From 54f4b87454824fedc629219620ce9b7cdcab3d27 Mon Sep 17 00:00:00 2001 From: Andreas Ericsson Date: Thu, 17 Nov 2005 20:37:14 +0100 Subject: Library code for user-relative paths, take three. This patch provides the work-horse of the user-relative paths feature, using Linus' idea of a blind chdir() and getcwd() which makes it remarkably simple. Signed-off-by: Andreas Ericsson Signed-off-by: Junio C Hamano --- path.c | 72 ++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++ 1 file changed, 72 insertions(+) (limited to 'path.c') diff --git a/path.c b/path.c index 495d17ca4c..5b617092ad 100644 --- a/path.c +++ b/path.c @@ -11,6 +11,7 @@ * which is what it's designed for. */ #include "cache.h" +#include static char pathname[PATH_MAX]; static char bad_path[] = "/bad-path/"; @@ -89,3 +90,74 @@ char *safe_strncpy(char *dest, const char *src, size_t n) return dest; } + +static char *current_dir() +{ + return getcwd(pathname, sizeof(pathname)); +} + +/* Take a raw path from is_git_repo() and canonicalize it using Linus' + * idea of a blind chdir() and getcwd(). */ +static const char *canonical_path(char *path, int strict) +{ + char *dir = path; + + if(strict && *dir != '/') + return NULL; + + if(*dir == '~') { /* user-relative path */ + struct passwd *pw; + char *slash = strchr(dir, '/'); + + dir++; + /* '~/' and '~' (no slash) means users own home-dir */ + if(!*dir || *dir == '/') + pw = getpwuid(getuid()); + else { + if (slash) { + *slash = '\0'; + pw = getpwnam(dir); + *slash = '/'; + } + else + pw = getpwnam(dir); + } + + /* make sure we got something back that we can chdir() to */ + if(!pw || chdir(pw->pw_dir) < 0) + return NULL; + + if(!slash || !slash[1]) /* no path following username */ + return current_dir(); + + dir = slash + 1; + } + + /* ~foo/path/to/repo is now path/to/repo and we're in foo's homedir */ + if(chdir(dir) < 0) + return NULL; + + return current_dir(); +} + +char *enter_repo(char *path, int strict) +{ + if(!path) + return NULL; + + if(!canonical_path(path, strict)) { + if(strict || !canonical_path(mkpath("%s.git", path), strict)) + return NULL; + } + + /* This is perfectly safe, and people tend to think of the directory + * where they ran git-init-db as their repository, so humour them. */ + (void)chdir(".git"); + + if(access("objects", X_OK) == 0 && access("refs", X_OK) == 0) { + putenv("GIT_DIR=."); + return current_dir(); + } + + return NULL; +} -- cgit v1.3-5-g9baa From 0870ca7fabe6f25095431280e480859f7c66e8ab Mon Sep 17 00:00:00 2001 From: Junio C Hamano Date: Fri, 18 Nov 2005 14:59:34 -0800 Subject: Do not DWIM in userpath library under strict mode. This should force git-daemon administrator's job a bit harder because the exact paths need to be given in the whitelist, but at the same time makes the auditing easier. This moves validate_symref() from refs.c to path.c, because we need to link path.c with git-daemon for its "enter_repo()", but we do not want to link the daemon with the rest of git libraries and its requirements. Signed-off-by: Junio C Hamano --- path.c | 77 +++++++++++++++++++++++++++++++++++++++++++++++++++--------------- refs.c | 40 ---------------------------------- 2 files changed, 60 insertions(+), 57 deletions(-) (limited to 'path.c') diff --git a/path.c b/path.c index 5b617092ad..d635470de1 100644 --- a/path.c +++ b/path.c @@ -91,20 +91,55 @@ char *safe_strncpy(char *dest, const char *src, size_t n) return dest; } +int validate_symref(const char *path) +{ + struct stat st; + char *buf, buffer[256]; + int len, fd; + + if (lstat(path, &st) < 0) + return -1; + + /* Make sure it is a "refs/.." symlink */ + if (S_ISLNK(st.st_mode)) { + len = readlink(path, buffer, sizeof(buffer)-1); + if (len >= 5 && !memcmp("refs/", buffer, 5)) + return 0; + return -1; + } + + /* + * Anything else, just open it and try to see if it is a symbolic ref. + */ + fd = open(path, O_RDONLY); + if (fd < 0) + return -1; + len = read(fd, buffer, sizeof(buffer)-1); + close(fd); + + /* + * Is it a symbolic ref? + */ + if (len < 4 || memcmp("ref:", buffer, 4)) + return -1; + buf = buffer + 4; + len -= 4; + while (len && isspace(*buf)) + buf++, len--; + if (len >= 5 && !memcmp("refs/", buf, 5)) + return 0; + return -1; +} + static char *current_dir() { return getcwd(pathname, sizeof(pathname)); } -/* Take a raw path from is_git_repo() and canonicalize it using Linus' - * idea of a blind chdir() and getcwd(). */ -static const char *canonical_path(char *path, int strict) +static int user_chdir(char *path) { char *dir = path; - if(strict && *dir != '/') - return NULL; - if(*dir == '~') { /* user-relative path */ struct passwd *pw; char *slash = strchr(dir, '/'); @@ -125,19 +160,19 @@ static const char *canonical_path(char *path, int strict) /* make sure we got something back that we can chdir() to */ if(!pw || chdir(pw->pw_dir) < 0) - return NULL; + return -1; if(!slash || !slash[1]) /* no path following username */ - return current_dir(); + return 0; dir = slash + 1; } /* ~foo/path/to/repo is now path/to/repo and we're in foo's homedir */ if(chdir(dir) < 0) - return NULL; + return -1; - return current_dir(); + return 0; } char *enter_repo(char *path, int strict) @@ -145,16 +180,24 @@ char *enter_repo(char *path, int strict) if(!path) return NULL; - if(!canonical_path(path, strict)) { - if(strict || !canonical_path(mkpath("%s.git", path), strict)) + if (strict) { + if((path[0] != '/') || chdir(path) < 0) return NULL; } + else { + if (!*path) + ; /* happy -- no chdir */ + else if (!user_chdir(path)) + ; /* happy -- as given */ + else if (!user_chdir(mkpath("%s.git", path))) + ; /* happy -- uemacs --> uemacs.git */ + else + return NULL; + (void)chdir(".git"); + } - /* This is perfectly safe, and people tend to think of the directory - * where they ran git-init-db as their repository, so humour them. */ - (void)chdir(".git"); - - if(access("objects", X_OK) == 0 && access("refs", X_OK) == 0) { + if(access("objects", X_OK) == 0 && access("refs", X_OK) == 0 && + validate_symref("HEAD") == 0) { putenv("GIT_DIR=."); return current_dir(); } diff --git a/refs.c b/refs.c index f324be5032..ac2619851d 100644 --- a/refs.c +++ b/refs.c @@ -10,46 +10,6 @@ #define USE_SYMLINK_HEAD 1 #endif -int validate_symref(const char *path) -{ - struct stat st; - char *buf, buffer[256]; - int len, fd; - - if (lstat(path, &st) < 0) - return -1; - - /* Make sure it is a "refs/.." symlink */ - if (S_ISLNK(st.st_mode)) { - len = readlink(path, buffer, sizeof(buffer)-1); - if (len >= 5 && !memcmp("refs/", buffer, 5)) - return 0; - return -1; - } - - /* - * Anything else, just open it and try to see if it is a symbolic ref. - */ - fd = open(path, O_RDONLY); - if (fd < 0) - return -1; - len = read(fd, buffer, sizeof(buffer)-1); - close(fd); - - /* - * Is it a symbolic ref? - */ - if (len < 4 || memcmp("ref:", buffer, 4)) - return -1; - buf = buffer + 4; - len -= 4; - while (len && isspace(*buf)) - buf++, len--; - if (len >= 5 && !memcmp("refs/", buf, 5)) - return 0; - return -1; -} - const char *resolve_ref(const char *path, unsigned char *sha1, int reading) { int depth = MAXDEPTH, len; -- cgit v1.3-5-g9baa From bd22c904a0f1c88a3a7bfa96bbf690de2f5cb278 Mon Sep 17 00:00:00 2001 From: Timo Hirvonen Date: Mon, 21 Nov 2005 02:52:52 +0200 Subject: Fix sparse warnings Make some functions static and convert func() function prototypes to to func(void). Fix declaration after statement, missing declaration and redundant declaration warnings. Signed-off-by: Timo Hirvonen Signed-off-by: Junio C Hamano --- cache.h | 1 + name-rev.c | 2 -- pack-redundant.c | 58 ++++++++++++++++++++++++++++---------------------------- path.c | 2 +- 4 files changed, 31 insertions(+), 32 deletions(-) (limited to 'path.c') diff --git a/cache.h b/cache.h index a7c1bbd51c..c7c6637b1f 100644 --- a/cache.h +++ b/cache.h @@ -203,6 +203,7 @@ int git_mkstemp(char *path, size_t n, const char *template); int safe_create_leading_directories(char *path); char *safe_strncpy(char *, const char *, size_t); +char *enter_repo(char *path, int strict); /* Read and unpack a sha1 file into memory, write memory to a sha1 file */ extern int unpack_sha1_header(z_stream *stream, void *map, unsigned long mapsize, void *buffer, unsigned long size); diff --git a/name-rev.c b/name-rev.c index 59194f1349..817e36b793 100644 --- a/name-rev.c +++ b/name-rev.c @@ -230,8 +230,6 @@ int main(int argc, char **argv) fwrite(p_start, p - p_start, 1, stdout); } } else if (all) { - extern struct object **objs; - extern int nr_objs; int i; for (i = 0; i < nr_objs; i++) diff --git a/pack-redundant.c b/pack-redundant.c index fb6cb48502..15193854e5 100644 --- a/pack-redundant.c +++ b/pack-redundant.c @@ -11,19 +11,19 @@ static const char pack_redundant_usage[] = "git-pack-redundant [ --verbose ] [ --alt-odb ] < --all | <.pack filename> ...>"; -int load_all_packs = 0, verbose = 0, alt_odb = 0; +static int load_all_packs = 0, verbose = 0, alt_odb = 0; struct llist_item { struct llist_item *next; char *sha1; }; -struct llist { +static struct llist { struct llist_item *front; struct llist_item *back; size_t size; } *all_objects; /* all objects which must be present in local packfiles */ -struct pack_list { +static struct pack_list { struct pack_list *next; struct packed_git *pack; struct llist *unique_objects; @@ -36,7 +36,7 @@ struct pll { size_t pl_size; }; -inline void llist_free(struct llist *list) +static inline void llist_free(struct llist *list) { while((list->back = list->front)) { list->front = list->front->next; @@ -45,14 +45,14 @@ inline void llist_free(struct llist *list) free(list); } -inline void llist_init(struct llist **list) +static inline void llist_init(struct llist **list) { *list = xmalloc(sizeof(struct llist)); (*list)->front = (*list)->back = NULL; (*list)->size = 0; } -struct llist * llist_copy(struct llist *list) +static struct llist * llist_copy(struct llist *list) { struct llist *ret; struct llist_item *new, *old, *prev; @@ -79,7 +79,7 @@ struct llist * llist_copy(struct llist *list) return ret; } -inline struct llist_item * llist_insert(struct llist *list, +static inline struct llist_item * llist_insert(struct llist *list, struct llist_item *after, char *sha1) { struct llist_item *new = xmalloc(sizeof(struct llist_item)); @@ -102,12 +102,12 @@ inline struct llist_item * llist_insert(struct llist *list, return new; } -inline struct llist_item * llist_insert_back(struct llist *list, char *sha1) +static inline struct llist_item * llist_insert_back(struct llist *list, char *sha1) { return llist_insert(list, list->back, sha1); } -inline struct llist_item * llist_insert_sorted_unique(struct llist *list, +static inline struct llist_item * llist_insert_sorted_unique(struct llist *list, char *sha1, struct llist_item *hint) { struct llist_item *prev = NULL, *l; @@ -129,7 +129,7 @@ inline struct llist_item * llist_insert_sorted_unique(struct llist *list, } /* returns a pointer to an item in front of sha1 */ -inline struct llist_item * llist_sorted_remove(struct llist *list, char *sha1, +static inline struct llist_item * llist_sorted_remove(struct llist *list, char *sha1, struct llist_item *hint) { struct llist_item *prev, *l; @@ -164,7 +164,7 @@ redo_from_start: } /* computes A\B */ -void llist_sorted_difference_inplace(struct llist *A, +static void llist_sorted_difference_inplace(struct llist *A, struct llist *B) { struct llist_item *hint, *b; @@ -178,7 +178,7 @@ void llist_sorted_difference_inplace(struct llist *A, } } -inline struct pack_list * pack_list_insert(struct pack_list **pl, +static inline struct pack_list * pack_list_insert(struct pack_list **pl, struct pack_list *entry) { struct pack_list *p = xmalloc(sizeof(struct pack_list)); @@ -188,7 +188,7 @@ inline struct pack_list * pack_list_insert(struct pack_list **pl, return p; } -inline size_t pack_list_size(struct pack_list *pl) +static inline size_t pack_list_size(struct pack_list *pl) { size_t ret = 0; while(pl) { @@ -198,7 +198,7 @@ inline size_t pack_list_size(struct pack_list *pl) return ret; } -struct pack_list * pack_list_difference(struct pack_list *A, +static struct pack_list * pack_list_difference(struct pack_list *A, struct pack_list *B) { struct pack_list *ret, *pl; @@ -218,7 +218,7 @@ struct pack_list * pack_list_difference(struct pack_list *A, return ret; } -void cmp_two_packs(struct pack_list *p1, struct pack_list *p2) +static void cmp_two_packs(struct pack_list *p1, struct pack_list *p2) { int p1_off, p2_off; void *p1_base, *p2_base; @@ -250,7 +250,7 @@ void cmp_two_packs(struct pack_list *p1, struct pack_list *p2) } } -void pll_insert(struct pll **pll, struct pll **hint_table) +static void pll_insert(struct pll **pll, struct pll **hint_table) { struct pll *prev; int i = (*pll)->pl_size - 1; @@ -276,7 +276,7 @@ void pll_insert(struct pll **pll, struct pll **hint_table) /* all the permutations have to be free()d at the same time, * since they refer to each other */ -struct pll * get_all_permutations(struct pack_list *list) +static struct pll * get_all_permutations(struct pack_list *list) { struct pll *subset, *pll, *new_pll = NULL; /*silence warning*/ static struct pll **hint = NULL; @@ -323,7 +323,7 @@ struct pll * get_all_permutations(struct pack_list *list) return hint[0]; } -int is_superset(struct pack_list *pl, struct llist *list) +static int is_superset(struct pack_list *pl, struct llist *list) { struct llist *diff; @@ -342,7 +342,7 @@ int is_superset(struct pack_list *pl, struct llist *list) return 0; } -size_t sizeof_union(struct packed_git *p1, struct packed_git *p2) +static size_t sizeof_union(struct packed_git *p1, struct packed_git *p2) { size_t ret = 0; int p1_off, p2_off; @@ -373,14 +373,14 @@ size_t sizeof_union(struct packed_git *p1, struct packed_git *p2) } /* another O(n^2) function ... */ -size_t get_pack_redundancy(struct pack_list *pl) +static size_t get_pack_redundancy(struct pack_list *pl) { struct pack_list *subset; + size_t ret = 0; if (pl == NULL) return 0; - size_t ret = 0; while ((subset = pl->next)) { while(subset) { ret += sizeof_union(pl->pack, subset->pack); @@ -391,7 +391,7 @@ size_t get_pack_redundancy(struct pack_list *pl) return ret; } -inline size_t pack_set_bytecount(struct pack_list *pl) +static inline size_t pack_set_bytecount(struct pack_list *pl) { size_t ret = 0; while (pl) { @@ -402,7 +402,7 @@ inline size_t pack_set_bytecount(struct pack_list *pl) return ret; } -void minimize(struct pack_list **min) +static void minimize(struct pack_list **min) { struct pack_list *pl, *unique = NULL, *non_unique = NULL, *min_perm = NULL; @@ -469,7 +469,7 @@ void minimize(struct pack_list **min) } } -void load_all_objects() +static void load_all_objects(void) { struct pack_list *pl = local_packs; struct llist_item *hint, *l; @@ -497,7 +497,7 @@ void load_all_objects() } /* this scales like O(n^2) */ -void cmp_local_packs() +static void cmp_local_packs(void) { struct pack_list *subset, *pl = local_packs; @@ -508,7 +508,7 @@ void cmp_local_packs() } } -void scan_alt_odb_packs() +static void scan_alt_odb_packs(void) { struct pack_list *local, *alt; @@ -524,7 +524,7 @@ void scan_alt_odb_packs() } } -struct pack_list * add_pack(struct packed_git *p) +static struct pack_list * add_pack(struct packed_git *p) { struct pack_list l; size_t off; @@ -550,7 +550,7 @@ struct pack_list * add_pack(struct packed_git *p) return pack_list_insert(&altodb_packs, &l); } -struct pack_list * add_pack_file(char *filename) +static struct pack_list * add_pack_file(char *filename) { struct packed_git *p = packed_git; @@ -565,7 +565,7 @@ struct pack_list * add_pack_file(char *filename) die("Filename %s not found in packed_git\n", filename); } -void load_all() +static void load_all(void) { struct packed_git *p = packed_git; diff --git a/path.c b/path.c index d635470de1..84b3272d94 100644 --- a/path.c +++ b/path.c @@ -131,7 +131,7 @@ int validate_symref(const char *path) return -1; } -static char *current_dir() +static char *current_dir(void) { return getcwd(pathname, sizeof(pathname)); } -- cgit v1.3-5-g9baa From e0a87193d3f2b78b7b687405c0315e1517d36912 Mon Sep 17 00:00:00 2001 From: Junio C Hamano Date: Sun, 20 Nov 2005 23:37:13 -0800 Subject: Fix "do not DWIM" patch to enter_repo" We wanted --strict to mean "do not DWIM", but the code required to see absolute path. daemon does its own path verification and chdirs to the verified repository, so enter_repo() called from upload-pack will always enter ".". Requiring absolute path does not make any sense. Signed-off-by: Junio C Hamano --- path.c | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) (limited to 'path.c') diff --git a/path.c b/path.c index 84b3272d94..4d889473a7 100644 --- a/path.c +++ b/path.c @@ -181,7 +181,7 @@ char *enter_repo(char *path, int strict) return NULL; if (strict) { - if((path[0] != '/') || chdir(path) < 0) + if (chdir(path) < 0) return NULL; } else { -- cgit v1.3-5-g9baa