aboutsummaryrefslogtreecommitdiff
path: root/path.c
Commit message (Collapse)AuthorAge
* Rename safe_strncpy() to strlcpy().Peter Eriksen2006-06-24
| | | | | | | | | | | This cleans up the use of safe_strncpy() even more. Since it has the same semantics as strlcpy() use this name instead. Also move the definition from inside path.c to its own file compat/strlcpy.c, and use it conditionally at compile time, since some platforms already has strlcpy(). It's included in the same way as compat/setenv.c. Signed-off-by: Peter Eriksen <s022018@student.dtu.dk> Signed-off-by: Junio C Hamano <junkio@cox.net>
* Merge branch 'js/diff'Junio C Hamano2006-06-17
|\
| * Implement safe_strncpy() as strlcpy() and use it more.Peter Eriksen2006-06-16
| | | | | | | | | | Signed-off-by: Peter Eriksen <s022018@student.dtu.dk> Signed-off-by: Junio C Hamano <junkio@cox.net>
* | shared repository: optionally allow reading to "others".Junio C Hamano2006-06-10
|/ | | | | | | | | | | | | | | | | | | | | | This enhances core.sharedrepository to have additionally specify that read and exec permissions to be given to others as well. It is useful when serving a repository via gitweb and git-daemon that runs as a user outside the project group. The configuration item can take the following values: [core] sharedrepository ; the same as "group" sharedrepository = true ; ditto sharedrepository = 1 ; ditto sharedrepository = group ; allow rwx to group sharedrepository = all ; allow rwx to group, allow rx to other sharedrepository = umask ; not shared - use umask It also extends "git init-db" to take "--shared=all" and friends from the command line. Signed-off-by: Junio C Hamano <junkio@cox.net>
* shared repository - add a few missing calls to adjust_shared_perm().Junio C Hamano2006-06-09
| | | | | | | | | | | | | | | | | | | | | | | | | | There were a few calls to adjust_shared_perm() that were missing: - init-db creates refs, refs/heads, and refs/tags before reading from templates that could specify sharedrepository in the config file; - updating config file created it under user's umask without adjusting; - updating refs created it under user's umask without adjusting; - switching branches created .git/HEAD under user's umask without adjusting. This moves adjust_shared_perm() from sha1_file.c to path.c, since a few SIMPLE_PROGRAM need to call repository configuration functions which in turn need to call adjust_shared_perm(). sha1_file.c needs to link with SHA1 computation library which is usually not linked to SIMPLE_PROGRAM. Signed-off-by: Junio C Hamano <junkio@cox.net>
* [PATCH] daemon.c and path.enter_repo(): revamp path validation.Junio C Hamano2005-12-03
| | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | The whitelist of git-daemon is checked against return value from enter_repo(), and enter_repo() used to return the value obtained from getcwd() to avoid directory aliasing issues as discussed earier (mid October 2005). Unfortunately, it did not go well as we hoped. For example, /pub on a kernel.org public machine is a symlink to its real mountpoint, and it is understandable that the administrator does not want to adjust the whitelist every time /pub needs to point at a different partition for storage allcation or whatever reasons. Being able to keep using /pub/scm as the whitelist is a desirable property. So this version of enter_repo() reports what it used to chdir() and validate, but does not use getcwd() to canonicalize the directory name. When it sees a user relative path ~user/path, it internally resolves it to try chdir() there, but it still reports ~user/path (possibly after appending .git if allowed to do so, in which case it would report ~user/path.git). What this means is that if a whitelist wants to allow a user relative path, it needs to say "~" (for all users) or list user home directories like "~alice" "~bob". And no, you cannot say /home if the advertised way to access user home directories are ~alice,~bob, etc. The whole point of this is to avoid unnecessary aliasing issues. Anyway, because of this, daemon needs to do a bit more work to guard itself. Namely, it needs to make sure that the accessor does not try to exploit its leading path match rule by inserting /../ in the middle or hanging /.. at the end. I resurrected the belts and suspender paranoia code HPA did for this purpose. This check cannot be done in the enter_repo() unconditionally, because there are valid callers of enter_repo() that want to honor /../; authorized users coming over ssh to run send-pack and fetch-pack should be allowed to do so. Signed-off-by: Junio C Hamano <junkio@cox.net>
* Check repository format version in enter_repo().Junio C Hamano2005-11-27
| | | | | | | | | After daemon, upload-pack and receive-pack find out where the git directory is and chdir() there, make sure that repository is in a format we understand, after putenv("GIT_DIR=.") so that it knows to pick up the configuration file from there. Signed-off-by: Junio C Hamano <junkio@cox.net>
* Fix "do not DWIM" patch to enter_repo"Junio C Hamano2005-11-20
| | | | | | | | | We wanted --strict to mean "do not DWIM", but the code required to see absolute path. daemon does its own path verification and chdirs to the verified repository, so enter_repo() called from upload-pack will always enter ".". Requiring absolute path does not make any sense. Signed-off-by: Junio C Hamano <junkio@cox.net>
* Fix sparse warningsTimo Hirvonen2005-11-20
| | | | | | | | | Make some functions static and convert func() function prototypes to to func(void). Fix declaration after statement, missing declaration and redundant declaration warnings. Signed-off-by: Timo Hirvonen <tihirvon@gmail.com> Signed-off-by: Junio C Hamano <junkio@cox.net>
* Do not DWIM in userpath library under strict mode.Junio C Hamano2005-11-19
| | | | | | | | | | | | | This should force git-daemon administrator's job a bit harder because the exact paths need to be given in the whitelist, but at the same time makes the auditing easier. This moves validate_symref() from refs.c to path.c, because we need to link path.c with git-daemon for its "enter_repo()", but we do not want to link the daemon with the rest of git libraries and its requirements. Signed-off-by: Junio C Hamano <junkio@cox.net>
* Library code for user-relative paths, take three.Andreas Ericsson2005-11-19
| | | | | | | | | This patch provides the work-horse of the user-relative paths feature, using Linus' idea of a blind chdir() and getcwd() which makes it remarkably simple. Signed-off-by: Andreas Ericsson <ae@op5.se> Signed-off-by: Junio C Hamano <junkio@cox.net>
* [PATCH] Provide access to git_dir through get_git_dir().Sven Verdoolaege2005-09-27
| | | | | Signed-off-by: Sven Verdoolaege <skimo@kotnet.org> Signed-off-by: Junio C Hamano <junkio@cox.net>
* Retire support for old environment variables.Junio C Hamano2005-09-09
| | | | | | | | | | We have deprecated the old environment variable names for quite a while and now it's time to remove them. Gone are: SHA1_FILE_DIRECTORIES AUTHOR_DATE AUTHOR_EMAIL AUTHOR_NAME COMMIT_AUTHOR_EMAIL COMMIT_AUTHOR_NAME SHA1_FILE_DIRECTORY Signed-off-by: Junio C Hamano <junkio@cox.net>
* Fix ?: statements.Jason Riedy2005-08-23
| | | | | | | | | Omitting the first branch in ?: is a GNU extension. Cute, but not supported by other compilers. Replaced mostly by explicit tests. Calls to getenv() simply are repeated on non-GNU compilers. Signed-off-by: Jason Riedy <ejr@cs.berkeley.edu>
* [PATCH] git_mkstemp() fixHolger Eitzenberger2005-08-08
| | | | | | | | | | git_mkstemp() attempted to use TMPDIR environment variable, but it botched copying the templates. [jc: Holger, please add your own Signed-off-by line, and also if you can, send in future patches as non attachments.] Signed-off-by: Junio C Hamano <junkio@cox.net>
* [PATCH] git: add git_mkstemp()Holger Eitzenberger2005-08-05
| | | | Signed-off-by: Junio C Hamano <junkio@cox.net>
* Add "mkpath()" helper functionLinus Torvalds2005-07-08
I'm bored with doing it by hand all the time.