5 #include <sys/socket.h>
8 #include <netinet/in.h>
12 static int log_syslog;
15 static const char daemon_usage[] =
16 "git-daemon [--verbose] [--syslog] [--inetd | --port=n] [--export-all]\n"
17 " [--timeout=n] [--init-timeout=n] [directory...]";
19 /* List of acceptable pathname prefixes */
20 static char **ok_paths = NULL;
22 /* If this is set, git-daemon-export-ok is not required */
23 static int export_all_trees = 0;
25 /* Timeout, and initial timeout */
26 static unsigned int timeout = 0;
27 static unsigned int init_timeout = 0;
29 static void logreport(int priority, const char *err, va_list params)
31 /* We should do a single write so that it is atomic and output
32 * of several processes do not get intermingled. */
37 /* sizeof(buf) should be big enough for "[pid] \n" */
38 buflen = snprintf(buf, sizeof(buf), "[%ld] ", (long) getpid());
40 maxlen = sizeof(buf) - buflen - 1; /* -1 for our own LF */
41 msglen = vsnprintf(buf + buflen, maxlen, err, params);
44 syslog(priority, "%s", buf);
48 /* maxlen counted our own LF but also counts space given to
49 * vsnprintf for the terminating NUL. We want to make sure that
50 * we have space for our own LF and NUL after the "meat" of the
51 * message, so truncate it at maxlen - 1.
53 if (msglen > maxlen - 1)
56 msglen = 0; /* Protect against weird return values. */
62 write(2, buf, buflen);
65 static void logerror(const char *err, ...)
68 va_start(params, err);
69 logreport(LOG_ERR, err, params);
73 static void loginfo(const char *err, ...)
78 va_start(params, err);
79 logreport(LOG_INFO, err, params);
83 static int path_ok(const char *dir)
89 /* The pathname here should be an absolute path. */
98 } else if ( *p == '\0' ) {
99 /* Reject "." and ".." at the end of the path */
100 if ( sl && ndot > 0 && ndot < 3 )
105 } else if ( *p == '/' ) {
106 /* Refuse "", "." or ".." */
107 if ( sl && ndot < 3 )
117 if ( ok_paths && *ok_paths ) {
119 int dirlen = strlen(dir);
121 for ( pp = ok_paths ; *pp ; pp++ ) {
122 int len = strlen(*pp);
123 if ( len <= dirlen &&
124 !strncmp(*pp, dir, len) &&
125 (dir[len] == '/' || dir[len] == '\0') ) {
132 return 0; /* Path not in whitelist */
135 return 1; /* Path acceptable */
138 static int set_dir(const char *dir)
149 * Security on the cheap.
151 * We want a readable HEAD, usable "objects" directory, and
152 * a "git-daemon-export-ok" flag that says that the other side
153 * is ok with us doing this.
155 if (!export_all_trees && access("git-daemon-export-ok", F_OK)) {
160 if (access("objects/", X_OK) || access("HEAD", R_OK)) {
165 /* If all this passed, we're OK */
169 static int upload(char *dir)
171 /* Try paths in this order */
172 static const char *paths[] = { "%s", "%s/.git", "%s.git", "%s.git/.git", NULL };
174 /* Enough for the longest path above including final null */
175 int buflen = strlen(dir)+10;
176 char *dirbuf = xmalloc(buflen);
177 /* Timeout as string */
178 char timeout_buf[64];
180 loginfo("Request for '%s'", dir);
182 for ( pp = paths ; *pp ; pp++ ) {
183 snprintf(dirbuf, buflen, *pp, dir);
184 if ( !set_dir(dirbuf) )
189 logerror("Cannot set directory '%s': %s", dir, strerror(errno));
194 * We'll ignore SIGTERM from now on, we have a
197 signal(SIGTERM, SIG_IGN);
199 snprintf(timeout_buf, sizeof timeout_buf, "--timeout=%u", timeout);
201 /* git-upload-pack only ever reads stuff, so this is safe */
202 execlp("git-upload-pack", "git-upload-pack", "--strict", timeout_buf, ".", NULL);
206 static int execute(void)
208 static char line[1000];
211 alarm(init_timeout ? init_timeout : timeout);
212 len = packet_read_line(0, line, sizeof(line));
215 if (len && line[len-1] == '\n')
218 if (!strncmp("git-upload-pack /", line, 17))
219 return upload(line+16);
221 logerror("Protocol error: '%s'", line);
227 * We count spawned/reaped separately, just to avoid any
228 * races when updating them from signals. The SIGCHLD handler
229 * will only update children_reaped, and the fork logic will
230 * only update children_spawned.
232 * MAX_CHILDREN should be a power-of-two to make the modulus
233 * operation cheap. It should also be at least twice
234 * the maximum number of connections we will ever allow.
236 #define MAX_CHILDREN 128
238 static int max_connections = 25;
240 /* These are updated by the signal handler */
241 static volatile unsigned int children_reaped = 0;
242 static pid_t dead_child[MAX_CHILDREN];
244 /* These are updated by the main loop */
245 static unsigned int children_spawned = 0;
246 static unsigned int children_deleted = 0;
248 static struct child {
251 struct sockaddr_storage address;
252 } live_child[MAX_CHILDREN];
254 static void add_child(int idx, pid_t pid, struct sockaddr *addr, int addrlen)
256 live_child[idx].pid = pid;
257 live_child[idx].addrlen = addrlen;
258 memcpy(&live_child[idx].address, addr, addrlen);
262 * Walk from "deleted" to "spawned", and remove child "pid".
264 * We move everything up by one, since the new "deleted" will
267 static void remove_child(pid_t pid, unsigned deleted, unsigned spawned)
271 deleted %= MAX_CHILDREN;
272 spawned %= MAX_CHILDREN;
273 if (live_child[deleted].pid == pid) {
274 live_child[deleted].pid = -1;
277 n = live_child[deleted];
280 deleted = (deleted + 1) % MAX_CHILDREN;
281 if (deleted == spawned)
282 die("could not find dead child %d\n", pid);
283 m = live_child[deleted];
284 live_child[deleted] = n;
292 * This gets called if the number of connections grows
293 * past "max_connections".
295 * We _should_ start off by searching for connections
296 * from the same IP, and if there is some address wth
297 * multiple connections, we should kill that first.
299 * As it is, we just "randomly" kill 25% of the connections,
300 * and our pseudo-random generator sucks too. I have no
303 * Really, this is just a place-holder for a _real_ algorithm.
305 static void kill_some_children(int signo, unsigned start, unsigned stop)
307 start %= MAX_CHILDREN;
308 stop %= MAX_CHILDREN;
309 while (start != stop) {
311 kill(live_child[start].pid, signo);
312 start = (start + 1) % MAX_CHILDREN;
316 static void check_max_connections(void)
320 unsigned spawned, reaped, deleted;
322 spawned = children_spawned;
323 reaped = children_reaped;
324 deleted = children_deleted;
326 while (deleted < reaped) {
327 pid_t pid = dead_child[deleted % MAX_CHILDREN];
328 remove_child(pid, deleted, spawned);
331 children_deleted = deleted;
333 active = spawned - deleted;
334 if (active <= max_connections)
337 /* Kill some unstarted connections with SIGTERM */
338 kill_some_children(SIGTERM, deleted, spawned);
339 if (active <= max_connections << 1)
342 /* If the SIGTERM thing isn't helping use SIGKILL */
343 kill_some_children(SIGKILL, deleted, spawned);
348 static void handle(int incoming, struct sockaddr *addr, int addrlen)
351 char addrbuf[256] = "";
361 idx = children_spawned % MAX_CHILDREN;
363 add_child(idx, pid, addr, addrlen);
365 check_max_connections();
373 if (addr->sa_family == AF_INET) {
374 struct sockaddr_in *sin_addr = (void *) addr;
375 inet_ntop(AF_INET, &sin_addr->sin_addr, addrbuf, sizeof(addrbuf));
376 port = sin_addr->sin_port;
378 } else if (addr->sa_family == AF_INET6) {
379 struct sockaddr_in6 *sin6_addr = (void *) addr;
382 *buf++ = '['; *buf = '\0'; /* stpcpy() is cool */
383 inet_ntop(AF_INET6, &sin6_addr->sin6_addr, buf, sizeof(addrbuf) - 1);
386 port = sin6_addr->sin6_port;
388 loginfo("Connection from %s:%d", addrbuf, port);
393 static void child_handler(int signo)
397 pid_t pid = waitpid(-1, &status, WNOHANG);
400 unsigned reaped = children_reaped;
401 dead_child[reaped % MAX_CHILDREN] = pid;
402 children_reaped = reaped + 1;
403 /* XXX: Custom logging, since we don't wanna getpid() */
406 if (!WIFEXITED(status) || WEXITSTATUS(status) > 0)
407 dead = " (with error)";
409 syslog(LOG_INFO, "[%d] Disconnected%s", pid, dead);
411 fprintf(stderr, "[%d] Disconnected%s\n", pid, dead);
419 static int serve(int port)
421 struct addrinfo hints, *ai0, *ai;
423 int socknum = 0, *socklist = NULL;
425 fd_set fds_init, fds;
426 char pbuf[NI_MAXSERV];
428 signal(SIGCHLD, child_handler);
430 sprintf(pbuf, "%d", port);
431 memset(&hints, 0, sizeof(hints));
432 hints.ai_family = AF_UNSPEC;
433 hints.ai_socktype = SOCK_STREAM;
434 hints.ai_protocol = IPPROTO_TCP;
435 hints.ai_flags = AI_PASSIVE;
437 gai = getaddrinfo(NULL, pbuf, &hints, &ai0);
439 die("getaddrinfo() failed: %s\n", gai_strerror(gai));
443 for (ai = ai0; ai; ai = ai->ai_next) {
447 sockfd = socket(ai->ai_family, ai->ai_socktype, ai->ai_protocol);
450 if (sockfd >= FD_SETSIZE) {
451 error("too large socket descriptor.");
457 if (ai->ai_family == AF_INET6) {
459 setsockopt(sockfd, IPPROTO_IPV6, IPV6_V6ONLY,
461 /* Note: error is not fatal */
465 if (bind(sockfd, ai->ai_addr, ai->ai_addrlen) < 0) {
467 continue; /* not fatal */
469 if (listen(sockfd, 5) < 0) {
471 continue; /* not fatal */
474 newlist = realloc(socklist, sizeof(int) * (socknum + 1));
476 die("memory allocation failed: %s", strerror(errno));
479 socklist[socknum++] = sockfd;
481 FD_SET(sockfd, &fds_init);
489 die("unable to allocate any listen sockets on port %u", port);
495 if (select(maxfd + 1, &fds, NULL, NULL, NULL) < 0) {
496 if (errno != EINTR) {
497 error("select failed, resuming: %s",
504 for (i = 0; i < socknum; i++) {
505 int sockfd = socklist[i];
507 if (FD_ISSET(sockfd, &fds)) {
508 struct sockaddr_storage ss;
509 int sslen = sizeof(ss);
510 int incoming = accept(sockfd, (struct sockaddr *)&ss, &sslen);
518 die("accept returned %s", strerror(errno));
521 handle(incoming, (struct sockaddr *)&ss, sslen);
527 int main(int argc, char **argv)
529 int port = DEFAULT_GIT_PORT;
533 for (i = 1; i < argc; i++) {
536 if (!strncmp(arg, "--port=", 7)) {
539 n = strtoul(arg+7, &end, 0);
540 if (arg[7] && !*end) {
545 if (!strcmp(arg, "--inetd")) {
549 if (!strcmp(arg, "--verbose")) {
553 if (!strcmp(arg, "--syslog")) {
555 openlog("git-daemon", 0, LOG_DAEMON);
558 if (!strcmp(arg, "--export-all")) {
559 export_all_trees = 1;
562 if (!strncmp(arg, "--timeout=", 10)) {
563 timeout = atoi(arg+10);
565 if (!strncmp(arg, "--init-timeout=", 15)) {
566 init_timeout = atoi(arg+15);
568 if (!strcmp(arg, "--")) {
569 ok_paths = &argv[i+1];
571 } else if (arg[0] != '-') {
580 fclose(stderr); //FIXME: workaround
projects / git.git / blob