setup.con commit credential-cache--daemon: disallow relative socket path (bd93b8d)
   1#include "cache.h"
   2#include "dir.h"
   3#include "string-list.h"
   4
   5static int inside_git_dir = -1;
   6static int inside_work_tree = -1;
   7static int work_tree_config_is_bogus;
   8static struct string_list unknown_extensions = STRING_LIST_INIT_DUP;
   9
  10/*
  11 * The input parameter must contain an absolute path, and it must already be
  12 * normalized.
  13 *
  14 * Find the part of an absolute path that lies inside the work tree by
  15 * dereferencing symlinks outside the work tree, for example:
  16 * /dir1/repo/dir2/file   (work tree is /dir1/repo)      -> dir2/file
  17 * /dir/file              (work tree is /)               -> dir/file
  18 * /dir/symlink1/symlink2 (symlink1 points to work tree) -> symlink2
  19 * /dir/repolink/file     (repolink points to /dir/repo) -> file
  20 * /dir/repo              (exactly equal to work tree)   -> (empty string)
  21 */
  22static int abspath_part_inside_repo(char *path)
  23{
  24        size_t len;
  25        size_t wtlen;
  26        char *path0;
  27        int off;
  28        const char *work_tree = get_git_work_tree();
  29
  30        if (!work_tree)
  31                return -1;
  32        wtlen = strlen(work_tree);
  33        len = strlen(path);
  34        off = offset_1st_component(path);
  35
  36        /* check if work tree is already the prefix */
  37        if (wtlen <= len && !strncmp(path, work_tree, wtlen)) {
  38                if (path[wtlen] == '/') {
  39                        memmove(path, path + wtlen + 1, len - wtlen);
  40                        return 0;
  41                } else if (path[wtlen - 1] == '/' || path[wtlen] == '\0') {
  42                        /* work tree is the root, or the whole path */
  43                        memmove(path, path + wtlen, len - wtlen + 1);
  44                        return 0;
  45                }
  46                /* work tree might match beginning of a symlink to work tree */
  47                off = wtlen;
  48        }
  49        path0 = path;
  50        path += off;
  51
  52        /* check each '/'-terminated level */
  53        while (*path) {
  54                path++;
  55                if (*path == '/') {
  56                        *path = '\0';
  57                        if (strcmp(real_path(path0), work_tree) == 0) {
  58                                memmove(path0, path + 1, len - (path - path0));
  59                                return 0;
  60                        }
  61                        *path = '/';
  62                }
  63        }
  64
  65        /* check whole path */
  66        if (strcmp(real_path(path0), work_tree) == 0) {
  67                *path0 = '\0';
  68                return 0;
  69        }
  70
  71        return -1;
  72}
  73
  74/*
  75 * Normalize "path", prepending the "prefix" for relative paths. If
  76 * remaining_prefix is not NULL, return the actual prefix still
  77 * remains in the path. For example, prefix = sub1/sub2/ and path is
  78 *
  79 *  foo          -> sub1/sub2/foo  (full prefix)
  80 *  ../foo       -> sub1/foo       (remaining prefix is sub1/)
  81 *  ../../bar    -> bar            (no remaining prefix)
  82 *  ../../sub1/sub2/foo -> sub1/sub2/foo (but no remaining prefix)
  83 *  `pwd`/../bar -> sub1/bar       (no remaining prefix)
  84 */
  85char *prefix_path_gently(const char *prefix, int len,
  86                         int *remaining_prefix, const char *path)
  87{
  88        const char *orig = path;
  89        char *sanitized;
  90        if (is_absolute_path(orig)) {
  91                sanitized = xmalloc(strlen(path) + 1);
  92                if (remaining_prefix)
  93                        *remaining_prefix = 0;
  94                if (normalize_path_copy_len(sanitized, path, remaining_prefix)) {
  95                        free(sanitized);
  96                        return NULL;
  97                }
  98                if (abspath_part_inside_repo(sanitized)) {
  99                        free(sanitized);
 100                        return NULL;
 101                }
 102        } else {
 103                sanitized = xstrfmt("%.*s%s", len, prefix, path);
 104                if (remaining_prefix)
 105                        *remaining_prefix = len;
 106                if (normalize_path_copy_len(sanitized, sanitized, remaining_prefix)) {
 107                        free(sanitized);
 108                        return NULL;
 109                }
 110        }
 111        return sanitized;
 112}
 113
 114char *prefix_path(const char *prefix, int len, const char *path)
 115{
 116        char *r = prefix_path_gently(prefix, len, NULL, path);
 117        if (!r)
 118                die("'%s' is outside repository", path);
 119        return r;
 120}
 121
 122int path_inside_repo(const char *prefix, const char *path)
 123{
 124        int len = prefix ? strlen(prefix) : 0;
 125        char *r = prefix_path_gently(prefix, len, NULL, path);
 126        if (r) {
 127                free(r);
 128                return 1;
 129        }
 130        return 0;
 131}
 132
 133int check_filename(const char *prefix, const char *arg)
 134{
 135        const char *name;
 136        struct stat st;
 137
 138        if (starts_with(arg, ":/")) {
 139                if (arg[2] == '\0') /* ":/" is root dir, always exists */
 140                        return 1;
 141                name = arg + 2;
 142        } else if (!no_wildcard(arg))
 143                return 1;
 144        else if (prefix)
 145                name = prefix_filename(prefix, strlen(prefix), arg);
 146        else
 147                name = arg;
 148        if (!lstat(name, &st))
 149                return 1; /* file exists */
 150        if (errno == ENOENT || errno == ENOTDIR)
 151                return 0; /* file does not exist */
 152        die_errno("failed to stat '%s'", arg);
 153}
 154
 155static void NORETURN die_verify_filename(const char *prefix,
 156                                         const char *arg,
 157                                         int diagnose_misspelt_rev)
 158{
 159        if (!diagnose_misspelt_rev)
 160                die("%s: no such path in the working tree.\n"
 161                    "Use 'git <command> -- <path>...' to specify paths that do not exist locally.",
 162                    arg);
 163        /*
 164         * Saying "'(icase)foo' does not exist in the index" when the
 165         * user gave us ":(icase)foo" is just stupid.  A magic pathspec
 166         * begins with a colon and is followed by a non-alnum; do not
 167         * let maybe_die_on_misspelt_object_name() even trigger.
 168         */
 169        if (!(arg[0] == ':' && !isalnum(arg[1])))
 170                maybe_die_on_misspelt_object_name(arg, prefix);
 171
 172        /* ... or fall back the most general message. */
 173        die("ambiguous argument '%s': unknown revision or path not in the working tree.\n"
 174            "Use '--' to separate paths from revisions, like this:\n"
 175            "'git <command> [<revision>...] -- [<file>...]'", arg);
 176
 177}
 178
 179/*
 180 * Verify a filename that we got as an argument for a pathspec
 181 * entry. Note that a filename that begins with "-" never verifies
 182 * as true, because even if such a filename were to exist, we want
 183 * it to be preceded by the "--" marker (or we want the user to
 184 * use a format like "./-filename")
 185 *
 186 * The "diagnose_misspelt_rev" is used to provide a user-friendly
 187 * diagnosis when dying upon finding that "name" is not a pathname.
 188 * If set to 1, the diagnosis will try to diagnose "name" as an
 189 * invalid object name (e.g. HEAD:foo). If set to 0, the diagnosis
 190 * will only complain about an inexisting file.
 191 *
 192 * This function is typically called to check that a "file or rev"
 193 * argument is unambiguous. In this case, the caller will want
 194 * diagnose_misspelt_rev == 1 when verifying the first non-rev
 195 * argument (which could have been a revision), and
 196 * diagnose_misspelt_rev == 0 for the next ones (because we already
 197 * saw a filename, there's not ambiguity anymore).
 198 */
 199void verify_filename(const char *prefix,
 200                     const char *arg,
 201                     int diagnose_misspelt_rev)
 202{
 203        if (*arg == '-')
 204                die("bad flag '%s' used after filename", arg);
 205        if (check_filename(prefix, arg))
 206                return;
 207        die_verify_filename(prefix, arg, diagnose_misspelt_rev);
 208}
 209
 210/*
 211 * Opposite of the above: the command line did not have -- marker
 212 * and we parsed the arg as a refname.  It should not be interpretable
 213 * as a filename.
 214 */
 215void verify_non_filename(const char *prefix, const char *arg)
 216{
 217        if (!is_inside_work_tree() || is_inside_git_dir())
 218                return;
 219        if (*arg == '-')
 220                return; /* flag */
 221        if (!check_filename(prefix, arg))
 222                return;
 223        die("ambiguous argument '%s': both revision and filename\n"
 224            "Use '--' to separate paths from revisions, like this:\n"
 225            "'git <command> [<revision>...] -- [<file>...]'", arg);
 226}
 227
 228int get_common_dir(struct strbuf *sb, const char *gitdir)
 229{
 230        const char *git_env_common_dir = getenv(GIT_COMMON_DIR_ENVIRONMENT);
 231        if (git_env_common_dir) {
 232                strbuf_addstr(sb, git_env_common_dir);
 233                return 1;
 234        } else {
 235                return get_common_dir_noenv(sb, gitdir);
 236        }
 237}
 238
 239int get_common_dir_noenv(struct strbuf *sb, const char *gitdir)
 240{
 241        struct strbuf data = STRBUF_INIT;
 242        struct strbuf path = STRBUF_INIT;
 243        int ret = 0;
 244
 245        strbuf_addf(&path, "%s/commondir", gitdir);
 246        if (file_exists(path.buf)) {
 247                if (strbuf_read_file(&data, path.buf, 0) <= 0)
 248                        die_errno(_("failed to read %s"), path.buf);
 249                while (data.len && (data.buf[data.len - 1] == '\n' ||
 250                                    data.buf[data.len - 1] == '\r'))
 251                        data.len--;
 252                data.buf[data.len] = '\0';
 253                strbuf_reset(&path);
 254                if (!is_absolute_path(data.buf))
 255                        strbuf_addf(&path, "%s/", gitdir);
 256                strbuf_addbuf(&path, &data);
 257                strbuf_addstr(sb, real_path(path.buf));
 258                ret = 1;
 259        } else
 260                strbuf_addstr(sb, gitdir);
 261        strbuf_release(&data);
 262        strbuf_release(&path);
 263        return ret;
 264}
 265
 266/*
 267 * Test if it looks like we're at a git directory.
 268 * We want to see:
 269 *
 270 *  - either an objects/ directory _or_ the proper
 271 *    GIT_OBJECT_DIRECTORY environment variable
 272 *  - a refs/ directory
 273 *  - either a HEAD symlink or a HEAD file that is formatted as
 274 *    a proper "ref:", or a regular file HEAD that has a properly
 275 *    formatted sha1 object name.
 276 */
 277int is_git_directory(const char *suspect)
 278{
 279        struct strbuf path = STRBUF_INIT;
 280        int ret = 0;
 281        size_t len;
 282
 283        /* Check worktree-related signatures */
 284        strbuf_addf(&path, "%s/HEAD", suspect);
 285        if (validate_headref(path.buf))
 286                goto done;
 287
 288        strbuf_reset(&path);
 289        get_common_dir(&path, suspect);
 290        len = path.len;
 291
 292        /* Check non-worktree-related signatures */
 293        if (getenv(DB_ENVIRONMENT)) {
 294                if (access(getenv(DB_ENVIRONMENT), X_OK))
 295                        goto done;
 296        }
 297        else {
 298                strbuf_setlen(&path, len);
 299                strbuf_addstr(&path, "/objects");
 300                if (access(path.buf, X_OK))
 301                        goto done;
 302        }
 303
 304        strbuf_setlen(&path, len);
 305        strbuf_addstr(&path, "/refs");
 306        if (access(path.buf, X_OK))
 307                goto done;
 308
 309        ret = 1;
 310done:
 311        strbuf_release(&path);
 312        return ret;
 313}
 314
 315int is_nonbare_repository_dir(struct strbuf *path)
 316{
 317        int ret = 0;
 318        int gitfile_error;
 319        size_t orig_path_len = path->len;
 320        assert(orig_path_len != 0);
 321        strbuf_complete(path, '/');
 322        strbuf_addstr(path, ".git");
 323        if (read_gitfile_gently(path->buf, &gitfile_error) || is_git_directory(path->buf))
 324                ret = 1;
 325        if (gitfile_error == READ_GITFILE_ERR_OPEN_FAILED ||
 326            gitfile_error == READ_GITFILE_ERR_READ_FAILED)
 327                ret = 1;
 328        strbuf_setlen(path, orig_path_len);
 329        return ret;
 330}
 331
 332int is_inside_git_dir(void)
 333{
 334        if (inside_git_dir < 0)
 335                inside_git_dir = is_inside_dir(get_git_dir());
 336        return inside_git_dir;
 337}
 338
 339int is_inside_work_tree(void)
 340{
 341        if (inside_work_tree < 0)
 342                inside_work_tree = is_inside_dir(get_git_work_tree());
 343        return inside_work_tree;
 344}
 345
 346void setup_work_tree(void)
 347{
 348        const char *work_tree, *git_dir;
 349        static int initialized = 0;
 350
 351        if (initialized)
 352                return;
 353
 354        if (work_tree_config_is_bogus)
 355                die("unable to set up work tree using invalid config");
 356
 357        work_tree = get_git_work_tree();
 358        git_dir = get_git_dir();
 359        if (!is_absolute_path(git_dir))
 360                git_dir = real_path(get_git_dir());
 361        if (!work_tree || chdir(work_tree))
 362                die("This operation must be run in a work tree");
 363
 364        /*
 365         * Make sure subsequent git processes find correct worktree
 366         * if $GIT_WORK_TREE is set relative
 367         */
 368        if (getenv(GIT_WORK_TREE_ENVIRONMENT))
 369                setenv(GIT_WORK_TREE_ENVIRONMENT, ".", 1);
 370
 371        set_git_dir(remove_leading_path(git_dir, work_tree));
 372        initialized = 1;
 373}
 374
 375static int check_repo_format(const char *var, const char *value, void *cb)
 376{
 377        const char *ext;
 378
 379        if (strcmp(var, "core.repositoryformatversion") == 0)
 380                repository_format_version = git_config_int(var, value);
 381        else if (strcmp(var, "core.sharedrepository") == 0)
 382                shared_repository = git_config_perm(var, value);
 383        else if (skip_prefix(var, "extensions.", &ext)) {
 384                /*
 385                 * record any known extensions here; otherwise,
 386                 * we fall through to recording it as unknown, and
 387                 * check_repository_format will complain
 388                 */
 389                if (!strcmp(ext, "noop"))
 390                        ;
 391                else if (!strcmp(ext, "preciousobjects"))
 392                        repository_format_precious_objects = git_config_bool(var, value);
 393                else
 394                        string_list_append(&unknown_extensions, ext);
 395        }
 396        return 0;
 397}
 398
 399static int check_repository_format_gently(const char *gitdir, int *nongit_ok)
 400{
 401        struct strbuf sb = STRBUF_INIT;
 402        const char *repo_config;
 403        config_fn_t fn;
 404        int ret = 0;
 405
 406        string_list_clear(&unknown_extensions, 0);
 407
 408        if (get_common_dir(&sb, gitdir))
 409                fn = check_repo_format;
 410        else
 411                fn = check_repository_format_version;
 412        strbuf_addstr(&sb, "/config");
 413        repo_config = sb.buf;
 414
 415        /*
 416         * git_config() can't be used here because it calls git_pathdup()
 417         * to get $GIT_CONFIG/config. That call will make setup_git_env()
 418         * set git_dir to ".git".
 419         *
 420         * We are in gitdir setup, no git dir has been found useable yet.
 421         * Use a gentler version of git_config() to check if this repo
 422         * is a good one.
 423         */
 424        git_config_early(fn, NULL, repo_config);
 425        if (GIT_REPO_VERSION_READ < repository_format_version) {
 426                if (!nongit_ok)
 427                        die ("Expected git repo version <= %d, found %d",
 428                             GIT_REPO_VERSION_READ, repository_format_version);
 429                warning("Expected git repo version <= %d, found %d",
 430                        GIT_REPO_VERSION_READ, repository_format_version);
 431                warning("Please upgrade Git");
 432                *nongit_ok = -1;
 433                ret = -1;
 434        }
 435
 436        if (repository_format_version >= 1 && unknown_extensions.nr) {
 437                int i;
 438
 439                if (!nongit_ok)
 440                        die("unknown repository extension: %s",
 441                            unknown_extensions.items[0].string);
 442
 443                for (i = 0; i < unknown_extensions.nr; i++)
 444                        warning("unknown repository extension: %s",
 445                                unknown_extensions.items[i].string);
 446                *nongit_ok = -1;
 447                ret = -1;
 448        }
 449
 450        strbuf_release(&sb);
 451        return ret;
 452}
 453
 454/*
 455 * Try to read the location of the git directory from the .git file,
 456 * return path to git directory if found.
 457 *
 458 * On failure, if return_error_code is not NULL, return_error_code
 459 * will be set to an error code and NULL will be returned. If
 460 * return_error_code is NULL the function will die instead (for most
 461 * cases).
 462 */
 463const char *read_gitfile_gently(const char *path, int *return_error_code)
 464{
 465        const int max_file_size = 1 << 20;  /* 1MB */
 466        int error_code = 0;
 467        char *buf = NULL;
 468        char *dir = NULL;
 469        const char *slash;
 470        struct stat st;
 471        int fd;
 472        ssize_t len;
 473
 474        if (stat(path, &st)) {
 475                error_code = READ_GITFILE_ERR_STAT_FAILED;
 476                goto cleanup_return;
 477        }
 478        if (!S_ISREG(st.st_mode)) {
 479                error_code = READ_GITFILE_ERR_NOT_A_FILE;
 480                goto cleanup_return;
 481        }
 482        if (st.st_size > max_file_size) {
 483                error_code = READ_GITFILE_ERR_TOO_LARGE;
 484                goto cleanup_return;
 485        }
 486        fd = open(path, O_RDONLY);
 487        if (fd < 0) {
 488                error_code = READ_GITFILE_ERR_OPEN_FAILED;
 489                goto cleanup_return;
 490        }
 491        buf = xmalloc(st.st_size + 1);
 492        len = read_in_full(fd, buf, st.st_size);
 493        close(fd);
 494        if (len != st.st_size) {
 495                error_code = READ_GITFILE_ERR_READ_FAILED;
 496                goto cleanup_return;
 497        }
 498        buf[len] = '\0';
 499        if (!starts_with(buf, "gitdir: ")) {
 500                error_code = READ_GITFILE_ERR_INVALID_FORMAT;
 501                goto cleanup_return;
 502        }
 503        while (buf[len - 1] == '\n' || buf[len - 1] == '\r')
 504                len--;
 505        if (len < 9) {
 506                error_code = READ_GITFILE_ERR_NO_PATH;
 507                goto cleanup_return;
 508        }
 509        buf[len] = '\0';
 510        dir = buf + 8;
 511
 512        if (!is_absolute_path(dir) && (slash = strrchr(path, '/'))) {
 513                size_t pathlen = slash+1 - path;
 514                dir = xstrfmt("%.*s%.*s", (int)pathlen, path,
 515                              (int)(len - 8), buf + 8);
 516                free(buf);
 517                buf = dir;
 518        }
 519        if (!is_git_directory(dir)) {
 520                error_code = READ_GITFILE_ERR_NOT_A_REPO;
 521                goto cleanup_return;
 522        }
 523        path = real_path(dir);
 524
 525cleanup_return:
 526        if (return_error_code)
 527                *return_error_code = error_code;
 528        else if (error_code) {
 529                switch (error_code) {
 530                case READ_GITFILE_ERR_STAT_FAILED:
 531                case READ_GITFILE_ERR_NOT_A_FILE:
 532                        /* non-fatal; follow return path */
 533                        break;
 534                case READ_GITFILE_ERR_OPEN_FAILED:
 535                        die_errno("Error opening '%s'", path);
 536                case READ_GITFILE_ERR_TOO_LARGE:
 537                        die("Too large to be a .git file: '%s'", path);
 538                case READ_GITFILE_ERR_READ_FAILED:
 539                        die("Error reading %s", path);
 540                case READ_GITFILE_ERR_INVALID_FORMAT:
 541                        die("Invalid gitfile format: %s", path);
 542                case READ_GITFILE_ERR_NO_PATH:
 543                        die("No path in gitfile: %s", path);
 544                case READ_GITFILE_ERR_NOT_A_REPO:
 545                        die("Not a git repository: %s", dir);
 546                default:
 547                        assert(0);
 548                }
 549        }
 550
 551        free(buf);
 552        return error_code ? NULL : path;
 553}
 554
 555static const char *setup_explicit_git_dir(const char *gitdirenv,
 556                                          struct strbuf *cwd,
 557                                          int *nongit_ok)
 558{
 559        const char *work_tree_env = getenv(GIT_WORK_TREE_ENVIRONMENT);
 560        const char *worktree;
 561        char *gitfile;
 562        int offset;
 563
 564        if (PATH_MAX - 40 < strlen(gitdirenv))
 565                die("'$%s' too big", GIT_DIR_ENVIRONMENT);
 566
 567        gitfile = (char*)read_gitfile(gitdirenv);
 568        if (gitfile) {
 569                gitfile = xstrdup(gitfile);
 570                gitdirenv = gitfile;
 571        }
 572
 573        if (!is_git_directory(gitdirenv)) {
 574                if (nongit_ok) {
 575                        *nongit_ok = 1;
 576                        free(gitfile);
 577                        return NULL;
 578                }
 579                die("Not a git repository: '%s'", gitdirenv);
 580        }
 581
 582        if (check_repository_format_gently(gitdirenv, nongit_ok)) {
 583                free(gitfile);
 584                return NULL;
 585        }
 586
 587        /* #3, #7, #11, #15, #19, #23, #27, #31 (see t1510) */
 588        if (work_tree_env)
 589                set_git_work_tree(work_tree_env);
 590        else if (is_bare_repository_cfg > 0) {
 591                if (git_work_tree_cfg) {
 592                        /* #22.2, #30 */
 593                        warning("core.bare and core.worktree do not make sense");
 594                        work_tree_config_is_bogus = 1;
 595                }
 596
 597                /* #18, #26 */
 598                set_git_dir(gitdirenv);
 599                free(gitfile);
 600                return NULL;
 601        }
 602        else if (git_work_tree_cfg) { /* #6, #14 */
 603                if (is_absolute_path(git_work_tree_cfg))
 604                        set_git_work_tree(git_work_tree_cfg);
 605                else {
 606                        char *core_worktree;
 607                        if (chdir(gitdirenv))
 608                                die_errno("Could not chdir to '%s'", gitdirenv);
 609                        if (chdir(git_work_tree_cfg))
 610                                die_errno("Could not chdir to '%s'", git_work_tree_cfg);
 611                        core_worktree = xgetcwd();
 612                        if (chdir(cwd->buf))
 613                                die_errno("Could not come back to cwd");
 614                        set_git_work_tree(core_worktree);
 615                        free(core_worktree);
 616                }
 617        }
 618        else if (!git_env_bool(GIT_IMPLICIT_WORK_TREE_ENVIRONMENT, 1)) {
 619                /* #16d */
 620                set_git_dir(gitdirenv);
 621                free(gitfile);
 622                return NULL;
 623        }
 624        else /* #2, #10 */
 625                set_git_work_tree(".");
 626
 627        /* set_git_work_tree() must have been called by now */
 628        worktree = get_git_work_tree();
 629
 630        /* both get_git_work_tree() and cwd are already normalized */
 631        if (!strcmp(cwd->buf, worktree)) { /* cwd == worktree */
 632                set_git_dir(gitdirenv);
 633                free(gitfile);
 634                return NULL;
 635        }
 636
 637        offset = dir_inside_of(cwd->buf, worktree);
 638        if (offset >= 0) {      /* cwd inside worktree? */
 639                set_git_dir(real_path(gitdirenv));
 640                if (chdir(worktree))
 641                        die_errno("Could not chdir to '%s'", worktree);
 642                strbuf_addch(cwd, '/');
 643                free(gitfile);
 644                return cwd->buf + offset;
 645        }
 646
 647        /* cwd outside worktree */
 648        set_git_dir(gitdirenv);
 649        free(gitfile);
 650        return NULL;
 651}
 652
 653static const char *setup_discovered_git_dir(const char *gitdir,
 654                                            struct strbuf *cwd, int offset,
 655                                            int *nongit_ok)
 656{
 657        if (check_repository_format_gently(gitdir, nongit_ok))
 658                return NULL;
 659
 660        /* --work-tree is set without --git-dir; use discovered one */
 661        if (getenv(GIT_WORK_TREE_ENVIRONMENT) || git_work_tree_cfg) {
 662                if (offset != cwd->len && !is_absolute_path(gitdir))
 663                        gitdir = xstrdup(real_path(gitdir));
 664                if (chdir(cwd->buf))
 665                        die_errno("Could not come back to cwd");
 666                return setup_explicit_git_dir(gitdir, cwd, nongit_ok);
 667        }
 668
 669        /* #16.2, #17.2, #20.2, #21.2, #24, #25, #28, #29 (see t1510) */
 670        if (is_bare_repository_cfg > 0) {
 671                set_git_dir(offset == cwd->len ? gitdir : real_path(gitdir));
 672                if (chdir(cwd->buf))
 673                        die_errno("Could not come back to cwd");
 674                return NULL;
 675        }
 676
 677        /* #0, #1, #5, #8, #9, #12, #13 */
 678        set_git_work_tree(".");
 679        if (strcmp(gitdir, DEFAULT_GIT_DIR_ENVIRONMENT))
 680                set_git_dir(gitdir);
 681        inside_git_dir = 0;
 682        inside_work_tree = 1;
 683        if (offset == cwd->len)
 684                return NULL;
 685
 686        /* Make "offset" point to past the '/', and add a '/' at the end */
 687        offset++;
 688        strbuf_addch(cwd, '/');
 689        return cwd->buf + offset;
 690}
 691
 692/* #16.1, #17.1, #20.1, #21.1, #22.1 (see t1510) */
 693static const char *setup_bare_git_dir(struct strbuf *cwd, int offset,
 694                                      int *nongit_ok)
 695{
 696        int root_len;
 697
 698        if (check_repository_format_gently(".", nongit_ok))
 699                return NULL;
 700
 701        setenv(GIT_IMPLICIT_WORK_TREE_ENVIRONMENT, "0", 1);
 702
 703        /* --work-tree is set without --git-dir; use discovered one */
 704        if (getenv(GIT_WORK_TREE_ENVIRONMENT) || git_work_tree_cfg) {
 705                const char *gitdir;
 706
 707                gitdir = offset == cwd->len ? "." : xmemdupz(cwd->buf, offset);
 708                if (chdir(cwd->buf))
 709                        die_errno("Could not come back to cwd");
 710                return setup_explicit_git_dir(gitdir, cwd, nongit_ok);
 711        }
 712
 713        inside_git_dir = 1;
 714        inside_work_tree = 0;
 715        if (offset != cwd->len) {
 716                if (chdir(cwd->buf))
 717                        die_errno("Cannot come back to cwd");
 718                root_len = offset_1st_component(cwd->buf);
 719                strbuf_setlen(cwd, offset > root_len ? offset : root_len);
 720                set_git_dir(cwd->buf);
 721        }
 722        else
 723                set_git_dir(".");
 724        return NULL;
 725}
 726
 727static const char *setup_nongit(const char *cwd, int *nongit_ok)
 728{
 729        if (!nongit_ok)
 730                die("Not a git repository (or any of the parent directories): %s", DEFAULT_GIT_DIR_ENVIRONMENT);
 731        if (chdir(cwd))
 732                die_errno("Cannot come back to cwd");
 733        *nongit_ok = 1;
 734        return NULL;
 735}
 736
 737static dev_t get_device_or_die(const char *path, const char *prefix, int prefix_len)
 738{
 739        struct stat buf;
 740        if (stat(path, &buf)) {
 741                die_errno("failed to stat '%*s%s%s'",
 742                                prefix_len,
 743                                prefix ? prefix : "",
 744                                prefix ? "/" : "", path);
 745        }
 746        return buf.st_dev;
 747}
 748
 749/*
 750 * A "string_list_each_func_t" function that canonicalizes an entry
 751 * from GIT_CEILING_DIRECTORIES using real_path_if_valid(), or
 752 * discards it if unusable.  The presence of an empty entry in
 753 * GIT_CEILING_DIRECTORIES turns off canonicalization for all
 754 * subsequent entries.
 755 */
 756static int canonicalize_ceiling_entry(struct string_list_item *item,
 757                                      void *cb_data)
 758{
 759        int *empty_entry_found = cb_data;
 760        char *ceil = item->string;
 761
 762        if (!*ceil) {
 763                *empty_entry_found = 1;
 764                return 0;
 765        } else if (!is_absolute_path(ceil)) {
 766                return 0;
 767        } else if (*empty_entry_found) {
 768                /* Keep entry but do not canonicalize it */
 769                return 1;
 770        } else {
 771                const char *real_path = real_path_if_valid(ceil);
 772                if (!real_path)
 773                        return 0;
 774                free(item->string);
 775                item->string = xstrdup(real_path);
 776                return 1;
 777        }
 778}
 779
 780/*
 781 * We cannot decide in this function whether we are in the work tree or
 782 * not, since the config can only be read _after_ this function was called.
 783 */
 784static const char *setup_git_directory_gently_1(int *nongit_ok)
 785{
 786        const char *env_ceiling_dirs = getenv(CEILING_DIRECTORIES_ENVIRONMENT);
 787        struct string_list ceiling_dirs = STRING_LIST_INIT_DUP;
 788        static struct strbuf cwd = STRBUF_INIT;
 789        const char *gitdirenv, *ret;
 790        char *gitfile;
 791        int offset, offset_parent, ceil_offset = -1;
 792        dev_t current_device = 0;
 793        int one_filesystem = 1;
 794
 795        /*
 796         * We may have read an incomplete configuration before
 797         * setting-up the git directory. If so, clear the cache so
 798         * that the next queries to the configuration reload complete
 799         * configuration (including the per-repo config file that we
 800         * ignored previously).
 801         */
 802        git_config_clear();
 803
 804        /*
 805         * Let's assume that we are in a git repository.
 806         * If it turns out later that we are somewhere else, the value will be
 807         * updated accordingly.
 808         */
 809        if (nongit_ok)
 810                *nongit_ok = 0;
 811
 812        if (strbuf_getcwd(&cwd))
 813                die_errno("Unable to read current working directory");
 814        offset = cwd.len;
 815
 816        /*
 817         * If GIT_DIR is set explicitly, we're not going
 818         * to do any discovery, but we still do repository
 819         * validation.
 820         */
 821        gitdirenv = getenv(GIT_DIR_ENVIRONMENT);
 822        if (gitdirenv)
 823                return setup_explicit_git_dir(gitdirenv, &cwd, nongit_ok);
 824
 825        if (env_ceiling_dirs) {
 826                int empty_entry_found = 0;
 827
 828                string_list_split(&ceiling_dirs, env_ceiling_dirs, PATH_SEP, -1);
 829                filter_string_list(&ceiling_dirs, 0,
 830                                   canonicalize_ceiling_entry, &empty_entry_found);
 831                ceil_offset = longest_ancestor_length(cwd.buf, &ceiling_dirs);
 832                string_list_clear(&ceiling_dirs, 0);
 833        }
 834
 835        if (ceil_offset < 0 && has_dos_drive_prefix(cwd.buf))
 836                ceil_offset = 1;
 837
 838        /*
 839         * Test in the following order (relative to the cwd):
 840         * - .git (file containing "gitdir: <path>")
 841         * - .git/
 842         * - ./ (bare)
 843         * - ../.git
 844         * - ../.git/
 845         * - ../ (bare)
 846         * - ../../.git/
 847         *   etc.
 848         */
 849        one_filesystem = !git_env_bool("GIT_DISCOVERY_ACROSS_FILESYSTEM", 0);
 850        if (one_filesystem)
 851                current_device = get_device_or_die(".", NULL, 0);
 852        for (;;) {
 853                gitfile = (char*)read_gitfile(DEFAULT_GIT_DIR_ENVIRONMENT);
 854                if (gitfile)
 855                        gitdirenv = gitfile = xstrdup(gitfile);
 856                else {
 857                        if (is_git_directory(DEFAULT_GIT_DIR_ENVIRONMENT))
 858                                gitdirenv = DEFAULT_GIT_DIR_ENVIRONMENT;
 859                }
 860
 861                if (gitdirenv) {
 862                        ret = setup_discovered_git_dir(gitdirenv,
 863                                                       &cwd, offset,
 864                                                       nongit_ok);
 865                        free(gitfile);
 866                        return ret;
 867                }
 868                free(gitfile);
 869
 870                if (is_git_directory("."))
 871                        return setup_bare_git_dir(&cwd, offset, nongit_ok);
 872
 873                offset_parent = offset;
 874                while (--offset_parent > ceil_offset && cwd.buf[offset_parent] != '/');
 875                if (offset_parent <= ceil_offset)
 876                        return setup_nongit(cwd.buf, nongit_ok);
 877                if (one_filesystem) {
 878                        dev_t parent_device = get_device_or_die("..", cwd.buf,
 879                                                                offset);
 880                        if (parent_device != current_device) {
 881                                if (nongit_ok) {
 882                                        if (chdir(cwd.buf))
 883                                                die_errno("Cannot come back to cwd");
 884                                        *nongit_ok = 1;
 885                                        return NULL;
 886                                }
 887                                strbuf_setlen(&cwd, offset);
 888                                die("Not a git repository (or any parent up to mount point %s)\n"
 889                                "Stopping at filesystem boundary (GIT_DISCOVERY_ACROSS_FILESYSTEM not set).",
 890                                    cwd.buf);
 891                        }
 892                }
 893                if (chdir("..")) {
 894                        strbuf_setlen(&cwd, offset);
 895                        die_errno("Cannot change to '%s/..'", cwd.buf);
 896                }
 897                offset = offset_parent;
 898        }
 899}
 900
 901const char *setup_git_directory_gently(int *nongit_ok)
 902{
 903        const char *prefix;
 904
 905        prefix = setup_git_directory_gently_1(nongit_ok);
 906        if (prefix)
 907                setenv(GIT_PREFIX_ENVIRONMENT, prefix, 1);
 908        else
 909                setenv(GIT_PREFIX_ENVIRONMENT, "", 1);
 910
 911        if (startup_info) {
 912                startup_info->have_repository = !nongit_ok || !*nongit_ok;
 913                startup_info->prefix = prefix;
 914        }
 915        return prefix;
 916}
 917
 918int git_config_perm(const char *var, const char *value)
 919{
 920        int i;
 921        char *endptr;
 922
 923        if (value == NULL)
 924                return PERM_GROUP;
 925
 926        if (!strcmp(value, "umask"))
 927                return PERM_UMASK;
 928        if (!strcmp(value, "group"))
 929                return PERM_GROUP;
 930        if (!strcmp(value, "all") ||
 931            !strcmp(value, "world") ||
 932            !strcmp(value, "everybody"))
 933                return PERM_EVERYBODY;
 934
 935        /* Parse octal numbers */
 936        i = strtol(value, &endptr, 8);
 937
 938        /* If not an octal number, maybe true/false? */
 939        if (*endptr != 0)
 940                return git_config_bool(var, value) ? PERM_GROUP : PERM_UMASK;
 941
 942        /*
 943         * Treat values 0, 1 and 2 as compatibility cases, otherwise it is
 944         * a chmod value to restrict to.
 945         */
 946        switch (i) {
 947        case PERM_UMASK:               /* 0 */
 948                return PERM_UMASK;
 949        case OLD_PERM_GROUP:           /* 1 */
 950                return PERM_GROUP;
 951        case OLD_PERM_EVERYBODY:       /* 2 */
 952                return PERM_EVERYBODY;
 953        }
 954
 955        /* A filemode value was given: 0xxx */
 956
 957        if ((i & 0600) != 0600)
 958                die("Problem with core.sharedRepository filemode value "
 959                    "(0%.3o).\nThe owner of files must always have "
 960                    "read and write permissions.", i);
 961
 962        /*
 963         * Mask filemode value. Others can not get write permission.
 964         * x flags for directories are handled separately.
 965         */
 966        return -(i & 0666);
 967}
 968
 969int check_repository_format_version(const char *var, const char *value, void *cb)
 970{
 971        int ret = check_repo_format(var, value, cb);
 972        if (ret)
 973                return ret;
 974        if (strcmp(var, "core.bare") == 0) {
 975                is_bare_repository_cfg = git_config_bool(var, value);
 976                if (is_bare_repository_cfg == 1)
 977                        inside_work_tree = -1;
 978        } else if (strcmp(var, "core.worktree") == 0) {
 979                if (!value)
 980                        return config_error_nonbool(var);
 981                free(git_work_tree_cfg);
 982                git_work_tree_cfg = xstrdup(value);
 983                inside_work_tree = -1;
 984        }
 985        return 0;
 986}
 987
 988int check_repository_format(void)
 989{
 990        return check_repository_format_gently(get_git_dir(), NULL);
 991}
 992
 993/*
 994 * Returns the "prefix", a path to the current working directory
 995 * relative to the work tree root, or NULL, if the current working
 996 * directory is not a strict subdirectory of the work tree root. The
 997 * prefix always ends with a '/' character.
 998 */
 999const char *setup_git_directory(void)
1000{
1001        return setup_git_directory_gently(NULL);
1002}
1003
1004const char *resolve_gitdir(const char *suspect)
1005{
1006        if (is_git_directory(suspect))
1007                return suspect;
1008        return read_gitfile(suspect);
1009}
1010
1011/* if any standard file descriptor is missing open it to /dev/null */
1012void sanitize_stdfds(void)
1013{
1014        int fd = open("/dev/null", O_RDWR, 0);
1015        while (fd != -1 && fd < 2)
1016                fd = dup(fd);
1017        if (fd == -1)
1018                die_errno("open /dev/null or dup failed");
1019        if (fd > 2)
1020                close(fd);
1021}
1022
1023int daemonize(void)
1024{
1025#ifdef NO_POSIX_GOODIES
1026        errno = ENOSYS;
1027        return -1;
1028#else
1029        switch (fork()) {
1030                case 0:
1031                        break;
1032                case -1:
1033                        die_errno("fork failed");
1034                default:
1035                        exit(0);
1036        }
1037        if (setsid() == -1)
1038                die_errno("setsid failed");
1039        close(0);
1040        close(1);
1041        close(2);
1042        sanitize_stdfds();
1043        return 0;
1044#endif
1045}