]>
Commit | Line | Data |
---|---|---|
a87e8be2 LT |
1 | #include "cache.h" |
2 | #include "pkt-line.h" | |
eaa94919 LT |
3 | #include <signal.h> |
4 | #include <sys/wait.h> | |
a87e8be2 | 5 | #include <sys/socket.h> |
3cd6ecda | 6 | #include <sys/time.h> |
df076bdb | 7 | #include <netdb.h> |
a87e8be2 | 8 | #include <netinet/in.h> |
f8ff0c06 | 9 | #include <arpa/inet.h> |
9048fe1c | 10 | #include <syslog.h> |
f8ff0c06 | 11 | |
9048fe1c | 12 | static int log_syslog; |
f8ff0c06 PB |
13 | static int verbose; |
14 | ||
4ae95682 PA |
15 | static const char daemon_usage[] = "git-daemon [--verbose] [--syslog] [--inetd | --port=n] [--export-all] [directory...]"; |
16 | ||
17 | /* List of acceptable pathname prefixes */ | |
18 | static char **ok_paths = NULL; | |
19 | ||
20 | /* If this is set, git-daemon-export-ok is not required */ | |
21 | static int export_all_trees = 0; | |
f8ff0c06 PB |
22 | |
23 | ||
9048fe1c | 24 | static void logreport(int priority, const char *err, va_list params) |
f8ff0c06 PB |
25 | { |
26 | /* We should do a single write so that it is atomic and output | |
27 | * of several processes do not get intermingled. */ | |
28 | char buf[1024]; | |
29 | int buflen; | |
30 | int maxlen, msglen; | |
31 | ||
32 | /* sizeof(buf) should be big enough for "[pid] \n" */ | |
1bedd4ca | 33 | buflen = snprintf(buf, sizeof(buf), "[%ld] ", (long) getpid()); |
f8ff0c06 PB |
34 | |
35 | maxlen = sizeof(buf) - buflen - 1; /* -1 for our own LF */ | |
36 | msglen = vsnprintf(buf + buflen, maxlen, err, params); | |
37 | ||
9048fe1c PB |
38 | if (log_syslog) { |
39 | syslog(priority, "%s", buf); | |
40 | return; | |
41 | } | |
42 | ||
f8ff0c06 PB |
43 | /* maxlen counted our own LF but also counts space given to |
44 | * vsnprintf for the terminating NUL. We want to make sure that | |
45 | * we have space for our own LF and NUL after the "meat" of the | |
46 | * message, so truncate it at maxlen - 1. | |
47 | */ | |
48 | if (msglen > maxlen - 1) | |
49 | msglen = maxlen - 1; | |
50 | else if (msglen < 0) | |
51 | msglen = 0; /* Protect against weird return values. */ | |
52 | buflen += msglen; | |
53 | ||
54 | buf[buflen++] = '\n'; | |
55 | buf[buflen] = '\0'; | |
56 | ||
57 | write(2, buf, buflen); | |
58 | } | |
59 | ||
60 | void logerror(const char *err, ...) | |
61 | { | |
62 | va_list params; | |
63 | va_start(params, err); | |
9048fe1c | 64 | logreport(LOG_ERR, err, params); |
f8ff0c06 PB |
65 | va_end(params); |
66 | } | |
67 | ||
da38641d | 68 | void loginfo(const char *err, ...) |
f8ff0c06 PB |
69 | { |
70 | va_list params; | |
71 | if (!verbose) | |
72 | return; | |
73 | va_start(params, err); | |
9048fe1c | 74 | logreport(LOG_INFO, err, params); |
f8ff0c06 PB |
75 | va_end(params); |
76 | } | |
a87e8be2 | 77 | |
4ae95682 PA |
78 | static int path_ok(const char *dir) |
79 | { | |
80 | const char *p = dir; | |
81 | char **pp; | |
82 | int sl = 1, ndot = 0; | |
83 | ||
84 | for (;;) { | |
85 | if ( *p == '.' ) { | |
86 | ndot++; | |
87 | } else if ( *p == '/' || *p == '\0' ) { | |
88 | if ( sl && ndot > 0 && ndot < 3 ) | |
89 | return 0; /* . or .. in path */ | |
90 | sl = 1; | |
91 | if ( *p == '\0' ) | |
92 | break; /* End of string and all is good */ | |
93 | } else { | |
94 | sl = ndot = 0; | |
95 | } | |
96 | p++; | |
97 | } | |
98 | ||
99 | if ( ok_paths && *ok_paths ) { | |
100 | int ok = 0; | |
101 | int dirlen = strlen(dir); /* read_packet_line can return embedded \0 */ | |
102 | ||
103 | for ( pp = ok_paths ; *pp ; pp++ ) { | |
104 | int len = strlen(*pp); | |
105 | if ( len <= dirlen && | |
106 | !strncmp(*pp, dir, len) && | |
107 | (dir[len] == '/' || dir[len] == '\0') ) { | |
108 | ok = 1; | |
109 | break; | |
110 | } | |
111 | } | |
112 | ||
113 | if ( !ok ) | |
114 | return 0; /* Path not in whitelist */ | |
115 | } | |
116 | ||
117 | return 1; /* Path acceptable */ | |
118 | } | |
a87e8be2 LT |
119 | |
120 | static int upload(char *dir, int dirlen) | |
121 | { | |
da38641d | 122 | loginfo("Request for '%s'", dir); |
4ae95682 PA |
123 | |
124 | if (!path_ok(dir)) { | |
125 | logerror("Forbidden directory: %s\n", dir); | |
126 | return -1; | |
127 | } | |
128 | ||
f8ff0c06 PB |
129 | if (chdir(dir) < 0) { |
130 | logerror("Cannot chdir('%s'): %s", dir, strerror(errno)); | |
a87e8be2 | 131 | return -1; |
f8ff0c06 | 132 | } |
a87e8be2 LT |
133 | |
134 | /* | |
135 | * Security on the cheap. | |
136 | * | |
137 | * We want a readable HEAD, usable "objects" directory, and | |
138 | * a "git-daemon-export-ok" flag that says that the other side | |
139 | * is ok with us doing this. | |
140 | */ | |
4ae95682 | 141 | if ((!export_all_trees && access("git-daemon-export-ok", F_OK)) || |
a87e8be2 | 142 | access("objects/00", X_OK) || |
f8ff0c06 | 143 | access("HEAD", R_OK)) { |
4ae95682 | 144 | logerror("Not a valid git-daemon-enabled repository: '%s'", dir); |
a87e8be2 | 145 | return -1; |
f8ff0c06 | 146 | } |
a87e8be2 | 147 | |
02d57da4 LT |
148 | /* |
149 | * We'll ignore SIGTERM from now on, we have a | |
150 | * good client. | |
151 | */ | |
152 | signal(SIGTERM, SIG_IGN); | |
153 | ||
a87e8be2 LT |
154 | /* git-upload-pack only ever reads stuff, so this is safe */ |
155 | execlp("git-upload-pack", "git-upload-pack", ".", NULL); | |
156 | return -1; | |
157 | } | |
158 | ||
7d80694a | 159 | static int execute(void) |
a87e8be2 | 160 | { |
7d80694a LT |
161 | static char line[1000]; |
162 | int len; | |
163 | ||
164 | len = packet_read_line(0, line, sizeof(line)); | |
165 | ||
166 | if (len && line[len-1] == '\n') | |
167 | line[--len] = 0; | |
168 | ||
a87e8be2 LT |
169 | if (!strncmp("git-upload-pack /", line, 17)) |
170 | return upload(line + 16, len - 16); | |
171 | ||
f8ff0c06 | 172 | logerror("Protocol error: '%s'", line); |
a87e8be2 LT |
173 | return -1; |
174 | } | |
175 | ||
66e631de LT |
176 | |
177 | /* | |
178 | * We count spawned/reaped separately, just to avoid any | |
179 | * races when updating them from signals. The SIGCHLD handler | |
180 | * will only update children_reaped, and the fork logic will | |
181 | * only update children_spawned. | |
182 | * | |
183 | * MAX_CHILDREN should be a power-of-two to make the modulus | |
184 | * operation cheap. It should also be at least twice | |
185 | * the maximum number of connections we will ever allow. | |
186 | */ | |
187 | #define MAX_CHILDREN 128 | |
188 | ||
189 | static int max_connections = 25; | |
190 | ||
191 | /* These are updated by the signal handler */ | |
192 | static volatile unsigned int children_reaped = 0; | |
4d8fa916 | 193 | static pid_t dead_child[MAX_CHILDREN]; |
66e631de LT |
194 | |
195 | /* These are updated by the main loop */ | |
196 | static unsigned int children_spawned = 0; | |
197 | static unsigned int children_deleted = 0; | |
198 | ||
4d8fa916 | 199 | static struct child { |
66e631de | 200 | pid_t pid; |
7fa09084 | 201 | int addrlen; |
df076bdb | 202 | struct sockaddr_storage address; |
66e631de LT |
203 | } live_child[MAX_CHILDREN]; |
204 | ||
7fa09084 | 205 | static void add_child(int idx, pid_t pid, struct sockaddr *addr, int addrlen) |
66e631de LT |
206 | { |
207 | live_child[idx].pid = pid; | |
208 | live_child[idx].addrlen = addrlen; | |
df076bdb | 209 | memcpy(&live_child[idx].address, addr, addrlen); |
66e631de LT |
210 | } |
211 | ||
212 | /* | |
213 | * Walk from "deleted" to "spawned", and remove child "pid". | |
214 | * | |
215 | * We move everything up by one, since the new "deleted" will | |
216 | * be one higher. | |
217 | */ | |
218 | static void remove_child(pid_t pid, unsigned deleted, unsigned spawned) | |
219 | { | |
220 | struct child n; | |
221 | ||
222 | deleted %= MAX_CHILDREN; | |
223 | spawned %= MAX_CHILDREN; | |
224 | if (live_child[deleted].pid == pid) { | |
225 | live_child[deleted].pid = -1; | |
226 | return; | |
227 | } | |
228 | n = live_child[deleted]; | |
229 | for (;;) { | |
230 | struct child m; | |
231 | deleted = (deleted + 1) % MAX_CHILDREN; | |
232 | if (deleted == spawned) | |
233 | die("could not find dead child %d\n", pid); | |
234 | m = live_child[deleted]; | |
235 | live_child[deleted] = n; | |
236 | if (m.pid == pid) | |
237 | return; | |
238 | n = m; | |
239 | } | |
240 | } | |
241 | ||
242 | /* | |
243 | * This gets called if the number of connections grows | |
244 | * past "max_connections". | |
245 | * | |
246 | * We _should_ start off by searching for connections | |
247 | * from the same IP, and if there is some address wth | |
248 | * multiple connections, we should kill that first. | |
249 | * | |
250 | * As it is, we just "randomly" kill 25% of the connections, | |
251 | * and our pseudo-random generator sucks too. I have no | |
252 | * shame. | |
253 | * | |
254 | * Really, this is just a place-holder for a _real_ algorithm. | |
255 | */ | |
02d57da4 | 256 | static void kill_some_children(int signo, unsigned start, unsigned stop) |
66e631de LT |
257 | { |
258 | start %= MAX_CHILDREN; | |
259 | stop %= MAX_CHILDREN; | |
260 | while (start != stop) { | |
261 | if (!(start & 3)) | |
02d57da4 | 262 | kill(live_child[start].pid, signo); |
66e631de LT |
263 | start = (start + 1) % MAX_CHILDREN; |
264 | } | |
265 | } | |
266 | ||
02d57da4 | 267 | static void check_max_connections(void) |
a87e8be2 | 268 | { |
02d57da4 | 269 | for (;;) { |
eaa94919 | 270 | int active; |
66e631de | 271 | unsigned spawned, reaped, deleted; |
eaa94919 | 272 | |
66e631de | 273 | spawned = children_spawned; |
66e631de LT |
274 | reaped = children_reaped; |
275 | deleted = children_deleted; | |
276 | ||
277 | while (deleted < reaped) { | |
278 | pid_t pid = dead_child[deleted % MAX_CHILDREN]; | |
279 | remove_child(pid, deleted, spawned); | |
280 | deleted++; | |
281 | } | |
282 | children_deleted = deleted; | |
283 | ||
284 | active = spawned - deleted; | |
02d57da4 LT |
285 | if (active <= max_connections) |
286 | break; | |
66e631de | 287 | |
02d57da4 LT |
288 | /* Kill some unstarted connections with SIGTERM */ |
289 | kill_some_children(SIGTERM, deleted, spawned); | |
290 | if (active <= max_connections << 1) | |
291 | break; | |
292 | ||
293 | /* If the SIGTERM thing isn't helping use SIGKILL */ | |
294 | kill_some_children(SIGKILL, deleted, spawned); | |
295 | sleep(1); | |
296 | } | |
297 | } | |
298 | ||
7fa09084 | 299 | static void handle(int incoming, struct sockaddr *addr, int addrlen) |
02d57da4 LT |
300 | { |
301 | pid_t pid = fork(); | |
f8ff0c06 PB |
302 | char addrbuf[256] = ""; |
303 | int port = -1; | |
02d57da4 LT |
304 | |
305 | if (pid) { | |
306 | unsigned idx; | |
307 | ||
308 | close(incoming); | |
309 | if (pid < 0) | |
310 | return; | |
311 | ||
312 | idx = children_spawned % MAX_CHILDREN; | |
313 | children_spawned++; | |
314 | add_child(idx, pid, addr, addrlen); | |
66e631de | 315 | |
02d57da4 | 316 | check_max_connections(); |
a87e8be2 LT |
317 | return; |
318 | } | |
319 | ||
320 | dup2(incoming, 0); | |
321 | dup2(incoming, 1); | |
322 | close(incoming); | |
f8ff0c06 PB |
323 | |
324 | if (addr->sa_family == AF_INET) { | |
325 | struct sockaddr_in *sin_addr = (void *) addr; | |
326 | inet_ntop(AF_INET, &sin_addr->sin_addr, addrbuf, sizeof(addrbuf)); | |
327 | port = sin_addr->sin_port; | |
328 | ||
329 | } else if (addr->sa_family == AF_INET6) { | |
330 | struct sockaddr_in6 *sin6_addr = (void *) addr; | |
331 | ||
332 | char *buf = addrbuf; | |
333 | *buf++ = '['; *buf = '\0'; /* stpcpy() is cool */ | |
334 | inet_ntop(AF_INET6, &sin6_addr->sin6_addr, buf, sizeof(addrbuf) - 1); | |
335 | strcat(buf, "]"); | |
336 | ||
337 | port = sin6_addr->sin6_port; | |
338 | } | |
da38641d | 339 | loginfo("Connection from %s:%d", addrbuf, port); |
f8ff0c06 | 340 | |
7d80694a | 341 | exit(execute()); |
a87e8be2 LT |
342 | } |
343 | ||
eaa94919 LT |
344 | static void child_handler(int signo) |
345 | { | |
346 | for (;;) { | |
9048fe1c PB |
347 | int status; |
348 | pid_t pid = waitpid(-1, &status, WNOHANG); | |
66e631de LT |
349 | |
350 | if (pid > 0) { | |
351 | unsigned reaped = children_reaped; | |
352 | dead_child[reaped % MAX_CHILDREN] = pid; | |
353 | children_reaped = reaped + 1; | |
f8ff0c06 | 354 | /* XXX: Custom logging, since we don't wanna getpid() */ |
9048fe1c PB |
355 | if (verbose) { |
356 | char *dead = ""; | |
357 | if (!WIFEXITED(status) || WEXITSTATUS(status) > 0) | |
358 | dead = " (with error)"; | |
359 | if (log_syslog) | |
360 | syslog(LOG_INFO, "[%d] Disconnected%s", pid, dead); | |
361 | else | |
362 | fprintf(stderr, "[%d] Disconnected%s\n", pid, dead); | |
363 | } | |
eaa94919 LT |
364 | continue; |
365 | } | |
366 | break; | |
367 | } | |
368 | } | |
369 | ||
a87e8be2 LT |
370 | static int serve(int port) |
371 | { | |
df076bdb YH |
372 | struct addrinfo hints, *ai0, *ai; |
373 | int gai; | |
374 | int socknum = 0, *socklist = NULL; | |
375 | int maxfd = -1; | |
376 | fd_set fds_init, fds; | |
377 | char pbuf[NI_MAXSERV]; | |
a87e8be2 | 378 | |
eaa94919 | 379 | signal(SIGCHLD, child_handler); |
df076bdb YH |
380 | |
381 | sprintf(pbuf, "%d", port); | |
382 | memset(&hints, 0, sizeof(hints)); | |
383 | hints.ai_family = AF_UNSPEC; | |
384 | hints.ai_socktype = SOCK_STREAM; | |
385 | hints.ai_protocol = IPPROTO_TCP; | |
386 | hints.ai_flags = AI_PASSIVE; | |
387 | ||
388 | gai = getaddrinfo(NULL, pbuf, &hints, &ai0); | |
389 | if (gai) | |
390 | die("getaddrinfo() failed: %s\n", gai_strerror(gai)); | |
391 | ||
392 | FD_ZERO(&fds_init); | |
393 | ||
394 | for (ai = ai0; ai; ai = ai->ai_next) { | |
395 | int sockfd; | |
396 | int *newlist; | |
397 | ||
398 | sockfd = socket(ai->ai_family, ai->ai_socktype, ai->ai_protocol); | |
399 | if (sockfd < 0) | |
400 | continue; | |
401 | if (sockfd >= FD_SETSIZE) { | |
402 | error("too large socket descriptor."); | |
403 | close(sockfd); | |
404 | continue; | |
405 | } | |
406 | ||
407 | #ifdef IPV6_V6ONLY | |
408 | if (ai->ai_family == AF_INET6) { | |
409 | int on = 1; | |
410 | setsockopt(sockfd, IPPROTO_IPV6, IPV6_V6ONLY, | |
411 | &on, sizeof(on)); | |
412 | /* Note: error is not fatal */ | |
413 | } | |
414 | #endif | |
415 | ||
416 | if (bind(sockfd, ai->ai_addr, ai->ai_addrlen) < 0) { | |
417 | close(sockfd); | |
418 | continue; /* not fatal */ | |
419 | } | |
420 | if (listen(sockfd, 5) < 0) { | |
421 | close(sockfd); | |
422 | continue; /* not fatal */ | |
423 | } | |
424 | ||
425 | newlist = realloc(socklist, sizeof(int) * (socknum + 1)); | |
426 | if (!newlist) | |
427 | die("memory allocation failed: %s", strerror(errno)); | |
428 | ||
429 | socklist = newlist; | |
430 | socklist[socknum++] = sockfd; | |
431 | ||
432 | FD_SET(sockfd, &fds_init); | |
433 | if (maxfd < sockfd) | |
434 | maxfd = sockfd; | |
435 | } | |
436 | ||
437 | freeaddrinfo(ai0); | |
438 | ||
439 | if (socknum == 0) | |
440 | die("unable to allocate any listen sockets on port %u", port); | |
a87e8be2 LT |
441 | |
442 | for (;;) { | |
df076bdb YH |
443 | int i; |
444 | fds = fds_init; | |
445 | ||
446 | if (select(maxfd + 1, &fds, NULL, NULL, NULL) < 0) { | |
1eef0b33 JH |
447 | if (errno != EINTR) { |
448 | error("select failed, resuming: %s", | |
449 | strerror(errno)); | |
450 | sleep(1); | |
451 | } | |
df076bdb YH |
452 | continue; |
453 | } | |
454 | ||
455 | for (i = 0; i < socknum; i++) { | |
456 | int sockfd = socklist[i]; | |
457 | ||
458 | if (FD_ISSET(sockfd, &fds)) { | |
459 | struct sockaddr_storage ss; | |
7fa09084 | 460 | int sslen = sizeof(ss); |
df076bdb YH |
461 | int incoming = accept(sockfd, (struct sockaddr *)&ss, &sslen); |
462 | if (incoming < 0) { | |
463 | switch (errno) { | |
464 | case EAGAIN: | |
465 | case EINTR: | |
466 | case ECONNABORTED: | |
467 | continue; | |
468 | default: | |
469 | die("accept returned %s", strerror(errno)); | |
470 | } | |
471 | } | |
472 | handle(incoming, (struct sockaddr *)&ss, sslen); | |
a87e8be2 LT |
473 | } |
474 | } | |
a87e8be2 LT |
475 | } |
476 | } | |
477 | ||
478 | int main(int argc, char **argv) | |
479 | { | |
480 | int port = DEFAULT_GIT_PORT; | |
e64e1b79 | 481 | int inetd_mode = 0; |
a87e8be2 LT |
482 | int i; |
483 | ||
484 | for (i = 1; i < argc; i++) { | |
485 | char *arg = argv[i]; | |
486 | ||
487 | if (!strncmp(arg, "--port=", 7)) { | |
488 | char *end; | |
489 | unsigned long n; | |
490 | n = strtoul(arg+7, &end, 0); | |
491 | if (arg[7] && !*end) { | |
492 | port = n; | |
493 | continue; | |
494 | } | |
495 | } | |
e64e1b79 LT |
496 | if (!strcmp(arg, "--inetd")) { |
497 | inetd_mode = 1; | |
498 | continue; | |
499 | } | |
f8ff0c06 PB |
500 | if (!strcmp(arg, "--verbose")) { |
501 | verbose = 1; | |
502 | continue; | |
503 | } | |
9048fe1c PB |
504 | if (!strcmp(arg, "--syslog")) { |
505 | log_syslog = 1; | |
506 | openlog("git-daemon", 0, LOG_DAEMON); | |
507 | continue; | |
508 | } | |
4ae95682 PA |
509 | if (!strcmp(arg, "--export-all")) { |
510 | export_all_trees = 1; | |
511 | continue; | |
512 | } | |
513 | if (!strcmp(arg, "--")) { | |
514 | ok_paths = &argv[i+1]; | |
515 | break; | |
516 | } else if (arg[0] != '-') { | |
517 | ok_paths = &argv[i]; | |
518 | break; | |
519 | } | |
e64e1b79 | 520 | |
a87e8be2 LT |
521 | usage(daemon_usage); |
522 | } | |
523 | ||
7c3693f1 LD |
524 | if (inetd_mode) { |
525 | fclose(stderr); //FIXME: workaround | |
e64e1b79 | 526 | return execute(); |
7c3693f1 | 527 | } |
e64e1b79 | 528 | |
a87e8be2 LT |
529 | return serve(port); |
530 | } |