Signed-off-by: Franck Bui-Huu <vagabon.xyz@xxxxxxxxx>
---
daemon.c | 78 ++++++++++++++++++++++++++++++++++++++++++++++++--------------
1 files changed, 61 insertions(+), 17 deletions(-)
diff --git a/daemon.c b/daemon.c
index 66ec830..ed3a13d 100644
--- a/daemon.c
+++ b/daemon.c
@@ -232,16 +232,57 @@ static char *path_ok(char *dir)
return NULL; /* Fallthrough. Deny by default */
}
-static int upload(char *dir)
+/*
+ * Services we're able to deal with.
+ */
+static int service_upload_pack(const char *dir, const char *args)
{
/* Timeout as string */
char timeout_buf[64];
+
+ snprintf(timeout_buf, sizeof timeout_buf, "--timeout=%u", timeout);
+
+ /* git-upload-pack only ever reads stuff, so this is safe */
+ execl_git_cmd("upload-pack", "--strict", timeout_buf, ".", NULL);
+ return -1;
+}
+
+/* service options */
+#define NEED_REPO (1<<0)
+
+struct service_info {
+ const char *name;
+ int (*fn)(const char *dir, const char *args);
+ int options;
+};
+
+static struct service_info services[] = {
+ { "git-upload-pack", service_upload_pack, NEED_REPO },
+};
+
+static int run_service(char *cmdline)
+{
+ struct service_info *serv;
const char *path;
+ size_t len;
+ int i;
- loginfo("Request for '%s'", dir);
+ for (i = 0; i < ARRAY_SIZE(services); i++) {
+ serv = &services[i];
+
+ len = strlen(serv->name);
+ if (strncmp(cmdline, serv->name, len))
+ continue;
+ if (cmdline[len] != ' ')
+ continue;
+ goto found;
+ }
+ return -1;
+found:
+ cmdline += len + 1;
+ path = NULL;
- if (!(path = path_ok(dir)))
- return -1;
+ loginfo("Request '%s' for '%s'", serv->name, cmdline);
/*
* Security on the cheap.
@@ -253,30 +294,33 @@ static int upload(char *dir)
* path_ok() uses enter_repo() and does whitelist checking.
* We only need to make sure the repository is exported.
*/
+ if (serv->options & NEED_REPO) {
+ if (!(path = path_ok(cmdline)))
+ return -1;
- if (!export_all_trees && access("git-daemon-export-ok", F_OK)) {
- logerror("'%s': repository not exported.", path);
- errno = EACCES;
- return -1;
+ if (!export_all_trees && access("git-daemon-export-ok", F_OK)) {
+ logerror("'%s': repository not exported.", path);
+ errno = EACCES;
+ return -1;
+ }
+ cmdline += strlen(path) + 1;
}
-
+
/*
* We'll ignore SIGTERM from now on, we have a
* good client.
*/
signal(SIGTERM, SIG_IGN);
- snprintf(timeout_buf, sizeof timeout_buf, "--timeout=%u", timeout);
+ return serv->fn(path, cmdline);
- /* git-upload-pack only ever reads stuff, so this is safe */
- execl_git_cmd("upload-pack", "--strict", timeout_buf, ".", NULL);
- return -1;
}
static int execute(struct sockaddr *addr)
{
static char line[1000];
int pktlen, len;
+ int rv;
if (addr) {
char addrbuf[256] = "";
@@ -313,11 +357,11 @@ #endif
if (len && line[len-1] == '\n')
line[--len] = 0;
- if (!strncmp("git-upload-pack ", line, 16))
- return upload(line+16);
+ rv = run_service(line);
+ if (rv < 0)
+ logerror("Protocol error: '%s'", line);
- logerror("Protocol error: '%s'", line);
- return -1;
+ return rv;
}
--
1.4.2
-
To unsubscribe from this list: send the line "unsubscribe git" in
the body of a message to majordomo@xxxxxxxxxxxxxxx
More majordomo info at http://vger.kernel.org/majordomo-info.html