diff options
| author | Junio C Hamano <junkio@cox.net> | 2006-08-27 17:51:42 -0700 | 
|---|---|---|
| committer | Junio C Hamano <junkio@cox.net> | 2006-08-27 17:51:42 -0700 | 
| commit | d5d0a0e748025bf253db5f0cde7b22cb0feeced2 (patch) | |
| tree | 7aa97a9e700362e9e662be79a9298078c95b6511 | |
| parent | b32d37a3a6817ba307062fe2f7b6d9cfb85a1ebd (diff) | |
| parent | 678dac6b45437d65fa958c03ca47f4a0337efad4 (diff) | |
| download | git-d5d0a0e748025bf253db5f0cde7b22cb0feeced2.tar.gz | |
Merge branch 'ts/daemon'
* ts/daemon:
  Added support for dropping privileges to git-daemon.
| -rw-r--r-- | Documentation/git-daemon.txt | 14 | ||||
| -rw-r--r-- | daemon.c | 49 | 
2 files changed, 58 insertions, 5 deletions
| diff --git a/Documentation/git-daemon.txt b/Documentation/git-daemon.txt index 0f7d274eab..17619a3f57 100644 --- a/Documentation/git-daemon.txt +++ b/Documentation/git-daemon.txt @@ -11,7 +11,8 @@ SYNOPSIS  'git-daemon' [--verbose] [--syslog] [--inetd | --port=n] [--export-all]               [--timeout=n] [--init-timeout=n] [--strict-paths]               [--base-path=path] [--user-path | --user-path=path] -	     [--reuseaddr] [--detach] [--pid-file=file] [directory...] +	     [--reuseaddr] [--detach] [--pid-file=file] +	     [--user=user [--group=group]] [directory...]  DESCRIPTION  ----------- @@ -93,6 +94,17 @@ OPTIONS  --pid-file=file::  	Save the process id in 'file'. +--user=user, --group=group:: +	Change daemon's uid and gid before entering the service loop. +	When only `--user` is given without `--group`, the +	primary group ID for the user is used.  The values of +	the option are given to `getpwnam(3)` and `getgrnam(3)` +	and numeric IDs are not supported. ++ +Giving these options is an error when used with `--inetd`; use +the facility of inet daemon to achieve the same before spawning +`git-daemon` if needed. +  <directory>::  	A directory to add to the whitelist of allowed directories. Unless  	--strict-paths is specified this will also include subdirectories @@ -7,6 +7,8 @@  #include <netinet/in.h>  #include <arpa/inet.h>  #include <syslog.h> +#include <pwd.h> +#include <grp.h>  #include "pkt-line.h"  #include "cache.h"  #include "exec_cmd.h" @@ -19,7 +21,8 @@ static const char daemon_usage[] =  "git-daemon [--verbose] [--syslog] [--inetd | --port=n] [--export-all]\n"  "           [--timeout=n] [--init-timeout=n] [--strict-paths]\n"  "           [--base-path=path] [--user-path | --user-path=path]\n" -"           [--reuseaddr] [--detach] [--pid-file=file] [directory...]"; +"           [--reuseaddr] [--detach] [--pid-file=file]\n" +"           [--user=user [[--group=group]] [directory...]";  /* List of acceptable pathname prefixes */  static char **ok_paths; @@ -696,7 +699,7 @@ static void store_pid(const char *path)  	fclose(f);  } -static int serve(int port) +static int serve(int port, struct passwd *pass, gid_t gid)  {  	int socknum, *socklist; @@ -704,6 +707,11 @@ static int serve(int port)  	if (socknum == 0)  		die("unable to allocate any listen sockets on port %u", port); +	if (pass && gid && +	    (initgroups(pass->pw_name, gid) || setgid (gid) || +	     setuid(pass->pw_uid))) +		die("cannot drop privileges"); +  	return service_loop(socknum, socklist);  } @@ -711,8 +719,11 @@ int main(int argc, char **argv)  {  	int port = DEFAULT_GIT_PORT;  	int inetd_mode = 0; -	const char *pid_file = NULL; +	const char *pid_file = NULL, *user_name = NULL, *group_name = NULL;  	int detach = 0; +	struct passwd *pass = NULL; +	struct group *group; +	gid_t gid = 0;  	int i;  	/* Without this we cannot rely on waitpid() to tell @@ -786,6 +797,14 @@ int main(int argc, char **argv)  			log_syslog = 1;  			continue;  		} +		if (!strncmp(arg, "--user=", 7)) { +			user_name = arg + 7; +			continue; +		} +		if (!strncmp(arg, "--group=", 8)) { +			group_name = arg + 8; +			continue; +		}  		if (!strcmp(arg, "--")) {  			ok_paths = &argv[i+1];  			break; @@ -797,6 +816,28 @@ int main(int argc, char **argv)  		usage(daemon_usage);  	} +	if (inetd_mode && (group_name || user_name)) +		die("--user and --group are incompatible with --inetd"); + +	if (group_name && !user_name) +		die("--group supplied without --user"); + +	if (user_name) { +		pass = getpwnam(user_name); +		if (!pass) +			die("user not found - %s", user_name); + +		if (!group_name) +			gid = pass->pw_gid; +		else { +			group = getgrnam(group_name); +			if (!group) +				die("group not found - %s", group_name); + +			gid = group->gr_gid; +		} +	} +  	if (log_syslog) {  		openlog("git-daemon", 0, LOG_DAEMON);  		set_die_routine(daemon_die); @@ -826,5 +867,5 @@ int main(int argc, char **argv)  	if (pid_file)  		store_pid(pid_file); -	return serve(port); +	return serve(port, pass, gid);  } | 
