~mdw / userv-utils / blame
| Commit | Line | Data |
|---|---|---|
| d2707bea TF |
1 | #!/usr/bin/perl |
| 2 | # | |
| fbde0914 | 3 | # A git daemon with an added userv security boundary. |
| d2707bea | 4 | # |
| d2707bea TF |
5 | # This was written by Tony Finch <dot@dotat.at> |
| 6 | # You may do anything with it, at your own risk. | |
| 7 | # http://creativecommons.org/publicdomain/zero/1.0/ | |
| 8 | ||
| 9 | use strict; | |
| 10 | use warnings; | |
| 11 | ||
| 12 | use POSIX; | |
| fbde0914 TF |
13 | use Socket; |
| 14 | use Sys::Syslog; | |
| d2707bea | 15 | |
| 6fe98f4a TF |
16 | sub ntoa { |
| 17 | my $sockaddr = shift; | |
| 18 | if (defined $sockaddr) { | |
| 19 | my ($port,$addr) = sockaddr_in $sockaddr; | |
| 20 | $addr = inet_ntoa $addr; | |
| 21 | return ($addr,$port,"[$addr]:$port"); | |
| 22 | } else { | |
| 23 | return (undef,undef,"[?.?.?.?]:?"); | |
| 24 | } | |
| fbde0914 TF |
25 | } |
| 26 | ||
| 6fe98f4a TF |
27 | my ($client_addr,$client_port,$client) = ntoa getpeername STDIN; |
| 28 | my ($server_addr,$server_port,$server) = ntoa getsockname STDIN; | |
| 29 | ||
| fbde0914 TF |
30 | openlog 'userv-git-daemon', 'pid', 'daemon'; |
| 31 | ||
| 32 | sub fail { | |
| 6fe98f4a | 33 | syslog 'err', "$client @_"; |
| fbde0914 TF |
34 | exit; |
| 35 | } | |
| d2707bea TF |
36 | |
| 37 | sub xread { | |
| 38 | my $length = shift; | |
| 39 | my $buffer = ""; | |
| f14a8627 | 40 | local $SIG{ALRM} = sub { fail "timeout" }; |
| fbde0914 | 41 | alarm 30; |
| d2707bea | 42 | while ($length > length $buffer) { |
| abb80356 TF |
43 | my $ret = sysread STDIN, $buffer, $length, length $buffer; |
| 44 | fail "short read: expected $length bytes, got " . length $buffer | |
| 45 | if defined $ret and $ret == 0; | |
| 46 | fail "read: $!" if not defined $ret and $! != EINTR and $! != EAGAIN; | |
| 47 | $ret = 0 if not defined $ret; | |
| d2707bea | 48 | } |
| fbde0914 | 49 | alarm 0; |
| d2707bea TF |
50 | return $buffer; |
| 51 | } | |
| 52 | ||
| 53 | my $len_hex = xread 4; | |
| 6fe98f4a | 54 | fail "non-hex packet length" unless $len_hex =~ m{^[0-9a-fA-F]{4}$}; |
| f14a8627 | 55 | my $line = xread hex $len_hex; |
| 11f72b3f | 56 | unless ($line =~ m{^(git-[a-z-]+) ([!-~]+)\0host=([!-~]+)\0$}) { |
| fbde0914 TF |
57 | $line =~ s/[^ -~]+/ /g; |
| 58 | fail "could not parse \"$line\"" | |
| 59 | } | |
| 11f72b3f | 60 | my ($service,$path,$host) = ($1,$2,3); |
| 08e30b5e TF |
61 | $path =~ s|^/*||; |
| 62 | my $uri = $_ = "git://$host/$path"; | |
| 6fe98f4a | 63 | |
| 08e30b5e TF |
64 | my $user; |
| 65 | for my $cf (@ARGV) { | |
| 66 | my ($r,$u) = do $cf; | |
| 67 | $user = $u if defined $u; | |
| 68 | } | |
| 6fe98f4a | 69 | fail "no user configured for $uri" unless defined $user; |
| 08e30b5e | 70 | syslog 'info', "$client userv $user $service $uri"; |
| fbde0914 | 71 | |
| 6fe98f4a | 72 | my %vars = ( |
| 11f72b3f | 73 | REQUEST_SERVICE => $service, |
| 6fe98f4a TF |
74 | REQUEST_HOST => $host, |
| 75 | REQUEST_PATH => $path, | |
| 76 | REQUEST_URI => $uri, | |
| 08e30b5e | 77 | CLIENT => $client, |
| 6fe98f4a TF |
78 | CLIENT_ADDR => $client_addr, |
| 79 | CLIENT_PORT => $client_port, | |
| 08e30b5e | 80 | SERVER => $server, |
| 6fe98f4a TF |
81 | SERVER_ADDR => $server_addr, |
| 82 | SERVER_PORT => $server_port, | |
| 83 | ); | |
| 84 | my @opts = map "-D$_=$vars{$_}", grep defined $vars{$_}, sort keys %vars; | |
| fbde0914 | 85 | |
| 11b88dbb | 86 | no warnings; # suppress errors to stderr |
| 11f72b3f TF |
87 | exec 'userv', @opts, $user, $service |
| 88 | or fail "exec userv @opts $user $service: $!"; | |
| fbde0914 TF |
89 | |
| 90 | # end |