diff options
| author | Runxi Yu <me@runxiyu.org> | 2025-02-17 13:54:39 +0800 |
|---|---|---|
| committer | Runxi Yu <me@runxiyu.org> | 2025-02-17 13:54:39 +0800 |
| commit | c35b685daf560d7462af5c2332959f6d79fd52ce (patch) | |
| tree | 0d4c5425f56cfc44484f54b958726f813e9a9dde | |
| parent | git_hooks_handle.go, etc.: Listen for connections from hooks (diff) | |
| download | forge-c35b685daf560d7462af5c2332959f6d79fd52ce.tar.gz forge-c35b685daf560d7462af5c2332959f6d79fd52ce.tar.zst forge-c35b685daf560d7462af5c2332959f6d79fd52ce.zip | |
git_hooks_handle.go: Exit on UID mismatch, handle >1 connections
| -rw-r--r-- | git_hooks_handle.go | 36 |
1 files changed, 21 insertions, 15 deletions
diff --git a/git_hooks_handle.go b/git_hooks_handle.go index f650436..7e67a89 100644 --- a/git_hooks_handle.go +++ b/git_hooks_handle.go @@ -10,40 +10,46 @@ import ( var err_not_unixconn = errors.New("Not a unix connection") -func hooks_handle_connection(conn net.Conn) (err error) { +func hooks_handle_connection(conn net.Conn) { defer conn.Close() - unix_conn, ok := conn.(*net.UnixConn) - if !ok { - return err_not_unixconn - } + unix_conn := conn.(*net.UnixConn) fd, err := unix_conn.File() if err != nil { - return err + conn.Write([]byte{1}) + fmt.Fprintln(conn, "Unable to get file descriptor") + return } defer fd.Close() ucred, err := get_ucred(fd) if err != nil { - return err + conn.Write([]byte{1}) + fmt.Fprintln(conn, "Unable to get peer credentials") + return } - pid := ucred.Pid + if ucred.Uid != uint32(os.Getuid()) { + conn.Write([]byte{1}) + fmt.Fprintln(conn, "UID mismatch") + return + } conn.Write([]byte{0}) - fmt.Fprintf(conn, "your PID is %d\n", pid) + fmt.Fprintf(conn, "Your PID is %d\n", ucred.Pid) - return nil + return } func serve_git_hooks(listener net.Listener) error { - conn, err := listener.Accept() - if err != nil { - return err + for { + conn, err := listener.Accept() + if err != nil { + return err + } + go hooks_handle_connection(conn) } - - return hooks_handle_connection(conn) } func get_ucred(fd *os.File) (*syscall.Ucred, error) { |