shell.con commit transport-helper: barf when user tries old:new (67c9c78)
   1#include "cache.h"
   2#include "quote.h"
   3#include "exec_cmd.h"
   4#include "strbuf.h"
   5#include "run-command.h"
   6
   7#define COMMAND_DIR "git-shell-commands"
   8#define HELP_COMMAND COMMAND_DIR "/help"
   9#define NOLOGIN_COMMAND COMMAND_DIR "/no-interactive-login"
  10
  11static int do_generic_cmd(const char *me, char *arg)
  12{
  13        const char *my_argv[4];
  14
  15        setup_path();
  16        if (!arg || !(arg = sq_dequote(arg)))
  17                die("bad argument");
  18        if (prefixcmp(me, "git-"))
  19                die("bad command");
  20
  21        my_argv[0] = me + 4;
  22        my_argv[1] = arg;
  23        my_argv[2] = NULL;
  24
  25        return execv_git_cmd(my_argv);
  26}
  27
  28static int do_cvs_cmd(const char *me, char *arg)
  29{
  30        const char *cvsserver_argv[3] = {
  31                "cvsserver", "server", NULL
  32        };
  33
  34        if (!arg || strcmp(arg, "server"))
  35                die("git-cvsserver only handles server: %s", arg);
  36
  37        setup_path();
  38        return execv_git_cmd(cvsserver_argv);
  39}
  40
  41static int is_valid_cmd_name(const char *cmd)
  42{
  43        /* Test command contains no . or / characters */
  44        return cmd[strcspn(cmd, "./")] == '\0';
  45}
  46
  47static char *make_cmd(const char *prog)
  48{
  49        char *prefix = xmalloc((strlen(prog) + strlen(COMMAND_DIR) + 2));
  50        strcpy(prefix, COMMAND_DIR);
  51        strcat(prefix, "/");
  52        strcat(prefix, prog);
  53        return prefix;
  54}
  55
  56static void cd_to_homedir(void)
  57{
  58        const char *home = getenv("HOME");
  59        if (!home)
  60                die("could not determine user's home directory; HOME is unset");
  61        if (chdir(home) == -1)
  62                die("could not chdir to user's home directory");
  63}
  64
  65static void run_shell(void)
  66{
  67        int done = 0;
  68        static const char *help_argv[] = { HELP_COMMAND, NULL };
  69
  70        if (!access(NOLOGIN_COMMAND, F_OK)) {
  71                /* Interactive login disabled. */
  72                const char *argv[] = { NOLOGIN_COMMAND, NULL };
  73                int status;
  74
  75                status = run_command_v_opt(argv, 0);
  76                if (status < 0)
  77                        exit(127);
  78                exit(status);
  79        }
  80
  81        /* Print help if enabled */
  82        run_command_v_opt(help_argv, RUN_SILENT_EXEC_FAILURE);
  83
  84        do {
  85                struct strbuf line = STRBUF_INIT;
  86                const char *prog;
  87                char *full_cmd;
  88                char *rawargs;
  89                char *split_args;
  90                const char **argv;
  91                int code;
  92                int count;
  93
  94                fprintf(stderr, "git> ");
  95                if (strbuf_getline(&line, stdin, '\n') == EOF) {
  96                        fprintf(stderr, "\n");
  97                        strbuf_release(&line);
  98                        break;
  99                }
 100                strbuf_trim(&line);
 101                rawargs = strbuf_detach(&line, NULL);
 102                split_args = xstrdup(rawargs);
 103                count = split_cmdline(split_args, &argv);
 104                if (count < 0) {
 105                        fprintf(stderr, "invalid command format '%s': %s\n", rawargs,
 106                                split_cmdline_strerror(count));
 107                        free(split_args);
 108                        free(rawargs);
 109                        continue;
 110                }
 111
 112                prog = argv[0];
 113                if (!strcmp(prog, "")) {
 114                } else if (!strcmp(prog, "quit") || !strcmp(prog, "logout") ||
 115                           !strcmp(prog, "exit") || !strcmp(prog, "bye")) {
 116                        done = 1;
 117                } else if (is_valid_cmd_name(prog)) {
 118                        full_cmd = make_cmd(prog);
 119                        argv[0] = full_cmd;
 120                        code = run_command_v_opt(argv, RUN_SILENT_EXEC_FAILURE);
 121                        if (code == -1 && errno == ENOENT) {
 122                                fprintf(stderr, "unrecognized command '%s'\n", prog);
 123                        }
 124                        free(full_cmd);
 125                } else {
 126                        fprintf(stderr, "invalid command format '%s'\n", prog);
 127                }
 128
 129                free(argv);
 130                free(rawargs);
 131        } while (!done);
 132}
 133
 134static struct commands {
 135        const char *name;
 136        int (*exec)(const char *me, char *arg);
 137} cmd_list[] = {
 138        { "git-receive-pack", do_generic_cmd },
 139        { "git-upload-pack", do_generic_cmd },
 140        { "git-upload-archive", do_generic_cmd },
 141        { "cvs", do_cvs_cmd },
 142        { NULL },
 143};
 144
 145int main(int argc, char **argv)
 146{
 147        char *prog;
 148        const char **user_argv;
 149        struct commands *cmd;
 150        int devnull_fd;
 151        int count;
 152
 153        git_setup_gettext();
 154
 155        git_extract_argv0_path(argv[0]);
 156
 157        /*
 158         * Always open file descriptors 0/1/2 to avoid clobbering files
 159         * in die().  It also avoids not messing up when the pipes are
 160         * dup'ed onto stdin/stdout/stderr in the child processes we spawn.
 161         */
 162        devnull_fd = open("/dev/null", O_RDWR);
 163        while (devnull_fd >= 0 && devnull_fd <= 2)
 164                devnull_fd = dup(devnull_fd);
 165        if (devnull_fd == -1)
 166                die_errno("opening /dev/null failed");
 167        close (devnull_fd);
 168
 169        /*
 170         * Special hack to pretend to be a CVS server
 171         */
 172        if (argc == 2 && !strcmp(argv[1], "cvs server")) {
 173                argv--;
 174        } else if (argc == 1) {
 175                /* Allow the user to run an interactive shell */
 176                cd_to_homedir();
 177                if (access(COMMAND_DIR, R_OK | X_OK) == -1) {
 178                        die("Interactive git shell is not enabled.\n"
 179                            "hint: ~/" COMMAND_DIR " should exist "
 180                            "and have read and execute access.");
 181                }
 182                run_shell();
 183                exit(0);
 184        } else if (argc != 3 || strcmp(argv[1], "-c")) {
 185                /*
 186                 * We do not accept any other modes except "-c" followed by
 187                 * "cmd arg", where "cmd" is a very limited subset of git
 188                 * commands or a command in the COMMAND_DIR
 189                 */
 190                die("Run with no arguments or with -c cmd");
 191        }
 192
 193        prog = xstrdup(argv[2]);
 194        if (!strncmp(prog, "git", 3) && isspace(prog[3]))
 195                /* Accept "git foo" as if the caller said "git-foo". */
 196                prog[3] = '-';
 197
 198        for (cmd = cmd_list ; cmd->name ; cmd++) {
 199                int len = strlen(cmd->name);
 200                char *arg;
 201                if (strncmp(cmd->name, prog, len))
 202                        continue;
 203                arg = NULL;
 204                switch (prog[len]) {
 205                case '\0':
 206                        arg = NULL;
 207                        break;
 208                case ' ':
 209                        arg = prog + len + 1;
 210                        break;
 211                default:
 212                        continue;
 213                }
 214                exit(cmd->exec(cmd->name, arg));
 215        }
 216
 217        cd_to_homedir();
 218        count = split_cmdline(prog, &user_argv);
 219        if (count >= 0) {
 220                if (is_valid_cmd_name(user_argv[0])) {
 221                        prog = make_cmd(user_argv[0]);
 222                        user_argv[0] = prog;
 223                        execv(user_argv[0], (char *const *) user_argv);
 224                }
 225                free(prog);
 226                free(user_argv);
 227                die("unrecognized command '%s'", argv[2]);
 228        } else {
 229                free(prog);
 230                die("invalid command format '%s': %s", argv[2],
 231                    split_cmdline_strerror(count));
 232        }
 233}