#
# A git daemon with an added userv security boundary.
#
-# This reads the first packet-line of the protocol, checks the syntax
-# of the pathname and hostname, then uses userv to invoke the
-# git-upload-pack as the target user with safe arguments.
-#
# This was written by Tony Finch <dot@dotat.at>
# You may do anything with it, at your own risk.
# http://creativecommons.org/publicdomain/zero/1.0/
use Socket;
use Sys::Syslog;
-use lib '/etc/userv';
+use lib '/etc/userv'; # for git-daemon-urlmap.pl
sub ntoa {
my $sockaddr = shift;
my $len_hex = xread 4;
fail "non-hex packet length" unless $len_hex =~ m{^[0-9a-fA-F]{4}$};
my $line = xread hex $len_hex;
-unless ($line =~ m{^git-upload-pack ([!-~]+)\0host=([!-~]+)\0$}) {
+unless ($line =~ m{^(git-[a-z-]+) ([!-~]+)\0host=([!-~]+)\0$}) {
$line =~ s/[^ -~]+/ /g;
fail "could not parse \"$line\""
}
-my ($path,$host) = ($1,$2);
+my ($service,$path,$host) = ($1,$2,3);
$path =~ s|^/||;
$_ = my $uri = "git://$host/$path";
syslog 'info', "$client userv $user git-upload-pack $uri";
my %vars = (
+ REQUEST_SERVICE => $service,
REQUEST_HOST => $host,
REQUEST_PATH => $path,
REQUEST_URI => $uri,
my @opts = map "-D$_=$vars{$_}", grep defined $vars{$_}, sort keys %vars;
no warnings; # suppress errors to stderr
-exec 'userv', @opts, $user, 'git-upload-pack'
- or fail "exec userv @opts $user git-upload-pack: $!";
+exec 'userv', @opts, $user, $service
+ or fail "exec userv @opts $user $service: $!";
# end