Fix potentially dangerous uses of mkpath and git_path
[git/jnareb-git.git] / builtin-receive-pack.c
blob9f60f31c2bb7da7095de8d692d215c485ab5da0c
1 #include "cache.h"
2 #include "pack.h"
3 #include "refs.h"
4 #include "pkt-line.h"
5 #include "run-command.h"
6 #include "exec_cmd.h"
7 #include "commit.h"
8 #include "object.h"
9 #include "remote.h"
10 #include "transport.h"
12 static const char receive_pack_usage[] = "git-receive-pack <git-dir>";
14 static int deny_non_fast_forwards = 0;
15 static int receive_fsck_objects;
16 static int receive_unpack_limit = -1;
17 static int transfer_unpack_limit = -1;
18 static int unpack_limit = 100;
19 static int report_status;
21 static char capabilities[] = " report-status delete-refs ";
22 static int capabilities_sent;
24 static int receive_pack_config(const char *var, const char *value, void *cb)
26 if (strcmp(var, "receive.denynonfastforwards") == 0) {
27 deny_non_fast_forwards = git_config_bool(var, value);
28 return 0;
31 if (strcmp(var, "receive.unpacklimit") == 0) {
32 receive_unpack_limit = git_config_int(var, value);
33 return 0;
36 if (strcmp(var, "transfer.unpacklimit") == 0) {
37 transfer_unpack_limit = git_config_int(var, value);
38 return 0;
41 if (strcmp(var, "receive.fsckobjects") == 0) {
42 receive_fsck_objects = git_config_bool(var, value);
43 return 0;
46 return git_default_config(var, value, cb);
49 static int show_ref(const char *path, const unsigned char *sha1, int flag, void *cb_data)
51 if (capabilities_sent)
52 packet_write(1, "%s %s\n", sha1_to_hex(sha1), path);
53 else
54 packet_write(1, "%s %s%c%s\n",
55 sha1_to_hex(sha1), path, 0, capabilities);
56 capabilities_sent = 1;
57 return 0;
60 static void write_head_info(void)
62 for_each_ref(show_ref, NULL);
63 if (!capabilities_sent)
64 show_ref("capabilities^{}", null_sha1, 0, NULL);
68 struct command {
69 struct command *next;
70 const char *error_string;
71 unsigned char old_sha1[20];
72 unsigned char new_sha1[20];
73 char ref_name[FLEX_ARRAY]; /* more */
76 static struct command *commands;
78 static const char pre_receive_hook[] = "hooks/pre-receive";
79 static const char post_receive_hook[] = "hooks/post-receive";
81 static int hook_status(int code, const char *hook_name)
83 switch (code) {
84 case 0:
85 return 0;
86 case -ERR_RUN_COMMAND_FORK:
87 return error("hook fork failed");
88 case -ERR_RUN_COMMAND_EXEC:
89 return error("hook execute failed");
90 case -ERR_RUN_COMMAND_PIPE:
91 return error("hook pipe failed");
92 case -ERR_RUN_COMMAND_WAITPID:
93 return error("waitpid failed");
94 case -ERR_RUN_COMMAND_WAITPID_WRONG_PID:
95 return error("waitpid is confused");
96 case -ERR_RUN_COMMAND_WAITPID_SIGNAL:
97 return error("%s died of signal", hook_name);
98 case -ERR_RUN_COMMAND_WAITPID_NOEXIT:
99 return error("%s died strangely", hook_name);
100 default:
101 error("%s exited with error code %d", hook_name, -code);
102 return -code;
106 static int run_hook(const char *hook_name)
108 static char buf[sizeof(commands->old_sha1) * 2 + PATH_MAX + 4];
109 struct command *cmd;
110 struct child_process proc;
111 const char *argv[2];
112 int have_input = 0, code;
114 for (cmd = commands; !have_input && cmd; cmd = cmd->next) {
115 if (!cmd->error_string)
116 have_input = 1;
119 if (!have_input || access(hook_name, X_OK) < 0)
120 return 0;
122 argv[0] = hook_name;
123 argv[1] = NULL;
125 memset(&proc, 0, sizeof(proc));
126 proc.argv = argv;
127 proc.in = -1;
128 proc.stdout_to_stderr = 1;
130 code = start_command(&proc);
131 if (code)
132 return hook_status(code, hook_name);
133 for (cmd = commands; cmd; cmd = cmd->next) {
134 if (!cmd->error_string) {
135 size_t n = snprintf(buf, sizeof(buf), "%s %s %s\n",
136 sha1_to_hex(cmd->old_sha1),
137 sha1_to_hex(cmd->new_sha1),
138 cmd->ref_name);
139 if (write_in_full(proc.in, buf, n) != n)
140 break;
143 close(proc.in);
144 return hook_status(finish_command(&proc), hook_name);
147 static int run_update_hook(struct command *cmd)
149 static const char update_hook[] = "hooks/update";
150 struct child_process proc;
151 const char *argv[5];
153 if (access(update_hook, X_OK) < 0)
154 return 0;
156 argv[0] = update_hook;
157 argv[1] = cmd->ref_name;
158 argv[2] = sha1_to_hex(cmd->old_sha1);
159 argv[3] = sha1_to_hex(cmd->new_sha1);
160 argv[4] = NULL;
162 memset(&proc, 0, sizeof(proc));
163 proc.argv = argv;
164 proc.no_stdin = 1;
165 proc.stdout_to_stderr = 1;
167 return hook_status(run_command(&proc), update_hook);
170 static const char *update(struct command *cmd)
172 const char *name = cmd->ref_name;
173 unsigned char *old_sha1 = cmd->old_sha1;
174 unsigned char *new_sha1 = cmd->new_sha1;
175 struct ref_lock *lock;
177 /* only refs/... are allowed */
178 if (prefixcmp(name, "refs/") || check_ref_format(name + 5)) {
179 error("refusing to create funny ref '%s' remotely", name);
180 return "funny refname";
183 if (!is_null_sha1(new_sha1) && !has_sha1_file(new_sha1)) {
184 error("unpack should have generated %s, "
185 "but I can't find it!", sha1_to_hex(new_sha1));
186 return "bad pack";
188 if (deny_non_fast_forwards && !is_null_sha1(new_sha1) &&
189 !is_null_sha1(old_sha1) &&
190 !prefixcmp(name, "refs/heads/")) {
191 struct object *old_object, *new_object;
192 struct commit *old_commit, *new_commit;
193 struct commit_list *bases, *ent;
195 old_object = parse_object(old_sha1);
196 new_object = parse_object(new_sha1);
198 if (!old_object || !new_object ||
199 old_object->type != OBJ_COMMIT ||
200 new_object->type != OBJ_COMMIT) {
201 error("bad sha1 objects for %s", name);
202 return "bad ref";
204 old_commit = (struct commit *)old_object;
205 new_commit = (struct commit *)new_object;
206 bases = get_merge_bases(old_commit, new_commit, 1);
207 for (ent = bases; ent; ent = ent->next)
208 if (!hashcmp(old_sha1, ent->item->object.sha1))
209 break;
210 free_commit_list(bases);
211 if (!ent) {
212 error("denying non-fast forward %s"
213 " (you should pull first)", name);
214 return "non-fast forward";
217 if (run_update_hook(cmd)) {
218 error("hook declined to update %s", name);
219 return "hook declined";
222 if (is_null_sha1(new_sha1)) {
223 if (!parse_object(old_sha1)) {
224 warning ("Allowing deletion of corrupt ref.");
225 old_sha1 = NULL;
227 if (delete_ref(name, old_sha1)) {
228 error("failed to delete %s", name);
229 return "failed to delete";
231 return NULL; /* good */
233 else {
234 lock = lock_any_ref_for_update(name, old_sha1, 0);
235 if (!lock) {
236 error("failed to lock %s", name);
237 return "failed to lock";
239 if (write_ref_sha1(lock, new_sha1, "push")) {
240 return "failed to write"; /* error() already called */
242 return NULL; /* good */
246 static char update_post_hook[] = "hooks/post-update";
248 static void run_update_post_hook(struct command *cmd)
250 struct command *cmd_p;
251 int argc;
252 const char **argv;
254 for (argc = 0, cmd_p = cmd; cmd_p; cmd_p = cmd_p->next) {
255 if (cmd_p->error_string)
256 continue;
257 argc++;
259 if (!argc || access(update_post_hook, X_OK) < 0)
260 return;
261 argv = xmalloc(sizeof(*argv) * (2 + argc));
262 argv[0] = update_post_hook;
264 for (argc = 1, cmd_p = cmd; cmd_p; cmd_p = cmd_p->next) {
265 char *p;
266 if (cmd_p->error_string)
267 continue;
268 p = xmalloc(strlen(cmd_p->ref_name) + 1);
269 strcpy(p, cmd_p->ref_name);
270 argv[argc] = p;
271 argc++;
273 argv[argc] = NULL;
274 run_command_v_opt(argv, RUN_COMMAND_NO_STDIN
275 | RUN_COMMAND_STDOUT_TO_STDERR);
278 static void execute_commands(const char *unpacker_error)
280 struct command *cmd = commands;
282 if (unpacker_error) {
283 while (cmd) {
284 cmd->error_string = "n/a (unpacker error)";
285 cmd = cmd->next;
287 return;
290 if (run_hook(pre_receive_hook)) {
291 while (cmd) {
292 cmd->error_string = "pre-receive hook declined";
293 cmd = cmd->next;
295 return;
298 while (cmd) {
299 cmd->error_string = update(cmd);
300 cmd = cmd->next;
304 static void read_head_info(void)
306 struct command **p = &commands;
307 for (;;) {
308 static char line[1000];
309 unsigned char old_sha1[20], new_sha1[20];
310 struct command *cmd;
311 char *refname;
312 int len, reflen;
314 len = packet_read_line(0, line, sizeof(line));
315 if (!len)
316 break;
317 if (line[len-1] == '\n')
318 line[--len] = 0;
319 if (len < 83 ||
320 line[40] != ' ' ||
321 line[81] != ' ' ||
322 get_sha1_hex(line, old_sha1) ||
323 get_sha1_hex(line + 41, new_sha1))
324 die("protocol error: expected old/new/ref, got '%s'",
325 line);
327 refname = line + 82;
328 reflen = strlen(refname);
329 if (reflen + 82 < len) {
330 if (strstr(refname + reflen + 1, "report-status"))
331 report_status = 1;
333 cmd = xmalloc(sizeof(struct command) + len - 80);
334 hashcpy(cmd->old_sha1, old_sha1);
335 hashcpy(cmd->new_sha1, new_sha1);
336 memcpy(cmd->ref_name, line + 82, len - 81);
337 cmd->error_string = NULL;
338 cmd->next = NULL;
339 *p = cmd;
340 p = &cmd->next;
344 static const char *parse_pack_header(struct pack_header *hdr)
346 switch (read_pack_header(0, hdr)) {
347 case PH_ERROR_EOF:
348 return "eof before pack header was fully read";
350 case PH_ERROR_PACK_SIGNATURE:
351 return "protocol error (pack signature mismatch detected)";
353 case PH_ERROR_PROTOCOL:
354 return "protocol error (pack version unsupported)";
356 default:
357 return "unknown error in parse_pack_header";
359 case 0:
360 return NULL;
364 static const char *pack_lockfile;
366 static const char *unpack(void)
368 struct pack_header hdr;
369 const char *hdr_err;
370 char hdr_arg[38];
372 hdr_err = parse_pack_header(&hdr);
373 if (hdr_err)
374 return hdr_err;
375 snprintf(hdr_arg, sizeof(hdr_arg),
376 "--pack_header=%"PRIu32",%"PRIu32,
377 ntohl(hdr.hdr_version), ntohl(hdr.hdr_entries));
379 if (ntohl(hdr.hdr_entries) < unpack_limit) {
380 int code, i = 0;
381 const char *unpacker[4];
382 unpacker[i++] = "unpack-objects";
383 if (receive_fsck_objects)
384 unpacker[i++] = "--strict";
385 unpacker[i++] = hdr_arg;
386 unpacker[i++] = NULL;
387 code = run_command_v_opt(unpacker, RUN_GIT_CMD);
388 switch (code) {
389 case 0:
390 return NULL;
391 case -ERR_RUN_COMMAND_FORK:
392 return "unpack fork failed";
393 case -ERR_RUN_COMMAND_EXEC:
394 return "unpack execute failed";
395 case -ERR_RUN_COMMAND_WAITPID:
396 return "waitpid failed";
397 case -ERR_RUN_COMMAND_WAITPID_WRONG_PID:
398 return "waitpid is confused";
399 case -ERR_RUN_COMMAND_WAITPID_SIGNAL:
400 return "unpacker died of signal";
401 case -ERR_RUN_COMMAND_WAITPID_NOEXIT:
402 return "unpacker died strangely";
403 default:
404 return "unpacker exited with error code";
406 } else {
407 const char *keeper[7];
408 int s, status, i = 0;
409 char keep_arg[256];
410 struct child_process ip;
412 s = sprintf(keep_arg, "--keep=receive-pack %"PRIuMAX" on ", (uintmax_t) getpid());
413 if (gethostname(keep_arg + s, sizeof(keep_arg) - s))
414 strcpy(keep_arg + s, "localhost");
416 keeper[i++] = "index-pack";
417 keeper[i++] = "--stdin";
418 if (receive_fsck_objects)
419 keeper[i++] = "--strict";
420 keeper[i++] = "--fix-thin";
421 keeper[i++] = hdr_arg;
422 keeper[i++] = keep_arg;
423 keeper[i++] = NULL;
424 memset(&ip, 0, sizeof(ip));
425 ip.argv = keeper;
426 ip.out = -1;
427 ip.git_cmd = 1;
428 if (start_command(&ip))
429 return "index-pack fork failed";
430 pack_lockfile = index_pack_lockfile(ip.out);
431 close(ip.out);
432 status = finish_command(&ip);
433 if (!status) {
434 reprepare_packed_git();
435 return NULL;
437 return "index-pack abnormal exit";
441 static void report(const char *unpack_status)
443 struct command *cmd;
444 packet_write(1, "unpack %s\n",
445 unpack_status ? unpack_status : "ok");
446 for (cmd = commands; cmd; cmd = cmd->next) {
447 if (!cmd->error_string)
448 packet_write(1, "ok %s\n",
449 cmd->ref_name);
450 else
451 packet_write(1, "ng %s %s\n",
452 cmd->ref_name, cmd->error_string);
454 packet_flush(1);
457 static int delete_only(struct command *cmd)
459 while (cmd) {
460 if (!is_null_sha1(cmd->new_sha1))
461 return 0;
462 cmd = cmd->next;
464 return 1;
467 static int add_refs_from_alternate(struct alternate_object_database *e, void *unused)
469 char *other;
470 size_t len;
471 struct remote *remote;
472 struct transport *transport;
473 const struct ref *extra;
475 e->name[-1] = '\0';
476 other = xstrdup(make_absolute_path(e->base));
477 e->name[-1] = '/';
478 len = strlen(other);
480 while (other[len-1] == '/')
481 other[--len] = '\0';
482 if (len < 8 || memcmp(other + len - 8, "/objects", 8))
483 return 0;
484 /* Is this a git repository with refs? */
485 memcpy(other + len - 8, "/refs", 6);
486 if (!is_directory(other))
487 return 0;
488 other[len - 8] = '\0';
489 remote = remote_get(other);
490 transport = transport_get(remote, other);
491 for (extra = transport_get_remote_refs(transport);
492 extra;
493 extra = extra->next) {
494 add_extra_ref(".have", extra->old_sha1, 0);
496 transport_disconnect(transport);
497 free(other);
498 return 0;
501 static void add_alternate_refs(void)
503 foreach_alt_odb(add_refs_from_alternate, NULL);
506 int cmd_receive_pack(int argc, const char **argv, const char *prefix)
508 int i;
509 char *dir = NULL;
511 argv++;
512 for (i = 1; i < argc; i++) {
513 const char *arg = *argv++;
515 if (*arg == '-') {
516 /* Do flag handling here */
517 usage(receive_pack_usage);
519 if (dir)
520 usage(receive_pack_usage);
521 dir = xstrdup(arg);
523 if (!dir)
524 usage(receive_pack_usage);
526 setup_path();
528 if (!enter_repo(dir, 0))
529 die("'%s': unable to chdir or not a git archive", dir);
531 if (is_repository_shallow())
532 die("attempt to push into a shallow repository");
534 git_config(receive_pack_config, NULL);
536 if (0 <= transfer_unpack_limit)
537 unpack_limit = transfer_unpack_limit;
538 else if (0 <= receive_unpack_limit)
539 unpack_limit = receive_unpack_limit;
541 add_alternate_refs();
542 write_head_info();
543 clear_extra_refs();
545 /* EOF */
546 packet_flush(1);
548 read_head_info();
549 if (commands) {
550 const char *unpack_status = NULL;
552 if (!delete_only(commands))
553 unpack_status = unpack();
554 execute_commands(unpack_status);
555 if (pack_lockfile)
556 unlink(pack_lockfile);
557 if (report_status)
558 report(unpack_status);
559 run_hook(post_receive_hook);
560 run_update_post_hook(commands);
562 return 0;