Simplify git-lfs-authenticate, rip out Gitolite

Zero dependencies for git-lfs-authenticate now. Not compatible with the LFS server. Assumes that any user who has access to the Git user, should have access to all repositories.
author: Rutger Broekhoff 2024-01-09 18:13:01 +0100
committer: Rutger Broekhoff 2024-01-09 18:13:01 +0100
commit: bc465de960aa5d53b28d51bd6bbead28433f2010 (patch)
tree: 2beb723462e122ad61a83eab04df2f682c2e7480 /cmd/git-lfs-authenticate/main.c
parent: 6345d7df02784887311a403ce1267fc4e82f13aa (diff)
download: gitolfs3-bc465de960aa5d53b28d51bd6bbead28433f2010.tar.gz
gitolfs3-bc465de960aa5d53b28d51bd6bbead28433f2010.zip
1 files changed, 254 insertions, 0 deletions
diff --git a/cmd/git-lfs-authenticate/main.c b/cmd/git-lfs-authenticate/main.c
new file mode 100644
index 0000000..0f45e49
--- /dev/null
+++ b/cmd/git-lfs-authenticate/main.c
@@ -0,0 +1,254 @@
+#include <assert.h>
+#include <ctype.h>
+#include <errno.h>
+#include <stdbool.h>
+#include <stdio.h>
+#include <string.h>
+#include <sys/stat.h>
+#include <openssl/evp.h>
+#include <openssl/hmac.h>
+void die(const char *format, ...) {
+        fputs("Fatal: ", stderr);
+        va_list ap;
+        va_start(ap, format);
+        vfprintf(stderr, format, ap);
+        va_end(ap);
+        fputc('\n', stderr);
+        exit(EXIT_FAILURE);
+}
+#define USAGE "Usage: git-lfs-authenticate <REPO> upload/download"
+bool hasprefix(const char *str, const char *prefix) {
+        if (strlen(prefix) > strlen(str))
+                return false;
+        return !strncmp(str, prefix, strlen(prefix));
+}
+bool hassuffix(const char *str, const char *suffix) {
+        if (strlen(suffix) > strlen(str))
+                return false;
+        str += strlen(str) - strlen(suffix);
+        return !strcmp(str, suffix);
+}
+const char *trimspace(const char *str, size_t *length) {
+        while (*length > 0 && isspace(str[0])) {
+                str++; (*length)--;
+        }
+        while (*length > 0 && isspace(str[*length - 1]))
+                (*length)--;
+        return str;
+}
+void printescjson(const char *str) {
+        for (size_t i = 0; i < strlen(str); i++) {
+                switch (str[i]) {
+                case '"':  fputs("\\\"", stdout); break;
+                case '\\': fputs("\\\\", stdout); break;
+                case '\b': fputs("\\b",  stdout); break;
+                case '\f': fputs("\\f",  stdout); break;
+                case '\n': fputs("\\n",  stdout); break;
+                case '\r': fputs("\\r",  stdout); break;
+                case '\t': fputs("\\t",  stdout); break;
+                default:   fputc(str[i], stdout);
+                }
+        }
+}
+void checkrepopath(const char *path) {
+        if (strstr(path, "//") || strstr(path, "/./") || strstr(path, "/../")
+         || hasprefix(path, "./") || hasprefix(path, "../") || hasprefix(path, "/../"))
+                die("Bad repository name: is unresolved path");
+        if (strlen(path) > 100)
+                die("Bad repository name: longer than 100 characters");
+        if (hassuffix(path, "/"))
+                die("Bad repositry name: unexpected trailing slash");
+        if (hasprefix(path, "/"))
+                die("Bad repository name: unexpected absolute path");
+        if (!hassuffix(path, ".git"))
+                die("Bad repository name: expected '.git' repo path suffix");
+        struct stat statbuf;
+        if (stat(path, &statbuf)) {
+                if (errno == ENOENT)
+                        die("Repo not found");
+                die("Could not stat repo: %s", strerror(errno));
+        }
+        if (!S_ISDIR(statbuf.st_mode)) {
+                die("Repo not found");
+        }
+}
+char *readkeyfile(const char *path, size_t *len) {
+        FILE *f = fopen(path, "r");
+        if (!f)
+                die("Cannot read key file: %s", strerror(errno));
+        *len = 0;
+        size_t bufcap = 4096;
+        char *buf = malloc(bufcap);
+        while (!feof(f) && !ferror(f)) {
+                if (*len + 4096 > bufcap) {
+                        bufcap *= 2;
+                        buf = realloc(buf, bufcap);
+                }
+                *len += fread(buf + *len, sizeof(char), 4096, f);
+        }
+        if (ferror(f) && !feof(f)) {
+                OPENSSL_cleanse(buf, *len);
+                die("Failed to read key file (length: %lu)", *len);
+        }
+        fclose(f);
+        return buf;
+}
+#define KEYSIZE 64
+void readkey(const char *path, uint8_t dest[KEYSIZE]) {
+        size_t keybuf_len = 0;
+        char *keybuf = readkeyfile(path, &keybuf_len);
+        size_t keystr_len = keybuf_len;
+        const char *keystr = trimspace(keybuf, &keystr_len);
+        if (keystr_len != 2 * KEYSIZE) {
+                OPENSSL_cleanse(keybuf, keybuf_len);
+                die("Bad key length");
+        }
+        for (size_t i = 0; i < KEYSIZE; i++) {
+                const char c = keystr[i];
+                uint8_t nibble = 0;
+                if (c >= '0' && c <= '9')
+                        nibble = c - '0';
+                else if (c >= 'a' && c <= 'f')
+                        nibble = c - 'a' + 10;
+                else if (c >= 'A' && c <= 'F')
+                        nibble = c - 'A' + 10;
+                else {
+                        OPENSSL_cleanse(keybuf, keybuf_len);
+                        OPENSSL_cleanse(dest, KEYSIZE);
+                        die("Cannot decode key");
+                }
+                size_t ikey = i / 2;
+                if (i % 2) dest[ikey] |= nibble;
+                else dest[ikey] = nibble << 4;
+        }
+        OPENSSL_cleanse(keybuf, keybuf_len);
+        free(keybuf);
+}
+void u64tobe(uint64_t x, uint8_t b[8]) {
+        b[0] = (uint8_t)(x >> 56);
+        b[1] = (uint8_t)(x >> 48);
+        b[2] = (uint8_t)(x >> 40);
+        b[3] = (uint8_t)(x >> 32);
+        b[4] = (uint8_t)(x >> 24);
+        b[5] = (uint8_t)(x >> 16);
+        b[6] = (uint8_t)(x >>  8);
+        b[7] = (uint8_t)(x >>  0);
+}
+#define MAX_TAG_SIZE EVP_MAX_MD_SIZE
+typedef struct taginfo {
+        const char    *authtype;
+        const char    *repopath;
+        const char    *operation;
+        const int64_t  expiresat_s;
+} taginfo_t;
+void *memcat(void *dest, const void *src, size_t n) {
+        return memcpy(dest, src, n) + n;
+}
+void maketag(const taginfo_t info, uint8_t key[KEYSIZE], uint8_t dest[MAX_TAG_SIZE], uint32_t *len) {
+        uint8_t expiresat_b[8];
+        u64tobe(info.expiresat_s, expiresat_b);
+        const uint8_t zero[1] = { 0 };
+        const size_t fullsize = strlen(info.authtype) +
+                1 + strlen(info.repopath) +
+                1 + strlen(info.operation) +
+                1 + sizeof(expiresat_b);
+        uint8_t *claimbuf = alloca(fullsize);
+        uint8_t *head = claimbuf;
+        head = memcat(head, info.authtype, strlen(info.authtype));
+        head = memcat(head, zero, 1);
+        head = memcat(head, info.repopath, strlen(info.repopath));
+        head = memcat(head, zero, 1);
+        head = memcat(head, info.operation, strlen(info.operation));
+        head = memcat(head, zero, 1);
+        head = memcat(head, expiresat_b, sizeof(expiresat_b));
+        assert(head == claimbuf + fullsize);
+        memset(dest, 0, MAX_TAG_SIZE);
+        *len = 0;
+        if (!HMAC(EVP_sha256(), key, KEYSIZE, claimbuf, fullsize, dest, len)) {
+                OPENSSL_cleanse(key, KEYSIZE);
+                die("Failed to generate tag");
+        }
+}
+#define MAX_HEXTAG_STRLEN MAX_TAG_SIZE * 2
+void makehextag(const taginfo_t info, uint8_t key[KEYSIZE], char dest[MAX_HEXTAG_STRLEN + 1]) {
+        uint8_t rawtag[MAX_TAG_SIZE];
+        uint32_t rawtag_len;
+        maketag(info, key, rawtag, &rawtag_len);
+        memset(dest, 0, MAX_HEXTAG_STRLEN + 1);
+        for (size_t i = 0; i < rawtag_len; i++) {
+                uint8_t b = rawtag[i];
+                dest[i] = (b >> 4) + ((b >> 4) < 10 ? '0' : 'a');
+                dest[i + 1] = (b & 0x0F) + ((b & 0x0F) < 10 ? '0' : 'a');
+        }
+}
+int main(int argc, char *argv[]) {
+        if (argc != 3) {
+                puts(USAGE);
+                exit(EXIT_FAILURE);
+        }
+        const char *repopath  = argv[1];
+        const char *operation = argv[2];
+        if (strcmp(operation, "download") && strcmp(operation, "upload")) {
+                puts(USAGE);
+                exit(EXIT_FAILURE);
+        }
+        checkrepopath(repopath);
+        const char *hrefbase = getenv("GITOLFS3_HREF_BASE");
+        const char *keypath = getenv("GITOLFS3_KEY_PATH");
+        
+        if (!hrefbase || strlen(hrefbase) == 0)
+                die("Incomplete configuration: base URL not provided");
+        if (hrefbase[strlen(hrefbase) - 1] != '/')
+                die("Bad configuration: base URL should end with slash");
+        if (!keypath || strlen(keypath) == 0)
+                die("Incomplete configuration: key path not provided");
+        uint8_t key[64];
+        readkey(keypath, key);
+        int64_t expiresin_s = 5 * 60;
+        int64_t expiresat_s = (int64_t)time(NULL) + expiresin_s;
+        taginfo_t taginfo = {
+                .authtype    = "git-lfs-authenticate",
+                .repopath    = repopath,
+                .operation   = operation,
+                .expiresat_s = expiresat_s,
+        };
+        char hextag[MAX_HEXTAG_STRLEN + 1];
+        makehextag(taginfo, key, hextag);
+        printf("{\"header\":{\"Authorization\":\"Gitolfs3-Hmac-Sha256 %s\"},\"expires_in\":%ld,\"href\":\"", hextag, expiresin_s);
+        printescjson(hrefbase);
+        printescjson(repopath);
+        printf("/info/lfs?p=1&te=%ld\"}\n", expiresat_s);
+}
author	Rutger Broekhoff	2024-01-09 18:13:01 +0100
committer	Rutger Broekhoff	2024-01-09 18:13:01 +0100
commit	bc465de960aa5d53b28d51bd6bbead28433f2010 (patch)
tree	2beb723462e122ad61a83eab04df2f682c2e7480 /cmd/git-lfs-authenticate/main.c
parent	6345d7df02784887311a403ce1267fc4e82f13aa (diff)
download	gitolfs3-bc465de960aa5d53b28d51bd6bbead28433f2010.tar.gz gitolfs3-bc465de960aa5d53b28d51bd6bbead28433f2010.zip

diff --git a/cmd/git-lfs-authenticate/main.c b/cmd/git-lfs-authenticate/main.c new file mode 100644 index 0000000..0f45e49 --- /dev/null +++ b/cmd/git-lfs-authenticate/main.c
@@ -0,0 +1,254 @@
	1	#include <assert.h>
	2	#include <ctype.h>
	3	#include <errno.h>
	4	#include <stdbool.h>
	5	#include <stdio.h>
	6	#include <string.h>
	7
	8	#include <sys/stat.h>
	9
	10	#include <openssl/evp.h>
	11	#include <openssl/hmac.h>
	12
	13	void die(const char *format, ...) {
	14	fputs("Fatal: ", stderr);
	15	va_list ap;
	16	va_start(ap, format);
	17	vfprintf(stderr, format, ap);
	18	va_end(ap);
	19	fputc('\n', stderr);
	20	exit(EXIT_FAILURE);
	21	}
	22
	23	#define USAGE "Usage: git-lfs-authenticate <REPO> upload/download"
	24
	25	bool hasprefix(const char str, const char prefix) {
	26	if (strlen(prefix) > strlen(str))
	27	return false;
	28	return !strncmp(str, prefix, strlen(prefix));
	29	}
	30
	31	bool hassuffix(const char str, const char suffix) {
	32	if (strlen(suffix) > strlen(str))
	33	return false;
	34	str += strlen(str) - strlen(suffix);
	35	return !strcmp(str, suffix);
	36	}
	37
	38	const char trimspace(const char str, size_t *length) {
	39	while (*length > 0 && isspace(str[0])) {
	40	str++; (*length)--;
	41	}
	42	while (length > 0 && isspace(str[length - 1]))
	43	(*length)--;
	44	return str;
	45	}
	46
	47	void printescjson(const char *str) {
	48	for (size_t i = 0; i < strlen(str); i++) {
	49	switch (str[i]) {
	50	case '"': fputs("\\\"", stdout); break;
	51	case '\\': fputs("\\\\", stdout); break;
	52	case '\b': fputs("\\b", stdout); break;
	53	case '\f': fputs("\\f", stdout); break;
	54	case '\n': fputs("\\n", stdout); break;
	55	case '\r': fputs("\\r", stdout); break;
	56	case '\t': fputs("\\t", stdout); break;
	57	default: fputc(str[i], stdout);
	58	}
	59	}
	60	}
	61
	62	void checkrepopath(const char *path) {
	63	if (strstr(path, "//") \|\| strstr(path, "/./") \|\| strstr(path, "/../")
	64	\|\| hasprefix(path, "./") \|\| hasprefix(path, "../") \|\| hasprefix(path, "/../"))
	65	die("Bad repository name: is unresolved path");
	66	if (strlen(path) > 100)
	67	die("Bad repository name: longer than 100 characters");
	68	if (hassuffix(path, "/"))
	69	die("Bad repositry name: unexpected trailing slash");
	70	if (hasprefix(path, "/"))
	71	die("Bad repository name: unexpected absolute path");
	72	if (!hassuffix(path, ".git"))
	73	die("Bad repository name: expected '.git' repo path suffix");
	74
	75	struct stat statbuf;
	76	if (stat(path, &statbuf)) {
	77	if (errno == ENOENT)
	78	die("Repo not found");
	79	die("Could not stat repo: %s", strerror(errno));
	80	}
	81	if (!S_ISDIR(statbuf.st_mode)) {
	82	die("Repo not found");
	83	}
	84	}
	85
	86	char readkeyfile(const char path, size_t *len) {
	87	FILE *f = fopen(path, "r");
	88	if (!f)
	89	die("Cannot read key file: %s", strerror(errno));
	90	*len = 0;
	91	size_t bufcap = 4096;
	92	char *buf = malloc(bufcap);
	93	while (!feof(f) && !ferror(f)) {
	94	if (*len + 4096 > bufcap) {
	95	bufcap *= 2;
	96	buf = realloc(buf, bufcap);
	97	}
	98	len += fread(buf + len, sizeof(char), 4096, f);
	99	}
	100	if (ferror(f) && !feof(f)) {
	101	OPENSSL_cleanse(buf, *len);
	102	die("Failed to read key file (length: %lu)", *len);
	103	}
	104	fclose(f);
	105	return buf;
	106	}
	107
	108	#define KEYSIZE 64
	109
	110	void readkey(const char *path, uint8_t dest[KEYSIZE]) {
	111	size_t keybuf_len = 0;
	112	char *keybuf = readkeyfile(path, &keybuf_len);
	113
	114	size_t keystr_len = keybuf_len;
	115	const char *keystr = trimspace(keybuf, &keystr_len);
	116	if (keystr_len != 2 * KEYSIZE) {
	117	OPENSSL_cleanse(keybuf, keybuf_len);
	118	die("Bad key length");
	119	}
	120
	121	for (size_t i = 0; i < KEYSIZE; i++) {
	122	const char c = keystr[i];
	123	uint8_t nibble = 0;
	124	if (c >= '0' && c <= '9')
	125	nibble = c - '0';
	126	else if (c >= 'a' && c <= 'f')
	127	nibble = c - 'a' + 10;
	128	else if (c >= 'A' && c <= 'F')
	129	nibble = c - 'A' + 10;
	130	else {
	131	OPENSSL_cleanse(keybuf, keybuf_len);
	132	OPENSSL_cleanse(dest, KEYSIZE);
	133	die("Cannot decode key");
	134	}
	135	size_t ikey = i / 2;
	136	if (i % 2) dest[ikey] \|= nibble;
	137	else dest[ikey] = nibble << 4;
	138	}
	139
	140	OPENSSL_cleanse(keybuf, keybuf_len);
	141	free(keybuf);
	142	}
	143
	144	void u64tobe(uint64_t x, uint8_t b[8]) {
	145	b[0] = (uint8_t)(x >> 56);
	146	b[1] = (uint8_t)(x >> 48);
	147	b[2] = (uint8_t)(x >> 40);
	148	b[3] = (uint8_t)(x >> 32);
	149	b[4] = (uint8_t)(x >> 24);
	150	b[5] = (uint8_t)(x >> 16);
	151	b[6] = (uint8_t)(x >> 8);
	152	b[7] = (uint8_t)(x >> 0);
	153	}
	154
	155	#define MAX_TAG_SIZE EVP_MAX_MD_SIZE
	156
	157	typedef struct taginfo {
	158	const char *authtype;
	159	const char *repopath;
	160	const char *operation;
	161	const int64_t expiresat_s;
	162	} taginfo_t;
	163
	164	void memcat(void dest, const void *src, size_t n) {
	165	return memcpy(dest, src, n) + n;
	166	}
	167
	168	void maketag(const taginfo_t info, uint8_t key[KEYSIZE], uint8_t dest[MAX_TAG_SIZE], uint32_t *len) {
	169	uint8_t expiresat_b[8];
	170	u64tobe(info.expiresat_s, expiresat_b);
	171
	172	const uint8_t zero[1] = { 0 };
	173	const size_t fullsize = strlen(info.authtype) +
	174	1 + strlen(info.repopath) +
	175	1 + strlen(info.operation) +
	176	1 + sizeof(expiresat_b);
	177	uint8_t *claimbuf = alloca(fullsize);
	178	uint8_t *head = claimbuf;
	179	head = memcat(head, info.authtype, strlen(info.authtype));
	180	head = memcat(head, zero, 1);
	181	head = memcat(head, info.repopath, strlen(info.repopath));
	182	head = memcat(head, zero, 1);
	183	head = memcat(head, info.operation, strlen(info.operation));
	184	head = memcat(head, zero, 1);
	185	head = memcat(head, expiresat_b, sizeof(expiresat_b));
	186	assert(head == claimbuf + fullsize);
	187
	188	memset(dest, 0, MAX_TAG_SIZE);
	189	*len = 0;
	190	if (!HMAC(EVP_sha256(), key, KEYSIZE, claimbuf, fullsize, dest, len)) {
	191	OPENSSL_cleanse(key, KEYSIZE);
	192	die("Failed to generate tag");
	193	}
	194	}
	195
	196	#define MAX_HEXTAG_STRLEN MAX_TAG_SIZE * 2
	197
	198	void makehextag(const taginfo_t info, uint8_t key[KEYSIZE], char dest[MAX_HEXTAG_STRLEN + 1]) {
	199	uint8_t rawtag[MAX_TAG_SIZE];
	200	uint32_t rawtag_len;
	201	maketag(info, key, rawtag, &rawtag_len);
	202
	203	memset(dest, 0, MAX_HEXTAG_STRLEN + 1);
	204	for (size_t i = 0; i < rawtag_len; i++) {
	205	uint8_t b = rawtag[i];
	206	dest[i] = (b >> 4) + ((b >> 4) < 10 ? '0' : 'a');
	207	dest[i + 1] = (b & 0x0F) + ((b & 0x0F) < 10 ? '0' : 'a');
	208	}
	209	}
	210
	211	int main(int argc, char *argv[]) {
	212	if (argc != 3) {
	213	puts(USAGE);
	214	exit(EXIT_FAILURE);
	215	}
	216
	217	const char *repopath = argv[1];
	218	const char *operation = argv[2];
	219	if (strcmp(operation, "download") && strcmp(operation, "upload")) {
	220	puts(USAGE);
	221	exit(EXIT_FAILURE);
	222	}
	223	checkrepopath(repopath);
	224
	225	const char *hrefbase = getenv("GITOLFS3_HREF_BASE");
	226	const char *keypath = getenv("GITOLFS3_KEY_PATH");
	227
	228	if (!hrefbase \|\| strlen(hrefbase) == 0)
	229	die("Incomplete configuration: base URL not provided");
	230	if (hrefbase[strlen(hrefbase) - 1] != '/')
	231	die("Bad configuration: base URL should end with slash");
	232	if (!keypath \|\| strlen(keypath) == 0)
	233	die("Incomplete configuration: key path not provided");
	234
	235	uint8_t key[64];
	236	readkey(keypath, key);
	237
	238	int64_t expiresin_s = 5 * 60;
	239	int64_t expiresat_s = (int64_t)time(NULL) + expiresin_s;
	240
	241	taginfo_t taginfo = {
	242	.authtype = "git-lfs-authenticate",
	243	.repopath = repopath,
	244	.operation = operation,
	245	.expiresat_s = expiresat_s,
	246	};
	247	char hextag[MAX_HEXTAG_STRLEN + 1];
	248	makehextag(taginfo, key, hextag);
	249
	250	printf("{\"header\":{\"Authorization\":\"Gitolfs3-Hmac-Sha256 %s\"},\"expires_in\":%ld,\"href\":\"", hextag, expiresin_s);
	251	printescjson(hrefbase);
	252	printescjson(repopath);
	253	printf("/info/lfs?p=1&te=%ld\"}\n", expiresat_s);
	254	}