]>
Commit | Line | Data |
---|---|---|
15db4e7f | 1 | #include "git-compat-util.h" |
35eb2d36 | 2 | #include "quote.h" |
d807c4a0 | 3 | #include "exec-cmd.h" |
0c696fe7 | 4 | #include "strbuf.h" |
e69164dd | 5 | #include "run-command.h" |
65b5f948 | 6 | #include "alias.h" |
08d383f2 | 7 | #include "prompt.h" |
35eb2d36 | 8 | |
2dbc887e | 9 | #define COMMAND_DIR "git-shell-commands" |
e69164dd | 10 | #define HELP_COMMAND COMMAND_DIR "/help" |
35297089 | 11 | #define NOLOGIN_COMMAND COMMAND_DIR "/no-interactive-login" |
2dbc887e | 12 | |
35eb2d36 LT |
13 | static int do_generic_cmd(const char *me, char *arg) |
14 | { | |
15 | const char *my_argv[4]; | |
16 | ||
e1464ca7 | 17 | setup_path(); |
3ec80449 | 18 | if (!arg || !(arg = sq_dequote(arg)) || *arg == '-') |
35eb2d36 | 19 | die("bad argument"); |
ec6ee0c0 | 20 | if (!skip_prefix(me, "git-", &me)) |
77cb17e9 | 21 | die("bad command"); |
35eb2d36 | 22 | |
ec6ee0c0 | 23 | my_argv[0] = me; |
35eb2d36 LT |
24 | my_argv[1] = arg; |
25 | my_argv[2] = NULL; | |
26 | ||
9201c707 | 27 | return execv_git_cmd(my_argv); |
35eb2d36 LT |
28 | } |
29 | ||
2dbc887e GB |
30 | static int is_valid_cmd_name(const char *cmd) |
31 | { | |
32 | /* Test command contains no . or / characters */ | |
33 | return cmd[strcspn(cmd, "./")] == '\0'; | |
34 | } | |
35 | ||
36 | static char *make_cmd(const char *prog) | |
37 | { | |
b2724c87 | 38 | return xstrfmt("%s/%s", COMMAND_DIR, prog); |
2dbc887e GB |
39 | } |
40 | ||
41 | static void cd_to_homedir(void) | |
42 | { | |
43 | const char *home = getenv("HOME"); | |
44 | if (!home) | |
45 | die("could not determine user's home directory; HOME is unset"); | |
46 | if (chdir(home) == -1) | |
47 | die("could not chdir to user's home directory"); | |
48 | } | |
0c696fe7 | 49 | |
71ad7fe1 JK |
50 | #define MAX_INTERACTIVE_COMMAND (4*1024*1024) |
51 | ||
e69164dd GB |
52 | static void run_shell(void) |
53 | { | |
54 | int done = 0; | |
ddbb47fd | 55 | struct child_process help_cmd = CHILD_PROCESS_INIT; |
35297089 JN |
56 | |
57 | if (!access(NOLOGIN_COMMAND, F_OK)) { | |
58 | /* Interactive login disabled. */ | |
ddbb47fd | 59 | struct child_process nologin_cmd = CHILD_PROCESS_INIT; |
35297089 JN |
60 | int status; |
61 | ||
ddbb47fd RS |
62 | strvec_push(&nologin_cmd.args, NOLOGIN_COMMAND); |
63 | status = run_command(&nologin_cmd); | |
35297089 JN |
64 | if (status < 0) |
65 | exit(127); | |
66 | exit(status); | |
67 | } | |
68 | ||
e69164dd | 69 | /* Print help if enabled */ |
ddbb47fd RS |
70 | help_cmd.silent_exec_failure = 1; |
71 | strvec_push(&help_cmd.args, HELP_COMMAND); | |
72 | run_command(&help_cmd); | |
e69164dd GB |
73 | |
74 | do { | |
e69164dd GB |
75 | const char *prog; |
76 | char *full_cmd; | |
77 | char *rawargs; | |
71ad7fe1 | 78 | size_t len; |
9f29fe9a | 79 | char *split_args; |
e69164dd GB |
80 | const char **argv; |
81 | int code; | |
9f29fe9a | 82 | int count; |
e69164dd GB |
83 | |
84 | fprintf(stderr, "git> "); | |
71ad7fe1 JK |
85 | |
86 | /* | |
87 | * Avoid using a strbuf or git_read_line_interactively() here. | |
88 | * We don't want to allocate arbitrary amounts of memory on | |
89 | * behalf of a possibly untrusted client, and we're subject to | |
90 | * OS limits on command length anyway. | |
91 | */ | |
92 | fflush(stdout); | |
93 | rawargs = xmalloc(MAX_INTERACTIVE_COMMAND); | |
94 | if (!fgets(rawargs, MAX_INTERACTIVE_COMMAND, stdin)) { | |
e69164dd | 95 | fprintf(stderr, "\n"); |
71ad7fe1 | 96 | free(rawargs); |
e69164dd GB |
97 | break; |
98 | } | |
71ad7fe1 JK |
99 | len = strlen(rawargs); |
100 | ||
101 | /* | |
102 | * If we truncated due to our input buffer size, reject the | |
103 | * command. That's better than running bogus input, and | |
104 | * there's a good chance it's just malicious garbage anyway. | |
105 | */ | |
106 | if (len >= MAX_INTERACTIVE_COMMAND - 1) | |
107 | die("invalid command format: input too long"); | |
108 | ||
109 | if (len > 0 && rawargs[len - 1] == '\n') { | |
110 | if (--len > 0 && rawargs[len - 1] == '\r') | |
111 | --len; | |
112 | rawargs[len] = '\0'; | |
113 | } | |
114 | ||
9f29fe9a GB |
115 | split_args = xstrdup(rawargs); |
116 | count = split_cmdline(split_args, &argv); | |
117 | if (count < 0) { | |
118 | fprintf(stderr, "invalid command format '%s': %s\n", rawargs, | |
119 | split_cmdline_strerror(count)); | |
120 | free(split_args); | |
e69164dd GB |
121 | free(rawargs); |
122 | continue; | |
123 | } | |
124 | ||
125 | prog = argv[0]; | |
126 | if (!strcmp(prog, "")) { | |
127 | } else if (!strcmp(prog, "quit") || !strcmp(prog, "logout") || | |
128 | !strcmp(prog, "exit") || !strcmp(prog, "bye")) { | |
129 | done = 1; | |
130 | } else if (is_valid_cmd_name(prog)) { | |
ddbb47fd RS |
131 | struct child_process cmd = CHILD_PROCESS_INIT; |
132 | ||
e69164dd GB |
133 | full_cmd = make_cmd(prog); |
134 | argv[0] = full_cmd; | |
ddbb47fd RS |
135 | cmd.silent_exec_failure = 1; |
136 | strvec_pushv(&cmd.args, argv); | |
137 | code = run_command(&cmd); | |
e69164dd GB |
138 | if (code == -1 && errno == ENOENT) { |
139 | fprintf(stderr, "unrecognized command '%s'\n", prog); | |
140 | } | |
141 | free(full_cmd); | |
142 | } else { | |
143 | fprintf(stderr, "invalid command format '%s'\n", prog); | |
144 | } | |
145 | ||
146 | free(argv); | |
147 | free(rawargs); | |
148 | } while (!done); | |
149 | } | |
150 | ||
35eb2d36 LT |
151 | static struct commands { |
152 | const char *name; | |
153 | int (*exec)(const char *me, char *arg); | |
154 | } cmd_list[] = { | |
155 | { "git-receive-pack", do_generic_cmd }, | |
156 | { "git-upload-pack", do_generic_cmd }, | |
79f72b97 | 157 | { "git-upload-archive", do_generic_cmd }, |
35eb2d36 LT |
158 | { NULL }, |
159 | }; | |
160 | ||
3f2e2297 | 161 | int cmd_main(int argc, const char **argv) |
35eb2d36 LT |
162 | { |
163 | char *prog; | |
2dbc887e | 164 | const char **user_argv; |
35eb2d36 | 165 | struct commands *cmd; |
9f29fe9a | 166 | int count; |
0cfeed2e | 167 | |
bc7c73e2 JH |
168 | /* |
169 | * Special hack to pretend to be a CVS server | |
170 | */ | |
e69164dd | 171 | if (argc == 2 && !strcmp(argv[1], "cvs server")) { |
0c696fe7 | 172 | argv--; |
e69164dd GB |
173 | } else if (argc == 1) { |
174 | /* Allow the user to run an interactive shell */ | |
175 | cd_to_homedir(); | |
70256a3a RR |
176 | if (access(COMMAND_DIR, R_OK | X_OK) == -1) { |
177 | die("Interactive git shell is not enabled.\n" | |
178 | "hint: ~/" COMMAND_DIR " should exist " | |
179 | "and have read and execute access."); | |
180 | } | |
e69164dd GB |
181 | run_shell(); |
182 | exit(0); | |
183 | } else if (argc != 3 || strcmp(argv[1], "-c")) { | |
184 | /* | |
185 | * We do not accept any other modes except "-c" followed by | |
186 | * "cmd arg", where "cmd" is a very limited subset of git | |
187 | * commands or a command in the COMMAND_DIR | |
188 | */ | |
189 | die("Run with no arguments or with -c cmd"); | |
190 | } | |
35eb2d36 | 191 | |
2dbc887e | 192 | prog = xstrdup(argv[2]); |
bc7c73e2 JH |
193 | if (!strncmp(prog, "git", 3) && isspace(prog[3])) |
194 | /* Accept "git foo" as if the caller said "git-foo". */ | |
195 | prog[3] = '-'; | |
196 | ||
35eb2d36 LT |
197 | for (cmd = cmd_list ; cmd->name ; cmd++) { |
198 | int len = strlen(cmd->name); | |
199 | char *arg; | |
200 | if (strncmp(cmd->name, prog, len)) | |
201 | continue; | |
202 | arg = NULL; | |
203 | switch (prog[len]) { | |
204 | case '\0': | |
205 | arg = NULL; | |
206 | break; | |
207 | case ' ': | |
208 | arg = prog + len + 1; | |
209 | break; | |
210 | default: | |
211 | continue; | |
212 | } | |
338abb0f | 213 | return cmd->exec(cmd->name, arg); |
35eb2d36 | 214 | } |
2dbc887e GB |
215 | |
216 | cd_to_homedir(); | |
9f29fe9a GB |
217 | count = split_cmdline(prog, &user_argv); |
218 | if (count >= 0) { | |
2dbc887e GB |
219 | if (is_valid_cmd_name(user_argv[0])) { |
220 | prog = make_cmd(user_argv[0]); | |
221 | user_argv[0] = prog; | |
222 | execv(user_argv[0], (char *const *) user_argv); | |
223 | } | |
224 | free(prog); | |
225 | free(user_argv); | |
226 | die("unrecognized command '%s'", argv[2]); | |
227 | } else { | |
228 | free(prog); | |
9f29fe9a GB |
229 | die("invalid command format '%s': %s", argv[2], |
230 | split_cmdline_strerror(count)); | |
2dbc887e | 231 | } |
35eb2d36 | 232 | } |