aboutsummaryrefslogtreecommitdiff
path: root/path.c
Commit message (Collapse)AuthorAge
* Introduce the function strip_path_suffix()Johannes Schindelin2009-02-19
| | | | | | | | | | | | | | | | | | | The function strip_path_suffix() will try to strip a given suffix from a given path. The suffix must start at a directory boundary (i.e. "core" is not a path suffix of "libexec/git-core", but "git-core" is). Arbitrary runs of directory separators ("slashes") are assumed identical. Example: strip_path_suffix("C:\\msysgit/\\libexec\\git-core", "libexec///git-core", &prefix) will set prefix to "C:\\msysgit" and return 0. Signed-off-by: Johannes Schindelin <johannes.schindelin@gmx.de> Acked-by: Johannes Sixt <j6t@kdbg.org> Signed-off-by: Junio C Hamano <gitster@pobox.com>
* Revert "validate_headref: tighten ref-matching to just branches"Junio C Hamano2009-02-12
| | | | | | This reverts commit b229d18a809c169314b7f0d048dc5a7632e8f916, at least until we figure out how to work better with TopGit that points HEAD to refs/top-bases/ hierarchy.
* Merge branch 'js/maint-1.6.0-path-normalize'Junio C Hamano2009-02-10
|\ | | | | | | | | | | | | | | | | * js/maint-1.6.0-path-normalize: Remove unused normalize_absolute_path() Test and fix normalize_path_copy() Fix GIT_CEILING_DIRECTORIES on Windows Move sanitary_path_copy() to path.c and rename it to normalize_path_copy() Make test-path-utils more robust against incorrect use
| * Remove unused normalize_absolute_path()Johannes Sixt2009-02-07
| | | | | | | | | | | | | | This function is now superseded by normalize_path_copy(). Signed-off-by: Johannes Sixt <j6t@kdbg.org> Signed-off-by: Junio C Hamano <gitster@pobox.com>
| * Test and fix normalize_path_copy()Johannes Sixt2009-02-07
| | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | This changes the test-path-utils utility to invoke normalize_path_copy() instead of normalize_absolute_path() because the latter is about to be removed. The test cases in t0060 are adjusted in two regards: - normalize_path_copy() more often leaves a trailing slash in the result. This has no negative side effects because the new user of this function, longest_ancester_length(), already accounts for this behavior. - The function can fail. The tests uncover a flaw in normalize_path_copy(): If there are sufficiently many '..' path components so that the root is reached, such as in "/d1/s1/../../d2", then the leading slash was lost. This manifested itself that (assuming there is a repository at /tmp/foo) $ git add /d1/../tmp/foo/some-file reported 'pathspec is outside repository'. This is now fixed. Moreover, the test case descriptions of t0060 now include the test data and expected outcome. Signed-off-by: Johannes Sixt <j6t@kdbg.org> Signed-off-by: Junio C Hamano <gitster@pobox.com>
| * Fix GIT_CEILING_DIRECTORIES on WindowsRené Scharfe2009-02-07
| | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | Using git with GIT_CEILING_DIRECTORIES crashed on Windows due to a failed assertion in normalize_absolute_path(): This function expects absolute paths to start with a slash, while on Windows they can start with a drive letter or a backslash. This fixes it by using the alternative, normalize_path_copy() instead, which can handle Windows-style paths just fine. Secondly, the portability macro PATH_SEP is used instead of expecting colons to be used as path list delimiter. The test script t1504 is also changed to help MSYS's bash recognize some program arguments as path list. (MSYS's bash must translate POSIX-style path lists to Windows-style path lists, and the heuristic did not catch some cases.) Signed-off-by: Rene Scharfe <rene.scharfe@lsrfire.ath.cx> Signed-off-by: Johannes Sixt <j6t@kdbg.org> Signed-off-by: Junio C Hamano <gitster@pobox.com>
| * Move sanitary_path_copy() to path.c and rename it to normalize_path_copy()Johannes Sixt2009-02-07
| | | | | | | | | | | | | | | | | | | | | | | | | | This function and normalize_absolute_path() do almost the same thing. The former already works on Windows, but the latter crashes. In subsequent changes we will remove normalize_absolute_path(). Here we make the replacement function reusable. On the way we rename it to reflect that it does some path normalization. Apart from that this is only moving around code. Signed-off-by: Johannes Sixt <j6t@kdbg.org> Signed-off-by: Junio C Hamano <gitster@pobox.com>
* | validate_headref: tighten ref-matching to just branchesJeff King2009-01-29
|/ | | | | | | | | | | | | | | When we are trying to determine whether a directory contains a git repository, one of the tests we do is to check whether HEAD is either a symlink or a symref into the "refs/" hierarchy, or a detached HEAD. We can tighten this a little more, though: a non-detached HEAD should always point to a branch (since checking out anything else should result in detachment), so it is safe to check for "refs/heads/". Signed-off-by: Jeff King <peff@peff.net> Signed-off-by: Junio C Hamano <gitster@pobox.com>
* Fix non-literal format in printf-style callsDaniel Lowe2008-11-11
| | | | | | | | | | These were found using gcc 4.3.2-1ubuntu11 with the warning: warning: format not a string literal and no format arguments Incorporated suggestions from Brandon Casey <casey@nrlssc.navy.mil>. Signed-off-by: Junio C Hamano <gitster@pobox.com>
* Merge branch 'ar/maint-mksnpath' into maintJunio C Hamano2008-11-08
|\ | | | | | | | | | | | | | | | | | | | | | | | | | | | | * ar/maint-mksnpath: Use git_pathdup instead of xstrdup(git_path(...)) git_pathdup: returns xstrdup-ed copy of the formatted path Fix potentially dangerous use of git_path in ref.c Add git_snpath: a .git path formatting routine with output buffer Fix potentially dangerous uses of mkpath and git_path Fix mkpath abuse in dwim_ref and dwim_log of sha1_name.c Add mksnpath which allows you to specify the output buffer Conflicts: builtin-revert.c rerere.c
| * git_pathdup: returns xstrdup-ed copy of the formatted pathAlex Riesen2008-10-30
| | | | | | | | Signed-off-by: Junio C Hamano <gitster@pobox.com>
| * Add git_snpath: a .git path formatting routine with output bufferAlex Riesen2008-10-30
| | | | | | | | | | | | | | | | The function's purpose is to replace git_path where the buffer of formatted path may not be reused by subsequent calls of the function or will be copied anyway. Signed-off-by: Junio C Hamano <gitster@pobox.com>
| * Add mksnpath which allows you to specify the output bufferAlex Riesen2008-10-26
| | | | | | | | | | | | | | | | | | | | This is just vsnprintf's but additionally calls cleanup_path() on the result. To be used as alternatives to mkpath() where the buffer for the created path may not be reused by subsequent calls of the same formatting function. Signed-off-by: Alex Riesen <raa.lkml@gmail.com> Signed-off-by: Junio C Hamano <gitster@pobox.com>
* | fix overlapping memcpy in normalize_absolute_pathJeff King2008-11-01
|/ | | | | | | | | | | | | The comments for normalize_absolute_path explicitly claim that the source and destination buffers may be the same (though they may not otherwise overlap). Thus the call to memcpy may involve copying overlapping data, and memmove should be used instead. This fixes a valgrind error in t1504. Signed-off-by: Jeff King <peff@peff.net> Signed-off-by: Junio C Hamano <gitster@pobox.com>
* Fix typo in comments of longest_ancestor_length()Nguyễn Thái Ngọc Duy2008-08-11
| | | | | Signed-off-by: Nguyễn Thái Ngọc Duy <pclouds@gmail.com> Signed-off-by: Junio C Hamano <gitster@pobox.com>
* Allow add_path() to add non-existent directories to the pathJohannes Sixt2008-07-25
| | | | | | | | | | | | | | | | | This function had used make_absolute_path(); but this function dies if the directory that contains the entry whose relative path was supplied in the argument does not exist. This is a problem if the argument is, for example, "../libexec/git-core", and that "../libexec" does not exist. Since the resolution of symbolic links is not required for elements in PATH, we can fall back to using make_nonrelative_path(), which simply prepends $PWD to the path. We have to move make_nonrelative_path() alongside make_absolute_path() in abspath.c so that git-shell can be linked. See 5b8e6f85f. Signed-off-by: Johannes Sixt <johannes.sixt@telecom.at> Signed-off-by: Junio C Hamano <gitster@pobox.com>
* Merge branch 'maint' to sync with 1.5.6.3Junio C Hamano2008-07-13
|\ | | | | | | | | | | | | | | | | * maint: GIT 1.5.6.3 git-am: Do not exit silently if committer is unset t0004: fix timing bug git-mailinfo: document the -n option Fix backwards-incompatible handling of core.sharedRepository
| * Fix backwards-incompatible handling of core.sharedRepositoryPetr Baudis2008-07-11
| | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | 06cbe85 (Make core.sharedRepository more generic, 2008-04-16) broke the traditional setting of core.sharedRepository to true, which was to make the repository group writable: with umask 022, it would clear the permission bits for 'other'. (umask 002 did not exhibit this behaviour since pre-chmod() check in adjust_shared_perm() fails in that case.) The call to adjust_shared_perm() should only loosen the permission. If the user has umask like 022 or 002 that allow others to read, the resulting files should be made readable and writable by group, without restricting the readability by others. This patch fixes the adjust_shared_perm() mode tweak based on Junio's suggestion and adds the appropriate tests to t/t1301-shared-repo.sh. Cc: Heikki Orsila <heikki.orsila@iki.fi> Signed-off-by: Petr Baudis <pasky@suse.cz> Signed-off-by: Junio C Hamano <gitster@pobox.com>
* | Merge branch 'dr/ceiling'Junio C Hamano2008-07-07
|\ \ | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | * dr/ceiling: Eliminate an unnecessary chdir("..") Add support for GIT_CEILING_DIRECTORIES Fold test-absolute-path into test-path-utils Implement normalize_absolute_path Conflicts: cache.h setup.c
| * | Add support for GIT_CEILING_DIRECTORIESDavid Reiss2008-05-23
| | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | Make git recognize a new environment variable that prevents it from chdir'ing up into specified directories when looking for a GIT_DIR. Useful for avoiding slow network directories. For example, I use git in an environment where homedirs are automounted and "ls /home/nonexistent" takes about 9 seconds. Setting GIT_CEILING_DIRS="/home" allows "git help -a" (for bash completion) and "git symbolic-ref" (for my shell prompt) to run in a reasonable time. Signed-off-by: David Reiss <dreiss@facebook.com> Signed-off-by: Junio C Hamano <gitster@pobox.com>
| * | Implement normalize_absolute_pathDavid Reiss2008-05-23
| | | | | | | | | | | | | | | | | | | | | | | | | | | normalize_absolute_path removes several oddities form absolute paths, giving nice clean paths like "/dir/sub1/sub2". Also add a test case for this utility, based on a new test program (in the style of test-sha1). Signed-off-by: David Reiss <dreiss@facebook.com> Signed-off-by: Junio C Hamano <gitster@pobox.com>
* | | shrink git-shell by avoiding redundant dependenciesDmitry Potapov2008-06-27
| |/ |/| | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | A lot of modules that have nothing to do with git-shell functionality were linked in, bloating git-shell more than 8 times. This patch cuts off redundant dependencies by: 1. providing stubs for three functions that make no sense for git-shell; 2. moving quote_path_fully from environment.c to quote.c to make the later self sufficient; 3. moving make_absolute_path into a new separate file. The following numbers have been received with the default optimization settings on master using GCC 4.1.2: Before: text data bss dec hex filename 143915 1348 93168 238431 3a35f git-shell After: text data bss dec hex filename 17670 788 8232 26690 6842 git-shell Signed-off-by: Junio C Hamano <gitster@pobox.com>
* | Make git_dir a path relative to work_tree in setup_work_tree()Linus Torvalds2008-06-19
| | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | Once we find the absolute paths for git_dir and work_tree, we can make git_dir a relative path since we know pwd will be work_tree. This should save the kernel some time traversing the path to work_tree all the time if git_dir is inside work_tree. Daniel's patch didn't apply for me as-is, so I recreated it with some differences, and here are the numbers from ten runs each. There is some IO for me - probably due to more-or-less random flushing of the journal - so the variation is bigger than I'd like, but whatever: Before: real 0m8.135s real 0m7.933s real 0m8.080s real 0m7.954s real 0m7.949s real 0m8.112s real 0m7.934s real 0m8.059s real 0m7.979s real 0m8.038s After: real 0m7.685s real 0m7.968s real 0m7.703s real 0m7.850s real 0m7.995s real 0m7.817s real 0m7.963s real 0m7.955s real 0m7.848s real 0m7.969s Now, going by "best of ten" (on the assumption that the longer numbers are all due to IO), I'm saying a 7.933s -> 7.685s reduction, and it does seem to be outside of the noise (ie the "after" case never broke 8s, while the "before" case did so half the time). So looks like about 3% to me. Doing it for a slightly smaller test-case (just the "arch" subdirectory) gets more stable numbers probably due to not filling the journal with metadata updates, so we have: Before: real 0m1.633s real 0m1.633s real 0m1.633s real 0m1.632s real 0m1.632s real 0m1.630s real 0m1.634s real 0m1.631s real 0m1.632s real 0m1.632s After: real 0m1.610s real 0m1.609s real 0m1.610s real 0m1.608s real 0m1.607s real 0m1.610s real 0m1.609s real 0m1.611s real 0m1.608s real 0m1.611s where I'ld just take the averages and say 1.632 vs 1.610, which is just over 1% peformance improvement. So it's not in the noise, but it's not as big as I initially thought and measured. (That said, it obviously depends on how deep the working directory path is too, and whether it is behind NFS or something else that might need to cause more work to look up). Signed-off-by: Junio C Hamano <gitster@pobox.com>
* | make_nonrelative_path: Use is_absolute_path()Johannes Sixt2008-06-08
| | | | | | | | | | | | | | This helps porting to Windows. Signed-off-by: Johannes Sixt <johannes.sixt@telecom.at> Signed-off-by: Junio C Hamano <gitster@pobox.com>
* | Use nonrelative paths instead of absolute paths for cloned repositoriesDaniel Barkalow2008-06-06
|/ | | | | | | | | | Particularly for the "alternates" file, if one will be created, we want a path that doesn't depend on the current directory, but we want to retain any symlinks in the path as given and any in the user's view of the current directory when the path was given. Signed-off-by: Daniel Barkalow <barkalow@iabervon.org> Signed-off-by: Junio C Hamano <gitster@pobox.com>
* Make read_in_full() and write_in_full() consistent with xread() and xwrite()Heikki Orsila2008-04-29
| | | | | | | | | | xread() and xwrite() return ssize_t values as their native POSIX counterparts read(2) and write(2). To be consistent, read_in_full() and write_in_full() should also return ssize_t values. Signed-off-by: Junio C Hamano <gitster@pobox.com>
* Make core.sharedRepository more genericHeikki Orsila2008-04-16
| | | | | | | | | | | | | | | git init --shared=0xxx, where '0xxx' is an octal number, will create a repository with file modes set to '0xxx'. Users with a safe umask value (0077) can use this option to force file modes. For example, '0640' is a group-readable but not group-writable regardless of user's umask value. Values compatible with old Git versions are written as they were before, for compatibility reasons. That is, "1" for "group" and "2" for "everybody". "git config core.sharedRepository 0xxx" is also handled. Signed-off-by: Heikki Orsila <heikki.orsila@iki.fi> Signed-off-by: Junio C Hamano <gitster@pobox.com>
* Do not use GUID on dir in git init --shared=all on FreeBSDAlex Riesen2008-03-05
| | | | | | | | It does not allow changing the bit to a non-root user. This fixes t1301-shared-repo.sh on the platform. Signed-off-by: Alex Riesen <raa.lkml@gmail.com> Signed-off-by: Junio C Hamano <gitster@pobox.com>
* Fix make_absolute_path() for parameters without a slashJohannes Schindelin2008-03-02
| | | | | | | | | When passing "xyz" to make_absolute_path(), make_absolute_path() erroneously tried to chdir("xyz"), and then append "/xyz". Instead, skip the chdir() completely when no slash was found. Signed-off-by: Johannes Schindelin <johannes.schindelin@gmx.de> Signed-off-by: Junio C Hamano <gitster@pobox.com>
* Add is_absolute_path() and make_absolute_path()Johannes Schindelin2007-08-01
| | | | | | | | | | | This patch adds convenience functions to work with absolute paths. The function is_absolute_path() should help the efforts to integrate the MinGW fork. Note that make_absolute_path() returns a pointer to a static buffer. Signed-off-by: Johannes Schindelin <johannes.schindelin@gmx.de> Signed-off-by: Junio C Hamano <gitster@pobox.com>
* git_mkstemp(): be careful not to overflow the path buffer.Junio C Hamano2007-07-25
| | | | | | | | If user's TMPDIR is insanely long, return negative after setting errno to ENAMETOOLONG, pretending that the underlying mkstemp() choked on a temporary file path that is too long. Signed-off-by: Junio C Hamano <gitster@pobox.com>
* getenv/setenv: use constants if availableMatthias Lederhofer2007-07-02
| | | | | | | | | | There were places using "GIT_DIR" instead of GIT_DIR_ENVIRONMENT and "GIT_CONFIG" instead of CONFIG_ENVIRONMENT. This makes it easier to find all places touching an environment variable using git grep or similar tools. Signed-off-by: Matthias Lederhofer <matled@gmx.net> Signed-off-by: Junio C Hamano <gitster@pobox.com>
* General const correctness fixesShawn O. Pearce2007-03-07
| | | | | | | | | | | | | | | | We shouldn't attempt to assign constant strings into char*, as the string is not writable at runtime. Likewise we should always be treating unsigned values as unsigned values, not as signed values. Most of these are very straightforward. The only exception is the (unnecessary) xstrdup/free in builtin-branch.c for the detached head case. Since this is a user-level interactive type program and that particular code path is executed no more than once, I feel that the extra xstrdup call is well worth the easy elimination of this warning. Signed-off-by: Shawn O. Pearce <spearce@spearce.org> Signed-off-by: Junio C Hamano <junkio@cox.net>
* Merge branch 'jc/detached-head'Junio C Hamano2007-01-11
|\ | | | | | | | | | | | | | | | | | | | | | | | | * jc/detached-head: git-checkout: handle local changes sanely when detaching HEAD git-checkout: safety check for detached HEAD checks existing refs git-checkout: fix branch name output from the command git-checkout: safety when coming back from the detached HEAD state. git-checkout: rewording comments regarding detached HEAD. git-checkout: do not warn detaching HEAD when it is already detached. Detached HEAD (experimental) git-branch: show detached HEAD git-status: show detached HEAD
| * Detached HEAD (experimental)Junio C Hamano2007-01-08
| | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | This allows "git checkout v1.4.3" to dissociate the HEAD of repository from any branch. After this point, "git branch" starts reporting that you are not on any branch. You can go back to an existing branch by saying "git checkout master", for example. This is still experimental. While I think it makes sense to allow commits on top of detached HEAD, it is rather dangerous unless you are careful in the current form. Next "git checkout master" will obviously lose what you have done, so we might want to require "git checkout -f" out of a detached HEAD if we find that the HEAD commit is not an ancestor of any other branches. There is no such safety valve implemented right now. On the other hand, the reason the user did not start the ad-hoc work on a new branch with "git checkout -b" was probably because the work was of a throw-away nature, so the convenience of not having that safety valve might be even better. The user, after accumulating some commits on top of a detached HEAD, can always create a new branch with "git checkout -b" not to lose useful work done while the HEAD was detached. We'll see. Signed-off-by: Junio C Hamano <junkio@cox.net>
* | short i/o: fix calls to read to use xread or read_in_fullAndy Whitcroft2007-01-08
|/ | | | | | | | | | | We have a number of badly checked read() calls. Often we are expecting read() to read exactly the size we requested or fail, this fails to handle interrupts or short reads. Add a read_in_full() providing those semantics. Otherwise we at a minimum need to check for EINTR and EAGAIN, where this is appropriate use xread(). Signed-off-by: Andy Whitcroft <apw@shadowen.org> Signed-off-by: Junio C Hamano <junkio@cox.net>
* simplify inclusion of system header files.Junio C Hamano2006-12-20
| | | | | | | | | | | | | | | | | | | | This is a mechanical clean-up of the way *.c files include system header files. (1) sources under compat/, platform sha-1 implementations, and xdelta code are exempt from the following rules; (2) the first #include must be "git-compat-util.h" or one of our own header file that includes it first (e.g. config.h, builtin.h, pkt-line.h); (3) system headers that are included in "git-compat-util.h" need not be included in individual C source files. (4) "git-compat-util.h" does not have to include subsystem specific header files (e.g. expat.h). Signed-off-by: Junio C Hamano <junkio@cox.net>
* adjust_shared_perm: chmod() only when needed.Junio C Hamano2006-11-05
| | | | | | | | | | | When widening permission for files and directories in a 'shared' repository for a user with inappropriate umask() setting for shared work, make sure we call chmod() only when we actually need to. The primary idea owes credit to Johannes. Signed-off-by: Junio C Hamano <junkio@cox.net>
* Allow multiple "git_path()" usesLinus Torvalds2006-09-16
| | | | | | | | | | | | | This allows you to maintain a few filesystem pathnames concurrently, by simply replacing the single static "pathname" buffer with a LRU of four buffers. We did exactly the same thing with sha1_to_hex(), for pretty much exactly the same reason. Sometimes you want to use two pathnames, and while it's easy enough to xstrdup() them, why not just do the LU buffer thing. Signed-off-by: Linus Torvalds <torvalds@osdl.org> Signed-off-by: Junio C Hamano <junkio@cox.net>
* Rename safe_strncpy() to strlcpy().Peter Eriksen2006-06-24
| | | | | | | | | | | This cleans up the use of safe_strncpy() even more. Since it has the same semantics as strlcpy() use this name instead. Also move the definition from inside path.c to its own file compat/strlcpy.c, and use it conditionally at compile time, since some platforms already has strlcpy(). It's included in the same way as compat/setenv.c. Signed-off-by: Peter Eriksen <s022018@student.dtu.dk> Signed-off-by: Junio C Hamano <junkio@cox.net>
* Merge branch 'js/diff'Junio C Hamano2006-06-17
|\
| * Implement safe_strncpy() as strlcpy() and use it more.Peter Eriksen2006-06-16
| | | | | | | | | | Signed-off-by: Peter Eriksen <s022018@student.dtu.dk> Signed-off-by: Junio C Hamano <junkio@cox.net>
* | shared repository: optionally allow reading to "others".Junio C Hamano2006-06-10
|/ | | | | | | | | | | | | | | | | | | | | | This enhances core.sharedrepository to have additionally specify that read and exec permissions to be given to others as well. It is useful when serving a repository via gitweb and git-daemon that runs as a user outside the project group. The configuration item can take the following values: [core] sharedrepository ; the same as "group" sharedrepository = true ; ditto sharedrepository = 1 ; ditto sharedrepository = group ; allow rwx to group sharedrepository = all ; allow rwx to group, allow rx to other sharedrepository = umask ; not shared - use umask It also extends "git init-db" to take "--shared=all" and friends from the command line. Signed-off-by: Junio C Hamano <junkio@cox.net>
* shared repository - add a few missing calls to adjust_shared_perm().Junio C Hamano2006-06-09
| | | | | | | | | | | | | | | | | | | | | | | | | | There were a few calls to adjust_shared_perm() that were missing: - init-db creates refs, refs/heads, and refs/tags before reading from templates that could specify sharedrepository in the config file; - updating config file created it under user's umask without adjusting; - updating refs created it under user's umask without adjusting; - switching branches created .git/HEAD under user's umask without adjusting. This moves adjust_shared_perm() from sha1_file.c to path.c, since a few SIMPLE_PROGRAM need to call repository configuration functions which in turn need to call adjust_shared_perm(). sha1_file.c needs to link with SHA1 computation library which is usually not linked to SIMPLE_PROGRAM. Signed-off-by: Junio C Hamano <junkio@cox.net>
* [PATCH] daemon.c and path.enter_repo(): revamp path validation.Junio C Hamano2005-12-03
| | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | The whitelist of git-daemon is checked against return value from enter_repo(), and enter_repo() used to return the value obtained from getcwd() to avoid directory aliasing issues as discussed earier (mid October 2005). Unfortunately, it did not go well as we hoped. For example, /pub on a kernel.org public machine is a symlink to its real mountpoint, and it is understandable that the administrator does not want to adjust the whitelist every time /pub needs to point at a different partition for storage allcation or whatever reasons. Being able to keep using /pub/scm as the whitelist is a desirable property. So this version of enter_repo() reports what it used to chdir() and validate, but does not use getcwd() to canonicalize the directory name. When it sees a user relative path ~user/path, it internally resolves it to try chdir() there, but it still reports ~user/path (possibly after appending .git if allowed to do so, in which case it would report ~user/path.git). What this means is that if a whitelist wants to allow a user relative path, it needs to say "~" (for all users) or list user home directories like "~alice" "~bob". And no, you cannot say /home if the advertised way to access user home directories are ~alice,~bob, etc. The whole point of this is to avoid unnecessary aliasing issues. Anyway, because of this, daemon needs to do a bit more work to guard itself. Namely, it needs to make sure that the accessor does not try to exploit its leading path match rule by inserting /../ in the middle or hanging /.. at the end. I resurrected the belts and suspender paranoia code HPA did for this purpose. This check cannot be done in the enter_repo() unconditionally, because there are valid callers of enter_repo() that want to honor /../; authorized users coming over ssh to run send-pack and fetch-pack should be allowed to do so. Signed-off-by: Junio C Hamano <junkio@cox.net>
* Check repository format version in enter_repo().Junio C Hamano2005-11-27
| | | | | | | | | After daemon, upload-pack and receive-pack find out where the git directory is and chdir() there, make sure that repository is in a format we understand, after putenv("GIT_DIR=.") so that it knows to pick up the configuration file from there. Signed-off-by: Junio C Hamano <junkio@cox.net>
* Fix "do not DWIM" patch to enter_repo"Junio C Hamano2005-11-20
| | | | | | | | | We wanted --strict to mean "do not DWIM", but the code required to see absolute path. daemon does its own path verification and chdirs to the verified repository, so enter_repo() called from upload-pack will always enter ".". Requiring absolute path does not make any sense. Signed-off-by: Junio C Hamano <junkio@cox.net>
* Fix sparse warningsTimo Hirvonen2005-11-20
| | | | | | | | | Make some functions static and convert func() function prototypes to to func(void). Fix declaration after statement, missing declaration and redundant declaration warnings. Signed-off-by: Timo Hirvonen <tihirvon@gmail.com> Signed-off-by: Junio C Hamano <junkio@cox.net>
* Do not DWIM in userpath library under strict mode.Junio C Hamano2005-11-19
| | | | | | | | | | | | | This should force git-daemon administrator's job a bit harder because the exact paths need to be given in the whitelist, but at the same time makes the auditing easier. This moves validate_symref() from refs.c to path.c, because we need to link path.c with git-daemon for its "enter_repo()", but we do not want to link the daemon with the rest of git libraries and its requirements. Signed-off-by: Junio C Hamano <junkio@cox.net>
* Library code for user-relative paths, take three.Andreas Ericsson2005-11-19
| | | | | | | | | This patch provides the work-horse of the user-relative paths feature, using Linus' idea of a blind chdir() and getcwd() which makes it remarkably simple. Signed-off-by: Andreas Ericsson <ae@op5.se> Signed-off-by: Junio C Hamano <junkio@cox.net>