]>
Commit | Line | Data |
---|---|---|
15db4e7f | 1 | #include "git-compat-util.h" |
35eb2d36 | 2 | #include "quote.h" |
d807c4a0 | 3 | #include "exec-cmd.h" |
0c696fe7 | 4 | #include "strbuf.h" |
e69164dd | 5 | #include "run-command.h" |
65b5f948 | 6 | #include "alias.h" |
35eb2d36 | 7 | |
2dbc887e | 8 | #define COMMAND_DIR "git-shell-commands" |
e69164dd | 9 | #define HELP_COMMAND COMMAND_DIR "/help" |
35297089 | 10 | #define NOLOGIN_COMMAND COMMAND_DIR "/no-interactive-login" |
2dbc887e | 11 | |
35eb2d36 LT |
12 | static int do_generic_cmd(const char *me, char *arg) |
13 | { | |
14 | const char *my_argv[4]; | |
15 | ||
e1464ca7 | 16 | setup_path(); |
3ec80449 | 17 | if (!arg || !(arg = sq_dequote(arg)) || *arg == '-') |
35eb2d36 | 18 | die("bad argument"); |
ec6ee0c0 | 19 | if (!skip_prefix(me, "git-", &me)) |
77cb17e9 | 20 | die("bad command"); |
35eb2d36 | 21 | |
ec6ee0c0 | 22 | my_argv[0] = me; |
35eb2d36 LT |
23 | my_argv[1] = arg; |
24 | my_argv[2] = NULL; | |
25 | ||
9201c707 | 26 | return execv_git_cmd(my_argv); |
35eb2d36 LT |
27 | } |
28 | ||
2dbc887e GB |
29 | static int is_valid_cmd_name(const char *cmd) |
30 | { | |
31 | /* Test command contains no . or / characters */ | |
32 | return cmd[strcspn(cmd, "./")] == '\0'; | |
33 | } | |
34 | ||
35 | static char *make_cmd(const char *prog) | |
36 | { | |
b2724c87 | 37 | return xstrfmt("%s/%s", COMMAND_DIR, prog); |
2dbc887e GB |
38 | } |
39 | ||
40 | static void cd_to_homedir(void) | |
41 | { | |
42 | const char *home = getenv("HOME"); | |
43 | if (!home) | |
44 | die("could not determine user's home directory; HOME is unset"); | |
45 | if (chdir(home) == -1) | |
46 | die("could not chdir to user's home directory"); | |
47 | } | |
0c696fe7 | 48 | |
71ad7fe1 JK |
49 | #define MAX_INTERACTIVE_COMMAND (4*1024*1024) |
50 | ||
e69164dd GB |
51 | static void run_shell(void) |
52 | { | |
53 | int done = 0; | |
ddbb47fd | 54 | struct child_process help_cmd = CHILD_PROCESS_INIT; |
35297089 JN |
55 | |
56 | if (!access(NOLOGIN_COMMAND, F_OK)) { | |
57 | /* Interactive login disabled. */ | |
ddbb47fd | 58 | struct child_process nologin_cmd = CHILD_PROCESS_INIT; |
35297089 JN |
59 | int status; |
60 | ||
ddbb47fd RS |
61 | strvec_push(&nologin_cmd.args, NOLOGIN_COMMAND); |
62 | status = run_command(&nologin_cmd); | |
35297089 JN |
63 | if (status < 0) |
64 | exit(127); | |
65 | exit(status); | |
66 | } | |
67 | ||
e69164dd | 68 | /* Print help if enabled */ |
ddbb47fd RS |
69 | help_cmd.silent_exec_failure = 1; |
70 | strvec_push(&help_cmd.args, HELP_COMMAND); | |
71 | run_command(&help_cmd); | |
e69164dd GB |
72 | |
73 | do { | |
e69164dd GB |
74 | const char *prog; |
75 | char *full_cmd; | |
76 | char *rawargs; | |
71ad7fe1 | 77 | size_t len; |
9f29fe9a | 78 | char *split_args; |
e69164dd GB |
79 | const char **argv; |
80 | int code; | |
9f29fe9a | 81 | int count; |
e69164dd GB |
82 | |
83 | fprintf(stderr, "git> "); | |
71ad7fe1 JK |
84 | |
85 | /* | |
86 | * Avoid using a strbuf or git_read_line_interactively() here. | |
87 | * We don't want to allocate arbitrary amounts of memory on | |
88 | * behalf of a possibly untrusted client, and we're subject to | |
89 | * OS limits on command length anyway. | |
90 | */ | |
91 | fflush(stdout); | |
92 | rawargs = xmalloc(MAX_INTERACTIVE_COMMAND); | |
93 | if (!fgets(rawargs, MAX_INTERACTIVE_COMMAND, stdin)) { | |
e69164dd | 94 | fprintf(stderr, "\n"); |
71ad7fe1 | 95 | free(rawargs); |
e69164dd GB |
96 | break; |
97 | } | |
71ad7fe1 JK |
98 | len = strlen(rawargs); |
99 | ||
100 | /* | |
101 | * If we truncated due to our input buffer size, reject the | |
102 | * command. That's better than running bogus input, and | |
103 | * there's a good chance it's just malicious garbage anyway. | |
104 | */ | |
105 | if (len >= MAX_INTERACTIVE_COMMAND - 1) | |
106 | die("invalid command format: input too long"); | |
107 | ||
108 | if (len > 0 && rawargs[len - 1] == '\n') { | |
109 | if (--len > 0 && rawargs[len - 1] == '\r') | |
110 | --len; | |
111 | rawargs[len] = '\0'; | |
112 | } | |
113 | ||
9f29fe9a GB |
114 | split_args = xstrdup(rawargs); |
115 | count = split_cmdline(split_args, &argv); | |
116 | if (count < 0) { | |
117 | fprintf(stderr, "invalid command format '%s': %s\n", rawargs, | |
118 | split_cmdline_strerror(count)); | |
119 | free(split_args); | |
e69164dd GB |
120 | free(rawargs); |
121 | continue; | |
122 | } | |
123 | ||
124 | prog = argv[0]; | |
125 | if (!strcmp(prog, "")) { | |
126 | } else if (!strcmp(prog, "quit") || !strcmp(prog, "logout") || | |
127 | !strcmp(prog, "exit") || !strcmp(prog, "bye")) { | |
128 | done = 1; | |
129 | } else if (is_valid_cmd_name(prog)) { | |
ddbb47fd RS |
130 | struct child_process cmd = CHILD_PROCESS_INIT; |
131 | ||
e69164dd GB |
132 | full_cmd = make_cmd(prog); |
133 | argv[0] = full_cmd; | |
ddbb47fd RS |
134 | cmd.silent_exec_failure = 1; |
135 | strvec_pushv(&cmd.args, argv); | |
136 | code = run_command(&cmd); | |
e69164dd GB |
137 | if (code == -1 && errno == ENOENT) { |
138 | fprintf(stderr, "unrecognized command '%s'\n", prog); | |
139 | } | |
140 | free(full_cmd); | |
141 | } else { | |
142 | fprintf(stderr, "invalid command format '%s'\n", prog); | |
143 | } | |
144 | ||
145 | free(argv); | |
146 | free(rawargs); | |
147 | } while (!done); | |
148 | } | |
149 | ||
35eb2d36 LT |
150 | static struct commands { |
151 | const char *name; | |
152 | int (*exec)(const char *me, char *arg); | |
153 | } cmd_list[] = { | |
154 | { "git-receive-pack", do_generic_cmd }, | |
155 | { "git-upload-pack", do_generic_cmd }, | |
79f72b97 | 156 | { "git-upload-archive", do_generic_cmd }, |
35eb2d36 LT |
157 | { NULL }, |
158 | }; | |
159 | ||
3f2e2297 | 160 | int cmd_main(int argc, const char **argv) |
35eb2d36 LT |
161 | { |
162 | char *prog; | |
2dbc887e | 163 | const char **user_argv; |
35eb2d36 | 164 | struct commands *cmd; |
9f29fe9a | 165 | int count; |
0cfeed2e | 166 | |
bc7c73e2 JH |
167 | /* |
168 | * Special hack to pretend to be a CVS server | |
169 | */ | |
e69164dd | 170 | if (argc == 2 && !strcmp(argv[1], "cvs server")) { |
0c696fe7 | 171 | argv--; |
e69164dd GB |
172 | } else if (argc == 1) { |
173 | /* Allow the user to run an interactive shell */ | |
174 | cd_to_homedir(); | |
70256a3a RR |
175 | if (access(COMMAND_DIR, R_OK | X_OK) == -1) { |
176 | die("Interactive git shell is not enabled.\n" | |
177 | "hint: ~/" COMMAND_DIR " should exist " | |
178 | "and have read and execute access."); | |
179 | } | |
e69164dd GB |
180 | run_shell(); |
181 | exit(0); | |
182 | } else if (argc != 3 || strcmp(argv[1], "-c")) { | |
183 | /* | |
184 | * We do not accept any other modes except "-c" followed by | |
185 | * "cmd arg", where "cmd" is a very limited subset of git | |
186 | * commands or a command in the COMMAND_DIR | |
187 | */ | |
188 | die("Run with no arguments or with -c cmd"); | |
189 | } | |
35eb2d36 | 190 | |
2dbc887e | 191 | prog = xstrdup(argv[2]); |
bc7c73e2 JH |
192 | if (!strncmp(prog, "git", 3) && isspace(prog[3])) |
193 | /* Accept "git foo" as if the caller said "git-foo". */ | |
194 | prog[3] = '-'; | |
195 | ||
35eb2d36 LT |
196 | for (cmd = cmd_list ; cmd->name ; cmd++) { |
197 | int len = strlen(cmd->name); | |
198 | char *arg; | |
199 | if (strncmp(cmd->name, prog, len)) | |
200 | continue; | |
201 | arg = NULL; | |
202 | switch (prog[len]) { | |
203 | case '\0': | |
204 | arg = NULL; | |
205 | break; | |
206 | case ' ': | |
207 | arg = prog + len + 1; | |
208 | break; | |
209 | default: | |
210 | continue; | |
211 | } | |
338abb0f | 212 | return cmd->exec(cmd->name, arg); |
35eb2d36 | 213 | } |
2dbc887e GB |
214 | |
215 | cd_to_homedir(); | |
9f29fe9a GB |
216 | count = split_cmdline(prog, &user_argv); |
217 | if (count >= 0) { | |
2dbc887e GB |
218 | if (is_valid_cmd_name(user_argv[0])) { |
219 | prog = make_cmd(user_argv[0]); | |
220 | user_argv[0] = prog; | |
221 | execv(user_argv[0], (char *const *) user_argv); | |
222 | } | |
223 | free(prog); | |
224 | free(user_argv); | |
225 | die("unrecognized command '%s'", argv[2]); | |
226 | } else { | |
227 | free(prog); | |
9f29fe9a GB |
228 | die("invalid command format '%s': %s", argv[2], |
229 | split_cmdline_strerror(count)); | |
2dbc887e | 230 | } |
35eb2d36 | 231 | } |