4 #include "run-command.h"
6 #include "string-list.h"
9 #define initgroups(x, y) (0) /* nothing */
12 static int log_syslog
;
15 static int informative_errors
;
17 static const char daemon_usage
[] =
18 "git daemon [--verbose] [--syslog] [--export-all]\n"
19 " [--timeout=<n>] [--init-timeout=<n>] [--max-connections=<n>]\n"
20 " [--strict-paths] [--base-path=<path>] [--base-path-relaxed]\n"
21 " [--user-path | --user-path=<path>]\n"
22 " [--interpolated-path=<path>]\n"
23 " [--reuseaddr] [--pid-file=<file>]\n"
24 " [--(enable|disable|allow-override|forbid-override)=<service>]\n"
25 " [--access-hook=<path>]\n"
26 " [--inetd | [--listen=<host_or_ipaddr>] [--port=<n>]\n"
27 " [--detach] [--user=<user> [--group=<group>]]\n"
30 /* List of acceptable pathname prefixes */
31 static const char **ok_paths
;
32 static int strict_paths
;
34 /* If this is set, git-daemon-export-ok is not required */
35 static int export_all_trees
;
37 /* Take all paths relative to this one if non-NULL */
38 static const char *base_path
;
39 static const char *interpolated_path
;
40 static int base_path_relaxed
;
42 /* If defined, ~user notation is allowed and the string is inserted
43 * after ~user/. E.g. a request to git://host/~alice/frotz would
44 * go to /home/alice/pub_git/frotz with --user-path=pub_git.
46 static const char *user_path
;
48 /* Timeout, and initial timeout */
49 static unsigned int timeout
;
50 static unsigned int init_timeout
;
53 struct strbuf hostname
;
54 struct strbuf canon_hostname
;
55 struct strbuf ip_address
;
56 struct strbuf tcp_port
;
57 unsigned int hostname_lookup_done
:1;
58 unsigned int saw_extended_args
:1;
61 static void lookup_hostname(struct hostinfo
*hi
);
63 static const char *get_canon_hostname(struct hostinfo
*hi
)
66 return hi
->canon_hostname
.buf
;
69 static const char *get_ip_address(struct hostinfo
*hi
)
72 return hi
->ip_address
.buf
;
75 static void logreport(int priority
, const char *err
, va_list params
)
79 vsnprintf(buf
, sizeof(buf
), err
, params
);
80 syslog(priority
, "%s", buf
);
83 * Since stderr is set to buffered mode, the
84 * logging of different processes will not overlap
85 * unless they overflow the (rather big) buffers.
87 fprintf(stderr
, "[%"PRIuMAX
"] ", (uintmax_t)getpid());
88 vfprintf(stderr
, err
, params
);
94 __attribute__((format (printf
, 1, 2)))
95 static void logerror(const char *err
, ...)
98 va_start(params
, err
);
99 logreport(LOG_ERR
, err
, params
);
103 __attribute__((format (printf
, 1, 2)))
104 static void loginfo(const char *err
, ...)
109 va_start(params
, err
);
110 logreport(LOG_INFO
, err
, params
);
114 static void NORETURN
daemon_die(const char *err
, va_list params
)
116 logreport(LOG_ERR
, err
, params
);
120 struct expand_path_context
{
121 const char *directory
;
122 struct hostinfo
*hostinfo
;
125 static size_t expand_path(struct strbuf
*sb
, const char *placeholder
, void *ctx
)
127 struct expand_path_context
*context
= ctx
;
128 struct hostinfo
*hi
= context
->hostinfo
;
130 switch (placeholder
[0]) {
132 strbuf_addbuf(sb
, &hi
->hostname
);
135 if (placeholder
[1] == 'H') {
136 strbuf_addstr(sb
, get_canon_hostname(hi
));
141 if (placeholder
[1] == 'P') {
142 strbuf_addstr(sb
, get_ip_address(hi
));
147 strbuf_addbuf(sb
, &hi
->tcp_port
);
150 strbuf_addstr(sb
, context
->directory
);
156 static const char *path_ok(const char *directory
, struct hostinfo
*hi
)
158 static char rpath
[PATH_MAX
];
159 static char interp_path
[PATH_MAX
];
166 if (daemon_avoid_alias(dir
)) {
167 logerror("'%s': aliased", dir
);
173 logerror("'%s': User-path not allowed", dir
);
177 /* Got either "~alice" or "~alice/foo";
178 * rewrite them to "~alice/%s" or
181 int namlen
, restlen
= strlen(dir
);
182 const char *slash
= strchr(dir
, '/');
184 slash
= dir
+ restlen
;
185 namlen
= slash
- dir
;
187 loginfo("userpath <%s>, request <%s>, namlen %d, restlen %d, slash <%s>", user_path
, dir
, namlen
, restlen
, slash
);
188 rlen
= snprintf(rpath
, sizeof(rpath
), "%.*s/%s%.*s",
189 namlen
, dir
, user_path
, restlen
, slash
);
190 if (rlen
>= sizeof(rpath
)) {
191 logerror("user-path too large: %s", rpath
);
197 else if (interpolated_path
&& hi
->saw_extended_args
) {
198 struct strbuf expanded_path
= STRBUF_INIT
;
199 struct expand_path_context context
;
201 context
.directory
= directory
;
202 context
.hostinfo
= hi
;
205 /* Allow only absolute */
206 logerror("'%s': Non-absolute path denied (interpolated-path active)", dir
);
210 strbuf_expand(&expanded_path
, interpolated_path
,
211 expand_path
, &context
);
213 rlen
= strlcpy(interp_path
, expanded_path
.buf
,
214 sizeof(interp_path
));
215 if (rlen
>= sizeof(interp_path
)) {
216 logerror("interpolated path too large: %s",
221 strbuf_release(&expanded_path
);
222 loginfo("Interpolated dir '%s'", interp_path
);
226 else if (base_path
) {
228 /* Allow only absolute */
229 logerror("'%s': Non-absolute path denied (base-path active)", dir
);
232 rlen
= snprintf(rpath
, sizeof(rpath
), "%s%s", base_path
, dir
);
233 if (rlen
>= sizeof(rpath
)) {
234 logerror("base-path too large: %s", rpath
);
240 path
= enter_repo(dir
, strict_paths
);
241 if (!path
&& base_path
&& base_path_relaxed
) {
243 * if we fail and base_path_relaxed is enabled, try without
244 * prefixing the base path
247 path
= enter_repo(dir
, strict_paths
);
251 logerror("'%s' does not appear to be a git repository", dir
);
255 if ( ok_paths
&& *ok_paths
) {
257 int pathlen
= strlen(path
);
259 /* The validation is done on the paths after enter_repo
260 * appends optional {.git,.git/.git} and friends, but
261 * it does not use getcwd(). So if your /pub is
262 * a symlink to /mnt/pub, you can whitelist /pub and
263 * do not have to say /mnt/pub.
266 for ( pp
= ok_paths
; *pp
; pp
++ ) {
267 int len
= strlen(*pp
);
268 if (len
<= pathlen
&&
269 !memcmp(*pp
, path
, len
) &&
270 (path
[len
] == '\0' ||
271 (!strict_paths
&& path
[len
] == '/')))
276 /* be backwards compatible */
281 logerror("'%s': not in whitelist", path
);
282 return NULL
; /* Fallthrough. Deny by default */
285 typedef int (*daemon_service_fn
)(const struct argv_array
*env
);
286 struct daemon_service
{
288 const char *config_name
;
289 daemon_service_fn fn
;
294 static int daemon_error(const char *dir
, const char *msg
)
296 if (!informative_errors
)
297 msg
= "access denied or repository not exported";
298 packet_write_fmt(1, "ERR %s: %s", msg
, dir
);
302 static const char *access_hook
;
304 static int run_access_hook(struct daemon_service
*service
, const char *dir
,
305 const char *path
, struct hostinfo
*hi
)
307 struct child_process child
= CHILD_PROCESS_INIT
;
308 struct strbuf buf
= STRBUF_INIT
;
310 const char **arg
= argv
;
314 *arg
++ = access_hook
;
315 *arg
++ = service
->name
;
317 *arg
++ = hi
->hostname
.buf
;
318 *arg
++ = get_canon_hostname(hi
);
319 *arg
++ = get_ip_address(hi
);
320 *arg
++ = hi
->tcp_port
.buf
;
328 if (start_command(&child
)) {
329 logerror("daemon access hook '%s' failed to start",
333 if (strbuf_read(&buf
, child
.out
, 0) < 0) {
334 logerror("failed to read from pipe to daemon access hook '%s'",
339 if (close(child
.out
) < 0) {
340 logerror("failed to close pipe to daemon access hook '%s'",
344 if (finish_command(&child
))
348 strbuf_release(&buf
);
355 strbuf_addstr(&buf
, "service rejected");
356 eol
= strchr(buf
.buf
, '\n');
360 daemon_error(dir
, buf
.buf
);
361 strbuf_release(&buf
);
365 static int run_service(const char *dir
, struct daemon_service
*service
,
366 struct hostinfo
*hi
, const struct argv_array
*env
)
369 int enabled
= service
->enabled
;
370 struct strbuf var
= STRBUF_INIT
;
372 loginfo("Request %s for '%s'", service
->name
, dir
);
374 if (!enabled
&& !service
->overridable
) {
375 logerror("'%s': service not enabled.", service
->name
);
377 return daemon_error(dir
, "service not enabled");
380 if (!(path
= path_ok(dir
, hi
)))
381 return daemon_error(dir
, "no such repository");
384 * Security on the cheap.
386 * We want a readable HEAD, usable "objects" directory, and
387 * a "git-daemon-export-ok" flag that says that the other side
388 * is ok with us doing this.
390 * path_ok() uses enter_repo() and does whitelist checking.
391 * We only need to make sure the repository is exported.
394 if (!export_all_trees
&& access("git-daemon-export-ok", F_OK
)) {
395 logerror("'%s': repository not exported.", path
);
397 return daemon_error(dir
, "repository not exported");
400 if (service
->overridable
) {
401 strbuf_addf(&var
, "daemon.%s", service
->config_name
);
402 git_config_get_bool(var
.buf
, &enabled
);
403 strbuf_release(&var
);
406 logerror("'%s': service not enabled for '%s'",
407 service
->name
, path
);
409 return daemon_error(dir
, "service not enabled");
413 * Optionally, a hook can choose to deny access to the
414 * repository depending on the phase of the moon.
416 if (access_hook
&& run_access_hook(service
, dir
, path
, hi
))
420 * We'll ignore SIGTERM from now on, we have a
423 signal(SIGTERM
, SIG_IGN
);
425 return service
->fn(env
);
428 static void copy_to_log(int fd
)
430 struct strbuf line
= STRBUF_INIT
;
433 fp
= fdopen(fd
, "r");
435 logerror("fdopen of error channel failed");
440 while (strbuf_getline_lf(&line
, fp
) != EOF
) {
441 logerror("%s", line
.buf
);
442 strbuf_setlen(&line
, 0);
445 strbuf_release(&line
);
449 static int run_service_command(struct child_process
*cld
)
451 argv_array_push(&cld
->args
, ".");
454 if (start_command(cld
))
460 copy_to_log(cld
->err
);
462 return finish_command(cld
);
465 static int upload_pack(const struct argv_array
*env
)
467 struct child_process cld
= CHILD_PROCESS_INIT
;
468 argv_array_pushl(&cld
.args
, "upload-pack", "--strict", NULL
);
469 argv_array_pushf(&cld
.args
, "--timeout=%u", timeout
);
471 argv_array_pushv(&cld
.env_array
, env
->argv
);
473 return run_service_command(&cld
);
476 static int upload_archive(const struct argv_array
*env
)
478 struct child_process cld
= CHILD_PROCESS_INIT
;
479 argv_array_push(&cld
.args
, "upload-archive");
481 argv_array_pushv(&cld
.env_array
, env
->argv
);
483 return run_service_command(&cld
);
486 static int receive_pack(const struct argv_array
*env
)
488 struct child_process cld
= CHILD_PROCESS_INIT
;
489 argv_array_push(&cld
.args
, "receive-pack");
491 argv_array_pushv(&cld
.env_array
, env
->argv
);
493 return run_service_command(&cld
);
496 static struct daemon_service daemon_service
[] = {
497 { "upload-archive", "uploadarch", upload_archive
, 0, 1 },
498 { "upload-pack", "uploadpack", upload_pack
, 1, 1 },
499 { "receive-pack", "receivepack", receive_pack
, 0, 1 },
502 static void enable_service(const char *name
, int ena
)
505 for (i
= 0; i
< ARRAY_SIZE(daemon_service
); i
++) {
506 if (!strcmp(daemon_service
[i
].name
, name
)) {
507 daemon_service
[i
].enabled
= ena
;
511 die("No such service %s", name
);
514 static void make_service_overridable(const char *name
, int ena
)
517 for (i
= 0; i
< ARRAY_SIZE(daemon_service
); i
++) {
518 if (!strcmp(daemon_service
[i
].name
, name
)) {
519 daemon_service
[i
].overridable
= ena
;
523 die("No such service %s", name
);
526 static void parse_host_and_port(char *hostport
, char **host
,
529 if (*hostport
== '[') {
532 end
= strchr(hostport
, ']');
534 die("Invalid request ('[' without ']')");
536 *host
= hostport
+ 1;
539 else if (end
[1] == ':')
542 die("Garbage after end of host part");
545 *port
= strrchr(hostport
, ':');
554 * Sanitize a string from the client so that it's OK to be inserted into a
555 * filesystem path. Specifically, we disallow slashes, runs of "..", and
556 * trailing and leading dots, which means that the client cannot escape
557 * our base path via ".." traversal.
559 static void sanitize_client(struct strbuf
*out
, const char *in
)
564 if (*in
== '.' && (!out
->len
|| out
->buf
[out
->len
- 1] == '.'))
566 strbuf_addch(out
, *in
);
569 while (out
->len
&& out
->buf
[out
->len
- 1] == '.')
570 strbuf_setlen(out
, out
->len
- 1);
574 * Like sanitize_client, but we also perform any canonicalization
575 * to make life easier on the admin.
577 static void canonicalize_client(struct strbuf
*out
, const char *in
)
579 sanitize_client(out
, in
);
584 * Read the host as supplied by the client connection.
586 * Returns a pointer to the character after the NUL byte terminating the host
587 * arguemnt, or 'extra_args' if there is no host arguemnt.
589 static char *parse_host_arg(struct hostinfo
*hi
, char *extra_args
, int buflen
)
593 char *end
= extra_args
+ buflen
;
595 if (extra_args
< end
&& *extra_args
) {
596 hi
->saw_extended_args
= 1;
597 if (strncasecmp("host=", extra_args
, 5) == 0) {
598 val
= extra_args
+ 5;
599 vallen
= strlen(val
) + 1;
600 loginfo("Extended attribute \"host\": %s", val
);
602 /* Split <host>:<port> at colon. */
605 parse_host_and_port(val
, &host
, &port
);
607 sanitize_client(&hi
->tcp_port
, port
);
608 canonicalize_client(&hi
->hostname
, host
);
609 hi
->hostname_lookup_done
= 0;
612 /* On to the next one */
613 extra_args
= val
+ vallen
;
615 if (extra_args
< end
&& *extra_args
)
616 die("Invalid request");
622 static void parse_extra_args(struct hostinfo
*hi
, struct argv_array
*env
,
623 char *extra_args
, int buflen
)
625 const char *end
= extra_args
+ buflen
;
626 struct strbuf git_protocol
= STRBUF_INIT
;
628 /* First look for the host argument */
629 extra_args
= parse_host_arg(hi
, extra_args
, buflen
);
631 /* Look for additional arguments places after a second NUL byte */
632 for (; extra_args
< end
; extra_args
+= strlen(extra_args
) + 1) {
633 const char *arg
= extra_args
;
636 * Parse the extra arguments, adding most to 'git_protocol'
637 * which will be used to set the 'GIT_PROTOCOL' envvar in the
638 * service that will be run.
640 * If there ends up being a particular arg in the future that
641 * git-daemon needs to parse specificly (like the 'host' arg)
642 * then it can be parsed here and not added to 'git_protocol'.
645 if (git_protocol
.len
> 0)
646 strbuf_addch(&git_protocol
, ':');
647 strbuf_addstr(&git_protocol
, arg
);
651 if (git_protocol
.len
> 0) {
652 loginfo("Extended attribute \"protocol\": %s", git_protocol
.buf
);
653 argv_array_pushf(env
, GIT_PROTOCOL_ENVIRONMENT
"=%s",
656 strbuf_release(&git_protocol
);
660 * Locate canonical hostname and its IP address.
662 static void lookup_hostname(struct hostinfo
*hi
)
664 if (!hi
->hostname_lookup_done
&& hi
->hostname
.len
) {
666 struct addrinfo hints
;
669 static char addrbuf
[HOST_NAME_MAX
+ 1];
671 memset(&hints
, 0, sizeof(hints
));
672 hints
.ai_flags
= AI_CANONNAME
;
674 gai
= getaddrinfo(hi
->hostname
.buf
, NULL
, &hints
, &ai
);
676 struct sockaddr_in
*sin_addr
= (void *)ai
->ai_addr
;
678 inet_ntop(AF_INET
, &sin_addr
->sin_addr
,
679 addrbuf
, sizeof(addrbuf
));
680 strbuf_addstr(&hi
->ip_address
, addrbuf
);
682 if (ai
->ai_canonname
)
683 sanitize_client(&hi
->canon_hostname
,
686 strbuf_addbuf(&hi
->canon_hostname
,
692 struct hostent
*hent
;
693 struct sockaddr_in sa
;
695 static char addrbuf
[HOST_NAME_MAX
+ 1];
697 hent
= gethostbyname(hi
->hostname
.buf
);
699 ap
= hent
->h_addr_list
;
700 memset(&sa
, 0, sizeof sa
);
701 sa
.sin_family
= hent
->h_addrtype
;
702 sa
.sin_port
= htons(0);
703 memcpy(&sa
.sin_addr
, *ap
, hent
->h_length
);
705 inet_ntop(hent
->h_addrtype
, &sa
.sin_addr
,
706 addrbuf
, sizeof(addrbuf
));
708 sanitize_client(&hi
->canon_hostname
, hent
->h_name
);
709 strbuf_addstr(&hi
->ip_address
, addrbuf
);
712 hi
->hostname_lookup_done
= 1;
716 static void hostinfo_init(struct hostinfo
*hi
)
718 memset(hi
, 0, sizeof(*hi
));
719 strbuf_init(&hi
->hostname
, 0);
720 strbuf_init(&hi
->canon_hostname
, 0);
721 strbuf_init(&hi
->ip_address
, 0);
722 strbuf_init(&hi
->tcp_port
, 0);
725 static void hostinfo_clear(struct hostinfo
*hi
)
727 strbuf_release(&hi
->hostname
);
728 strbuf_release(&hi
->canon_hostname
);
729 strbuf_release(&hi
->ip_address
);
730 strbuf_release(&hi
->tcp_port
);
733 static void set_keep_alive(int sockfd
)
737 if (setsockopt(sockfd
, SOL_SOCKET
, SO_KEEPALIVE
, &ka
, sizeof(ka
)) < 0) {
738 if (errno
!= ENOTSOCK
)
739 logerror("unable to set SO_KEEPALIVE on socket: %s",
744 static int execute(void)
746 char *line
= packet_buffer
;
748 char *addr
= getenv("REMOTE_ADDR"), *port
= getenv("REMOTE_PORT");
750 struct argv_array env
= ARGV_ARRAY_INIT
;
755 loginfo("Connection from %s:%s", addr
, port
);
758 alarm(init_timeout
? init_timeout
: timeout
);
759 pktlen
= packet_read(0, NULL
, NULL
, packet_buffer
, sizeof(packet_buffer
), 0);
763 if (len
&& line
[len
-1] == '\n')
766 /* parse additional args hidden behind a NUL byte */
768 parse_extra_args(&hi
, &env
, line
+ len
+ 1, pktlen
- len
- 1);
770 for (i
= 0; i
< ARRAY_SIZE(daemon_service
); i
++) {
771 struct daemon_service
*s
= &(daemon_service
[i
]);
774 if (skip_prefix(line
, "git-", &arg
) &&
775 skip_prefix(arg
, s
->name
, &arg
) &&
778 * Note: The directory here is probably context sensitive,
779 * and might depend on the actual service being performed.
781 int rc
= run_service(arg
, s
, &hi
, &env
);
783 argv_array_clear(&env
);
789 argv_array_clear(&env
);
790 logerror("Protocol error: '%s'", line
);
794 static int addrcmp(const struct sockaddr_storage
*s1
,
795 const struct sockaddr_storage
*s2
)
797 const struct sockaddr
*sa1
= (const struct sockaddr
*) s1
;
798 const struct sockaddr
*sa2
= (const struct sockaddr
*) s2
;
800 if (sa1
->sa_family
!= sa2
->sa_family
)
801 return sa1
->sa_family
- sa2
->sa_family
;
802 if (sa1
->sa_family
== AF_INET
)
803 return memcmp(&((struct sockaddr_in
*)s1
)->sin_addr
,
804 &((struct sockaddr_in
*)s2
)->sin_addr
,
805 sizeof(struct in_addr
));
807 if (sa1
->sa_family
== AF_INET6
)
808 return memcmp(&((struct sockaddr_in6
*)s1
)->sin6_addr
,
809 &((struct sockaddr_in6
*)s2
)->sin6_addr
,
810 sizeof(struct in6_addr
));
815 static int max_connections
= 32;
817 static unsigned int live_children
;
819 static struct child
{
821 struct child_process cld
;
822 struct sockaddr_storage address
;
825 static void add_child(struct child_process
*cld
, struct sockaddr
*addr
, socklen_t addrlen
)
827 struct child
*newborn
, **cradle
;
829 newborn
= xcalloc(1, sizeof(*newborn
));
831 memcpy(&newborn
->cld
, cld
, sizeof(*cld
));
832 memcpy(&newborn
->address
, addr
, addrlen
);
833 for (cradle
= &firstborn
; *cradle
; cradle
= &(*cradle
)->next
)
834 if (!addrcmp(&(*cradle
)->address
, &newborn
->address
))
836 newborn
->next
= *cradle
;
841 * This gets called if the number of connections grows
842 * past "max_connections".
844 * We kill the newest connection from a duplicate IP.
846 static void kill_some_child(void)
848 const struct child
*blanket
, *next
;
850 if (!(blanket
= firstborn
))
853 for (; (next
= blanket
->next
); blanket
= next
)
854 if (!addrcmp(&blanket
->address
, &next
->address
)) {
855 kill(blanket
->cld
.pid
, SIGTERM
);
860 static void check_dead_children(void)
865 struct child
**cradle
, *blanket
;
866 for (cradle
= &firstborn
; (blanket
= *cradle
);)
867 if ((pid
= waitpid(blanket
->cld
.pid
, &status
, WNOHANG
)) > 1) {
868 const char *dead
= "";
870 dead
= " (with error)";
871 loginfo("[%"PRIuMAX
"] Disconnected%s", (uintmax_t)pid
, dead
);
873 /* remove the child */
874 *cradle
= blanket
->next
;
876 child_process_clear(&blanket
->cld
);
879 cradle
= &blanket
->next
;
882 static struct argv_array cld_argv
= ARGV_ARRAY_INIT
;
883 static void handle(int incoming
, struct sockaddr
*addr
, socklen_t addrlen
)
885 struct child_process cld
= CHILD_PROCESS_INIT
;
887 if (max_connections
&& live_children
>= max_connections
) {
889 sleep(1); /* give it some time to die */
890 check_dead_children();
891 if (live_children
>= max_connections
) {
893 logerror("Too many children, dropping connection");
898 if (addr
->sa_family
== AF_INET
) {
900 struct sockaddr_in
*sin_addr
= (void *) addr
;
901 inet_ntop(addr
->sa_family
, &sin_addr
->sin_addr
, buf
, sizeof(buf
));
902 argv_array_pushf(&cld
.env_array
, "REMOTE_ADDR=%s", buf
);
903 argv_array_pushf(&cld
.env_array
, "REMOTE_PORT=%d",
904 ntohs(sin_addr
->sin_port
));
906 } else if (addr
->sa_family
== AF_INET6
) {
908 struct sockaddr_in6
*sin6_addr
= (void *) addr
;
909 inet_ntop(AF_INET6
, &sin6_addr
->sin6_addr
, buf
, sizeof(buf
));
910 argv_array_pushf(&cld
.env_array
, "REMOTE_ADDR=[%s]", buf
);
911 argv_array_pushf(&cld
.env_array
, "REMOTE_PORT=%d",
912 ntohs(sin6_addr
->sin6_port
));
916 cld
.argv
= cld_argv
.argv
;
918 cld
.out
= dup(incoming
);
920 if (start_command(&cld
))
921 logerror("unable to fork");
923 add_child(&cld
, addr
, addrlen
);
926 static void child_handler(int signo
)
929 * Otherwise empty handler because systemcalls will get interrupted
930 * upon signal receipt
931 * SysV needs the handler to be rearmed
933 signal(SIGCHLD
, child_handler
);
936 static int set_reuse_addr(int sockfd
)
942 return setsockopt(sockfd
, SOL_SOCKET
, SO_REUSEADDR
,
952 static const char *ip2str(int family
, struct sockaddr
*sin
, socklen_t len
)
955 static char ip
[INET_ADDRSTRLEN
];
957 static char ip
[INET6_ADDRSTRLEN
];
963 inet_ntop(family
, &((struct sockaddr_in6
*)sin
)->sin6_addr
, ip
, len
);
967 inet_ntop(family
, &((struct sockaddr_in
*)sin
)->sin_addr
, ip
, len
);
970 xsnprintf(ip
, sizeof(ip
), "<unknown>");
977 static int setup_named_sock(char *listen_addr
, int listen_port
, struct socketlist
*socklist
)
980 char pbuf
[NI_MAXSERV
];
981 struct addrinfo hints
, *ai0
, *ai
;
985 xsnprintf(pbuf
, sizeof(pbuf
), "%d", listen_port
);
986 memset(&hints
, 0, sizeof(hints
));
987 hints
.ai_family
= AF_UNSPEC
;
988 hints
.ai_socktype
= SOCK_STREAM
;
989 hints
.ai_protocol
= IPPROTO_TCP
;
990 hints
.ai_flags
= AI_PASSIVE
;
992 gai
= getaddrinfo(listen_addr
, pbuf
, &hints
, &ai0
);
994 logerror("getaddrinfo() for %s failed: %s", listen_addr
, gai_strerror(gai
));
998 for (ai
= ai0
; ai
; ai
= ai
->ai_next
) {
1001 sockfd
= socket(ai
->ai_family
, ai
->ai_socktype
, ai
->ai_protocol
);
1004 if (sockfd
>= FD_SETSIZE
) {
1005 logerror("Socket descriptor too large");
1011 if (ai
->ai_family
== AF_INET6
) {
1013 setsockopt(sockfd
, IPPROTO_IPV6
, IPV6_V6ONLY
,
1015 /* Note: error is not fatal */
1019 if (set_reuse_addr(sockfd
)) {
1020 logerror("Could not set SO_REUSEADDR: %s", strerror(errno
));
1025 set_keep_alive(sockfd
);
1027 if (bind(sockfd
, ai
->ai_addr
, ai
->ai_addrlen
) < 0) {
1028 logerror("Could not bind to %s: %s",
1029 ip2str(ai
->ai_family
, ai
->ai_addr
, ai
->ai_addrlen
),
1032 continue; /* not fatal */
1034 if (listen(sockfd
, 5) < 0) {
1035 logerror("Could not listen to %s: %s",
1036 ip2str(ai
->ai_family
, ai
->ai_addr
, ai
->ai_addrlen
),
1039 continue; /* not fatal */
1042 flags
= fcntl(sockfd
, F_GETFD
, 0);
1044 fcntl(sockfd
, F_SETFD
, flags
| FD_CLOEXEC
);
1046 ALLOC_GROW(socklist
->list
, socklist
->nr
+ 1, socklist
->alloc
);
1047 socklist
->list
[socklist
->nr
++] = sockfd
;
1058 static int setup_named_sock(char *listen_addr
, int listen_port
, struct socketlist
*socklist
)
1060 struct sockaddr_in sin
;
1064 memset(&sin
, 0, sizeof sin
);
1065 sin
.sin_family
= AF_INET
;
1066 sin
.sin_port
= htons(listen_port
);
1069 /* Well, host better be an IP address here. */
1070 if (inet_pton(AF_INET
, listen_addr
, &sin
.sin_addr
.s_addr
) <= 0)
1073 sin
.sin_addr
.s_addr
= htonl(INADDR_ANY
);
1076 sockfd
= socket(AF_INET
, SOCK_STREAM
, 0);
1080 if (set_reuse_addr(sockfd
)) {
1081 logerror("Could not set SO_REUSEADDR: %s", strerror(errno
));
1086 set_keep_alive(sockfd
);
1088 if ( bind(sockfd
, (struct sockaddr
*)&sin
, sizeof sin
) < 0 ) {
1089 logerror("Could not bind to %s: %s",
1090 ip2str(AF_INET
, (struct sockaddr
*)&sin
, sizeof(sin
)),
1096 if (listen(sockfd
, 5) < 0) {
1097 logerror("Could not listen to %s: %s",
1098 ip2str(AF_INET
, (struct sockaddr
*)&sin
, sizeof(sin
)),
1104 flags
= fcntl(sockfd
, F_GETFD
, 0);
1106 fcntl(sockfd
, F_SETFD
, flags
| FD_CLOEXEC
);
1108 ALLOC_GROW(socklist
->list
, socklist
->nr
+ 1, socklist
->alloc
);
1109 socklist
->list
[socklist
->nr
++] = sockfd
;
1115 static void socksetup(struct string_list
*listen_addr
, int listen_port
, struct socketlist
*socklist
)
1117 if (!listen_addr
->nr
)
1118 setup_named_sock(NULL
, listen_port
, socklist
);
1121 for (i
= 0; i
< listen_addr
->nr
; i
++) {
1122 socknum
= setup_named_sock(listen_addr
->items
[i
].string
,
1123 listen_port
, socklist
);
1126 logerror("unable to allocate any listen sockets for host %s on port %u",
1127 listen_addr
->items
[i
].string
, listen_port
);
1132 static int service_loop(struct socketlist
*socklist
)
1137 pfd
= xcalloc(socklist
->nr
, sizeof(struct pollfd
));
1139 for (i
= 0; i
< socklist
->nr
; i
++) {
1140 pfd
[i
].fd
= socklist
->list
[i
];
1141 pfd
[i
].events
= POLLIN
;
1144 signal(SIGCHLD
, child_handler
);
1149 check_dead_children();
1151 if (poll(pfd
, socklist
->nr
, -1) < 0) {
1152 if (errno
!= EINTR
) {
1153 logerror("Poll failed, resuming: %s",
1160 for (i
= 0; i
< socklist
->nr
; i
++) {
1161 if (pfd
[i
].revents
& POLLIN
) {
1164 struct sockaddr_in sai
;
1166 struct sockaddr_in6 sai6
;
1169 socklen_t sslen
= sizeof(ss
);
1170 int incoming
= accept(pfd
[i
].fd
, &ss
.sa
, &sslen
);
1178 die_errno("accept returned");
1181 handle(incoming
, &ss
.sa
, sslen
);
1187 #ifdef NO_POSIX_GOODIES
1191 static void drop_privileges(struct credentials
*cred
)
1196 static struct credentials
*prepare_credentials(const char *user_name
,
1197 const char *group_name
)
1199 die("--user not supported on this platform");
1204 struct credentials
{
1205 struct passwd
*pass
;
1209 static void drop_privileges(struct credentials
*cred
)
1211 if (cred
&& (initgroups(cred
->pass
->pw_name
, cred
->gid
) ||
1212 setgid (cred
->gid
) || setuid(cred
->pass
->pw_uid
)))
1213 die("cannot drop privileges");
1216 static struct credentials
*prepare_credentials(const char *user_name
,
1217 const char *group_name
)
1219 static struct credentials c
;
1221 c
.pass
= getpwnam(user_name
);
1223 die("user not found - %s", user_name
);
1226 c
.gid
= c
.pass
->pw_gid
;
1228 struct group
*group
= getgrnam(group_name
);
1230 die("group not found - %s", group_name
);
1232 c
.gid
= group
->gr_gid
;
1239 static int serve(struct string_list
*listen_addr
, int listen_port
,
1240 struct credentials
*cred
)
1242 struct socketlist socklist
= { NULL
, 0, 0 };
1244 socksetup(listen_addr
, listen_port
, &socklist
);
1245 if (socklist
.nr
== 0)
1246 die("unable to allocate any listen sockets on port %u",
1249 drop_privileges(cred
);
1251 loginfo("Ready to rumble");
1253 return service_loop(&socklist
);
1256 int cmd_main(int argc
, const char **argv
)
1258 int listen_port
= 0;
1259 struct string_list listen_addr
= STRING_LIST_INIT_NODUP
;
1260 int serve_mode
= 0, inetd_mode
= 0;
1261 const char *pid_file
= NULL
, *user_name
= NULL
, *group_name
= NULL
;
1263 struct credentials
*cred
= NULL
;
1266 for (i
= 1; i
< argc
; i
++) {
1267 const char *arg
= argv
[i
];
1270 if (skip_prefix(arg
, "--listen=", &v
)) {
1271 string_list_append(&listen_addr
, xstrdup_tolower(v
));
1274 if (skip_prefix(arg
, "--port=", &v
)) {
1277 n
= strtoul(v
, &end
, 0);
1283 if (!strcmp(arg
, "--serve")) {
1287 if (!strcmp(arg
, "--inetd")) {
1292 if (!strcmp(arg
, "--verbose")) {
1296 if (!strcmp(arg
, "--syslog")) {
1300 if (!strcmp(arg
, "--export-all")) {
1301 export_all_trees
= 1;
1304 if (skip_prefix(arg
, "--access-hook=", &v
)) {
1308 if (skip_prefix(arg
, "--timeout=", &v
)) {
1312 if (skip_prefix(arg
, "--init-timeout=", &v
)) {
1313 init_timeout
= atoi(v
);
1316 if (skip_prefix(arg
, "--max-connections=", &v
)) {
1317 max_connections
= atoi(v
);
1318 if (max_connections
< 0)
1319 max_connections
= 0; /* unlimited */
1322 if (!strcmp(arg
, "--strict-paths")) {
1326 if (skip_prefix(arg
, "--base-path=", &v
)) {
1330 if (!strcmp(arg
, "--base-path-relaxed")) {
1331 base_path_relaxed
= 1;
1334 if (skip_prefix(arg
, "--interpolated-path=", &v
)) {
1335 interpolated_path
= v
;
1338 if (!strcmp(arg
, "--reuseaddr")) {
1342 if (!strcmp(arg
, "--user-path")) {
1346 if (skip_prefix(arg
, "--user-path=", &v
)) {
1350 if (skip_prefix(arg
, "--pid-file=", &v
)) {
1354 if (!strcmp(arg
, "--detach")) {
1359 if (skip_prefix(arg
, "--user=", &v
)) {
1363 if (skip_prefix(arg
, "--group=", &v
)) {
1367 if (skip_prefix(arg
, "--enable=", &v
)) {
1368 enable_service(v
, 1);
1371 if (skip_prefix(arg
, "--disable=", &v
)) {
1372 enable_service(v
, 0);
1375 if (skip_prefix(arg
, "--allow-override=", &v
)) {
1376 make_service_overridable(v
, 1);
1379 if (skip_prefix(arg
, "--forbid-override=", &v
)) {
1380 make_service_overridable(v
, 0);
1383 if (!strcmp(arg
, "--informative-errors")) {
1384 informative_errors
= 1;
1387 if (!strcmp(arg
, "--no-informative-errors")) {
1388 informative_errors
= 0;
1391 if (!strcmp(arg
, "--")) {
1392 ok_paths
= &argv
[i
+1];
1394 } else if (arg
[0] != '-') {
1395 ok_paths
= &argv
[i
];
1399 usage(daemon_usage
);
1403 openlog("git-daemon", LOG_PID
, LOG_DAEMON
);
1404 set_die_routine(daemon_die
);
1406 /* avoid splitting a message in the middle */
1407 setvbuf(stderr
, NULL
, _IOFBF
, 4096);
1409 if (inetd_mode
&& (detach
|| group_name
|| user_name
))
1410 die("--detach, --user and --group are incompatible with --inetd");
1412 if (inetd_mode
&& (listen_port
|| (listen_addr
.nr
> 0)))
1413 die("--listen= and --port= are incompatible with --inetd");
1414 else if (listen_port
== 0)
1415 listen_port
= DEFAULT_GIT_PORT
;
1417 if (group_name
&& !user_name
)
1418 die("--group supplied without --user");
1421 cred
= prepare_credentials(user_name
, group_name
);
1423 if (strict_paths
&& (!ok_paths
|| !*ok_paths
))
1424 die("option --strict-paths requires a whitelist");
1426 if (base_path
&& !is_directory(base_path
))
1427 die("base-path '%s' does not exist or is not a directory",
1431 if (!freopen("/dev/null", "w", stderr
))
1432 die_errno("failed to redirect stderr to /dev/null");
1435 if (inetd_mode
|| serve_mode
)
1440 die("--detach not supported on this platform");
1444 write_file(pid_file
, "%"PRIuMAX
, (uintmax_t) getpid());
1446 /* prepare argv for serving-processes */
1447 argv_array_push(&cld_argv
, argv
[0]); /* git-daemon */
1448 argv_array_push(&cld_argv
, "--serve");
1449 for (i
= 1; i
< argc
; ++i
)
1450 argv_array_push(&cld_argv
, argv
[i
]);
1452 return serve(&listen_addr
, listen_port
, cred
);