Google Git
Sign in
googlers / jrn / git / 988aad99b44f3fb3f04f4a75cadf0dbb7ac89ffe / . / shell.c
blob: af0d7c734f8347082ab094cf1fc8898cbf26b64d [file] [log] [blame]
Linus Torvalds35eb2d32005-10-23 14:30:45 -0700[diff] [blame]1#include "cache.h"
2#include "quote.h"
Stefan Bellerd807c4a2018-04-10 14:26:18 -0700[diff] [blame]3#include "exec-cmd.h"
Johannes Schindelin0c696fe2007-10-09 15:33:25 +0100[diff] [blame]4#include "strbuf.h"
Greg Brockmane69164d2010-07-28 00:43:03 -0700[diff] [blame]5#include "run-command.h"
Nguyễn Thái Ngọc Duy65b5f942018-05-20 20:40:06 +0200[diff] [blame]6#include "alias.h"
Johannes Schindelin08d383f2020-04-10 11:27:50 +0000[diff] [blame]7#include "prompt.h"
Linus Torvalds35eb2d32005-10-23 14:30:45 -0700[diff] [blame]8
Greg Brockman2dbc8872010-07-28 17:31:01 -0700[diff] [blame]9#define COMMAND_DIR "git-shell-commands"
Greg Brockmane69164d2010-07-28 00:43:03 -0700[diff] [blame]10#define HELP_COMMAND COMMAND_DIR "/help"
Jonathan Nieder35297082013-03-09 14:00:11 -0800[diff] [blame]11#define NOLOGIN_COMMAND COMMAND_DIR "/no-interactive-login"
Greg Brockman2dbc8872010-07-28 17:31:01 -0700[diff] [blame]12
Linus Torvalds35eb2d32005-10-23 14:30:45 -0700[diff] [blame]13static int do_generic_cmd(const char *me, char *arg)
14{
15 const char *my_argv[4];
16
Johannes Sixte1464ca2008-07-21 21:19:52 +0200[diff] [blame]17 setup_path();
Jeff King3ec80442017-04-29 08:36:44 -0400[diff] [blame]18 if (!arg || !(arg = sq_dequote(arg)) || *arg == '-')
Linus Torvalds35eb2d32005-10-23 14:30:45 -0700[diff] [blame]19 die("bad argument");
René Scharfeec6ee0c2019-11-26 16:00:43 +0100[diff] [blame]20 if (!skip_prefix(me, "git-", &me))
Michal Ostrowski77cb17e2006-01-10 21:12:17 -0500[diff] [blame]21 die("bad command");
Linus Torvalds35eb2d32005-10-23 14:30:45 -0700[diff] [blame]22
René Scharfeec6ee0c2019-11-26 16:00:43 +0100[diff] [blame]23 my_argv[0] = me;
Linus Torvalds35eb2d32005-10-23 14:30:45 -0700[diff] [blame]24 my_argv[1] = arg;
25 my_argv[2] = NULL;
26
Junio C Hamano9201c702006-03-05 02:47:29 -0800[diff] [blame]27 return execv_git_cmd(my_argv);
Linus Torvalds35eb2d32005-10-23 14:30:45 -0700[diff] [blame]28}
29
Greg Brockman2dbc8872010-07-28 17:31:01 -0700[diff] [blame]30static int is_valid_cmd_name(const char *cmd)
31{
32 /* Test command contains no . or / characters */
33 return cmd[strcspn(cmd, "./")] == '\0';
34}
35
36static char *make_cmd(const char *prog)
37{
Jeff Kingb2724c82014-06-19 17:26:56 -0400[diff] [blame]38 return xstrfmt("%s/%s", COMMAND_DIR, prog);
Greg Brockman2dbc8872010-07-28 17:31:01 -0700[diff] [blame]39}
40
41static void cd_to_homedir(void)
42{
43 const char *home = getenv("HOME");
44 if (!home)
45 die("could not determine user's home directory; HOME is unset");
46 if (chdir(home) == -1)
47 die("could not chdir to user's home directory");
48}
Johannes Schindelin0c696fe2007-10-09 15:33:25 +0100[diff] [blame]49
Jeff King71ad7fe2022-09-28 18:52:48 -0400[diff] [blame]50#define MAX_INTERACTIVE_COMMAND (4*1024*1024)
51
Greg Brockmane69164d2010-07-28 00:43:03 -0700[diff] [blame]52static void run_shell(void)
53{
54 int done = 0;
René Scharfeddbb47f2022-10-30 12:55:06 +0100[diff] [blame]55 struct child_process help_cmd = CHILD_PROCESS_INIT;
Jonathan Nieder35297082013-03-09 14:00:11 -0800[diff] [blame]56
57 if (!access(NOLOGIN_COMMAND, F_OK)) {
58 /* Interactive login disabled. */
René Scharfeddbb47f2022-10-30 12:55:06 +0100[diff] [blame]59 struct child_process nologin_cmd = CHILD_PROCESS_INIT;
Jonathan Nieder35297082013-03-09 14:00:11 -0800[diff] [blame]60 int status;
61
René Scharfeddbb47f2022-10-30 12:55:06 +0100[diff] [blame]62 strvec_push(&nologin_cmd.args, NOLOGIN_COMMAND);
63 status = run_command(&nologin_cmd);
Jonathan Nieder35297082013-03-09 14:00:11 -0800[diff] [blame]64 if (status < 0)
65 exit(127);
66 exit(status);
67 }
68
Greg Brockmane69164d2010-07-28 00:43:03 -0700[diff] [blame]69 /* Print help if enabled */
René Scharfeddbb47f2022-10-30 12:55:06 +0100[diff] [blame]70 help_cmd.silent_exec_failure = 1;
71 strvec_push(&help_cmd.args, HELP_COMMAND);
72 run_command(&help_cmd);
Greg Brockmane69164d2010-07-28 00:43:03 -0700[diff] [blame]73
74 do {
Greg Brockmane69164d2010-07-28 00:43:03 -0700[diff] [blame]75 const char *prog;
76 char *full_cmd;
77 char *rawargs;
Jeff King71ad7fe2022-09-28 18:52:48 -0400[diff] [blame]78 size_t len;
Greg Brockman9f29fe92010-08-27 01:36:13 -0400[diff] [blame]79 char *split_args;
Greg Brockmane69164d2010-07-28 00:43:03 -0700[diff] [blame]80 const char **argv;
81 int code;
Greg Brockman9f29fe92010-08-27 01:36:13 -0400[diff] [blame]82 int count;
Greg Brockmane69164d2010-07-28 00:43:03 -0700[diff] [blame]83
84 fprintf(stderr, "git> ");
Jeff King71ad7fe2022-09-28 18:52:48 -0400[diff] [blame]85
86 /*
87 * Avoid using a strbuf or git_read_line_interactively() here.
88 * We don't want to allocate arbitrary amounts of memory on
89 * behalf of a possibly untrusted client, and we're subject to
90 * OS limits on command length anyway.
91 */
92 fflush(stdout);
93 rawargs = xmalloc(MAX_INTERACTIVE_COMMAND);
94 if (!fgets(rawargs, MAX_INTERACTIVE_COMMAND, stdin)) {
Greg Brockmane69164d2010-07-28 00:43:03 -0700[diff] [blame]95 fprintf(stderr, "\n");
Jeff King71ad7fe2022-09-28 18:52:48 -0400[diff] [blame]96 free(rawargs);
Greg Brockmane69164d2010-07-28 00:43:03 -0700[diff] [blame]97 break;
98 }
Jeff King71ad7fe2022-09-28 18:52:48 -0400[diff] [blame]99 len = strlen(rawargs);
100
101 /*
102 * If we truncated due to our input buffer size, reject the
103 * command. That's better than running bogus input, and
104 * there's a good chance it's just malicious garbage anyway.
105 */
106 if (len >= MAX_INTERACTIVE_COMMAND - 1)
107 die("invalid command format: input too long");
108
109 if (len > 0 && rawargs[len - 1] == '\n') {
110 if (--len > 0 && rawargs[len - 1] == '\r')
111 --len;
112 rawargs[len] = '\0';
113 }
114
Greg Brockman9f29fe92010-08-27 01:36:13 -0400[diff] [blame]115 split_args = xstrdup(rawargs);
116 count = split_cmdline(split_args, &argv);
117 if (count < 0) {
118 fprintf(stderr, "invalid command format '%s': %s\n", rawargs,
119 split_cmdline_strerror(count));
120 free(split_args);
Greg Brockmane69164d2010-07-28 00:43:03 -0700[diff] [blame]121 free(rawargs);
122 continue;
123 }
124
125 prog = argv[0];
126 if (!strcmp(prog, "")) {
127 } else if (!strcmp(prog, "quit") || !strcmp(prog, "logout") ||
128 !strcmp(prog, "exit") || !strcmp(prog, "bye")) {
129 done = 1;
130 } else if (is_valid_cmd_name(prog)) {
René Scharfeddbb47f2022-10-30 12:55:06 +0100[diff] [blame]131 struct child_process cmd = CHILD_PROCESS_INIT;
132
Greg Brockmane69164d2010-07-28 00:43:03 -0700[diff] [blame]133 full_cmd = make_cmd(prog);
134 argv[0] = full_cmd;
René Scharfeddbb47f2022-10-30 12:55:06 +0100[diff] [blame]135 cmd.silent_exec_failure = 1;
136 strvec_pushv(&cmd.args, argv);
137 code = run_command(&cmd);
Greg Brockmane69164d2010-07-28 00:43:03 -0700[diff] [blame]138 if (code == -1 && errno == ENOENT) {
139 fprintf(stderr, "unrecognized command '%s'\n", prog);
140 }
141 free(full_cmd);
142 } else {
143 fprintf(stderr, "invalid command format '%s'\n", prog);
144 }
145
146 free(argv);
147 free(rawargs);
148 } while (!done);
149}
150
Linus Torvalds35eb2d32005-10-23 14:30:45 -0700[diff] [blame]151static struct commands {
152 const char *name;
153 int (*exec)(const char *me, char *arg);
154} cmd_list[] = {
155 { "git-receive-pack", do_generic_cmd },
156 { "git-upload-pack", do_generic_cmd },
Erik Broes79f72b92009-04-09 21:58:52 +0200[diff] [blame]157 { "git-upload-archive", do_generic_cmd },
Linus Torvalds35eb2d32005-10-23 14:30:45 -0700[diff] [blame]158 { NULL },
159};
160
Jeff King3f2e2292016-07-01 01:58:58 -0400[diff] [blame]161int cmd_main(int argc, const char **argv)
Linus Torvalds35eb2d32005-10-23 14:30:45 -0700[diff] [blame]162{
163 char *prog;
Greg Brockman2dbc8872010-07-28 17:31:01 -0700[diff] [blame]164 const char **user_argv;
Linus Torvalds35eb2d32005-10-23 14:30:45 -0700[diff] [blame]165 struct commands *cmd;
Greg Brockman9f29fe92010-08-27 01:36:13 -0400[diff] [blame]166 int count;
Paolo Bonzini0cfeed22008-08-27 17:20:35 +0200[diff] [blame]167
168 /*
Junio C Hamanobc7c73e2007-12-01 22:16:19 -0800[diff] [blame]169 * Special hack to pretend to be a CVS server
170 */
Greg Brockmane69164d2010-07-28 00:43:03 -0700[diff] [blame]171 if (argc == 2 && !strcmp(argv[1], "cvs server")) {
Johannes Schindelin0c696fe2007-10-09 15:33:25 +0100[diff] [blame]172 argv--;
Greg Brockmane69164d2010-07-28 00:43:03 -0700[diff] [blame]173 } else if (argc == 1) {
174 /* Allow the user to run an interactive shell */
175 cd_to_homedir();
Ramkumar Ramachandra70256a32010-08-24 11:06:51 +0530[diff] [blame]176 if (access(COMMAND_DIR, R_OK | X_OK) == -1) {
177 die("Interactive git shell is not enabled.\n"
178 "hint: ~/" COMMAND_DIR " should exist "
179 "and have read and execute access.");
180 }
Greg Brockmane69164d2010-07-28 00:43:03 -0700[diff] [blame]181 run_shell();
182 exit(0);
183 } else if (argc != 3 || strcmp(argv[1], "-c")) {
184 /*
185 * We do not accept any other modes except "-c" followed by
186 * "cmd arg", where "cmd" is a very limited subset of git
187 * commands or a command in the COMMAND_DIR
188 */
189 die("Run with no arguments or with -c cmd");
190 }
Linus Torvalds35eb2d32005-10-23 14:30:45 -0700[diff] [blame]191
Greg Brockman2dbc8872010-07-28 17:31:01 -0700[diff] [blame]192 prog = xstrdup(argv[2]);
Junio C Hamanobc7c73e2007-12-01 22:16:19 -0800[diff] [blame]193 if (!strncmp(prog, "git", 3) && isspace(prog[3]))
194 /* Accept "git foo" as if the caller said "git-foo". */
195 prog[3] = '-';
196
Linus Torvalds35eb2d32005-10-23 14:30:45 -0700[diff] [blame]197 for (cmd = cmd_list ; cmd->name ; cmd++) {
198 int len = strlen(cmd->name);
199 char *arg;
200 if (strncmp(cmd->name, prog, len))
201 continue;
202 arg = NULL;
203 switch (prog[len]) {
204 case '\0':
205 arg = NULL;
206 break;
207 case ' ':
208 arg = prog + len + 1;
209 break;
210 default:
211 continue;
212 }
Ævar Arnfjörð Bjarmason338abb02021-06-08 12:48:03 +0200[diff] [blame]213 return cmd->exec(cmd->name, arg);
Linus Torvalds35eb2d32005-10-23 14:30:45 -0700[diff] [blame]214 }
Greg Brockman2dbc8872010-07-28 17:31:01 -0700[diff] [blame]215
216 cd_to_homedir();
Greg Brockman9f29fe92010-08-27 01:36:13 -0400[diff] [blame]217 count = split_cmdline(prog, &user_argv);
218 if (count >= 0) {
Greg Brockman2dbc8872010-07-28 17:31:01 -0700[diff] [blame]219 if (is_valid_cmd_name(user_argv[0])) {
220 prog = make_cmd(user_argv[0]);
221 user_argv[0] = prog;
222 execv(user_argv[0], (char *const *) user_argv);
223 }
224 free(prog);
225 free(user_argv);
226 die("unrecognized command '%s'", argv[2]);
227 } else {
228 free(prog);
Greg Brockman9f29fe92010-08-27 01:36:13 -0400[diff] [blame]229 die("invalid command format '%s': %s", argv[2],
230 split_cmdline_strerror(count));
Greg Brockman2dbc8872010-07-28 17:31:01 -0700[diff] [blame]231 }
Linus Torvalds35eb2d32005-10-23 14:30:45 -0700[diff] [blame]232}