Commit Briefs
remove dependency of gitwrapper on gotd/auth.c
Move gotd_auth_parseuid() from auth.c to parse.y as gotd_parseuid(), and remove auth.c from the list of source files required by gitwrapper.
remove dependency of gitwrapper on gotd/listen.c
Move gotd_find_uid_connection_limit() from listen.c into parse.y and remove listen.c from the list of source files required by gitwrapper.
make gotd/gitwrapper start up even if a repository is missing on disk
This should result in more useful behaviour when gitwrapper runs and repositories listed in gotd.conf do not yet exist or do no longer exist.
avoid gitwrapper printing a warning when /etc/gotd.conf does not exist
gotd still requires the config file, of course, but gitwrapper must treat is as optional and remain silent if the file cannot be found.
add gitwrapper(1)
ok op@, tracey@ earlier version
gotd requires a config file; don't fail silently when gotd.conf cannot be read
Fixes an issue encountered by mlarkin@ where the auth process was working with an empty list of repositories and kept saying it could not find a repository which was obviously listed in gotd.conf. Now we can see errors from fopen() in the logs instead. Old code was copied from gotwebd where the config file is optional.
include sha2.h too where sha1.h is included
In preparation for wide sha256 support; stsp@ agrees. Change done mechanically with find . -iname \*.[cy] -exec sam {} + X ,x/<sha1\.h>/i/\n#include <sha2.h>
gotd: move socket path check to parse.y and error from the main process
It's handy to have a "bad unix socket path" error being reported directly from the main process since can get caught by `gotd -n'. ok jamsek stsp
gotd: move nrepos check to parse_config
ok jamsek stsp
call realpath() during early startup in gotd's parse.y
This ensures that all repositories exist when the process is first started. It will also help to avoid an "rpath" pledge promise in a future gotd which uses a separate session process, by avoiding realpath() calls while starting new processes.
remove the gotsh group requirement from gotd; any user can now connect
Repository access is now controlled by access rules in gotd.conf, and concurrent connections to the gotd socket by local users are limited by the listen process. We should keep refining our anti-DoS measures in the future, but at least we have something in place now. ok jamsek, op
simplify gotd' timeouts string parsing
no need to duplicate what strtonum does; pass the *real* maximum value allowed to it directly. ok stsp@
gotd: allow to express timeouts using minutes/hours
This allows to use a suffix to indicate the unit of measure, such as "1h" for one hour or "30m" for 30 minutes. The suffix "s" for seconds is also accepted for completeness. ok stsp
enforce gotd request timeout > 0; the code doesn't handle zero right now
spotted by + ok op@
add conf_limit_user_connection prototype at the top of parse.y
different yacc implementations (e.g. GNU bison) may put the various parts in a different order, and so the definition of the function may not be visible in the generated code.
introduce connection options to gotd.conf
Allow administrators to tweak the default authentication and request timeouts if needed, and to tweak the limit of concurrent connections for specific user accounts. with several tweaks from and ok op@