THIS IS A TEST INSTANCE ONLY! REPOSITORIES CAN BE DELETED AT ANY TIME!

Git Source Code Mirror - This is a publish-only repository and all pull requests are ignored. Please follow Documentation/SubmittingPatches procedure for any of your improvements.
git
Nie możesz wybrać więcej, niż 25 tematów Tematy muszą się zaczynać od litery lub cyfry, mogą zawierać myślniki ('-') i mogą mieć do 35 znaków.

1486 lines
35KB

  1. #include "cache.h"
  2. #include "config.h"
  3. #include "pkt-line.h"
  4. #include "run-command.h"
  5. #include "strbuf.h"
  6. #include "string-list.h"
  7. #ifdef NO_INITGROUPS
  8. #define initgroups(x, y) (0) /* nothing */
  9. #endif
  10. static enum log_destination {
  11. LOG_DESTINATION_UNSET = -1,
  12. LOG_DESTINATION_NONE = 0,
  13. LOG_DESTINATION_STDERR = 1,
  14. LOG_DESTINATION_SYSLOG = 2,
  15. } log_destination = LOG_DESTINATION_UNSET;
  16. static int verbose;
  17. static int reuseaddr;
  18. static int informative_errors;
  19. static const char daemon_usage[] =
  20. "git daemon [--verbose] [--syslog] [--export-all]\n"
  21. " [--timeout=<n>] [--init-timeout=<n>] [--max-connections=<n>]\n"
  22. " [--strict-paths] [--base-path=<path>] [--base-path-relaxed]\n"
  23. " [--user-path | --user-path=<path>]\n"
  24. " [--interpolated-path=<path>]\n"
  25. " [--reuseaddr] [--pid-file=<file>]\n"
  26. " [--(enable|disable|allow-override|forbid-override)=<service>]\n"
  27. " [--access-hook=<path>]\n"
  28. " [--inetd | [--listen=<host_or_ipaddr>] [--port=<n>]\n"
  29. " [--detach] [--user=<user> [--group=<group>]]\n"
  30. " [--log-destination=(stderr|syslog|none)]\n"
  31. " [<directory>...]";
  32. /* List of acceptable pathname prefixes */
  33. static const char **ok_paths;
  34. static int strict_paths;
  35. /* If this is set, git-daemon-export-ok is not required */
  36. static int export_all_trees;
  37. /* Take all paths relative to this one if non-NULL */
  38. static const char *base_path;
  39. static const char *interpolated_path;
  40. static int base_path_relaxed;
  41. /* If defined, ~user notation is allowed and the string is inserted
  42. * after ~user/. E.g. a request to git://host/~alice/frotz would
  43. * go to /home/alice/pub_git/frotz with --user-path=pub_git.
  44. */
  45. static const char *user_path;
  46. /* Timeout, and initial timeout */
  47. static unsigned int timeout;
  48. static unsigned int init_timeout;
  49. struct hostinfo {
  50. struct strbuf hostname;
  51. struct strbuf canon_hostname;
  52. struct strbuf ip_address;
  53. struct strbuf tcp_port;
  54. unsigned int hostname_lookup_done:1;
  55. unsigned int saw_extended_args:1;
  56. };
  57. static void lookup_hostname(struct hostinfo *hi);
  58. static const char *get_canon_hostname(struct hostinfo *hi)
  59. {
  60. lookup_hostname(hi);
  61. return hi->canon_hostname.buf;
  62. }
  63. static const char *get_ip_address(struct hostinfo *hi)
  64. {
  65. lookup_hostname(hi);
  66. return hi->ip_address.buf;
  67. }
  68. static void logreport(int priority, const char *err, va_list params)
  69. {
  70. switch (log_destination) {
  71. case LOG_DESTINATION_SYSLOG: {
  72. char buf[1024];
  73. vsnprintf(buf, sizeof(buf), err, params);
  74. syslog(priority, "%s", buf);
  75. break;
  76. }
  77. case LOG_DESTINATION_STDERR:
  78. /*
  79. * Since stderr is set to buffered mode, the
  80. * logging of different processes will not overlap
  81. * unless they overflow the (rather big) buffers.
  82. */
  83. fprintf(stderr, "[%"PRIuMAX"] ", (uintmax_t)getpid());
  84. vfprintf(stderr, err, params);
  85. fputc('\n', stderr);
  86. fflush(stderr);
  87. break;
  88. case LOG_DESTINATION_NONE:
  89. break;
  90. case LOG_DESTINATION_UNSET:
  91. BUG("log destination not initialized correctly");
  92. }
  93. }
  94. __attribute__((format (printf, 1, 2)))
  95. static void logerror(const char *err, ...)
  96. {
  97. va_list params;
  98. va_start(params, err);
  99. logreport(LOG_ERR, err, params);
  100. va_end(params);
  101. }
  102. __attribute__((format (printf, 1, 2)))
  103. static void loginfo(const char *err, ...)
  104. {
  105. va_list params;
  106. if (!verbose)
  107. return;
  108. va_start(params, err);
  109. logreport(LOG_INFO, err, params);
  110. va_end(params);
  111. }
  112. static void NORETURN daemon_die(const char *err, va_list params)
  113. {
  114. logreport(LOG_ERR, err, params);
  115. exit(1);
  116. }
  117. struct expand_path_context {
  118. const char *directory;
  119. struct hostinfo *hostinfo;
  120. };
  121. static size_t expand_path(struct strbuf *sb, const char *placeholder, void *ctx)
  122. {
  123. struct expand_path_context *context = ctx;
  124. struct hostinfo *hi = context->hostinfo;
  125. switch (placeholder[0]) {
  126. case 'H':
  127. strbuf_addbuf(sb, &hi->hostname);
  128. return 1;
  129. case 'C':
  130. if (placeholder[1] == 'H') {
  131. strbuf_addstr(sb, get_canon_hostname(hi));
  132. return 2;
  133. }
  134. break;
  135. case 'I':
  136. if (placeholder[1] == 'P') {
  137. strbuf_addstr(sb, get_ip_address(hi));
  138. return 2;
  139. }
  140. break;
  141. case 'P':
  142. strbuf_addbuf(sb, &hi->tcp_port);
  143. return 1;
  144. case 'D':
  145. strbuf_addstr(sb, context->directory);
  146. return 1;
  147. }
  148. return 0;
  149. }
  150. static const char *path_ok(const char *directory, struct hostinfo *hi)
  151. {
  152. static char rpath[PATH_MAX];
  153. static char interp_path[PATH_MAX];
  154. size_t rlen;
  155. const char *path;
  156. const char *dir;
  157. dir = directory;
  158. if (daemon_avoid_alias(dir)) {
  159. logerror("'%s': aliased", dir);
  160. return NULL;
  161. }
  162. if (*dir == '~') {
  163. if (!user_path) {
  164. logerror("'%s': User-path not allowed", dir);
  165. return NULL;
  166. }
  167. if (*user_path) {
  168. /* Got either "~alice" or "~alice/foo";
  169. * rewrite them to "~alice/%s" or
  170. * "~alice/%s/foo".
  171. */
  172. int namlen, restlen = strlen(dir);
  173. const char *slash = strchr(dir, '/');
  174. if (!slash)
  175. slash = dir + restlen;
  176. namlen = slash - dir;
  177. restlen -= namlen;
  178. loginfo("userpath <%s>, request <%s>, namlen %d, restlen %d, slash <%s>", user_path, dir, namlen, restlen, slash);
  179. rlen = snprintf(rpath, sizeof(rpath), "%.*s/%s%.*s",
  180. namlen, dir, user_path, restlen, slash);
  181. if (rlen >= sizeof(rpath)) {
  182. logerror("user-path too large: %s", rpath);
  183. return NULL;
  184. }
  185. dir = rpath;
  186. }
  187. }
  188. else if (interpolated_path && hi->saw_extended_args) {
  189. struct strbuf expanded_path = STRBUF_INIT;
  190. struct expand_path_context context;
  191. context.directory = directory;
  192. context.hostinfo = hi;
  193. if (*dir != '/') {
  194. /* Allow only absolute */
  195. logerror("'%s': Non-absolute path denied (interpolated-path active)", dir);
  196. return NULL;
  197. }
  198. strbuf_expand(&expanded_path, interpolated_path,
  199. expand_path, &context);
  200. rlen = strlcpy(interp_path, expanded_path.buf,
  201. sizeof(interp_path));
  202. if (rlen >= sizeof(interp_path)) {
  203. logerror("interpolated path too large: %s",
  204. interp_path);
  205. return NULL;
  206. }
  207. strbuf_release(&expanded_path);
  208. loginfo("Interpolated dir '%s'", interp_path);
  209. dir = interp_path;
  210. }
  211. else if (base_path) {
  212. if (*dir != '/') {
  213. /* Allow only absolute */
  214. logerror("'%s': Non-absolute path denied (base-path active)", dir);
  215. return NULL;
  216. }
  217. rlen = snprintf(rpath, sizeof(rpath), "%s%s", base_path, dir);
  218. if (rlen >= sizeof(rpath)) {
  219. logerror("base-path too large: %s", rpath);
  220. return NULL;
  221. }
  222. dir = rpath;
  223. }
  224. path = enter_repo(dir, strict_paths);
  225. if (!path && base_path && base_path_relaxed) {
  226. /*
  227. * if we fail and base_path_relaxed is enabled, try without
  228. * prefixing the base path
  229. */
  230. dir = directory;
  231. path = enter_repo(dir, strict_paths);
  232. }
  233. if (!path) {
  234. logerror("'%s' does not appear to be a git repository", dir);
  235. return NULL;
  236. }
  237. if ( ok_paths && *ok_paths ) {
  238. const char **pp;
  239. int pathlen = strlen(path);
  240. /* The validation is done on the paths after enter_repo
  241. * appends optional {.git,.git/.git} and friends, but
  242. * it does not use getcwd(). So if your /pub is
  243. * a symlink to /mnt/pub, you can whitelist /pub and
  244. * do not have to say /mnt/pub.
  245. * Do not say /pub/.
  246. */
  247. for ( pp = ok_paths ; *pp ; pp++ ) {
  248. int len = strlen(*pp);
  249. if (len <= pathlen &&
  250. !memcmp(*pp, path, len) &&
  251. (path[len] == '\0' ||
  252. (!strict_paths && path[len] == '/')))
  253. return path;
  254. }
  255. }
  256. else {
  257. /* be backwards compatible */
  258. if (!strict_paths)
  259. return path;
  260. }
  261. logerror("'%s': not in whitelist", path);
  262. return NULL; /* Fallthrough. Deny by default */
  263. }
  264. typedef int (*daemon_service_fn)(const struct argv_array *env);
  265. struct daemon_service {
  266. const char *name;
  267. const char *config_name;
  268. daemon_service_fn fn;
  269. int enabled;
  270. int overridable;
  271. };
  272. static int daemon_error(const char *dir, const char *msg)
  273. {
  274. if (!informative_errors)
  275. msg = "access denied or repository not exported";
  276. packet_write_fmt(1, "ERR %s: %s", msg, dir);
  277. return -1;
  278. }
  279. static const char *access_hook;
  280. static int run_access_hook(struct daemon_service *service, const char *dir,
  281. const char *path, struct hostinfo *hi)
  282. {
  283. struct child_process child = CHILD_PROCESS_INIT;
  284. struct strbuf buf = STRBUF_INIT;
  285. const char *argv[8];
  286. const char **arg = argv;
  287. char *eol;
  288. int seen_errors = 0;
  289. *arg++ = access_hook;
  290. *arg++ = service->name;
  291. *arg++ = path;
  292. *arg++ = hi->hostname.buf;
  293. *arg++ = get_canon_hostname(hi);
  294. *arg++ = get_ip_address(hi);
  295. *arg++ = hi->tcp_port.buf;
  296. *arg = NULL;
  297. child.use_shell = 1;
  298. child.argv = argv;
  299. child.no_stdin = 1;
  300. child.no_stderr = 1;
  301. child.out = -1;
  302. if (start_command(&child)) {
  303. logerror("daemon access hook '%s' failed to start",
  304. access_hook);
  305. goto error_return;
  306. }
  307. if (strbuf_read(&buf, child.out, 0) < 0) {
  308. logerror("failed to read from pipe to daemon access hook '%s'",
  309. access_hook);
  310. strbuf_reset(&buf);
  311. seen_errors = 1;
  312. }
  313. if (close(child.out) < 0) {
  314. logerror("failed to close pipe to daemon access hook '%s'",
  315. access_hook);
  316. seen_errors = 1;
  317. }
  318. if (finish_command(&child))
  319. seen_errors = 1;
  320. if (!seen_errors) {
  321. strbuf_release(&buf);
  322. return 0;
  323. }
  324. error_return:
  325. strbuf_ltrim(&buf);
  326. if (!buf.len)
  327. strbuf_addstr(&buf, "service rejected");
  328. eol = strchr(buf.buf, '\n');
  329. if (eol)
  330. *eol = '\0';
  331. errno = EACCES;
  332. daemon_error(dir, buf.buf);
  333. strbuf_release(&buf);
  334. return -1;
  335. }
  336. static int run_service(const char *dir, struct daemon_service *service,
  337. struct hostinfo *hi, const struct argv_array *env)
  338. {
  339. const char *path;
  340. int enabled = service->enabled;
  341. struct strbuf var = STRBUF_INIT;
  342. loginfo("Request %s for '%s'", service->name, dir);
  343. if (!enabled && !service->overridable) {
  344. logerror("'%s': service not enabled.", service->name);
  345. errno = EACCES;
  346. return daemon_error(dir, "service not enabled");
  347. }
  348. if (!(path = path_ok(dir, hi)))
  349. return daemon_error(dir, "no such repository");
  350. /*
  351. * Security on the cheap.
  352. *
  353. * We want a readable HEAD, usable "objects" directory, and
  354. * a "git-daemon-export-ok" flag that says that the other side
  355. * is ok with us doing this.
  356. *
  357. * path_ok() uses enter_repo() and does whitelist checking.
  358. * We only need to make sure the repository is exported.
  359. */
  360. if (!export_all_trees && access("git-daemon-export-ok", F_OK)) {
  361. logerror("'%s': repository not exported.", path);
  362. errno = EACCES;
  363. return daemon_error(dir, "repository not exported");
  364. }
  365. if (service->overridable) {
  366. strbuf_addf(&var, "daemon.%s", service->config_name);
  367. git_config_get_bool(var.buf, &enabled);
  368. strbuf_release(&var);
  369. }
  370. if (!enabled) {
  371. logerror("'%s': service not enabled for '%s'",
  372. service->name, path);
  373. errno = EACCES;
  374. return daemon_error(dir, "service not enabled");
  375. }
  376. /*
  377. * Optionally, a hook can choose to deny access to the
  378. * repository depending on the phase of the moon.
  379. */
  380. if (access_hook && run_access_hook(service, dir, path, hi))
  381. return -1;
  382. /*
  383. * We'll ignore SIGTERM from now on, we have a
  384. * good client.
  385. */
  386. signal(SIGTERM, SIG_IGN);
  387. return service->fn(env);
  388. }
  389. static void copy_to_log(int fd)
  390. {
  391. struct strbuf line = STRBUF_INIT;
  392. FILE *fp;
  393. fp = fdopen(fd, "r");
  394. if (fp == NULL) {
  395. logerror("fdopen of error channel failed");
  396. close(fd);
  397. return;
  398. }
  399. while (strbuf_getline_lf(&line, fp) != EOF) {
  400. logerror("%s", line.buf);
  401. strbuf_setlen(&line, 0);
  402. }
  403. strbuf_release(&line);
  404. fclose(fp);
  405. }
  406. static int run_service_command(struct child_process *cld)
  407. {
  408. argv_array_push(&cld->args, ".");
  409. cld->git_cmd = 1;
  410. cld->err = -1;
  411. if (start_command(cld))
  412. return -1;
  413. close(0);
  414. close(1);
  415. copy_to_log(cld->err);
  416. return finish_command(cld);
  417. }
  418. static int upload_pack(const struct argv_array *env)
  419. {
  420. struct child_process cld = CHILD_PROCESS_INIT;
  421. argv_array_pushl(&cld.args, "upload-pack", "--strict", NULL);
  422. argv_array_pushf(&cld.args, "--timeout=%u", timeout);
  423. argv_array_pushv(&cld.env_array, env->argv);
  424. return run_service_command(&cld);
  425. }
  426. static int upload_archive(const struct argv_array *env)
  427. {
  428. struct child_process cld = CHILD_PROCESS_INIT;
  429. argv_array_push(&cld.args, "upload-archive");
  430. argv_array_pushv(&cld.env_array, env->argv);
  431. return run_service_command(&cld);
  432. }
  433. static int receive_pack(const struct argv_array *env)
  434. {
  435. struct child_process cld = CHILD_PROCESS_INIT;
  436. argv_array_push(&cld.args, "receive-pack");
  437. argv_array_pushv(&cld.env_array, env->argv);
  438. return run_service_command(&cld);
  439. }
  440. static struct daemon_service daemon_service[] = {
  441. { "upload-archive", "uploadarch", upload_archive, 0, 1 },
  442. { "upload-pack", "uploadpack", upload_pack, 1, 1 },
  443. { "receive-pack", "receivepack", receive_pack, 0, 1 },
  444. };
  445. static void enable_service(const char *name, int ena)
  446. {
  447. int i;
  448. for (i = 0; i < ARRAY_SIZE(daemon_service); i++) {
  449. if (!strcmp(daemon_service[i].name, name)) {
  450. daemon_service[i].enabled = ena;
  451. return;
  452. }
  453. }
  454. die("No such service %s", name);
  455. }
  456. static void make_service_overridable(const char *name, int ena)
  457. {
  458. int i;
  459. for (i = 0; i < ARRAY_SIZE(daemon_service); i++) {
  460. if (!strcmp(daemon_service[i].name, name)) {
  461. daemon_service[i].overridable = ena;
  462. return;
  463. }
  464. }
  465. die("No such service %s", name);
  466. }
  467. static void parse_host_and_port(char *hostport, char **host,
  468. char **port)
  469. {
  470. if (*hostport == '[') {
  471. char *end;
  472. end = strchr(hostport, ']');
  473. if (!end)
  474. die("Invalid request ('[' without ']')");
  475. *end = '\0';
  476. *host = hostport + 1;
  477. if (!end[1])
  478. *port = NULL;
  479. else if (end[1] == ':')
  480. *port = end + 2;
  481. else
  482. die("Garbage after end of host part");
  483. } else {
  484. *host = hostport;
  485. *port = strrchr(hostport, ':');
  486. if (*port) {
  487. **port = '\0';
  488. ++*port;
  489. }
  490. }
  491. }
  492. /*
  493. * Sanitize a string from the client so that it's OK to be inserted into a
  494. * filesystem path. Specifically, we disallow slashes, runs of "..", and
  495. * trailing and leading dots, which means that the client cannot escape
  496. * our base path via ".." traversal.
  497. */
  498. static void sanitize_client(struct strbuf *out, const char *in)
  499. {
  500. for (; *in; in++) {
  501. if (*in == '/')
  502. continue;
  503. if (*in == '.' && (!out->len || out->buf[out->len - 1] == '.'))
  504. continue;
  505. strbuf_addch(out, *in);
  506. }
  507. while (out->len && out->buf[out->len - 1] == '.')
  508. strbuf_setlen(out, out->len - 1);
  509. }
  510. /*
  511. * Like sanitize_client, but we also perform any canonicalization
  512. * to make life easier on the admin.
  513. */
  514. static void canonicalize_client(struct strbuf *out, const char *in)
  515. {
  516. sanitize_client(out, in);
  517. strbuf_tolower(out);
  518. }
  519. /*
  520. * Read the host as supplied by the client connection.
  521. *
  522. * Returns a pointer to the character after the NUL byte terminating the host
  523. * arguemnt, or 'extra_args' if there is no host arguemnt.
  524. */
  525. static char *parse_host_arg(struct hostinfo *hi, char *extra_args, int buflen)
  526. {
  527. char *val;
  528. int vallen;
  529. char *end = extra_args + buflen;
  530. if (extra_args < end && *extra_args) {
  531. hi->saw_extended_args = 1;
  532. if (strncasecmp("host=", extra_args, 5) == 0) {
  533. val = extra_args + 5;
  534. vallen = strlen(val) + 1;
  535. loginfo("Extended attribute \"host\": %s", val);
  536. if (*val) {
  537. /* Split <host>:<port> at colon. */
  538. char *host;
  539. char *port;
  540. parse_host_and_port(val, &host, &port);
  541. if (port)
  542. sanitize_client(&hi->tcp_port, port);
  543. canonicalize_client(&hi->hostname, host);
  544. hi->hostname_lookup_done = 0;
  545. }
  546. /* On to the next one */
  547. extra_args = val + vallen;
  548. }
  549. if (extra_args < end && *extra_args)
  550. die("Invalid request");
  551. }
  552. return extra_args;
  553. }
  554. static void parse_extra_args(struct hostinfo *hi, struct argv_array *env,
  555. char *extra_args, int buflen)
  556. {
  557. const char *end = extra_args + buflen;
  558. struct strbuf git_protocol = STRBUF_INIT;
  559. /* First look for the host argument */
  560. extra_args = parse_host_arg(hi, extra_args, buflen);
  561. /* Look for additional arguments places after a second NUL byte */
  562. for (; extra_args < end; extra_args += strlen(extra_args) + 1) {
  563. const char *arg = extra_args;
  564. /*
  565. * Parse the extra arguments, adding most to 'git_protocol'
  566. * which will be used to set the 'GIT_PROTOCOL' envvar in the
  567. * service that will be run.
  568. *
  569. * If there ends up being a particular arg in the future that
  570. * git-daemon needs to parse specificly (like the 'host' arg)
  571. * then it can be parsed here and not added to 'git_protocol'.
  572. */
  573. if (*arg) {
  574. if (git_protocol.len > 0)
  575. strbuf_addch(&git_protocol, ':');
  576. strbuf_addstr(&git_protocol, arg);
  577. }
  578. }
  579. if (git_protocol.len > 0) {
  580. loginfo("Extended attribute \"protocol\": %s", git_protocol.buf);
  581. argv_array_pushf(env, GIT_PROTOCOL_ENVIRONMENT "=%s",
  582. git_protocol.buf);
  583. }
  584. strbuf_release(&git_protocol);
  585. }
  586. /*
  587. * Locate canonical hostname and its IP address.
  588. */
  589. static void lookup_hostname(struct hostinfo *hi)
  590. {
  591. if (!hi->hostname_lookup_done && hi->hostname.len) {
  592. #ifndef NO_IPV6
  593. struct addrinfo hints;
  594. struct addrinfo *ai;
  595. int gai;
  596. static char addrbuf[HOST_NAME_MAX + 1];
  597. memset(&hints, 0, sizeof(hints));
  598. hints.ai_flags = AI_CANONNAME;
  599. gai = getaddrinfo(hi->hostname.buf, NULL, &hints, &ai);
  600. if (!gai) {
  601. struct sockaddr_in *sin_addr = (void *)ai->ai_addr;
  602. inet_ntop(AF_INET, &sin_addr->sin_addr,
  603. addrbuf, sizeof(addrbuf));
  604. strbuf_addstr(&hi->ip_address, addrbuf);
  605. if (ai->ai_canonname)
  606. sanitize_client(&hi->canon_hostname,
  607. ai->ai_canonname);
  608. else
  609. strbuf_addbuf(&hi->canon_hostname,
  610. &hi->ip_address);
  611. freeaddrinfo(ai);
  612. }
  613. #else
  614. struct hostent *hent;
  615. struct sockaddr_in sa;
  616. char **ap;
  617. static char addrbuf[HOST_NAME_MAX + 1];
  618. hent = gethostbyname(hi->hostname.buf);
  619. if (hent) {
  620. ap = hent->h_addr_list;
  621. memset(&sa, 0, sizeof sa);
  622. sa.sin_family = hent->h_addrtype;
  623. sa.sin_port = htons(0);
  624. memcpy(&sa.sin_addr, *ap, hent->h_length);
  625. inet_ntop(hent->h_addrtype, &sa.sin_addr,
  626. addrbuf, sizeof(addrbuf));
  627. sanitize_client(&hi->canon_hostname, hent->h_name);
  628. strbuf_addstr(&hi->ip_address, addrbuf);
  629. }
  630. #endif
  631. hi->hostname_lookup_done = 1;
  632. }
  633. }
  634. static void hostinfo_init(struct hostinfo *hi)
  635. {
  636. memset(hi, 0, sizeof(*hi));
  637. strbuf_init(&hi->hostname, 0);
  638. strbuf_init(&hi->canon_hostname, 0);
  639. strbuf_init(&hi->ip_address, 0);
  640. strbuf_init(&hi->tcp_port, 0);
  641. }
  642. static void hostinfo_clear(struct hostinfo *hi)
  643. {
  644. strbuf_release(&hi->hostname);
  645. strbuf_release(&hi->canon_hostname);
  646. strbuf_release(&hi->ip_address);
  647. strbuf_release(&hi->tcp_port);
  648. }
  649. static void set_keep_alive(int sockfd)
  650. {
  651. int ka = 1;
  652. if (setsockopt(sockfd, SOL_SOCKET, SO_KEEPALIVE, &ka, sizeof(ka)) < 0) {
  653. if (errno != ENOTSOCK)
  654. logerror("unable to set SO_KEEPALIVE on socket: %s",
  655. strerror(errno));
  656. }
  657. }
  658. static int execute(void)
  659. {
  660. char *line = packet_buffer;
  661. int pktlen, len, i;
  662. char *addr = getenv("REMOTE_ADDR"), *port = getenv("REMOTE_PORT");
  663. struct hostinfo hi;
  664. struct argv_array env = ARGV_ARRAY_INIT;
  665. hostinfo_init(&hi);
  666. if (addr)
  667. loginfo("Connection from %s:%s", addr, port);
  668. set_keep_alive(0);
  669. alarm(init_timeout ? init_timeout : timeout);
  670. pktlen = packet_read(0, NULL, NULL, packet_buffer, sizeof(packet_buffer), 0);
  671. alarm(0);
  672. len = strlen(line);
  673. if (len && line[len-1] == '\n')
  674. line[len-1] = 0;
  675. /* parse additional args hidden behind a NUL byte */
  676. if (len != pktlen)
  677. parse_extra_args(&hi, &env, line + len + 1, pktlen - len - 1);
  678. for (i = 0; i < ARRAY_SIZE(daemon_service); i++) {
  679. struct daemon_service *s = &(daemon_service[i]);
  680. const char *arg;
  681. if (skip_prefix(line, "git-", &arg) &&
  682. skip_prefix(arg, s->name, &arg) &&
  683. *arg++ == ' ') {
  684. /*
  685. * Note: The directory here is probably context sensitive,
  686. * and might depend on the actual service being performed.
  687. */
  688. int rc = run_service(arg, s, &hi, &env);
  689. hostinfo_clear(&hi);
  690. argv_array_clear(&env);
  691. return rc;
  692. }
  693. }
  694. hostinfo_clear(&hi);
  695. argv_array_clear(&env);
  696. logerror("Protocol error: '%s'", line);
  697. return -1;
  698. }
  699. static int addrcmp(const struct sockaddr_storage *s1,
  700. const struct sockaddr_storage *s2)
  701. {
  702. const struct sockaddr *sa1 = (const struct sockaddr*) s1;
  703. const struct sockaddr *sa2 = (const struct sockaddr*) s2;
  704. if (sa1->sa_family != sa2->sa_family)
  705. return sa1->sa_family - sa2->sa_family;
  706. if (sa1->sa_family == AF_INET)
  707. return memcmp(&((struct sockaddr_in *)s1)->sin_addr,
  708. &((struct sockaddr_in *)s2)->sin_addr,
  709. sizeof(struct in_addr));
  710. #ifndef NO_IPV6
  711. if (sa1->sa_family == AF_INET6)
  712. return memcmp(&((struct sockaddr_in6 *)s1)->sin6_addr,
  713. &((struct sockaddr_in6 *)s2)->sin6_addr,
  714. sizeof(struct in6_addr));
  715. #endif
  716. return 0;
  717. }
  718. static int max_connections = 32;
  719. static unsigned int live_children;
  720. static struct child {
  721. struct child *next;
  722. struct child_process cld;
  723. struct sockaddr_storage address;
  724. } *firstborn;
  725. static void add_child(struct child_process *cld, struct sockaddr *addr, socklen_t addrlen)
  726. {
  727. struct child *newborn, **cradle;
  728. newborn = xcalloc(1, sizeof(*newborn));
  729. live_children++;
  730. memcpy(&newborn->cld, cld, sizeof(*cld));
  731. memcpy(&newborn->address, addr, addrlen);
  732. for (cradle = &firstborn; *cradle; cradle = &(*cradle)->next)
  733. if (!addrcmp(&(*cradle)->address, &newborn->address))
  734. break;
  735. newborn->next = *cradle;
  736. *cradle = newborn;
  737. }
  738. /*
  739. * This gets called if the number of connections grows
  740. * past "max_connections".
  741. *
  742. * We kill the newest connection from a duplicate IP.
  743. */
  744. static void kill_some_child(void)
  745. {
  746. const struct child *blanket, *next;
  747. if (!(blanket = firstborn))
  748. return;
  749. for (; (next = blanket->next); blanket = next)
  750. if (!addrcmp(&blanket->address, &next->address)) {
  751. kill(blanket->cld.pid, SIGTERM);
  752. break;
  753. }
  754. }
  755. static void check_dead_children(void)
  756. {
  757. int status;
  758. pid_t pid;
  759. struct child **cradle, *blanket;
  760. for (cradle = &firstborn; (blanket = *cradle);)
  761. if ((pid = waitpid(blanket->cld.pid, &status, WNOHANG)) > 1) {
  762. const char *dead = "";
  763. if (status)
  764. dead = " (with error)";
  765. loginfo("[%"PRIuMAX"] Disconnected%s", (uintmax_t)pid, dead);
  766. /* remove the child */
  767. *cradle = blanket->next;
  768. live_children--;
  769. child_process_clear(&blanket->cld);
  770. free(blanket);
  771. } else
  772. cradle = &blanket->next;
  773. }
  774. static struct argv_array cld_argv = ARGV_ARRAY_INIT;
  775. static void handle(int incoming, struct sockaddr *addr, socklen_t addrlen)
  776. {
  777. struct child_process cld = CHILD_PROCESS_INIT;
  778. if (max_connections && live_children >= max_connections) {
  779. kill_some_child();
  780. sleep(1); /* give it some time to die */
  781. check_dead_children();
  782. if (live_children >= max_connections) {
  783. close(incoming);
  784. logerror("Too many children, dropping connection");
  785. return;
  786. }
  787. }
  788. if (addr->sa_family == AF_INET) {
  789. char buf[128] = "";
  790. struct sockaddr_in *sin_addr = (void *) addr;
  791. inet_ntop(addr->sa_family, &sin_addr->sin_addr, buf, sizeof(buf));
  792. argv_array_pushf(&cld.env_array, "REMOTE_ADDR=%s", buf);
  793. argv_array_pushf(&cld.env_array, "REMOTE_PORT=%d",
  794. ntohs(sin_addr->sin_port));
  795. #ifndef NO_IPV6
  796. } else if (addr->sa_family == AF_INET6) {
  797. char buf[128] = "";
  798. struct sockaddr_in6 *sin6_addr = (void *) addr;
  799. inet_ntop(AF_INET6, &sin6_addr->sin6_addr, buf, sizeof(buf));
  800. argv_array_pushf(&cld.env_array, "REMOTE_ADDR=[%s]", buf);
  801. argv_array_pushf(&cld.env_array, "REMOTE_PORT=%d",
  802. ntohs(sin6_addr->sin6_port));
  803. #endif
  804. }
  805. cld.argv = cld_argv.argv;
  806. cld.in = incoming;
  807. cld.out = dup(incoming);
  808. if (start_command(&cld))
  809. logerror("unable to fork");
  810. else
  811. add_child(&cld, addr, addrlen);
  812. }
  813. static void child_handler(int signo)
  814. {
  815. /*
  816. * Otherwise empty handler because systemcalls will get interrupted
  817. * upon signal receipt
  818. * SysV needs the handler to be rearmed
  819. */
  820. signal(SIGCHLD, child_handler);
  821. }
  822. static int set_reuse_addr(int sockfd)
  823. {
  824. int on = 1;
  825. if (!reuseaddr)
  826. return 0;
  827. return setsockopt(sockfd, SOL_SOCKET, SO_REUSEADDR,
  828. &on, sizeof(on));
  829. }
  830. struct socketlist {
  831. int *list;
  832. size_t nr;
  833. size_t alloc;
  834. };
  835. static const char *ip2str(int family, struct sockaddr *sin, socklen_t len)
  836. {
  837. #ifdef NO_IPV6
  838. static char ip[INET_ADDRSTRLEN];
  839. #else
  840. static char ip[INET6_ADDRSTRLEN];
  841. #endif
  842. switch (family) {
  843. #ifndef NO_IPV6
  844. case AF_INET6:
  845. inet_ntop(family, &((struct sockaddr_in6*)sin)->sin6_addr, ip, len);
  846. break;
  847. #endif
  848. case AF_INET:
  849. inet_ntop(family, &((struct sockaddr_in*)sin)->sin_addr, ip, len);
  850. break;
  851. default:
  852. xsnprintf(ip, sizeof(ip), "<unknown>");
  853. }
  854. return ip;
  855. }
  856. #ifndef NO_IPV6
  857. static int setup_named_sock(char *listen_addr, int listen_port, struct socketlist *socklist)
  858. {
  859. int socknum = 0;
  860. char pbuf[NI_MAXSERV];
  861. struct addrinfo hints, *ai0, *ai;
  862. int gai;
  863. long flags;
  864. xsnprintf(pbuf, sizeof(pbuf), "%d", listen_port);
  865. memset(&hints, 0, sizeof(hints));
  866. hints.ai_family = AF_UNSPEC;
  867. hints.ai_socktype = SOCK_STREAM;
  868. hints.ai_protocol = IPPROTO_TCP;
  869. hints.ai_flags = AI_PASSIVE;
  870. gai = getaddrinfo(listen_addr, pbuf, &hints, &ai0);
  871. if (gai) {
  872. logerror("getaddrinfo() for %s failed: %s", listen_addr, gai_strerror(gai));
  873. return 0;
  874. }
  875. for (ai = ai0; ai; ai = ai->ai_next) {
  876. int sockfd;
  877. sockfd = socket(ai->ai_family, ai->ai_socktype, ai->ai_protocol);
  878. if (sockfd < 0)
  879. continue;
  880. if (sockfd >= FD_SETSIZE) {
  881. logerror("Socket descriptor too large");
  882. close(sockfd);
  883. continue;
  884. }
  885. #ifdef IPV6_V6ONLY
  886. if (ai->ai_family == AF_INET6) {
  887. int on = 1;
  888. setsockopt(sockfd, IPPROTO_IPV6, IPV6_V6ONLY,
  889. &on, sizeof(on));
  890. /* Note: error is not fatal */
  891. }
  892. #endif
  893. if (set_reuse_addr(sockfd)) {
  894. logerror("Could not set SO_REUSEADDR: %s", strerror(errno));
  895. close(sockfd);
  896. continue;
  897. }
  898. set_keep_alive(sockfd);
  899. if (bind(sockfd, ai->ai_addr, ai->ai_addrlen) < 0) {
  900. logerror("Could not bind to %s: %s",
  901. ip2str(ai->ai_family, ai->ai_addr, ai->ai_addrlen),
  902. strerror(errno));
  903. close(sockfd);
  904. continue; /* not fatal */
  905. }
  906. if (listen(sockfd, 5) < 0) {
  907. logerror("Could not listen to %s: %s",
  908. ip2str(ai->ai_family, ai->ai_addr, ai->ai_addrlen),
  909. strerror(errno));
  910. close(sockfd);
  911. continue; /* not fatal */
  912. }
  913. flags = fcntl(sockfd, F_GETFD, 0);
  914. if (flags >= 0)
  915. fcntl(sockfd, F_SETFD, flags | FD_CLOEXEC);
  916. ALLOC_GROW(socklist->list, socklist->nr + 1, socklist->alloc);
  917. socklist->list[socklist->nr++] = sockfd;
  918. socknum++;
  919. }
  920. freeaddrinfo(ai0);
  921. return socknum;
  922. }
  923. #else /* NO_IPV6 */
  924. static int setup_named_sock(char *listen_addr, int listen_port, struct socketlist *socklist)
  925. {
  926. struct sockaddr_in sin;
  927. int sockfd;
  928. long flags;
  929. memset(&sin, 0, sizeof sin);
  930. sin.sin_family = AF_INET;
  931. sin.sin_port = htons(listen_port);
  932. if (listen_addr) {
  933. /* Well, host better be an IP address here. */
  934. if (inet_pton(AF_INET, listen_addr, &sin.sin_addr.s_addr) <= 0)
  935. return 0;
  936. } else {
  937. sin.sin_addr.s_addr = htonl(INADDR_ANY);
  938. }
  939. sockfd = socket(AF_INET, SOCK_STREAM, 0);
  940. if (sockfd < 0)
  941. return 0;
  942. if (set_reuse_addr(sockfd)) {
  943. logerror("Could not set SO_REUSEADDR: %s", strerror(errno));
  944. close(sockfd);
  945. return 0;
  946. }
  947. set_keep_alive(sockfd);
  948. if ( bind(sockfd, (struct sockaddr *)&sin, sizeof sin) < 0 ) {
  949. logerror("Could not bind to %s: %s",
  950. ip2str(AF_INET, (struct sockaddr *)&sin, sizeof(sin)),
  951. strerror(errno));
  952. close(sockfd);
  953. return 0;
  954. }
  955. if (listen(sockfd, 5) < 0) {
  956. logerror("Could not listen to %s: %s",
  957. ip2str(AF_INET, (struct sockaddr *)&sin, sizeof(sin)),
  958. strerror(errno));
  959. close(sockfd);
  960. return 0;
  961. }
  962. flags = fcntl(sockfd, F_GETFD, 0);
  963. if (flags >= 0)
  964. fcntl(sockfd, F_SETFD, flags | FD_CLOEXEC);
  965. ALLOC_GROW(socklist->list, socklist->nr + 1, socklist->alloc);
  966. socklist->list[socklist->nr++] = sockfd;
  967. return 1;
  968. }
  969. #endif
  970. static void socksetup(struct string_list *listen_addr, int listen_port, struct socketlist *socklist)
  971. {
  972. if (!listen_addr->nr)
  973. setup_named_sock(NULL, listen_port, socklist);
  974. else {
  975. int i, socknum;
  976. for (i = 0; i < listen_addr->nr; i++) {
  977. socknum = setup_named_sock(listen_addr->items[i].string,
  978. listen_port, socklist);
  979. if (socknum == 0)
  980. logerror("unable to allocate any listen sockets for host %s on port %u",
  981. listen_addr->items[i].string, listen_port);
  982. }
  983. }
  984. }
  985. static int service_loop(struct socketlist *socklist)
  986. {
  987. struct pollfd *pfd;
  988. int i;
  989. pfd = xcalloc(socklist->nr, sizeof(struct pollfd));
  990. for (i = 0; i < socklist->nr; i++) {
  991. pfd[i].fd = socklist->list[i];
  992. pfd[i].events = POLLIN;
  993. }
  994. signal(SIGCHLD, child_handler);
  995. for (;;) {
  996. int i;
  997. check_dead_children();
  998. if (poll(pfd, socklist->nr, -1) < 0) {
  999. if (errno != EINTR) {
  1000. logerror("Poll failed, resuming: %s",
  1001. strerror(errno));
  1002. sleep(1);
  1003. }
  1004. continue;
  1005. }
  1006. for (i = 0; i < socklist->nr; i++) {
  1007. if (pfd[i].revents & POLLIN) {
  1008. union {
  1009. struct sockaddr sa;
  1010. struct sockaddr_in sai;
  1011. #ifndef NO_IPV6
  1012. struct sockaddr_in6 sai6;
  1013. #endif
  1014. } ss;
  1015. socklen_t sslen = sizeof(ss);
  1016. int incoming = accept(pfd[i].fd, &ss.sa, &sslen);
  1017. if (incoming < 0) {
  1018. switch (errno) {
  1019. case EAGAIN:
  1020. case EINTR:
  1021. case ECONNABORTED:
  1022. continue;
  1023. default:
  1024. die_errno("accept returned");
  1025. }
  1026. }
  1027. handle(incoming, &ss.sa, sslen);
  1028. }
  1029. }
  1030. }
  1031. }
  1032. #ifdef NO_POSIX_GOODIES
  1033. struct credentials;
  1034. static void drop_privileges(struct credentials *cred)
  1035. {
  1036. /* nothing */
  1037. }
  1038. static struct credentials *prepare_credentials(const char *user_name,
  1039. const char *group_name)
  1040. {
  1041. die("--user not supported on this platform");
  1042. }
  1043. #else
  1044. struct credentials {
  1045. struct passwd *pass;
  1046. gid_t gid;
  1047. };
  1048. static void drop_privileges(struct credentials *cred)
  1049. {
  1050. if (cred && (initgroups(cred->pass->pw_name, cred->gid) ||
  1051. setgid (cred->gid) || setuid(cred->pass->pw_uid)))
  1052. die("cannot drop privileges");
  1053. }
  1054. static struct credentials *prepare_credentials(const char *user_name,
  1055. const char *group_name)
  1056. {
  1057. static struct credentials c;
  1058. c.pass = getpwnam(user_name);
  1059. if (!c.pass)
  1060. die("user not found - %s", user_name);
  1061. if (!group_name)
  1062. c.gid = c.pass->pw_gid;
  1063. else {
  1064. struct group *group = getgrnam(group_name);
  1065. if (!group)
  1066. die("group not found - %s", group_name);
  1067. c.gid = group->gr_gid;
  1068. }
  1069. return &c;
  1070. }
  1071. #endif
  1072. static int serve(struct string_list *listen_addr, int listen_port,
  1073. struct credentials *cred)
  1074. {
  1075. struct socketlist socklist = { NULL, 0, 0 };
  1076. socksetup(listen_addr, listen_port, &socklist);
  1077. if (socklist.nr == 0)
  1078. die("unable to allocate any listen sockets on port %u",
  1079. listen_port);
  1080. drop_privileges(cred);
  1081. loginfo("Ready to rumble");
  1082. return service_loop(&socklist);
  1083. }
  1084. int cmd_main(int argc, const char **argv)
  1085. {
  1086. int listen_port = 0;
  1087. struct string_list listen_addr = STRING_LIST_INIT_NODUP;
  1088. int serve_mode = 0, inetd_mode = 0;
  1089. const char *pid_file = NULL, *user_name = NULL, *group_name = NULL;
  1090. int detach = 0;
  1091. struct credentials *cred = NULL;
  1092. int i;
  1093. for (i = 1; i < argc; i++) {
  1094. const char *arg = argv[i];
  1095. const char *v;
  1096. if (skip_prefix(arg, "--listen=", &v)) {
  1097. string_list_append(&listen_addr, xstrdup_tolower(v));
  1098. continue;
  1099. }
  1100. if (skip_prefix(arg, "--port=", &v)) {
  1101. char *end;
  1102. unsigned long n;
  1103. n = strtoul(v, &end, 0);
  1104. if (*v && !*end) {
  1105. listen_port = n;
  1106. continue;
  1107. }
  1108. }
  1109. if (!strcmp(arg, "--serve")) {
  1110. serve_mode = 1;
  1111. continue;
  1112. }
  1113. if (!strcmp(arg, "--inetd")) {
  1114. inetd_mode = 1;
  1115. continue;
  1116. }
  1117. if (!strcmp(arg, "--verbose")) {
  1118. verbose = 1;
  1119. continue;
  1120. }
  1121. if (!strcmp(arg, "--syslog")) {
  1122. log_destination = LOG_DESTINATION_SYSLOG;
  1123. continue;
  1124. }
  1125. if (skip_prefix(arg, "--log-destination=", &v)) {
  1126. if (!strcmp(v, "syslog")) {
  1127. log_destination = LOG_DESTINATION_SYSLOG;
  1128. continue;
  1129. } else if (!strcmp(v, "stderr")) {
  1130. log_destination = LOG_DESTINATION_STDERR;
  1131. continue;
  1132. } else if (!strcmp(v, "none")) {
  1133. log_destination = LOG_DESTINATION_NONE;
  1134. continue;
  1135. } else
  1136. die("unknown log destination '%s'", v);
  1137. }
  1138. if (!strcmp(arg, "--export-all")) {
  1139. export_all_trees = 1;
  1140. continue;
  1141. }
  1142. if (skip_prefix(arg, "--access-hook=", &v)) {
  1143. access_hook = v;
  1144. continue;
  1145. }
  1146. if (skip_prefix(arg, "--timeout=", &v)) {
  1147. timeout = atoi(v);
  1148. continue;
  1149. }
  1150. if (skip_prefix(arg, "--init-timeout=", &v)) {
  1151. init_timeout = atoi(v);
  1152. continue;
  1153. }
  1154. if (skip_prefix(arg, "--max-connections=", &v)) {
  1155. max_connections = atoi(v);
  1156. if (max_connections < 0)
  1157. max_connections = 0; /* unlimited */
  1158. continue;
  1159. }
  1160. if (!strcmp(arg, "--strict-paths")) {
  1161. strict_paths = 1;
  1162. continue;
  1163. }
  1164. if (skip_prefix(arg, "--base-path=", &v)) {
  1165. base_path = v;
  1166. continue;
  1167. }
  1168. if (!strcmp(arg, "--base-path-relaxed")) {
  1169. base_path_relaxed = 1;
  1170. continue;
  1171. }
  1172. if (skip_prefix(arg, "--interpolated-path=", &v)) {
  1173. interpolated_path = v;
  1174. continue;
  1175. }
  1176. if (!strcmp(arg, "--reuseaddr")) {
  1177. reuseaddr = 1;
  1178. continue;
  1179. }
  1180. if (!strcmp(arg, "--user-path")) {
  1181. user_path = "";
  1182. continue;
  1183. }
  1184. if (skip_prefix(arg, "--user-path=", &v)) {
  1185. user_path = v;
  1186. continue;
  1187. }
  1188. if (skip_prefix(arg, "--pid-file=", &v)) {
  1189. pid_file = v;
  1190. continue;
  1191. }
  1192. if (!strcmp(arg, "--detach")) {
  1193. detach = 1;
  1194. continue;
  1195. }
  1196. if (skip_prefix(arg, "--user=", &v)) {
  1197. user_name = v;
  1198. continue;
  1199. }
  1200. if (skip_prefix(arg, "--group=", &v)) {
  1201. group_name = v;
  1202. continue;
  1203. }
  1204. if (skip_prefix(arg, "--enable=", &v)) {
  1205. enable_service(v, 1);
  1206. continue;
  1207. }
  1208. if (skip_prefix(arg, "--disable=", &v)) {
  1209. enable_service(v, 0);
  1210. continue;
  1211. }
  1212. if (skip_prefix(arg, "--allow-override=", &v)) {
  1213. make_service_overridable(v, 1);
  1214. continue;
  1215. }
  1216. if (skip_prefix(arg, "--forbid-override=", &v)) {
  1217. make_service_overridable(v, 0);
  1218. continue;
  1219. }
  1220. if (!strcmp(arg, "--informative-errors")) {
  1221. informative_errors = 1;
  1222. continue;
  1223. }
  1224. if (!strcmp(arg, "--no-informative-errors")) {
  1225. informative_errors = 0;
  1226. continue;
  1227. }
  1228. if (!strcmp(arg, "--")) {
  1229. ok_paths = &argv[i+1];
  1230. break;
  1231. } else if (arg[0] != '-') {
  1232. ok_paths = &argv[i];
  1233. break;
  1234. }
  1235. usage(daemon_usage);
  1236. }
  1237. if (log_destination == LOG_DESTINATION_UNSET) {
  1238. if (inetd_mode || detach)
  1239. log_destination = LOG_DESTINATION_SYSLOG;
  1240. else
  1241. log_destination = LOG_DESTINATION_STDERR;
  1242. }
  1243. if (log_destination == LOG_DESTINATION_SYSLOG) {
  1244. openlog("git-daemon", LOG_PID, LOG_DAEMON);
  1245. set_die_routine(daemon_die);
  1246. } else
  1247. /* avoid splitting a message in the middle */
  1248. setvbuf(stderr, NULL, _IOFBF, 4096);
  1249. if (inetd_mode && (detach || group_name || user_name))
  1250. die("--detach, --user and --group are incompatible with --inetd");
  1251. if (inetd_mode && (listen_port || (listen_addr.nr > 0)))
  1252. die("--listen= and --port= are incompatible with --inetd");
  1253. else if (listen_port == 0)
  1254. listen_port = DEFAULT_GIT_PORT;
  1255. if (group_name && !user_name)
  1256. die("--group supplied without --user");
  1257. if (user_name)
  1258. cred = prepare_credentials(user_name, group_name);
  1259. if (strict_paths && (!ok_paths || !*ok_paths))
  1260. die("option --strict-paths requires a whitelist");
  1261. if (base_path && !is_directory(base_path))
  1262. die("base-path '%s' does not exist or is not a directory",
  1263. base_path);
  1264. if (log_destination != LOG_DESTINATION_STDERR) {
  1265. if (!freopen("/dev/null", "w", stderr))
  1266. die_errno("failed to redirect stderr to /dev/null");
  1267. }
  1268. if (inetd_mode || serve_mode)
  1269. return execute();
  1270. if (detach) {
  1271. if (daemonize())
  1272. die("--detach not supported on this platform");
  1273. }
  1274. if (pid_file)
  1275. write_file(pid_file, "%"PRIuMAX, (uintmax_t) getpid());
  1276. /* prepare argv for serving-processes */
  1277. argv_array_push(&cld_argv, argv[0]); /* git-daemon */
  1278. argv_array_push(&cld_argv, "--serve");
  1279. for (i = 1; i < argc; ++i)
  1280. argv_array_push(&cld_argv, argv[i]);
  1281. return serve(&listen_addr, listen_port, cred);
  1282. }