3 #include <sys/socket.h>
7 #include <netinet/in.h>
16 #include "interpolate.h"
19 #define HOST_NAME_MAX 256
22 static int log_syslog;
26 static const char daemon_usage[] =
27 "git-daemon [--verbose] [--syslog] [--export-all]\n"
28 " [--timeout=n] [--init-timeout=n] [--strict-paths]\n"
29 " [--base-path=path] [--user-path | --user-path=path]\n"
30 " [--interpolated-path=path]\n"
31 " [--reuseaddr] [--detach] [--pid-file=file]\n"
32 " [--[enable|disable|allow-override|forbid-override]=service]\n"
33 " [--inetd | [--listen=host_or_ipaddr] [--port=n]\n"
34 " [--user=user [--group=group]]\n"
37 /* List of acceptable pathname prefixes */
38 static char **ok_paths;
39 static int strict_paths;
41 /* If this is set, git-daemon-export-ok is not required */
42 static int export_all_trees;
44 /* Take all paths relative to this one if non-NULL */
45 static char *base_path;
46 static char *interpolated_path;
48 /* Flag indicating client sent extra args. */
49 static int saw_extended_args;
51 /* If defined, ~user notation is allowed and the string is inserted
52 * after ~user/. E.g. a request to git://host/~alice/frotz would
53 * go to /home/alice/pub_git/frotz with --user-path=pub_git.
55 static const char *user_path;
57 /* Timeout, and initial timeout */
58 static unsigned int timeout;
59 static unsigned int init_timeout;
62 * Static table for now. Ugh.
63 * Feel free to make dynamic as needed.
65 #define INTERP_SLOT_HOST (0)
66 #define INTERP_SLOT_CANON_HOST (1)
67 #define INTERP_SLOT_IP (2)
68 #define INTERP_SLOT_PORT (3)
69 #define INTERP_SLOT_DIR (4)
70 #define INTERP_SLOT_PERCENT (5)
72 static struct interp interp_table[] = {
82 static void logreport(int priority, const char *err, va_list params)
84 /* We should do a single write so that it is atomic and output
85 * of several processes do not get intermingled. */
90 /* sizeof(buf) should be big enough for "[pid] \n" */
91 buflen = snprintf(buf, sizeof(buf), "[%ld] ", (long) getpid());
93 maxlen = sizeof(buf) - buflen - 1; /* -1 for our own LF */
94 msglen = vsnprintf(buf + buflen, maxlen, err, params);
97 syslog(priority, "%s", buf);
101 /* maxlen counted our own LF but also counts space given to
102 * vsnprintf for the terminating NUL. We want to make sure that
103 * we have space for our own LF and NUL after the "meat" of the
104 * message, so truncate it at maxlen - 1.
106 if (msglen > maxlen - 1)
109 msglen = 0; /* Protect against weird return values. */
112 buf[buflen++] = '\n';
115 write(2, buf, buflen);
118 static void logerror(const char *err, ...)
121 va_start(params, err);
122 logreport(LOG_ERR, err, params);
126 static void loginfo(const char *err, ...)
131 va_start(params, err);
132 logreport(LOG_INFO, err, params);
136 static void NORETURN daemon_die(const char *err, va_list params)
138 logreport(LOG_ERR, err, params);
142 static int avoid_alias(char *p)
147 * This resurrects the belts and suspenders paranoia check by HPA
148 * done in <435560F7.4080006@zytor.com> thread, now enter_repo()
149 * does not do getcwd() based path canonicalizations.
151 * sl becomes true immediately after seeing '/' and continues to
152 * be true as long as dots continue after that without intervening
155 if (!p || (*p != '/' && *p != '~'))
165 else if (ch == '/') {
167 /* reject //, /./ and /../ */
172 if (0 < ndot && ndot < 3)
173 /* reject /.$ and /..$ */
182 else if (ch == '/') {
189 static char *path_ok(struct interp *itable)
191 static char rpath[PATH_MAX];
192 static char interp_path[PATH_MAX];
196 dir = itable[INTERP_SLOT_DIR].value;
198 if (avoid_alias(dir)) {
199 logerror("'%s': aliased", dir);
205 logerror("'%s': User-path not allowed", dir);
209 /* Got either "~alice" or "~alice/foo";
210 * rewrite them to "~alice/%s" or
213 int namlen, restlen = strlen(dir);
214 char *slash = strchr(dir, '/');
216 slash = dir + restlen;
217 namlen = slash - dir;
219 loginfo("userpath <%s>, request <%s>, namlen %d, restlen %d, slash <%s>", user_path, dir, namlen, restlen, slash);
220 snprintf(rpath, PATH_MAX, "%.*s/%s%.*s",
221 namlen, dir, user_path, restlen, slash);
225 else if (interpolated_path && saw_extended_args) {
227 /* Allow only absolute */
228 logerror("'%s': Non-absolute path denied (interpolated-path active)", dir);
232 interpolate(interp_path, PATH_MAX, interpolated_path,
233 interp_table, ARRAY_SIZE(interp_table));
234 loginfo("Interpolated dir '%s'", interp_path);
238 else if (base_path) {
240 /* Allow only absolute */
241 logerror("'%s': Non-absolute path denied (base-path active)", dir);
244 snprintf(rpath, PATH_MAX, "%s%s", base_path, dir);
248 path = enter_repo(dir, strict_paths);
251 logerror("'%s': unable to chdir or not a git archive", dir);
255 if ( ok_paths && *ok_paths ) {
257 int pathlen = strlen(path);
259 /* The validation is done on the paths after enter_repo
260 * appends optional {.git,.git/.git} and friends, but
261 * it does not use getcwd(). So if your /pub is
262 * a symlink to /mnt/pub, you can whitelist /pub and
263 * do not have to say /mnt/pub.
266 for ( pp = ok_paths ; *pp ; pp++ ) {
267 int len = strlen(*pp);
268 if (len <= pathlen &&
269 !memcmp(*pp, path, len) &&
270 (path[len] == '\0' ||
271 (!strict_paths && path[len] == '/')))
276 /* be backwards compatible */
281 logerror("'%s': not in whitelist", path);
282 return NULL; /* Fallthrough. Deny by default */
285 typedef int (*daemon_service_fn)(void);
286 struct daemon_service {
288 const char *config_name;
289 daemon_service_fn fn;
294 static struct daemon_service *service_looking_at;
295 static int service_enabled;
297 static int git_daemon_config(const char *var, const char *value)
299 if (!strncmp(var, "daemon.", 7) &&
300 !strcmp(var + 7, service_looking_at->config_name)) {
301 service_enabled = git_config_bool(var, value);
305 /* we are not interested in parsing any other configuration here */
309 static int run_service(struct interp *itable, struct daemon_service *service)
312 int enabled = service->enabled;
314 loginfo("Request %s for '%s'",
316 itable[INTERP_SLOT_DIR].value);
318 if (!enabled && !service->overridable) {
319 logerror("'%s': service not enabled.", service->name);
324 if (!(path = path_ok(itable)))
328 * Security on the cheap.
330 * We want a readable HEAD, usable "objects" directory, and
331 * a "git-daemon-export-ok" flag that says that the other side
332 * is ok with us doing this.
334 * path_ok() uses enter_repo() and does whitelist checking.
335 * We only need to make sure the repository is exported.
338 if (!export_all_trees && access("git-daemon-export-ok", F_OK)) {
339 logerror("'%s': repository not exported.", path);
344 if (service->overridable) {
345 service_looking_at = service;
346 service_enabled = -1;
347 git_config(git_daemon_config);
348 if (0 <= service_enabled)
349 enabled = service_enabled;
352 logerror("'%s': service not enabled for '%s'",
353 service->name, path);
359 * We'll ignore SIGTERM from now on, we have a
362 signal(SIGTERM, SIG_IGN);
364 return service->fn();
367 static int upload_pack(void)
369 /* Timeout as string */
370 char timeout_buf[64];
372 snprintf(timeout_buf, sizeof timeout_buf, "--timeout=%u", timeout);
374 /* git-upload-pack only ever reads stuff, so this is safe */
375 execl_git_cmd("upload-pack", "--strict", timeout_buf, ".", NULL);
379 static int upload_archive(void)
381 execl_git_cmd("upload-archive", ".", NULL);
385 static struct daemon_service daemon_service[] = {
386 { "upload-archive", "uploadarch", upload_archive, 0, 1 },
387 { "upload-pack", "uploadpack", upload_pack, 1, 1 },
390 static void enable_service(const char *name, int ena) {
392 for (i = 0; i < ARRAY_SIZE(daemon_service); i++) {
393 if (!strcmp(daemon_service[i].name, name)) {
394 daemon_service[i].enabled = ena;
398 die("No such service %s", name);
401 static void make_service_overridable(const char *name, int ena) {
403 for (i = 0; i < ARRAY_SIZE(daemon_service); i++) {
404 if (!strcmp(daemon_service[i].name, name)) {
405 daemon_service[i].overridable = ena;
409 die("No such service %s", name);
413 * Separate the "extra args" information as supplied by the client connection.
414 * Any resulting data is squirrelled away in the given interpolation table.
416 static void parse_extra_args(struct interp *table, char *extra_args, int buflen)
420 char *end = extra_args + buflen;
422 while (extra_args < end && *extra_args) {
423 saw_extended_args = 1;
424 if (strncasecmp("host=", extra_args, 5) == 0) {
425 val = extra_args + 5;
426 vallen = strlen(val) + 1;
428 /* Split <host>:<port> at colon. */
430 char *port = strrchr(host, ':');
434 interp_set_entry(table, INTERP_SLOT_PORT, port);
436 interp_set_entry(table, INTERP_SLOT_HOST, host);
439 /* On to the next one */
440 extra_args = val + vallen;
445 void fill_in_extra_table_entries(struct interp *itable)
450 * Replace literal host with lowercase-ized hostname.
452 hp = interp_table[INTERP_SLOT_HOST].value;
457 * Locate canonical hostname and its IP address.
461 struct addrinfo hints;
462 struct addrinfo *ai, *ai0;
464 static char addrbuf[HOST_NAME_MAX + 1];
466 memset(&hints, 0, sizeof(hints));
467 hints.ai_flags = AI_CANONNAME;
469 gai = getaddrinfo(interp_table[INTERP_SLOT_HOST].value, 0, &hints, &ai0);
471 for (ai = ai0; ai; ai = ai->ai_next) {
472 struct sockaddr_in *sin_addr = (void *)ai->ai_addr;
474 inet_ntop(AF_INET, &sin_addr->sin_addr,
475 addrbuf, sizeof(addrbuf));
476 interp_set_entry(interp_table,
477 INTERP_SLOT_CANON_HOST, ai->ai_canonname);
478 interp_set_entry(interp_table,
479 INTERP_SLOT_IP, addrbuf);
487 struct hostent *hent;
488 struct sockaddr_in sa;
490 static char addrbuf[HOST_NAME_MAX + 1];
492 hent = gethostbyname(interp_table[INTERP_SLOT_HOST].value);
494 ap = hent->h_addr_list;
495 memset(&sa, 0, sizeof sa);
496 sa.sin_family = hent->h_addrtype;
497 sa.sin_port = htons(0);
498 memcpy(&sa.sin_addr, *ap, hent->h_length);
500 inet_ntop(hent->h_addrtype, &sa.sin_addr,
501 addrbuf, sizeof(addrbuf));
503 interp_set_entry(interp_table, INTERP_SLOT_CANON_HOST, hent->h_name);
504 interp_set_entry(interp_table, INTERP_SLOT_IP, addrbuf);
510 static int execute(struct sockaddr *addr)
512 static char line[1000];
516 char addrbuf[256] = "";
519 if (addr->sa_family == AF_INET) {
520 struct sockaddr_in *sin_addr = (void *) addr;
521 inet_ntop(addr->sa_family, &sin_addr->sin_addr, addrbuf, sizeof(addrbuf));
522 port = sin_addr->sin_port;
524 } else if (addr && addr->sa_family == AF_INET6) {
525 struct sockaddr_in6 *sin6_addr = (void *) addr;
528 *buf++ = '['; *buf = '\0'; /* stpcpy() is cool */
529 inet_ntop(AF_INET6, &sin6_addr->sin6_addr, buf, sizeof(addrbuf) - 1);
532 port = sin6_addr->sin6_port;
535 loginfo("Connection from %s:%d", addrbuf, port);
538 alarm(init_timeout ? init_timeout : timeout);
539 pktlen = packet_read_line(0, line, sizeof(line));
544 loginfo("Extended attributes (%d bytes) exist <%.*s>",
546 (int) pktlen - len, line + len + 1);
547 if (len && line[len-1] == '\n')
551 * Initialize the path interpolation table for this connection.
553 interp_clear_table(interp_table, ARRAY_SIZE(interp_table));
554 interp_set_entry(interp_table, INTERP_SLOT_PERCENT, "%");
557 parse_extra_args(interp_table, line + len + 1, pktlen - len - 1);
558 fill_in_extra_table_entries(interp_table);
561 for (i = 0; i < ARRAY_SIZE(daemon_service); i++) {
562 struct daemon_service *s = &(daemon_service[i]);
563 int namelen = strlen(s->name);
564 if (!strncmp("git-", line, 4) &&
565 !strncmp(s->name, line + 4, namelen) &&
566 line[namelen + 4] == ' ') {
568 * Note: The directory here is probably context sensitive,
569 * and might depend on the actual service being performed.
571 interp_set_entry(interp_table,
572 INTERP_SLOT_DIR, line + namelen + 5);
573 return run_service(interp_table, s);
577 logerror("Protocol error: '%s'", line);
583 * We count spawned/reaped separately, just to avoid any
584 * races when updating them from signals. The SIGCHLD handler
585 * will only update children_reaped, and the fork logic will
586 * only update children_spawned.
588 * MAX_CHILDREN should be a power-of-two to make the modulus
589 * operation cheap. It should also be at least twice
590 * the maximum number of connections we will ever allow.
592 #define MAX_CHILDREN 128
594 static int max_connections = 25;
596 /* These are updated by the signal handler */
597 static volatile unsigned int children_reaped;
598 static pid_t dead_child[MAX_CHILDREN];
600 /* These are updated by the main loop */
601 static unsigned int children_spawned;
602 static unsigned int children_deleted;
604 static struct child {
607 struct sockaddr_storage address;
608 } live_child[MAX_CHILDREN];
610 static void add_child(int idx, pid_t pid, struct sockaddr *addr, int addrlen)
612 live_child[idx].pid = pid;
613 live_child[idx].addrlen = addrlen;
614 memcpy(&live_child[idx].address, addr, addrlen);
618 * Walk from "deleted" to "spawned", and remove child "pid".
620 * We move everything up by one, since the new "deleted" will
623 static void remove_child(pid_t pid, unsigned deleted, unsigned spawned)
627 deleted %= MAX_CHILDREN;
628 spawned %= MAX_CHILDREN;
629 if (live_child[deleted].pid == pid) {
630 live_child[deleted].pid = -1;
633 n = live_child[deleted];
636 deleted = (deleted + 1) % MAX_CHILDREN;
637 if (deleted == spawned)
638 die("could not find dead child %d\n", pid);
639 m = live_child[deleted];
640 live_child[deleted] = n;
648 * This gets called if the number of connections grows
649 * past "max_connections".
651 * We _should_ start off by searching for connections
652 * from the same IP, and if there is some address wth
653 * multiple connections, we should kill that first.
655 * As it is, we just "randomly" kill 25% of the connections,
656 * and our pseudo-random generator sucks too. I have no
659 * Really, this is just a place-holder for a _real_ algorithm.
661 static void kill_some_children(int signo, unsigned start, unsigned stop)
663 start %= MAX_CHILDREN;
664 stop %= MAX_CHILDREN;
665 while (start != stop) {
667 kill(live_child[start].pid, signo);
668 start = (start + 1) % MAX_CHILDREN;
672 static void check_max_connections(void)
676 unsigned spawned, reaped, deleted;
678 spawned = children_spawned;
679 reaped = children_reaped;
680 deleted = children_deleted;
682 while (deleted < reaped) {
683 pid_t pid = dead_child[deleted % MAX_CHILDREN];
684 remove_child(pid, deleted, spawned);
687 children_deleted = deleted;
689 active = spawned - deleted;
690 if (active <= max_connections)
693 /* Kill some unstarted connections with SIGTERM */
694 kill_some_children(SIGTERM, deleted, spawned);
695 if (active <= max_connections << 1)
698 /* If the SIGTERM thing isn't helping use SIGKILL */
699 kill_some_children(SIGKILL, deleted, spawned);
704 static void handle(int incoming, struct sockaddr *addr, int addrlen)
715 idx = children_spawned % MAX_CHILDREN;
717 add_child(idx, pid, addr, addrlen);
719 check_max_connections();
730 static void child_handler(int signo)
734 pid_t pid = waitpid(-1, &status, WNOHANG);
737 unsigned reaped = children_reaped;
738 dead_child[reaped % MAX_CHILDREN] = pid;
739 children_reaped = reaped + 1;
740 /* XXX: Custom logging, since we don't wanna getpid() */
742 const char *dead = "";
743 if (!WIFEXITED(status) || WEXITSTATUS(status) > 0)
744 dead = " (with error)";
746 syslog(LOG_INFO, "[%d] Disconnected%s", pid, dead);
748 fprintf(stderr, "[%d] Disconnected%s\n", pid, dead);
756 static int set_reuse_addr(int sockfd)
762 return setsockopt(sockfd, SOL_SOCKET, SO_REUSEADDR,
768 static int socksetup(char *listen_addr, int listen_port, int **socklist_p)
770 int socknum = 0, *socklist = NULL;
772 char pbuf[NI_MAXSERV];
773 struct addrinfo hints, *ai0, *ai;
776 sprintf(pbuf, "%d", listen_port);
777 memset(&hints, 0, sizeof(hints));
778 hints.ai_family = AF_UNSPEC;
779 hints.ai_socktype = SOCK_STREAM;
780 hints.ai_protocol = IPPROTO_TCP;
781 hints.ai_flags = AI_PASSIVE;
783 gai = getaddrinfo(listen_addr, pbuf, &hints, &ai0);
785 die("getaddrinfo() failed: %s\n", gai_strerror(gai));
787 for (ai = ai0; ai; ai = ai->ai_next) {
790 sockfd = socket(ai->ai_family, ai->ai_socktype, ai->ai_protocol);
793 if (sockfd >= FD_SETSIZE) {
794 error("too large socket descriptor.");
800 if (ai->ai_family == AF_INET6) {
802 setsockopt(sockfd, IPPROTO_IPV6, IPV6_V6ONLY,
804 /* Note: error is not fatal */
808 if (set_reuse_addr(sockfd)) {
813 if (bind(sockfd, ai->ai_addr, ai->ai_addrlen) < 0) {
815 continue; /* not fatal */
817 if (listen(sockfd, 5) < 0) {
819 continue; /* not fatal */
822 socklist = xrealloc(socklist, sizeof(int) * (socknum + 1));
823 socklist[socknum++] = sockfd;
831 *socklist_p = socklist;
837 static int socksetup(char *listen_addr, int listen_port, int **socklist_p)
839 struct sockaddr_in sin;
842 memset(&sin, 0, sizeof sin);
843 sin.sin_family = AF_INET;
844 sin.sin_port = htons(listen_port);
847 /* Well, host better be an IP address here. */
848 if (inet_pton(AF_INET, listen_addr, &sin.sin_addr.s_addr) <= 0)
851 sin.sin_addr.s_addr = htonl(INADDR_ANY);
854 sockfd = socket(AF_INET, SOCK_STREAM, 0);
858 if (set_reuse_addr(sockfd)) {
863 if ( bind(sockfd, (struct sockaddr *)&sin, sizeof sin) < 0 ) {
868 if (listen(sockfd, 5) < 0) {
873 *socklist_p = xmalloc(sizeof(int));
874 **socklist_p = sockfd;
880 static int service_loop(int socknum, int *socklist)
885 pfd = xcalloc(socknum, sizeof(struct pollfd));
887 for (i = 0; i < socknum; i++) {
888 pfd[i].fd = socklist[i];
889 pfd[i].events = POLLIN;
892 signal(SIGCHLD, child_handler);
897 if (poll(pfd, socknum, -1) < 0) {
898 if (errno != EINTR) {
899 error("poll failed, resuming: %s",
906 for (i = 0; i < socknum; i++) {
907 if (pfd[i].revents & POLLIN) {
908 struct sockaddr_storage ss;
909 unsigned int sslen = sizeof(ss);
910 int incoming = accept(pfd[i].fd, (struct sockaddr *)&ss, &sslen);
918 die("accept returned %s", strerror(errno));
921 handle(incoming, (struct sockaddr *)&ss, sslen);
927 /* if any standard file descriptor is missing open it to /dev/null */
928 static void sanitize_stdfds(void)
930 int fd = open("/dev/null", O_RDWR, 0);
931 while (fd != -1 && fd < 2)
934 die("open /dev/null or dup failed: %s", strerror(errno));
939 static void daemonize(void)
945 die("fork failed: %s", strerror(errno));
950 die("setsid failed: %s", strerror(errno));
957 static void store_pid(const char *path)
959 FILE *f = fopen(path, "w");
961 die("cannot open pid file %s: %s", path, strerror(errno));
962 fprintf(f, "%d\n", getpid());
966 static int serve(char *listen_addr, int listen_port, struct passwd *pass, gid_t gid)
968 int socknum, *socklist;
970 socknum = socksetup(listen_addr, listen_port, &socklist);
972 die("unable to allocate any listen sockets on host %s port %u",
973 listen_addr, listen_port);
976 (initgroups(pass->pw_name, gid) || setgid (gid) ||
977 setuid(pass->pw_uid)))
978 die("cannot drop privileges");
980 return service_loop(socknum, socklist);
983 int main(int argc, char **argv)
986 char *listen_addr = NULL;
988 const char *pid_file = NULL, *user_name = NULL, *group_name = NULL;
990 struct passwd *pass = NULL;
995 /* Without this we cannot rely on waitpid() to tell
996 * what happened to our children.
998 signal(SIGCHLD, SIG_DFL);
1000 for (i = 1; i < argc; i++) {
1001 char *arg = argv[i];
1003 if (!strncmp(arg, "--listen=", 9)) {
1005 char *ph = listen_addr = xmalloc(strlen(arg + 9) + 1);
1007 *ph++ = tolower(*p++);
1011 if (!strncmp(arg, "--port=", 7)) {
1014 n = strtoul(arg+7, &end, 0);
1015 if (arg[7] && !*end) {
1020 if (!strcmp(arg, "--inetd")) {
1025 if (!strcmp(arg, "--verbose")) {
1029 if (!strcmp(arg, "--syslog")) {
1033 if (!strcmp(arg, "--export-all")) {
1034 export_all_trees = 1;
1037 if (!strncmp(arg, "--timeout=", 10)) {
1038 timeout = atoi(arg+10);
1041 if (!strncmp(arg, "--init-timeout=", 15)) {
1042 init_timeout = atoi(arg+15);
1045 if (!strcmp(arg, "--strict-paths")) {
1049 if (!strncmp(arg, "--base-path=", 12)) {
1053 if (!strncmp(arg, "--interpolated-path=", 20)) {
1054 interpolated_path = arg+20;
1057 if (!strcmp(arg, "--reuseaddr")) {
1061 if (!strcmp(arg, "--user-path")) {
1065 if (!strncmp(arg, "--user-path=", 12)) {
1066 user_path = arg + 12;
1069 if (!strncmp(arg, "--pid-file=", 11)) {
1070 pid_file = arg + 11;
1073 if (!strcmp(arg, "--detach")) {
1078 if (!strncmp(arg, "--user=", 7)) {
1079 user_name = arg + 7;
1082 if (!strncmp(arg, "--group=", 8)) {
1083 group_name = arg + 8;
1086 if (!strncmp(arg, "--enable=", 9)) {
1087 enable_service(arg + 9, 1);
1090 if (!strncmp(arg, "--disable=", 10)) {
1091 enable_service(arg + 10, 0);
1094 if (!strncmp(arg, "--allow-override=", 17)) {
1095 make_service_overridable(arg + 17, 1);
1098 if (!strncmp(arg, "--forbid-override=", 18)) {
1099 make_service_overridable(arg + 18, 0);
1102 if (!strcmp(arg, "--")) {
1103 ok_paths = &argv[i+1];
1105 } else if (arg[0] != '-') {
1106 ok_paths = &argv[i];
1110 usage(daemon_usage);
1113 if (inetd_mode && (group_name || user_name))
1114 die("--user and --group are incompatible with --inetd");
1116 if (inetd_mode && (listen_port || listen_addr))
1117 die("--listen= and --port= are incompatible with --inetd");
1118 else if (listen_port == 0)
1119 listen_port = DEFAULT_GIT_PORT;
1121 if (group_name && !user_name)
1122 die("--group supplied without --user");
1125 pass = getpwnam(user_name);
1127 die("user not found - %s", user_name);
1132 group = getgrnam(group_name);
1134 die("group not found - %s", group_name);
1136 gid = group->gr_gid;
1141 openlog("git-daemon", 0, LOG_DAEMON);
1142 set_die_routine(daemon_die);
1145 if (strict_paths && (!ok_paths || !*ok_paths))
1146 die("option --strict-paths requires a whitelist");
1149 struct sockaddr_storage ss;
1150 struct sockaddr *peer = (struct sockaddr *)&ss;
1151 socklen_t slen = sizeof(ss);
1153 freopen("/dev/null", "w", stderr);
1155 if (getpeername(0, peer, &slen))
1158 return execute(peer);
1167 store_pid(pid_file);
1169 return serve(listen_addr, listen_port, pass, gid);
projects / git / blob