Improve support and security for custom commandsHEADmaster

1 files changed, 29 insertions, 20 deletions

diff --git a/src/main.c b/src/main.c
index 9480cd1..e24c409 100644
--- a/src/main.c
+++ b/src/main.c
@@ -135,9 +135,9 @@ int line_in_file(char* path, char* line) {
  * @return  1 if is a git command, 0 if not
  */
 int is_git_cmd(char* str) {
-  if(strcmp(str, "git-upload-pack") == 0
-    || strcmp(str, "git-upload-archive") == 0
-    || strcmp(str, "git-receive-pack") == 0)
+  if(strncmp(str, "git-upload-pack ", 16) == 0
+    || strncmp(str, "git-upload-archive ", 19) == 0
+    || strncmp(str, "git-receive-pack ", 17) == 0)
     return 1;
   return 0;
 }
@@ -193,9 +193,9 @@ int validate_git(char *user, char *repo) {
 int main(int argc, char* argv[]) {
   char cmd[128];   // Buffer for the first cmd in SSH_ORIGINAL_COMMAND
   char repo[128];  // Buffer for the repo path (from SSH_ORIGINAL_COMMAND)
-  char gitsh[512]; // Buffer for the git-shell cmd (from SSH_ORIGINAL_COMMAND)
+  char finalcmd[512]; // Buffer for the final cmd (from SSH_ORIGINAL_COMMAND)
   char* user;
-  char msg[512];
+  char msg[1024];
 
   // Ensure username is specified
   if(argc == 1) {
@@ -214,29 +214,38 @@ int main(int argc, char* argv[]) {
     return 1;
   }
 
-  // Read the first command in the ssh
-  sscanf(getenv("SSH_ORIGINAL_COMMAND"), "%128s '%128[^']'[^\n]", cmd, repo);
-
-  if(is_git_cmd(cmd)) {
+  if(is_git_cmd(getenv("SSH_ORIGINAL_COMMAND"))) {
+    // End user requested a git command
+    sscanf(getenv("SSH_ORIGINAL_COMMAND"), "%128s '%128[^']'[^\n]", cmd, repo);
     // Read the repo path (command argument)
     if(!validate_git(user, repo)) {
-      sprintf(msg, "[%s][%s] attempted invalid git command \"%s\"", \
+      sprintf(msg, "[%s][%s] attempted invalid git command \"%s\"",
           user, repo, cmd);
       logmsg(msg);
       return 1;
     }
-  } else if(! is_allowed_cmd(cmd)) {
-    sprintf(msg, "[%s][%s] attempted disallowed command \"%s\"", \
-        user, repo, cmd);
+
+    sprintf(finalcmd, "/usr/bin/env git-shell -c \"%s '%s'\"", cmd, repo);
+    sprintf(msg, "[%s][%s] executed \"%s\"", user, repo, finalcmd);
     logmsg(msg);
-    fprintf(stderr, "Command '%s' is not allowed\n", cmd);
-    return 1;
-  }
 
-  sprintf(msg, "[%s][%s] executed \"%s\"", user, repo, cmd);
-  logmsg(msg);
-  sprintf(gitsh, "/usr/bin/env git-shell -c \"%s '%s'\"", cmd, repo);
-  system(gitsh);
+  } else {
+    // End user requested a non-git command (must be in git-shell-commands)
+    sscanf(getenv("SSH_ORIGINAL_COMMAND"), "%128s [^\n]", cmd);
+    if(! is_allowed_cmd(cmd)) {
+      sprintf(msg, "[%s] attempted disallowed command \"%s\"", user, cmd);
+      logmsg(msg);
+      fprintf(stderr, "Command '%s' is not allowed\n", cmd);
+      return 1;
+    }
+
+    sprintf(finalcmd, "%s/git-shell-commands/%s",
+        getenv("HOME"),
+        getenv("SSH_ORIGINAL_COMMAND"));
+    sprintf(msg, "[%s] executed \"%s\"", user, finalcmd);
+    logmsg(msg);
+  }
 
+  system(finalcmd);
   return 0;
 }