Merge branch 'en/and-cascade-tests'
[gitweb.git] / daemon.c
index 8162f10ffc40523321ae0bd9cda7eb1cf535bfb6..13435b46674a3a7b123597ab11751459173f3325 100644 (file)
--- a/daemon.c
+++ b/daemon.c
@@ -23,10 +23,10 @@ static const char daemon_usage[] =
 "           [--strict-paths] [--base-path=<path>] [--base-path-relaxed]\n"
 "           [--user-path | --user-path=<path>]\n"
 "           [--interpolated-path=<path>]\n"
-"           [--reuseaddr] [--detach] [--pid-file=<file>]\n"
+"           [--reuseaddr] [--pid-file=<file>]\n"
 "           [--(enable|disable|allow-override|forbid-override)=<service>]\n"
 "           [--inetd | [--listen=<host_or_ipaddr>] [--port=<n>]\n"
-"                      [--user=<user> [--group=<group>]]\n"
+"                      [--detach] [--user=<user> [--group=<group>]]\n"
 "           [<directory>...]";
 
 /* List of acceptable pathname prefixes */
@@ -597,7 +597,7 @@ static struct child {
        struct sockaddr_storage address;
 } *firstborn;
 
-static void add_child(struct child_process *cld, struct sockaddr *addr, int addrlen)
+static void add_child(struct child_process *cld, struct sockaddr *addr, socklen_t addrlen)
 {
        struct child *newborn, **cradle;
 
@@ -654,7 +654,7 @@ static void check_dead_children(void)
 }
 
 static char **cld_argv;
-static void handle(int incoming, struct sockaddr *addr, int addrlen)
+static void handle(int incoming, struct sockaddr *addr, socklen_t addrlen)
 {
        struct child_process cld = { 0 };
        char addrbuf[300] = "REMOTE_ADDR=", portbuf[300];
@@ -910,7 +910,7 @@ static int service_loop(struct socketlist *socklist)
                                        struct sockaddr_in6 sai6;
 #endif
                                } ss;
-                               unsigned int sslen = sizeof(ss);
+                               socklen_t sslen = sizeof(ss);
                                int incoming = accept(pfd[i].fd, &ss.sa, &sslen);
                                if (incoming < 0) {
                                        switch (errno) {
@@ -940,6 +940,62 @@ static void sanitize_stdfds(void)
                close(fd);
 }
 
+#ifdef NO_POSIX_GOODIES
+
+struct credentials;
+
+static void drop_privileges(struct credentials *cred)
+{
+       /* nothing */
+}
+
+static void daemonize(void)
+{
+       die("--detach not supported on this platform");
+}
+
+static struct credentials *prepare_credentials(const char *user_name,
+    const char *group_name)
+{
+       die("--user not supported on this platform");
+}
+
+#else
+
+struct credentials {
+       struct passwd *pass;
+       gid_t gid;
+};
+
+static void drop_privileges(struct credentials *cred)
+{
+       if (cred && (initgroups(cred->pass->pw_name, cred->gid) ||
+           setgid (cred->gid) || setuid(cred->pass->pw_uid)))
+               die("cannot drop privileges");
+}
+
+static struct credentials *prepare_credentials(const char *user_name,
+    const char *group_name)
+{
+       static struct credentials c;
+
+       c.pass = getpwnam(user_name);
+       if (!c.pass)
+               die("user not found - %s", user_name);
+
+       if (!group_name)
+               c.gid = c.pass->pw_gid;
+       else {
+               struct group *group = getgrnam(group_name);
+               if (!group)
+                       die("group not found - %s", group_name);
+
+               c.gid = group->gr_gid;
+       }
+
+       return &c;
+}
+
 static void daemonize(void)
 {
        switch (fork()) {
@@ -957,6 +1013,7 @@ static void daemonize(void)
        close(2);
        sanitize_stdfds();
 }
+#endif
 
 static void store_pid(const char *path)
 {
@@ -967,7 +1024,8 @@ static void store_pid(const char *path)
                die_errno("failed to write pid file '%s'", path);
 }
 
-static int serve(struct string_list *listen_addr, int listen_port, struct passwd *pass, gid_t gid)
+static int serve(struct string_list *listen_addr, int listen_port,
+    struct credentials *cred)
 {
        struct socketlist socklist = { NULL, 0, 0 };
 
@@ -976,10 +1034,7 @@ static int serve(struct string_list *listen_addr, int listen_port, struct passwd
                die("unable to allocate any listen sockets on port %u",
                    listen_port);
 
-       if (pass && gid &&
-           (initgroups(pass->pw_name, gid) || setgid (gid) ||
-            setuid(pass->pw_uid)))
-               die("cannot drop privileges");
+       drop_privileges(cred);
 
        return service_loop(&socklist);
 }
@@ -991,9 +1046,7 @@ int main(int argc, char **argv)
        int serve_mode = 0, inetd_mode = 0;
        const char *pid_file = NULL, *user_name = NULL, *group_name = NULL;
        int detach = 0;
-       struct passwd *pass = NULL;
-       struct group *group;
-       gid_t gid = 0;
+       struct credentials *cred = NULL;
        int i;
 
        git_extract_argv0_path(argv[0]);
@@ -1128,8 +1181,8 @@ int main(int argc, char **argv)
                /* avoid splitting a message in the middle */
                setvbuf(stderr, NULL, _IOFBF, 4096);
 
-       if (inetd_mode && (group_name || user_name))
-               die("--user and --group are incompatible with --inetd");
+       if (inetd_mode && (detach || group_name || user_name))
+               die("--detach, --user and --group are incompatible with --inetd");
 
        if (inetd_mode && (listen_port || (listen_addr.nr > 0)))
                die("--listen= and --port= are incompatible with --inetd");
@@ -1139,21 +1192,8 @@ int main(int argc, char **argv)
        if (group_name && !user_name)
                die("--group supplied without --user");
 
-       if (user_name) {
-               pass = getpwnam(user_name);
-               if (!pass)
-                       die("user not found - %s", user_name);
-
-               if (!group_name)
-                       gid = pass->pw_gid;
-               else {
-                       group = getgrnam(group_name);
-                       if (!group)
-                               die("group not found - %s", group_name);
-
-                       gid = group->gr_gid;
-               }
-       }
+       if (user_name)
+               cred = prepare_credentials(user_name, group_name);
 
        if (strict_paths && (!ok_paths || !*ok_paths))
                die("option --strict-paths requires a whitelist");
@@ -1187,5 +1227,5 @@ int main(int argc, char **argv)
        cld_argv[argc] = "--serve";
        cld_argv[argc+1] = NULL;
 
-       return serve(&listen_addr, listen_port, pass, gid);
+       return serve(&listen_addr, listen_port, cred);
 }