[thirdparty/git.git] / daemon.c

#include "cache.h"
#include "pkt-line.h"
#include <signal.h>
#include <sys/wait.h>
#include <sys/socket.h>
#include <sys/time.h>
#include <netdb.h>
#include <netinet/in.h>
#include <arpa/inet.h>
#include <syslog.h>

static int log_syslog;
static int verbose;

static const char daemon_usage[] = "git-daemon [--verbose] [--syslog] [--inetd | --port=n] [--export-all] [directory...]";

/* List of acceptable pathname prefixes */
static char **ok_paths = NULL;

/* If this is set, git-daemon-export-ok is not required */
static int export_all_trees = 0;


static void logreport(int priority, const char *err, va_list params)
{
	/* We should do a single write so that it is atomic and output
	 * of several processes do not get intermingled. */
	char buf[1024];
	int buflen;
	int maxlen, msglen;

	/* sizeof(buf) should be big enough for "[pid] \n" */
	buflen = snprintf(buf, sizeof(buf), "[%ld] ", (long) getpid());

	maxlen = sizeof(buf) - buflen - 1; /* -1 for our own LF */
	msglen = vsnprintf(buf + buflen, maxlen, err, params);

	if (log_syslog) {
		syslog(priority, "%s", buf);
		return;
	}

	/* maxlen counted our own LF but also counts space given to
	 * vsnprintf for the terminating NUL.  We want to make sure that
	 * we have space for our own LF and NUL after the "meat" of the
	 * message, so truncate it at maxlen - 1.
	 */
	if (msglen > maxlen - 1)
		msglen = maxlen - 1;
	else if (msglen < 0)
		msglen = 0; /* Protect against weird return values. */
	buflen += msglen;

	buf[buflen++] = '\n';
	buf[buflen] = '\0';

	write(2, buf, buflen);
}

void logerror(const char *err, ...)
{
	va_list params;
	va_start(params, err);
	logreport(LOG_ERR, err, params);
	va_end(params);
}

void loginfo(const char *err, ...)
{
	va_list params;
	if (!verbose)
		return;
	va_start(params, err);
	logreport(LOG_INFO, err, params);
	va_end(params);
}

static int path_ok(const char *dir)
{
	const char *p = dir;
	char **pp;
	int sl = 1, ndot = 0;

	for (;;) {
		if ( *p == '.' ) {
			ndot++;
		} else if ( *p == '/' || *p == '\0' ) {
			if ( sl && ndot > 0 && ndot < 3 )
				return 0; /* . or .. in path */
			sl = 1;
			if ( *p == '\0' )
				break; /* End of string and all is good */
		} else {
			sl = ndot = 0;
		}
		p++;
	}

	if ( ok_paths && *ok_paths ) {
		int ok = 0;
		int dirlen = strlen(dir); /* read_packet_line can return embedded \0 */

		for ( pp = ok_paths ; *pp ; pp++ ) {
			int len = strlen(*pp);
			if ( len <= dirlen &&
			     !strncmp(*pp, dir, len) &&
			     (dir[len] == '/' || dir[len] == '\0') ) {
				ok = 1;
				break;
			}
		}

		if ( !ok )
			return 0; /* Path not in whitelist */
	}

	return 1;		/* Path acceptable */
}

static int upload(char *dir, int dirlen)
{
	loginfo("Request for '%s'", dir);

	if (!path_ok(dir)) {
		logerror("Forbidden directory: %s\n", dir);
		return -1;
	}

	if (chdir(dir) < 0) {
		logerror("Cannot chdir('%s'): %s", dir, strerror(errno));
		return -1;
	}

	/*
	 * Security on the cheap.
	 *
	 * We want a readable HEAD, usable "objects" directory, and 
	 * a "git-daemon-export-ok" flag that says that the other side
	 * is ok with us doing this.
	 */
	if ((!export_all_trees && access("git-daemon-export-ok", F_OK)) ||
	    access("objects/00", X_OK) ||
	    access("HEAD", R_OK)) {
		logerror("Not a valid git-daemon-enabled repository: '%s'", dir);
		return -1;
	}

	/*
	 * We'll ignore SIGTERM from now on, we have a
	 * good client.
	 */
	signal(SIGTERM, SIG_IGN);

	/* git-upload-pack only ever reads stuff, so this is safe */
	execlp("git-upload-pack", "git-upload-pack", ".", NULL);
	return -1;
}

static int execute(void)
{
	static char line[1000];
	int len;

	len = packet_read_line(0, line, sizeof(line));

	if (len && line[len-1] == '\n')
		line[--len] = 0;

	if (!strncmp("git-upload-pack /", line, 17))
		return upload(line + 16, len - 16);

	logerror("Protocol error: '%s'", line);
	return -1;
}


/*
 * We count spawned/reaped separately, just to avoid any
 * races when updating them from signals. The SIGCHLD handler
 * will only update children_reaped, and the fork logic will
 * only update children_spawned.
 *
 * MAX_CHILDREN should be a power-of-two to make the modulus
 * operation cheap. It should also be at least twice
 * the maximum number of connections we will ever allow.
 */
#define MAX_CHILDREN 128

static int max_connections = 25;

/* These are updated by the signal handler */
static volatile unsigned int children_reaped = 0;
static pid_t dead_child[MAX_CHILDREN];

/* These are updated by the main loop */
static unsigned int children_spawned = 0;
static unsigned int children_deleted = 0;

static struct child {
	pid_t pid;
	int addrlen;
	struct sockaddr_storage address;
} live_child[MAX_CHILDREN];

static void add_child(int idx, pid_t pid, struct sockaddr *addr, int addrlen)
{
	live_child[idx].pid = pid;
	live_child[idx].addrlen = addrlen;
	memcpy(&live_child[idx].address, addr, addrlen);
}

/*
 * Walk from "deleted" to "spawned", and remove child "pid".
 *
 * We move everything up by one, since the new "deleted" will
 * be one higher.
 */
static void remove_child(pid_t pid, unsigned deleted, unsigned spawned)
{
	struct child n;

	deleted %= MAX_CHILDREN;
	spawned %= MAX_CHILDREN;
	if (live_child[deleted].pid == pid) {
		live_child[deleted].pid = -1;
		return;
	}
	n = live_child[deleted];
	for (;;) {
		struct child m;
		deleted = (deleted + 1) % MAX_CHILDREN;
		if (deleted == spawned)
			die("could not find dead child %d\n", pid);
		m = live_child[deleted];
		live_child[deleted] = n;
		if (m.pid == pid)
			return;
		n = m;
	}
}

/*
 * This gets called if the number of connections grows
 * past "max_connections".
 *
 * We _should_ start off by searching for connections
 * from the same IP, and if there is some address wth
 * multiple connections, we should kill that first.
 *
 * As it is, we just "randomly" kill 25% of the connections,
 * and our pseudo-random generator sucks too. I have no
 * shame.
 *
 * Really, this is just a place-holder for a _real_ algorithm.
 */
static void kill_some_children(int signo, unsigned start, unsigned stop)
{
	start %= MAX_CHILDREN;
	stop %= MAX_CHILDREN;
	while (start != stop) {
		if (!(start & 3))
			kill(live_child[start].pid, signo);
		start = (start + 1) % MAX_CHILDREN;
	}
}

static void check_max_connections(void)
{
	for (;;) {
		int active;
		unsigned spawned, reaped, deleted;

		spawned = children_spawned;
		reaped = children_reaped;
		deleted = children_deleted;

		while (deleted < reaped) {
			pid_t pid = dead_child[deleted % MAX_CHILDREN];
			remove_child(pid, deleted, spawned);
			deleted++;
		}
		children_deleted = deleted;

		active = spawned - deleted;
		if (active <= max_connections)
			break;

		/* Kill some unstarted connections with SIGTERM */
		kill_some_children(SIGTERM, deleted, spawned);
		if (active <= max_connections << 1)
			break;

		/* If the SIGTERM thing isn't helping use SIGKILL */
		kill_some_children(SIGKILL, deleted, spawned);
		sleep(1);
	}
}

static void handle(int incoming, struct sockaddr *addr, int addrlen)
{
	pid_t pid = fork();
	char addrbuf[256] = "";
	int port = -1;

	if (pid) {
		unsigned idx;

		close(incoming);
		if (pid < 0)
			return;

		idx = children_spawned % MAX_CHILDREN;
		children_spawned++;
		add_child(idx, pid, addr, addrlen);

		check_max_connections();
		return;
	}

	dup2(incoming, 0);
	dup2(incoming, 1);
	close(incoming);

	if (addr->sa_family == AF_INET) {
		struct sockaddr_in *sin_addr = (void *) addr;
		inet_ntop(AF_INET, &sin_addr->sin_addr, addrbuf, sizeof(addrbuf));
		port = sin_addr->sin_port;

	} else if (addr->sa_family == AF_INET6) {
		struct sockaddr_in6 *sin6_addr = (void *) addr;

		char *buf = addrbuf;
		*buf++ = '['; *buf = '\0'; /* stpcpy() is cool */
		inet_ntop(AF_INET6, &sin6_addr->sin6_addr, buf, sizeof(addrbuf) - 1);
		strcat(buf, "]");

		port = sin6_addr->sin6_port;
	}
	loginfo("Connection from %s:%d", addrbuf, port);

	exit(execute());
}

static void child_handler(int signo)
{
	for (;;) {
		int status;
		pid_t pid = waitpid(-1, &status, WNOHANG);

		if (pid > 0) {
			unsigned reaped = children_reaped;
			dead_child[reaped % MAX_CHILDREN] = pid;
			children_reaped = reaped + 1;
			/* XXX: Custom logging, since we don't wanna getpid() */
			if (verbose) {
				char *dead = "";
				if (!WIFEXITED(status) || WEXITSTATUS(status) > 0)
					dead = " (with error)";
				if (log_syslog)
					syslog(LOG_INFO, "[%d] Disconnected%s", pid, dead);
				else
					fprintf(stderr, "[%d] Disconnected%s\n", pid, dead);
			}
			continue;
		}
		break;
	}
}

static int serve(int port)
{
	struct addrinfo hints, *ai0, *ai;
	int gai;
	int socknum = 0, *socklist = NULL;
	int maxfd = -1;
	fd_set fds_init, fds;
	char pbuf[NI_MAXSERV];

	signal(SIGCHLD, child_handler);

	sprintf(pbuf, "%d", port);
	memset(&hints, 0, sizeof(hints));
	hints.ai_family = AF_UNSPEC;
	hints.ai_socktype = SOCK_STREAM;
	hints.ai_protocol = IPPROTO_TCP;
	hints.ai_flags = AI_PASSIVE;

	gai = getaddrinfo(NULL, pbuf, &hints, &ai0);
	if (gai)
		die("getaddrinfo() failed: %s\n", gai_strerror(gai));

	FD_ZERO(&fds_init);

	for (ai = ai0; ai; ai = ai->ai_next) {
		int sockfd;
		int *newlist;

		sockfd = socket(ai->ai_family, ai->ai_socktype, ai->ai_protocol);
		if (sockfd < 0)
			continue;
		if (sockfd >= FD_SETSIZE) {
			error("too large socket descriptor.");
			close(sockfd);
			continue;
		}

#ifdef IPV6_V6ONLY
		if (ai->ai_family == AF_INET6) {
			int on = 1;
			setsockopt(sockfd, IPPROTO_IPV6, IPV6_V6ONLY,
				   &on, sizeof(on));
			/* Note: error is not fatal */
		}
#endif

		if (bind(sockfd, ai->ai_addr, ai->ai_addrlen) < 0) {
			close(sockfd);
			continue;	/* not fatal */
		}
		if (listen(sockfd, 5) < 0) {
			close(sockfd);
			continue;	/* not fatal */
		}

		newlist = realloc(socklist, sizeof(int) * (socknum + 1));
		if (!newlist)
			die("memory allocation failed: %s", strerror(errno));

		socklist = newlist;
		socklist[socknum++] = sockfd;

		FD_SET(sockfd, &fds_init);
		if (maxfd < sockfd)
			maxfd = sockfd;
	}

	freeaddrinfo(ai0);

	if (socknum == 0)
		die("unable to allocate any listen sockets on port %u", port);

	for (;;) {
		int i;
		fds = fds_init;
		
		if (select(maxfd + 1, &fds, NULL, NULL, NULL) < 0) {
			if (errno != EINTR) {
				error("select failed, resuming: %s",
				      strerror(errno));
				sleep(1);
			}
			continue;
		}

		for (i = 0; i < socknum; i++) {
			int sockfd = socklist[i];

			if (FD_ISSET(sockfd, &fds)) {
				struct sockaddr_storage ss;
				int sslen = sizeof(ss);
				int incoming = accept(sockfd, (struct sockaddr *)&ss, &sslen);
				if (incoming < 0) {
					switch (errno) {
					case EAGAIN:
					case EINTR:
					case ECONNABORTED:
						continue;
					default:
						die("accept returned %s", strerror(errno));
					}
				}
				handle(incoming, (struct sockaddr *)&ss, sslen);
			}
		}
	}
}

int main(int argc, char **argv)
{
	int port = DEFAULT_GIT_PORT;
	int inetd_mode = 0;
	int i;

	for (i = 1; i < argc; i++) {
		char *arg = argv[i];

		if (!strncmp(arg, "--port=", 7)) {
			char *end;
			unsigned long n;
			n = strtoul(arg+7, &end, 0);
			if (arg[7] && !*end) {
				port = n;
				continue;
			}
		}
		if (!strcmp(arg, "--inetd")) {
			inetd_mode = 1;
			continue;
		}
		if (!strcmp(arg, "--verbose")) {
			verbose = 1;
			continue;
		}
		if (!strcmp(arg, "--syslog")) {
			log_syslog = 1;
			openlog("git-daemon", 0, LOG_DAEMON);
			continue;
		}
		if (!strcmp(arg, "--export-all")) {
			export_all_trees = 1;
			continue;
		}
		if (!strcmp(arg, "--")) {
			ok_paths = &argv[i+1];
			break;
		} else if (arg[0] != '-') {
			ok_paths = &argv[i];
			break;
		}

		usage(daemon_usage);
	}

	if (inetd_mode) {
		fclose(stderr); //FIXME: workaround
		return execute();
	}

	return serve(port);
}
Commit	Line	Data
a87e8be2 LT	1	#include "cache.h"
a87e8be2 LT	2	#include "pkt-line.h"
eaa94919 LT	3	#include <signal.h>
eaa94919 LT	4	#include <sys/wait.h>
a87e8be2	5	#include <sys/socket.h>
3cd6ecda	6	#include <sys/time.h>
df076bdb	7	#include <netdb.h>
a87e8be2	8	#include <netinet/in.h>
f8ff0c06	9	#include <arpa/inet.h>
9048fe1c	10	#include <syslog.h>
f8ff0c06	11
9048fe1c	12	static int log_syslog;
f8ff0c06 PB	13	static int verbose;
f8ff0c06 PB	14
4ae95682 PA	15	static const char daemon_usage[] = "git-daemon [--verbose] [--syslog] [--inetd \| --port=n] [--export-all] [directory...]";
	16
	17	/* List of acceptable pathname prefixes */
	18	static char **ok_paths = NULL;
	19
	20	/* If this is set, git-daemon-export-ok is not required */
	21	static int export_all_trees = 0;
f8ff0c06 PB	22
f8ff0c06 PB	23
9048fe1c	24	static void logreport(int priority, const char *err, va_list params)
f8ff0c06 PB	25	{
	26	/* We should do a single write so that it is atomic and output
	27	* of several processes do not get intermingled. */
	28	char buf[1024];
	29	int buflen;
	30	int maxlen, msglen;
	31
	32	/* sizeof(buf) should be big enough for "[pid] \n" */
1bedd4ca	33	buflen = snprintf(buf, sizeof(buf), "[%ld] ", (long) getpid());
f8ff0c06 PB	34
	35	maxlen = sizeof(buf) - buflen - 1; /* -1 for our own LF */
	36	msglen = vsnprintf(buf + buflen, maxlen, err, params);
	37
9048fe1c PB	38	if (log_syslog) {
	39	syslog(priority, "%s", buf);
	40	return;
	41	}
	42
f8ff0c06 PB	43	/* maxlen counted our own LF but also counts space given to
	44	* vsnprintf for the terminating NUL. We want to make sure that
	45	* we have space for our own LF and NUL after the "meat" of the
	46	* message, so truncate it at maxlen - 1.
	47	*/
	48	if (msglen > maxlen - 1)
	49	msglen = maxlen - 1;
	50	else if (msglen < 0)
	51	msglen = 0; /* Protect against weird return values. */
	52	buflen += msglen;
	53
	54	buf[buflen++] = '\n';
	55	buf[buflen] = '\0';
	56
	57	write(2, buf, buflen);
	58	}
	59
	60	void logerror(const char *err, ...)
	61	{
	62	va_list params;
	63	va_start(params, err);
9048fe1c	64	logreport(LOG_ERR, err, params);
f8ff0c06 PB	65	va_end(params);
	66	}
	67
da38641d	68	void loginfo(const char *err, ...)
f8ff0c06 PB	69	{
	70	va_list params;
	71	if (!verbose)
	72	return;
	73	va_start(params, err);
9048fe1c	74	logreport(LOG_INFO, err, params);
f8ff0c06 PB	75	va_end(params);
f8ff0c06 PB	76	}
a87e8be2	77
4ae95682 PA	78	static int path_ok(const char *dir)
	79	{
	80	const char *p = dir;
	81	char **pp;
	82	int sl = 1, ndot = 0;
	83
	84	for (;;) {
	85	if ( *p == '.' ) {
	86	ndot++;
	87	} else if ( p == '/' \|\| p == '\0' ) {
	88	if ( sl && ndot > 0 && ndot < 3 )
	89	return 0; /* . or .. in path */
	90	sl = 1;
	91	if ( *p == '\0' )
	92	break; /* End of string and all is good */
	93	} else {
	94	sl = ndot = 0;
	95	}
	96	p++;
	97	}
	98
	99	if ( ok_paths && *ok_paths ) {
	100	int ok = 0;
	101	int dirlen = strlen(dir); /* read_packet_line can return embedded \0 */
	102
	103	for ( pp = ok_paths ; *pp ; pp++ ) {
	104	int len = strlen(*pp);
	105	if ( len <= dirlen &&
	106	!strncmp(*pp, dir, len) &&
	107	(dir[len] == '/' \|\| dir[len] == '\0') ) {
	108	ok = 1;
	109	break;
	110	}
	111	}
	112
	113	if ( !ok )
	114	return 0; /* Path not in whitelist */
	115	}
	116
	117	return 1; /* Path acceptable */
	118	}
a87e8be2 LT	119
	120	static int upload(char *dir, int dirlen)
	121	{
da38641d	122	loginfo("Request for '%s'", dir);
4ae95682 PA	123
	124	if (!path_ok(dir)) {
	125	logerror("Forbidden directory: %s\n", dir);
	126	return -1;
	127	}
	128
f8ff0c06 PB	129	if (chdir(dir) < 0) {
f8ff0c06 PB	130	logerror("Cannot chdir('%s'): %s", dir, strerror(errno));
a87e8be2	131	return -1;
f8ff0c06	132	}
a87e8be2 LT	133
	134	/*
	135	* Security on the cheap.
	136	*
	137	* We want a readable HEAD, usable "objects" directory, and
	138	* a "git-daemon-export-ok" flag that says that the other side
	139	* is ok with us doing this.
	140	*/
4ae95682	141	if ((!export_all_trees && access("git-daemon-export-ok", F_OK)) \|\|
a87e8be2	142	access("objects/00", X_OK) \|\|
f8ff0c06	143	access("HEAD", R_OK)) {
4ae95682	144	logerror("Not a valid git-daemon-enabled repository: '%s'", dir);
a87e8be2	145	return -1;
f8ff0c06	146	}
a87e8be2	147
02d57da4 LT	148	/*
	149	* We'll ignore SIGTERM from now on, we have a
	150	* good client.
	151	*/
	152	signal(SIGTERM, SIG_IGN);
	153
a87e8be2 LT	154	/* git-upload-pack only ever reads stuff, so this is safe */
	155	execlp("git-upload-pack", "git-upload-pack", ".", NULL);
	156	return -1;
	157	}
	158
7d80694a	159	static int execute(void)
a87e8be2	160	{
7d80694a LT	161	static char line[1000];
	162	int len;
	163
	164	len = packet_read_line(0, line, sizeof(line));
	165
	166	if (len && line[len-1] == '\n')
	167	line[--len] = 0;
	168
a87e8be2 LT	169	if (!strncmp("git-upload-pack /", line, 17))
	170	return upload(line + 16, len - 16);
	171
f8ff0c06	172	logerror("Protocol error: '%s'", line);
a87e8be2 LT	173	return -1;
	174	}
	175
66e631de LT	176
	177	/*
	178	* We count spawned/reaped separately, just to avoid any
	179	* races when updating them from signals. The SIGCHLD handler
	180	* will only update children_reaped, and the fork logic will
	181	* only update children_spawned.
	182	*
	183	* MAX_CHILDREN should be a power-of-two to make the modulus
	184	* operation cheap. It should also be at least twice
	185	* the maximum number of connections we will ever allow.
	186	*/
	187	#define MAX_CHILDREN 128
	188
	189	static int max_connections = 25;
	190
	191	/* These are updated by the signal handler */
	192	static volatile unsigned int children_reaped = 0;
4d8fa916	193	static pid_t dead_child[MAX_CHILDREN];
66e631de LT	194
	195	/* These are updated by the main loop */
	196	static unsigned int children_spawned = 0;
	197	static unsigned int children_deleted = 0;
	198
4d8fa916	199	static struct child {
66e631de	200	pid_t pid;
7fa09084	201	int addrlen;
df076bdb	202	struct sockaddr_storage address;
66e631de LT	203	} live_child[MAX_CHILDREN];
66e631de LT	204
7fa09084	205	static void add_child(int idx, pid_t pid, struct sockaddr *addr, int addrlen)
66e631de LT	206	{
	207	live_child[idx].pid = pid;
	208	live_child[idx].addrlen = addrlen;
df076bdb	209	memcpy(&live_child[idx].address, addr, addrlen);
66e631de LT	210	}
	211
	212	/*
	213	* Walk from "deleted" to "spawned", and remove child "pid".
	214	*
	215	* We move everything up by one, since the new "deleted" will
	216	* be one higher.
	217	*/
	218	static void remove_child(pid_t pid, unsigned deleted, unsigned spawned)
	219	{
	220	struct child n;
	221
	222	deleted %= MAX_CHILDREN;
	223	spawned %= MAX_CHILDREN;
	224	if (live_child[deleted].pid == pid) {
	225	live_child[deleted].pid = -1;
	226	return;
	227	}
	228	n = live_child[deleted];
	229	for (;;) {
	230	struct child m;
	231	deleted = (deleted + 1) % MAX_CHILDREN;
	232	if (deleted == spawned)
	233	die("could not find dead child %d\n", pid);
	234	m = live_child[deleted];
	235	live_child[deleted] = n;
	236	if (m.pid == pid)
	237	return;
	238	n = m;
	239	}
	240	}
	241
	242	/*
	243	* This gets called if the number of connections grows
	244	* past "max_connections".
	245	*
	246	* We _should_ start off by searching for connections
	247	* from the same IP, and if there is some address wth
	248	* multiple connections, we should kill that first.
	249	*
	250	* As it is, we just "randomly" kill 25% of the connections,
	251	* and our pseudo-random generator sucks too. I have no
	252	* shame.
	253	*
	254	* Really, this is just a place-holder for a _real_ algorithm.
	255	*/
02d57da4	256	static void kill_some_children(int signo, unsigned start, unsigned stop)
66e631de LT	257	{
	258	start %= MAX_CHILDREN;
	259	stop %= MAX_CHILDREN;
	260	while (start != stop) {
	261	if (!(start & 3))
02d57da4	262	kill(live_child[start].pid, signo);
66e631de LT	263	start = (start + 1) % MAX_CHILDREN;
	264	}
	265	}
	266
02d57da4	267	static void check_max_connections(void)
a87e8be2	268	{
02d57da4	269	for (;;) {
eaa94919	270	int active;
66e631de	271	unsigned spawned, reaped, deleted;
eaa94919	272
66e631de	273	spawned = children_spawned;
66e631de LT	274	reaped = children_reaped;
	275	deleted = children_deleted;
	276
	277	while (deleted < reaped) {
	278	pid_t pid = dead_child[deleted % MAX_CHILDREN];
	279	remove_child(pid, deleted, spawned);
	280	deleted++;
	281	}
	282	children_deleted = deleted;
	283
	284	active = spawned - deleted;
02d57da4 LT	285	if (active <= max_connections)
02d57da4 LT	286	break;
66e631de	287
02d57da4 LT	288	/* Kill some unstarted connections with SIGTERM */
	289	kill_some_children(SIGTERM, deleted, spawned);
	290	if (active <= max_connections << 1)
	291	break;
	292
	293	/* If the SIGTERM thing isn't helping use SIGKILL */
	294	kill_some_children(SIGKILL, deleted, spawned);
	295	sleep(1);
	296	}
	297	}
	298
7fa09084	299	static void handle(int incoming, struct sockaddr *addr, int addrlen)
02d57da4 LT	300	{
02d57da4 LT	301	pid_t pid = fork();
f8ff0c06 PB	302	char addrbuf[256] = "";
f8ff0c06 PB	303	int port = -1;
02d57da4 LT	304
	305	if (pid) {
	306	unsigned idx;
	307
	308	close(incoming);
	309	if (pid < 0)
	310	return;
	311
	312	idx = children_spawned % MAX_CHILDREN;
	313	children_spawned++;
	314	add_child(idx, pid, addr, addrlen);
66e631de	315
02d57da4	316	check_max_connections();
a87e8be2 LT	317	return;
	318	}
	319
	320	dup2(incoming, 0);
	321	dup2(incoming, 1);
	322	close(incoming);
f8ff0c06 PB	323
	324	if (addr->sa_family == AF_INET) {
	325	struct sockaddr_in sin_addr = (void ) addr;
	326	inet_ntop(AF_INET, &sin_addr->sin_addr, addrbuf, sizeof(addrbuf));
	327	port = sin_addr->sin_port;
	328
	329	} else if (addr->sa_family == AF_INET6) {
	330	struct sockaddr_in6 sin6_addr = (void ) addr;
	331
	332	char *buf = addrbuf;
	333	buf++ = '['; buf = '\0'; /* stpcpy() is cool */
	334	inet_ntop(AF_INET6, &sin6_addr->sin6_addr, buf, sizeof(addrbuf) - 1);
	335	strcat(buf, "]");
	336
	337	port = sin6_addr->sin6_port;
	338	}
da38641d	339	loginfo("Connection from %s:%d", addrbuf, port);
f8ff0c06	340
7d80694a	341	exit(execute());
a87e8be2 LT	342	}
a87e8be2 LT	343
eaa94919 LT	344	static void child_handler(int signo)
	345	{
	346	for (;;) {
9048fe1c PB	347	int status;
9048fe1c PB	348	pid_t pid = waitpid(-1, &status, WNOHANG);
66e631de LT	349
	350	if (pid > 0) {
	351	unsigned reaped = children_reaped;
	352	dead_child[reaped % MAX_CHILDREN] = pid;
	353	children_reaped = reaped + 1;
f8ff0c06	354	/* XXX: Custom logging, since we don't wanna getpid() */
9048fe1c PB	355	if (verbose) {
	356	char *dead = "";
	357	if (!WIFEXITED(status) \|\| WEXITSTATUS(status) > 0)
	358	dead = " (with error)";
	359	if (log_syslog)
	360	syslog(LOG_INFO, "[%d] Disconnected%s", pid, dead);
	361	else
	362	fprintf(stderr, "[%d] Disconnected%s\n", pid, dead);
	363	}
eaa94919 LT	364	continue;
	365	}
	366	break;
	367	}
	368	}
	369
a87e8be2 LT	370	static int serve(int port)
a87e8be2 LT	371	{
df076bdb YH	372	struct addrinfo hints, ai0, ai;
	373	int gai;
	374	int socknum = 0, *socklist = NULL;
	375	int maxfd = -1;
	376	fd_set fds_init, fds;
	377	char pbuf[NI_MAXSERV];
a87e8be2	378
eaa94919	379	signal(SIGCHLD, child_handler);
df076bdb YH	380
	381	sprintf(pbuf, "%d", port);
	382	memset(&hints, 0, sizeof(hints));
	383	hints.ai_family = AF_UNSPEC;
	384	hints.ai_socktype = SOCK_STREAM;
	385	hints.ai_protocol = IPPROTO_TCP;
	386	hints.ai_flags = AI_PASSIVE;
	387
	388	gai = getaddrinfo(NULL, pbuf, &hints, &ai0);
	389	if (gai)
	390	die("getaddrinfo() failed: %s\n", gai_strerror(gai));
	391
	392	FD_ZERO(&fds_init);
	393
	394	for (ai = ai0; ai; ai = ai->ai_next) {
	395	int sockfd;
	396	int *newlist;
	397
	398	sockfd = socket(ai->ai_family, ai->ai_socktype, ai->ai_protocol);
	399	if (sockfd < 0)
	400	continue;
	401	if (sockfd >= FD_SETSIZE) {
	402	error("too large socket descriptor.");
	403	close(sockfd);
	404	continue;
	405	}
	406
	407	#ifdef IPV6_V6ONLY
	408	if (ai->ai_family == AF_INET6) {
	409	int on = 1;
	410	setsockopt(sockfd, IPPROTO_IPV6, IPV6_V6ONLY,
	411	&on, sizeof(on));
	412	/* Note: error is not fatal */
	413	}
	414	#endif
	415
	416	if (bind(sockfd, ai->ai_addr, ai->ai_addrlen) < 0) {
	417	close(sockfd);
	418	continue; /* not fatal */
	419	}
	420	if (listen(sockfd, 5) < 0) {
	421	close(sockfd);
	422	continue; /* not fatal */
	423	}
	424
	425	newlist = realloc(socklist, sizeof(int) * (socknum + 1));
	426	if (!newlist)
	427	die("memory allocation failed: %s", strerror(errno));
	428
	429	socklist = newlist;
	430	socklist[socknum++] = sockfd;
	431
	432	FD_SET(sockfd, &fds_init);
	433	if (maxfd < sockfd)
	434	maxfd = sockfd;
	435	}
	436
	437	freeaddrinfo(ai0);
	438
	439	if (socknum == 0)
	440	die("unable to allocate any listen sockets on port %u", port);
a87e8be2 LT	441
a87e8be2 LT	442	for (;;) {
df076bdb YH	443	int i;
	444	fds = fds_init;
	445
	446	if (select(maxfd + 1, &fds, NULL, NULL, NULL) < 0) {
1eef0b33 JH	447	if (errno != EINTR) {
	448	error("select failed, resuming: %s",
	449	strerror(errno));
	450	sleep(1);
	451	}
df076bdb YH	452	continue;
	453	}
	454
	455	for (i = 0; i < socknum; i++) {
	456	int sockfd = socklist[i];
	457
	458	if (FD_ISSET(sockfd, &fds)) {
	459	struct sockaddr_storage ss;
7fa09084	460	int sslen = sizeof(ss);
df076bdb YH	461	int incoming = accept(sockfd, (struct sockaddr *)&ss, &sslen);
	462	if (incoming < 0) {
	463	switch (errno) {
	464	case EAGAIN:
	465	case EINTR:
	466	case ECONNABORTED:
	467	continue;
	468	default:
	469	die("accept returned %s", strerror(errno));
	470	}
	471	}
	472	handle(incoming, (struct sockaddr *)&ss, sslen);
a87e8be2 LT	473	}
a87e8be2 LT	474	}
a87e8be2 LT	475	}
	476	}
	477
	478	int main(int argc, char **argv)
	479	{
	480	int port = DEFAULT_GIT_PORT;
e64e1b79	481	int inetd_mode = 0;
a87e8be2 LT	482	int i;
	483
	484	for (i = 1; i < argc; i++) {
	485	char *arg = argv[i];
	486
	487	if (!strncmp(arg, "--port=", 7)) {
	488	char *end;
	489	unsigned long n;
	490	n = strtoul(arg+7, &end, 0);
	491	if (arg[7] && !*end) {
	492	port = n;
	493	continue;
	494	}
	495	}
e64e1b79 LT	496	if (!strcmp(arg, "--inetd")) {
	497	inetd_mode = 1;
	498	continue;
	499	}
f8ff0c06 PB	500	if (!strcmp(arg, "--verbose")) {
	501	verbose = 1;
	502	continue;
	503	}
9048fe1c PB	504	if (!strcmp(arg, "--syslog")) {
	505	log_syslog = 1;
	506	openlog("git-daemon", 0, LOG_DAEMON);
	507	continue;
	508	}
4ae95682 PA	509	if (!strcmp(arg, "--export-all")) {
	510	export_all_trees = 1;
	511	continue;
	512	}
	513	if (!strcmp(arg, "--")) {
	514	ok_paths = &argv[i+1];
	515	break;
	516	} else if (arg[0] != '-') {
	517	ok_paths = &argv[i];
	518	break;
	519	}
e64e1b79	520
a87e8be2 LT	521	usage(daemon_usage);
	522	}
	523
7c3693f1 LD	524	if (inetd_mode) {
7c3693f1 LD	525	fclose(stderr); //FIXME: workaround
e64e1b79	526	return execute();
7c3693f1	527	}
e64e1b79	528
a87e8be2 LT	529	return serve(port);
a87e8be2 LT	530	}