setup.con commit log: fix -L bounds checking bug (63828b8)
   1#include "cache.h"
   2#include "dir.h"
   3#include "string-list.h"
   4
   5static int inside_git_dir = -1;
   6static int inside_work_tree = -1;
   7
   8static char *prefix_path_gently(const char *prefix, int len, const char *path)
   9{
  10        const char *orig = path;
  11        char *sanitized;
  12        if (is_absolute_path(orig)) {
  13                const char *temp = real_path(path);
  14                sanitized = xmalloc(len + strlen(temp) + 1);
  15                strcpy(sanitized, temp);
  16        } else {
  17                sanitized = xmalloc(len + strlen(path) + 1);
  18                if (len)
  19                        memcpy(sanitized, prefix, len);
  20                strcpy(sanitized + len, path);
  21        }
  22        if (normalize_path_copy(sanitized, sanitized))
  23                goto error_out;
  24        if (is_absolute_path(orig)) {
  25                size_t root_len, len, total;
  26                const char *work_tree = get_git_work_tree();
  27                if (!work_tree)
  28                        goto error_out;
  29                len = strlen(work_tree);
  30                root_len = offset_1st_component(work_tree);
  31                total = strlen(sanitized) + 1;
  32                if (strncmp(sanitized, work_tree, len) ||
  33                    (len > root_len && sanitized[len] != '\0' && sanitized[len] != '/')) {
  34                error_out:
  35                        free(sanitized);
  36                        return NULL;
  37                }
  38                if (sanitized[len] == '/')
  39                        len++;
  40                memmove(sanitized, sanitized + len, total - len);
  41        }
  42        return sanitized;
  43}
  44
  45char *prefix_path(const char *prefix, int len, const char *path)
  46{
  47        char *r = prefix_path_gently(prefix, len, path);
  48        if (!r)
  49                die("'%s' is outside repository", path);
  50        return r;
  51}
  52
  53int path_inside_repo(const char *prefix, const char *path)
  54{
  55        int len = prefix ? strlen(prefix) : 0;
  56        char *r = prefix_path_gently(prefix, len, path);
  57        if (r) {
  58                free(r);
  59                return 1;
  60        }
  61        return 0;
  62}
  63
  64int check_filename(const char *prefix, const char *arg)
  65{
  66        const char *name;
  67        struct stat st;
  68
  69        if (!prefixcmp(arg, ":/")) {
  70                if (arg[2] == '\0') /* ":/" is root dir, always exists */
  71                        return 1;
  72                name = arg + 2;
  73        } else if (prefix)
  74                name = prefix_filename(prefix, strlen(prefix), arg);
  75        else
  76                name = arg;
  77        if (!lstat(name, &st))
  78                return 1; /* file exists */
  79        if (errno == ENOENT || errno == ENOTDIR)
  80                return 0; /* file does not exist */
  81        die_errno("failed to stat '%s'", arg);
  82}
  83
  84static void NORETURN die_verify_filename(const char *prefix,
  85                                         const char *arg,
  86                                         int diagnose_misspelt_rev)
  87{
  88        if (!diagnose_misspelt_rev)
  89                die("%s: no such path in the working tree.\n"
  90                    "Use 'git <command> -- <path>...' to specify paths that do not exist locally.",
  91                    arg);
  92        /*
  93         * Saying "'(icase)foo' does not exist in the index" when the
  94         * user gave us ":(icase)foo" is just stupid.  A magic pathspec
  95         * begins with a colon and is followed by a non-alnum; do not
  96         * let maybe_die_on_misspelt_object_name() even trigger.
  97         */
  98        if (!(arg[0] == ':' && !isalnum(arg[1])))
  99                maybe_die_on_misspelt_object_name(arg, prefix);
 100
 101        /* ... or fall back the most general message. */
 102        die("ambiguous argument '%s': unknown revision or path not in the working tree.\n"
 103            "Use '--' to separate paths from revisions, like this:\n"
 104            "'git <command> [<revision>...] -- [<file>...]'", arg);
 105
 106}
 107
 108/*
 109 * Verify a filename that we got as an argument for a pathspec
 110 * entry. Note that a filename that begins with "-" never verifies
 111 * as true, because even if such a filename were to exist, we want
 112 * it to be preceded by the "--" marker (or we want the user to
 113 * use a format like "./-filename")
 114 *
 115 * The "diagnose_misspelt_rev" is used to provide a user-friendly
 116 * diagnosis when dying upon finding that "name" is not a pathname.
 117 * If set to 1, the diagnosis will try to diagnose "name" as an
 118 * invalid object name (e.g. HEAD:foo). If set to 0, the diagnosis
 119 * will only complain about an inexisting file.
 120 *
 121 * This function is typically called to check that a "file or rev"
 122 * argument is unambiguous. In this case, the caller will want
 123 * diagnose_misspelt_rev == 1 when verifying the first non-rev
 124 * argument (which could have been a revision), and
 125 * diagnose_misspelt_rev == 0 for the next ones (because we already
 126 * saw a filename, there's not ambiguity anymore).
 127 */
 128void verify_filename(const char *prefix,
 129                     const char *arg,
 130                     int diagnose_misspelt_rev)
 131{
 132        if (*arg == '-')
 133                die("bad flag '%s' used after filename", arg);
 134        if (check_filename(prefix, arg))
 135                return;
 136        die_verify_filename(prefix, arg, diagnose_misspelt_rev);
 137}
 138
 139/*
 140 * Opposite of the above: the command line did not have -- marker
 141 * and we parsed the arg as a refname.  It should not be interpretable
 142 * as a filename.
 143 */
 144void verify_non_filename(const char *prefix, const char *arg)
 145{
 146        if (!is_inside_work_tree() || is_inside_git_dir())
 147                return;
 148        if (*arg == '-')
 149                return; /* flag */
 150        if (!check_filename(prefix, arg))
 151                return;
 152        die("ambiguous argument '%s': both revision and filename\n"
 153            "Use '--' to separate paths from revisions, like this:\n"
 154            "'git <command> [<revision>...] -- [<file>...]'", arg);
 155}
 156
 157/*
 158 * Magic pathspec
 159 *
 160 * NEEDSWORK: These need to be moved to dir.h or even to a new
 161 * pathspec.h when we restructure get_pathspec() users to use the
 162 * "struct pathspec" interface.
 163 *
 164 * Possible future magic semantics include stuff like:
 165 *
 166 *      { PATHSPEC_NOGLOB, '!', "noglob" },
 167 *      { PATHSPEC_ICASE, '\0', "icase" },
 168 *      { PATHSPEC_RECURSIVE, '*', "recursive" },
 169 *      { PATHSPEC_REGEXP, '\0', "regexp" },
 170 *
 171 */
 172#define PATHSPEC_FROMTOP    (1<<0)
 173
 174static struct pathspec_magic {
 175        unsigned bit;
 176        char mnemonic; /* this cannot be ':'! */
 177        const char *name;
 178} pathspec_magic[] = {
 179        { PATHSPEC_FROMTOP, '/', "top" },
 180};
 181
 182/*
 183 * Take an element of a pathspec and check for magic signatures.
 184 * Append the result to the prefix.
 185 *
 186 * For now, we only parse the syntax and throw out anything other than
 187 * "top" magic.
 188 *
 189 * NEEDSWORK: This needs to be rewritten when we start migrating
 190 * get_pathspec() users to use the "struct pathspec" interface.  For
 191 * example, a pathspec element may be marked as case-insensitive, but
 192 * the prefix part must always match literally, and a single stupid
 193 * string cannot express such a case.
 194 */
 195static const char *prefix_pathspec(const char *prefix, int prefixlen, const char *elt)
 196{
 197        unsigned magic = 0;
 198        const char *copyfrom = elt;
 199        int i;
 200
 201        if (elt[0] != ':') {
 202                ; /* nothing to do */
 203        } else if (elt[1] == '(') {
 204                /* longhand */
 205                const char *nextat;
 206                for (copyfrom = elt + 2;
 207                     *copyfrom && *copyfrom != ')';
 208                     copyfrom = nextat) {
 209                        size_t len = strcspn(copyfrom, ",)");
 210                        if (copyfrom[len] == ',')
 211                                nextat = copyfrom + len + 1;
 212                        else
 213                                /* handle ')' and '\0' */
 214                                nextat = copyfrom + len;
 215                        if (!len)
 216                                continue;
 217                        for (i = 0; i < ARRAY_SIZE(pathspec_magic); i++)
 218                                if (strlen(pathspec_magic[i].name) == len &&
 219                                    !strncmp(pathspec_magic[i].name, copyfrom, len)) {
 220                                        magic |= pathspec_magic[i].bit;
 221                                        break;
 222                                }
 223                        if (ARRAY_SIZE(pathspec_magic) <= i)
 224                                die("Invalid pathspec magic '%.*s' in '%s'",
 225                                    (int) len, copyfrom, elt);
 226                }
 227                if (*copyfrom != ')')
 228                        die("Missing ')' at the end of pathspec magic in '%s'", elt);
 229                copyfrom++;
 230        } else {
 231                /* shorthand */
 232                for (copyfrom = elt + 1;
 233                     *copyfrom && *copyfrom != ':';
 234                     copyfrom++) {
 235                        char ch = *copyfrom;
 236
 237                        if (!is_pathspec_magic(ch))
 238                                break;
 239                        for (i = 0; i < ARRAY_SIZE(pathspec_magic); i++)
 240                                if (pathspec_magic[i].mnemonic == ch) {
 241                                        magic |= pathspec_magic[i].bit;
 242                                        break;
 243                                }
 244                        if (ARRAY_SIZE(pathspec_magic) <= i)
 245                                die("Unimplemented pathspec magic '%c' in '%s'",
 246                                    ch, elt);
 247                }
 248                if (*copyfrom == ':')
 249                        copyfrom++;
 250        }
 251
 252        if (magic & PATHSPEC_FROMTOP)
 253                return xstrdup(copyfrom);
 254        else
 255                return prefix_path(prefix, prefixlen, copyfrom);
 256}
 257
 258/*
 259 * N.B. get_pathspec() is deprecated in favor of the "struct pathspec"
 260 * based interface - see pathspec_magic above.
 261 *
 262 * Arguments:
 263 *  - prefix - a path relative to the root of the working tree
 264 *  - pathspec - a list of paths underneath the prefix path
 265 *
 266 * Iterates over pathspec, prepending each path with prefix,
 267 * and return the resulting list.
 268 *
 269 * If pathspec is empty, return a singleton list containing prefix.
 270 *
 271 * If pathspec and prefix are both empty, return an empty list.
 272 *
 273 * This is typically used by built-in commands such as add.c, in order
 274 * to normalize argv arguments provided to the built-in into a list of
 275 * paths to process, all relative to the root of the working tree.
 276 */
 277const char **get_pathspec(const char *prefix, const char **pathspec)
 278{
 279        const char *entry = *pathspec;
 280        const char **src, **dst;
 281        int prefixlen;
 282
 283        if (!prefix && !entry)
 284                return NULL;
 285
 286        if (!entry) {
 287                static const char *spec[2];
 288                spec[0] = prefix;
 289                spec[1] = NULL;
 290                return spec;
 291        }
 292
 293        /* Otherwise we have to re-write the entries.. */
 294        src = pathspec;
 295        dst = pathspec;
 296        prefixlen = prefix ? strlen(prefix) : 0;
 297        while (*src) {
 298                *(dst++) = prefix_pathspec(prefix, prefixlen, *src);
 299                src++;
 300        }
 301        *dst = NULL;
 302        if (!*pathspec)
 303                return NULL;
 304        return pathspec;
 305}
 306
 307/*
 308 * Test if it looks like we're at a git directory.
 309 * We want to see:
 310 *
 311 *  - either an objects/ directory _or_ the proper
 312 *    GIT_OBJECT_DIRECTORY environment variable
 313 *  - a refs/ directory
 314 *  - either a HEAD symlink or a HEAD file that is formatted as
 315 *    a proper "ref:", or a regular file HEAD that has a properly
 316 *    formatted sha1 object name.
 317 */
 318int is_git_directory(const char *suspect)
 319{
 320        char path[PATH_MAX];
 321        size_t len = strlen(suspect);
 322
 323        if (PATH_MAX <= len + strlen("/objects"))
 324                die("Too long path: %.*s", 60, suspect);
 325        strcpy(path, suspect);
 326        if (getenv(DB_ENVIRONMENT)) {
 327                if (access(getenv(DB_ENVIRONMENT), X_OK))
 328                        return 0;
 329        }
 330        else {
 331                strcpy(path + len, "/objects");
 332                if (access(path, X_OK))
 333                        return 0;
 334        }
 335
 336        strcpy(path + len, "/refs");
 337        if (access(path, X_OK))
 338                return 0;
 339
 340        strcpy(path + len, "/HEAD");
 341        if (validate_headref(path))
 342                return 0;
 343
 344        return 1;
 345}
 346
 347int is_inside_git_dir(void)
 348{
 349        if (inside_git_dir < 0)
 350                inside_git_dir = is_inside_dir(get_git_dir());
 351        return inside_git_dir;
 352}
 353
 354int is_inside_work_tree(void)
 355{
 356        if (inside_work_tree < 0)
 357                inside_work_tree = is_inside_dir(get_git_work_tree());
 358        return inside_work_tree;
 359}
 360
 361void setup_work_tree(void)
 362{
 363        struct strbuf sb = STRBUF_INIT;
 364        const char *work_tree, *git_dir;
 365        static int initialized = 0;
 366
 367        if (initialized)
 368                return;
 369        work_tree = get_git_work_tree();
 370        git_dir = get_git_dir();
 371        if (!is_absolute_path(git_dir))
 372                git_dir = real_path(get_git_dir());
 373        if (!work_tree || chdir(work_tree))
 374                die("This operation must be run in a work tree");
 375
 376        /*
 377         * Make sure subsequent git processes find correct worktree
 378         * if $GIT_WORK_TREE is set relative
 379         */
 380        if (getenv(GIT_WORK_TREE_ENVIRONMENT))
 381                setenv(GIT_WORK_TREE_ENVIRONMENT, ".", 1);
 382
 383        set_git_dir(relative_path(git_dir, work_tree, &sb));
 384        initialized = 1;
 385
 386        strbuf_release(&sb);
 387}
 388
 389static int check_repository_format_gently(const char *gitdir, int *nongit_ok)
 390{
 391        char repo_config[PATH_MAX+1];
 392
 393        /*
 394         * git_config() can't be used here because it calls git_pathdup()
 395         * to get $GIT_CONFIG/config. That call will make setup_git_env()
 396         * set git_dir to ".git".
 397         *
 398         * We are in gitdir setup, no git dir has been found useable yet.
 399         * Use a gentler version of git_config() to check if this repo
 400         * is a good one.
 401         */
 402        snprintf(repo_config, PATH_MAX, "%s/config", gitdir);
 403        git_config_early(check_repository_format_version, NULL, repo_config);
 404        if (GIT_REPO_VERSION < repository_format_version) {
 405                if (!nongit_ok)
 406                        die ("Expected git repo version <= %d, found %d",
 407                             GIT_REPO_VERSION, repository_format_version);
 408                warning("Expected git repo version <= %d, found %d",
 409                        GIT_REPO_VERSION, repository_format_version);
 410                warning("Please upgrade Git");
 411                *nongit_ok = -1;
 412                return -1;
 413        }
 414        return 0;
 415}
 416
 417/*
 418 * Try to read the location of the git directory from the .git file,
 419 * return path to git directory if found.
 420 */
 421const char *read_gitfile(const char *path)
 422{
 423        char *buf;
 424        char *dir;
 425        const char *slash;
 426        struct stat st;
 427        int fd;
 428        ssize_t len;
 429
 430        if (stat(path, &st))
 431                return NULL;
 432        if (!S_ISREG(st.st_mode))
 433                return NULL;
 434        fd = open(path, O_RDONLY);
 435        if (fd < 0)
 436                die_errno("Error opening '%s'", path);
 437        buf = xmalloc(st.st_size + 1);
 438        len = read_in_full(fd, buf, st.st_size);
 439        close(fd);
 440        if (len != st.st_size)
 441                die("Error reading %s", path);
 442        buf[len] = '\0';
 443        if (prefixcmp(buf, "gitdir: "))
 444                die("Invalid gitfile format: %s", path);
 445        while (buf[len - 1] == '\n' || buf[len - 1] == '\r')
 446                len--;
 447        if (len < 9)
 448                die("No path in gitfile: %s", path);
 449        buf[len] = '\0';
 450        dir = buf + 8;
 451
 452        if (!is_absolute_path(dir) && (slash = strrchr(path, '/'))) {
 453                size_t pathlen = slash+1 - path;
 454                size_t dirlen = pathlen + len - 8;
 455                dir = xmalloc(dirlen + 1);
 456                strncpy(dir, path, pathlen);
 457                strncpy(dir + pathlen, buf + 8, len - 8);
 458                dir[dirlen] = '\0';
 459                free(buf);
 460                buf = dir;
 461        }
 462
 463        if (!is_git_directory(dir))
 464                die("Not a git repository: %s", dir);
 465        path = real_path(dir);
 466
 467        free(buf);
 468        return path;
 469}
 470
 471static const char *setup_explicit_git_dir(const char *gitdirenv,
 472                                          char *cwd, int len,
 473                                          int *nongit_ok)
 474{
 475        const char *work_tree_env = getenv(GIT_WORK_TREE_ENVIRONMENT);
 476        const char *worktree;
 477        char *gitfile;
 478        int offset;
 479
 480        if (PATH_MAX - 40 < strlen(gitdirenv))
 481                die("'$%s' too big", GIT_DIR_ENVIRONMENT);
 482
 483        gitfile = (char*)read_gitfile(gitdirenv);
 484        if (gitfile) {
 485                gitfile = xstrdup(gitfile);
 486                gitdirenv = gitfile;
 487        }
 488
 489        if (!is_git_directory(gitdirenv)) {
 490                if (nongit_ok) {
 491                        *nongit_ok = 1;
 492                        free(gitfile);
 493                        return NULL;
 494                }
 495                die("Not a git repository: '%s'", gitdirenv);
 496        }
 497
 498        if (check_repository_format_gently(gitdirenv, nongit_ok)) {
 499                free(gitfile);
 500                return NULL;
 501        }
 502
 503        /* #3, #7, #11, #15, #19, #23, #27, #31 (see t1510) */
 504        if (work_tree_env)
 505                set_git_work_tree(work_tree_env);
 506        else if (is_bare_repository_cfg > 0) {
 507                if (git_work_tree_cfg) /* #22.2, #30 */
 508                        die("core.bare and core.worktree do not make sense");
 509
 510                /* #18, #26 */
 511                set_git_dir(gitdirenv);
 512                free(gitfile);
 513                return NULL;
 514        }
 515        else if (git_work_tree_cfg) { /* #6, #14 */
 516                if (is_absolute_path(git_work_tree_cfg))
 517                        set_git_work_tree(git_work_tree_cfg);
 518                else {
 519                        char core_worktree[PATH_MAX];
 520                        if (chdir(gitdirenv))
 521                                die_errno("Could not chdir to '%s'", gitdirenv);
 522                        if (chdir(git_work_tree_cfg))
 523                                die_errno("Could not chdir to '%s'", git_work_tree_cfg);
 524                        if (!getcwd(core_worktree, PATH_MAX))
 525                                die_errno("Could not get directory '%s'", git_work_tree_cfg);
 526                        if (chdir(cwd))
 527                                die_errno("Could not come back to cwd");
 528                        set_git_work_tree(core_worktree);
 529                }
 530        }
 531        else if (!git_env_bool(GIT_IMPLICIT_WORK_TREE_ENVIRONMENT, 1)) {
 532                /* #16d */
 533                set_git_dir(gitdirenv);
 534                free(gitfile);
 535                return NULL;
 536        }
 537        else /* #2, #10 */
 538                set_git_work_tree(".");
 539
 540        /* set_git_work_tree() must have been called by now */
 541        worktree = get_git_work_tree();
 542
 543        /* both get_git_work_tree() and cwd are already normalized */
 544        if (!strcmp(cwd, worktree)) { /* cwd == worktree */
 545                set_git_dir(gitdirenv);
 546                free(gitfile);
 547                return NULL;
 548        }
 549
 550        offset = dir_inside_of(cwd, worktree);
 551        if (offset >= 0) {      /* cwd inside worktree? */
 552                set_git_dir(real_path(gitdirenv));
 553                if (chdir(worktree))
 554                        die_errno("Could not chdir to '%s'", worktree);
 555                cwd[len++] = '/';
 556                cwd[len] = '\0';
 557                free(gitfile);
 558                return cwd + offset;
 559        }
 560
 561        /* cwd outside worktree */
 562        set_git_dir(gitdirenv);
 563        free(gitfile);
 564        return NULL;
 565}
 566
 567static const char *setup_discovered_git_dir(const char *gitdir,
 568                                            char *cwd, int offset, int len,
 569                                            int *nongit_ok)
 570{
 571        if (check_repository_format_gently(gitdir, nongit_ok))
 572                return NULL;
 573
 574        /* --work-tree is set without --git-dir; use discovered one */
 575        if (getenv(GIT_WORK_TREE_ENVIRONMENT) || git_work_tree_cfg) {
 576                if (offset != len && !is_absolute_path(gitdir))
 577                        gitdir = xstrdup(real_path(gitdir));
 578                if (chdir(cwd))
 579                        die_errno("Could not come back to cwd");
 580                return setup_explicit_git_dir(gitdir, cwd, len, nongit_ok);
 581        }
 582
 583        /* #16.2, #17.2, #20.2, #21.2, #24, #25, #28, #29 (see t1510) */
 584        if (is_bare_repository_cfg > 0) {
 585                set_git_dir(offset == len ? gitdir : real_path(gitdir));
 586                if (chdir(cwd))
 587                        die_errno("Could not come back to cwd");
 588                return NULL;
 589        }
 590
 591        /* #0, #1, #5, #8, #9, #12, #13 */
 592        set_git_work_tree(".");
 593        if (strcmp(gitdir, DEFAULT_GIT_DIR_ENVIRONMENT))
 594                set_git_dir(gitdir);
 595        inside_git_dir = 0;
 596        inside_work_tree = 1;
 597        if (offset == len)
 598                return NULL;
 599
 600        /* Make "offset" point to past the '/', and add a '/' at the end */
 601        offset++;
 602        cwd[len++] = '/';
 603        cwd[len] = 0;
 604        return cwd + offset;
 605}
 606
 607/* #16.1, #17.1, #20.1, #21.1, #22.1 (see t1510) */
 608static const char *setup_bare_git_dir(char *cwd, int offset, int len, int *nongit_ok)
 609{
 610        int root_len;
 611
 612        if (check_repository_format_gently(".", nongit_ok))
 613                return NULL;
 614
 615        setenv(GIT_IMPLICIT_WORK_TREE_ENVIRONMENT, "0", 1);
 616
 617        /* --work-tree is set without --git-dir; use discovered one */
 618        if (getenv(GIT_WORK_TREE_ENVIRONMENT) || git_work_tree_cfg) {
 619                const char *gitdir;
 620
 621                gitdir = offset == len ? "." : xmemdupz(cwd, offset);
 622                if (chdir(cwd))
 623                        die_errno("Could not come back to cwd");
 624                return setup_explicit_git_dir(gitdir, cwd, len, nongit_ok);
 625        }
 626
 627        inside_git_dir = 1;
 628        inside_work_tree = 0;
 629        if (offset != len) {
 630                if (chdir(cwd))
 631                        die_errno("Cannot come back to cwd");
 632                root_len = offset_1st_component(cwd);
 633                cwd[offset > root_len ? offset : root_len] = '\0';
 634                set_git_dir(cwd);
 635        }
 636        else
 637                set_git_dir(".");
 638        return NULL;
 639}
 640
 641static const char *setup_nongit(const char *cwd, int *nongit_ok)
 642{
 643        if (!nongit_ok)
 644                die("Not a git repository (or any of the parent directories): %s", DEFAULT_GIT_DIR_ENVIRONMENT);
 645        if (chdir(cwd))
 646                die_errno("Cannot come back to cwd");
 647        *nongit_ok = 1;
 648        return NULL;
 649}
 650
 651static dev_t get_device_or_die(const char *path, const char *prefix, int prefix_len)
 652{
 653        struct stat buf;
 654        if (stat(path, &buf)) {
 655                die_errno("failed to stat '%*s%s%s'",
 656                                prefix_len,
 657                                prefix ? prefix : "",
 658                                prefix ? "/" : "", path);
 659        }
 660        return buf.st_dev;
 661}
 662
 663/*
 664 * A "string_list_each_func_t" function that canonicalizes an entry
 665 * from GIT_CEILING_DIRECTORIES using real_path_if_valid(), or
 666 * discards it if unusable.  The presence of an empty entry in
 667 * GIT_CEILING_DIRECTORIES turns off canonicalization for all
 668 * subsequent entries.
 669 */
 670static int canonicalize_ceiling_entry(struct string_list_item *item,
 671                                      void *cb_data)
 672{
 673        int *empty_entry_found = cb_data;
 674        char *ceil = item->string;
 675
 676        if (!*ceil) {
 677                *empty_entry_found = 1;
 678                return 0;
 679        } else if (!is_absolute_path(ceil)) {
 680                return 0;
 681        } else if (*empty_entry_found) {
 682                /* Keep entry but do not canonicalize it */
 683                return 1;
 684        } else {
 685                const char *real_path = real_path_if_valid(ceil);
 686                if (!real_path)
 687                        return 0;
 688                free(item->string);
 689                item->string = xstrdup(real_path);
 690                return 1;
 691        }
 692}
 693
 694/*
 695 * We cannot decide in this function whether we are in the work tree or
 696 * not, since the config can only be read _after_ this function was called.
 697 */
 698static const char *setup_git_directory_gently_1(int *nongit_ok)
 699{
 700        const char *env_ceiling_dirs = getenv(CEILING_DIRECTORIES_ENVIRONMENT);
 701        struct string_list ceiling_dirs = STRING_LIST_INIT_DUP;
 702        static char cwd[PATH_MAX+1];
 703        const char *gitdirenv, *ret;
 704        char *gitfile;
 705        int len, offset, offset_parent, ceil_offset = -1;
 706        dev_t current_device = 0;
 707        int one_filesystem = 1;
 708
 709        /*
 710         * Let's assume that we are in a git repository.
 711         * If it turns out later that we are somewhere else, the value will be
 712         * updated accordingly.
 713         */
 714        if (nongit_ok)
 715                *nongit_ok = 0;
 716
 717        if (!getcwd(cwd, sizeof(cwd)-1))
 718                die_errno("Unable to read current working directory");
 719        offset = len = strlen(cwd);
 720
 721        /*
 722         * If GIT_DIR is set explicitly, we're not going
 723         * to do any discovery, but we still do repository
 724         * validation.
 725         */
 726        gitdirenv = getenv(GIT_DIR_ENVIRONMENT);
 727        if (gitdirenv)
 728                return setup_explicit_git_dir(gitdirenv, cwd, len, nongit_ok);
 729
 730        if (env_ceiling_dirs) {
 731                int empty_entry_found = 0;
 732
 733                string_list_split(&ceiling_dirs, env_ceiling_dirs, PATH_SEP, -1);
 734                filter_string_list(&ceiling_dirs, 0,
 735                                   canonicalize_ceiling_entry, &empty_entry_found);
 736                ceil_offset = longest_ancestor_length(cwd, &ceiling_dirs);
 737                string_list_clear(&ceiling_dirs, 0);
 738        }
 739
 740        if (ceil_offset < 0 && has_dos_drive_prefix(cwd))
 741                ceil_offset = 1;
 742
 743        /*
 744         * Test in the following order (relative to the cwd):
 745         * - .git (file containing "gitdir: <path>")
 746         * - .git/
 747         * - ./ (bare)
 748         * - ../.git
 749         * - ../.git/
 750         * - ../ (bare)
 751         * - ../../.git/
 752         *   etc.
 753         */
 754        one_filesystem = !git_env_bool("GIT_DISCOVERY_ACROSS_FILESYSTEM", 0);
 755        if (one_filesystem)
 756                current_device = get_device_or_die(".", NULL, 0);
 757        for (;;) {
 758                gitfile = (char*)read_gitfile(DEFAULT_GIT_DIR_ENVIRONMENT);
 759                if (gitfile)
 760                        gitdirenv = gitfile = xstrdup(gitfile);
 761                else {
 762                        if (is_git_directory(DEFAULT_GIT_DIR_ENVIRONMENT))
 763                                gitdirenv = DEFAULT_GIT_DIR_ENVIRONMENT;
 764                }
 765
 766                if (gitdirenv) {
 767                        ret = setup_discovered_git_dir(gitdirenv,
 768                                                       cwd, offset, len,
 769                                                       nongit_ok);
 770                        free(gitfile);
 771                        return ret;
 772                }
 773                free(gitfile);
 774
 775                if (is_git_directory("."))
 776                        return setup_bare_git_dir(cwd, offset, len, nongit_ok);
 777
 778                offset_parent = offset;
 779                while (--offset_parent > ceil_offset && cwd[offset_parent] != '/');
 780                if (offset_parent <= ceil_offset)
 781                        return setup_nongit(cwd, nongit_ok);
 782                if (one_filesystem) {
 783                        dev_t parent_device = get_device_or_die("..", cwd, offset);
 784                        if (parent_device != current_device) {
 785                                if (nongit_ok) {
 786                                        if (chdir(cwd))
 787                                                die_errno("Cannot come back to cwd");
 788                                        *nongit_ok = 1;
 789                                        return NULL;
 790                                }
 791                                cwd[offset] = '\0';
 792                                die("Not a git repository (or any parent up to mount point %s)\n"
 793                                "Stopping at filesystem boundary (GIT_DISCOVERY_ACROSS_FILESYSTEM not set).", cwd);
 794                        }
 795                }
 796                if (chdir("..")) {
 797                        cwd[offset] = '\0';
 798                        die_errno("Cannot change to '%s/..'", cwd);
 799                }
 800                offset = offset_parent;
 801        }
 802}
 803
 804const char *setup_git_directory_gently(int *nongit_ok)
 805{
 806        const char *prefix;
 807
 808        prefix = setup_git_directory_gently_1(nongit_ok);
 809        if (prefix)
 810                setenv(GIT_PREFIX_ENVIRONMENT, prefix, 1);
 811        else
 812                setenv(GIT_PREFIX_ENVIRONMENT, "", 1);
 813
 814        if (startup_info) {
 815                startup_info->have_repository = !nongit_ok || !*nongit_ok;
 816                startup_info->prefix = prefix;
 817        }
 818        return prefix;
 819}
 820
 821int git_config_perm(const char *var, const char *value)
 822{
 823        int i;
 824        char *endptr;
 825
 826        if (value == NULL)
 827                return PERM_GROUP;
 828
 829        if (!strcmp(value, "umask"))
 830                return PERM_UMASK;
 831        if (!strcmp(value, "group"))
 832                return PERM_GROUP;
 833        if (!strcmp(value, "all") ||
 834            !strcmp(value, "world") ||
 835            !strcmp(value, "everybody"))
 836                return PERM_EVERYBODY;
 837
 838        /* Parse octal numbers */
 839        i = strtol(value, &endptr, 8);
 840
 841        /* If not an octal number, maybe true/false? */
 842        if (*endptr != 0)
 843                return git_config_bool(var, value) ? PERM_GROUP : PERM_UMASK;
 844
 845        /*
 846         * Treat values 0, 1 and 2 as compatibility cases, otherwise it is
 847         * a chmod value to restrict to.
 848         */
 849        switch (i) {
 850        case PERM_UMASK:               /* 0 */
 851                return PERM_UMASK;
 852        case OLD_PERM_GROUP:           /* 1 */
 853                return PERM_GROUP;
 854        case OLD_PERM_EVERYBODY:       /* 2 */
 855                return PERM_EVERYBODY;
 856        }
 857
 858        /* A filemode value was given: 0xxx */
 859
 860        if ((i & 0600) != 0600)
 861                die("Problem with core.sharedRepository filemode value "
 862                    "(0%.3o).\nThe owner of files must always have "
 863                    "read and write permissions.", i);
 864
 865        /*
 866         * Mask filemode value. Others can not get write permission.
 867         * x flags for directories are handled separately.
 868         */
 869        return -(i & 0666);
 870}
 871
 872int check_repository_format_version(const char *var, const char *value, void *cb)
 873{
 874        if (strcmp(var, "core.repositoryformatversion") == 0)
 875                repository_format_version = git_config_int(var, value);
 876        else if (strcmp(var, "core.sharedrepository") == 0)
 877                shared_repository = git_config_perm(var, value);
 878        else if (strcmp(var, "core.bare") == 0) {
 879                is_bare_repository_cfg = git_config_bool(var, value);
 880                if (is_bare_repository_cfg == 1)
 881                        inside_work_tree = -1;
 882        } else if (strcmp(var, "core.worktree") == 0) {
 883                if (!value)
 884                        return config_error_nonbool(var);
 885                free(git_work_tree_cfg);
 886                git_work_tree_cfg = xstrdup(value);
 887                inside_work_tree = -1;
 888        }
 889        return 0;
 890}
 891
 892int check_repository_format(void)
 893{
 894        return check_repository_format_gently(get_git_dir(), NULL);
 895}
 896
 897/*
 898 * Returns the "prefix", a path to the current working directory
 899 * relative to the work tree root, or NULL, if the current working
 900 * directory is not a strict subdirectory of the work tree root. The
 901 * prefix always ends with a '/' character.
 902 */
 903const char *setup_git_directory(void)
 904{
 905        return setup_git_directory_gently(NULL);
 906}
 907
 908const char *resolve_gitdir(const char *suspect)
 909{
 910        if (is_git_directory(suspect))
 911                return suspect;
 912        return read_gitfile(suspect);
 913}
 914
 915/* if any standard file descriptor is missing open it to /dev/null */
 916void sanitize_stdfds(void)
 917{
 918        int fd = open("/dev/null", O_RDWR, 0);
 919        while (fd != -1 && fd < 2)
 920                fd = dup(fd);
 921        if (fd == -1)
 922                die_errno("open /dev/null or dup failed");
 923        if (fd > 2)
 924                close(fd);
 925}