static int get_token(connection_context *c)
{
int res = 0;
int wres;
HANDLE token;
if (c->runas) {
credentials crd;
if (!prepare_credentials(c->runas, &crd)) {
hprintf(c->pipe, "error Incorrect runas credentials\n");
goto finish;
}
wres = LogonUser(crd.user, crd.domain, crd.password, LOGON32_LOGON_INTERACTIVE, LOGON32_PROVIDER_DEFAULT, &c->token);
if (!wres) {
hprintf(c->pipe, "error Cannot LogonUser(%s,%s,%s) %d\n", crd.user, crd.domain, crd.password, GetLastError());
goto finish;
}
res = 1;
goto finish;
} else if (c->system) {
if (!OpenProcessToken(GetCurrentProcess(), TOKEN_ALL_ACCESS, &token)) {
hprintf(c->pipe, "error Cannot OpenProcessToken %d\n", GetLastError());
goto finish;
}
} else {
if (!ImpersonateNamedPipeClient(c->pipe->h)) {
hprintf(c->pipe, "error Cannot ImpersonateNamedPipeClient %d\n", GetLastError());
goto finish;
}
if (!OpenThreadToken(GetCurrentThread(), TOKEN_ALL_ACCESS, FALSE, &token)) {
hprintf(c->pipe, "error Cannot OpenThreadToken %d\n", GetLastError());
goto finishRevertToSelf;
}
}
if (!DuplicateTokenEx(token, MAXIMUM_ALLOWED, 0, c->implevel, TokenPrimary, &c->token)) {
hprintf(c->pipe, "error Cannot Duplicate Token %d\n", GetLastError());
goto finishCloseToken;
}
res = 1;
finishCloseToken:
CloseHandle(token);
finishRevertToSelf:
if (!c->system) {
if (!RevertToSelf()) {
hprintf(c->pipe, "error Cannot RevertToSelf %d\n", GetLastError());
res = 0;
}
}
finish:
return res;
}
int main(int argc, char **argv)
{
int listen_port = 0;
struct string_list listen_addr = STRING_LIST_INIT_NODUP;
int serve_mode = 0, inetd_mode = 0;
const char *pid_file = NULL, *user_name = NULL, *group_name = NULL;
int detach = 0;
struct credentials *cred = NULL;
int i;
git_setup_gettext();
git_extract_argv0_path(argv[0]);
for (i = 1; i < argc; i++) {
char *arg = argv[i];
if (!prefixcmp(arg, "--listen=")) {
string_list_append(&listen_addr, xstrdup_tolower(arg + 9));
continue;
}
if (!prefixcmp(arg, "--port=")) {
char *end;
unsigned long n;
n = strtoul(arg+7, &end, 0);
if (arg[7] && !*end) {
listen_port = n;
continue;
}
}
if (!strcmp(arg, "--serve")) {
serve_mode = 1;
continue;
}
if (!strcmp(arg, "--inetd")) {
inetd_mode = 1;
log_syslog = 1;
continue;
}
if (!strcmp(arg, "--verbose")) {
verbose = 1;
continue;
}
if (!strcmp(arg, "--syslog")) {
log_syslog = 1;
continue;
}
if (!strcmp(arg, "--export-all")) {
export_all_trees = 1;
continue;
}
if (!prefixcmp(arg, "--access-hook=")) {
access_hook = arg + 14;
continue;
}
if (!prefixcmp(arg, "--timeout=")) {
timeout = atoi(arg+10);
continue;
}
if (!prefixcmp(arg, "--init-timeout=")) {
init_timeout = atoi(arg+15);
continue;
}
if (!prefixcmp(arg, "--max-connections=")) {
max_connections = atoi(arg+18);
if (max_connections < 0)
max_connections = 0; /* unlimited */
continue;
}
if (!strcmp(arg, "--strict-paths")) {
strict_paths = 1;
continue;
}
if (!prefixcmp(arg, "--base-path=")) {
base_path = arg+12;
continue;
}
if (!strcmp(arg, "--base-path-relaxed")) {
base_path_relaxed = 1;
continue;
}
if (!prefixcmp(arg, "--interpolated-path=")) {
interpolated_path = arg+20;
continue;
}
if (!strcmp(arg, "--reuseaddr")) {
reuseaddr = 1;
continue;
}
if (!strcmp(arg, "--user-path")) {
user_path = "";
continue;
}
if (!prefixcmp(arg, "--user-path=")) {
user_path = arg + 12;
continue;
}
if (!prefixcmp(arg, "--pid-file=")) {
pid_file = arg + 11;
continue;
}
if (!strcmp(arg, "--detach")) {
detach = 1;
log_syslog = 1;
continue;
}
if (!prefixcmp(arg, "--user="******"--group=")) {
group_name = arg + 8;
continue;
}
if (!prefixcmp(arg, "--enable=")) {
enable_service(arg + 9, 1);
continue;
}
if (!prefixcmp(arg, "--disable=")) {
enable_service(arg + 10, 0);
continue;
}
if (!prefixcmp(arg, "--allow-override=")) {
make_service_overridable(arg + 17, 1);
continue;
}
if (!prefixcmp(arg, "--forbid-override=")) {
make_service_overridable(arg + 18, 0);
continue;
}
if (!prefixcmp(arg, "--informative-errors")) {
informative_errors = 1;
continue;
}
if (!prefixcmp(arg, "--no-informative-errors")) {
informative_errors = 0;
continue;
}
if (!strcmp(arg, "--")) {
ok_paths = &argv[i+1];
break;
} else if (arg[0] != '-') {
ok_paths = &argv[i];
break;
}
usage(daemon_usage);
}
if (log_syslog) {
openlog("git-daemon", LOG_PID, LOG_DAEMON);
set_die_routine(daemon_die);
} else
/* avoid splitting a message in the middle */
setvbuf(stderr, NULL, _IOFBF, 4096);
if (inetd_mode && (detach || group_name || user_name))
die("--detach, --user and --group are incompatible with --inetd");
if (inetd_mode && (listen_port || (listen_addr.nr > 0)))
die("--listen= and --port= are incompatible with --inetd");
else if (listen_port == 0)
listen_port = DEFAULT_GIT_PORT;
if (group_name && !user_name)
die("--group supplied without --user");
if (user_name)
cred = prepare_credentials(user_name, group_name);
if (strict_paths && (!ok_paths || !*ok_paths))
die("option --strict-paths requires a whitelist");
if (base_path && !is_directory(base_path))
die("base-path '%s' does not exist or is not a directory",
base_path);
if (inetd_mode) {
if (!freopen("/dev/null", "w", stderr))
die_errno("failed to redirect stderr to /dev/null");
}
if (inetd_mode || serve_mode)
return execute();
if (detach)
daemonize();
else
sanitize_stdfds();
if (pid_file)
store_pid(pid_file);
/* prepare argv for serving-processes */
cld_argv = xmalloc(sizeof (char *) * (argc + 2));
cld_argv[0] = argv[0]; /* git-daemon */
cld_argv[1] = "--serve";
for (i = 1; i < argc; ++i)
cld_argv[i+1] = argv[i];
cld_argv[argc+1] = NULL;
return serve(&listen_addr, listen_port, cred);
}
