diff options
author | Rutger Broekhoff | 2024-01-09 18:13:01 +0100 |
---|---|---|
committer | Rutger Broekhoff | 2024-01-09 18:13:01 +0100 |
commit | bc465de960aa5d53b28d51bd6bbead28433f2010 (patch) | |
tree | 2beb723462e122ad61a83eab04df2f682c2e7480 /cmd/git-lfs-authenticate/main.c | |
parent | 6345d7df02784887311a403ce1267fc4e82f13aa (diff) | |
download | gitolfs3-bc465de960aa5d53b28d51bd6bbead28433f2010.tar.gz gitolfs3-bc465de960aa5d53b28d51bd6bbead28433f2010.zip |
Simplify git-lfs-authenticate, rip out Gitolite
Zero dependencies for git-lfs-authenticate now. Not compatible with the
LFS server. Assumes that any user who has access to the Git user, should
have access to all repositories.
Diffstat (limited to 'cmd/git-lfs-authenticate/main.c')
-rw-r--r-- | cmd/git-lfs-authenticate/main.c | 254 |
1 files changed, 254 insertions, 0 deletions
diff --git a/cmd/git-lfs-authenticate/main.c b/cmd/git-lfs-authenticate/main.c new file mode 100644 index 0000000..0f45e49 --- /dev/null +++ b/cmd/git-lfs-authenticate/main.c | |||
@@ -0,0 +1,254 @@ | |||
1 | #include <assert.h> | ||
2 | #include <ctype.h> | ||
3 | #include <errno.h> | ||
4 | #include <stdbool.h> | ||
5 | #include <stdio.h> | ||
6 | #include <string.h> | ||
7 | |||
8 | #include <sys/stat.h> | ||
9 | |||
10 | #include <openssl/evp.h> | ||
11 | #include <openssl/hmac.h> | ||
12 | |||
13 | void die(const char *format, ...) { | ||
14 | fputs("Fatal: ", stderr); | ||
15 | va_list ap; | ||
16 | va_start(ap, format); | ||
17 | vfprintf(stderr, format, ap); | ||
18 | va_end(ap); | ||
19 | fputc('\n', stderr); | ||
20 | exit(EXIT_FAILURE); | ||
21 | } | ||
22 | |||
23 | #define USAGE "Usage: git-lfs-authenticate <REPO> upload/download" | ||
24 | |||
25 | bool hasprefix(const char *str, const char *prefix) { | ||
26 | if (strlen(prefix) > strlen(str)) | ||
27 | return false; | ||
28 | return !strncmp(str, prefix, strlen(prefix)); | ||
29 | } | ||
30 | |||
31 | bool hassuffix(const char *str, const char *suffix) { | ||
32 | if (strlen(suffix) > strlen(str)) | ||
33 | return false; | ||
34 | str += strlen(str) - strlen(suffix); | ||
35 | return !strcmp(str, suffix); | ||
36 | } | ||
37 | |||
38 | const char *trimspace(const char *str, size_t *length) { | ||
39 | while (*length > 0 && isspace(str[0])) { | ||
40 | str++; (*length)--; | ||
41 | } | ||
42 | while (*length > 0 && isspace(str[*length - 1])) | ||
43 | (*length)--; | ||
44 | return str; | ||
45 | } | ||
46 | |||
47 | void printescjson(const char *str) { | ||
48 | for (size_t i = 0; i < strlen(str); i++) { | ||
49 | switch (str[i]) { | ||
50 | case '"': fputs("\\\"", stdout); break; | ||
51 | case '\\': fputs("\\\\", stdout); break; | ||
52 | case '\b': fputs("\\b", stdout); break; | ||
53 | case '\f': fputs("\\f", stdout); break; | ||
54 | case '\n': fputs("\\n", stdout); break; | ||
55 | case '\r': fputs("\\r", stdout); break; | ||
56 | case '\t': fputs("\\t", stdout); break; | ||
57 | default: fputc(str[i], stdout); | ||
58 | } | ||
59 | } | ||
60 | } | ||
61 | |||
62 | void checkrepopath(const char *path) { | ||
63 | if (strstr(path, "//") || strstr(path, "/./") || strstr(path, "/../") | ||
64 | || hasprefix(path, "./") || hasprefix(path, "../") || hasprefix(path, "/../")) | ||
65 | die("Bad repository name: is unresolved path"); | ||
66 | if (strlen(path) > 100) | ||
67 | die("Bad repository name: longer than 100 characters"); | ||
68 | if (hassuffix(path, "/")) | ||
69 | die("Bad repositry name: unexpected trailing slash"); | ||
70 | if (hasprefix(path, "/")) | ||
71 | die("Bad repository name: unexpected absolute path"); | ||
72 | if (!hassuffix(path, ".git")) | ||
73 | die("Bad repository name: expected '.git' repo path suffix"); | ||
74 | |||
75 | struct stat statbuf; | ||
76 | if (stat(path, &statbuf)) { | ||
77 | if (errno == ENOENT) | ||
78 | die("Repo not found"); | ||
79 | die("Could not stat repo: %s", strerror(errno)); | ||
80 | } | ||
81 | if (!S_ISDIR(statbuf.st_mode)) { | ||
82 | die("Repo not found"); | ||
83 | } | ||
84 | } | ||
85 | |||
86 | char *readkeyfile(const char *path, size_t *len) { | ||
87 | FILE *f = fopen(path, "r"); | ||
88 | if (!f) | ||
89 | die("Cannot read key file: %s", strerror(errno)); | ||
90 | *len = 0; | ||
91 | size_t bufcap = 4096; | ||
92 | char *buf = malloc(bufcap); | ||
93 | while (!feof(f) && !ferror(f)) { | ||
94 | if (*len + 4096 > bufcap) { | ||
95 | bufcap *= 2; | ||
96 | buf = realloc(buf, bufcap); | ||
97 | } | ||
98 | *len += fread(buf + *len, sizeof(char), 4096, f); | ||
99 | } | ||
100 | if (ferror(f) && !feof(f)) { | ||
101 | OPENSSL_cleanse(buf, *len); | ||
102 | die("Failed to read key file (length: %lu)", *len); | ||
103 | } | ||
104 | fclose(f); | ||
105 | return buf; | ||
106 | } | ||
107 | |||
108 | #define KEYSIZE 64 | ||
109 | |||
110 | void readkey(const char *path, uint8_t dest[KEYSIZE]) { | ||
111 | size_t keybuf_len = 0; | ||
112 | char *keybuf = readkeyfile(path, &keybuf_len); | ||
113 | |||
114 | size_t keystr_len = keybuf_len; | ||
115 | const char *keystr = trimspace(keybuf, &keystr_len); | ||
116 | if (keystr_len != 2 * KEYSIZE) { | ||
117 | OPENSSL_cleanse(keybuf, keybuf_len); | ||
118 | die("Bad key length"); | ||
119 | } | ||
120 | |||
121 | for (size_t i = 0; i < KEYSIZE; i++) { | ||
122 | const char c = keystr[i]; | ||
123 | uint8_t nibble = 0; | ||
124 | if (c >= '0' && c <= '9') | ||
125 | nibble = c - '0'; | ||
126 | else if (c >= 'a' && c <= 'f') | ||
127 | nibble = c - 'a' + 10; | ||
128 | else if (c >= 'A' && c <= 'F') | ||
129 | nibble = c - 'A' + 10; | ||
130 | else { | ||
131 | OPENSSL_cleanse(keybuf, keybuf_len); | ||
132 | OPENSSL_cleanse(dest, KEYSIZE); | ||
133 | die("Cannot decode key"); | ||
134 | } | ||
135 | size_t ikey = i / 2; | ||
136 | if (i % 2) dest[ikey] |= nibble; | ||
137 | else dest[ikey] = nibble << 4; | ||
138 | } | ||
139 | |||
140 | OPENSSL_cleanse(keybuf, keybuf_len); | ||
141 | free(keybuf); | ||
142 | } | ||
143 | |||
144 | void u64tobe(uint64_t x, uint8_t b[8]) { | ||
145 | b[0] = (uint8_t)(x >> 56); | ||
146 | b[1] = (uint8_t)(x >> 48); | ||
147 | b[2] = (uint8_t)(x >> 40); | ||
148 | b[3] = (uint8_t)(x >> 32); | ||
149 | b[4] = (uint8_t)(x >> 24); | ||
150 | b[5] = (uint8_t)(x >> 16); | ||
151 | b[6] = (uint8_t)(x >> 8); | ||
152 | b[7] = (uint8_t)(x >> 0); | ||
153 | } | ||
154 | |||
155 | #define MAX_TAG_SIZE EVP_MAX_MD_SIZE | ||
156 | |||
157 | typedef struct taginfo { | ||
158 | const char *authtype; | ||
159 | const char *repopath; | ||
160 | const char *operation; | ||
161 | const int64_t expiresat_s; | ||
162 | } taginfo_t; | ||
163 | |||
164 | void *memcat(void *dest, const void *src, size_t n) { | ||
165 | return memcpy(dest, src, n) + n; | ||
166 | } | ||
167 | |||
168 | void maketag(const taginfo_t info, uint8_t key[KEYSIZE], uint8_t dest[MAX_TAG_SIZE], uint32_t *len) { | ||
169 | uint8_t expiresat_b[8]; | ||
170 | u64tobe(info.expiresat_s, expiresat_b); | ||
171 | |||
172 | const uint8_t zero[1] = { 0 }; | ||
173 | const size_t fullsize = strlen(info.authtype) + | ||
174 | 1 + strlen(info.repopath) + | ||
175 | 1 + strlen(info.operation) + | ||
176 | 1 + sizeof(expiresat_b); | ||
177 | uint8_t *claimbuf = alloca(fullsize); | ||
178 | uint8_t *head = claimbuf; | ||
179 | head = memcat(head, info.authtype, strlen(info.authtype)); | ||
180 | head = memcat(head, zero, 1); | ||
181 | head = memcat(head, info.repopath, strlen(info.repopath)); | ||
182 | head = memcat(head, zero, 1); | ||
183 | head = memcat(head, info.operation, strlen(info.operation)); | ||
184 | head = memcat(head, zero, 1); | ||
185 | head = memcat(head, expiresat_b, sizeof(expiresat_b)); | ||
186 | assert(head == claimbuf + fullsize); | ||
187 | |||
188 | memset(dest, 0, MAX_TAG_SIZE); | ||
189 | *len = 0; | ||
190 | if (!HMAC(EVP_sha256(), key, KEYSIZE, claimbuf, fullsize, dest, len)) { | ||
191 | OPENSSL_cleanse(key, KEYSIZE); | ||
192 | die("Failed to generate tag"); | ||
193 | } | ||
194 | } | ||
195 | |||
196 | #define MAX_HEXTAG_STRLEN MAX_TAG_SIZE * 2 | ||
197 | |||
198 | void makehextag(const taginfo_t info, uint8_t key[KEYSIZE], char dest[MAX_HEXTAG_STRLEN + 1]) { | ||
199 | uint8_t rawtag[MAX_TAG_SIZE]; | ||
200 | uint32_t rawtag_len; | ||
201 | maketag(info, key, rawtag, &rawtag_len); | ||
202 | |||
203 | memset(dest, 0, MAX_HEXTAG_STRLEN + 1); | ||
204 | for (size_t i = 0; i < rawtag_len; i++) { | ||
205 | uint8_t b = rawtag[i]; | ||
206 | dest[i] = (b >> 4) + ((b >> 4) < 10 ? '0' : 'a'); | ||
207 | dest[i + 1] = (b & 0x0F) + ((b & 0x0F) < 10 ? '0' : 'a'); | ||
208 | } | ||
209 | } | ||
210 | |||
211 | int main(int argc, char *argv[]) { | ||
212 | if (argc != 3) { | ||
213 | puts(USAGE); | ||
214 | exit(EXIT_FAILURE); | ||
215 | } | ||
216 | |||
217 | const char *repopath = argv[1]; | ||
218 | const char *operation = argv[2]; | ||
219 | if (strcmp(operation, "download") && strcmp(operation, "upload")) { | ||
220 | puts(USAGE); | ||
221 | exit(EXIT_FAILURE); | ||
222 | } | ||
223 | checkrepopath(repopath); | ||
224 | |||
225 | const char *hrefbase = getenv("GITOLFS3_HREF_BASE"); | ||
226 | const char *keypath = getenv("GITOLFS3_KEY_PATH"); | ||
227 | |||
228 | if (!hrefbase || strlen(hrefbase) == 0) | ||
229 | die("Incomplete configuration: base URL not provided"); | ||
230 | if (hrefbase[strlen(hrefbase) - 1] != '/') | ||
231 | die("Bad configuration: base URL should end with slash"); | ||
232 | if (!keypath || strlen(keypath) == 0) | ||
233 | die("Incomplete configuration: key path not provided"); | ||
234 | |||
235 | uint8_t key[64]; | ||
236 | readkey(keypath, key); | ||
237 | |||
238 | int64_t expiresin_s = 5 * 60; | ||
239 | int64_t expiresat_s = (int64_t)time(NULL) + expiresin_s; | ||
240 | |||
241 | taginfo_t taginfo = { | ||
242 | .authtype = "git-lfs-authenticate", | ||
243 | .repopath = repopath, | ||
244 | .operation = operation, | ||
245 | .expiresat_s = expiresat_s, | ||
246 | }; | ||
247 | char hextag[MAX_HEXTAG_STRLEN + 1]; | ||
248 | makehextag(taginfo, key, hextag); | ||
249 | |||
250 | printf("{\"header\":{\"Authorization\":\"Gitolfs3-Hmac-Sha256 %s\"},\"expires_in\":%ld,\"href\":\"", hextag, expiresin_s); | ||
251 | printescjson(hrefbase); | ||
252 | printescjson(repopath); | ||
253 | printf("/info/lfs?p=1&te=%ld\"}\n", expiresat_s); | ||
254 | } | ||