5 #include "run-command.h"
9 #define COMMAND_DIR "git-shell-commands"
10 #define HELP_COMMAND COMMAND_DIR "/help"
11 #define NOLOGIN_COMMAND COMMAND_DIR "/no-interactive-login"
13 static int do_generic_cmd(const char *me
, char *arg
)
15 const char *my_argv
[4];
18 if (!arg
|| !(arg
= sq_dequote(arg
)) || *arg
== '-')
20 if (!skip_prefix(me
, "git-", &me
))
27 return execv_git_cmd(my_argv
);
30 static int is_valid_cmd_name(const char *cmd
)
32 /* Test command contains no . or / characters */
33 return cmd
[strcspn(cmd
, "./")] == '\0';
36 static char *make_cmd(const char *prog
)
38 return xstrfmt("%s/%s", COMMAND_DIR
, prog
);
41 static void cd_to_homedir(void)
43 const char *home
= getenv("HOME");
45 die("could not determine user's home directory; HOME is unset");
46 if (chdir(home
) == -1)
47 die("could not chdir to user's home directory");
50 #define MAX_INTERACTIVE_COMMAND (4*1024*1024)
52 static void run_shell(void)
55 static const char *help_argv
[] = { HELP_COMMAND
, NULL
};
57 if (!access(NOLOGIN_COMMAND
, F_OK
)) {
58 /* Interactive login disabled. */
59 const char *argv
[] = { NOLOGIN_COMMAND
, NULL
};
62 status
= run_command_v_opt(argv
, 0);
68 /* Print help if enabled */
69 run_command_v_opt(help_argv
, RUN_SILENT_EXEC_FAILURE
);
81 fprintf(stderr
, "git> ");
84 * Avoid using a strbuf or git_read_line_interactively() here.
85 * We don't want to allocate arbitrary amounts of memory on
86 * behalf of a possibly untrusted client, and we're subject to
87 * OS limits on command length anyway.
90 rawargs
= xmalloc(MAX_INTERACTIVE_COMMAND
);
91 if (!fgets(rawargs
, MAX_INTERACTIVE_COMMAND
, stdin
)) {
92 fprintf(stderr
, "\n");
96 len
= strlen(rawargs
);
99 * If we truncated due to our input buffer size, reject the
100 * command. That's better than running bogus input, and
101 * there's a good chance it's just malicious garbage anyway.
103 if (len
>= MAX_INTERACTIVE_COMMAND
- 1)
104 die("invalid command format: input too long");
106 if (len
> 0 && rawargs
[len
- 1] == '\n') {
107 if (--len
> 0 && rawargs
[len
- 1] == '\r')
112 split_args
= xstrdup(rawargs
);
113 count
= split_cmdline(split_args
, &argv
);
115 fprintf(stderr
, "invalid command format '%s': %s\n", rawargs
,
116 split_cmdline_strerror(count
));
123 if (!strcmp(prog
, "")) {
124 } else if (!strcmp(prog
, "quit") || !strcmp(prog
, "logout") ||
125 !strcmp(prog
, "exit") || !strcmp(prog
, "bye")) {
127 } else if (is_valid_cmd_name(prog
)) {
128 full_cmd
= make_cmd(prog
);
130 code
= run_command_v_opt(argv
, RUN_SILENT_EXEC_FAILURE
);
131 if (code
== -1 && errno
== ENOENT
) {
132 fprintf(stderr
, "unrecognized command '%s'\n", prog
);
136 fprintf(stderr
, "invalid command format '%s'\n", prog
);
144 static struct commands
{
146 int (*exec
)(const char *me
, char *arg
);
148 { "git-receive-pack", do_generic_cmd
},
149 { "git-upload-pack", do_generic_cmd
},
150 { "git-upload-archive", do_generic_cmd
},
154 int cmd_main(int argc
, const char **argv
)
157 const char **user_argv
;
158 struct commands
*cmd
;
162 * Special hack to pretend to be a CVS server
164 if (argc
== 2 && !strcmp(argv
[1], "cvs server")) {
166 } else if (argc
== 1) {
167 /* Allow the user to run an interactive shell */
169 if (access(COMMAND_DIR
, R_OK
| X_OK
) == -1) {
170 die("Interactive git shell is not enabled.\n"
171 "hint: ~/" COMMAND_DIR
" should exist "
172 "and have read and execute access.");
176 } else if (argc
!= 3 || strcmp(argv
[1], "-c")) {
178 * We do not accept any other modes except "-c" followed by
179 * "cmd arg", where "cmd" is a very limited subset of git
180 * commands or a command in the COMMAND_DIR
182 die("Run with no arguments or with -c cmd");
185 prog
= xstrdup(argv
[2]);
186 if (!strncmp(prog
, "git", 3) && isspace(prog
[3]))
187 /* Accept "git foo" as if the caller said "git-foo". */
190 for (cmd
= cmd_list
; cmd
->name
; cmd
++) {
191 int len
= strlen(cmd
->name
);
193 if (strncmp(cmd
->name
, prog
, len
))
201 arg
= prog
+ len
+ 1;
206 return cmd
->exec(cmd
->name
, arg
);
210 count
= split_cmdline(prog
, &user_argv
);
212 if (is_valid_cmd_name(user_argv
[0])) {
213 prog
= make_cmd(user_argv
[0]);
215 execv(user_argv
[0], (char *const *) user_argv
);
219 die("unrecognized command '%s'", argv
[2]);
222 die("invalid command format '%s': %s", argv
[2],
223 split_cmdline_strerror(count
));