Merge branch 'js/gpg-errors'
[git.git] / shell.c
blobaf0d7c734f8347082ab094cf1fc8898cbf26b64d
1 #include "cache.h"
2 #include "quote.h"
3 #include "exec-cmd.h"
4 #include "strbuf.h"
5 #include "run-command.h"
6 #include "alias.h"
7 #include "prompt.h"
9 #define COMMAND_DIR "git-shell-commands"
10 #define HELP_COMMAND COMMAND_DIR "/help"
11 #define NOLOGIN_COMMAND COMMAND_DIR "/no-interactive-login"
13 static int do_generic_cmd(const char *me, char *arg)
15 const char *my_argv[4];
17 setup_path();
18 if (!arg || !(arg = sq_dequote(arg)) || *arg == '-')
19 die("bad argument");
20 if (!skip_prefix(me, "git-", &me))
21 die("bad command");
23 my_argv[0] = me;
24 my_argv[1] = arg;
25 my_argv[2] = NULL;
27 return execv_git_cmd(my_argv);
30 static int is_valid_cmd_name(const char *cmd)
32 /* Test command contains no . or / characters */
33 return cmd[strcspn(cmd, "./")] == '\0';
36 static char *make_cmd(const char *prog)
38 return xstrfmt("%s/%s", COMMAND_DIR, prog);
41 static void cd_to_homedir(void)
43 const char *home = getenv("HOME");
44 if (!home)
45 die("could not determine user's home directory; HOME is unset");
46 if (chdir(home) == -1)
47 die("could not chdir to user's home directory");
50 #define MAX_INTERACTIVE_COMMAND (4*1024*1024)
52 static void run_shell(void)
54 int done = 0;
55 struct child_process help_cmd = CHILD_PROCESS_INIT;
57 if (!access(NOLOGIN_COMMAND, F_OK)) {
58 /* Interactive login disabled. */
59 struct child_process nologin_cmd = CHILD_PROCESS_INIT;
60 int status;
62 strvec_push(&nologin_cmd.args, NOLOGIN_COMMAND);
63 status = run_command(&nologin_cmd);
64 if (status < 0)
65 exit(127);
66 exit(status);
69 /* Print help if enabled */
70 help_cmd.silent_exec_failure = 1;
71 strvec_push(&help_cmd.args, HELP_COMMAND);
72 run_command(&help_cmd);
74 do {
75 const char *prog;
76 char *full_cmd;
77 char *rawargs;
78 size_t len;
79 char *split_args;
80 const char **argv;
81 int code;
82 int count;
84 fprintf(stderr, "git> ");
87 * Avoid using a strbuf or git_read_line_interactively() here.
88 * We don't want to allocate arbitrary amounts of memory on
89 * behalf of a possibly untrusted client, and we're subject to
90 * OS limits on command length anyway.
92 fflush(stdout);
93 rawargs = xmalloc(MAX_INTERACTIVE_COMMAND);
94 if (!fgets(rawargs, MAX_INTERACTIVE_COMMAND, stdin)) {
95 fprintf(stderr, "\n");
96 free(rawargs);
97 break;
99 len = strlen(rawargs);
102 * If we truncated due to our input buffer size, reject the
103 * command. That's better than running bogus input, and
104 * there's a good chance it's just malicious garbage anyway.
106 if (len >= MAX_INTERACTIVE_COMMAND - 1)
107 die("invalid command format: input too long");
109 if (len > 0 && rawargs[len - 1] == '\n') {
110 if (--len > 0 && rawargs[len - 1] == '\r')
111 --len;
112 rawargs[len] = '\0';
115 split_args = xstrdup(rawargs);
116 count = split_cmdline(split_args, &argv);
117 if (count < 0) {
118 fprintf(stderr, "invalid command format '%s': %s\n", rawargs,
119 split_cmdline_strerror(count));
120 free(split_args);
121 free(rawargs);
122 continue;
125 prog = argv[0];
126 if (!strcmp(prog, "")) {
127 } else if (!strcmp(prog, "quit") || !strcmp(prog, "logout") ||
128 !strcmp(prog, "exit") || !strcmp(prog, "bye")) {
129 done = 1;
130 } else if (is_valid_cmd_name(prog)) {
131 struct child_process cmd = CHILD_PROCESS_INIT;
133 full_cmd = make_cmd(prog);
134 argv[0] = full_cmd;
135 cmd.silent_exec_failure = 1;
136 strvec_pushv(&cmd.args, argv);
137 code = run_command(&cmd);
138 if (code == -1 && errno == ENOENT) {
139 fprintf(stderr, "unrecognized command '%s'\n", prog);
141 free(full_cmd);
142 } else {
143 fprintf(stderr, "invalid command format '%s'\n", prog);
146 free(argv);
147 free(rawargs);
148 } while (!done);
151 static struct commands {
152 const char *name;
153 int (*exec)(const char *me, char *arg);
154 } cmd_list[] = {
155 { "git-receive-pack", do_generic_cmd },
156 { "git-upload-pack", do_generic_cmd },
157 { "git-upload-archive", do_generic_cmd },
158 { NULL },
161 int cmd_main(int argc, const char **argv)
163 char *prog;
164 const char **user_argv;
165 struct commands *cmd;
166 int count;
169 * Special hack to pretend to be a CVS server
171 if (argc == 2 && !strcmp(argv[1], "cvs server")) {
172 argv--;
173 } else if (argc == 1) {
174 /* Allow the user to run an interactive shell */
175 cd_to_homedir();
176 if (access(COMMAND_DIR, R_OK | X_OK) == -1) {
177 die("Interactive git shell is not enabled.\n"
178 "hint: ~/" COMMAND_DIR " should exist "
179 "and have read and execute access.");
181 run_shell();
182 exit(0);
183 } else if (argc != 3 || strcmp(argv[1], "-c")) {
185 * We do not accept any other modes except "-c" followed by
186 * "cmd arg", where "cmd" is a very limited subset of git
187 * commands or a command in the COMMAND_DIR
189 die("Run with no arguments or with -c cmd");
192 prog = xstrdup(argv[2]);
193 if (!strncmp(prog, "git", 3) && isspace(prog[3]))
194 /* Accept "git foo" as if the caller said "git-foo". */
195 prog[3] = '-';
197 for (cmd = cmd_list ; cmd->name ; cmd++) {
198 int len = strlen(cmd->name);
199 char *arg;
200 if (strncmp(cmd->name, prog, len))
201 continue;
202 arg = NULL;
203 switch (prog[len]) {
204 case '\0':
205 arg = NULL;
206 break;
207 case ' ':
208 arg = prog + len + 1;
209 break;
210 default:
211 continue;
213 return cmd->exec(cmd->name, arg);
216 cd_to_homedir();
217 count = split_cmdline(prog, &user_argv);
218 if (count >= 0) {
219 if (is_valid_cmd_name(user_argv[0])) {
220 prog = make_cmd(user_argv[0]);
221 user_argv[0] = prog;
222 execv(user_argv[0], (char *const *) user_argv);
224 free(prog);
225 free(user_argv);
226 die("unrecognized command '%s'", argv[2]);
227 } else {
228 free(prog);
229 die("invalid command format '%s': %s", argv[2],
230 split_cmdline_strerror(count));