run-command.con commit Merge branch 'jn/warn-on-inaccessible-loosen' (4f43e97)
   1#include "cache.h"
   2#include "run-command.h"
   3#include "exec_cmd.h"
   4#include "sigchain.h"
   5#include "argv-array.h"
   6
   7#ifndef SHELL_PATH
   8# define SHELL_PATH "/bin/sh"
   9#endif
  10
  11struct child_to_clean {
  12        pid_t pid;
  13        struct child_to_clean *next;
  14};
  15static struct child_to_clean *children_to_clean;
  16static int installed_child_cleanup_handler;
  17
  18static void cleanup_children(int sig)
  19{
  20        while (children_to_clean) {
  21                struct child_to_clean *p = children_to_clean;
  22                children_to_clean = p->next;
  23                kill(p->pid, sig);
  24                free(p);
  25        }
  26}
  27
  28static void cleanup_children_on_signal(int sig)
  29{
  30        cleanup_children(sig);
  31        sigchain_pop(sig);
  32        raise(sig);
  33}
  34
  35static void cleanup_children_on_exit(void)
  36{
  37        cleanup_children(SIGTERM);
  38}
  39
  40static void mark_child_for_cleanup(pid_t pid)
  41{
  42        struct child_to_clean *p = xmalloc(sizeof(*p));
  43        p->pid = pid;
  44        p->next = children_to_clean;
  45        children_to_clean = p;
  46
  47        if (!installed_child_cleanup_handler) {
  48                atexit(cleanup_children_on_exit);
  49                sigchain_push_common(cleanup_children_on_signal);
  50                installed_child_cleanup_handler = 1;
  51        }
  52}
  53
  54static void clear_child_for_cleanup(pid_t pid)
  55{
  56        struct child_to_clean **pp;
  57
  58        for (pp = &children_to_clean; *pp; pp = &(*pp)->next) {
  59                struct child_to_clean *clean_me = *pp;
  60
  61                if (clean_me->pid == pid) {
  62                        *pp = clean_me->next;
  63                        free(clean_me);
  64                        return;
  65                }
  66        }
  67}
  68
  69static inline void close_pair(int fd[2])
  70{
  71        close(fd[0]);
  72        close(fd[1]);
  73}
  74
  75#ifndef WIN32
  76static inline void dup_devnull(int to)
  77{
  78        int fd = open("/dev/null", O_RDWR);
  79        dup2(fd, to);
  80        close(fd);
  81}
  82#endif
  83
  84static char *locate_in_PATH(const char *file)
  85{
  86        const char *p = getenv("PATH");
  87        struct strbuf buf = STRBUF_INIT;
  88
  89        if (!p || !*p)
  90                return NULL;
  91
  92        while (1) {
  93                const char *end = strchrnul(p, ':');
  94
  95                strbuf_reset(&buf);
  96
  97                /* POSIX specifies an empty entry as the current directory. */
  98                if (end != p) {
  99                        strbuf_add(&buf, p, end - p);
 100                        strbuf_addch(&buf, '/');
 101                }
 102                strbuf_addstr(&buf, file);
 103
 104                if (!access(buf.buf, F_OK))
 105                        return strbuf_detach(&buf, NULL);
 106
 107                if (!*end)
 108                        break;
 109                p = end + 1;
 110        }
 111
 112        strbuf_release(&buf);
 113        return NULL;
 114}
 115
 116static int exists_in_PATH(const char *file)
 117{
 118        char *r = locate_in_PATH(file);
 119        free(r);
 120        return r != NULL;
 121}
 122
 123int sane_execvp(const char *file, char * const argv[])
 124{
 125        if (!execvp(file, argv))
 126                return 0; /* cannot happen ;-) */
 127
 128        /*
 129         * When a command can't be found because one of the directories
 130         * listed in $PATH is unsearchable, execvp reports EACCES, but
 131         * careful usability testing (read: analysis of occasional bug
 132         * reports) reveals that "No such file or directory" is more
 133         * intuitive.
 134         *
 135         * We avoid commands with "/", because execvp will not do $PATH
 136         * lookups in that case.
 137         *
 138         * The reassignment of EACCES to errno looks like a no-op below,
 139         * but we need to protect against exists_in_PATH overwriting errno.
 140         */
 141        if (errno == EACCES && !strchr(file, '/'))
 142                errno = exists_in_PATH(file) ? EACCES : ENOENT;
 143        else if (errno == ENOTDIR && !strchr(file, '/'))
 144                errno = ENOENT;
 145        return -1;
 146}
 147
 148static const char **prepare_shell_cmd(const char **argv)
 149{
 150        int argc, nargc = 0;
 151        const char **nargv;
 152
 153        for (argc = 0; argv[argc]; argc++)
 154                ; /* just counting */
 155        /* +1 for NULL, +3 for "sh -c" plus extra $0 */
 156        nargv = xmalloc(sizeof(*nargv) * (argc + 1 + 3));
 157
 158        if (argc < 1)
 159                die("BUG: shell command is empty");
 160
 161        if (strcspn(argv[0], "|&;<>()$`\\\"' \t\n*?[#~=%") != strlen(argv[0])) {
 162#ifndef WIN32
 163                nargv[nargc++] = SHELL_PATH;
 164#else
 165                nargv[nargc++] = "sh";
 166#endif
 167                nargv[nargc++] = "-c";
 168
 169                if (argc < 2)
 170                        nargv[nargc++] = argv[0];
 171                else {
 172                        struct strbuf arg0 = STRBUF_INIT;
 173                        strbuf_addf(&arg0, "%s \"$@\"", argv[0]);
 174                        nargv[nargc++] = strbuf_detach(&arg0, NULL);
 175                }
 176        }
 177
 178        for (argc = 0; argv[argc]; argc++)
 179                nargv[nargc++] = argv[argc];
 180        nargv[nargc] = NULL;
 181
 182        return nargv;
 183}
 184
 185#ifndef WIN32
 186static int execv_shell_cmd(const char **argv)
 187{
 188        const char **nargv = prepare_shell_cmd(argv);
 189        trace_argv_printf(nargv, "trace: exec:");
 190        sane_execvp(nargv[0], (char **)nargv);
 191        free(nargv);
 192        return -1;
 193}
 194#endif
 195
 196#ifndef WIN32
 197static int child_err = 2;
 198static int child_notifier = -1;
 199
 200static void notify_parent(void)
 201{
 202        /*
 203         * execvp failed.  If possible, we'd like to let start_command
 204         * know, so failures like ENOENT can be handled right away; but
 205         * otherwise, finish_command will still report the error.
 206         */
 207        xwrite(child_notifier, "", 1);
 208}
 209
 210static NORETURN void die_child(const char *err, va_list params)
 211{
 212        vwritef(child_err, "fatal: ", err, params);
 213        exit(128);
 214}
 215
 216static void error_child(const char *err, va_list params)
 217{
 218        vwritef(child_err, "error: ", err, params);
 219}
 220#endif
 221
 222static inline void set_cloexec(int fd)
 223{
 224        int flags = fcntl(fd, F_GETFD);
 225        if (flags >= 0)
 226                fcntl(fd, F_SETFD, flags | FD_CLOEXEC);
 227}
 228
 229static int wait_or_whine(pid_t pid, const char *argv0)
 230{
 231        int status, code = -1;
 232        pid_t waiting;
 233        int failed_errno = 0;
 234
 235        while ((waiting = waitpid(pid, &status, 0)) < 0 && errno == EINTR)
 236                ;       /* nothing */
 237
 238        if (waiting < 0) {
 239                failed_errno = errno;
 240                error("waitpid for %s failed: %s", argv0, strerror(errno));
 241        } else if (waiting != pid) {
 242                error("waitpid is confused (%s)", argv0);
 243        } else if (WIFSIGNALED(status)) {
 244                code = WTERMSIG(status);
 245                if (code != SIGINT && code != SIGQUIT)
 246                        error("%s died of signal %d", argv0, code);
 247                /*
 248                 * This return value is chosen so that code & 0xff
 249                 * mimics the exit code that a POSIX shell would report for
 250                 * a program that died from this signal.
 251                 */
 252                code -= 128;
 253        } else if (WIFEXITED(status)) {
 254                code = WEXITSTATUS(status);
 255                /*
 256                 * Convert special exit code when execvp failed.
 257                 */
 258                if (code == 127) {
 259                        code = -1;
 260                        failed_errno = ENOENT;
 261                }
 262        } else {
 263                error("waitpid is confused (%s)", argv0);
 264        }
 265
 266        clear_child_for_cleanup(pid);
 267
 268        errno = failed_errno;
 269        return code;
 270}
 271
 272int start_command(struct child_process *cmd)
 273{
 274        int need_in, need_out, need_err;
 275        int fdin[2], fdout[2], fderr[2];
 276        int failed_errno = failed_errno;
 277
 278        /*
 279         * In case of errors we must keep the promise to close FDs
 280         * that have been passed in via ->in and ->out.
 281         */
 282
 283        need_in = !cmd->no_stdin && cmd->in < 0;
 284        if (need_in) {
 285                if (pipe(fdin) < 0) {
 286                        failed_errno = errno;
 287                        if (cmd->out > 0)
 288                                close(cmd->out);
 289                        goto fail_pipe;
 290                }
 291                cmd->in = fdin[1];
 292        }
 293
 294        need_out = !cmd->no_stdout
 295                && !cmd->stdout_to_stderr
 296                && cmd->out < 0;
 297        if (need_out) {
 298                if (pipe(fdout) < 0) {
 299                        failed_errno = errno;
 300                        if (need_in)
 301                                close_pair(fdin);
 302                        else if (cmd->in)
 303                                close(cmd->in);
 304                        goto fail_pipe;
 305                }
 306                cmd->out = fdout[0];
 307        }
 308
 309        need_err = !cmd->no_stderr && cmd->err < 0;
 310        if (need_err) {
 311                if (pipe(fderr) < 0) {
 312                        failed_errno = errno;
 313                        if (need_in)
 314                                close_pair(fdin);
 315                        else if (cmd->in)
 316                                close(cmd->in);
 317                        if (need_out)
 318                                close_pair(fdout);
 319                        else if (cmd->out)
 320                                close(cmd->out);
 321fail_pipe:
 322                        error("cannot create pipe for %s: %s",
 323                                cmd->argv[0], strerror(failed_errno));
 324                        errno = failed_errno;
 325                        return -1;
 326                }
 327                cmd->err = fderr[0];
 328        }
 329
 330        trace_argv_printf(cmd->argv, "trace: run_command:");
 331        fflush(NULL);
 332
 333#ifndef WIN32
 334{
 335        int notify_pipe[2];
 336        if (pipe(notify_pipe))
 337                notify_pipe[0] = notify_pipe[1] = -1;
 338
 339        cmd->pid = fork();
 340        if (!cmd->pid) {
 341                /*
 342                 * Redirect the channel to write syscall error messages to
 343                 * before redirecting the process's stderr so that all die()
 344                 * in subsequent call paths use the parent's stderr.
 345                 */
 346                if (cmd->no_stderr || need_err) {
 347                        child_err = dup(2);
 348                        set_cloexec(child_err);
 349                }
 350                set_die_routine(die_child);
 351                set_error_routine(error_child);
 352
 353                close(notify_pipe[0]);
 354                set_cloexec(notify_pipe[1]);
 355                child_notifier = notify_pipe[1];
 356                atexit(notify_parent);
 357
 358                if (cmd->no_stdin)
 359                        dup_devnull(0);
 360                else if (need_in) {
 361                        dup2(fdin[0], 0);
 362                        close_pair(fdin);
 363                } else if (cmd->in) {
 364                        dup2(cmd->in, 0);
 365                        close(cmd->in);
 366                }
 367
 368                if (cmd->no_stderr)
 369                        dup_devnull(2);
 370                else if (need_err) {
 371                        dup2(fderr[1], 2);
 372                        close_pair(fderr);
 373                } else if (cmd->err > 1) {
 374                        dup2(cmd->err, 2);
 375                        close(cmd->err);
 376                }
 377
 378                if (cmd->no_stdout)
 379                        dup_devnull(1);
 380                else if (cmd->stdout_to_stderr)
 381                        dup2(2, 1);
 382                else if (need_out) {
 383                        dup2(fdout[1], 1);
 384                        close_pair(fdout);
 385                } else if (cmd->out > 1) {
 386                        dup2(cmd->out, 1);
 387                        close(cmd->out);
 388                }
 389
 390                if (cmd->dir && chdir(cmd->dir))
 391                        die_errno("exec '%s': cd to '%s' failed", cmd->argv[0],
 392                            cmd->dir);
 393                if (cmd->env) {
 394                        for (; *cmd->env; cmd->env++) {
 395                                if (strchr(*cmd->env, '='))
 396                                        putenv((char *)*cmd->env);
 397                                else
 398                                        unsetenv(*cmd->env);
 399                        }
 400                }
 401                if (cmd->git_cmd) {
 402                        execv_git_cmd(cmd->argv);
 403                } else if (cmd->use_shell) {
 404                        execv_shell_cmd(cmd->argv);
 405                } else {
 406                        sane_execvp(cmd->argv[0], (char *const*) cmd->argv);
 407                }
 408                if (errno == ENOENT) {
 409                        if (!cmd->silent_exec_failure)
 410                                error("cannot run %s: %s", cmd->argv[0],
 411                                        strerror(ENOENT));
 412                        exit(127);
 413                } else {
 414                        die_errno("cannot exec '%s'", cmd->argv[0]);
 415                }
 416        }
 417        if (cmd->pid < 0)
 418                error("cannot fork() for %s: %s", cmd->argv[0],
 419                        strerror(failed_errno = errno));
 420        else if (cmd->clean_on_exit)
 421                mark_child_for_cleanup(cmd->pid);
 422
 423        /*
 424         * Wait for child's execvp. If the execvp succeeds (or if fork()
 425         * failed), EOF is seen immediately by the parent. Otherwise, the
 426         * child process sends a single byte.
 427         * Note that use of this infrastructure is completely advisory,
 428         * therefore, we keep error checks minimal.
 429         */
 430        close(notify_pipe[1]);
 431        if (read(notify_pipe[0], &notify_pipe[1], 1) == 1) {
 432                /*
 433                 * At this point we know that fork() succeeded, but execvp()
 434                 * failed. Errors have been reported to our stderr.
 435                 */
 436                wait_or_whine(cmd->pid, cmd->argv[0]);
 437                failed_errno = errno;
 438                cmd->pid = -1;
 439        }
 440        close(notify_pipe[0]);
 441
 442}
 443#else
 444{
 445        int fhin = 0, fhout = 1, fherr = 2;
 446        const char **sargv = cmd->argv;
 447        char **env = environ;
 448
 449        if (cmd->no_stdin)
 450                fhin = open("/dev/null", O_RDWR);
 451        else if (need_in)
 452                fhin = dup(fdin[0]);
 453        else if (cmd->in)
 454                fhin = dup(cmd->in);
 455
 456        if (cmd->no_stderr)
 457                fherr = open("/dev/null", O_RDWR);
 458        else if (need_err)
 459                fherr = dup(fderr[1]);
 460        else if (cmd->err > 2)
 461                fherr = dup(cmd->err);
 462
 463        if (cmd->no_stdout)
 464                fhout = open("/dev/null", O_RDWR);
 465        else if (cmd->stdout_to_stderr)
 466                fhout = dup(fherr);
 467        else if (need_out)
 468                fhout = dup(fdout[1]);
 469        else if (cmd->out > 1)
 470                fhout = dup(cmd->out);
 471
 472        if (cmd->env)
 473                env = make_augmented_environ(cmd->env);
 474
 475        if (cmd->git_cmd) {
 476                cmd->argv = prepare_git_cmd(cmd->argv);
 477        } else if (cmd->use_shell) {
 478                cmd->argv = prepare_shell_cmd(cmd->argv);
 479        }
 480
 481        cmd->pid = mingw_spawnvpe(cmd->argv[0], cmd->argv, env, cmd->dir,
 482                                  fhin, fhout, fherr);
 483        failed_errno = errno;
 484        if (cmd->pid < 0 && (!cmd->silent_exec_failure || errno != ENOENT))
 485                error("cannot spawn %s: %s", cmd->argv[0], strerror(errno));
 486        if (cmd->clean_on_exit && cmd->pid >= 0)
 487                mark_child_for_cleanup(cmd->pid);
 488
 489        if (cmd->env)
 490                free_environ(env);
 491        if (cmd->git_cmd)
 492                free(cmd->argv);
 493
 494        cmd->argv = sargv;
 495        if (fhin != 0)
 496                close(fhin);
 497        if (fhout != 1)
 498                close(fhout);
 499        if (fherr != 2)
 500                close(fherr);
 501}
 502#endif
 503
 504        if (cmd->pid < 0) {
 505                if (need_in)
 506                        close_pair(fdin);
 507                else if (cmd->in)
 508                        close(cmd->in);
 509                if (need_out)
 510                        close_pair(fdout);
 511                else if (cmd->out)
 512                        close(cmd->out);
 513                if (need_err)
 514                        close_pair(fderr);
 515                else if (cmd->err)
 516                        close(cmd->err);
 517                errno = failed_errno;
 518                return -1;
 519        }
 520
 521        if (need_in)
 522                close(fdin[0]);
 523        else if (cmd->in)
 524                close(cmd->in);
 525
 526        if (need_out)
 527                close(fdout[1]);
 528        else if (cmd->out)
 529                close(cmd->out);
 530
 531        if (need_err)
 532                close(fderr[1]);
 533        else if (cmd->err)
 534                close(cmd->err);
 535
 536        return 0;
 537}
 538
 539int finish_command(struct child_process *cmd)
 540{
 541        return wait_or_whine(cmd->pid, cmd->argv[0]);
 542}
 543
 544int run_command(struct child_process *cmd)
 545{
 546        int code = start_command(cmd);
 547        if (code)
 548                return code;
 549        return finish_command(cmd);
 550}
 551
 552static void prepare_run_command_v_opt(struct child_process *cmd,
 553                                      const char **argv,
 554                                      int opt)
 555{
 556        memset(cmd, 0, sizeof(*cmd));
 557        cmd->argv = argv;
 558        cmd->no_stdin = opt & RUN_COMMAND_NO_STDIN ? 1 : 0;
 559        cmd->git_cmd = opt & RUN_GIT_CMD ? 1 : 0;
 560        cmd->stdout_to_stderr = opt & RUN_COMMAND_STDOUT_TO_STDERR ? 1 : 0;
 561        cmd->silent_exec_failure = opt & RUN_SILENT_EXEC_FAILURE ? 1 : 0;
 562        cmd->use_shell = opt & RUN_USING_SHELL ? 1 : 0;
 563        cmd->clean_on_exit = opt & RUN_CLEAN_ON_EXIT ? 1 : 0;
 564}
 565
 566int run_command_v_opt(const char **argv, int opt)
 567{
 568        struct child_process cmd;
 569        prepare_run_command_v_opt(&cmd, argv, opt);
 570        return run_command(&cmd);
 571}
 572
 573int run_command_v_opt_cd_env(const char **argv, int opt, const char *dir, const char *const *env)
 574{
 575        struct child_process cmd;
 576        prepare_run_command_v_opt(&cmd, argv, opt);
 577        cmd.dir = dir;
 578        cmd.env = env;
 579        return run_command(&cmd);
 580}
 581
 582#ifndef NO_PTHREADS
 583static pthread_t main_thread;
 584static int main_thread_set;
 585static pthread_key_t async_key;
 586
 587static void *run_thread(void *data)
 588{
 589        struct async *async = data;
 590        intptr_t ret;
 591
 592        pthread_setspecific(async_key, async);
 593        ret = async->proc(async->proc_in, async->proc_out, async->data);
 594        return (void *)ret;
 595}
 596
 597static NORETURN void die_async(const char *err, va_list params)
 598{
 599        vreportf("fatal: ", err, params);
 600
 601        if (!pthread_equal(main_thread, pthread_self())) {
 602                struct async *async = pthread_getspecific(async_key);
 603                if (async->proc_in >= 0)
 604                        close(async->proc_in);
 605                if (async->proc_out >= 0)
 606                        close(async->proc_out);
 607                pthread_exit((void *)128);
 608        }
 609
 610        exit(128);
 611}
 612#endif
 613
 614int start_async(struct async *async)
 615{
 616        int need_in, need_out;
 617        int fdin[2], fdout[2];
 618        int proc_in, proc_out;
 619
 620        need_in = async->in < 0;
 621        if (need_in) {
 622                if (pipe(fdin) < 0) {
 623                        if (async->out > 0)
 624                                close(async->out);
 625                        return error("cannot create pipe: %s", strerror(errno));
 626                }
 627                async->in = fdin[1];
 628        }
 629
 630        need_out = async->out < 0;
 631        if (need_out) {
 632                if (pipe(fdout) < 0) {
 633                        if (need_in)
 634                                close_pair(fdin);
 635                        else if (async->in)
 636                                close(async->in);
 637                        return error("cannot create pipe: %s", strerror(errno));
 638                }
 639                async->out = fdout[0];
 640        }
 641
 642        if (need_in)
 643                proc_in = fdin[0];
 644        else if (async->in)
 645                proc_in = async->in;
 646        else
 647                proc_in = -1;
 648
 649        if (need_out)
 650                proc_out = fdout[1];
 651        else if (async->out)
 652                proc_out = async->out;
 653        else
 654                proc_out = -1;
 655
 656#ifdef NO_PTHREADS
 657        /* Flush stdio before fork() to avoid cloning buffers */
 658        fflush(NULL);
 659
 660        async->pid = fork();
 661        if (async->pid < 0) {
 662                error("fork (async) failed: %s", strerror(errno));
 663                goto error;
 664        }
 665        if (!async->pid) {
 666                if (need_in)
 667                        close(fdin[1]);
 668                if (need_out)
 669                        close(fdout[0]);
 670                exit(!!async->proc(proc_in, proc_out, async->data));
 671        }
 672
 673        mark_child_for_cleanup(async->pid);
 674
 675        if (need_in)
 676                close(fdin[0]);
 677        else if (async->in)
 678                close(async->in);
 679
 680        if (need_out)
 681                close(fdout[1]);
 682        else if (async->out)
 683                close(async->out);
 684#else
 685        if (!main_thread_set) {
 686                /*
 687                 * We assume that the first time that start_async is called
 688                 * it is from the main thread.
 689                 */
 690                main_thread_set = 1;
 691                main_thread = pthread_self();
 692                pthread_key_create(&async_key, NULL);
 693                set_die_routine(die_async);
 694        }
 695
 696        if (proc_in >= 0)
 697                set_cloexec(proc_in);
 698        if (proc_out >= 0)
 699                set_cloexec(proc_out);
 700        async->proc_in = proc_in;
 701        async->proc_out = proc_out;
 702        {
 703                int err = pthread_create(&async->tid, NULL, run_thread, async);
 704                if (err) {
 705                        error("cannot create thread: %s", strerror(err));
 706                        goto error;
 707                }
 708        }
 709#endif
 710        return 0;
 711
 712error:
 713        if (need_in)
 714                close_pair(fdin);
 715        else if (async->in)
 716                close(async->in);
 717
 718        if (need_out)
 719                close_pair(fdout);
 720        else if (async->out)
 721                close(async->out);
 722        return -1;
 723}
 724
 725int finish_async(struct async *async)
 726{
 727#ifdef NO_PTHREADS
 728        return wait_or_whine(async->pid, "child process");
 729#else
 730        void *ret = (void *)(intptr_t)(-1);
 731
 732        if (pthread_join(async->tid, &ret))
 733                error("pthread_join failed");
 734        return (int)(intptr_t)ret;
 735#endif
 736}
 737
 738int run_hook(const char *index_file, const char *name, ...)
 739{
 740        struct child_process hook;
 741        struct argv_array argv = ARGV_ARRAY_INIT;
 742        const char *p, *env[2];
 743        char index[PATH_MAX];
 744        va_list args;
 745        int ret;
 746
 747        if (access(git_path("hooks/%s", name), X_OK) < 0)
 748                return 0;
 749
 750        va_start(args, name);
 751        argv_array_push(&argv, git_path("hooks/%s", name));
 752        while ((p = va_arg(args, const char *)))
 753                argv_array_push(&argv, p);
 754        va_end(args);
 755
 756        memset(&hook, 0, sizeof(hook));
 757        hook.argv = argv.argv;
 758        hook.no_stdin = 1;
 759        hook.stdout_to_stderr = 1;
 760        if (index_file) {
 761                snprintf(index, sizeof(index), "GIT_INDEX_FILE=%s", index_file);
 762                env[0] = index;
 763                env[1] = NULL;
 764                hook.env = env;
 765        }
 766
 767        ret = run_command(&hook);
 768        argv_array_clear(&argv);
 769        return ret;
 770}