summaryrefslogtreecommitdiff
path: root/daemon.c
Commit message (Collapse)AuthorAgeFilesLines
* daemon: ensure that base-path is an existing directoryJohannes Sixt2008-02-271-0/+8
| | | | | | | | Any request to the daemon would fail if base-path (if specified) is not a directory. We now check for this condition early. Signed-off-by: Johannes Sixt <johannes.sixt@telecom.at> Signed-off-by: Junio C Hamano <gitster@pobox.com>
* daemon: send more error messages to the syslogJohannes Sixt2008-02-271-5/+5
| | | | | | | | | | There were a number of die() calls before the syslog was opened; hence, these error messages would have been sent to /dev/null in detached mode. Now we install the daemon-specific die routine before any error message is generated so that these messages go to the syslog. Signed-off-by: Johannes Sixt <johannes.sixt@telecom.at> Signed-off-by: Junio C Hamano <gitster@pobox.com>
* Style: place opening brace of a function definition at column 1Junio C Hamano2007-11-081-2/+4
| | | | Signed-off-by: Junio C Hamano <gitster@pobox.com>
* git-daemon: fix remote port number in log entryGerrit Pape2007-11-051-2/+2
| | | | | | | | The port number in struct sockaddr_in needs to be converted from network byte order to host byte order (on some architectures). Signed-off-by: Gerrit Pape <pape@smarden.org> Signed-off-by: Junio C Hamano <gitster@pobox.com>
* Define NI_MAXSERV if not defined by operating systemPatrick Welche2007-10-181-0/+4
| | | | | | | | I found I needed NI_MAXSERV as it is defined in netdb.h, which is not included by daemon.c. Rather than including the whole header we can define a reasonable fallback value. Signed-off-by: Shawn O. Pearce <spearce@spearce.org>
* --base-path-relaxed optionJens Axboe2007-08-011-2/+24
| | | | | | | | | | | | | | | | | | | | | I switched git.kernel.dk to --base-path a few minutes ago, to get rid of a /data/git postfix in the posted urls. But transitioning is tricky, since now all old paths will fail miserably. So I added this --base-path-relaxed option, that will make git-daemon try the absolute path without prefixing --base-path before giving up. With this in place and --base-path-relaxed added, both my new url of git://git.kernel.dk/linux-2.6-block.git and the old git://git.kernel.dk/data/git/linux-2.6-block.git work fine. Signed-off-by: Jens Axboe <jens.axboe@oracle.com> Signed-off-by: Junio C Hamano <gitster@pobox.com>
* Missing statics.Pierre Habouzit2007-06-081-1/+1
| | | | | Signed-off-by: Pierre Habouzit <madcoder@debian.org> Signed-off-by: Junio C Hamano <gitster@pobox.com>
* War on whitespaceJunio C Hamano2007-06-071-2/+2
| | | | | | | | | This uses "git-apply --whitespace=strip" to fix whitespace errors that have crept in to our source files over time. There are a few files that need to have trailing whitespaces (most notably, test vectors). The results still passes the test, and build result in Documentation/ area is unchanged. Signed-off-by: Junio C Hamano <gitster@pobox.com>
* git-daemon: don't ignore pid-file write failureJim Meyering2007-05-211-2/+2
| | | | | | | | Note: since the consequence of failure is to call die, I don't bother to close "f". Signed-off-by: Jim Meyering <jim@meyering.net> Signed-off-by: Junio C Hamano <junkio@cox.net>
* prefixcmp(): fix-up mechanical conversion.Junio C Hamano2007-02-201-1/+1
| | | | | | | | | | | | | Previous step converted use of strncmp() with literal string mechanically even when the result is only used as a boolean: if (!strncmp("foo", arg, 3)) ==> if (!(-prefixcmp(arg, "foo"))) This step manually cleans them up to read: if (!prefixcmp(arg, "foo")) Signed-off-by: Junio C Hamano <junkio@cox.net>
* Mechanical conversion to use prefixcmp()Junio C Hamano2007-02-201-16/+16
| | | | | | | | | | | | | | | | | | | | | | | | | | | | | This mechanically converts strncmp() to use prefixcmp(), but only when the parameters match specific patterns, so that they can be verified easily. Leftover from this will be fixed in a separate step, including idiotic conversions like if (!strncmp("foo", arg, 3)) => if (!(-prefixcmp(arg, "foo"))) This was done by using this script in px.perl #!/usr/bin/perl -i.bak -p if (/strncmp\(([^,]+), "([^\\"]*)", (\d+)\)/ && (length($2) == $3)) { s|strncmp\(([^,]+), "([^\\"]*)", (\d+)\)|prefixcmp($1, "$2")|; } if (/strncmp\("([^\\"]*)", ([^,]+), (\d+)\)/ && (length($1) == $3)) { s|strncmp\("([^\\"]*)", ([^,]+), (\d+)\)|(-prefixcmp($2, "$1"))|; } and running: $ git grep -l strncmp -- '*.c' | xargs perl px.perl Signed-off-by: Junio C Hamano <junkio@cox.net>
* git-daemon: Avoid leaking the listening sockets into child processes.Alexandre Julliard2007-02-141-0/+10
| | | | | | | | This makes it possible to restart git-daemon even if some children are still running. Signed-off-by: Alexandre Julliard <julliard@winehq.org> Signed-off-by: Junio C Hamano <junkio@cox.net>
* Assorted typo fixesPavel Roskin2007-02-031-1/+1
| | | | Signed-off-by: Junio C Hamano <junkio@cox.net>
* git-push through git protocolLinus Torvalds2007-01-281-0/+7
| | | | | | | | | | | | | | | | This allows pushing over the git:// protocol, and while it's not authenticated, it could make sense from within a firewalled setup where nobody but trusted internal people can reach the git port. git-daemon is possibly easier and faster to set up in the kind of situation where you set up git instead of CVS inside a company. "git-receive-pack" is disabled by default, so you need to enable it explicitly by starting git-daemon with the "--enable=receive-pack" command line argument, or by having your config enable it automatically. Signed-off-by: Linus Torvalds <torvalds@osdl.org> Signed-off-by: Junio C Hamano <junkio@cox.net>
* short i/o: fix calls to write to use xwrite or write_in_fullAndy Whitcroft2007-01-081-1/+1
| | | | | | | | | | | | | | We have a number of badly checked write() calls. Often we are expecting write() to write exactly the size we requested or fail, this fails to handle interrupts or short writes. Switch to using the new write_in_full(). Otherwise we at a minimum need to check for EINTR and EAGAIN, where this is appropriate use xwrite(). Note, the changes to config handling are much larger and handled in the next patch in the sequence. Signed-off-by: Andy Whitcroft <apw@shadowen.org> Signed-off-by: Junio C Hamano <junkio@cox.net>
* simplify inclusion of system header files.Junio C Hamano2006-12-201-13/+3
| | | | | | | | | | | | | | | | | | | | This is a mechanical clean-up of the way *.c files include system header files. (1) sources under compat/, platform sha-1 implementations, and xdelta code are exempt from the following rules; (2) the first #include must be "git-compat-util.h" or one of our own header file that includes it first (e.g. config.h, builtin.h, pkt-line.h); (3) system headers that are included in "git-compat-util.h" need not be included in individual C source files. (4) "git-compat-util.h" does not have to include subsystem specific header files (e.g. expat.h). Signed-off-by: Junio C Hamano <junkio@cox.net>
* daemon: do not die on older clients.Junio C Hamano2006-10-231-1/+5
| | | | | | | | | | In the older times, the clients did not say which host they were trying to connect, and the code we recently added did not quite handle the older clients correctly. Noticed by Simon Arlott. Signed-off-by: Junio C Hamano <junkio@cox.net>
* fix daemon.c compilation for NO_IPV6=1Alex Riesen2006-09-281-1/+1
| | | | | Signed-off-by: Alex Riesen <raa.lkml@gmail.com> Signed-off-by: Junio C Hamano <junkio@cox.net>
* daemon: default to 256 for HOST_NAME_MAX if it is not definedJohannes Schindelin2006-09-281-0/+4
| | | | | Signed-off-by: Johannes Schindelin <Johannes.Schindelin@gmx.de> Signed-off-by: Junio C Hamano <junkio@cox.net>
* Removed memory leaks from interpolation table uses.Jon Loeliger2006-09-271-20/+32
| | | | | | | | Clarified that parse_extra_args()s results in interpolation table entries. Removed a few trailing whitespace occurrences. Signed-off-by: Jon Loeliger <jdl@jdl.com> Signed-off-by: Junio C Hamano <junkio@cox.net>
* Cleaned up git-daemon virtual hosting support.Jon Loeliger2006-09-271-22/+129
| | | | | | | | | | | | | | | | | | | | | Standardized on lowercase hostnames from client. Added interpolation values for the IP address, port and canonical hostname of the server as it is contacted and named by the client and passed in via the extended args. Added --listen=host_or_ipaddr option suport. Renamed port variable as "listen_port" correspondingly as well. Documented mutual exclusivity of --inetd option with --user, --group, --listen and --port options. Added compat/inet_pton.c from Paul Vixie as needed. Small memory leaks need to be cleaned up still. Signed-off-by: Jon Loeliger <jdl@jdl.com> Signed-off-by: Junio C Hamano <junkio@cox.net>
* Add virtualization support to git-daemonJon Loeliger2006-09-201-10/+79
| | | | | Signed-off-by: Jon Loeliger Signed-off-by: Junio C Hamano <junkio@cox.net>
* Add git-upload-archiveFranck Bui-Huu2006-09-091-0/+7
| | | | | | | | | | | | | | | | | | | | | This command implements the git archive protocol on the server side. This command is not intended to be used by the end user. Underlying git-archive command line options are sent over the protocol from "git-archive --remote=...", just like upload-tar currently does with "git-tar-tree=...". As for "git-archive" command implementation, this new command does not execute any existing "git-{tar,zip}-tree" but rely on the archive API defined by "git-archive" patch. Hence we get 2 good points: - "git-archive" and "git-upload-archive" share all option parsing code. - All kind of git-upload-{tar,zip} can be deprecated. Signed-off-by: Franck Bui-Huu <vagabon.xyz@gmail.com> Signed-off-by: Junio C Hamano <junkio@cox.net>
* Revert "daemon: add upload-tar service."Junio C Hamano2006-09-071-7/+1
| | | | | | | | | | This reverts parts of commit 74c0cc2 and part of commit 355f541. Franck and Rene are working on a unified upload-archive which would supersede this when done, so better not to get in their way. Signed-off-by: Junio C Hamano <junkio@cox.net>
* daemon: add upload-tar service.Junio C Hamano2006-08-271-4/+11
| | | | | | | | | | | | | | | | | This allows clients to ask for tarballs with: git tar-tree --remote=git://server/repo refname By default, the upload-tar service is not enabled. To enable it server-wide, the server can be started with: git-daemon --enable=upload-tar This service is by default overridable per repostiory, so alternatively, a repository can define "daemon.uploadtar = true" to enable it. Signed-off-by: Junio C Hamano <junkio@cox.net>
* daemon: prepare for multiple services.Junio C Hamano2006-08-271-7/+106
| | | | | | | | | This adds an infrastructure to selectively enable and disable more than one services in git-daemon. Currently upload-pack service, which serves the git-fetch-pack and git-peek-remote clients, is the only service that is defined. Signed-off-by: Junio C Hamano <junkio@cox.net>
* Merge branch 'ts/daemon'Junio C Hamano2006-08-271-4/+45
|\ | | | | | | | | * ts/daemon: Added support for dropping privileges to git-daemon.
| * Added support for dropping privileges to git-daemon.Tilman Sauerbeck2006-08-221-4/+45
| | | | | | | | | | Signed-off-by: Tilman Sauerbeck <tilman@code-monkey.de> Signed-off-by: Junio C Hamano <junkio@cox.net>
* | Use xrealloc instead of reallocJonas Fonseca2006-08-261-6/+1
|/ | | | | | | | | Change places that use realloc, without a proper error path, to instead use xrealloc. Drop an erroneous error path in the daemon code that used errno in the die message in favour of the simpler xrealloc. Signed-off-by: Jonas Fonseca <fonseca@diku.dk> Signed-off-by: Junio C Hamano <junkio@cox.net>
* remove unnecessary initializationsDavid Rientjes2006-08-151-10/+10
| | | | | | | | [jc: I needed to hand merge the changes to the updated codebase, so the result needs to be checked.] Signed-off-by: David Rientjes <rientjes@google.com> Signed-off-by: Junio C Hamano <junkio@cox.net>
* daemon: documentation for --reuseaddr, --detach and --pid-fileMatthias Lederhofer2006-07-271-1/+1
| | | | | Signed-off-by: Matthias Lederhofer <matled@gmx.net> Signed-off-by: Junio C Hamano <junkio@cox.net>
* daemon: new option --detach to run git-daemon in backgroundMatthias Lederhofer2006-07-131-1/+28
| | | | | Signed-off-by: Matthias Lederhofer <matled@gmx.net> Signed-off-by: Junio C Hamano <junkio@cox.net>
* daemon: new option --pid-file=<path> to store the pidMatthias Lederhofer2006-07-131-0/+17
| | | | | Signed-off-by: Matthias Lederhofer <matled@gmx.net> Signed-off-by: Junio C Hamano <junkio@cox.net>
* daemon: if one of the standard fds is missing open it to /dev/nullMatthias Lederhofer2006-07-131-0/+14
| | | | | Signed-off-by: Matthias Lederhofer <matled@gmx.net> Signed-off-by: Junio C Hamano <junkio@cox.net>
* daemon: use a custom die routine with syslogMatthias Lederhofer2006-07-131-8/+11
| | | | | | | | Removed the git-daemon prefix from die() because no other call to die does this. Signed-off-by: Matthias Lederhofer <matled@gmx.net> Signed-off-by: Junio C Hamano <junkio@cox.net>
* Make some strings constTimo Hirvonen2006-06-281-2/+2
| | | | | Signed-off-by: Timo Hirvonen <tihirvon@gmail.com> Signed-off-by: Junio C Hamano <junkio@cox.net>
* Merge branch 'jc/upload-corrupt' into nextJunio C Hamano2006-06-211-1/+1
|\ | | | | | | | | * jc/upload-corrupt: daemon: send stderr to /dev/null instead of closing.
| * daemon: send stderr to /dev/null instead of closing.Junio C Hamano2006-06-211-1/+1
| | | | | | | | Signed-off-by: Junio C Hamano <junkio@cox.net>
* | Merge branch 'master' into nextJunio C Hamano2006-06-211-24/+34
|\ \ | |/ | | | | | | | | * master: checkout -f: do not leave untracked working tree files. Log peer address when git-daemon called from inetd
| * Log peer address when git-daemon called from inetdDavid Woodhouse2006-06-201-24/+34
| | | | | | | | | | | | | | | | | | | | | | When we run git-daemon from inetd, even with the --verbose option, it doesn't log the peer address. That logic was only in the standalone daemon code -- move it to the execute() function instead. Tested with both IPv6 and Legacy IP clients, in both inetd and daemon mode. Signed-off-by: David Woodhouse <dwmw2@infradead.org> Acked-by: Jon Loeliger <jdl@jdl.com> Signed-off-by: Junio C Hamano <junkio@cox.net>
* | Restore SIGCHLD to SIG_DFL where we care about waitpid().Junio C Hamano2006-06-191-0/+5
|/ | | | | | | | | | | | | | | | | | | | | | | | | | | It was reported that under one implementation of socks client "git clone" fails with "error: waitpid failed (No child processes)", because "git" is spawned after setting SIGCHLD to SIG_IGN. Arguably it may be a broken setting, but we should protect ourselves so that we can get reliable results from waitpid() for the children we care about. This patch resets SIGCHLD to SIG_DFL in three places: - connect.c::git_connect() - initiators of git native protocol transfer are covered with this. - daemon.c::main() - obviously. - merge-index.c::main() - obviously. There are other programs that do fork() but do not waitpid(): http-push, imap-send. upload-pack does not either, but in the case of that program, each of the forked halves runs exec() another program, so this change would not have much effect there. Signed-off-by: Junio C Hamano <junkio@cox.net>
* Refactor git_tcp_connect() functions a little.Jon Loeliger2006-06-061-2/+7
| | | | | | | | Add client side sending of "\0host=%s\0" extended arg for git native protocol, backwards compatibly. Signed-off-by: Jon Loeliger <jdl@jdl.com> Signed-off-by: Junio C Hamano <junkio@cox.net>
* socksetup: don't return on set_reuse_addr() errorSerge E. Hallyn2006-04-181-1/+1
| | | | | | | | | | The set_reuse_addr() error case was the only error case in socklist() where we returned rather than continued. Not sure why. Either we must free the socklist, or continue. This patch continues on error. Signed-off-by: Serge E. Hallyn <serue@us.ibm.com> Signed-off-by: Junio C Hamano <junkio@cox.net>
* daemon: extend user-relative path notation.Junio C Hamano2006-02-051-7/+42
| | | | | | | | | | | | | | | | | | | Earlier, we made --base-path to automatically forbid user-relative paths, which was probably a mistake. This introduces --user-path (or --user-path=path) option to control the use of user-relative paths independently. The latter form of the option can be used to restrict accesses to a part of each user's home directory, similar to "public_html" some webservers supports. If we're invoked with --user-path=FOO option, then a URL of the form git://~USER/PATH/... resolves to the path HOME/FOO/PATH/..., where HOME is USER's home directory. [jc: This is much reworked by me so bugs are mine, but the original patch was done by Mark Wooding.] Signed-off-by: Junio C Hamano <junkio@cox.net>
* daemon: Set SO_REUSEADDR on listening sockets.Mark Wooding2006-02-051-1/+26
| | | | | | | | | | | Without this, you can silently lose the ability to receive IPv4 connections if you stop and restart the daemon. [jc: tweaked code organization a bit and made this controllable from a command line option.] Signed-off-by: Mark Wooding <mdw@distorted.org.uk> Signed-off-by: Junio C Hamano <junkio@cox.net>
* daemon: do not forbid user relative paths unconditionally under --base-pathJunio C Hamano2006-02-051-4/+8
| | | | | | | | Using base-path to relocate the server public space does not have anything to do with allowing or forbidding user relative paths. Signed-off-by: Junio C Hamano <junkio@cox.net>
* daemon: Provide missing argument for logerror() call.Mark Wooding2006-02-031-1/+1
| | | | | | | | | | Could cause a crash if --base-path set. Unlikely to be a security the concern: message doesn't go to the client, so we can't leak anything (except by dumping core), and we've already forked, so it's not a denial of service. Signed-off-by: Mark Wooding <mdw@distorted.org.uk> Signed-off-by: Junio C Hamano <junkio@cox.net>
* Exec git programs without using PATH.Michal Ostrowski2006-01-131-1/+2
| | | | | | | | | | | | | | | | | | | | | | | | | The git suite may not be in PATH (and thus programs such as git-send-pack could not exec git-rev-list). Thus there is a need for logic that will locate these programs. Modifying PATH is not desirable as it result in behavior differing from the user's intentions, as we may end up prepending "/usr/bin" to PATH. - git C programs will use exec*_git_cmd() APIs to exec sub-commands. - exec*_git_cmd() will execute a git program by searching for it in the following directories: 1. --exec-path (as used by "git") 2. The GIT_EXEC_PATH environment variable. 3. $(gitexecdir) as set in Makefile (default value $(bindir)). - git wrapper will modify PATH as before to enable shell scripts to invoke "git-foo" commands. Ideally, shell scripts should use the git wrapper to become independent of PATH, and then modifying PATH will not be necessary. [jc: with minor updates after a brief review.] Signed-off-by: Michal Ostrowski <mostrows@watson.ibm.com> Signed-off-by: Junio C Hamano <junkio@cox.net>
* git-daemon --base-pathPetr Baudis2006-01-071-1/+20
| | | | | | | | | | Tommi Virtanen expressed a wish on #git to be able to use short and elegant git URLs by making git-daemon 'root' in a given directory. This patch implements this, causing git-daemon to interpret all paths relative to the given base path if any is given. Signed-off-by: Petr Baudis <pasky@suse.cz> Signed-off-by: Junio C Hamano <junkio@cox.net>
* [PATCH] daemon.c and path.enter_repo(): revamp path validation.Junio C Hamano2005-12-031-4/+60
| | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | The whitelist of git-daemon is checked against return value from enter_repo(), and enter_repo() used to return the value obtained from getcwd() to avoid directory aliasing issues as discussed earier (mid October 2005). Unfortunately, it did not go well as we hoped. For example, /pub on a kernel.org public machine is a symlink to its real mountpoint, and it is understandable that the administrator does not want to adjust the whitelist every time /pub needs to point at a different partition for storage allcation or whatever reasons. Being able to keep using /pub/scm as the whitelist is a desirable property. So this version of enter_repo() reports what it used to chdir() and validate, but does not use getcwd() to canonicalize the directory name. When it sees a user relative path ~user/path, it internally resolves it to try chdir() there, but it still reports ~user/path (possibly after appending .git if allowed to do so, in which case it would report ~user/path.git). What this means is that if a whitelist wants to allow a user relative path, it needs to say "~" (for all users) or list user home directories like "~alice" "~bob". And no, you cannot say /home if the advertised way to access user home directories are ~alice,~bob, etc. The whole point of this is to avoid unnecessary aliasing issues. Anyway, because of this, daemon needs to do a bit more work to guard itself. Namely, it needs to make sure that the accessor does not try to exploit its leading path match rule by inserting /../ in the middle or hanging /.. at the end. I resurrected the belts and suspender paranoia code HPA did for this purpose. This check cannot be done in the enter_repo() unconditionally, because there are valid callers of enter_repo() that want to honor /../; authorized users coming over ssh to run send-pack and fetch-pack should be allowed to do so. Signed-off-by: Junio C Hamano <junkio@cox.net>