#include "cache.h"
#include "pkt-line.h"
#include "exec_cmd.h"
-#include "interpolate.h"
+#include "run-command.h"
+#include "strbuf.h"
#include <syslog.h>
static unsigned int timeout;
static unsigned int init_timeout;
-/*
- * Static table for now. Ugh.
- * Feel free to make dynamic as needed.
- */
-#define INTERP_SLOT_HOST (0)
-#define INTERP_SLOT_CANON_HOST (1)
-#define INTERP_SLOT_IP (2)
-#define INTERP_SLOT_PORT (3)
-#define INTERP_SLOT_DIR (4)
-#define INTERP_SLOT_PERCENT (5)
-
-static struct interp interp_table[] = {
- { "%H", 0},
- { "%CH", 0},
- { "%IP", 0},
- { "%P", 0},
- { "%D", 0},
- { "%%", 0},
-};
-
+static char *hostname;
+static char *canon_hostname;
+static char *ip_address;
+static char *tcp_port;
static void logreport(int priority, const char *err, va_list params)
{
}
}
+__attribute__((format (printf, 1, 2)))
static void logerror(const char *err, ...)
{
va_list params;
va_end(params);
}
+__attribute__((format (printf, 1, 2)))
static void loginfo(const char *err, ...)
{
va_list params;
exit(1);
}
-static int avoid_alias(char *p)
-{
- int sl, ndot;
-
- /*
- * This resurrects the belts and suspenders paranoia check by HPA
- * done in <435560F7.4080006@zytor.com> thread, now enter_repo()
- * does not do getcwd() based path canonicalizations.
- *
- * sl becomes true immediately after seeing '/' and continues to
- * be true as long as dots continue after that without intervening
- * non-dot character.
- */
- if (!p || (*p != '/' && *p != '~'))
- return -1;
- sl = 1; ndot = 0;
- p++;
-
- while (1) {
- char ch = *p++;
- if (sl) {
- if (ch == '.')
- ndot++;
- else if (ch == '/') {
- if (ndot < 3)
- /* reject //, /./ and /../ */
- return -1;
- ndot = 0;
- }
- else if (ch == 0) {
- if (0 < ndot && ndot < 3)
- /* reject /.$ and /..$ */
- return -1;
- return 0;
- }
- else
- sl = ndot = 0;
- }
- else if (ch == 0)
- return 0;
- else if (ch == '/') {
- sl = 1;
- ndot = 0;
- }
- }
-}
-
-static char *path_ok(struct interp *itable)
+static char *path_ok(char *directory)
{
static char rpath[PATH_MAX];
static char interp_path[PATH_MAX];
- int retried_path = 0;
char *path;
char *dir;
- dir = itable[INTERP_SLOT_DIR].value;
+ dir = directory;
- if (avoid_alias(dir)) {
+ if (daemon_avoid_alias(dir)) {
logerror("'%s': aliased", dir);
return NULL;
}
}
}
else if (interpolated_path && saw_extended_args) {
+ struct strbuf expanded_path = STRBUF_INIT;
+ struct strbuf_expand_dict_entry dict[] = {
+ { "H", hostname },
+ { "CH", canon_hostname },
+ { "IP", ip_address },
+ { "P", tcp_port },
+ { "D", directory },
+ { "%", "%" },
+ { NULL }
+ };
+
if (*dir != '/') {
/* Allow only absolute */
logerror("'%s': Non-absolute path denied (interpolated-path active)", dir);
return NULL;
}
- interpolate(interp_path, PATH_MAX, interpolated_path,
- interp_table, ARRAY_SIZE(interp_table));
+ strbuf_expand(&expanded_path, interpolated_path,
+ strbuf_expand_dict_cb, &dict);
+ strlcpy(interp_path, expanded_path.buf, PATH_MAX);
+ strbuf_release(&expanded_path);
loginfo("Interpolated dir '%s'", interp_path);
dir = interp_path;
dir = rpath;
}
- do {
- path = enter_repo(dir, strict_paths);
- if (path)
- break;
-
+ path = enter_repo(dir, strict_paths);
+ if (!path && base_path && base_path_relaxed) {
/*
* if we fail and base_path_relaxed is enabled, try without
* prefixing the base path
*/
- if (base_path && base_path_relaxed && !retried_path) {
- dir = itable[INTERP_SLOT_DIR].value;
- retried_path = 1;
- continue;
- }
- break;
- } while (1);
+ dir = directory;
+ path = enter_repo(dir, strict_paths);
+ }
if (!path) {
- logerror("'%s': unable to chdir or not a git archive", dir);
+ logerror("'%s' does not appear to be a git repository", dir);
return NULL;
}
return 0;
}
-static int run_service(struct interp *itable, struct daemon_service *service)
+static int run_service(char *dir, struct daemon_service *service)
{
const char *path;
int enabled = service->enabled;
- loginfo("Request %s for '%s'",
- service->name,
- itable[INTERP_SLOT_DIR].value);
+ loginfo("Request %s for '%s'", service->name, dir);
if (!enabled && !service->overridable) {
logerror("'%s': service not enabled.", service->name);
return -1;
}
- if (!(path = path_ok(itable)))
+ if (!(path = path_ok(dir)))
return -1;
/*
return service->fn();
}
+static void copy_to_log(int fd)
+{
+ struct strbuf line = STRBUF_INIT;
+ FILE *fp;
+
+ fp = fdopen(fd, "r");
+ if (fp == NULL) {
+ logerror("fdopen of error channel failed");
+ close(fd);
+ return;
+ }
+
+ while (strbuf_getline(&line, fp, '\n') != EOF) {
+ logerror("%s", line.buf);
+ strbuf_setlen(&line, 0);
+ }
+
+ strbuf_release(&line);
+ fclose(fp);
+}
+
+static int run_service_command(const char **argv)
+{
+ struct child_process cld;
+
+ memset(&cld, 0, sizeof(cld));
+ cld.argv = argv;
+ cld.git_cmd = 1;
+ cld.err = -1;
+ if (start_command(&cld))
+ return -1;
+
+ close(0);
+ close(1);
+
+ copy_to_log(cld.err);
+
+ return finish_command(&cld);
+}
+
static int upload_pack(void)
{
/* Timeout as string */
char timeout_buf[64];
+ const char *argv[] = { "upload-pack", "--strict", timeout_buf, ".", NULL };
snprintf(timeout_buf, sizeof timeout_buf, "--timeout=%u", timeout);
-
- /* git-upload-pack only ever reads stuff, so this is safe */
- execl_git_cmd("upload-pack", "--strict", timeout_buf, ".", NULL);
- return -1;
+ return run_service_command(argv);
}
static int upload_archive(void)
{
- execl_git_cmd("upload-archive", ".", NULL);
- return -1;
+ static const char *argv[] = { "upload-archive", ".", NULL };
+ return run_service_command(argv);
}
static int receive_pack(void)
{
- execl_git_cmd("receive-pack", ".", NULL);
- return -1;
+ static const char *argv[] = { "receive-pack", ".", NULL };
+ return run_service_command(argv);
}
static struct daemon_service daemon_service[] = {
die("No such service %s", name);
}
+static char *xstrdup_tolower(const char *str)
+{
+ char *p, *dup = xstrdup(str);
+ for (p = dup; *p; p++)
+ *p = tolower(*p);
+ return dup;
+}
+
/*
- * Separate the "extra args" information as supplied by the client connection.
- * Any resulting data is squirreled away in the given interpolation table.
+ * Read the host as supplied by the client connection.
*/
-static void parse_extra_args(struct interp *table, char *extra_args, int buflen)
+static void parse_host_arg(char *extra_args, int buflen)
{
char *val;
int vallen;
char *end = extra_args + buflen;
- while (extra_args < end && *extra_args) {
+ if (extra_args < end && *extra_args) {
saw_extended_args = 1;
if (strncasecmp("host=", extra_args, 5) == 0) {
val = extra_args + 5;
if (port) {
*port = 0;
port++;
- interp_set_entry(table, INTERP_SLOT_PORT, port);
+ free(tcp_port);
+ tcp_port = xstrdup(port);
}
- interp_set_entry(table, INTERP_SLOT_HOST, host);
+ free(hostname);
+ hostname = xstrdup_tolower(host);
}
/* On to the next one */
extra_args = val + vallen;
}
+ if (extra_args < end && *extra_args)
+ die("Invalid request");
}
-}
-
-static void fill_in_extra_table_entries(struct interp *itable)
-{
- char *hp;
-
- /*
- * Replace literal host with lowercase-ized hostname.
- */
- hp = interp_table[INTERP_SLOT_HOST].value;
- if (!hp)
- return;
- for ( ; *hp; hp++)
- *hp = tolower(*hp);
/*
* Locate canonical hostname and its IP address.
*/
+ if (hostname) {
#ifndef NO_IPV6
- {
struct addrinfo hints;
- struct addrinfo *ai, *ai0;
+ struct addrinfo *ai;
int gai;
static char addrbuf[HOST_NAME_MAX + 1];
memset(&hints, 0, sizeof(hints));
hints.ai_flags = AI_CANONNAME;
- gai = getaddrinfo(interp_table[INTERP_SLOT_HOST].value, 0, &hints, &ai0);
+ gai = getaddrinfo(hostname, NULL, &hints, &ai);
if (!gai) {
- for (ai = ai0; ai; ai = ai->ai_next) {
- struct sockaddr_in *sin_addr = (void *)ai->ai_addr;
-
- inet_ntop(AF_INET, &sin_addr->sin_addr,
- addrbuf, sizeof(addrbuf));
- interp_set_entry(interp_table,
- INTERP_SLOT_CANON_HOST, ai->ai_canonname);
- interp_set_entry(interp_table,
- INTERP_SLOT_IP, addrbuf);
- break;
- }
- freeaddrinfo(ai0);
+ struct sockaddr_in *sin_addr = (void *)ai->ai_addr;
+
+ inet_ntop(AF_INET, &sin_addr->sin_addr,
+ addrbuf, sizeof(addrbuf));
+ free(ip_address);
+ ip_address = xstrdup(addrbuf);
+
+ free(canon_hostname);
+ canon_hostname = xstrdup(ai->ai_canonname ?
+ ai->ai_canonname : ip_address);
+
+ freeaddrinfo(ai);
}
- }
#else
- {
struct hostent *hent;
struct sockaddr_in sa;
char **ap;
static char addrbuf[HOST_NAME_MAX + 1];
- hent = gethostbyname(interp_table[INTERP_SLOT_HOST].value);
+ hent = gethostbyname(hostname);
ap = hent->h_addr_list;
memset(&sa, 0, sizeof sa);
inet_ntop(hent->h_addrtype, &sa.sin_addr,
addrbuf, sizeof(addrbuf));
- interp_set_entry(interp_table, INTERP_SLOT_CANON_HOST, hent->h_name);
- interp_set_entry(interp_table, INTERP_SLOT_IP, addrbuf);
- }
+ free(canon_hostname);
+ canon_hostname = xstrdup(hent->h_name);
+ free(ip_address);
+ ip_address = xstrdup(addrbuf);
#endif
+ }
}
#endif
}
loginfo("Connection from %s:%d", addrbuf, port);
+ setenv("REMOTE_ADDR", addrbuf, 1);
+ }
+ else {
+ unsetenv("REMOTE_ADDR");
}
alarm(init_timeout ? init_timeout : timeout);
pktlen--;
}
- /*
- * Initialize the path interpolation table for this connection.
- */
- interp_clear_table(interp_table, ARRAY_SIZE(interp_table));
- interp_set_entry(interp_table, INTERP_SLOT_PERCENT, "%");
+ free(hostname);
+ free(canon_hostname);
+ free(ip_address);
+ free(tcp_port);
+ hostname = canon_hostname = ip_address = tcp_port = NULL;
- if (len != pktlen) {
- parse_extra_args(interp_table, line + len + 1, pktlen - len - 1);
- fill_in_extra_table_entries(interp_table);
- }
+ if (len != pktlen)
+ parse_host_arg(line + len + 1, pktlen - len - 1);
for (i = 0; i < ARRAY_SIZE(daemon_service); i++) {
struct daemon_service *s = &(daemon_service[i]);
* Note: The directory here is probably context sensitive,
* and might depend on the actual service being performed.
*/
- interp_set_entry(interp_table,
- INTERP_SLOT_DIR, line + namelen + 5);
- return run_service(interp_table, s);
+ return run_service(line + namelen + 5, s);
}
}
gai = getaddrinfo(listen_addr, pbuf, &hints, &ai0);
if (gai)
- die("getaddrinfo() failed: %s\n", gai_strerror(gai));
+ die("getaddrinfo() failed: %s", gai_strerror(gai));
for (ai = ai0; ai; ai = ai->ai_next) {
int sockfd;
case ECONNABORTED:
continue;
default:
- die("accept returned %s", strerror(errno));
+ die_errno("accept returned");
}
}
handle(incoming, (struct sockaddr *)&ss, sslen);
while (fd != -1 && fd < 2)
fd = dup(fd);
if (fd == -1)
- die("open /dev/null or dup failed: %s", strerror(errno));
+ die_errno("open /dev/null or dup failed");
if (fd > 2)
close(fd);
}
case 0:
break;
case -1:
- die("fork failed: %s", strerror(errno));
+ die_errno("fork failed");
default:
exit(0);
}
if (setsid() == -1)
- die("setsid failed: %s", strerror(errno));
+ die_errno("setsid failed");
close(0);
close(1);
close(2);
{
FILE *f = fopen(path, "w");
if (!f)
- die("cannot open pid file %s: %s", path, strerror(errno));
+ die_errno("cannot open pid file '%s'", path);
if (fprintf(f, "%"PRIuMAX"\n", (uintmax_t) getpid()) < 0 || fclose(f) != 0)
- die("failed to write pid file %s: %s", path, strerror(errno));
+ die_errno("failed to write pid file '%s'", path);
}
static int serve(char *listen_addr, int listen_port, struct passwd *pass, gid_t gid)
gid_t gid = 0;
int i;
+ git_extract_argv0_path(argv[0]);
+
for (i = 1; i < argc; i++) {
char *arg = argv[i];
if (!prefixcmp(arg, "--listen=")) {
- char *p = arg + 9;
- char *ph = listen_addr = xmalloc(strlen(arg + 9) + 1);
- while (*p)
- *ph++ = tolower(*p++);
- *ph = 0;
- continue;
+ listen_addr = xstrdup_tolower(arg + 9);
+ continue;
}
if (!prefixcmp(arg, "--port=")) {
char *end;
struct sockaddr *peer = (struct sockaddr *)&ss;
socklen_t slen = sizeof(ss);
- freopen("/dev/null", "w", stderr);
+ if (!freopen("/dev/null", "w", stderr))
+ die_errno("failed to redirect stderr to /dev/null");
if (getpeername(0, peer, &slen))
peer = NULL;