Граф коммитов

17 Коммитов

Автор SHA1 Сообщение Дата
Peter Eriksen 817151e61a Rename safe_strncpy() to strlcpy().
This cleans up the use of safe_strncpy() even more.  Since it has the
same semantics as strlcpy() use this name instead.  Also move the
definition from inside path.c to its own file compat/strlcpy.c, and use
it conditionally at compile time, since some platforms already has
strlcpy().  It's included in the same way as compat/setenv.c.

Signed-off-by: Peter Eriksen <s022018@student.dtu.dk>
Signed-off-by: Junio C Hamano <junkio@cox.net>
2006-06-24 23:16:25 -07:00
Junio C Hamano fc5201ac9f Merge branch 'js/diff' 2006-06-17 17:08:36 -07:00
Peter Eriksen bfbd0bb6ec Implement safe_strncpy() as strlcpy() and use it more.
Signed-off-by: Peter Eriksen <s022018@student.dtu.dk>
Signed-off-by: Junio C Hamano <junkio@cox.net>
2006-06-16 22:45:12 -07:00
Junio C Hamano 94df2506ed shared repository: optionally allow reading to "others".
This enhances core.sharedrepository to have additionally
specify that read and exec permissions to be given to others as
well.  It is useful when serving a repository via gitweb and
git-daemon that runs as a user outside the project group.

The configuration item can take the following values:

    [core]
	sharedrepository 	 ; the same as "group"
	sharedrepository = true  ; ditto
	sharedrepository = 1	 ; ditto
	sharedrepository = group ; allow rwx to group
	sharedrepository = all   ; allow rwx to group, allow rx to other
	sharedrepository = umask ; not shared - use umask

It also extends "git init-db" to take "--shared=all" and friends
from the command line.

Signed-off-by: Junio C Hamano <junkio@cox.net>
2006-06-10 01:31:31 -07:00
Junio C Hamano 138086a725 shared repository - add a few missing calls to adjust_shared_perm().
There were a few calls to adjust_shared_perm() that were
missing:

 - init-db creates refs, refs/heads, and refs/tags before
   reading from templates that could specify sharedrepository in
   the config file;

 - updating config file created it under user's umask without
   adjusting;

 - updating refs created it under user's umask without
   adjusting;

 - switching branches created .git/HEAD under user's umask
   without adjusting.

This moves adjust_shared_perm() from sha1_file.c to path.c,
since a few SIMPLE_PROGRAM need to call repository configuration
functions which in turn need to call adjust_shared_perm().
sha1_file.c needs to link with SHA1 computation library which
is usually not linked to SIMPLE_PROGRAM.

Signed-off-by: Junio C Hamano <junkio@cox.net>
2006-06-09 22:15:50 -07:00
Junio C Hamano d79374c7b5 [PATCH] daemon.c and path.enter_repo(): revamp path validation.
The whitelist of git-daemon is checked against return value from
enter_repo(), and enter_repo() used to return the value obtained
from getcwd() to avoid directory aliasing issues as discussed
earier (mid October 2005).

Unfortunately, it did not go well as we hoped.

For example, /pub on a kernel.org public machine is a symlink to
its real mountpoint, and it is understandable that the
administrator does not want to adjust the whitelist every time
/pub needs to point at a different partition for storage
allcation or whatever reasons.  Being able to keep using
/pub/scm as the whitelist is a desirable property.

So this version of enter_repo() reports what it used to chdir()
and validate, but does not use getcwd() to canonicalize the
directory name.  When it sees a user relative path ~user/path,
it internally resolves it to try chdir() there, but it still
reports ~user/path (possibly after appending .git if allowed to
do so, in which case it would report ~user/path.git).

What this means is that if a whitelist wants to allow a user
relative path, it needs to say "~" (for all users) or list user
home directories like "~alice" "~bob".  And no, you cannot say
/home if the advertised way to access user home directories are
~alice,~bob, etc.  The whole point of this is to avoid
unnecessary aliasing issues.

Anyway, because of this, daemon needs to do a bit more work to
guard itself.  Namely, it needs to make sure that the accessor
does not try to exploit its leading path match rule by inserting
/../ in the middle or hanging /.. at the end.  I resurrected the
belts and suspender paranoia code HPA did for this purpose.

This check cannot be done in the enter_repo() unconditionally,
because there are valid callers of enter_repo() that want to
honor /../; authorized users coming over ssh to run send-pack
and fetch-pack should be allowed to do so.

Signed-off-by: Junio C Hamano <junkio@cox.net>
2005-12-03 23:17:42 -08:00
Junio C Hamano 1644162ad5 Check repository format version in enter_repo().
After daemon, upload-pack and receive-pack find out where the
git directory is and chdir() there, make sure that repository is
in a format we understand, after putenv("GIT_DIR=.") so that it
knows to pick up the configuration file from there.

Signed-off-by: Junio C Hamano <junkio@cox.net>
2005-11-27 01:32:59 -08:00
Junio C Hamano e0a87193d3 Fix "do not DWIM" patch to enter_repo"
We wanted --strict to mean "do not DWIM", but the code required to
see absolute path.  daemon does its own path verification and chdirs
to the verified repository, so enter_repo() called from upload-pack
will always enter ".".  Requiring absolute path does not make any sense.

Signed-off-by: Junio C Hamano <junkio@cox.net>
2005-11-20 23:37:13 -08:00
Timo Hirvonen bd22c904a0 Fix sparse warnings
Make some functions static and convert func() function prototypes to to
func(void).  Fix declaration after statement, missing declaration and
redundant declaration warnings.

Signed-off-by: Timo Hirvonen <tihirvon@gmail.com>
Signed-off-by: Junio C Hamano <junkio@cox.net>
2005-11-20 22:14:16 -08:00
Junio C Hamano 0870ca7fab Do not DWIM in userpath library under strict mode.
This should force git-daemon administrator's job a bit harder
because the exact paths need to be given in the whitelist, but
at the same time makes the auditing easier.

This moves validate_symref() from refs.c to path.c, because we
need to link path.c with git-daemon for its "enter_repo()", but
we do not want to link the daemon with the rest of git libraries
and its requirements.

Signed-off-by: Junio C Hamano <junkio@cox.net>
2005-11-19 20:50:38 -08:00
Andreas Ericsson 54f4b87454 Library code for user-relative paths, take three.
This patch provides the work-horse of the user-relative paths feature,
using Linus' idea of a blind chdir() and getcwd() which makes it
remarkably simple.

Signed-off-by: Andreas Ericsson <ae@op5.se>
Signed-off-by: Junio C Hamano <junkio@cox.net>
2005-11-19 20:50:37 -08:00
Sven Verdoolaege 5da1606d0b [PATCH] Provide access to git_dir through get_git_dir().
Signed-off-by: Sven Verdoolaege <skimo@kotnet.org>
Signed-off-by: Junio C Hamano <junkio@cox.net>
2005-09-27 00:16:39 -07:00
Junio C Hamano a9ab586a5d Retire support for old environment variables.
We have deprecated the old environment variable names for quite a
while and now it's time to remove them.  Gone are:

    SHA1_FILE_DIRECTORIES AUTHOR_DATE AUTHOR_EMAIL AUTHOR_NAME
    COMMIT_AUTHOR_EMAIL COMMIT_AUTHOR_NAME SHA1_FILE_DIRECTORY

Signed-off-by: Junio C Hamano <junkio@cox.net>
2005-09-09 14:48:54 -07:00
Jason Riedy c7c81b3a51 Fix ?: statements.
Omitting the first branch in ?: is a GNU extension.  Cute,
but not supported by other compilers.  Replaced mostly
by explicit tests.  Calls to getenv() simply are repeated
on non-GNU compilers.

Signed-off-by: Jason Riedy <ejr@cs.berkeley.edu>
2005-08-23 20:41:12 -07:00
Holger Eitzenberger 35c3c62983 [PATCH] git_mkstemp() fix
git_mkstemp() attempted to use TMPDIR environment variable, but it botched
copying the templates.

[jc: Holger, please add your own Signed-off-by line, and also if you can,
send in future patches as non attachments.]

Signed-off-by: Junio C Hamano <junkio@cox.net>
2005-08-08 22:51:44 -07:00
Holger Eitzenberger f2db68eda8 [PATCH] git: add git_mkstemp()
Signed-off-by: Junio C Hamano <junkio@cox.net>
2005-08-05 23:06:58 -07:00
Linus Torvalds 26c8a533af Add "mkpath()" helper function
I'm bored with doing it by hand all the time.
2005-07-08 16:20:59 -07:00