3 # A git daemon with an added userv security boundary.
5 # This was written by Tony Finch <dot@dotat.at>
6 # You may do anything with it, at your own risk.
7 # http://creativecommons.org/publicdomain/zero/1.0/
18 return ('[?.?.?.?]:?') unless defined $sockaddr;
19 my ($port,$addr) = sockaddr_in $sockaddr;
20 $addr = inet_ntoa $addr;
21 return ("[$addr]:$port",$addr,$port);
23 our ($client,$client_addr,$client_port) = ::ntoa(getpeername(STDIN));
24 our ($server,$server_addr,$server_port) = ::ntoa(getsockname(STDIN));
25 our ($service,$path,$host,$uri,$user);
27 openlog 'userv-git-daemon', 'pid', 'daemon';
28 sub fail { syslog 'err', "$client @_"; exit }
33 local $SIG{ALRM} = sub { fail "timeout" };
35 while ($length > length $buffer) {
36 my $ret = sysread STDIN, $buffer, $length, length $buffer;
37 fail "short read: expected $length bytes, got " . length $buffer
38 if defined $ret and $ret == 0;
39 fail "read: $!" if not defined $ret and $! != EINTR and $! != EAGAIN;
45 my $len_hex = xread 4;
46 fail "non-hex packet length" unless $len_hex =~ m{^[0-9a-fA-F]{4}$};
47 my $line = xread hex $len_hex;
48 if ($line !~ m{^(git-[a-z-]+) /*([!-~]+)\0host=([!-~]+)\0$}) {
49 $line =~ s|[^ -~]+| |g;
50 fail "could not parse \"$line\""
52 ($service,$path,$host) = ($1,$2,$3);
53 $_ = $uri = "git://$host/$path";
54 for my $cf (@ARGV) { do $cf }
56 fail "no user configured for $uri" unless defined $user;
57 syslog 'info', "$client $service $uri";
59 my @opts = map "-D$_=${$main::{$_}}",
60 grep defined ${$main::{$_}} && /^[a-z]+$/,
63 my @cmd = ('userv', @opts, $user, $service);
64 no warnings; # suppress errors to stderr
65 exec @cmd or fail "exec @cmd: $!";