gotd->repos);
753
754 /* Apply default values. */
755 if (strlcpy(gotd->unix_socket_path, GOTD_UNIX_SOCKET,
756 sizeof(gotd->unix_socket_path)) >= sizeof(gotd->unix_socket_path)) {
757 fprintf(stderr, "%s: unix socket path too long", __func__);
758 return -1;
759 }
760 if (strlcpy(gotd->user_name, GOTD_USER,
761 sizeof(gotd->user_name)) >= sizeof(gotd->user_name)) {
762 fprintf(stderr, "%s: user name too long", __func__);
763 return -1;
764 }
765
766 gotd->request_timeout.tv_sec = GOTD_DEFAULT_REQUEST_TIMEOUT;
767 gotd->request_timeout.tv_usec = 0;
768
769 file = newfile(filename, 0, require_config_file);
770 if (file == NULL)
771 return require_config_file ? -1 : 0;
772
773 yyparse();
774 errors = file->errors;
775 closefile(file);
776
777 /* Free macros and check which have not been used. */
778 TAILQ_FOREACH_SAFE(sym, &symhead, entry, next) {
779 if ((gotd->verbosity > 1) && !sym->used)
780 fprintf(stderr, "warning: macro '%s' not used\n",
781 sym->nam);
782 if (!sym->persist) {
783 free(sym->nam);
784 free(sym->val);
785 TAILQ_REMOVE(&symhead, sym, entry);
786 free(sym);
787 }
788 }
789
790 if (errors)
791 return (-1);
792
793 TAILQ_FOREACH(repo, &gotd->repos, entry) {
794 if (repo->path[0] == '\0') {
795 log_warnx("repository \"%s\": no path provided in "
796 "configuration file", repo->name);
797 return (-1);
798 }
799 }
800
801 if (proc_id == PROC_GOTD && TAILQ_EMPTY(&gotd->repos)) {
802 log_warnx("no repository defined in configuration file");
803 return (-1);
804 }
805
806 return (0);
807 }
808
809 static int
810 uid_connection_limit_cmp(const void *pa, const void *pb)
811 {
812 const struct gotd_uid_connection_limit *a = pa, *b = pb;
813
814 if (a->uid < b->uid)
815 return -1;
816 else if (a->uid > b->uid);
817 return 1;
818
819 return 0;
820 }
821
822 static int
823 conf_limit_user_connections(const char *user, int maximum)
824 {
825 uid_t uid;
826 struct gotd_uid_connection_limit *limit;
827 size_t nlimits;
828
829 if (maximum < 1) {
830 yyerror("max connections cannot be smaller 1");
831 return -1;
832 }
833 if (maximum > GOTD_MAXCLIENTS) {
834 yyerror("max connections must be <= %d", GOTD_MAXCLIENTS);
835 return -1;
836 }
837
838 if (gotd_parseuid(user, &uid) == -1) {
839 yyerror("%s: no such user", user);
840 return -1;
841 }
842
843 limit = gotd_find_uid_connection_limit(gotd->connection_limits,
844 gotd->nconnection_limits, uid);
845 if (limit) {
846 limit->max_connections = maximum;
847 return 0;
848 }
849
850 limit = gotd->connection_limits;
851 nlimits = gotd->nconnection_limits + 1;
852 limit = reallocarray(limit, nlimits, sizeof(*limit));
853 if (limit == NULL)
854 fatal("reallocarray");
855
856 limit[nlimits - 1].uid = uid;
857 limit[nlimits - 1].max_connections = maximum;
858
859 gotd->connection_limits = limit;
860 gotd->nconnection_limits = nlimits;
861 qsort(gotd->connection_limits, gotd->nconnection_limits,
862 sizeof(gotd->connection_limits[0]), uid_connection_limit_cmp);
863
864 return 0;
865 }
866
867 static struct gotd_repo *
868 conf_new_repo(const char *name)
869 {
870 struct gotd_repo *repo;
871
872 if (name[0] == '\0') {
873 fatalx("syntax error: empty repository name found in %s",
874 file->name);
875 }
876
877 if (strchr(name, '\n') != NULL)
878 fatalx("repository names must not contain linefeeds: %s", name);
879
880 repo = calloc(1, sizeof(*repo));
881 if (repo == NULL)
882 fatalx("%s: calloc", __func__);
883
884 STAILQ_INIT(&repo->rules);
885 TAILQ_INIT(&repo->protected_tag_namespaces);
886 TAILQ_INIT(&repo->protected_branch_namespaces);
887 TAILQ_INIT(&repo->protected_branches);
888
889 if (strlcpy(repo->name, name, sizeof(repo->name)) >=
890 sizeof(repo->name))
891 fatalx("%s: strlcpy", __func__);
892
893 TAILQ_INSERT_TAIL(&gotd->repos, repo, entry);
894 gotd->nrepos++;
895
896 return repo;
897 };
898
899 static void
900 conf_new_access_rule(struct gotd_repo *repo, enum gotd_access access,
901 int authorization, char *identifier)
902 {
903 struct gotd_access_rule *rule;
904
905 rule = calloc(1, sizeof(*rule));
906 if (rule == NULL)
907 fatal("calloc");
908
909 rule->access = access;
910 rule->authorization = authorization;
911 rule->identifier = identifier;
912
913 STAILQ_INSERT_TAIL(&repo->rules, rule, entry);
914 }
915
916 static int
917 refname_is_valid(char *refname)
918 {
919 if (strlen(refname) < 5 || strncmp(refname, "refs/", 5) != 0) {
920 yyerror("reference name must begin with \"refs/\": %s",
921 refname);
922 return 0;
923 }
924
925 if (!got_ref_name_is_valid(refname)) {
926 yyerror("invalid reference name: %s", refname);
927 return 0;
928 }
929
930 return 1;
931 }
932
933 static int
934 conf_protect_ref_namespace(char **new, struct got_pathlist_head *refs,
935 char *namespace)
936 {
937 const struct got_error *error;
938 struct got_pathlist_entry *pe;
939 char *s;
940
941 *new = NULL;
942
943 got_path_strip_trailing_slashes(namespace);
944 if (!refname_is_valid(namespace))
945 return -1;
946 if (asprintf(&s, "%s/", namespace) == -1) {
947 yyerror("asprintf: %s", strerror(errno));
948 return -1;
949 }
950
951 error = got_pathlist_insert(&pe, refs, s, NULL);
952 if (error || pe == NULL) {
953 free(s);
954 if (error)
955 yyerror("got_pathlist_insert: %s", error->msg);
956 else
957 yyerror("duplicate protected namespace %s", namespace);
958 return -1;
959 }
960
961 *new = s;
962 return 0;
963 }
964
965 static int
966 conf_protect_tag_namespace(struct gotd_repo *repo, char *namespace)
967 {
968 struct got_pathlist_entry *pe;
969 char *new;
970
971 if (conf_protect_ref_namespace(&new, &repo->protected_tag_namespaces,
972 namespace) == -1)
973 return -1;
974
975 TAILQ_FOREACH(pe, &repo->protected_branch_namespaces, entry) {
976 if (strcmp(pe->path, new) == 0) {
977 yyerror("duplicate protected namespace %s", namespace);
978 return -1;
979 }
980 }
981
982 return 0;
983 }
984
985 static int
986 conf_protect_branch_namespace(struct gotd_repo *repo, char *namespace)
987 {
988 struct got_pathlist_entry *pe;
989 char *new;
990
991 if (conf_protect_ref_namespace(&new,
992 &repo->protected_branch_namespaces, namespace) == -1)
993 return -1;
994
995 TAILQ_FOREACH(pe, &repo->protected_tag_namespaces, entry) {
996 if (strcmp(pe->path, new) == 0) {
997 yyerror("duplicate protected namespace %s", namespace);
998 return -1;
999 }
1000 }
1001
1002 return 0;
1003 }
1004
1005 static int
1006 conf_protect_branch(struct gotd_repo *repo, char *branchname)
1007 {
1008 const struct got_error *error;
1009 struct got_pathlist_entry *new;
1010 char *refname;
1011
1012 if (strncmp(branchname, "refs/heads/", 11) != 0) {
1013 if (asprintf(&refname, "refs/heads/%s", branchname) == -1) {
1014 yyerror("asprintf: %s", strerror(errno));
1015 return -1;
1016 }
1017 } else {
1018 refname = strdup(branchname);
1019 if (refname == NULL) {
1020 yyerror("strdup: %s", strerror(errno));
1021 return -1;
1022 }
1023 }
1024
1025 if (!refname_is_valid(refname)) {
1026 free(refname);
1027 return -1;
1028 }
1029
1030 error = got_pathlist_insert(&new, &repo->protected_branches,
1031 refname, NULL);
1032 if (error || new == NULL) {
1033 free(refname);
1034 if (error)
1035 yyerror("got_pathlist_insert: %s", error->msg);
1036 else
1037 yyerror("duplicate protect branch %s", branchname);
1038 return -1;
1039 }
1040
1041 return 0;
1042 }
1043
1044 int
1045 symset(const char *nam, const char *val, int persist)
1046 {
1047 struct sym *sym;
1048
1049 TAILQ_FOREACH(sym, &symhead, entry) {
1050 if (strcmp(nam, sym->nam) == 0)
1051 break;
1052 }
1053
1054 if (sym != NULL) {
1055 if (sym->persist == 1)
1056 return (0);
1057 else {
1058 free(sym->nam);
1059 free(sym->val);
1060 TAILQ_REMOVE(&symhead, sym, entry);
1061 free(sym);
1062 }
1063 }
1064 sym = calloc(1, sizeof(*sym));
1065 if (sym == NULL)
1066 return (-1);
1067
1068 sym->nam = strdup(nam);
1069 if (sym->nam == NULL) {
1070 free(sym);
1071 return (-1);
1072 }
1073 sym->val = strdup(val);
1074 if (sym->val == NULL) {
1075 free(sym->nam);
1076 free(sym);
1077 return (-1);
1078 }
1079 sym->used = 0;
1080 sym->persist = persist;
1081 TAILQ_INSERT_TAIL(&symhead, sym, entry);
1082 return (0);
1083 }
1084
1085 char *
1086 symget(const char *nam)
1087 {
1088 struct sym *sym;
1089
1090 TAILQ_FOREACH(sym, &symhead, entry) {
1091 if (strcmp(nam, sym->nam) == 0) {
1092 sym->used = 1;
1093 return (sym->val);
1094 }
1095 }
1096 return (NULL);
1097 }
1098
1099 struct gotd_repo *
1100 gotd_find_repo_by_name(const char *repo_name, struct gotd *gotd)
1101 {
1102 struct gotd_repo *repo;
1103 size_t namelen;
1104
1105 TAILQ_FOREACH(repo, &gotd->repos, entry) {
1106 namelen = strlen(repo->name);
1107 if (strncmp(repo->name, repo_name, namelen) != 0)
1108 continue;
1109 if (repo_name[namelen] == '\0' ||
1110 strcmp(&repo_name[namelen], ".git") == 0)
1111 return repo;
1112 }
1113
1114 return NULL;
1115 }
1116
1117 struct gotd_repo *
1118 gotd_find_repo_by_path(const char *repo_path, struct gotd *gotd)
1119 {
1120 struct gotd_repo *repo;
1121
1122 TAILQ_FOREACH(repo, &gotd->repos, entry) {
1123 if (strcmp(repo->path, repo_path) == 0)
1124 return repo;
1125 }
1126
1127 return NULL;
1128 }
1129
1130 struct gotd_uid_connection_limit *
1131 gotd_find_uid_connection_limit(struct gotd_uid_connection_limit *limits,
1132 size_t nlimits, uid_t uid)
1133 {
1134 /* This array is always sorted to allow for binary search. */
1135 int i, left = 0, right = nlimits - 1;
1136
1137 while (left <= right) {
1138 i = ((left + right) / 2);
1139 if (limits[i].uid == uid)
1140 return &limits[i];
1141 if (limits[i].uid > uid)
1142 left = i + 1;
1143 else
1144 right = i - 1;
1145 }
1146
1147 return NULL;
1148 }
1149
1150 int
1151 gotd_parseuid(const char *s, uid_t *uid)
1152 {
1153 struct passwd *pw;
1154 const char *errstr;
1155
1156 if ((pw = getpwnam(s)) != NULL) {
1157 *uid = pw->pw_uid;
1158 if (*uid == UID_MAX)
1159 return -1;
1160 return 0;
1161 }
1162 *uid = strtonum(s, 0, UID_MAX - 1, &errstr);
1163 if (errstr)
1164 return -1;
1165 return 0;
1166 }
portable version of Game of Trees