1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
|
#!/usr/bin/perl
#
# A very simple userv git-daemon wrapper.
#
# This reads the first packet-line of the protocol, checks the syntax
# of the user, pathname, and hostname, then uses userv to invoke the
# real git daemon as the target user with safe arguments.
#
# This was written by Tony Finch <dot@dotat.at>
# You may do anything with it, at your own risk.
# http://creativecommons.org/publicdomain/zero/1.0/
use strict;
use warnings;
use POSIX;
my $USER = qr{[0-9a-z]+};
my $PATH = qr{[-+,._/0-9A-Za-z]+};
my $HOST = qr{[-.0-9A-Za-z]+};
sub xread {
my $length = shift;
my $buffer = "";
my $count = 0;
while ($length > length $buffer) {
my $data;
my $ret = sysread STDIN, $data, $len
while not defined $ret and ($! == EINTR or $! == EAGAIN);
die "read" unless defined $ret;
die "short read: expected $length bytes, got $count\n" if $ret == 0;
$buffer .= $data;
$count += $ret;
}
return $buffer;
}
my $len_hex = xread 4;
die "bad packet length" unless $len_hex =~ m{^[0-9a-zA-Z]{4}$};
my $len = hex $len;
my $line = xread $len;
$line =~ m{^git-upload-pack ~($USER)/($PATH[.]git)\0host=($HOST)\0$};
my ($user,$path,$host) = ($1,$2,$3);
# child's output will go directly to inetd
open CHILD, '-|', 'userv', $user,
qw(git daemon --inetd --strict-paths
--user-path=public-git --forbid-override=receive-pack)
or die "open pipe to userv: $!\n";
# proxy command line to child
syswrite CHILD, $len_hex.$line
or die "write to userv: $!\n";
# relay stdin to child
open STDOUT, ">&CHILD"
or die "dup: $!\n";
exec 'cat'
or die "exec: $!\n";
die
|