search:
summary | log | graphiclog1 | graphiclog2 | commit | commitdiff | tree | refs | edit | fork
blame | history | raw | HEAD
Record user and project creation and recycle times.
[girocco.git] / Girocco / User.pm
blobd9222b5e7f9a731ef8f22fae25ea222089b8ed4d
1 package Girocco::User;
2
3 use strict;
4 use warnings;
5
6 use Digest::MD5 qw(md5);
7
8 use Girocco::Config;
9 use Girocco::CGI;
10 use Girocco::Util;
11 use Girocco::SSHUtil;
12
13 BEGIN {
14 eval {
15 require Digest::SHA;
16 Digest::SHA->import(
17 qw(sha1_hex)
18 );1} ||
19 eval {
20 require Digest::SHA1;
21 Digest::SHA1->import(
22 qw(sha1_hex)
23 );1} ||
24 eval {
25 require Digest::SHA::PurePerl;
26 Digest::SHA::PurePerl->import(
27 qw(sha1_hex)
28 );1} ||
29 die "One of Digest::SHA or Digest::SHA1 or Digest::SHA::PurePerl "
30 . "must be available\n";
31 }
32
33 sub _gen_uuid {
34 my $self = shift;
35
36 $self->{uuid} = '' unless $self->{uuid};
37 my @md5;
38 {
39 no warnings;
40 @md5 = unpack('C*', md5(time . $$ . rand() . join(':',%$self)));
41 }
42 $md5[6] = 0x40 | ($md5[6] & 0x0F); # Version 4 -- random
43 $md5[8] = 0x80 | ($md5[8] & 0x3F); # RFC 4122 specification
44 return sprintf(
45 '%02x%02x%02x%02x-%02x%02x-%02x%02x-%02x%02x-%02x%02x%02x%02x%02x%02x',
46 @md5);
47 }
48
49 sub _remove_ssh_leftovers {
50 my $self = shift;
51 system "rm -f '$Girocco::Config::chroot/etc/sshkeys/$self->{name}'";
52 system "rm -f '$Girocco::Config::chroot/etc/sshcerts/${Girocco::Config::nickname}_$self->{name}'_user_*.pem";
53 }
54
55 sub _passwd_add {
56 use POSIX qw(strftime);
57 my $self = shift;
58 my (undef, undef, $gid) = getgrnam($Girocco::Config::owning_group||'');
59 my $owngroupid = $gid ? $gid : 65534;
60 Girocco::User->load($self->{name}) and die "User $self->{name} already exists";
61 $self->{uuid} = $self->_gen_uuid;
62 my ($S,$M,$H,$d,$m,$y) = gmtime(time());
63 $self->{creationtime} = strftime("%Y%m%d_%H%M%S", $S, $M, $H, $d, $m, $y, -1, -1, -1);
64 my $email_uuid_etc = join ',', $self->{email}, $self->{uuid}, $self->{creationtime};
65 filedb_atomic_append(jailed_file('/etc/passwd'),
66 join(':', $self->{name}, 'x', '\i', $owngroupid, $email_uuid_etc, '/', '/bin/git-shell-verify'),
67 $self->{name});
68 $self->_remove_ssh_leftovers;
69 }
70
71 sub _passwd_update {
72 my $self = shift;
73 filedb_atomic_edit(jailed_file('/etc/passwd'),
74 sub {
75 $_ = $_[0];
76 chomp;
77 if ($self->{name} eq (split /:/)[0]) {
78 # preserve all but login name and first 2 fields of comment field
79 # creating a uuid (field 2 of comment field) if one is not already present
80 my @fields=split(/:/, $_, -1);
81 $fields[0] = $self->{name};
82 my @subfields = split(',', $fields[4]||'', -1);
83 $self->{uuid} = $subfields[1] || '';
84 $self->{uuid} or $self->{uuid} = $self->_gen_uuid;
85 $subfields[0] = $self->{email};
86 $subfields[1] = $self->{uuid};
87 $fields[4] = join(',', @subfields);
88 return join(':', @fields)."\n";
89 } else {
90 return "$_\n";
91 }
92 },
93 $self->{name}
94 );
95 }
96
97 sub _passwd_remove {
98 my $self = shift;
99 $self->_remove_ssh_leftovers;
100 filedb_atomic_edit(jailed_file('/etc/passwd'),
101 sub {
102 $self->{name} ne (split /:/)[0] and return $_;
103 },
104 $self->{name}
105 );
106 }
107
108 sub _sshkey_path {
109 my $self = shift;
110 '/etc/sshkeys/'.$self->{name};
111 }
112
113 sub _sshkey_load {
114 my $self = shift;
115 open F, '<', jailed_file($self->_sshkey_path) or die "sshkey load failed: $!";
116 my @keys = ();
117 my $auth = '';
118 my $authtype = '';
119 while (<F>) {
120 chomp;
121 if (/^ssh-(?:dss|rsa) /) {
122 push @keys, $_;
123 } elsif (/^# ([A-Z]+)AUTH ([0-9a-f]+) (\d+)/) {
124 my $expire = $3;
125 $auth = $2 unless (time >= $expire);
126 $authtype = $1 if $auth;
127 }
128 }
129 close F;
130 my $keys = join("\n", @keys); chomp $keys;
131 ($keys, $auth, $authtype);
132 }
133
134 sub _trimkeys {
135 my $keys = shift;
136 my @lines = ();
137 foreach (split /\r\n|\r|\n/, $keys) {
138 next if /^[ \t]*$/ || /^[ \t]*#/;
139 push(@lines, $_);
140 }
141 return join("\n", @lines);
142 }
143
144 sub _sshkey_save {
145 my $self = shift;
146 $self->{keys} = _trimkeys($self->{keys} || '');
147 open F, '>', jailed_file($self->_sshkey_path) or die "sshkey save failed: $!";
148 if (defined($self->{auth}) && $self->{auth}) {
149 my $expire = time + 24 * 3600;
150 my $typestr = $self->{authtype} ? uc($self->{authtype}) : 'REPO';
151 print F "# ${typestr}AUTH $self->{auth} $expire\n";
152 }
153 print F $self->{keys};
154 print F "\n" if $self->{keys};
155 close F;
156 chmod 0664, jailed_file($self->_sshkey_path);
157 }
158
159 # private constructor, do not use
160 sub _new {
161 my $class = shift;
162 my ($name) = @_;
163 Girocco::User::valid_name($name) or die "refusing to create user with invalid name ($name)!";
164 my $proj = { name => $name };
165
166 bless $proj, $class;
167 }
168
169 # public constructor #0
170 # creates a virtual user not connected to disk record
171 # you can conjure() it later to disk
172 sub ghost {
173 my $class = shift;
174 my ($name) = @_;
175 my $self = $class->_new($name);
176 $self;
177 }
178
179 # public constructor #1
180 sub load {
181 my $class = shift;
182 my ($name) = @_;
183
184 open F, '<', jailed_file("/etc/passwd") or die "user load failed: $!";
185 while (<F>) {
186 chomp;
187 @_ = split /:/;
188 next unless (shift eq $name);
189
190 my $self = $class->_new($name);
191
192 my $email_uuid_etc;
193 (undef, $self->{uid}, undef, $email_uuid_etc) = @_;
194 ($self->{keys}, $self->{auth}, $self->{authtype}) = $self->_sshkey_load;
195 ($self->{email}, $self->{uuid}, $self->{creationtime}) = split ',', $email_uuid_etc;
196
197 close F;
198 $self->{uuid} or $self->_passwd_update;
199 return $self;
200 }
201 close F;
202 undef;
203 }
204
205 # public constructor #2
206 sub load_by_uid {
207 my $class = shift;
208 my ($uid) = @_;
209
210 open F, '<', jailed_file("/etc/passwd") or die "user load failed: $!";
211 while (<F>) {
212 chomp;
213 @_ = split /:/;
214 next unless ($_[2] eq $uid);
215
216 my $self = $class->_new($_[0]);
217
218 my $email_uuid_etc;
219 (undef, undef, $self->{uid}, undef, $email_uuid_etc) = @_;
220 ($self->{keys}, $self->{auth}, $self->{authtype}) = $self->_sshkey_load;
221 ($self->{email}, $self->{uuid}, $self->{creationtime}) = split ',', $email_uuid_etc;
222
223 close F;
224 $self->{uuid} or $self->_passwd_update;
225 return $self;
226 }
227 close F;
228 undef;
229 }
230
231 # $user may not be in sane state if this returns false!
232 sub cgi_fill {
233 my $self = shift;
234 my ($gcgi) = @_;
235 my $cgi = $gcgi->cgi;
236
237 $self->{name} = $gcgi->wparam('name');
238 Girocco::User::valid_name($self->{name})
239 or $gcgi->err("Name contains invalid characters.");
240
241 length($self->{name}) <= 64
242 or $gcgi->err("Your user name is longer than 64 characters. Do you really need that much?");
243
244 $self->{email} = $gcgi->wparam('email');
245 valid_email($self->{email})
246 or $gcgi->err("Your email sure looks weird...?");
247 length($self->{email}) <= 96
248 or $gcgi->err("Your email is longer than 96 characters. Do you really need that much?");
249
250 $self->keys_fill($gcgi);
251 }
252
253 sub update_email {
254 my $self = shift;
255 my $gcgi = shift;
256 my $email = shift || '';
257
258 if (valid_email($email)) {
259 $self->{email} = $email;
260 $self->_passwd_update;
261 } else {
262 $gcgi->err("Your email sure looks weird...?");
263 }
264
265 not $gcgi->err_check;
266 }
267
268 sub _checkkey {
269 my $key = shift;
270 my ($type, $bits, $fingerprint, $comment) = sshpub_validate($key);
271 return $type ? 1 : 0;
272 }
273
274 sub keys_fill {
275 my $self = shift;
276 my ($gcgi) = @_;
277 my $cgi = $gcgi->cgi;
278
279 $self->{keys} = _trimkeys($cgi->param('keys'));
280 length($self->{keys}) <= 4096
281 or $gcgi->err("The list of keys is more than 4kb. Do you really need that much?");
282 foreach my $key (split /\r?\n/, $self->{keys}) {
283 my ($type, $bits, $fingerprint, $comment);
284 ($type, $bits, $fingerprint, $comment) = sshpub_validate($key)
285 if $key =~ /^ssh-(?:dss|rsa) [0-9A-Za-z+\/=]+ \S+@\S+$/;
286 if (!$type) {
287 my $keyval = CGI::escapeHTML($key);
288 my $dsablurb = '';
289 $dsablurb = ' or ssh-dss' unless $Girocco::Config::disable_dsa;
290 $gcgi->err(<<EOT);
291 Your ssh key ("$keyval") appears to have an invalid format
292 (does not start with ssh-rsa$dsablurb or does not end with <tt>\@</tt>-identifier) -
293 maybe your browser has split a single key onto multiple lines?
294 EOT
295 } elsif ($Girocco::Config::disable_dsa && $type eq 'ssh-dss') {
296 my $keyval = CGI::escapeHTML($key);
297 $gcgi->err(<<EOT);
298 Your ssh key ("$keyval") appears to be of type dsa but only rsa keys are
299 supported - please generate an rsa key (starts with ssh-rsa) and try again
300 EOT
301 } elsif ($Girocco::Config::min_key_length && $bits < $Girocco::Config::min_key_length) {
302 my $keyval = CGI::escapeHTML($key);
303 $gcgi->err(<<EOT);
304 Your ssh key ("$keyval") appears to have only $bits bit(s) but at least
305 $Girocco::Config::min_key_length are required - please generate a longer key
306 EOT
307 }
308 }
309
310 not $gcgi->err_check;
311 }
312
313 sub keys_save {
314 my $self = shift;
315
316 $self->_sshkey_save;
317 }
318
319 sub keys_html_list {
320 my $self = shift;
321 my @keys = split(/\r?\n/, $self->{keys});
322 return '' if !@keys;
323 my $html = "<ol>\n";
324 my %types = ('ssh-dss' => 'DSA', 'ssh-rsa' => 'RSA');
325 my $line = 0;
326 foreach (@keys) {
327 ++$line;
328 my ($type, $bits, $fingerprint, $comment) = sshpub_validate($_);
329 next unless $type && $types{$type};
330 my $euser = CGI::escapeHTML(CGI::Util::escape($self->{name}));
331 $html .= "<li>$bits <tt>$fingerprint</tt> ($types{$type}) $comment";
332 $html .= "<br /><a target=\"_blank\" ".
333 "href=\"@{[url_path($Girocco::Config::webadmurl)]}/usercert.cgi/$euser/$line/".
334 $Girocco::Config::nickname."_${euser}_user_$line.pem\">".
335 "download https push user authentication certificate</a> <sup>".
336 "<a target=\"_blank\" href=\"@{[url_path($Girocco::Config::htmlurl)]}/httpspush.html\">".
337 "(learn more)</a></sup>"
338 if $type eq 'ssh-rsa' && $Girocco::Config::httpspushurl &&
339 $Girocco::Config::clientcert &&
340 $Girocco::Config::clientkey;
341 $html .= "</li>\n";
342 }
343 $html .= "</ol>\n";
344 return $html;
345 }
346
347 sub gen_auth {
348 my $self = shift;
349 my ($type) = @_;
350 $type = 'REPO' unless $type && $type =~ /^[A-Z]+$/;
351
352 $self->{authtype} = $type;
353 $self->{auth} = sha1_hex(time . $$ . rand() . $self->{keys});
354 $self->_sshkey_save;
355 $self->{auth};
356 }
357
358 sub del_auth {
359 my $self = shift;
360
361 delete $self->{auth};
362 delete $self->{authtype};
363 }
364
365 sub get_projects {
366 my $self = shift;
367
368 return @{$self->{projects}} if defined($self->{projects});
369 my @projects = filedb_atomic_grep(jailed_file('/etc/group'),
370 sub {
371 $_ = $_[0];
372 chomp;
373 my ($group, $users) = (split /:/)[0,3];
374 $group if $users && $users =~ /(^|,)\Q$self->{name}\E(,|$)/;
375 }
376 );
377 $self->{projects} = \@projects;
378 @{$self->{projects}};
379 }
380
381 sub conjure {
382 my $self = shift;
383
384 $self->_passwd_add;
385 $self->_sshkey_save;
386 }
387
388 sub remove {
389 my $self = shift;
390
391 require Girocco::Project;
392 foreach ($self->get_projects) {
393 if (Girocco::Project::does_exist($_)) {
394 my $project = Girocco::Project->load($_);
395 $project->update if $project->remove_user($self->{name});
396 }
397 }
398
399 $self->_passwd_remove;
400 }
401
402 ### static methods
403
404 sub valid_name {
405 $_ = $_[0];
406 /^[a-zA-Z0-9][a-zA-Z0-9+._-]*$/;
407 }
408
409 sub does_exist {
410 my ($name) = @_;
411 Girocco::User::valid_name($name) or die "tried to query for user with invalid name $name!";
412 (-e jailed_file("/etc/sshkeys/$name"));
413 }
414
415 sub resolve_uid {
416 my ($name) = @_;
417 $Girocco::Config::chrooted and undef; # TODO for ACLs within chroot
418 scalar(getpwnam($name));
419 }
420
421
422 1;
The repo.or.cz duct tape "Girocco"