summaryrefslogtreecommitdiff
path: root/git-daemon/git-daemon.pl
blob: efb45b121491ea810a8321e65b680aed358d212d (plain) 
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90

#!/usr/bin/perl
#
# A git daemon with an added userv security boundary.
#
# This was written by Tony Finch <dot@dotat.at>
# You may do anything with it, at your own risk.
# http://creativecommons.org/publicdomain/zero/1.0/

use strict;
use warnings;

use POSIX;
use Socket;
use Sys::Syslog;

sub ntoa {
    my $sockaddr = shift;
    if (defined $sockaddr) {
        my ($port,$addr) = sockaddr_in $sockaddr;
        $addr = inet_ntoa $addr;
        return ($addr,$port,"[$addr]:$port");
    } else {
        return (undef,undef,"[?.?.?.?]:?");
    }
}

my ($client_addr,$client_port,$client) = ntoa getpeername STDIN;
my ($server_addr,$server_port,$server) = ntoa getsockname STDIN;

openlog 'userv-git-daemon', 'pid', 'daemon';

sub fail {
    syslog 'err', "$client @_";
    exit;
}

sub xread {
    my $length = shift;
    my $buffer = "";
    local $SIG{ALRM} = sub { fail "timeout" };
    alarm 30;
    while ($length > length $buffer) {
        my $ret = sysread STDIN, $buffer, $length, length $buffer;
        fail "short read: expected $length bytes, got " . length $buffer
                            if defined $ret and $ret == 0;
        fail "read: $!" if not defined $ret and $! != EINTR and $! != EAGAIN;
        $ret = 0        if not defined $ret;
    }
    alarm 0;
    return $buffer;
}

my $len_hex = xread 4;
fail "non-hex packet length" unless $len_hex =~ m{^[0-9a-fA-F]{4}$};
my $line = xread hex $len_hex;
unless ($line =~ m{^(git-[a-z-]+) ([!-~]+)\0host=([!-~]+)\0$}) {
    $line =~ s/[^ -~]+/ /g;
    fail "could not parse \"$line\""
}
my ($service,$path,$host) = ($1,$2,3);
$path =~ s|^/*||;
my $uri = $_ = "git://$host/$path";

my $user;
for my $cf (@ARGV) {
    my ($r,$u) = do $cf;
    $user = $u if defined $u;
}
fail "no user configured for $uri" unless defined $user;
syslog 'info', "$client userv $user $service $uri";

my %vars = (
    REQUEST_SERVICE => $service,
    REQUEST_HOST => $host,
    REQUEST_PATH => $path,
    REQUEST_URI => $uri,
    CLIENT => $client,
    CLIENT_ADDR => $client_addr,
    CLIENT_PORT => $client_port,
    SERVER => $server,
    SERVER_ADDR => $server_addr,
    SERVER_PORT => $server_port,
);
my @opts = map "-D$_=$vars{$_}", grep defined $vars{$_}, sort keys %vars;

no warnings; # suppress errors to stderr
exec 'userv', @opts, $user, $service
    or fail "exec userv @opts $user $service: $!";

# end
generated by cgit v1.2.3 (git 2.39.1) at 2024-06-02 10:08:30 +0000