Merge branch 'js/safe-directory-plus' into maint

Platform-specific code that determines if a directory is OK to use
as a repository has been taught to report more details, especially
on Windows.
source: <pull.1286.v2.git.1659965270.gitgitgadget@gmail.com>

* js/safe-directory-plus:
  mingw: handle a file owned by the Administrators group correctly
  mingw: be more informative when ownership check fails on FAT32
  mingw: provide details about unsafe directories' ownership
  setup: prepare for more detailed "dubious ownership" messages
  setup: fix some formatting
This commit is contained in:
Junio C Hamano 2022-08-26 11:13:12 -07:00
Родитель 6283c1e6ad 3f7207e2ea
Коммит 10f9eab347
4 изменённых файлов: 81 добавлений и 15 удалений

Просмотреть файл

@ -1,6 +1,7 @@
#include "../git-compat-util.h"
#include "win32.h"
#include <aclapi.h>
#include <sddl.h>
#include <conio.h>
#include <wchar.h>
#include "../strbuf.h"
@ -2670,7 +2671,22 @@ static PSID get_current_user_sid(void)
return result;
}
int is_path_owned_by_current_sid(const char *path)
static int acls_supported(const char *path)
{
size_t offset = offset_1st_component(path);
WCHAR wroot[MAX_PATH];
DWORD file_system_flags;
if (offset &&
xutftowcsn(wroot, path, MAX_PATH, offset) > 0 &&
GetVolumeInformationW(wroot, NULL, 0, NULL, NULL,
&file_system_flags, NULL, 0))
return !!(file_system_flags & FILE_PERSISTENT_ACLS);
return 0;
}
int is_path_owned_by_current_sid(const char *path, struct strbuf *report)
{
WCHAR wpath[MAX_PATH];
PSID sid = NULL;
@ -2709,6 +2725,7 @@ int is_path_owned_by_current_sid(const char *path)
else if (sid && IsValidSid(sid)) {
/* Now, verify that the SID matches the current user's */
static PSID current_user_sid;
BOOL is_member;
if (!current_user_sid)
current_user_sid = get_current_user_sid();
@ -2717,6 +2734,46 @@ int is_path_owned_by_current_sid(const char *path)
IsValidSid(current_user_sid) &&
EqualSid(sid, current_user_sid))
result = 1;
else if (IsWellKnownSid(sid, WinBuiltinAdministratorsSid) &&
CheckTokenMembership(NULL, sid, &is_member) &&
is_member)
/*
* If owned by the Administrators group, and the
* current user is an administrator, we consider that
* okay, too.
*/
result = 1;
else if (report &&
IsWellKnownSid(sid, WinWorldSid) &&
!acls_supported(path)) {
/*
* On FAT32 volumes, ownership is not actually recorded.
*/
strbuf_addf(report, "'%s' is on a file system that does"
"not record ownership\n", path);
} else if (report) {
LPSTR str1, str2, to_free1 = NULL, to_free2 = NULL;
if (ConvertSidToStringSidA(sid, &str1))
to_free1 = str1;
else
str1 = "(inconvertible)";
if (!current_user_sid)
str2 = "(none)";
else if (!IsValidSid(current_user_sid))
str2 = "(invalid)";
else if (ConvertSidToStringSidA(current_user_sid, &str2))
to_free2 = str2;
else
str2 = "(inconvertible)";
strbuf_addf(report,
"'%s' is owned by:\n"
"\t'%s'\nbut the current user is:\n"
"\t'%s'\n", path, str1, str2);
LocalFree(to_free1);
LocalFree(to_free2);
}
}
/*

Просмотреть файл

@ -463,7 +463,7 @@ char *mingw_query_user_email(void);
* Verifies that the specified path is owned by the user running the
* current process.
*/
int is_path_owned_by_current_sid(const char *path);
int is_path_owned_by_current_sid(const char *path, struct strbuf *report);
#define is_path_owned_by_current_user is_path_owned_by_current_sid
/**

Просмотреть файл

@ -23,6 +23,9 @@
#include <crtdbg.h>
#endif
struct strbuf;
#define _FILE_OFFSET_BITS 64
@ -487,7 +490,7 @@ static inline void extract_id_from_env(const char *env, uid_t *id)
}
}
static inline int is_path_owned_by_current_uid(const char *path)
static inline int is_path_owned_by_current_uid(const char *path, struct strbuf *report)
{
struct stat st;
uid_t euid;

30
setup.c
Просмотреть файл

@ -1138,16 +1138,17 @@ static int safe_directory_cb(const char *key, const char *value, void *d)
* added, for bare ones their git directory.
*/
static int ensure_valid_ownership(const char *gitfile,
const char *worktree, const char *gitdir)
const char *worktree, const char *gitdir,
struct strbuf *report)
{
struct safe_directory_data data = {
.path = worktree ? worktree : gitdir
};
if (!git_env_bool("GIT_TEST_ASSUME_DIFFERENT_OWNER", 0) &&
(!gitfile || is_path_owned_by_current_user(gitfile)) &&
(!worktree || is_path_owned_by_current_user(worktree)) &&
(!gitdir || is_path_owned_by_current_user(gitdir)))
(!gitfile || is_path_owned_by_current_user(gitfile, report)) &&
(!worktree || is_path_owned_by_current_user(worktree, report)) &&
(!gitdir || is_path_owned_by_current_user(gitdir, report)))
return 1;
/*
@ -1187,6 +1188,7 @@ enum discovery_result {
*/
static enum discovery_result setup_git_directory_gently_1(struct strbuf *dir,
struct strbuf *gitdir,
struct strbuf *report,
int die_on_error)
{
const char *env_ceiling_dirs = getenv(CEILING_DIRECTORIES_ENVIRONMENT);
@ -1271,10 +1273,11 @@ static enum discovery_result setup_git_directory_gently_1(struct strbuf *dir,
strbuf_setlen(dir, offset);
if (gitdirenv) {
enum discovery_result ret;
const char *gitdir_candidate =
gitdir_path ? gitdir_path : gitdirenv;
if (ensure_valid_ownership(gitfile,
dir->buf,
(gitdir_path ? gitdir_path : gitdirenv))) {
if (ensure_valid_ownership(gitfile, dir->buf,
gitdir_candidate, report)) {
strbuf_addstr(gitdir, gitdirenv);
ret = GIT_DIR_DISCOVERED;
} else
@ -1297,7 +1300,7 @@ static enum discovery_result setup_git_directory_gently_1(struct strbuf *dir,
}
if (is_git_directory(dir->buf)) {
if (!ensure_valid_ownership(NULL, NULL, dir->buf))
if (!ensure_valid_ownership(NULL, NULL, dir->buf, report))
return GIT_DIR_INVALID_OWNERSHIP;
strbuf_addstr(gitdir, ".");
return GIT_DIR_BARE;
@ -1330,7 +1333,7 @@ int discover_git_directory(struct strbuf *commondir,
return -1;
cwd_len = dir.len;
if (setup_git_directory_gently_1(&dir, gitdir, 0) <= 0) {
if (setup_git_directory_gently_1(&dir, gitdir, NULL, 0) <= 0) {
strbuf_release(&dir);
return -1;
}
@ -1377,7 +1380,7 @@ int discover_git_directory(struct strbuf *commondir,
const char *setup_git_directory_gently(int *nongit_ok)
{
static struct strbuf cwd = STRBUF_INIT;
struct strbuf dir = STRBUF_INIT, gitdir = STRBUF_INIT;
struct strbuf dir = STRBUF_INIT, gitdir = STRBUF_INIT, report = STRBUF_INIT;
const char *prefix = NULL;
struct repository_format repo_fmt = REPOSITORY_FORMAT_INIT;
@ -1402,7 +1405,7 @@ const char *setup_git_directory_gently(int *nongit_ok)
die_errno(_("Unable to read current working directory"));
strbuf_addbuf(&dir, &cwd);
switch (setup_git_directory_gently_1(&dir, &gitdir, 1)) {
switch (setup_git_directory_gently_1(&dir, &gitdir, &report, 1)) {
case GIT_DIR_EXPLICIT:
prefix = setup_explicit_git_dir(gitdir.buf, &cwd, &repo_fmt, nongit_ok);
break;
@ -1434,12 +1437,14 @@ const char *setup_git_directory_gently(int *nongit_ok)
if (!nongit_ok) {
struct strbuf quoted = STRBUF_INIT;
strbuf_complete(&report, '\n');
sq_quote_buf_pretty(&quoted, dir.buf);
die(_("detected dubious ownership in repository at '%s'\n"
"%s"
"To add an exception for this directory, call:\n"
"\n"
"\tgit config --global --add safe.directory %s"),
dir.buf, quoted.buf);
dir.buf, report.buf, quoted.buf);
}
*nongit_ok = 1;
break;
@ -1518,6 +1523,7 @@ const char *setup_git_directory_gently(int *nongit_ok)
strbuf_release(&dir);
strbuf_release(&gitdir);
strbuf_release(&report);
clear_repository_format(&repo_fmt);
return prefix;