#include "version.h"
#include "sha1-array.h"
#include "gpg-interface.h"
+#include "cache.h"
+
+int option_parse_push_signed(const struct option *opt,
+ const char *arg, int unset)
+{
+ if (unset) {
+ *(int *)(opt->value) = SEND_PACK_PUSH_CERT_NEVER;
+ return 0;
+ }
+ switch (git_parse_maybe_bool(arg)) {
+ case 1:
+ *(int *)(opt->value) = SEND_PACK_PUSH_CERT_ALWAYS;
+ return 0;
+ case 0:
+ *(int *)(opt->value) = SEND_PACK_PUSH_CERT_NEVER;
+ return 0;
+ }
+ if (!strcasecmp("if-asked", arg)) {
+ *(int *)(opt->value) = SEND_PACK_PUSH_CERT_IF_ASKED;
+ return 0;
+ }
+ die("bad %s argument: %s", opt->long_name, arg);
+}
static int feed_object(const unsigned char *sha1, int fd, int negative)
{
failing_ref->name, failing_ref->status);
}
+#define NONCE_LEN_LIMIT 256
+
+static void reject_invalid_nonce(const char *nonce, int len)
+{
+ int i = 0;
+
+ if (NONCE_LEN_LIMIT <= len)
+ die("the receiving end asked to sign an invalid nonce <%.*s>",
+ len, nonce);
+
+ for (i = 0; i < len; i++) {
+ int ch = nonce[i] & 0xFF;
+ if (isalnum(ch) ||
+ ch == '-' || ch == '.' ||
+ ch == '/' || ch == '+' ||
+ ch == '=' || ch == '_')
+ continue;
+ die("the receiving end asked to sign an invalid nonce <%.*s>",
+ len, nonce);
+ }
+}
+
int send_pack(struct send_pack_args *args,
int fd[], struct child_process *conn,
struct ref *remote_refs,
args->use_thin_pack = 0;
if (server_supports("atomic"))
atomic_supported = 1;
- if (args->push_cert) {
- int len;
+ if (args->push_cert != SEND_PACK_PUSH_CERT_NEVER) {
+ int len;
push_cert_nonce = server_feature_value("push-cert", &len);
- if (!push_cert_nonce)
+ if (push_cert_nonce) {
+ reject_invalid_nonce(push_cert_nonce, len);
+ push_cert_nonce = xmemdupz(push_cert_nonce, len);
+ } else if (args->push_cert == SEND_PACK_PUSH_CERT_ALWAYS) {
die(_("the receiving end does not support --signed push"));
- push_cert_nonce = xmemdupz(push_cert_nonce, len);
+ } else if (args->push_cert == SEND_PACK_PUSH_CERT_IF_ASKED) {
+ warning(_("not sending a push certificate since the"
+ " receiving end does not support --signed"
+ " push"));
+ }
}
if (!remote_refs) {
if (!args->dry_run)
advertise_shallow_grafts_buf(&req_buf);
- if (!args->dry_run && args->push_cert)
+ if (!args->dry_run && push_cert_nonce)
cmds_sent = generate_push_cert(&req_buf, remote_refs, args,
cap_buf.buf, push_cert_nonce);
for (ref = remote_refs; ref; ref = ref->next) {
char *old_hex, *new_hex;
- if (args->dry_run || args->push_cert)
+ if (args->dry_run || push_cert_nonce)
continue;
if (check_to_send_update(ref, args) < 0)