apache.conf.in: include input byte count if available

[girocco.git] / bin / git-daemon-verify

#!/bin/sh
#
# Abort any fetch early if the fetch is invalid or times out.
# This avoids unnecessary traffic and unpacked object pollution.
#
# This script is called for fetch, archive and push.
# Push requests are outright rejected and so are paths starting with ~.

set -e

. @basedir@/shlib.sh

unset GIT_USER_AGENT
unset GIT_HTTP_USER_AGENT
if [ -n "$defined_cfg_git_server_ua" ]; then
        GIT_USER_AGENT="$cfg_git_server_ua"
        export GIT_USER_AGENT
        GIT_HTTP_USER_AGENT="$cfg_git_server_ua"
        export GIT_HTTP_USER_AGENT
fi

[ -z "$GIT_DAEMON_BIN" ] || cfg_git_daemon_bin="$GIT_DAEMON_BIN"
[ -n "$cfg_git_daemon_bin" ] || \
        cfg_git_daemon_bin="$var_git_exec_path/git-daemon"

errormsg()
{
        _l="$*"
        printf '%04xERR %s' $(( 8 + ${#_l} )) "$_l"
}

invalbaderr()
{
        errormsg "invalid or incomplete request"
}

invalerr()
{
        errormsg "invalid or unsupported request"
}

denied()
{
        errormsg "access denied or no such repository"
}

internalerr()
{
        echo "git-daemon-verify: $*" >&2
        errormsg "internal server error"
}

# A quick sanity check
if [ -z "$cfg_git_daemon_bin" ] || ! [ -x "$cfg_git_daemon_bin" ]; then
        internalerr "bad cfg_git_daemon_bin: $cfg_git_daemon_bin"
        exit 1
fi
case "$cfg_reporoot" in /?*) :;; *)
        internalerr "bad reporoot: $cfg_reporoot"
        exit 1
esac

PATH="$(dirname "$cfg_git_daemon_bin"):$PATH"
export PATH

if ! request="$("$cfg_basedir/bin/peek_packet")"; then
        invalbaderr
        exit 1
fi

# The request should look like one of the following
#
#   git-upload-pack /dir
#   git-upload-pack ~name/dir
#   git-upload-archive /dir
#   git-upload-archive ~name/dir
#   git-receive-pack /dir
#   git-receive-pack ~name/dir
#
# Where the '~' forms are relative to a user's home directory.
# A trailing '/' is optional as well as a final '.git'.
# git-receive-pack and paths starting with '~' are rejected outright.

type=
dir=
case "$request" in
        "git-upload-pack "*)    type='upload-pack';    dir="${request#git-upload-pack }";;
        "git-upload-archive "*) type='upload-archive'; dir="${request#git-upload-archive }";;
        "git-receive-pack "*)   type='receive-pack';   dir="${request#git-receive-pack }";;
        *)
                invalerr
                exit 1
esac
if [ "$type" = 'receive-pack' ]; then
        invalerr
        exit 1
fi
case "$dir" in /*) :;; *)
        invalerr
        exit 1
esac

# remove extraneous '/' chars
proj="${dir#/}"
proj="${proj%/}"
# add a missing .git
case "$proj" in
        *.git) :;;
        *)
                proj="$proj.git"
esac

# Reject any project names that start with _ or contain ..
case "$proj" in _*|*..*)
        denied
        exit 1
esac

reporoot="$cfg_reporoot"
dir="$reporoot/$proj"

# Valid project names never end in .git (we add that automagically), so a valid
# fork can never have .git at the end of any path component except the last.
# We check this to avoid a situation where a certain collection of pushed refs
# could be mistaken for a GIT_DIR.  Git would ultimately complain, but some
# undesirable things could happen along the way.

# Remove the leading $reporoot and trailing .git to get a test string
testpath="${dir#$reporoot/}"
testpath="${testpath%.git}"
case "$testpath/" in *.[Gg][Ii][Tt]/*|_*)
        denied
        exit 1
esac

if ! [ -d "$dir" ] || ! [ -f "$dir/HEAD" ] || ! [ -d "$dir/objects" ]; then
        denied
        exit 1
fi

[ -z "$var_upload_window" ] || [ "$type" != "upload-pack" ] || \
        git_add_config "pack.window=$var_upload_window"

exec "$cfg_git_daemon_bin" --inetd --verbose --export-all --enable=upload-archive --base-path="$cfg_reporoot"
internalerr "exec failed: $cfg_git_daemon_bin"
exit 1