NULL,
NULL,
NULL,
+ NULL,
};
- struct child_process po;
+ struct child_process po = CHILD_PROCESS_INIT;
int i;
i = 4;
argv[i++] = "-q";
if (args->progress)
argv[i++] = "--progress";
- memset(&po, 0, sizeof(po));
+ if (is_repository_shallow())
+ argv[i++] = "--shallow";
po.argv = argv;
po.in = -1;
po.out = args->stateless_rpc ? -1 : fd;
static int generate_push_cert(struct strbuf *req_buf,
const struct ref *remote_refs,
struct send_pack_args *args,
- const char *cap_string)
+ const char *cap_string,
+ const char *push_cert_nonce)
{
const struct ref *ref;
- char stamp[60];
char *signing_key = xstrdup(get_signing_key());
const char *cp, *np;
struct strbuf cert = STRBUF_INIT;
int update_seen = 0;
- datestamp(stamp, sizeof(stamp));
strbuf_addf(&cert, "certificate version 0.1\n");
- strbuf_addf(&cert, "pusher %s %s\n", signing_key, stamp);
+ strbuf_addf(&cert, "pusher %s ", signing_key);
+ datestamp(&cert);
+ strbuf_addch(&cert, '\n');
+ if (args->url && *args->url) {
+ char *anon_url = transport_anonymize_url(args->url);
+ strbuf_addf(&cert, "pushee %s\n", anon_url);
+ free(anon_url);
+ }
+ if (push_cert_nonce[0])
+ strbuf_addf(&cert, "nonce %s\n", push_cert_nonce);
strbuf_addstr(&cert, "\n");
for (ref = remote_refs; ref; ref = ref->next) {
return update_seen;
}
+#define NONCE_LEN_LIMIT 256
+
+static void reject_invalid_nonce(const char *nonce, int len)
+{
+ int i = 0;
+
+ if (NONCE_LEN_LIMIT <= len)
+ die("the receiving end asked to sign an invalid nonce <%.*s>",
+ len, nonce);
+
+ for (i = 0; i < len; i++) {
+ int ch = nonce[i] & 0xFF;
+ if (isalnum(ch) ||
+ ch == '-' || ch == '.' ||
+ ch == '/' || ch == '+' ||
+ ch == '=' || ch == '_')
+ continue;
+ die("the receiving end asked to sign an invalid nonce <%.*s>",
+ len, nonce);
+ }
+}
+
int send_pack(struct send_pack_args *args,
int fd[], struct child_process *conn,
struct ref *remote_refs,
unsigned cmds_sent = 0;
int ret;
struct async demux;
+ const char *push_cert_nonce = NULL;
/* Does the other end support the reporting? */
if (server_supports("report-status"))
agent_supported = 1;
if (server_supports("no-thin"))
args->use_thin_pack = 0;
- if (args->push_cert && !server_supports("push-cert"))
- die(_("the receiving end does not support --signed push"));
+ if (args->push_cert) {
+ int len;
+
+ push_cert_nonce = server_feature_value("push-cert", &len);
+ if (!push_cert_nonce)
+ die(_("the receiving end does not support --signed push"));
+ reject_invalid_nonce(push_cert_nonce, len);
+ push_cert_nonce = xmemdupz(push_cert_nonce, len);
+ }
if (!remote_refs) {
fprintf(stderr, "No refs in common and none specified; doing nothing.\n"
if (!args->dry_run && args->push_cert)
cmds_sent = generate_push_cert(&req_buf, remote_refs, args,
- cap_buf.buf);
+ cap_buf.buf, push_cert_nonce);
/*
* Clear the status for each ref and see if we need to send