#
# A git daemon with an added userv security boundary.
#
-# This reads the first packet-line of the protocol, checks the syntax
-# of the pathname and hostname, then uses userv to invoke the
-# git-upload-pack as the target user with safe arguments.
-#
# This was written by Tony Finch <dot@dotat.at>
# You may do anything with it, at your own risk.
# http://creativecommons.org/publicdomain/zero/1.0/
use Socket;
use Sys::Syslog;
-use lib '/etc/userv';
-
sub ntoa {
my $sockaddr = shift;
if (defined $sockaddr) {
fail "could not parse \"$line\""
}
my ($service,$path,$host) = ($1,$2,3);
-$path =~ s|^/||;
-$_ = my $uri = "git://$host/$path";
+$path =~ s|^/*||;
+my $uri = $_ = "git://$host/$path";
-my ($user,$repo) = do "git-daemon-urlmap.pl";
+my $user;
+for my $cf (@ARGV) {
+ my ($r,$u) = do $cf;
+ $user = $u if defined $u;
+}
fail "no user configured for $uri" unless defined $user;
-syslog 'info', "$client userv $user git-upload-pack $uri";
+syslog 'info', "$client userv $user $service $uri";
my %vars = (
REQUEST_SERVICE => $service,
REQUEST_HOST => $host,
REQUEST_PATH => $path,
REQUEST_URI => $uri,
+ CLIENT => $client,
CLIENT_ADDR => $client_addr,
CLIENT_PORT => $client_port,
+ SERVER => $server,
SERVER_ADDR => $server_addr,
SERVER_PORT => $server_port,
);