3 # A git daemon with an added userv security boundary.
5 # This was written by Tony Finch <dot@dotat.at>
6 # You may do anything with it, at your own risk.
7 # http://creativecommons.org/publicdomain/zero/1.0/
16 use lib '/etc/userv'; # for git-daemon-urlmap.pl
20 if (defined $sockaddr) {
21 my ($port,$addr) = sockaddr_in $sockaddr;
22 $addr = inet_ntoa $addr;
23 return ($addr,$port,"[$addr]:$port");
25 return (undef,undef,"[?.?.?.?]:?");
29 my ($client_addr,$client_port,$client) = ntoa getpeername STDIN;
30 my ($server_addr,$server_port,$server) = ntoa getsockname STDIN;
32 openlog 'userv-git-daemon', 'pid', 'daemon';
35 syslog 'err', "$client @_";
42 local $SIG{ALRM} = sub { fail "timeout" };
44 while ($length > length $buffer) {
45 my $ret = sysread STDIN, $buffer, $length, length $buffer;
46 fail "short read: expected $length bytes, got " . length $buffer
47 if defined $ret and $ret == 0;
48 fail "read: $!" if not defined $ret and $! != EINTR and $! != EAGAIN;
49 $ret = 0 if not defined $ret;
55 my $len_hex = xread 4;
56 fail "non-hex packet length" unless $len_hex =~ m{^[0-9a-fA-F]{4}$};
57 my $line = xread hex $len_hex;
58 unless ($line =~ m{^(git-[a-z-]+) ([!-~]+)\0host=([!-~]+)\0$}) {
59 $line =~ s/[^ -~]+/ /g;
60 fail "could not parse \"$line\""
62 my ($service,$path,$host) = ($1,$2,3);
64 $_ = my $uri = "git://$host/$path";
66 my ($user,$repo) = do "git-daemon-urlmap.pl";
67 fail "no user configured for $uri" unless defined $user;
68 syslog 'info', "$client userv $user git-upload-pack $uri";
71 REQUEST_SERVICE => $service,
72 REQUEST_HOST => $host,
73 REQUEST_PATH => $path,
75 CLIENT_ADDR => $client_addr,
76 CLIENT_PORT => $client_port,
77 SERVER_ADDR => $server_addr,
78 SERVER_PORT => $server_port,
80 my @opts = map "-D$_=$vars{$_}", grep defined $vars{$_}, sort keys %vars;
82 no warnings; # suppress errors to stderr
83 exec 'userv', @opts, $user, $service
84 or fail "exec userv @opts $user $service: $!";