1
0
Fork 0
mirror of https://github.com/git/git.git synced 2024-11-05 16:52:59 +01:00
Commit graph

16 commits

Author SHA1 Message Date
Erik Broes
79f72b9763 git-shell: Add 'git-upload-archive' to allowed commands.
This allows for example gitosis to allow use of 'git archive --remote' in a
controlled environment.

Signed-off-by: Erik Broes <erikbroes@ripe.net>
Signed-off-by: Junio C Hamano <gitster@pobox.com>
2009-04-11 11:01:15 -07:00
Junio C Hamano
445cac18c0 Merge branch 'maint'
* maint:
  tutorial: gentler illustration of Alice/Bob workflow using gitk
  pretty=format: respect date format options
  make git-shell paranoid about closed stdin/stdout/stderr
  Document gitk --argscmd flag.
  Fix '--dirstat' with cross-directory renaming
  for-each-ref: Allow a trailing slash in the patterns
2008-08-29 00:16:39 -07:00
Paolo Bonzini
0cfeed2e1d make git-shell paranoid about closed stdin/stdout/stderr
It is in general unsafe to start a program with one or more of file
descriptors 0/1/2 closed.  Karl Chen for example noticed that stat_command
does this in order to rename a pipe file descriptor to 0:

    dup2(from, 0);
    close(from);

... but if stdin was closed (for example) from == 0, so that

    dup2(0, 0);
    close(0);

just ends up closing the pipe.  Another extremely rare but nasty problem
would occur if an "important" file ends up in file descriptor 2, and is
corrupted by a call to die().

Fixing this in git was considered to be overkill, so this patch works
around it only for git-shell.  The fix is simply to open all the "low"
descriptors to /dev/null in main.

Signed-off-by: Paolo Bonzini <bonzini@gnu.org>
Acked-by: Stephen R. van den Berg <srb@cuci.nl>
Signed-off-by: Junio C Hamano <gitster@pobox.com>
2008-08-29 00:14:29 -07:00
Junio C Hamano
1e7abc593d Revert "Build-in "git-shell""
This reverts commit daa0cc9a92.
It was a stupid idea to do this; when run as a log-in shell,
it is spawned with argv[0] set to "-git-shell", so the usual
name-based dispatch would not work to begin with.
2008-08-25 22:39:17 -07:00
Junio C Hamano
daa0cc9a92 Build-in "git-shell"
This trivially makes "git-shell" a built-in.  It makes the executable even
fatter, though.

And MinGW removed git-shell only because of the funny dependencies; there
is no reason to do so anymore.

Signed-off-by: Junio C Hamano <gitster@pobox.com>
Tested-on-MinGW-by: Johannes Sixt <johannes.sixt@telecom.at>
2008-08-20 01:36:10 -07:00
Junio C Hamano
4cfc24afc9 shell: do not play duplicated definition games to shrink the executable
Playing with linker games to shrink git-shell did not go well with various
other platforms and compilers.

Signed-off-by: Junio C Hamano <gitster@pobox.com>
2008-08-19 18:05:39 -07:00
Johannes Sixt
e1464ca7bb Record the command invocation path early
We will need the command invocation path in system_path(). This path was
passed to setup_path(), but  system_path() can be called earlier, for
example via:

    main
      commit_pager_choice
        setup_pager
          git_config
            git_etc_gitconfig
              system_path

Therefore, we introduce git_set_argv0_path() and call it as soon as
possible.

Signed-off-by: Johannes Sixt <johannes.sixt@telecom.at>
Signed-off-by: Junio C Hamano <gitster@pobox.com>
2008-07-25 17:41:13 -07:00
Dmitry Potapov
5b8e6f85f9 shrink git-shell by avoiding redundant dependencies
A lot of modules that have nothing to do with git-shell functionality
were linked in, bloating git-shell more than 8 times.

This patch cuts off redundant dependencies by:
1. providing stubs for three functions that make no sense for git-shell;
2. moving quote_path_fully from environment.c to quote.c to make the
   later self sufficient;
3. moving make_absolute_path into a new separate file.

The following numbers have been received with the default optimization
settings on master using GCC 4.1.2:

Before:
   text    data     bss     dec     hex filename
 143915    1348   93168  238431   3a35f git-shell

After:
   text    data     bss     dec     hex filename
  17670     788    8232   26690    6842 git-shell

Signed-off-by: Junio C Hamano <gitster@pobox.com>
2008-06-27 23:22:00 -07:00
Junio C Hamano
bc7c73e29c git-shell: accept "git foo" form
This is a backport of 0a47dc110e
to 'maint' to be included in 1.5.6.2 so that older server side
can accept dashless form of request when clients are updated.

Signed-off-by: Junio C Hamano <gitster@pobox.com>
2008-06-26 16:51:23 -07:00
Scott R Parish
e8f5d87056 shell should call the new setup_path() to setup $PATH
Shell currently does its own manual thing for setting up the $PATH;
it can now call setup_path().

Signed-off-by: Scott R Parish <srp@srparish.net>
Signed-off-by: Junio C Hamano <gitster@pobox.com>
2007-10-29 20:51:37 -07:00
Johannes Schindelin
0c696fe7f4 Support cvs via git-shell
This adds cvs support to the git-shell; You can now give new users
a restricted git-shell and they still can commit via git's cvs
emulator.

Note that either the gecos information must be accurate, or you must
provide a $HOME/.gitconfig with the appropriate user credentials.
Since the git-shell is too restricted to allow the user to do it
(on purpose!), it is up to the administrator to take care of that.

Based on an idea by Jan Wielemaker.

Signed-off-by: Johannes Schindelin <johannes.schindelin@gmx.de>
Signed-off-by: Lars Hjemli <hjemli@gmail.com>
Signed-off-by: Shawn O. Pearce <spearce@spearce.org>
2007-10-15 21:25:42 -04:00
Junio C Hamano
cc44c7655f Mechanical conversion to use prefixcmp()
This mechanically converts strncmp() to use prefixcmp(), but only when
the parameters match specific patterns, so that they can be verified
easily.  Leftover from this will be fixed in a separate step, including
idiotic conversions like

    if (!strncmp("foo", arg, 3))

  =>

    if (!(-prefixcmp(arg, "foo")))

This was done by using this script in px.perl

   #!/usr/bin/perl -i.bak -p
   if (/strncmp\(([^,]+), "([^\\"]*)", (\d+)\)/ && (length($2) == $3)) {
           s|strncmp\(([^,]+), "([^\\"]*)", (\d+)\)|prefixcmp($1, "$2")|;
   }
   if (/strncmp\("([^\\"]*)", ([^,]+), (\d+)\)/ && (length($1) == $3)) {
           s|strncmp\("([^\\"]*)", ([^,]+), (\d+)\)|(-prefixcmp($2, "$1"))|;
   }

and running:

   $ git grep -l strncmp -- '*.c' | xargs perl px.perl

Signed-off-by: Junio C Hamano <junkio@cox.net>
2007-02-20 22:03:15 -08:00
Junio C Hamano
9201c70742 Const tightening.
Mark Wooding noticed there was a type mismatch warning in git.c; this
patch does things slightly differently (mostly tightening const) and
was what I was holding onto, waiting for the setup-revisions change
to be merged into the master branch.

Signed-off-by: Junio C Hamano <junkio@cox.net>
2006-03-05 02:47:29 -08:00
Michal Ostrowski
77cb17e940 Exec git programs without using PATH.
The git suite may not be in PATH (and thus programs such as
git-send-pack could not exec git-rev-list).  Thus there is a need for
logic that will locate these programs.  Modifying PATH is not
desirable as it result in behavior differing from the user's
intentions, as we may end up prepending "/usr/bin" to PATH.

- git C programs will use exec*_git_cmd() APIs to exec sub-commands.
- exec*_git_cmd() will execute a git program by searching for it in
  the following directories:
	1. --exec-path (as used by "git")
	2. The GIT_EXEC_PATH environment variable.
	3. $(gitexecdir) as set in Makefile (default value $(bindir)).
- git wrapper will modify PATH as before to enable shell scripts to
  invoke "git-foo" commands.

Ideally, shell scripts should use the git wrapper to become independent
of PATH, and then modifying PATH will not be necessary.

[jc: with minor updates after a brief review.]

Signed-off-by: Michal Ostrowski <mostrows@watson.ibm.com>
Signed-off-by: Junio C Hamano <junkio@cox.net>
2006-01-13 16:49:01 -08:00
Junio C Hamano
ab5f86275c shell.c: complain on insufficient arguments.
Originally noticed by Tommi Virtanen, but done slightly differently.

Signed-off-by: Junio C Hamano <junkio@cox.net>
2005-11-25 20:57:02 -08:00
Linus Torvalds
35eb2d3641 Add git-shell.
This adds a very git specific restricted shell, that can be
added to /etc/shells and set to the pw_shell in the /etc/passwd
file, to give users ability to push into repositories over ssh
without giving them full interactive shell acount.

[jc: I updated Linus' patch to match what the current sq_quote()
 does.]

Signed-off-by: Linus Torvalds <torvalds@osdl.org>
Signed-off-by: Junio C Hamano <junkio@cox.net>
2005-10-24 15:12:41 -07:00