3 #include <sys/socket.h>
7 #include <netinet/in.h>
16 #include "interpolate.h"
18 static int log_syslog
;
22 static const char daemon_usage
[] =
23 "git-daemon [--verbose] [--syslog] [--export-all]\n"
24 " [--timeout=n] [--init-timeout=n] [--strict-paths]\n"
25 " [--base-path=path] [--user-path | --user-path=path]\n"
26 " [--interpolated-path=path]\n"
27 " [--reuseaddr] [--detach] [--pid-file=file]\n"
28 " [--[enable|disable|allow-override|forbid-override]=service]\n"
29 " [--inetd | [--listen=host_or_ipaddr] [--port=n]\n"
30 " [--user=user [--group=group]]\n"
33 /* List of acceptable pathname prefixes */
34 static char **ok_paths
;
35 static int strict_paths
;
37 /* If this is set, git-daemon-export-ok is not required */
38 static int export_all_trees
;
40 /* Take all paths relative to this one if non-NULL */
41 static char *base_path
;
42 static char *interpolated_path
;
44 /* Flag indicating client sent extra args. */
45 static int saw_extended_args
;
47 /* If defined, ~user notation is allowed and the string is inserted
48 * after ~user/. E.g. a request to git://host/~alice/frotz would
49 * go to /home/alice/pub_git/frotz with --user-path=pub_git.
51 static const char *user_path
;
53 /* Timeout, and initial timeout */
54 static unsigned int timeout
;
55 static unsigned int init_timeout
;
58 * Static table for now. Ugh.
59 * Feel free to make dynamic as needed.
61 #define INTERP_SLOT_HOST (0)
62 #define INTERP_SLOT_CANON_HOST (1)
63 #define INTERP_SLOT_IP (2)
64 #define INTERP_SLOT_PORT (3)
65 #define INTERP_SLOT_DIR (4)
66 #define INTERP_SLOT_PERCENT (5)
68 static struct interp interp_table
[] = {
78 static void logreport(int priority
, const char *err
, va_list params
)
80 /* We should do a single write so that it is atomic and output
81 * of several processes do not get intermingled. */
86 /* sizeof(buf) should be big enough for "[pid] \n" */
87 buflen
= snprintf(buf
, sizeof(buf
), "[%ld] ", (long) getpid());
89 maxlen
= sizeof(buf
) - buflen
- 1; /* -1 for our own LF */
90 msglen
= vsnprintf(buf
+ buflen
, maxlen
, err
, params
);
93 syslog(priority
, "%s", buf
);
97 /* maxlen counted our own LF but also counts space given to
98 * vsnprintf for the terminating NUL. We want to make sure that
99 * we have space for our own LF and NUL after the "meat" of the
100 * message, so truncate it at maxlen - 1.
102 if (msglen
> maxlen
- 1)
105 msglen
= 0; /* Protect against weird return values. */
108 buf
[buflen
++] = '\n';
111 write(2, buf
, buflen
);
114 static void logerror(const char *err
, ...)
117 va_start(params
, err
);
118 logreport(LOG_ERR
, err
, params
);
122 static void loginfo(const char *err
, ...)
127 va_start(params
, err
);
128 logreport(LOG_INFO
, err
, params
);
132 static void NORETURN
daemon_die(const char *err
, va_list params
)
134 logreport(LOG_ERR
, err
, params
);
138 static int avoid_alias(char *p
)
143 * This resurrects the belts and suspenders paranoia check by HPA
144 * done in <435560F7.4080006@zytor.com> thread, now enter_repo()
145 * does not do getcwd() based path canonicalizations.
147 * sl becomes true immediately after seeing '/' and continues to
148 * be true as long as dots continue after that without intervening
151 if (!p
|| (*p
!= '/' && *p
!= '~'))
161 else if (ch
== '/') {
163 /* reject //, /./ and /../ */
168 if (0 < ndot
&& ndot
< 3)
169 /* reject /.$ and /..$ */
178 else if (ch
== '/') {
185 static char *path_ok(struct interp
*itable
)
187 static char rpath
[PATH_MAX
];
188 static char interp_path
[PATH_MAX
];
192 dir
= itable
[INTERP_SLOT_DIR
].value
;
194 if (avoid_alias(dir
)) {
195 logerror("'%s': aliased", dir
);
201 logerror("'%s': User-path not allowed", dir
);
205 /* Got either "~alice" or "~alice/foo";
206 * rewrite them to "~alice/%s" or
209 int namlen
, restlen
= strlen(dir
);
210 char *slash
= strchr(dir
, '/');
212 slash
= dir
+ restlen
;
213 namlen
= slash
- dir
;
215 loginfo("userpath <%s>, request <%s>, namlen %d, restlen %d, slash <%s>", user_path
, dir
, namlen
, restlen
, slash
);
216 snprintf(rpath
, PATH_MAX
, "%.*s/%s%.*s",
217 namlen
, dir
, user_path
, restlen
, slash
);
221 else if (interpolated_path
&& saw_extended_args
) {
223 /* Allow only absolute */
224 logerror("'%s': Non-absolute path denied (interpolated-path active)", dir
);
228 interpolate(interp_path
, PATH_MAX
, interpolated_path
,
229 interp_table
, ARRAY_SIZE(interp_table
));
230 loginfo("Interpolated dir '%s'", interp_path
);
234 else if (base_path
) {
236 /* Allow only absolute */
237 logerror("'%s': Non-absolute path denied (base-path active)", dir
);
240 snprintf(rpath
, PATH_MAX
, "%s%s", base_path
, dir
);
244 path
= enter_repo(dir
, strict_paths
);
247 logerror("'%s': unable to chdir or not a git archive", dir
);
251 if ( ok_paths
&& *ok_paths
) {
253 int pathlen
= strlen(path
);
255 /* The validation is done on the paths after enter_repo
256 * appends optional {.git,.git/.git} and friends, but
257 * it does not use getcwd(). So if your /pub is
258 * a symlink to /mnt/pub, you can whitelist /pub and
259 * do not have to say /mnt/pub.
262 for ( pp
= ok_paths
; *pp
; pp
++ ) {
263 int len
= strlen(*pp
);
264 if (len
<= pathlen
&&
265 !memcmp(*pp
, path
, len
) &&
266 (path
[len
] == '\0' ||
267 (!strict_paths
&& path
[len
] == '/')))
272 /* be backwards compatible */
277 logerror("'%s': not in whitelist", path
);
278 return NULL
; /* Fallthrough. Deny by default */
281 typedef int (*daemon_service_fn
)(void);
282 struct daemon_service
{
284 const char *config_name
;
285 daemon_service_fn fn
;
290 static struct daemon_service
*service_looking_at
;
291 static int service_enabled
;
293 static int git_daemon_config(const char *var
, const char *value
)
295 if (!strncmp(var
, "daemon.", 7) &&
296 !strcmp(var
+ 7, service_looking_at
->config_name
)) {
297 service_enabled
= git_config_bool(var
, value
);
301 /* we are not interested in parsing any other configuration here */
305 static int run_service(struct interp
*itable
, struct daemon_service
*service
)
308 int enabled
= service
->enabled
;
310 loginfo("Request %s for '%s'",
312 itable
[INTERP_SLOT_DIR
].value
);
314 if (!enabled
&& !service
->overridable
) {
315 logerror("'%s': service not enabled.", service
->name
);
320 if (!(path
= path_ok(itable
)))
324 * Security on the cheap.
326 * We want a readable HEAD, usable "objects" directory, and
327 * a "git-daemon-export-ok" flag that says that the other side
328 * is ok with us doing this.
330 * path_ok() uses enter_repo() and does whitelist checking.
331 * We only need to make sure the repository is exported.
334 if (!export_all_trees
&& access("git-daemon-export-ok", F_OK
)) {
335 logerror("'%s': repository not exported.", path
);
340 if (service
->overridable
) {
341 service_looking_at
= service
;
342 service_enabled
= -1;
343 git_config(git_daemon_config
);
344 if (0 <= service_enabled
)
345 enabled
= service_enabled
;
348 logerror("'%s': service not enabled for '%s'",
349 service
->name
, path
);
355 * We'll ignore SIGTERM from now on, we have a
358 signal(SIGTERM
, SIG_IGN
);
360 return service
->fn();
363 static int upload_pack(void)
365 /* Timeout as string */
366 char timeout_buf
[64];
368 snprintf(timeout_buf
, sizeof timeout_buf
, "--timeout=%u", timeout
);
370 /* git-upload-pack only ever reads stuff, so this is safe */
371 execl_git_cmd("upload-pack", "--strict", timeout_buf
, ".", NULL
);
375 static int upload_archive(void)
377 execl_git_cmd("upload-archive", ".", NULL
);
381 static struct daemon_service daemon_service
[] = {
382 { "upload-archive", "uploadarch", upload_archive
, 0, 1 },
383 { "upload-pack", "uploadpack", upload_pack
, 1, 1 },
386 static void enable_service(const char *name
, int ena
) {
388 for (i
= 0; i
< ARRAY_SIZE(daemon_service
); i
++) {
389 if (!strcmp(daemon_service
[i
].name
, name
)) {
390 daemon_service
[i
].enabled
= ena
;
394 die("No such service %s", name
);
397 static void make_service_overridable(const char *name
, int ena
) {
399 for (i
= 0; i
< ARRAY_SIZE(daemon_service
); i
++) {
400 if (!strcmp(daemon_service
[i
].name
, name
)) {
401 daemon_service
[i
].overridable
= ena
;
405 die("No such service %s", name
);
408 static void parse_extra_args(char *extra_args
, int buflen
)
412 char *end
= extra_args
+ buflen
;
414 while (extra_args
< end
&& *extra_args
) {
415 saw_extended_args
= 1;
416 if (strncasecmp("host=", extra_args
, 5) == 0) {
417 val
= extra_args
+ 5;
418 vallen
= strlen(val
) + 1;
421 char *save
= xmalloc(vallen
); /* FIXME: Leak */
423 interp_table
[INTERP_SLOT_HOST
].value
= save
;
424 strlcpy(save
, val
, vallen
);
425 port
= strrchr(save
, ':');
429 interp_table
[INTERP_SLOT_PORT
].value
= port
;
432 /* On to the next one */
433 extra_args
= val
+ vallen
;
438 void fill_in_extra_table_entries(struct interp
*itable
)
441 char *canon_host
= NULL
;
445 * Replace literal host with lowercase-ized hostname.
447 hp
= interp_table
[INTERP_SLOT_HOST
].value
;
452 * Locate canonical hostname and its IP address.
456 struct addrinfo hints
;
457 struct addrinfo
*ai
, *ai0
;
459 static char addrbuf
[HOST_NAME_MAX
+ 1];
461 memset(&hints
, 0, sizeof(hints
));
462 hints
.ai_flags
= AI_CANONNAME
;
464 gai
= getaddrinfo(interp_table
[INTERP_SLOT_HOST
].value
, 0, &hints
, &ai0
);
466 for (ai
= ai0
; ai
; ai
= ai
->ai_next
) {
467 struct sockaddr_in
*sin_addr
= (void *)ai
->ai_addr
;
469 canon_host
= xstrdup(ai
->ai_canonname
);
470 inet_ntop(AF_INET
, &sin_addr
->sin_addr
,
471 addrbuf
, sizeof(addrbuf
));
480 struct hostent
*hent
;
481 struct sockaddr_in sa
;
483 static char addrbuf
[HOST_NAME_MAX
+ 1];
485 hent
= gethostbyname(interp_table
[INTERP_SLOT_HOST
].value
);
486 canon_host
= xstrdup(hent
->h_name
);
488 ap
= hent
->h_addr_list
;
489 memset(&sa
, 0, sizeof sa
);
490 sa
.sin_family
= hent
->h_addrtype
;
491 sa
.sin_port
= htons(0);
492 memcpy(&sa
.sin_addr
, *ap
, hent
->h_length
);
494 inet_ntop(hent
->h_addrtype
, &sa
.sin_addr
,
495 addrbuf
, sizeof(addrbuf
));
500 interp_table
[INTERP_SLOT_CANON_HOST
].value
= canon_host
; /* FIXME: Leak */
501 interp_table
[INTERP_SLOT_IP
].value
= xstrdup(ipaddr
); /* FIXME: Leak */
505 static int execute(struct sockaddr
*addr
)
507 static char line
[1000];
511 char addrbuf
[256] = "";
514 if (addr
->sa_family
== AF_INET
) {
515 struct sockaddr_in
*sin_addr
= (void *) addr
;
516 inet_ntop(addr
->sa_family
, &sin_addr
->sin_addr
, addrbuf
, sizeof(addrbuf
));
517 port
= sin_addr
->sin_port
;
519 } else if (addr
&& addr
->sa_family
== AF_INET6
) {
520 struct sockaddr_in6
*sin6_addr
= (void *) addr
;
523 *buf
++ = '['; *buf
= '\0'; /* stpcpy() is cool */
524 inet_ntop(AF_INET6
, &sin6_addr
->sin6_addr
, buf
, sizeof(addrbuf
) - 1);
527 port
= sin6_addr
->sin6_port
;
530 loginfo("Connection from %s:%d", addrbuf
, port
);
533 alarm(init_timeout
? init_timeout
: timeout
);
534 pktlen
= packet_read_line(0, line
, sizeof(line
));
539 loginfo("Extended attributes (%d bytes) exist <%.*s>",
541 (int) pktlen
- len
, line
+ len
+ 1);
542 if (len
&& line
[len
-1] == '\n')
546 parse_extra_args(line
+ len
+ 1, pktlen
- len
- 1);
547 fill_in_extra_table_entries(interp_table
);
550 for (i
= 0; i
< ARRAY_SIZE(daemon_service
); i
++) {
551 struct daemon_service
*s
= &(daemon_service
[i
]);
552 int namelen
= strlen(s
->name
);
553 if (!strncmp("git-", line
, 4) &&
554 !strncmp(s
->name
, line
+ 4, namelen
) &&
555 line
[namelen
+ 4] == ' ') {
556 interp_table
[INTERP_SLOT_DIR
].value
= line
+namelen
+5;
557 return run_service(interp_table
, s
);
561 logerror("Protocol error: '%s'", line
);
567 * We count spawned/reaped separately, just to avoid any
568 * races when updating them from signals. The SIGCHLD handler
569 * will only update children_reaped, and the fork logic will
570 * only update children_spawned.
572 * MAX_CHILDREN should be a power-of-two to make the modulus
573 * operation cheap. It should also be at least twice
574 * the maximum number of connections we will ever allow.
576 #define MAX_CHILDREN 128
578 static int max_connections
= 25;
580 /* These are updated by the signal handler */
581 static volatile unsigned int children_reaped
;
582 static pid_t dead_child
[MAX_CHILDREN
];
584 /* These are updated by the main loop */
585 static unsigned int children_spawned
;
586 static unsigned int children_deleted
;
588 static struct child
{
591 struct sockaddr_storage address
;
592 } live_child
[MAX_CHILDREN
];
594 static void add_child(int idx
, pid_t pid
, struct sockaddr
*addr
, int addrlen
)
596 live_child
[idx
].pid
= pid
;
597 live_child
[idx
].addrlen
= addrlen
;
598 memcpy(&live_child
[idx
].address
, addr
, addrlen
);
602 * Walk from "deleted" to "spawned", and remove child "pid".
604 * We move everything up by one, since the new "deleted" will
607 static void remove_child(pid_t pid
, unsigned deleted
, unsigned spawned
)
611 deleted
%= MAX_CHILDREN
;
612 spawned
%= MAX_CHILDREN
;
613 if (live_child
[deleted
].pid
== pid
) {
614 live_child
[deleted
].pid
= -1;
617 n
= live_child
[deleted
];
620 deleted
= (deleted
+ 1) % MAX_CHILDREN
;
621 if (deleted
== spawned
)
622 die("could not find dead child %d\n", pid
);
623 m
= live_child
[deleted
];
624 live_child
[deleted
] = n
;
632 * This gets called if the number of connections grows
633 * past "max_connections".
635 * We _should_ start off by searching for connections
636 * from the same IP, and if there is some address wth
637 * multiple connections, we should kill that first.
639 * As it is, we just "randomly" kill 25% of the connections,
640 * and our pseudo-random generator sucks too. I have no
643 * Really, this is just a place-holder for a _real_ algorithm.
645 static void kill_some_children(int signo
, unsigned start
, unsigned stop
)
647 start
%= MAX_CHILDREN
;
648 stop
%= MAX_CHILDREN
;
649 while (start
!= stop
) {
651 kill(live_child
[start
].pid
, signo
);
652 start
= (start
+ 1) % MAX_CHILDREN
;
656 static void check_max_connections(void)
660 unsigned spawned
, reaped
, deleted
;
662 spawned
= children_spawned
;
663 reaped
= children_reaped
;
664 deleted
= children_deleted
;
666 while (deleted
< reaped
) {
667 pid_t pid
= dead_child
[deleted
% MAX_CHILDREN
];
668 remove_child(pid
, deleted
, spawned
);
671 children_deleted
= deleted
;
673 active
= spawned
- deleted
;
674 if (active
<= max_connections
)
677 /* Kill some unstarted connections with SIGTERM */
678 kill_some_children(SIGTERM
, deleted
, spawned
);
679 if (active
<= max_connections
<< 1)
682 /* If the SIGTERM thing isn't helping use SIGKILL */
683 kill_some_children(SIGKILL
, deleted
, spawned
);
688 static void handle(int incoming
, struct sockaddr
*addr
, int addrlen
)
699 idx
= children_spawned
% MAX_CHILDREN
;
701 add_child(idx
, pid
, addr
, addrlen
);
703 check_max_connections();
714 static void child_handler(int signo
)
718 pid_t pid
= waitpid(-1, &status
, WNOHANG
);
721 unsigned reaped
= children_reaped
;
722 dead_child
[reaped
% MAX_CHILDREN
] = pid
;
723 children_reaped
= reaped
+ 1;
724 /* XXX: Custom logging, since we don't wanna getpid() */
726 const char *dead
= "";
727 if (!WIFEXITED(status
) || WEXITSTATUS(status
) > 0)
728 dead
= " (with error)";
730 syslog(LOG_INFO
, "[%d] Disconnected%s", pid
, dead
);
732 fprintf(stderr
, "[%d] Disconnected%s\n", pid
, dead
);
740 static int set_reuse_addr(int sockfd
)
746 return setsockopt(sockfd
, SOL_SOCKET
, SO_REUSEADDR
,
752 static int socksetup(char *listen_addr
, int listen_port
, int **socklist_p
)
754 int socknum
= 0, *socklist
= NULL
;
756 char pbuf
[NI_MAXSERV
];
757 struct addrinfo hints
, *ai0
, *ai
;
760 sprintf(pbuf
, "%d", listen_port
);
761 memset(&hints
, 0, sizeof(hints
));
762 hints
.ai_family
= AF_UNSPEC
;
763 hints
.ai_socktype
= SOCK_STREAM
;
764 hints
.ai_protocol
= IPPROTO_TCP
;
765 hints
.ai_flags
= AI_PASSIVE
;
767 gai
= getaddrinfo(listen_addr
, pbuf
, &hints
, &ai0
);
769 die("getaddrinfo() failed: %s\n", gai_strerror(gai
));
771 for (ai
= ai0
; ai
; ai
= ai
->ai_next
) {
774 sockfd
= socket(ai
->ai_family
, ai
->ai_socktype
, ai
->ai_protocol
);
777 if (sockfd
>= FD_SETSIZE
) {
778 error("too large socket descriptor.");
784 if (ai
->ai_family
== AF_INET6
) {
786 setsockopt(sockfd
, IPPROTO_IPV6
, IPV6_V6ONLY
,
788 /* Note: error is not fatal */
792 if (set_reuse_addr(sockfd
)) {
797 if (bind(sockfd
, ai
->ai_addr
, ai
->ai_addrlen
) < 0) {
799 continue; /* not fatal */
801 if (listen(sockfd
, 5) < 0) {
803 continue; /* not fatal */
806 socklist
= xrealloc(socklist
, sizeof(int) * (socknum
+ 1));
807 socklist
[socknum
++] = sockfd
;
815 *socklist_p
= socklist
;
821 static int socksetup(char *lisen_addr
, int listen_port
, int **socklist_p
)
823 struct sockaddr_in sin
;
826 memset(&sin
, 0, sizeof sin
);
827 sin
.sin_family
= AF_INET
;
828 sin
.sin_port
= htons(listen_port
);
831 /* Well, host better be an IP address here. */
832 if (inet_pton(AF_INET
, listen_addr
, &sin
.sin_addr
.s_addr
) <= 0)
835 sin
.sin_addr
.s_addr
= htonl(INADDR_ANY
);
838 sockfd
= socket(AF_INET
, SOCK_STREAM
, 0);
842 if (set_reuse_addr(sockfd
)) {
847 if ( bind(sockfd
, (struct sockaddr
*)&sin
, sizeof sin
) < 0 ) {
852 if (listen(sockfd
, 5) < 0) {
857 *socklist_p
= xmalloc(sizeof(int));
858 **socklist_p
= sockfd
;
864 static int service_loop(int socknum
, int *socklist
)
869 pfd
= xcalloc(socknum
, sizeof(struct pollfd
));
871 for (i
= 0; i
< socknum
; i
++) {
872 pfd
[i
].fd
= socklist
[i
];
873 pfd
[i
].events
= POLLIN
;
876 signal(SIGCHLD
, child_handler
);
881 if (poll(pfd
, socknum
, -1) < 0) {
882 if (errno
!= EINTR
) {
883 error("poll failed, resuming: %s",
890 for (i
= 0; i
< socknum
; i
++) {
891 if (pfd
[i
].revents
& POLLIN
) {
892 struct sockaddr_storage ss
;
893 unsigned int sslen
= sizeof(ss
);
894 int incoming
= accept(pfd
[i
].fd
, (struct sockaddr
*)&ss
, &sslen
);
902 die("accept returned %s", strerror(errno
));
905 handle(incoming
, (struct sockaddr
*)&ss
, sslen
);
911 /* if any standard file descriptor is missing open it to /dev/null */
912 static void sanitize_stdfds(void)
914 int fd
= open("/dev/null", O_RDWR
, 0);
915 while (fd
!= -1 && fd
< 2)
918 die("open /dev/null or dup failed: %s", strerror(errno
));
923 static void daemonize(void)
929 die("fork failed: %s", strerror(errno
));
934 die("setsid failed: %s", strerror(errno
));
941 static void store_pid(const char *path
)
943 FILE *f
= fopen(path
, "w");
945 die("cannot open pid file %s: %s", path
, strerror(errno
));
946 fprintf(f
, "%d\n", getpid());
950 static int serve(char *listen_addr
, int listen_port
, struct passwd
*pass
, gid_t gid
)
952 int socknum
, *socklist
;
954 socknum
= socksetup(listen_addr
, listen_port
, &socklist
);
956 die("unable to allocate any listen sockets on host %s port %u",
957 listen_addr
, listen_port
);
960 (initgroups(pass
->pw_name
, gid
) || setgid (gid
) ||
961 setuid(pass
->pw_uid
)))
962 die("cannot drop privileges");
964 return service_loop(socknum
, socklist
);
967 int main(int argc
, char **argv
)
970 char *listen_addr
= NULL
;
972 const char *pid_file
= NULL
, *user_name
= NULL
, *group_name
= NULL
;
974 struct passwd
*pass
= NULL
;
979 /* Without this we cannot rely on waitpid() to tell
980 * what happened to our children.
982 signal(SIGCHLD
, SIG_DFL
);
984 for (i
= 1; i
< argc
; i
++) {
987 if (!strncmp(arg
, "--listen=", 9)) {
989 char *ph
= listen_addr
= xmalloc(strlen(arg
+ 9) + 1);
991 *ph
++ = tolower(*p
++);
995 if (!strncmp(arg
, "--port=", 7)) {
998 n
= strtoul(arg
+7, &end
, 0);
999 if (arg
[7] && !*end
) {
1004 if (!strcmp(arg
, "--inetd")) {
1009 if (!strcmp(arg
, "--verbose")) {
1013 if (!strcmp(arg
, "--syslog")) {
1017 if (!strcmp(arg
, "--export-all")) {
1018 export_all_trees
= 1;
1021 if (!strncmp(arg
, "--timeout=", 10)) {
1022 timeout
= atoi(arg
+10);
1025 if (!strncmp(arg
, "--init-timeout=", 15)) {
1026 init_timeout
= atoi(arg
+15);
1029 if (!strcmp(arg
, "--strict-paths")) {
1033 if (!strncmp(arg
, "--base-path=", 12)) {
1037 if (!strncmp(arg
, "--interpolated-path=", 20)) {
1038 interpolated_path
= arg
+20;
1041 if (!strcmp(arg
, "--reuseaddr")) {
1045 if (!strcmp(arg
, "--user-path")) {
1049 if (!strncmp(arg
, "--user-path=", 12)) {
1050 user_path
= arg
+ 12;
1053 if (!strncmp(arg
, "--pid-file=", 11)) {
1054 pid_file
= arg
+ 11;
1057 if (!strcmp(arg
, "--detach")) {
1062 if (!strncmp(arg
, "--user=", 7)) {
1063 user_name
= arg
+ 7;
1066 if (!strncmp(arg
, "--group=", 8)) {
1067 group_name
= arg
+ 8;
1070 if (!strncmp(arg
, "--enable=", 9)) {
1071 enable_service(arg
+ 9, 1);
1074 if (!strncmp(arg
, "--disable=", 10)) {
1075 enable_service(arg
+ 10, 0);
1078 if (!strncmp(arg
, "--allow-override=", 17)) {
1079 make_service_overridable(arg
+ 17, 1);
1082 if (!strncmp(arg
, "--forbid-override=", 18)) {
1083 make_service_overridable(arg
+ 18, 0);
1086 if (!strcmp(arg
, "--")) {
1087 ok_paths
= &argv
[i
+1];
1089 } else if (arg
[0] != '-') {
1090 ok_paths
= &argv
[i
];
1094 usage(daemon_usage
);
1097 if (inetd_mode
&& (group_name
|| user_name
))
1098 die("--user and --group are incompatible with --inetd");
1100 if (inetd_mode
&& (listen_port
|| listen_addr
))
1101 die("--listen= and --port= are incompatible with --inetd");
1102 else if (listen_port
== 0)
1103 listen_port
= DEFAULT_GIT_PORT
;
1105 if (group_name
&& !user_name
)
1106 die("--group supplied without --user");
1109 pass
= getpwnam(user_name
);
1111 die("user not found - %s", user_name
);
1116 group
= getgrnam(group_name
);
1118 die("group not found - %s", group_name
);
1120 gid
= group
->gr_gid
;
1125 openlog("git-daemon", 0, LOG_DAEMON
);
1126 set_die_routine(daemon_die
);
1129 if (strict_paths
&& (!ok_paths
|| !*ok_paths
))
1130 die("option --strict-paths requires a whitelist");
1133 struct sockaddr_storage ss
;
1134 struct sockaddr
*peer
= (struct sockaddr
*)&ss
;
1135 socklen_t slen
= sizeof(ss
);
1137 freopen("/dev/null", "w", stderr
);
1139 if (getpeername(0, peer
, &slen
))
1142 return execute(peer
);
1151 store_pid(pid_file
);
1153 return serve(listen_addr
, listen_port
, pass
, gid
);