This mechanically converts strncmp() to use prefixcmp(), but only when
the parameters match specific patterns, so that they can be verified
easily.  Leftover from this will be fixed in a separate step, including
idiotic conversions like

    if (!strncmp("foo", arg, 3))

  =>

    if (!(-prefixcmp(arg, "foo")))

This was done by using this script in px.perl

   #!/usr/bin/perl -i.bak -p
   if (/strncmp\(([^,]+), "([^\\"]*)", (\d+)\)/ && (length($2) == $3)) {
           s|strncmp\(([^,]+), "([^\\"]*)", (\d+)\)|prefixcmp($1, "$2")|;
   }
   if (/strncmp\("([^\\"]*)", ([^,]+), (\d+)\)/ && (length($1) == $3)) {
           s|strncmp\("([^\\"]*)", ([^,]+), (\d+)\)|(-prefixcmp($2, "$1"))|;
   }

and running:

   $ git grep -l strncmp -- '*.c' | xargs perl px.perl
Signed-off-by: NJunio C Hamano <junkio@cox.net>

This makes it possible to restart git-daemon even if some children are
still running.
Signed-off-by: NAlexandre Julliard <julliard@winehq.org>
Signed-off-by: NJunio C Hamano <junkio@cox.net>

Signed-off-by: NJunio C Hamano <junkio@cox.net>

This allows pushing over the git:// protocol, and while it's not
authenticated, it could make sense from within a firewalled
setup where nobody but trusted internal people can reach the git
port.  git-daemon is possibly easier and faster to set up in the
kind of situation where you set up git instead of CVS inside a
company.

"git-receive-pack" is disabled by default, so you need to enable it
explicitly by starting git-daemon with the "--enable=receive-pack"
command line argument, or by having your config enable it automatically.
Signed-off-by: NLinus Torvalds <torvalds@osdl.org>
Signed-off-by: NJunio C Hamano <junkio@cox.net>

We have a number of badly checked write() calls.  Often we are
expecting write() to write exactly the size we requested or fail,
this fails to handle interrupts or short writes.  Switch to using
the new write_in_full().  Otherwise we at a minimum need to check
for EINTR and EAGAIN, where this is appropriate use xwrite().

Note, the changes to config handling are much larger and handled
in the next patch in the sequence.
Signed-off-by: NAndy Whitcroft <apw@shadowen.org>
Signed-off-by: NJunio C Hamano <junkio@cox.net>

This is a mechanical clean-up of the way *.c files include
system header files.

 (1) sources under compat/, platform sha-1 implementations, and
     xdelta code are exempt from the following rules;

 (2) the first #include must be "git-compat-util.h" or one of
     our own header file that includes it first (e.g. config.h,
     builtin.h, pkt-line.h);

 (3) system headers that are included in "git-compat-util.h"
     need not be included in individual C source files.

 (4) "git-compat-util.h" does not have to include subsystem
     specific header files (e.g. expat.h).
Signed-off-by: NJunio C Hamano <junkio@cox.net>

In the older times, the clients did not say which host they were trying
to connect, and the code we recently added did not quite handle the
older clients correctly.

Noticed by Simon Arlott.
Signed-off-by: NJunio C Hamano <junkio@cox.net>

Signed-off-by: NAlex Riesen <raa.lkml@gmail.com>
Signed-off-by: NJunio C Hamano <junkio@cox.net>

Signed-off-by: NJohannes Schindelin <Johannes.Schindelin@gmx.de>
Signed-off-by: NJunio C Hamano <junkio@cox.net>

Clarified that parse_extra_args()s results in interpolation
table entries.  Removed a few trailing whitespace occurrences.
Signed-off-by: NJon Loeliger <jdl@jdl.com>
Signed-off-by: NJunio C Hamano <junkio@cox.net>

Standardized on lowercase hostnames from client.

Added interpolation values for the IP address, port and
canonical hostname of the server as it is contacted and
named by the client and passed in via the extended args.

Added --listen=host_or_ipaddr option suport.  Renamed port
variable as "listen_port" correspondingly as well.

Documented mutual exclusivity of --inetd option with
    --user, --group, --listen and --port options.

Added compat/inet_pton.c from Paul Vixie as needed.

Small memory leaks need to be cleaned up still.
Signed-off-by: NJon Loeliger <jdl@jdl.com>
Signed-off-by: NJunio C Hamano <junkio@cox.net>

Signed-off-by: Jon Loeliger
Signed-off-by: NJunio C Hamano <junkio@cox.net>

This command implements the git archive protocol on the server
side. This command is not intended to be used by the end user.
Underlying git-archive command line options are sent over the
protocol from "git-archive --remote=...", just like upload-tar
currently does with "git-tar-tree=...".

As for "git-archive" command implementation, this new command
does not execute any existing "git-{tar,zip}-tree" but rely
on the archive API defined by "git-archive" patch. Hence we
get 2 good points:

 - "git-archive" and "git-upload-archive" share all option
   parsing code.

 - All kind of git-upload-{tar,zip} can be deprecated.
Signed-off-by: NFranck Bui-Huu <vagabon.xyz@gmail.com>
Signed-off-by: NJunio C Hamano <junkio@cox.net>

This reverts parts of commit 74c0cc21 and part of commit 355f5412.

Franck and Rene are working on a unified upload-archive which
would supersede this when done, so better not to get in their
way.
Signed-off-by: NJunio C Hamano <junkio@cox.net>

This allows clients to ask for tarballs with:

	git tar-tree --remote=git://server/repo refname

By default, the upload-tar service is not enabled.  To enable
it server-wide, the server can be started with:

	git-daemon --enable=upload-tar

This service is by default overridable per repostiory, so
alternatively, a repository can define "daemon.uploadtar = true"
to enable it.
Signed-off-by: NJunio C Hamano <junkio@cox.net>

This adds an infrastructure to selectively enable and disable
more than one services in git-daemon.  Currently upload-pack
service, which serves the git-fetch-pack and git-peek-remote
clients, is the only service that is defined.
Signed-off-by: NJunio C Hamano <junkio@cox.net>

Change places that use realloc, without a proper error path, to instead use
xrealloc. Drop an erroneous error path in the daemon code that used errno
in the die message in favour of the simpler xrealloc.
Signed-off-by: NJonas Fonseca <fonseca@diku.dk>
Signed-off-by: NJunio C Hamano <junkio@cox.net>

Signed-off-by: NTilman Sauerbeck <tilman@code-monkey.de>
Signed-off-by: NJunio C Hamano <junkio@cox.net>

[jc: I needed to hand merge the changes to the updated codebase,
 so the result needs to be checked.]
Signed-off-by: NDavid Rientjes <rientjes@google.com>
Signed-off-by: NJunio C Hamano <junkio@cox.net>

Signed-off-by: NMatthias Lederhofer <matled@gmx.net>
Signed-off-by: NJunio C Hamano <junkio@cox.net>

Signed-off-by: NMatthias Lederhofer <matled@gmx.net>
Signed-off-by: NJunio C Hamano <junkio@cox.net>

Signed-off-by: NMatthias Lederhofer <matled@gmx.net>
Signed-off-by: NJunio C Hamano <junkio@cox.net>

Signed-off-by: NMatthias Lederhofer <matled@gmx.net>
Signed-off-by: NJunio C Hamano <junkio@cox.net>

Removed the git-daemon prefix from die() because no other call to die
does this.
Signed-off-by: NMatthias Lederhofer <matled@gmx.net>
Signed-off-by: NJunio C Hamano <junkio@cox.net>

Signed-off-by: NTimo Hirvonen <tihirvon@gmail.com>
Signed-off-by: NJunio C Hamano <junkio@cox.net>

Signed-off-by: NJunio C Hamano <junkio@cox.net>

When we run git-daemon from inetd, even with the --verbose option, it
doesn't log the peer address. That logic was only in the standalone
daemon code -- move it to the execute() function instead. Tested with
both IPv6 and Legacy IP clients, in both inetd and daemon mode.
Signed-off-by: NDavid Woodhouse <dwmw2@infradead.org>
Acked-by: NJon Loeliger <jdl@jdl.com>
Signed-off-by: NJunio C Hamano <junkio@cox.net>

It was reported that under one implementation of socks client
"git clone" fails with "error: waitpid failed (No child processes)",
because "git" is spawned after setting SIGCHLD to SIG_IGN.

Arguably it may be a broken setting, but we should protect
ourselves so that we can get reliable results from waitpid() for
the children we care about.

This patch resets SIGCHLD to SIG_DFL in three places:

 - connect.c::git_connect() - initiators of git native
   protocol transfer are covered with this.

 - daemon.c::main() - obviously.

 - merge-index.c::main() - obviously.

There are other programs that do fork() but do not waitpid():
http-push, imap-send.  upload-pack does not either, but in the
case of that program, each of the forked halves runs exec()
another program, so this change would not have much effect
there.
Signed-off-by: NJunio C Hamano <junkio@cox.net>

Add client side sending of "\0host=%s\0" extended
arg for git native protocol, backwards compatibly.
Signed-off-by: NJon Loeliger <jdl@jdl.com>
Signed-off-by: NJunio C Hamano <junkio@cox.net>

The set_reuse_addr() error case was the only error case in
socklist() where we returned rather than continued.  Not sure
why.  Either we must free the socklist, or continue.  This patch
continues on error.
Signed-off-by: NSerge E. Hallyn <serue@us.ibm.com>
Signed-off-by: NJunio C Hamano <junkio@cox.net>
(cherry picked from 0032d548 commit)

The set_reuse_addr() error case was the only error case in
socklist() where we returned rather than continued.  Not sure
why.  Either we must free the socklist, or continue.  This patch
continues on error.
Signed-off-by: NSerge E. Hallyn <serue@us.ibm.com>
Signed-off-by: NJunio C Hamano <junkio@cox.net>

Earlier, we made --base-path to automatically forbid
user-relative paths, which was probably a mistake.  This
introduces --user-path (or --user-path=path) option to control
the use of user-relative paths independently.  The latter form
of the option can be used to restrict accesses to a part of each
user's home directory, similar to "public_html" some webservers
supports.

If we're invoked with --user-path=FOO option, then a URL of the
form git://~USER/PATH/... resolves to the path HOME/FOO/PATH/...,
where HOME is USER's home directory.

[jc: This is much reworked by me so bugs are mine, but the
 original patch was done by Mark Wooding.]
Signed-off-by: NJunio C Hamano <junkio@cox.net>

Without this, you can silently lose the ability to receive IPv4
connections if you stop and restart the daemon.

[jc: tweaked code organization a bit and made this controllable
 from a command line option.]
Signed-off-by: NMark Wooding <mdw@distorted.org.uk>
Signed-off-by: NJunio C Hamano <junkio@cox.net>

Using base-path to relocate the server public space does not
have anything to do with allowing or forbidding user relative
paths.
Signed-off-by: NJunio C Hamano <junkio@cox.net>

Could cause a crash if --base-path set.  Unlikely to be a security the
concern: message doesn't go to the client, so we can't leak anything
(except by dumping core), and we've already forked, so it's not a denial
of service.
Signed-off-by: NMark Wooding <mdw@distorted.org.uk>
Signed-off-by: NJunio C Hamano <junkio@cox.net>

The git suite may not be in PATH (and thus programs such as
git-send-pack could not exec git-rev-list).  Thus there is a need for
logic that will locate these programs.  Modifying PATH is not
desirable as it result in behavior differing from the user's
intentions, as we may end up prepending "/usr/bin" to PATH.

- git C programs will use exec*_git_cmd() APIs to exec sub-commands.
- exec*_git_cmd() will execute a git program by searching for it in
  the following directories:
	1. --exec-path (as used by "git")
	2. The GIT_EXEC_PATH environment variable.
	3. $(gitexecdir) as set in Makefile (default value $(bindir)).
- git wrapper will modify PATH as before to enable shell scripts to
  invoke "git-foo" commands.

Ideally, shell scripts should use the git wrapper to become independent
of PATH, and then modifying PATH will not be necessary.

[jc: with minor updates after a brief review.]
Signed-off-by: NMichal Ostrowski <mostrows@watson.ibm.com>
Signed-off-by: NJunio C Hamano <junkio@cox.net>

Tommi Virtanen expressed a wish on #git to be able to use short and elegant
git URLs by making git-daemon 'root' in a given directory. This patch
implements this, causing git-daemon to interpret all paths relative to
the given base path if any is given.
Signed-off-by: NPetr Baudis <pasky@suse.cz>
Signed-off-by: NJunio C Hamano <junkio@cox.net>

The whitelist of git-daemon is checked against return value from
enter_repo(), and enter_repo() used to return the value obtained
from getcwd() to avoid directory aliasing issues as discussed
earier (mid October 2005).

Unfortunately, it did not go well as we hoped.

For example, /pub on a kernel.org public machine is a symlink to
its real mountpoint, and it is understandable that the
administrator does not want to adjust the whitelist every time
/pub needs to point at a different partition for storage
allcation or whatever reasons.  Being able to keep using
/pub/scm as the whitelist is a desirable property.

So this version of enter_repo() reports what it used to chdir()
and validate, but does not use getcwd() to canonicalize the
directory name.  When it sees a user relative path ~user/path,
it internally resolves it to try chdir() there, but it still
reports ~user/path (possibly after appending .git if allowed to
do so, in which case it would report ~user/path.git).

What this means is that if a whitelist wants to allow a user
relative path, it needs to say "~" (for all users) or list user
home directories like "~alice" "~bob".  And no, you cannot say
/home if the advertised way to access user home directories are
~alice,~bob, etc.  The whole point of this is to avoid
unnecessary aliasing issues.

Anyway, because of this, daemon needs to do a bit more work to
guard itself.  Namely, it needs to make sure that the accessor
does not try to exploit its leading path match rule by inserting
/../ in the middle or hanging /.. at the end.  I resurrected the
belts and suspender paranoia code HPA did for this purpose.

This check cannot be done in the enter_repo() unconditionally,
because there are valid callers of enter_repo() that want to
honor /../; authorized users coming over ssh to run send-pack
and fetch-pack should be allowed to do so.
Signed-off-by: NJunio C Hamano <junkio@cox.net>

git-daemon was not listening when compiled with -DNO_IPV6.
socksetup() was not returning socket count when compiled with -DNO_IPV6.
Signed-off-by: NPaul Serice <paul@serice.net>
Signed-off-by: NJunio C Hamano <junkio@cox.net>

 - Do validation only on canonicalized paths
 - Run upload-pack with "." as repository argument
Signed-off-by: NJunio C Hamano <junkio@cox.net>