search:
summary | log | graphiclog1 | graphiclog2 | commit | commitdiff | tree | refs | edit | fork
blame | history | raw | HEAD
git-remote: add verbose mode to git remote update
[git/trast.git] / daemon.c
blobb9ba44c582b3b6cfac0f150f7f8901d60b48bbb3
1 #include "cache.h"
2 #include "pkt-line.h"
3 #include "exec_cmd.h"
4 #include "interpolate.h"
5
6 #include <syslog.h>
7
8 #ifndef HOST_NAME_MAX
9 #define HOST_NAME_MAX 256
10 #endif
11
12 #ifndef NI_MAXSERV
13 #define NI_MAXSERV 32
14 #endif
15
16 static int log_syslog;
17 static int verbose;
18 static int reuseaddr;
19
20 static const char daemon_usage[] =
21 "git daemon [--verbose] [--syslog] [--export-all]\n"
22 " [--timeout=n] [--init-timeout=n] [--max-connections=n]\n"
23 " [--strict-paths] [--base-path=path] [--base-path-relaxed]\n"
24 " [--user-path | --user-path=path]\n"
25 " [--interpolated-path=path]\n"
26 " [--reuseaddr] [--detach] [--pid-file=file]\n"
27 " [--[enable|disable|allow-override|forbid-override]=service]\n"
28 " [--inetd | [--listen=host_or_ipaddr] [--port=n]\n"
29 " [--user=user [--group=group]]\n"
30 " [directory...]";
31
32 /* List of acceptable pathname prefixes */
33 static char **ok_paths;
34 static int strict_paths;
35
36 /* If this is set, git-daemon-export-ok is not required */
37 static int export_all_trees;
38
39 /* Take all paths relative to this one if non-NULL */
40 static char *base_path;
41 static char *interpolated_path;
42 static int base_path_relaxed;
43
44 /* Flag indicating client sent extra args. */
45 static int saw_extended_args;
46
47 /* If defined, ~user notation is allowed and the string is inserted
48 * after ~user/. E.g. a request to git://host/~alice/frotz would
49 * go to /home/alice/pub_git/frotz with --user-path=pub_git.
50 */
51 static const char *user_path;
52
53 /* Timeout, and initial timeout */
54 static unsigned int timeout;
55 static unsigned int init_timeout;
56
57 /*
58 * Static table for now. Ugh.
59 * Feel free to make dynamic as needed.
60 */
61 #define INTERP_SLOT_HOST (0)
62 #define INTERP_SLOT_CANON_HOST (1)
63 #define INTERP_SLOT_IP (2)
64 #define INTERP_SLOT_PORT (3)
65 #define INTERP_SLOT_DIR (4)
66 #define INTERP_SLOT_PERCENT (5)
67
68 static struct interp interp_table[] = {
69 { "%H", 0},
70 { "%CH", 0},
71 { "%IP", 0},
72 { "%P", 0},
73 { "%D", 0},
74 { "%%", 0},
75 };
76
77
78 static void logreport(int priority, const char *err, va_list params)
79 {
80 if (log_syslog) {
81 char buf[1024];
82 vsnprintf(buf, sizeof(buf), err, params);
83 syslog(priority, "%s", buf);
84 } else {
85 /*
86 * Since stderr is set to linebuffered mode, the
87 * logging of different processes will not overlap
88 */
89 fprintf(stderr, "[%"PRIuMAX"] ", (uintmax_t)getpid());
90 vfprintf(stderr, err, params);
91 fputc('\n', stderr);
92 }
93 }
94
95 static void logerror(const char *err, ...)
96 {
97 va_list params;
98 va_start(params, err);
99 logreport(LOG_ERR, err, params);
100 va_end(params);
101 }
102
103 static void loginfo(const char *err, ...)
104 {
105 va_list params;
106 if (!verbose)
107 return;
108 va_start(params, err);
109 logreport(LOG_INFO, err, params);
110 va_end(params);
111 }
112
113 static void NORETURN daemon_die(const char *err, va_list params)
114 {
115 logreport(LOG_ERR, err, params);
116 exit(1);
117 }
118
119 static int avoid_alias(char *p)
120 {
121 int sl, ndot;
122
123 /*
124 * This resurrects the belts and suspenders paranoia check by HPA
125 * done in <435560F7.4080006@zytor.com> thread, now enter_repo()
126 * does not do getcwd() based path canonicalizations.
127 *
128 * sl becomes true immediately after seeing '/' and continues to
129 * be true as long as dots continue after that without intervening
130 * non-dot character.
131 */
132 if (!p || (*p != '/' && *p != '~'))
133 return -1;
134 sl = 1; ndot = 0;
135 p++;
136
137 while (1) {
138 char ch = *p++;
139 if (sl) {
140 if (ch == '.')
141 ndot++;
142 else if (ch == '/') {
143 if (ndot < 3)
144 /* reject //, /./ and /../ */
145 return -1;
146 ndot = 0;
147 }
148 else if (ch == 0) {
149 if (0 < ndot && ndot < 3)
150 /* reject /.$ and /..$ */
151 return -1;
152 return 0;
153 }
154 else
155 sl = ndot = 0;
156 }
157 else if (ch == 0)
158 return 0;
159 else if (ch == '/') {
160 sl = 1;
161 ndot = 0;
162 }
163 }
164 }
165
166 static char *path_ok(struct interp *itable)
167 {
168 static char rpath[PATH_MAX];
169 static char interp_path[PATH_MAX];
170 int retried_path = 0;
171 char *path;
172 char *dir;
173
174 dir = itable[INTERP_SLOT_DIR].value;
175
176 if (avoid_alias(dir)) {
177 logerror("'%s': aliased", dir);
178 return NULL;
179 }
180
181 if (*dir == '~') {
182 if (!user_path) {
183 logerror("'%s': User-path not allowed", dir);
184 return NULL;
185 }
186 if (*user_path) {
187 /* Got either "~alice" or "~alice/foo";
188 * rewrite them to "~alice/%s" or
189 * "~alice/%s/foo".
190 */
191 int namlen, restlen = strlen(dir);
192 char *slash = strchr(dir, '/');
193 if (!slash)
194 slash = dir + restlen;
195 namlen = slash - dir;
196 restlen -= namlen;
197 loginfo("userpath <%s>, request <%s>, namlen %d, restlen %d, slash <%s>", user_path, dir, namlen, restlen, slash);
198 snprintf(rpath, PATH_MAX, "%.*s/%s%.*s",
199 namlen, dir, user_path, restlen, slash);
200 dir = rpath;
201 }
202 }
203 else if (interpolated_path && saw_extended_args) {
204 if (*dir != '/') {
205 /* Allow only absolute */
206 logerror("'%s': Non-absolute path denied (interpolated-path active)", dir);
207 return NULL;
208 }
209
210 interpolate(interp_path, PATH_MAX, interpolated_path,
211 interp_table, ARRAY_SIZE(interp_table));
212 loginfo("Interpolated dir '%s'", interp_path);
213
214 dir = interp_path;
215 }
216 else if (base_path) {
217 if (*dir != '/') {
218 /* Allow only absolute */
219 logerror("'%s': Non-absolute path denied (base-path active)", dir);
220 return NULL;
221 }
222 snprintf(rpath, PATH_MAX, "%s%s", base_path, dir);
223 dir = rpath;
224 }
225
226 do {
227 path = enter_repo(dir, strict_paths);
228 if (path)
229 break;
230
231 /*
232 * if we fail and base_path_relaxed is enabled, try without
233 * prefixing the base path
234 */
235 if (base_path && base_path_relaxed && !retried_path) {
236 dir = itable[INTERP_SLOT_DIR].value;
237 retried_path = 1;
238 continue;
239 }
240 break;
241 } while (1);
242
243 if (!path) {
244 logerror("'%s': unable to chdir or not a git archive", dir);
245 return NULL;
246 }
247
248 if ( ok_paths && *ok_paths ) {
249 char **pp;
250 int pathlen = strlen(path);
251
252 /* The validation is done on the paths after enter_repo
253 * appends optional {.git,.git/.git} and friends, but
254 * it does not use getcwd(). So if your /pub is
255 * a symlink to /mnt/pub, you can whitelist /pub and
256 * do not have to say /mnt/pub.
257 * Do not say /pub/.
258 */
259 for ( pp = ok_paths ; *pp ; pp++ ) {
260 int len = strlen(*pp);
261 if (len <= pathlen &&
262 !memcmp(*pp, path, len) &&
263 (path[len] == '\0' ||
264 (!strict_paths && path[len] == '/')))
265 return path;
266 }
267 }
268 else {
269 /* be backwards compatible */
270 if (!strict_paths)
271 return path;
272 }
273
274 logerror("'%s': not in whitelist", path);
275 return NULL; /* Fallthrough. Deny by default */
276 }
277
278 typedef int (*daemon_service_fn)(void);
279 struct daemon_service {
280 const char *name;
281 const char *config_name;
282 daemon_service_fn fn;
283 int enabled;
284 int overridable;
285 };
286
287 static struct daemon_service *service_looking_at;
288 static int service_enabled;
289
290 static int git_daemon_config(const char *var, const char *value, void *cb)
291 {
292 if (!prefixcmp(var, "daemon.") &&
293 !strcmp(var + 7, service_looking_at->config_name)) {
294 service_enabled = git_config_bool(var, value);
295 return 0;
296 }
297
298 /* we are not interested in parsing any other configuration here */
299 return 0;
300 }
301
302 static int run_service(struct interp *itable, struct daemon_service *service)
303 {
304 const char *path;
305 int enabled = service->enabled;
306
307 loginfo("Request %s for '%s'",
308 service->name,
309 itable[INTERP_SLOT_DIR].value);
310
311 if (!enabled && !service->overridable) {
312 logerror("'%s': service not enabled.", service->name);
313 errno = EACCES;
314 return -1;
315 }
316
317 if (!(path = path_ok(itable)))
318 return -1;
319
320 /*
321 * Security on the cheap.
322 *
323 * We want a readable HEAD, usable "objects" directory, and
324 * a "git-daemon-export-ok" flag that says that the other side
325 * is ok with us doing this.
326 *
327 * path_ok() uses enter_repo() and does whitelist checking.
328 * We only need to make sure the repository is exported.
329 */
330
331 if (!export_all_trees && access("git-daemon-export-ok", F_OK)) {
332 logerror("'%s': repository not exported.", path);
333 errno = EACCES;
334 return -1;
335 }
336
337 if (service->overridable) {
338 service_looking_at = service;
339 service_enabled = -1;
340 git_config(git_daemon_config, NULL);
341 if (0 <= service_enabled)
342 enabled = service_enabled;
343 }
344 if (!enabled) {
345 logerror("'%s': service not enabled for '%s'",
346 service->name, path);
347 errno = EACCES;
348 return -1;
349 }
350
351 /*
352 * We'll ignore SIGTERM from now on, we have a
353 * good client.
354 */
355 signal(SIGTERM, SIG_IGN);
356
357 return service->fn();
358 }
359
360 static int upload_pack(void)
361 {
362 /* Timeout as string */
363 char timeout_buf[64];
364
365 snprintf(timeout_buf, sizeof timeout_buf, "--timeout=%u", timeout);
366
367 /* git-upload-pack only ever reads stuff, so this is safe */
368 execl_git_cmd("upload-pack", "--strict", timeout_buf, ".", NULL);
369 return -1;
370 }
371
372 static int upload_archive(void)
373 {
374 execl_git_cmd("upload-archive", ".", NULL);
375 return -1;
376 }
377
378 static int receive_pack(void)
379 {
380 execl_git_cmd("receive-pack", ".", NULL);
381 return -1;
382 }
383
384 static struct daemon_service daemon_service[] = {
385 { "upload-archive", "uploadarch", upload_archive, 0, 1 },
386 { "upload-pack", "uploadpack", upload_pack, 1, 1 },
387 { "receive-pack", "receivepack", receive_pack, 0, 1 },
388 };
389
390 static void enable_service(const char *name, int ena)
391 {
392 int i;
393 for (i = 0; i < ARRAY_SIZE(daemon_service); i++) {
394 if (!strcmp(daemon_service[i].name, name)) {
395 daemon_service[i].enabled = ena;
396 return;
397 }
398 }
399 die("No such service %s", name);
400 }
401
402 static void make_service_overridable(const char *name, int ena)
403 {
404 int i;
405 for (i = 0; i < ARRAY_SIZE(daemon_service); i++) {
406 if (!strcmp(daemon_service[i].name, name)) {
407 daemon_service[i].overridable = ena;
408 return;
409 }
410 }
411 die("No such service %s", name);
412 }
413
414 /*
415 * Separate the "extra args" information as supplied by the client connection.
416 * Any resulting data is squirreled away in the given interpolation table.
417 */
418 static void parse_extra_args(struct interp *table, char *extra_args, int buflen)
419 {
420 char *val;
421 int vallen;
422 char *end = extra_args + buflen;
423
424 while (extra_args < end && *extra_args) {
425 saw_extended_args = 1;
426 if (strncasecmp("host=", extra_args, 5) == 0) {
427 val = extra_args + 5;
428 vallen = strlen(val) + 1;
429 if (*val) {
430 /* Split <host>:<port> at colon. */
431 char *host = val;
432 char *port = strrchr(host, ':');
433 if (port) {
434 *port = 0;
435 port++;
436 interp_set_entry(table, INTERP_SLOT_PORT, port);
437 }
438 interp_set_entry(table, INTERP_SLOT_HOST, host);
439 }
440
441 /* On to the next one */
442 extra_args = val + vallen;
443 }
444 }
445 }
446
447 static void fill_in_extra_table_entries(struct interp *itable)
448 {
449 char *hp;
450
451 /*
452 * Replace literal host with lowercase-ized hostname.
453 */
454 hp = interp_table[INTERP_SLOT_HOST].value;
455 if (!hp)
456 return;
457 for ( ; *hp; hp++)
458 *hp = tolower(*hp);
459
460 /*
461 * Locate canonical hostname and its IP address.
462 */
463 #ifndef NO_IPV6
464 {
465 struct addrinfo hints;
466 struct addrinfo *ai, *ai0;
467 int gai;
468 static char addrbuf[HOST_NAME_MAX + 1];
469
470 memset(&hints, 0, sizeof(hints));
471 hints.ai_flags = AI_CANONNAME;
472
473 gai = getaddrinfo(interp_table[INTERP_SLOT_HOST].value, 0, &hints, &ai0);
474 if (!gai) {
475 for (ai = ai0; ai; ai = ai->ai_next) {
476 struct sockaddr_in *sin_addr = (void *)ai->ai_addr;
477
478 inet_ntop(AF_INET, &sin_addr->sin_addr,
479 addrbuf, sizeof(addrbuf));
480 interp_set_entry(interp_table,
481 INTERP_SLOT_CANON_HOST, ai->ai_canonname);
482 interp_set_entry(interp_table,
483 INTERP_SLOT_IP, addrbuf);
484 break;
485 }
486 freeaddrinfo(ai0);
487 }
488 }
489 #else
490 {
491 struct hostent *hent;
492 struct sockaddr_in sa;
493 char **ap;
494 static char addrbuf[HOST_NAME_MAX + 1];
495
496 hent = gethostbyname(interp_table[INTERP_SLOT_HOST].value);
497
498 ap = hent->h_addr_list;
499 memset(&sa, 0, sizeof sa);
500 sa.sin_family = hent->h_addrtype;
501 sa.sin_port = htons(0);
502 memcpy(&sa.sin_addr, *ap, hent->h_length);
503
504 inet_ntop(hent->h_addrtype, &sa.sin_addr,
505 addrbuf, sizeof(addrbuf));
506
507 interp_set_entry(interp_table, INTERP_SLOT_CANON_HOST, hent->h_name);
508 interp_set_entry(interp_table, INTERP_SLOT_IP, addrbuf);
509 }
510 #endif
511 }
512
513
514 static int execute(struct sockaddr *addr)
515 {
516 static char line[1000];
517 int pktlen, len, i;
518
519 if (addr) {
520 char addrbuf[256] = "";
521 int port = -1;
522
523 if (addr->sa_family == AF_INET) {
524 struct sockaddr_in *sin_addr = (void *) addr;
525 inet_ntop(addr->sa_family, &sin_addr->sin_addr, addrbuf, sizeof(addrbuf));
526 port = ntohs(sin_addr->sin_port);
527 #ifndef NO_IPV6
528 } else if (addr && addr->sa_family == AF_INET6) {
529 struct sockaddr_in6 *sin6_addr = (void *) addr;
530
531 char *buf = addrbuf;
532 *buf++ = '['; *buf = '\0'; /* stpcpy() is cool */
533 inet_ntop(AF_INET6, &sin6_addr->sin6_addr, buf, sizeof(addrbuf) - 1);
534 strcat(buf, "]");
535
536 port = ntohs(sin6_addr->sin6_port);
537 #endif
538 }
539 loginfo("Connection from %s:%d", addrbuf, port);
540 setenv("REMOTE_ADDR", addrbuf, 1);
541 }
542 else {
543 unsetenv("REMOTE_ADDR");
544 }
545
546 alarm(init_timeout ? init_timeout : timeout);
547 pktlen = packet_read_line(0, line, sizeof(line));
548 alarm(0);
549
550 len = strlen(line);
551 if (pktlen != len)
552 loginfo("Extended attributes (%d bytes) exist <%.*s>",
553 (int) pktlen - len,
554 (int) pktlen - len, line + len + 1);
555 if (len && line[len-1] == '\n') {
556 line[--len] = 0;
557 pktlen--;
558 }
559
560 /*
561 * Initialize the path interpolation table for this connection.
562 */
563 interp_clear_table(interp_table, ARRAY_SIZE(interp_table));
564 interp_set_entry(interp_table, INTERP_SLOT_PERCENT, "%");
565
566 if (len != pktlen) {
567 parse_extra_args(interp_table, line + len + 1, pktlen - len - 1);
568 fill_in_extra_table_entries(interp_table);
569 }
570
571 for (i = 0; i < ARRAY_SIZE(daemon_service); i++) {
572 struct daemon_service *s = &(daemon_service[i]);
573 int namelen = strlen(s->name);
574 if (!prefixcmp(line, "git-") &&
575 !strncmp(s->name, line + 4, namelen) &&
576 line[namelen + 4] == ' ') {
577 /*
578 * Note: The directory here is probably context sensitive,
579 * and might depend on the actual service being performed.
580 */
581 interp_set_entry(interp_table,
582 INTERP_SLOT_DIR, line + namelen + 5);
583 return run_service(interp_table, s);
584 }
585 }
586
587 logerror("Protocol error: '%s'", line);
588 return -1;
589 }
590
591 static int max_connections = 32;
592
593 static unsigned int live_children;
594
595 static struct child {
596 struct child *next;
597 pid_t pid;
598 struct sockaddr_storage address;
599 } *firstborn;
600
601 static void add_child(pid_t pid, struct sockaddr *addr, int addrlen)
602 {
603 struct child *newborn, **cradle;
604
605 /*
606 * This must be xcalloc() -- we'll compare the whole sockaddr_storage
607 * but individual address may be shorter.
608 */
609 newborn = xcalloc(1, sizeof(*newborn));
610 live_children++;
611 newborn->pid = pid;
612 memcpy(&newborn->address, addr, addrlen);
613 for (cradle = &firstborn; *cradle; cradle = &(*cradle)->next)
614 if (!memcmp(&(*cradle)->address, &newborn->address,
615 sizeof(newborn->address)))
616 break;
617 newborn->next = *cradle;
618 *cradle = newborn;
619 }
620
621 static void remove_child(pid_t pid)
622 {
623 struct child **cradle, *blanket;
624
625 for (cradle = &firstborn; (blanket = *cradle); cradle = &blanket->next)
626 if (blanket->pid == pid) {
627 *cradle = blanket->next;
628 live_children--;
629 free(blanket);
630 break;
631 }
632 }
633
634 /*
635 * This gets called if the number of connections grows
636 * past "max_connections".
637 *
638 * We kill the newest connection from a duplicate IP.
639 */
640 static void kill_some_child(void)
641 {
642 const struct child *blanket, *next;
643
644 if (!(blanket = firstborn))
645 return;
646
647 for (; (next = blanket->next); blanket = next)
648 if (!memcmp(&blanket->address, &next->address,
649 sizeof(next->address))) {
650 kill(blanket->pid, SIGTERM);
651 break;
652 }
653 }
654
655 static void check_dead_children(void)
656 {
657 int status;
658 pid_t pid;
659
660 while ((pid = waitpid(-1, &status, WNOHANG)) > 0) {
661 const char *dead = "";
662 remove_child(pid);
663 if (!WIFEXITED(status) || (WEXITSTATUS(status) > 0))
664 dead = " (with error)";
665 loginfo("[%"PRIuMAX"] Disconnected%s", (uintmax_t)pid, dead);
666 }
667 }
668
669 static void handle(int incoming, struct sockaddr *addr, int addrlen)
670 {
671 pid_t pid;
672
673 if (max_connections && live_children >= max_connections) {
674 kill_some_child();
675 sleep(1); /* give it some time to die */
676 check_dead_children();
677 if (live_children >= max_connections) {
678 close(incoming);
679 logerror("Too many children, dropping connection");
680 return;
681 }
682 }
683
684 if ((pid = fork())) {
685 close(incoming);
686 if (pid < 0) {
687 logerror("Couldn't fork %s", strerror(errno));
688 return;
689 }
690
691 add_child(pid, addr, addrlen);
692 return;
693 }
694
695 dup2(incoming, 0);
696 dup2(incoming, 1);
697 close(incoming);
698
699 exit(execute(addr));
700 }
701
702 static void child_handler(int signo)
703 {
704 /*
705 * Otherwise empty handler because systemcalls will get interrupted
706 * upon signal receipt
707 * SysV needs the handler to be rearmed
708 */
709 signal(SIGCHLD, child_handler);
710 }
711
712 static int set_reuse_addr(int sockfd)
713 {
714 int on = 1;
715
716 if (!reuseaddr)
717 return 0;
718 return setsockopt(sockfd, SOL_SOCKET, SO_REUSEADDR,
719 &on, sizeof(on));
720 }
721
722 #ifndef NO_IPV6
723
724 static int socksetup(char *listen_addr, int listen_port, int **socklist_p)
725 {
726 int socknum = 0, *socklist = NULL;
727 int maxfd = -1;
728 char pbuf[NI_MAXSERV];
729 struct addrinfo hints, *ai0, *ai;
730 int gai;
731 long flags;
732
733 sprintf(pbuf, "%d", listen_port);
734 memset(&hints, 0, sizeof(hints));
735 hints.ai_family = AF_UNSPEC;
736 hints.ai_socktype = SOCK_STREAM;
737 hints.ai_protocol = IPPROTO_TCP;
738 hints.ai_flags = AI_PASSIVE;
739
740 gai = getaddrinfo(listen_addr, pbuf, &hints, &ai0);
741 if (gai)
742 die("getaddrinfo() failed: %s\n", gai_strerror(gai));
743
744 for (ai = ai0; ai; ai = ai->ai_next) {
745 int sockfd;
746
747 sockfd = socket(ai->ai_family, ai->ai_socktype, ai->ai_protocol);
748 if (sockfd < 0)
749 continue;
750 if (sockfd >= FD_SETSIZE) {
751 logerror("Socket descriptor too large");
752 close(sockfd);
753 continue;
754 }
755
756 #ifdef IPV6_V6ONLY
757 if (ai->ai_family == AF_INET6) {
758 int on = 1;
759 setsockopt(sockfd, IPPROTO_IPV6, IPV6_V6ONLY,
760 &on, sizeof(on));
761 /* Note: error is not fatal */
762 }
763 #endif
764
765 if (set_reuse_addr(sockfd)) {
766 close(sockfd);
767 continue;
768 }
769
770 if (bind(sockfd, ai->ai_addr, ai->ai_addrlen) < 0) {
771 close(sockfd);
772 continue; /* not fatal */
773 }
774 if (listen(sockfd, 5) < 0) {
775 close(sockfd);
776 continue; /* not fatal */
777 }
778
779 flags = fcntl(sockfd, F_GETFD, 0);
780 if (flags >= 0)
781 fcntl(sockfd, F_SETFD, flags | FD_CLOEXEC);
782
783 socklist = xrealloc(socklist, sizeof(int) * (socknum + 1));
784 socklist[socknum++] = sockfd;
785
786 if (maxfd < sockfd)
787 maxfd = sockfd;
788 }
789
790 freeaddrinfo(ai0);
791
792 *socklist_p = socklist;
793 return socknum;
794 }
795
796 #else /* NO_IPV6 */
797
798 static int socksetup(char *listen_addr, int listen_port, int **socklist_p)
799 {
800 struct sockaddr_in sin;
801 int sockfd;
802 long flags;
803
804 memset(&sin, 0, sizeof sin);
805 sin.sin_family = AF_INET;
806 sin.sin_port = htons(listen_port);
807
808 if (listen_addr) {
809 /* Well, host better be an IP address here. */
810 if (inet_pton(AF_INET, listen_addr, &sin.sin_addr.s_addr) <= 0)
811 return 0;
812 } else {
813 sin.sin_addr.s_addr = htonl(INADDR_ANY);
814 }
815
816 sockfd = socket(AF_INET, SOCK_STREAM, 0);
817 if (sockfd < 0)
818 return 0;
819
820 if (set_reuse_addr(sockfd)) {
821 close(sockfd);
822 return 0;
823 }
824
825 if ( bind(sockfd, (struct sockaddr *)&sin, sizeof sin) < 0 ) {
826 close(sockfd);
827 return 0;
828 }
829
830 if (listen(sockfd, 5) < 0) {
831 close(sockfd);
832 return 0;
833 }
834
835 flags = fcntl(sockfd, F_GETFD, 0);
836 if (flags >= 0)
837 fcntl(sockfd, F_SETFD, flags | FD_CLOEXEC);
838
839 *socklist_p = xmalloc(sizeof(int));
840 **socklist_p = sockfd;
841 return 1;
842 }
843
844 #endif
845
846 static int service_loop(int socknum, int *socklist)
847 {
848 struct pollfd *pfd;
849 int i;
850
851 pfd = xcalloc(socknum, sizeof(struct pollfd));
852
853 for (i = 0; i < socknum; i++) {
854 pfd[i].fd = socklist[i];
855 pfd[i].events = POLLIN;
856 }
857
858 signal(SIGCHLD, child_handler);
859
860 for (;;) {
861 int i;
862
863 check_dead_children();
864
865 if (poll(pfd, socknum, -1) < 0) {
866 if (errno != EINTR) {
867 logerror("Poll failed, resuming: %s",
868 strerror(errno));
869 sleep(1);
870 }
871 continue;
872 }
873
874 for (i = 0; i < socknum; i++) {
875 if (pfd[i].revents & POLLIN) {
876 struct sockaddr_storage ss;
877 unsigned int sslen = sizeof(ss);
878 int incoming = accept(pfd[i].fd, (struct sockaddr *)&ss, &sslen);
879 if (incoming < 0) {
880 switch (errno) {
881 case EAGAIN:
882 case EINTR:
883 case ECONNABORTED:
884 continue;
885 default:
886 die("accept returned %s", strerror(errno));
887 }
888 }
889 handle(incoming, (struct sockaddr *)&ss, sslen);
890 }
891 }
892 }
893 }
894
895 /* if any standard file descriptor is missing open it to /dev/null */
896 static void sanitize_stdfds(void)
897 {
898 int fd = open("/dev/null", O_RDWR, 0);
899 while (fd != -1 && fd < 2)
900 fd = dup(fd);
901 if (fd == -1)
902 die("open /dev/null or dup failed: %s", strerror(errno));
903 if (fd > 2)
904 close(fd);
905 }
906
907 static void daemonize(void)
908 {
909 switch (fork()) {
910 case 0:
911 break;
912 case -1:
913 die("fork failed: %s", strerror(errno));
914 default:
915 exit(0);
916 }
917 if (setsid() == -1)
918 die("setsid failed: %s", strerror(errno));
919 close(0);
920 close(1);
921 close(2);
922 sanitize_stdfds();
923 }
924
925 static void store_pid(const char *path)
926 {
927 FILE *f = fopen(path, "w");
928 if (!f)
929 die("cannot open pid file %s: %s", path, strerror(errno));
930 if (fprintf(f, "%"PRIuMAX"\n", (uintmax_t) getpid()) < 0 || fclose(f) != 0)
931 die("failed to write pid file %s: %s", path, strerror(errno));
932 }
933
934 static int serve(char *listen_addr, int listen_port, struct passwd *pass, gid_t gid)
935 {
936 int socknum, *socklist;
937
938 socknum = socksetup(listen_addr, listen_port, &socklist);
939 if (socknum == 0)
940 die("unable to allocate any listen sockets on host %s port %u",
941 listen_addr, listen_port);
942
943 if (pass && gid &&
944 (initgroups(pass->pw_name, gid) || setgid (gid) ||
945 setuid(pass->pw_uid)))
946 die("cannot drop privileges");
947
948 return service_loop(socknum, socklist);
949 }
950
951 int main(int argc, char **argv)
952 {
953 int listen_port = 0;
954 char *listen_addr = NULL;
955 int inetd_mode = 0;
956 const char *pid_file = NULL, *user_name = NULL, *group_name = NULL;
957 int detach = 0;
958 struct passwd *pass = NULL;
959 struct group *group;
960 gid_t gid = 0;
961 int i;
962
963 for (i = 1; i < argc; i++) {
964 char *arg = argv[i];
965
966 if (!prefixcmp(arg, "--listen=")) {
967 char *p = arg + 9;
968 char *ph = listen_addr = xmalloc(strlen(arg + 9) + 1);
969 while (*p)
970 *ph++ = tolower(*p++);
971 *ph = 0;
972 continue;
973 }
974 if (!prefixcmp(arg, "--port=")) {
975 char *end;
976 unsigned long n;
977 n = strtoul(arg+7, &end, 0);
978 if (arg[7] && !*end) {
979 listen_port = n;
980 continue;
981 }
982 }
983 if (!strcmp(arg, "--inetd")) {
984 inetd_mode = 1;
985 log_syslog = 1;
986 continue;
987 }
988 if (!strcmp(arg, "--verbose")) {
989 verbose = 1;
990 continue;
991 }
992 if (!strcmp(arg, "--syslog")) {
993 log_syslog = 1;
994 continue;
995 }
996 if (!strcmp(arg, "--export-all")) {
997 export_all_trees = 1;
998 continue;
999 }
1000 if (!prefixcmp(arg, "--timeout=")) {
1001 timeout = atoi(arg+10);
1002 continue;
1003 }
1004 if (!prefixcmp(arg, "--init-timeout=")) {
1005 init_timeout = atoi(arg+15);
1006 continue;
1007 }
1008 if (!prefixcmp(arg, "--max-connections=")) {
1009 max_connections = atoi(arg+18);
1010 if (max_connections < 0)
1011 max_connections = 0; /* unlimited */
1012 continue;
1013 }
1014 if (!strcmp(arg, "--strict-paths")) {
1015 strict_paths = 1;
1016 continue;
1017 }
1018 if (!prefixcmp(arg, "--base-path=")) {
1019 base_path = arg+12;
1020 continue;
1021 }
1022 if (!strcmp(arg, "--base-path-relaxed")) {
1023 base_path_relaxed = 1;
1024 continue;
1025 }
1026 if (!prefixcmp(arg, "--interpolated-path=")) {
1027 interpolated_path = arg+20;
1028 continue;
1029 }
1030 if (!strcmp(arg, "--reuseaddr")) {
1031 reuseaddr = 1;
1032 continue;
1033 }
1034 if (!strcmp(arg, "--user-path")) {
1035 user_path = "";
1036 continue;
1037 }
1038 if (!prefixcmp(arg, "--user-path=")) {
1039 user_path = arg + 12;
1040 continue;
1041 }
1042 if (!prefixcmp(arg, "--pid-file=")) {
1043 pid_file = arg + 11;
1044 continue;
1045 }
1046 if (!strcmp(arg, "--detach")) {
1047 detach = 1;
1048 log_syslog = 1;
1049 continue;
1050 }
1051 if (!prefixcmp(arg, "--user=")) {
1052 user_name = arg + 7;
1053 continue;
1054 }
1055 if (!prefixcmp(arg, "--group=")) {
1056 group_name = arg + 8;
1057 continue;
1058 }
1059 if (!prefixcmp(arg, "--enable=")) {
1060 enable_service(arg + 9, 1);
1061 continue;
1062 }
1063 if (!prefixcmp(arg, "--disable=")) {
1064 enable_service(arg + 10, 0);
1065 continue;
1066 }
1067 if (!prefixcmp(arg, "--allow-override=")) {
1068 make_service_overridable(arg + 17, 1);
1069 continue;
1070 }
1071 if (!prefixcmp(arg, "--forbid-override=")) {
1072 make_service_overridable(arg + 18, 0);
1073 continue;
1074 }
1075 if (!strcmp(arg, "--")) {
1076 ok_paths = &argv[i+1];
1077 break;
1078 } else if (arg[0] != '-') {
1079 ok_paths = &argv[i];
1080 break;
1081 }
1082
1083 usage(daemon_usage);
1084 }
1085
1086 if (log_syslog) {
1087 openlog("git-daemon", LOG_PID, LOG_DAEMON);
1088 set_die_routine(daemon_die);
1089 } else
1090 /* avoid splitting a message in the middle */
1091 setvbuf(stderr, NULL, _IOLBF, 0);
1092
1093 if (inetd_mode && (group_name || user_name))
1094 die("--user and --group are incompatible with --inetd");
1095
1096 if (inetd_mode && (listen_port || listen_addr))
1097 die("--listen= and --port= are incompatible with --inetd");
1098 else if (listen_port == 0)
1099 listen_port = DEFAULT_GIT_PORT;
1100
1101 if (group_name && !user_name)
1102 die("--group supplied without --user");
1103
1104 if (user_name) {
1105 pass = getpwnam(user_name);
1106 if (!pass)
1107 die("user not found - %s", user_name);
1108
1109 if (!group_name)
1110 gid = pass->pw_gid;
1111 else {
1112 group = getgrnam(group_name);
1113 if (!group)
1114 die("group not found - %s", group_name);
1115
1116 gid = group->gr_gid;
1117 }
1118 }
1119
1120 if (strict_paths && (!ok_paths || !*ok_paths))
1121 die("option --strict-paths requires a whitelist");
1122
1123 if (base_path && !is_directory(base_path))
1124 die("base-path '%s' does not exist or is not a directory",
1125 base_path);
1126
1127 if (inetd_mode) {
1128 struct sockaddr_storage ss;
1129 struct sockaddr *peer = (struct sockaddr *)&ss;
1130 socklen_t slen = sizeof(ss);
1131
1132 freopen("/dev/null", "w", stderr);
1133
1134 if (getpeername(0, peer, &slen))
1135 peer = NULL;
1136
1137 return execute(peer);
1138 }
1139
1140 if (detach) {
1141 daemonize();
1142 loginfo("Ready to rumble");
1143 }
1144 else
1145 sanitize_stdfds();
1146
1147 if (pid_file)
1148 store_pid(pid_file);
1149
1150 return serve(listen_addr, listen_port, pass, gid);
1151 }
Thomas Rast's git repo