3 # A very simple userv git-daemon wrapper.
5 # This reads the first packet-line of the protocol, checks the syntax
6 # of the user, pathname, and hostname, then uses userv to invoke the
7 # real git daemon as the target user with safe arguments.
9 # This was written by Tony Finch <dot@dotat.at>
10 # You may do anything with it, at your own risk.
11 # http://creativecommons.org/publicdomain/zero/1.0/
18 my $USER = qr{[0-9a-z]+};
19 my $PATH = qr{[-+,._/0-9A-Za-z]+};
20 my $HOST = qr{[-.0-9A-Za-z]+};
26 while ($length > length $buffer) {
28 my $ret = sysread STDIN
, $data, $len
29 while not defined $ret and ($! == EINTR
or $! == EAGAIN
);
30 die "read" unless defined $ret;
31 die "short read: expected $length bytes, got $count\n" if $ret == 0;
38 my $len_hex = xread
4;
39 die "bad packet length" unless $len_hex =~ m{^[0-9a-zA-Z]{4}$};
42 my $line = xread
$len;
43 $line =~ m{^git-upload-pack ~($USER)/($PATH[.]git)\0host=($HOST)\0$};
44 my ($user,$path,$host) = ($1,$2,$3);
46 # child's output will go directly to inetd
47 open CHILD
, '-|', 'userv', $user,
48 qw(git daemon
--inetd
--strict
-paths
49 --user
-path
=public
-git
--forbid
-override
=receive
-pack)
50 or die "open pipe to userv: $!\n";
52 # proxy command line to child
53 syswrite CHILD
, $len_hex.$line
54 or die "write to userv: $!\n";
56 # relay stdin to child
57 open STDOUT
, ">&CHILD"