~mdw
/
userv-utils
/ blobdiff
commit
grep
author
committer
pickaxe
?
search:
re
summary
|
shortlog
|
log
|
commit
|
commitdiff
|
tree
raw
|
inline
| side by side
git-daemon: tidy up a bit
[userv-utils]
/
git-daemon
/
git-daemon.pl
diff --git
a/git-daemon/git-daemon.pl
b/git-daemon/git-daemon.pl
index
5458c08
..
91dd727
100755
(executable)
--- a/
git-daemon/git-daemon.pl
+++ b/
git-daemon/git-daemon.pl
@@
-2,10
+2,6
@@
#
# A git daemon with an added userv security boundary.
#
#
# A git daemon with an added userv security boundary.
#
-# This reads the first packet-line of the protocol, checks the syntax
-# of the pathname and hostname, then uses userv to invoke the
-# git-upload-pack as the target user with safe arguments.
-#
# This was written by Tony Finch <dot@dotat.at>
# You may do anything with it, at your own risk.
# http://creativecommons.org/publicdomain/zero/1.0/
# This was written by Tony Finch <dot@dotat.at>
# You may do anything with it, at your own risk.
# http://creativecommons.org/publicdomain/zero/1.0/
@@
-17,65
+13,51
@@
use POSIX;
use Socket;
use Sys::Syslog;
use Socket;
use Sys::Syslog;
-use vars qw{ %vhost_default_user %vhost_user_from_tilde
- $TILDE $REPO $HOSTNAME };
-
-use lib '/etc/userv';
-require 'git-daemon-vhosts.pl';
-
-my $peer = getpeername STDIN;
-my ($port,$addr);
-if (defined $peer) {
- ($port,$addr) = sockaddr_in $peer;
+sub ntoa {
+ my $sockaddr = shift;
+ return ('(local)') unless defined $sockaddr;
+ my ($port,$addr) = sockaddr_in $sockaddr;
$addr = inet_ntoa $addr;
$addr = inet_ntoa $addr;
- $peer = "[$addr]:$port";
-} else {
- $peer = "[?.?.?.?]:?";
- undef $!;
+ return ("[$addr]:$port",$addr,$port);
}
}
+our ($client,$client_addr,$client_port) = ntoa getpeername STDIN;
+our ($server,$server_addr,$server_port) = ntoa getsockname STDIN;
+our ($service,$path,$host,$user);
openlog 'userv-git-daemon', 'pid', 'daemon';
openlog 'userv-git-daemon', 'pid', 'daemon';
+sub fail { syslog 'err', "$client @_"; exit }
-sub fail {
- syslog 'err', "$peer @_";
- exit;
-}
+$SIG{ALRM} = sub { fail "timeout" };
+alarm 30;
sub xread {
sub xread {
- my $length = shift;
- my $buffer = "";
- local $SIG{ALRM} = sub { fail "timeout" };
- alarm 30;
- while ($length > length $buffer) {
- my $ret = sysread STDIN, $buffer, $length, length $buffer;
- fail "short read: expected $length bytes, got " . length $buffer
+ my $length = shift; $_ = "";
+ while ($length > length) {
+ my $ret = sysread STDIN, $_, $length, length;
+ fail "Expected $length bytes, got ".length
if defined $ret and $ret == 0;
fail "read: $!" if not defined $ret and $! != EINTR and $! != EAGAIN;
if defined $ret and $ret == 0;
fail "read: $!" if not defined $ret and $! != EINTR and $! != EAGAIN;
- $ret = 0 if not defined $ret;
}
}
- alarm 0;
- return $buffer;
}
}
-
-
my $len_hex = xread 4
;
-
fail "non-hexadecimal packet length" unless $len_hex =~ m{^[0-9a-zA-Z]{4}$}
;
-my $line = xread hex $len_hex;
-
unless ($line =~ m{^git-upload-pack (?:~($TILDE)/)?($REPO[.]git)\0host=($HOSTNAME)\0$}
) {
-
$line =~ s/[^ -~]+/ /
g;
- fail "
could not parse \"$line
\""
+xread 4;
+
fail "Bad hex in packet length" unless m|^[0-9a-fA-F]{4}$|
;
+
xread hex
;
+unless (($service,$path,$host) =
+
m|^(git-[a-z-]+) /*([!-~]+)\0host=([!-~]+)\0$|
) {
+
s|[^ -~]+| |
g;
+ fail "
Could not parse \"$_
\""
}
}
-my ($tilde,$repo,$host) = ($1,$2,$3);
-my $url = $tilde ? "git://$host/~$tilde/$repo" : "git://$host/$repo";
+our $uri = $_ = "git://$host/$path";
+for my $cf (@ARGV) { do $cf }
+
+fail "No user for $uri" unless defined $user;
+syslog 'notice', "$client $service $uri";
-my $user = $vhost_user_from_tilde{$host} ? $tilde : $vhost_default_user{$host};
-fail "no user configuration for $url" unless defined $user;
-syslog 'info', "$peer $user $url";
+my @opts = map "-D$_=${$::{$_}}",
+ grep defined ${$::{$_}} && /^[a-z_]+$/, keys %::;
-my @opts = ("-DHOST=$host", "-DREPO=$repo");
-push @opts, "-DTILDE=$tilde" if defined $tilde;
-push @opts, "-DCLIENT=$addr" if defined $addr;
+my @cmd = ('userv', @opts, $user, $service);
no warnings; # suppress errors to stderr
no warnings; # suppress errors to stderr
-exec 'userv', @opts, $user, 'git-upload-pack'
- or fail "exec userv: $!";
+exec @cmd or fail "exec userv: $!";
# end
# end