shell.con commit builtin-branch: Fix crash on invalid use of --force (5cd75c7)
   1#include "cache.h"
   2#include "quote.h"
   3#include "exec_cmd.h"
   4#include "strbuf.h"
   5#include "run-command.h"
   6
   7#define COMMAND_DIR "git-shell-commands"
   8#define HELP_COMMAND COMMAND_DIR "/help"
   9
  10static int do_generic_cmd(const char *me, char *arg)
  11{
  12        const char *my_argv[4];
  13
  14        setup_path();
  15        if (!arg || !(arg = sq_dequote(arg)))
  16                die("bad argument");
  17        if (prefixcmp(me, "git-"))
  18                die("bad command");
  19
  20        my_argv[0] = me + 4;
  21        my_argv[1] = arg;
  22        my_argv[2] = NULL;
  23
  24        return execv_git_cmd(my_argv);
  25}
  26
  27static int do_cvs_cmd(const char *me, char *arg)
  28{
  29        const char *cvsserver_argv[3] = {
  30                "cvsserver", "server", NULL
  31        };
  32
  33        if (!arg || strcmp(arg, "server"))
  34                die("git-cvsserver only handles server: %s", arg);
  35
  36        setup_path();
  37        return execv_git_cmd(cvsserver_argv);
  38}
  39
  40static int is_valid_cmd_name(const char *cmd)
  41{
  42        /* Test command contains no . or / characters */
  43        return cmd[strcspn(cmd, "./")] == '\0';
  44}
  45
  46static char *make_cmd(const char *prog)
  47{
  48        char *prefix = xmalloc((strlen(prog) + strlen(COMMAND_DIR) + 2));
  49        strcpy(prefix, COMMAND_DIR);
  50        strcat(prefix, "/");
  51        strcat(prefix, prog);
  52        return prefix;
  53}
  54
  55static void cd_to_homedir(void)
  56{
  57        const char *home = getenv("HOME");
  58        if (!home)
  59                die("could not determine user's home directory; HOME is unset");
  60        if (chdir(home) == -1)
  61                die("could not chdir to user's home directory");
  62}
  63
  64static void run_shell(void)
  65{
  66        int done = 0;
  67        static const char *help_argv[] = { HELP_COMMAND, NULL };
  68        /* Print help if enabled */
  69        run_command_v_opt(help_argv, RUN_SILENT_EXEC_FAILURE);
  70
  71        do {
  72                struct strbuf line = STRBUF_INIT;
  73                const char *prog;
  74                char *full_cmd;
  75                char *rawargs;
  76                char *split_args;
  77                const char **argv;
  78                int code;
  79                int count;
  80
  81                fprintf(stderr, "git> ");
  82                if (strbuf_getline(&line, stdin, '\n') == EOF) {
  83                        fprintf(stderr, "\n");
  84                        strbuf_release(&line);
  85                        break;
  86                }
  87                strbuf_trim(&line);
  88                rawargs = strbuf_detach(&line, NULL);
  89                split_args = xstrdup(rawargs);
  90                count = split_cmdline(split_args, &argv);
  91                if (count < 0) {
  92                        fprintf(stderr, "invalid command format '%s': %s\n", rawargs,
  93                                split_cmdline_strerror(count));
  94                        free(split_args);
  95                        free(rawargs);
  96                        continue;
  97                }
  98
  99                prog = argv[0];
 100                if (!strcmp(prog, "")) {
 101                } else if (!strcmp(prog, "quit") || !strcmp(prog, "logout") ||
 102                           !strcmp(prog, "exit") || !strcmp(prog, "bye")) {
 103                        done = 1;
 104                } else if (is_valid_cmd_name(prog)) {
 105                        full_cmd = make_cmd(prog);
 106                        argv[0] = full_cmd;
 107                        code = run_command_v_opt(argv, RUN_SILENT_EXEC_FAILURE);
 108                        if (code == -1 && errno == ENOENT) {
 109                                fprintf(stderr, "unrecognized command '%s'\n", prog);
 110                        }
 111                        free(full_cmd);
 112                } else {
 113                        fprintf(stderr, "invalid command format '%s'\n", prog);
 114                }
 115
 116                free(argv);
 117                free(rawargs);
 118        } while (!done);
 119}
 120
 121static struct commands {
 122        const char *name;
 123        int (*exec)(const char *me, char *arg);
 124} cmd_list[] = {
 125        { "git-receive-pack", do_generic_cmd },
 126        { "git-upload-pack", do_generic_cmd },
 127        { "git-upload-archive", do_generic_cmd },
 128        { "cvs", do_cvs_cmd },
 129        { NULL },
 130};
 131
 132int main(int argc, char **argv)
 133{
 134        char *prog;
 135        const char **user_argv;
 136        struct commands *cmd;
 137        int devnull_fd;
 138        int count;
 139
 140        git_extract_argv0_path(argv[0]);
 141
 142        /*
 143         * Always open file descriptors 0/1/2 to avoid clobbering files
 144         * in die().  It also avoids not messing up when the pipes are
 145         * dup'ed onto stdin/stdout/stderr in the child processes we spawn.
 146         */
 147        devnull_fd = open("/dev/null", O_RDWR);
 148        while (devnull_fd >= 0 && devnull_fd <= 2)
 149                devnull_fd = dup(devnull_fd);
 150        if (devnull_fd == -1)
 151                die_errno("opening /dev/null failed");
 152        close (devnull_fd);
 153
 154        /*
 155         * Special hack to pretend to be a CVS server
 156         */
 157        if (argc == 2 && !strcmp(argv[1], "cvs server")) {
 158                argv--;
 159        } else if (argc == 1) {
 160                /* Allow the user to run an interactive shell */
 161                cd_to_homedir();
 162                if (access(COMMAND_DIR, R_OK | X_OK) == -1) {
 163                        die("Interactive git shell is not enabled.\n"
 164                            "hint: ~/" COMMAND_DIR " should exist "
 165                            "and have read and execute access.");
 166                }
 167                run_shell();
 168                exit(0);
 169        } else if (argc != 3 || strcmp(argv[1], "-c")) {
 170                /*
 171                 * We do not accept any other modes except "-c" followed by
 172                 * "cmd arg", where "cmd" is a very limited subset of git
 173                 * commands or a command in the COMMAND_DIR
 174                 */
 175                die("Run with no arguments or with -c cmd");
 176        }
 177
 178        prog = xstrdup(argv[2]);
 179        if (!strncmp(prog, "git", 3) && isspace(prog[3]))
 180                /* Accept "git foo" as if the caller said "git-foo". */
 181                prog[3] = '-';
 182
 183        for (cmd = cmd_list ; cmd->name ; cmd++) {
 184                int len = strlen(cmd->name);
 185                char *arg;
 186                if (strncmp(cmd->name, prog, len))
 187                        continue;
 188                arg = NULL;
 189                switch (prog[len]) {
 190                case '\0':
 191                        arg = NULL;
 192                        break;
 193                case ' ':
 194                        arg = prog + len + 1;
 195                        break;
 196                default:
 197                        continue;
 198                }
 199                exit(cmd->exec(cmd->name, arg));
 200        }
 201
 202        cd_to_homedir();
 203        count = split_cmdline(prog, &user_argv);
 204        if (count >= 0) {
 205                if (is_valid_cmd_name(user_argv[0])) {
 206                        prog = make_cmd(user_argv[0]);
 207                        user_argv[0] = prog;
 208                        execv(user_argv[0], (char *const *) user_argv);
 209                }
 210                free(prog);
 211                free(user_argv);
 212                die("unrecognized command '%s'", argv[2]);
 213        } else {
 214                free(prog);
 215                die("invalid command format '%s': %s", argv[2],
 216                    split_cmdline_strerror(count));
 217        }
 218}