setup.con commit vcs-svn: Reject path nodes without Node-action (414e569)
   1#include "cache.h"
   2#include "dir.h"
   3
   4static int inside_git_dir = -1;
   5static int inside_work_tree = -1;
   6
   7const char *prefix_path(const char *prefix, int len, const char *path)
   8{
   9        const char *orig = path;
  10        char *sanitized = xmalloc(len + strlen(path) + 1);
  11        if (is_absolute_path(orig))
  12                strcpy(sanitized, path);
  13        else {
  14                if (len)
  15                        memcpy(sanitized, prefix, len);
  16                strcpy(sanitized + len, path);
  17        }
  18        if (normalize_path_copy(sanitized, sanitized))
  19                goto error_out;
  20        if (is_absolute_path(orig)) {
  21                size_t root_len, len, total;
  22                const char *work_tree = get_git_work_tree();
  23                if (!work_tree)
  24                        goto error_out;
  25                len = strlen(work_tree);
  26                root_len = offset_1st_component(work_tree);
  27                total = strlen(sanitized) + 1;
  28                if (strncmp(sanitized, work_tree, len) ||
  29                    (len > root_len && sanitized[len] != '\0' && sanitized[len] != '/')) {
  30                error_out:
  31                        die("'%s' is outside repository", orig);
  32                }
  33                if (sanitized[len] == '/')
  34                        len++;
  35                memmove(sanitized, sanitized + len, total - len);
  36        }
  37        return sanitized;
  38}
  39
  40/*
  41 * Unlike prefix_path, this should be used if the named file does
  42 * not have to interact with index entry; i.e. name of a random file
  43 * on the filesystem.
  44 */
  45const char *prefix_filename(const char *pfx, int pfx_len, const char *arg)
  46{
  47        static char path[PATH_MAX];
  48#ifndef WIN32
  49        if (!pfx_len || is_absolute_path(arg))
  50                return arg;
  51        memcpy(path, pfx, pfx_len);
  52        strcpy(path + pfx_len, arg);
  53#else
  54        char *p;
  55        /* don't add prefix to absolute paths, but still replace '\' by '/' */
  56        if (is_absolute_path(arg))
  57                pfx_len = 0;
  58        else if (pfx_len)
  59                memcpy(path, pfx, pfx_len);
  60        strcpy(path + pfx_len, arg);
  61        for (p = path + pfx_len; *p; p++)
  62                if (*p == '\\')
  63                        *p = '/';
  64#endif
  65        return path;
  66}
  67
  68int check_filename(const char *prefix, const char *arg)
  69{
  70        const char *name;
  71        struct stat st;
  72
  73        name = prefix ? prefix_filename(prefix, strlen(prefix), arg) : arg;
  74        if (!lstat(name, &st))
  75                return 1; /* file exists */
  76        if (errno == ENOENT || errno == ENOTDIR)
  77                return 0; /* file does not exist */
  78        die_errno("failed to stat '%s'", arg);
  79}
  80
  81static void NORETURN die_verify_filename(const char *prefix, const char *arg)
  82{
  83        unsigned char sha1[20];
  84        unsigned mode;
  85        /* try a detailed diagnostic ... */
  86        get_sha1_with_mode_1(arg, sha1, &mode, 0, prefix);
  87        /* ... or fall back the most general message. */
  88        die("ambiguous argument '%s': unknown revision or path not in the working tree.\n"
  89            "Use '--' to separate paths from revisions", arg);
  90
  91}
  92
  93/*
  94 * Verify a filename that we got as an argument for a pathspec
  95 * entry. Note that a filename that begins with "-" never verifies
  96 * as true, because even if such a filename were to exist, we want
  97 * it to be preceded by the "--" marker (or we want the user to
  98 * use a format like "./-filename")
  99 */
 100void verify_filename(const char *prefix, const char *arg)
 101{
 102        if (*arg == '-')
 103                die("bad flag '%s' used after filename", arg);
 104        if (check_filename(prefix, arg))
 105                return;
 106        die_verify_filename(prefix, arg);
 107}
 108
 109/*
 110 * Opposite of the above: the command line did not have -- marker
 111 * and we parsed the arg as a refname.  It should not be interpretable
 112 * as a filename.
 113 */
 114void verify_non_filename(const char *prefix, const char *arg)
 115{
 116        if (!is_inside_work_tree() || is_inside_git_dir())
 117                return;
 118        if (*arg == '-')
 119                return; /* flag */
 120        if (!check_filename(prefix, arg))
 121                return;
 122        die("ambiguous argument '%s': both revision and filename\n"
 123            "Use '--' to separate filenames from revisions", arg);
 124}
 125
 126const char **get_pathspec(const char *prefix, const char **pathspec)
 127{
 128        const char *entry = *pathspec;
 129        const char **src, **dst;
 130        int prefixlen;
 131
 132        if (!prefix && !entry)
 133                return NULL;
 134
 135        if (!entry) {
 136                static const char *spec[2];
 137                spec[0] = prefix;
 138                spec[1] = NULL;
 139                return spec;
 140        }
 141
 142        /* Otherwise we have to re-write the entries.. */
 143        src = pathspec;
 144        dst = pathspec;
 145        prefixlen = prefix ? strlen(prefix) : 0;
 146        while (*src) {
 147                const char *p = prefix_path(prefix, prefixlen, *src);
 148                *(dst++) = p;
 149                src++;
 150        }
 151        *dst = NULL;
 152        if (!*pathspec)
 153                return NULL;
 154        return pathspec;
 155}
 156
 157/*
 158 * Test if it looks like we're at a git directory.
 159 * We want to see:
 160 *
 161 *  - either an objects/ directory _or_ the proper
 162 *    GIT_OBJECT_DIRECTORY environment variable
 163 *  - a refs/ directory
 164 *  - either a HEAD symlink or a HEAD file that is formatted as
 165 *    a proper "ref:", or a regular file HEAD that has a properly
 166 *    formatted sha1 object name.
 167 */
 168static int is_git_directory(const char *suspect)
 169{
 170        char path[PATH_MAX];
 171        size_t len = strlen(suspect);
 172
 173        if (PATH_MAX <= len + strlen("/objects"))
 174                die("Too long path: %.*s", 60, suspect);
 175        strcpy(path, suspect);
 176        if (getenv(DB_ENVIRONMENT)) {
 177                if (access(getenv(DB_ENVIRONMENT), X_OK))
 178                        return 0;
 179        }
 180        else {
 181                strcpy(path + len, "/objects");
 182                if (access(path, X_OK))
 183                        return 0;
 184        }
 185
 186        strcpy(path + len, "/refs");
 187        if (access(path, X_OK))
 188                return 0;
 189
 190        strcpy(path + len, "/HEAD");
 191        if (validate_headref(path))
 192                return 0;
 193
 194        return 1;
 195}
 196
 197int is_inside_git_dir(void)
 198{
 199        if (inside_git_dir < 0)
 200                inside_git_dir = is_inside_dir(get_git_dir());
 201        return inside_git_dir;
 202}
 203
 204int is_inside_work_tree(void)
 205{
 206        if (inside_work_tree < 0)
 207                inside_work_tree = is_inside_dir(get_git_work_tree());
 208        return inside_work_tree;
 209}
 210
 211/*
 212 * set_work_tree() is only ever called if you set GIT_DIR explicitly.
 213 * The old behaviour (which we retain here) is to set the work tree root
 214 * to the cwd, unless overridden by the config, the command line, or
 215 * GIT_WORK_TREE.
 216 */
 217static const char *set_work_tree(const char *dir)
 218{
 219        char buffer[PATH_MAX + 1];
 220
 221        if (!getcwd(buffer, sizeof(buffer)))
 222                die ("Could not get the current working directory");
 223        git_work_tree_cfg = xstrdup(buffer);
 224        inside_work_tree = 1;
 225
 226        return NULL;
 227}
 228
 229void setup_work_tree(void)
 230{
 231        const char *work_tree, *git_dir;
 232        static int initialized = 0;
 233
 234        if (initialized)
 235                return;
 236        work_tree = get_git_work_tree();
 237        git_dir = get_git_dir();
 238        if (!is_absolute_path(git_dir))
 239                git_dir = make_absolute_path(git_dir);
 240        if (!work_tree || chdir(work_tree))
 241                die("This operation must be run in a work tree");
 242        set_git_dir(make_relative_path(git_dir, work_tree));
 243        initialized = 1;
 244}
 245
 246static int check_repository_format_gently(int *nongit_ok)
 247{
 248        git_config(check_repository_format_version, NULL);
 249        if (GIT_REPO_VERSION < repository_format_version) {
 250                if (!nongit_ok)
 251                        die ("Expected git repo version <= %d, found %d",
 252                             GIT_REPO_VERSION, repository_format_version);
 253                warning("Expected git repo version <= %d, found %d",
 254                        GIT_REPO_VERSION, repository_format_version);
 255                warning("Please upgrade Git");
 256                *nongit_ok = -1;
 257                return -1;
 258        }
 259        return 0;
 260}
 261
 262/*
 263 * Try to read the location of the git directory from the .git file,
 264 * return path to git directory if found.
 265 */
 266const char *read_gitfile_gently(const char *path)
 267{
 268        char *buf;
 269        char *dir;
 270        const char *slash;
 271        struct stat st;
 272        int fd;
 273        size_t len;
 274
 275        if (stat(path, &st))
 276                return NULL;
 277        if (!S_ISREG(st.st_mode))
 278                return NULL;
 279        fd = open(path, O_RDONLY);
 280        if (fd < 0)
 281                die_errno("Error opening '%s'", path);
 282        buf = xmalloc(st.st_size + 1);
 283        len = read_in_full(fd, buf, st.st_size);
 284        close(fd);
 285        if (len != st.st_size)
 286                die("Error reading %s", path);
 287        buf[len] = '\0';
 288        if (prefixcmp(buf, "gitdir: "))
 289                die("Invalid gitfile format: %s", path);
 290        while (buf[len - 1] == '\n' || buf[len - 1] == '\r')
 291                len--;
 292        if (len < 9)
 293                die("No path in gitfile: %s", path);
 294        buf[len] = '\0';
 295        dir = buf + 8;
 296
 297        if (!is_absolute_path(dir) && (slash = strrchr(path, '/'))) {
 298                size_t pathlen = slash+1 - path;
 299                size_t dirlen = pathlen + len - 8;
 300                dir = xmalloc(dirlen + 1);
 301                strncpy(dir, path, pathlen);
 302                strncpy(dir + pathlen, buf + 8, len - 8);
 303                dir[dirlen] = '\0';
 304                free(buf);
 305                buf = dir;
 306        }
 307
 308        if (!is_git_directory(dir))
 309                die("Not a git repository: %s", dir);
 310        path = make_absolute_path(dir);
 311
 312        free(buf);
 313        return path;
 314}
 315
 316static const char *setup_explicit_git_dir(const char *gitdirenv,
 317                                const char *work_tree_env, int *nongit_ok)
 318{
 319        static char buffer[1024 + 1];
 320        const char *retval;
 321
 322        if (PATH_MAX - 40 < strlen(gitdirenv))
 323                die("'$%s' too big", GIT_DIR_ENVIRONMENT);
 324        if (!is_git_directory(gitdirenv)) {
 325                if (nongit_ok) {
 326                        *nongit_ok = 1;
 327                        return NULL;
 328                }
 329                die("Not a git repository: '%s'", gitdirenv);
 330        }
 331        if (!work_tree_env) {
 332                retval = set_work_tree(gitdirenv);
 333                /* config may override worktree */
 334                if (check_repository_format_gently(nongit_ok))
 335                        return NULL;
 336                return retval;
 337        }
 338        if (check_repository_format_gently(nongit_ok))
 339                return NULL;
 340        retval = get_relative_cwd(buffer, sizeof(buffer) - 1,
 341                        get_git_work_tree());
 342        if (!retval || !*retval)
 343                return NULL;
 344        set_git_dir(make_absolute_path(gitdirenv));
 345        if (chdir(work_tree_env) < 0)
 346                die_errno ("Could not chdir to '%s'", work_tree_env);
 347        strcat(buffer, "/");
 348        return retval;
 349}
 350
 351static int cwd_contains_git_dir(const char **gitfile_dirp)
 352{
 353        const char *gitfile_dir = read_gitfile_gently(DEFAULT_GIT_DIR_ENVIRONMENT);
 354        *gitfile_dirp = gitfile_dir;
 355        if (gitfile_dir) {
 356                if (set_git_dir(gitfile_dir))
 357                        die("Repository setup failed");
 358                return 1;
 359        }
 360        return is_git_directory(DEFAULT_GIT_DIR_ENVIRONMENT);
 361}
 362
 363static const char *setup_discovered_git_dir(const char *work_tree_env,
 364                int offset, int len, char *cwd, int *nongit_ok)
 365{
 366        int root_len;
 367
 368        inside_git_dir = 0;
 369        if (!work_tree_env)
 370                inside_work_tree = 1;
 371        root_len = offset_1st_component(cwd);
 372        git_work_tree_cfg = xstrndup(cwd, offset > root_len ? offset : root_len);
 373        if (check_repository_format_gently(nongit_ok))
 374                return NULL;
 375        if (offset == len)
 376                return NULL;
 377
 378        /* Make "offset" point to past the '/', and add a '/' at the end */
 379        offset++;
 380        cwd[len++] = '/';
 381        cwd[len] = 0;
 382        return cwd + offset;
 383}
 384
 385static const char *setup_bare_git_dir(const char *work_tree_env,
 386                int offset, int len, char *cwd, int *nongit_ok)
 387{
 388        int root_len;
 389
 390        inside_git_dir = 1;
 391        if (!work_tree_env)
 392                inside_work_tree = 0;
 393        if (offset != len) {
 394                if (chdir(cwd))
 395                        die_errno("Cannot come back to cwd");
 396                root_len = offset_1st_component(cwd);
 397                cwd[offset > root_len ? offset : root_len] = '\0';
 398                set_git_dir(cwd);
 399        } else
 400                set_git_dir(".");
 401        check_repository_format_gently(nongit_ok);
 402        return NULL;
 403}
 404
 405static const char *setup_nongit(const char *cwd, int *nongit_ok)
 406{
 407        if (!nongit_ok)
 408                die("Not a git repository (or any of the parent directories): %s", DEFAULT_GIT_DIR_ENVIRONMENT);
 409        if (chdir(cwd))
 410                die_errno("Cannot come back to cwd");
 411        *nongit_ok = 1;
 412        return NULL;
 413}
 414
 415static dev_t get_device_or_die(const char *path, const char *prefix)
 416{
 417        struct stat buf;
 418        if (stat(path, &buf))
 419                die_errno("failed to stat '%s%s%s'",
 420                                prefix ? prefix : "",
 421                                prefix ? "/" : "", path);
 422        return buf.st_dev;
 423}
 424
 425/*
 426 * We cannot decide in this function whether we are in the work tree or
 427 * not, since the config can only be read _after_ this function was called.
 428 */
 429static const char *setup_git_directory_gently_1(int *nongit_ok)
 430{
 431        const char *work_tree_env = getenv(GIT_WORK_TREE_ENVIRONMENT);
 432        const char *env_ceiling_dirs = getenv(CEILING_DIRECTORIES_ENVIRONMENT);
 433        static char cwd[PATH_MAX+1];
 434        const char *gitdirenv;
 435        const char *gitfile_dir;
 436        int len, offset, ceil_offset;
 437        dev_t current_device = 0;
 438        int one_filesystem = 1;
 439
 440        /*
 441         * Let's assume that we are in a git repository.
 442         * If it turns out later that we are somewhere else, the value will be
 443         * updated accordingly.
 444         */
 445        if (nongit_ok)
 446                *nongit_ok = 0;
 447
 448        /*
 449         * If GIT_DIR is set explicitly, we're not going
 450         * to do any discovery, but we still do repository
 451         * validation.
 452         */
 453        gitdirenv = getenv(GIT_DIR_ENVIRONMENT);
 454        if (gitdirenv)
 455                return setup_explicit_git_dir(gitdirenv, work_tree_env, nongit_ok);
 456
 457        if (!getcwd(cwd, sizeof(cwd)-1))
 458                die_errno("Unable to read current working directory");
 459
 460        ceil_offset = longest_ancestor_length(cwd, env_ceiling_dirs);
 461        if (ceil_offset < 0 && has_dos_drive_prefix(cwd))
 462                ceil_offset = 1;
 463
 464        /*
 465         * Test in the following order (relative to the cwd):
 466         * - .git (file containing "gitdir: <path>")
 467         * - .git/
 468         * - ./ (bare)
 469         * - ../.git
 470         * - ../.git/
 471         * - ../ (bare)
 472         * - ../../.git/
 473         *   etc.
 474         */
 475        offset = len = strlen(cwd);
 476        one_filesystem = !git_env_bool("GIT_DISCOVERY_ACROSS_FILESYSTEM", 0);
 477        if (one_filesystem)
 478                current_device = get_device_or_die(".", NULL);
 479        for (;;) {
 480                if (cwd_contains_git_dir(&gitfile_dir))
 481                        return setup_discovered_git_dir(work_tree_env, offset,
 482                                                        len, cwd, nongit_ok);
 483                if (is_git_directory("."))
 484                        return setup_bare_git_dir(work_tree_env, offset,
 485                                                        len, cwd, nongit_ok);
 486                while (--offset > ceil_offset && cwd[offset] != '/');
 487                if (offset <= ceil_offset)
 488                        return setup_nongit(cwd, nongit_ok);
 489                if (one_filesystem) {
 490                        dev_t parent_device = get_device_or_die("..", cwd);
 491                        if (parent_device != current_device) {
 492                                if (nongit_ok) {
 493                                        if (chdir(cwd))
 494                                                die_errno("Cannot come back to cwd");
 495                                        *nongit_ok = 1;
 496                                        return NULL;
 497                                }
 498                                cwd[offset] = '\0';
 499                                die("Not a git repository (or any parent up to mount parent %s)\n"
 500                                "Stopping at filesystem boundary (GIT_DISCOVERY_ACROSS_FILESYSTEM not set).", cwd);
 501                        }
 502                }
 503                if (chdir("..")) {
 504                        cwd[offset] = '\0';
 505                        die_errno("Cannot change to '%s/..'", cwd);
 506                }
 507        }
 508}
 509
 510const char *setup_git_directory_gently(int *nongit_ok)
 511{
 512        const char *prefix;
 513
 514        prefix = setup_git_directory_gently_1(nongit_ok);
 515        if (startup_info)
 516                startup_info->have_repository = !nongit_ok || !*nongit_ok;
 517        return prefix;
 518}
 519
 520int git_config_perm(const char *var, const char *value)
 521{
 522        int i;
 523        char *endptr;
 524
 525        if (value == NULL)
 526                return PERM_GROUP;
 527
 528        if (!strcmp(value, "umask"))
 529                return PERM_UMASK;
 530        if (!strcmp(value, "group"))
 531                return PERM_GROUP;
 532        if (!strcmp(value, "all") ||
 533            !strcmp(value, "world") ||
 534            !strcmp(value, "everybody"))
 535                return PERM_EVERYBODY;
 536
 537        /* Parse octal numbers */
 538        i = strtol(value, &endptr, 8);
 539
 540        /* If not an octal number, maybe true/false? */
 541        if (*endptr != 0)
 542                return git_config_bool(var, value) ? PERM_GROUP : PERM_UMASK;
 543
 544        /*
 545         * Treat values 0, 1 and 2 as compatibility cases, otherwise it is
 546         * a chmod value to restrict to.
 547         */
 548        switch (i) {
 549        case PERM_UMASK:               /* 0 */
 550                return PERM_UMASK;
 551        case OLD_PERM_GROUP:           /* 1 */
 552                return PERM_GROUP;
 553        case OLD_PERM_EVERYBODY:       /* 2 */
 554                return PERM_EVERYBODY;
 555        }
 556
 557        /* A filemode value was given: 0xxx */
 558
 559        if ((i & 0600) != 0600)
 560                die("Problem with core.sharedRepository filemode value "
 561                    "(0%.3o).\nThe owner of files must always have "
 562                    "read and write permissions.", i);
 563
 564        /*
 565         * Mask filemode value. Others can not get write permission.
 566         * x flags for directories are handled separately.
 567         */
 568        return -(i & 0666);
 569}
 570
 571int check_repository_format_version(const char *var, const char *value, void *cb)
 572{
 573        if (strcmp(var, "core.repositoryformatversion") == 0)
 574                repository_format_version = git_config_int(var, value);
 575        else if (strcmp(var, "core.sharedrepository") == 0)
 576                shared_repository = git_config_perm(var, value);
 577        else if (strcmp(var, "core.bare") == 0) {
 578                is_bare_repository_cfg = git_config_bool(var, value);
 579                if (is_bare_repository_cfg == 1)
 580                        inside_work_tree = -1;
 581        } else if (strcmp(var, "core.worktree") == 0) {
 582                if (!value)
 583                        return config_error_nonbool(var);
 584                free(git_work_tree_cfg);
 585                git_work_tree_cfg = xstrdup(value);
 586                inside_work_tree = -1;
 587        }
 588        return 0;
 589}
 590
 591int check_repository_format(void)
 592{
 593        return check_repository_format_gently(NULL);
 594}
 595
 596/*
 597 * Returns the "prefix", a path to the current working directory
 598 * relative to the work tree root, or NULL, if the current working
 599 * directory is not a strict subdirectory of the work tree root. The
 600 * prefix always ends with a '/' character.
 601 */
 602const char *setup_git_directory(void)
 603{
 604        const char *retval = setup_git_directory_gently(NULL);
 605
 606        /* If the work tree is not the default one, recompute prefix */
 607        if (inside_work_tree < 0) {
 608                static char buffer[PATH_MAX + 1];
 609                char *rel;
 610                if (retval && chdir(retval))
 611                        die_errno ("Could not jump back into original cwd");
 612                rel = get_relative_cwd(buffer, PATH_MAX, get_git_work_tree());
 613                if (rel && *rel && chdir(get_git_work_tree()))
 614                        die_errno ("Could not jump to working directory");
 615                return rel && *rel ? strcat(rel, "/") : NULL;
 616        }
 617
 618        return retval;
 619}