Merge branch 'rj/ref-filter-get-head-description-leakfix' into maint-2.38
[alt-git.git] / shell.c
blob7ff4109db7058b5677be2fa8775f699b54e4d4f1
1 #include "cache.h"
2 #include "quote.h"
3 #include "exec-cmd.h"
4 #include "strbuf.h"
5 #include "run-command.h"
6 #include "alias.h"
7 #include "prompt.h"
9 #define COMMAND_DIR "git-shell-commands"
10 #define HELP_COMMAND COMMAND_DIR "/help"
11 #define NOLOGIN_COMMAND COMMAND_DIR "/no-interactive-login"
13 static int do_generic_cmd(const char *me, char *arg)
15 const char *my_argv[4];
17 setup_path();
18 if (!arg || !(arg = sq_dequote(arg)) || *arg == '-')
19 die("bad argument");
20 if (!skip_prefix(me, "git-", &me))
21 die("bad command");
23 my_argv[0] = me;
24 my_argv[1] = arg;
25 my_argv[2] = NULL;
27 return execv_git_cmd(my_argv);
30 static int is_valid_cmd_name(const char *cmd)
32 /* Test command contains no . or / characters */
33 return cmd[strcspn(cmd, "./")] == '\0';
36 static char *make_cmd(const char *prog)
38 return xstrfmt("%s/%s", COMMAND_DIR, prog);
41 static void cd_to_homedir(void)
43 const char *home = getenv("HOME");
44 if (!home)
45 die("could not determine user's home directory; HOME is unset");
46 if (chdir(home) == -1)
47 die("could not chdir to user's home directory");
50 #define MAX_INTERACTIVE_COMMAND (4*1024*1024)
52 static void run_shell(void)
54 int done = 0;
55 static const char *help_argv[] = { HELP_COMMAND, NULL };
57 if (!access(NOLOGIN_COMMAND, F_OK)) {
58 /* Interactive login disabled. */
59 const char *argv[] = { NOLOGIN_COMMAND, NULL };
60 int status;
62 status = run_command_v_opt(argv, 0);
63 if (status < 0)
64 exit(127);
65 exit(status);
68 /* Print help if enabled */
69 run_command_v_opt(help_argv, RUN_SILENT_EXEC_FAILURE);
71 do {
72 const char *prog;
73 char *full_cmd;
74 char *rawargs;
75 size_t len;
76 char *split_args;
77 const char **argv;
78 int code;
79 int count;
81 fprintf(stderr, "git> ");
84 * Avoid using a strbuf or git_read_line_interactively() here.
85 * We don't want to allocate arbitrary amounts of memory on
86 * behalf of a possibly untrusted client, and we're subject to
87 * OS limits on command length anyway.
89 fflush(stdout);
90 rawargs = xmalloc(MAX_INTERACTIVE_COMMAND);
91 if (!fgets(rawargs, MAX_INTERACTIVE_COMMAND, stdin)) {
92 fprintf(stderr, "\n");
93 free(rawargs);
94 break;
96 len = strlen(rawargs);
99 * If we truncated due to our input buffer size, reject the
100 * command. That's better than running bogus input, and
101 * there's a good chance it's just malicious garbage anyway.
103 if (len >= MAX_INTERACTIVE_COMMAND - 1)
104 die("invalid command format: input too long");
106 if (len > 0 && rawargs[len - 1] == '\n') {
107 if (--len > 0 && rawargs[len - 1] == '\r')
108 --len;
109 rawargs[len] = '\0';
112 split_args = xstrdup(rawargs);
113 count = split_cmdline(split_args, &argv);
114 if (count < 0) {
115 fprintf(stderr, "invalid command format '%s': %s\n", rawargs,
116 split_cmdline_strerror(count));
117 free(split_args);
118 free(rawargs);
119 continue;
122 prog = argv[0];
123 if (!strcmp(prog, "")) {
124 } else if (!strcmp(prog, "quit") || !strcmp(prog, "logout") ||
125 !strcmp(prog, "exit") || !strcmp(prog, "bye")) {
126 done = 1;
127 } else if (is_valid_cmd_name(prog)) {
128 full_cmd = make_cmd(prog);
129 argv[0] = full_cmd;
130 code = run_command_v_opt(argv, RUN_SILENT_EXEC_FAILURE);
131 if (code == -1 && errno == ENOENT) {
132 fprintf(stderr, "unrecognized command '%s'\n", prog);
134 free(full_cmd);
135 } else {
136 fprintf(stderr, "invalid command format '%s'\n", prog);
139 free(argv);
140 free(rawargs);
141 } while (!done);
144 static struct commands {
145 const char *name;
146 int (*exec)(const char *me, char *arg);
147 } cmd_list[] = {
148 { "git-receive-pack", do_generic_cmd },
149 { "git-upload-pack", do_generic_cmd },
150 { "git-upload-archive", do_generic_cmd },
151 { NULL },
154 int cmd_main(int argc, const char **argv)
156 char *prog;
157 const char **user_argv;
158 struct commands *cmd;
159 int count;
162 * Special hack to pretend to be a CVS server
164 if (argc == 2 && !strcmp(argv[1], "cvs server")) {
165 argv--;
166 } else if (argc == 1) {
167 /* Allow the user to run an interactive shell */
168 cd_to_homedir();
169 if (access(COMMAND_DIR, R_OK | X_OK) == -1) {
170 die("Interactive git shell is not enabled.\n"
171 "hint: ~/" COMMAND_DIR " should exist "
172 "and have read and execute access.");
174 run_shell();
175 exit(0);
176 } else if (argc != 3 || strcmp(argv[1], "-c")) {
178 * We do not accept any other modes except "-c" followed by
179 * "cmd arg", where "cmd" is a very limited subset of git
180 * commands or a command in the COMMAND_DIR
182 die("Run with no arguments or with -c cmd");
185 prog = xstrdup(argv[2]);
186 if (!strncmp(prog, "git", 3) && isspace(prog[3]))
187 /* Accept "git foo" as if the caller said "git-foo". */
188 prog[3] = '-';
190 for (cmd = cmd_list ; cmd->name ; cmd++) {
191 int len = strlen(cmd->name);
192 char *arg;
193 if (strncmp(cmd->name, prog, len))
194 continue;
195 arg = NULL;
196 switch (prog[len]) {
197 case '\0':
198 arg = NULL;
199 break;
200 case ' ':
201 arg = prog + len + 1;
202 break;
203 default:
204 continue;
206 return cmd->exec(cmd->name, arg);
209 cd_to_homedir();
210 count = split_cmdline(prog, &user_argv);
211 if (count >= 0) {
212 if (is_valid_cmd_name(user_argv[0])) {
213 prog = make_cmd(user_argv[0]);
214 user_argv[0] = prog;
215 execv(user_argv[0], (char *const *) user_argv);
217 free(prog);
218 free(user_argv);
219 die("unrecognized command '%s'", argv[2]);
220 } else {
221 free(prog);
222 die("invalid command format '%s': %s", argv[2],
223 split_cmdline_strerror(count));