Girocco/User.pm

   1 package Girocco::User;
   2
   3 use strict;
   4 use warnings;
   5
   6 use Digest::MD5 qw(md5);
   7
   8 use Girocco::Config;
   9 use Girocco::CGI;
  10 use Girocco::Util;
  11 use Girocco::SSHUtil;
  12
  13 BEGIN {
  14         eval {
  15                 require Digest::SHA;
  16                 Digest::SHA->import(
  17                         qw(sha1_hex)
  18         );1} ||
  19         eval {
  20                 require Digest::SHA1;
  21                 Digest::SHA1->import(
  22                         qw(sha1_hex)
  23         );1} ||
  24         eval {
  25                 require Digest::SHA::PurePerl;
  26                 Digest::SHA::PurePerl->import(
  27                         qw(sha1_hex)
  28         );1} ||
  29         die "One of Digest::SHA or Digest::SHA1 or Digest::SHA::PurePerl "
  30         . "must be available\n";
  31 }
  32
  33 sub _gen_uuid {
  34         my $self = shift;
  35
  36         my @md5 = unpack('C*', md5(time . $$ . rand() . join(':',%$self)));
  37         $md5[6] = 0x40 | ($md5[6] & 0x0F); # Version 4 -- random
  38         $md5[8] = 0x80 | ($md5[8] & 0x3F); # RFC 4122 specification
  39         return sprintf(
  40                 '%02x%02x%02x%02x-%02x%02x-%02x%02x-%02x%02x-%02x%02x%02x%02x%02x%02x',
  41                 @md5);
  42 }
  43
  44 sub _passwd_add {
  45         my $self = shift;
  46         my (undef, undef, $gid) = getgrnam($Girocco::Config::owning_group||'');
  47         my $owngroupid = $gid ? $gid : 65534;
  48         Girocco::User->load($self->{name}) and die "User $self->{name} already exists";
  49         $self->{uuid} = $self->_gen_uuid;
  50         my $email_uuid = join ',', $self->{email}, $self->{uuid};
  51         filedb_atomic_append(jailed_file('/etc/passwd'),
  52                 join(':', $self->{name}, 'x', '\i', $owngroupid, $email_uuid, '/', '/bin/git-shell-verify'));
  53 }
  54
  55 sub _passwd_update {
  56         my $self = shift;
  57         filedb_atomic_edit(jailed_file('/etc/passwd'),
  58                 sub {
  59                         $_ = $_[0];
  60                         chomp;
  61                         if ($self->{name} eq (split /:/)[0]) {
  62                                 # preserve all but login name and comment field
  63                                 my @fields=split(/:/, $_, -1);
  64                                 $fields[0] = $self->{name};
  65                                 $self->{uuid} = (split(',', $fields[4]))[1] || '';
  66                                 $self->{uuid} or $self->{uuid} = $self->_gen_uuid;
  67                                 $fields[4] = join(',', $self->{email}, $self->{uuid});
  68                                 return join(':', @fields)."\n";
  69                         } else {
  70                                 return "$_\n";
  71                         }
  72                 }
  73         );
  74 }
  75
  76 sub _sshkey_path {
  77         my $self = shift;
  78         '/etc/sshkeys/'.$self->{name};
  79 }
  80
  81 sub _sshkey_load {
  82         my $self = shift;
  83         open F, "<".jailed_file($self->_sshkey_path) or die "sshkey load failed: $!";
  84         my @keys;
  85         my $auth;
  86         while (<F>) {
  87                 chomp;
  88                 if (/^ssh-(?:dss|rsa) /) {
  89                         push @keys, $_;
  90                 } elsif (/^# REPOAUTH ([0-9a-f]+) (\d+)/) {
  91                         my $expire = $2;
  92                         $auth = $1 unless (time >= $expire);
  93                 }
  94         }
  95         close F;
  96         my $keys = join("\n", @keys); chomp $keys;
  97         ($keys, $auth);
  98 }
  99
 100 sub _sshkey_save {
 101         my $self = shift;
 102         open F, ">".jailed_file($self->_sshkey_path) or die "sshkey failed: $!";
 103         if (defined($self->{auth}) && $self->{auth}) {
 104                 my $expire = time + 24 * 3600;
 105                 print F "# REPOAUTH $self->{auth} $expire\n";
 106         }
 107         print F $self->{keys}."\n";
 108         close F;
 109         chmod 0664, jailed_file($self->_sshkey_path);
 110 }
 111
 112 # private constructor, do not use
 113 sub _new {
 114         my $class = shift;
 115         my ($name) = @_;
 116         Girocco::User::valid_name($name) or die "refusing to create user with invalid name ($name)!";
 117         my $proj = { name => $name };
 118
 119         bless $proj, $class;
 120 }
 121
 122 # public constructor #0
 123 # creates a virtual user not connected to disk record
 124 # you can conjure() it later to disk
 125 sub ghost {
 126         my $class = shift;
 127         my ($name) = @_;
 128         my $self = $class->_new($name);
 129         $self;
 130 }
 131
 132 # public constructor #1
 133 sub load {
 134         my $class = shift;
 135         my ($name) = @_;
 136
 137         open F, jailed_file("/etc/passwd") or die "user load failed: $!";
 138         while (<F>) {
 139                 chomp;
 140                 @_ = split /:/;
 141                 next unless (shift eq $name);
 142
 143                 my $self = $class->_new($name);
 144
 145                 my $email_uuid;
 146                 (undef, $self->{uid}, undef, $email_uuid) = @_;
 147                 ($self->{keys}, $self->{auth}) = $self->_sshkey_load;
 148                 ($self->{email}, $self->{uuid}) = split ',', $email_uuid;
 149
 150                 close F;
 151                 $self->{uuid} or $self->_passwd_update;
 152                 return $self;
 153         }
 154         close F;
 155         undef;
 156 }
 157
 158 # public constructor #2
 159 sub load_by_uid {
 160         my $class = shift;
 161         my ($uid) = @_;
 162
 163         open F, jailed_file("/etc/passwd") or die "user load failed: $!";
 164         while (<F>) {
 165                 chomp;
 166                 @_ = split /:/;
 167                 next unless ($_[2] eq $uid);
 168
 169                 my $self = $class->_new($_[0]);
 170
 171                 my $email_uuid;
 172                 (undef, undef, $self->{uid}, undef, $email_uuid) = @_;
 173                 ($self->{keys}, $self->{auth}) = $self->_sshkey_load;
 174                 ($self->{email}, $self->{uuid}) = split ',', $email_uuid;
 175
 176                 close F;
 177                 $self->{uuid} or $self->_passwd_update;
 178                 return $self;
 179         }
 180         close F;
 181         undef;
 182 }
 183
 184 # $user may not be in sane state if this returns false!
 185 sub cgi_fill {
 186         my $self = shift;
 187         my ($gcgi) = @_;
 188         my $cgi = $gcgi->cgi;
 189
 190         $self->{name} = $gcgi->wparam('name');
 191         Girocco::User::valid_name($self->{name})
 192                 or $gcgi->err("Name contains invalid characters.");
 193
 194         $self->{email} = $gcgi->wparam('email');
 195         valid_email($self->{email})
 196                 or $gcgi->err("Your email sure looks weird...?");
 197
 198         $self->keys_fill($gcgi);
 199 }
 200
 201 sub _trimkeys {
 202         my $keys = shift;
 203         my @lines = ();
 204         foreach (split /\r\n|\r|\n/, $keys) {
 205                 next if /^[ \t]*$/ || /^[ \t]*#/;
 206                 push(@lines, $_);
 207         }
 208         return join("\n", @lines);
 209 }
 210
 211 sub update_email {
 212         my $self = shift;
 213         my $gcgi = shift;
 214         my $email = shift || '';
 215
 216         if (valid_email($email)) {
 217                 $self->{email} = $email;
 218                 $self->_passwd_update;
 219         } else {
 220                 $gcgi->err("Your email sure looks weird...?");
 221         }
 222
 223         not $gcgi->err_check;
 224 }
 225
 226 sub _checkkey {
 227         my $key = shift;
 228         my ($type, $bits, $fingerprint, $comment) = sshpub_validate($key);
 229         return $type ? 1 : 0;
 230 }
 231
 232 sub keys_fill {
 233         my $self = shift;
 234         my ($gcgi) = @_;
 235         my $cgi = $gcgi->cgi;
 236
 237         $self->{keys} = _trimkeys($cgi->param('keys'));
 238         length($self->{keys}) <= 4096
 239                 or $gcgi->err("The list of keys is more than 4kb. Do you really need that much?");
 240         foreach (split /\r?\n/, $self->{keys}) {
 241                 my $keyval;
 242                 /^ssh-(?:dss|rsa) [0-9A-Za-z+\/=]+ \S+@\S+$/ && _checkkey($_)
 243                         or $keyval=CGI::escapeHTML($_),$gcgi->err(<<EOT);
 244 Your ssh key ("$keyval") appears to have an invalid format
 245 (does not start with ssh-dss or ssh-rsa or does not end with <tt>\@</tt>-identifier) -
 246 maybe your browser has split a single key onto multiple lines?
 247 EOT
 248         }
 249
 250         not $gcgi->err_check;
 251 }
 252
 253 sub keys_save {
 254         my $self = shift;
 255
 256         $self->_sshkey_save;
 257 }
 258
 259 sub keys_html_list {
 260         my $self = shift;
 261         my @keys = split(/\r?\n/, $self->{keys});
 262         return '' if !@keys;
 263         my $html = "<ol>\n";
 264         my %types = ('ssh-dss' => 'DSA', 'ssh-rsa' => 'RSA');
 265         my $line = 0;
 266         foreach (@keys) {
 267                 ++$line;
 268                 my ($type, $bits, $fingerprint, $comment) = sshpub_validate($_);
 269                 next unless $type && $types{$type};
 270                 my $euser = CGI::escapeHTML(CGI::Util::escape($self->{name}));
 271                 $html .= "<li>$bits <tt>$fingerprint</tt> ($types{$type}) $comment";
 272                 $html .= "<br /><a target=\"_blank\" href=\"/usercert.cgi/$euser/$line/".
 273                         $Girocco::Config::nickname."_${euser}_user_$line.pem\">".
 274                         "download https push user authentication certificate</a> <sup>".
 275                         "<a target=\"_blank\" href=\"$Girocco::Config::htmlurl/httpspush.html\">".
 276                         "(learn more)</a></sup>"
 277                         if $type eq 'ssh-rsa' && $Girocco::Config::httpspushurl &&
 278                                 $Girocco::Config::clientcert &&
 279                                 $Girocco::Config::clientkey;
 280                 $html .= "</li>\n";
 281         }
 282         $html .= "</ol>\n";
 283         return $html;
 284 }
 285
 286 sub gen_auth {
 287         my $self = shift;
 288
 289         $self->{auth} = sha1_hex(time . $$ . rand() . $self->{keys});
 290         $self->_sshkey_save;
 291         $self->{auth};
 292 }
 293
 294 sub del_auth {
 295         my $self = shift;
 296
 297         delete $self->{auth};
 298 }
 299
 300 sub conjure {
 301         my $self = shift;
 302
 303         $self->_passwd_add;
 304         $self->_sshkey_save;
 305 }
 306
 307 ### static methods
 308
 309 sub valid_name {
 310         $_ = $_[0];
 311         /^[a-zA-Z0-9+._-]+$/;
 312 }
 313
 314 sub does_exist {
 315         my ($name) = @_;
 316         Girocco::User::valid_name($name) or die "tried to query for user with invalid name $name!";
 317         (-e jailed_file("/etc/sshkeys/$name"));
 318 }
 319
 320 sub resolve_uid {
 321         my ($name) = @_;
 322         $Girocco::Config::chrooted and undef; # TODO for ACLs within chroot
 323         scalar(getpwnam($name));
 324 }
 325
 326
 327 1;