Merge branch 'tr/push-no-verify-doc' into maint
[git] / shell.c
1 #include "cache.h"
2 #include "quote.h"
3 #include "exec_cmd.h"
4 #include "strbuf.h"
5 #include "run-command.h"
6
7 #define COMMAND_DIR "git-shell-commands"
8 #define HELP_COMMAND COMMAND_DIR "/help"
9 #define NOLOGIN_COMMAND COMMAND_DIR "/no-interactive-login"
10
11 static int do_generic_cmd(const char *me, char *arg)
12 {
13         const char *my_argv[4];
14
15         setup_path();
16         if (!arg || !(arg = sq_dequote(arg)))
17                 die("bad argument");
18         if (prefixcmp(me, "git-"))
19                 die("bad command");
20
21         my_argv[0] = me + 4;
22         my_argv[1] = arg;
23         my_argv[2] = NULL;
24
25         return execv_git_cmd(my_argv);
26 }
27
28 static int do_cvs_cmd(const char *me, char *arg)
29 {
30         const char *cvsserver_argv[3] = {
31                 "cvsserver", "server", NULL
32         };
33
34         if (!arg || strcmp(arg, "server"))
35                 die("git-cvsserver only handles server: %s", arg);
36
37         setup_path();
38         return execv_git_cmd(cvsserver_argv);
39 }
40
41 static int is_valid_cmd_name(const char *cmd)
42 {
43         /* Test command contains no . or / characters */
44         return cmd[strcspn(cmd, "./")] == '\0';
45 }
46
47 static char *make_cmd(const char *prog)
48 {
49         char *prefix = xmalloc((strlen(prog) + strlen(COMMAND_DIR) + 2));
50         strcpy(prefix, COMMAND_DIR);
51         strcat(prefix, "/");
52         strcat(prefix, prog);
53         return prefix;
54 }
55
56 static void cd_to_homedir(void)
57 {
58         const char *home = getenv("HOME");
59         if (!home)
60                 die("could not determine user's home directory; HOME is unset");
61         if (chdir(home) == -1)
62                 die("could not chdir to user's home directory");
63 }
64
65 static void run_shell(void)
66 {
67         int done = 0;
68         static const char *help_argv[] = { HELP_COMMAND, NULL };
69
70         if (!access(NOLOGIN_COMMAND, F_OK)) {
71                 /* Interactive login disabled. */
72                 const char *argv[] = { NOLOGIN_COMMAND, NULL };
73                 int status;
74
75                 status = run_command_v_opt(argv, 0);
76                 if (status < 0)
77                         exit(127);
78                 exit(status);
79         }
80
81         /* Print help if enabled */
82         run_command_v_opt(help_argv, RUN_SILENT_EXEC_FAILURE);
83
84         do {
85                 struct strbuf line = STRBUF_INIT;
86                 const char *prog;
87                 char *full_cmd;
88                 char *rawargs;
89                 char *split_args;
90                 const char **argv;
91                 int code;
92                 int count;
93
94                 fprintf(stderr, "git> ");
95                 if (strbuf_getline(&line, stdin, '\n') == EOF) {
96                         fprintf(stderr, "\n");
97                         strbuf_release(&line);
98                         break;
99                 }
100                 strbuf_trim(&line);
101                 rawargs = strbuf_detach(&line, NULL);
102                 split_args = xstrdup(rawargs);
103                 count = split_cmdline(split_args, &argv);
104                 if (count < 0) {
105                         fprintf(stderr, "invalid command format '%s': %s\n", rawargs,
106                                 split_cmdline_strerror(count));
107                         free(split_args);
108                         free(rawargs);
109                         continue;
110                 }
111
112                 prog = argv[0];
113                 if (!strcmp(prog, "")) {
114                 } else if (!strcmp(prog, "quit") || !strcmp(prog, "logout") ||
115                            !strcmp(prog, "exit") || !strcmp(prog, "bye")) {
116                         done = 1;
117                 } else if (is_valid_cmd_name(prog)) {
118                         full_cmd = make_cmd(prog);
119                         argv[0] = full_cmd;
120                         code = run_command_v_opt(argv, RUN_SILENT_EXEC_FAILURE);
121                         if (code == -1 && errno == ENOENT) {
122                                 fprintf(stderr, "unrecognized command '%s'\n", prog);
123                         }
124                         free(full_cmd);
125                 } else {
126                         fprintf(stderr, "invalid command format '%s'\n", prog);
127                 }
128
129                 free(argv);
130                 free(rawargs);
131         } while (!done);
132 }
133
134 static struct commands {
135         const char *name;
136         int (*exec)(const char *me, char *arg);
137 } cmd_list[] = {
138         { "git-receive-pack", do_generic_cmd },
139         { "git-upload-pack", do_generic_cmd },
140         { "git-upload-archive", do_generic_cmd },
141         { "cvs", do_cvs_cmd },
142         { NULL },
143 };
144
145 int main(int argc, char **argv)
146 {
147         char *prog;
148         const char **user_argv;
149         struct commands *cmd;
150         int devnull_fd;
151         int count;
152
153         git_setup_gettext();
154
155         git_extract_argv0_path(argv[0]);
156
157         /*
158          * Always open file descriptors 0/1/2 to avoid clobbering files
159          * in die().  It also avoids not messing up when the pipes are
160          * dup'ed onto stdin/stdout/stderr in the child processes we spawn.
161          */
162         devnull_fd = open("/dev/null", O_RDWR);
163         while (devnull_fd >= 0 && devnull_fd <= 2)
164                 devnull_fd = dup(devnull_fd);
165         if (devnull_fd == -1)
166                 die_errno("opening /dev/null failed");
167         close (devnull_fd);
168
169         /*
170          * Special hack to pretend to be a CVS server
171          */
172         if (argc == 2 && !strcmp(argv[1], "cvs server")) {
173                 argv--;
174         } else if (argc == 1) {
175                 /* Allow the user to run an interactive shell */
176                 cd_to_homedir();
177                 if (access(COMMAND_DIR, R_OK | X_OK) == -1) {
178                         die("Interactive git shell is not enabled.\n"
179                             "hint: ~/" COMMAND_DIR " should exist "
180                             "and have read and execute access.");
181                 }
182                 run_shell();
183                 exit(0);
184         } else if (argc != 3 || strcmp(argv[1], "-c")) {
185                 /*
186                  * We do not accept any other modes except "-c" followed by
187                  * "cmd arg", where "cmd" is a very limited subset of git
188                  * commands or a command in the COMMAND_DIR
189                  */
190                 die("Run with no arguments or with -c cmd");
191         }
192
193         prog = xstrdup(argv[2]);
194         if (!strncmp(prog, "git", 3) && isspace(prog[3]))
195                 /* Accept "git foo" as if the caller said "git-foo". */
196                 prog[3] = '-';
197
198         for (cmd = cmd_list ; cmd->name ; cmd++) {
199                 int len = strlen(cmd->name);
200                 char *arg;
201                 if (strncmp(cmd->name, prog, len))
202                         continue;
203                 arg = NULL;
204                 switch (prog[len]) {
205                 case '\0':
206                         arg = NULL;
207                         break;
208                 case ' ':
209                         arg = prog + len + 1;
210                         break;
211                 default:
212                         continue;
213                 }
214                 exit(cmd->exec(cmd->name, arg));
215         }
216
217         cd_to_homedir();
218         count = split_cmdline(prog, &user_argv);
219         if (count >= 0) {
220                 if (is_valid_cmd_name(user_argv[0])) {
221                         prog = make_cmd(user_argv[0]);
222                         user_argv[0] = prog;
223                         execv(user_argv[0], (char *const *) user_argv);
224                 }
225                 free(prog);
226                 free(user_argv);
227                 die("unrecognized command '%s'", argv[2]);
228         } else {
229                 free(prog);
230                 die("invalid command format '%s': %s", argv[2],
231                     split_cmdline_strerror(count));
232         }
233 }