1 #include "git-compat-util.h"
5 #include "run-command.h"
8 #define COMMAND_DIR "git-shell-commands"
9 #define HELP_COMMAND COMMAND_DIR "/help"
10 #define NOLOGIN_COMMAND COMMAND_DIR "/no-interactive-login"
12 static int do_generic_cmd(const char *me
, char *arg
)
14 const char *my_argv
[4];
17 if (!arg
|| !(arg
= sq_dequote(arg
)) || *arg
== '-')
19 if (!skip_prefix(me
, "git-", &me
))
26 return execv_git_cmd(my_argv
);
29 static int is_valid_cmd_name(const char *cmd
)
31 /* Test command contains no . or / characters */
32 return cmd
[strcspn(cmd
, "./")] == '\0';
35 static char *make_cmd(const char *prog
)
37 return xstrfmt("%s/%s", COMMAND_DIR
, prog
);
40 static void cd_to_homedir(void)
42 const char *home
= getenv("HOME");
44 die("could not determine user's home directory; HOME is unset");
45 if (chdir(home
) == -1)
46 die("could not chdir to user's home directory");
49 #define MAX_INTERACTIVE_COMMAND (4*1024*1024)
51 static void run_shell(void)
54 struct child_process help_cmd
= CHILD_PROCESS_INIT
;
56 if (!access(NOLOGIN_COMMAND
, F_OK
)) {
57 /* Interactive login disabled. */
58 struct child_process nologin_cmd
= CHILD_PROCESS_INIT
;
61 strvec_push(&nologin_cmd
.args
, NOLOGIN_COMMAND
);
62 status
= run_command(&nologin_cmd
);
68 /* Print help if enabled */
69 help_cmd
.silent_exec_failure
= 1;
70 strvec_push(&help_cmd
.args
, HELP_COMMAND
);
71 run_command(&help_cmd
);
83 fprintf(stderr
, "git> ");
86 * Avoid using a strbuf or git_read_line_interactively() here.
87 * We don't want to allocate arbitrary amounts of memory on
88 * behalf of a possibly untrusted client, and we're subject to
89 * OS limits on command length anyway.
92 rawargs
= xmalloc(MAX_INTERACTIVE_COMMAND
);
93 if (!fgets(rawargs
, MAX_INTERACTIVE_COMMAND
, stdin
)) {
94 fprintf(stderr
, "\n");
98 len
= strlen(rawargs
);
101 * If we truncated due to our input buffer size, reject the
102 * command. That's better than running bogus input, and
103 * there's a good chance it's just malicious garbage anyway.
105 if (len
>= MAX_INTERACTIVE_COMMAND
- 1)
106 die("invalid command format: input too long");
108 if (len
> 0 && rawargs
[len
- 1] == '\n') {
109 if (--len
> 0 && rawargs
[len
- 1] == '\r')
114 split_args
= xstrdup(rawargs
);
115 count
= split_cmdline(split_args
, &argv
);
117 fprintf(stderr
, "invalid command format '%s': %s\n", rawargs
,
118 split_cmdline_strerror(count
));
125 if (!strcmp(prog
, "")) {
126 } else if (!strcmp(prog
, "quit") || !strcmp(prog
, "logout") ||
127 !strcmp(prog
, "exit") || !strcmp(prog
, "bye")) {
129 } else if (is_valid_cmd_name(prog
)) {
130 struct child_process cmd
= CHILD_PROCESS_INIT
;
132 full_cmd
= make_cmd(prog
);
134 cmd
.silent_exec_failure
= 1;
135 strvec_pushv(&cmd
.args
, argv
);
136 code
= run_command(&cmd
);
137 if (code
== -1 && errno
== ENOENT
) {
138 fprintf(stderr
, "unrecognized command '%s'\n", prog
);
142 fprintf(stderr
, "invalid command format '%s'\n", prog
);
151 static struct commands
{
153 int (*exec
)(const char *me
, char *arg
);
155 { "git-receive-pack", do_generic_cmd
},
156 { "git-upload-pack", do_generic_cmd
},
157 { "git-upload-archive", do_generic_cmd
},
161 int cmd_main(int argc
, const char **argv
)
164 const char **user_argv
;
165 struct commands
*cmd
;
169 * Special hack to pretend to be a CVS server
171 if (argc
== 2 && !strcmp(argv
[1], "cvs server")) {
173 } else if (argc
== 1) {
174 /* Allow the user to run an interactive shell */
176 if (access(COMMAND_DIR
, R_OK
| X_OK
) == -1) {
177 die("Interactive git shell is not enabled.\n"
178 "hint: ~/" COMMAND_DIR
" should exist "
179 "and have read and execute access.");
183 } else if (argc
!= 3 || strcmp(argv
[1], "-c")) {
185 * We do not accept any other modes except "-c" followed by
186 * "cmd arg", where "cmd" is a very limited subset of git
187 * commands or a command in the COMMAND_DIR
189 die("Run with no arguments or with -c cmd");
192 prog
= xstrdup(argv
[2]);
193 if (!strncmp(prog
, "git", 3) && isspace(prog
[3]))
194 /* Accept "git foo" as if the caller said "git-foo". */
197 for (cmd
= cmd_list
; cmd
->name
; cmd
++) {
198 int len
= strlen(cmd
->name
);
200 if (strncmp(cmd
->name
, prog
, len
))
208 arg
= prog
+ len
+ 1;
213 return cmd
->exec(cmd
->name
, arg
);
217 count
= split_cmdline(prog
, &user_argv
);
219 if (is_valid_cmd_name(user_argv
[0])) {
220 char *cmd
= make_cmd(user_argv
[0]);
221 execv(cmd
, (char *const *) user_argv
);
225 die("unrecognized command '%s'", argv
[2]);
228 die("invalid command format '%s': %s", argv
[2],
229 split_cmdline_strerror(count
));