Commit | Line | Data |
---|---|---|
d2707bea TF |
1 | #!/usr/bin/perl |
2 | # | |
fbde0914 | 3 | # A git daemon with an added userv security boundary. |
d2707bea TF |
4 | # |
5 | # This reads the first packet-line of the protocol, checks the syntax | |
fbde0914 TF |
6 | # of the pathname and hostname, then uses userv to invoke the |
7 | # git-upload-pack as the target user with safe arguments. | |
d2707bea TF |
8 | # |
9 | # This was written by Tony Finch <dot@dotat.at> | |
10 | # You may do anything with it, at your own risk. | |
11 | # http://creativecommons.org/publicdomain/zero/1.0/ | |
12 | ||
13 | use strict; | |
14 | use warnings; | |
15 | ||
16 | use POSIX; | |
fbde0914 TF |
17 | use Socket; |
18 | use Sys::Syslog; | |
d2707bea | 19 | |
b8db4eb5 TF |
20 | use vars qw{ $TILDE $REPO $HOSTNAME |
21 | %vhost_default_user %vhost_tilde_is_user %vhost_tilde_forbidden }; | |
fbde0914 TF |
22 | |
23 | use lib '/etc/userv'; | |
24 | require 'git-daemon-vhosts.pl'; | |
25 | ||
26 | my $peer = getpeername STDIN; | |
27 | my ($port,$addr); | |
28 | if (defined $peer) { | |
29 | ($port,$addr) = sockaddr_in $peer; | |
30 | $addr = inet_ntoa $addr; | |
31 | $peer = "[$addr]:$port"; | |
32 | } else { | |
33 | $peer = "[?.?.?.?]:?"; | |
34 | undef $!; | |
35 | } | |
36 | ||
37 | openlog 'userv-git-daemon', 'pid', 'daemon'; | |
38 | ||
39 | sub fail { | |
40 | syslog 'err', "$peer @_"; | |
41 | exit; | |
42 | } | |
d2707bea TF |
43 | |
44 | sub xread { | |
45 | my $length = shift; | |
46 | my $buffer = ""; | |
f14a8627 | 47 | local $SIG{ALRM} = sub { fail "timeout" }; |
fbde0914 | 48 | alarm 30; |
d2707bea | 49 | while ($length > length $buffer) { |
abb80356 TF |
50 | my $ret = sysread STDIN, $buffer, $length, length $buffer; |
51 | fail "short read: expected $length bytes, got " . length $buffer | |
52 | if defined $ret and $ret == 0; | |
53 | fail "read: $!" if not defined $ret and $! != EINTR and $! != EAGAIN; | |
54 | $ret = 0 if not defined $ret; | |
d2707bea | 55 | } |
fbde0914 | 56 | alarm 0; |
d2707bea TF |
57 | return $buffer; |
58 | } | |
59 | ||
60 | my $len_hex = xread 4; | |
fbde0914 | 61 | fail "non-hexadecimal packet length" unless $len_hex =~ m{^[0-9a-zA-Z]{4}$}; |
f14a8627 | 62 | my $line = xread hex $len_hex; |
fbde0914 TF |
63 | unless ($line =~ m{^git-upload-pack (?:~($TILDE)/)?($REPO[.]git)\0host=($HOSTNAME)\0$}) { |
64 | $line =~ s/[^ -~]+/ /g; | |
65 | fail "could not parse \"$line\"" | |
66 | } | |
67 | my ($tilde,$repo,$host) = ($1,$2,$3); | |
68 | my $url = $tilde ? "git://$host/~$tilde/$repo" : "git://$host/$repo"; | |
69 | ||
b8db4eb5 TF |
70 | fail "tilde forbidden for $url" if defined $tilde and $vhost_tilde_forbidden{$host}; |
71 | my $user = $vhost_tilde_is_user{$host} ? $tilde : $vhost_default_user{$host}; | |
72 | fail "no user configured for $url" unless defined $user; | |
fbde0914 TF |
73 | syslog 'info', "$peer $user $url"; |
74 | ||
11b88dbb | 75 | my @opts = ("-DHOST=$host", "-DREPO=$repo"); |
fbde0914 | 76 | push @opts, "-DTILDE=$tilde" if defined $tilde; |
11b88dbb TF |
77 | push @opts, "-DCLIENT=$addr" if defined $addr; |
78 | no warnings; # suppress errors to stderr | |
fbde0914 TF |
79 | exec 'userv', @opts, $user, 'git-upload-pack' |
80 | or fail "exec userv: $!"; | |
81 | ||
82 | # end |