builtin-init-db.con commit git_mkstemp(): be careful not to overflow the path buffer. (e7a7be8)
   1/*
   2 * GIT - The information manager from hell
   3 *
   4 * Copyright (C) Linus Torvalds, 2005
   5 */
   6#include "cache.h"
   7#include "builtin.h"
   8
   9#ifndef DEFAULT_GIT_TEMPLATE_DIR
  10#define DEFAULT_GIT_TEMPLATE_DIR "/usr/share/git-core/templates"
  11#endif
  12
  13#ifdef NO_TRUSTABLE_FILEMODE
  14#define TEST_FILEMODE 0
  15#else
  16#define TEST_FILEMODE 1
  17#endif
  18
  19static void safe_create_dir(const char *dir, int share)
  20{
  21        if (mkdir(dir, 0777) < 0) {
  22                if (errno != EEXIST) {
  23                        perror(dir);
  24                        exit(1);
  25                }
  26        }
  27        else if (share && adjust_shared_perm(dir))
  28                die("Could not make %s writable by group\n", dir);
  29}
  30
  31static int copy_file(const char *dst, const char *src, int mode)
  32{
  33        int fdi, fdo, status;
  34
  35        mode = (mode & 0111) ? 0777 : 0666;
  36        if ((fdi = open(src, O_RDONLY)) < 0)
  37                return fdi;
  38        if ((fdo = open(dst, O_WRONLY | O_CREAT | O_EXCL, mode)) < 0) {
  39                close(fdi);
  40                return fdo;
  41        }
  42        status = copy_fd(fdi, fdo);
  43        if (close(fdo) != 0)
  44                return error("%s: write error: %s", dst, strerror(errno));
  45
  46        if (!status && adjust_shared_perm(dst))
  47                return -1;
  48
  49        return status;
  50}
  51
  52static void copy_templates_1(char *path, int baselen,
  53                             char *template, int template_baselen,
  54                             DIR *dir)
  55{
  56        struct dirent *de;
  57
  58        /* Note: if ".git/hooks" file exists in the repository being
  59         * re-initialized, /etc/core-git/templates/hooks/update would
  60         * cause git-init to fail here.  I think this is sane but
  61         * it means that the set of templates we ship by default, along
  62         * with the way the namespace under .git/ is organized, should
  63         * be really carefully chosen.
  64         */
  65        safe_create_dir(path, 1);
  66        while ((de = readdir(dir)) != NULL) {
  67                struct stat st_git, st_template;
  68                int namelen;
  69                int exists = 0;
  70
  71                if (de->d_name[0] == '.')
  72                        continue;
  73                namelen = strlen(de->d_name);
  74                if ((PATH_MAX <= baselen + namelen) ||
  75                    (PATH_MAX <= template_baselen + namelen))
  76                        die("insanely long template name %s", de->d_name);
  77                memcpy(path + baselen, de->d_name, namelen+1);
  78                memcpy(template + template_baselen, de->d_name, namelen+1);
  79                if (lstat(path, &st_git)) {
  80                        if (errno != ENOENT)
  81                                die("cannot stat %s", path);
  82                }
  83                else
  84                        exists = 1;
  85
  86                if (lstat(template, &st_template))
  87                        die("cannot stat template %s", template);
  88
  89                if (S_ISDIR(st_template.st_mode)) {
  90                        DIR *subdir = opendir(template);
  91                        int baselen_sub = baselen + namelen;
  92                        int template_baselen_sub = template_baselen + namelen;
  93                        if (!subdir)
  94                                die("cannot opendir %s", template);
  95                        path[baselen_sub++] =
  96                                template[template_baselen_sub++] = '/';
  97                        path[baselen_sub] =
  98                                template[template_baselen_sub] = 0;
  99                        copy_templates_1(path, baselen_sub,
 100                                         template, template_baselen_sub,
 101                                         subdir);
 102                        closedir(subdir);
 103                }
 104                else if (exists)
 105                        continue;
 106                else if (S_ISLNK(st_template.st_mode)) {
 107                        char lnk[256];
 108                        int len;
 109                        len = readlink(template, lnk, sizeof(lnk));
 110                        if (len < 0)
 111                                die("cannot readlink %s", template);
 112                        if (sizeof(lnk) <= len)
 113                                die("insanely long symlink %s", template);
 114                        lnk[len] = 0;
 115                        if (symlink(lnk, path))
 116                                die("cannot symlink %s %s", lnk, path);
 117                }
 118                else if (S_ISREG(st_template.st_mode)) {
 119                        if (copy_file(path, template, st_template.st_mode))
 120                                die("cannot copy %s to %s", template, path);
 121                }
 122                else
 123                        error("ignoring template %s", template);
 124        }
 125}
 126
 127static void copy_templates(const char *git_dir, int len, const char *template_dir)
 128{
 129        char path[PATH_MAX];
 130        char template_path[PATH_MAX];
 131        int template_len;
 132        DIR *dir;
 133
 134        if (!template_dir) {
 135                template_dir = getenv(TEMPLATE_DIR_ENVIRONMENT);
 136                if (!template_dir)
 137                        template_dir = DEFAULT_GIT_TEMPLATE_DIR;
 138        }
 139        strcpy(template_path, template_dir);
 140        template_len = strlen(template_path);
 141        if (template_path[template_len-1] != '/') {
 142                template_path[template_len++] = '/';
 143                template_path[template_len] = 0;
 144        }
 145        dir = opendir(template_path);
 146        if (!dir) {
 147                fprintf(stderr, "warning: templates not found %s\n",
 148                        template_dir);
 149                return;
 150        }
 151
 152        /* Make sure that template is from the correct vintage */
 153        strcpy(template_path + template_len, "config");
 154        repository_format_version = 0;
 155        git_config_from_file(check_repository_format_version,
 156                             template_path);
 157        template_path[template_len] = 0;
 158
 159        if (repository_format_version &&
 160            repository_format_version != GIT_REPO_VERSION) {
 161                fprintf(stderr, "warning: not copying templates of "
 162                        "a wrong format version %d from '%s'\n",
 163                        repository_format_version,
 164                        template_dir);
 165                closedir(dir);
 166                return;
 167        }
 168
 169        memcpy(path, git_dir, len);
 170        path[len] = 0;
 171        copy_templates_1(path, len,
 172                         template_path, template_len,
 173                         dir);
 174        closedir(dir);
 175}
 176
 177/*
 178 * Get the full path to the working tree specified in $GIT_WORK_TREE
 179 * or NULL if no working tree is specified.
 180 */
 181static const char *get_work_tree(void)
 182{
 183        const char *git_work_tree;
 184        char cwd[PATH_MAX];
 185        static char worktree[PATH_MAX];
 186
 187        git_work_tree = getenv(GIT_WORK_TREE_ENVIRONMENT);
 188        if (!git_work_tree)
 189                return NULL;
 190        if (!getcwd(cwd, sizeof(cwd)))
 191                die("Unable to read current working directory");
 192        if (chdir(git_work_tree))
 193                die("Cannot change directory to specified working tree '%s'",
 194                        git_work_tree);
 195        if (git_work_tree[0] != '/') {
 196                if (!getcwd(worktree, sizeof(worktree)))
 197                        die("Unable to read current working directory");
 198                git_work_tree = worktree;
 199        }
 200        if (chdir(cwd))
 201                die("Cannot come back to cwd");
 202        return git_work_tree;
 203}
 204
 205static int create_default_files(const char *git_dir, const char *git_work_tree,
 206        const char *template_path)
 207{
 208        unsigned len = strlen(git_dir);
 209        static char path[PATH_MAX];
 210        unsigned char sha1[20];
 211        struct stat st1;
 212        char repo_version_string[10];
 213        int reinit;
 214        int filemode;
 215
 216        if (len > sizeof(path)-50)
 217                die("insane git directory %s", git_dir);
 218        memcpy(path, git_dir, len);
 219
 220        if (len && path[len-1] != '/')
 221                path[len++] = '/';
 222
 223        /*
 224         * Create .git/refs/{heads,tags}
 225         */
 226        strcpy(path + len, "refs");
 227        safe_create_dir(path, 1);
 228        strcpy(path + len, "refs/heads");
 229        safe_create_dir(path, 1);
 230        strcpy(path + len, "refs/tags");
 231        safe_create_dir(path, 1);
 232
 233        /* First copy the templates -- we might have the default
 234         * config file there, in which case we would want to read
 235         * from it after installing.
 236         */
 237        path[len] = 0;
 238        copy_templates(path, len, template_path);
 239
 240        git_config(git_default_config);
 241
 242        /*
 243         * We would have created the above under user's umask -- under
 244         * shared-repository settings, we would need to fix them up.
 245         */
 246        if (shared_repository) {
 247                path[len] = 0;
 248                adjust_shared_perm(path);
 249                strcpy(path + len, "refs");
 250                adjust_shared_perm(path);
 251                strcpy(path + len, "refs/heads");
 252                adjust_shared_perm(path);
 253                strcpy(path + len, "refs/tags");
 254                adjust_shared_perm(path);
 255        }
 256
 257        /*
 258         * Create the default symlink from ".git/HEAD" to the "master"
 259         * branch, if it does not exist yet.
 260         */
 261        strcpy(path + len, "HEAD");
 262        reinit = !read_ref("HEAD", sha1);
 263        if (!reinit) {
 264                if (create_symref("HEAD", "refs/heads/master", NULL) < 0)
 265                        exit(1);
 266        }
 267
 268        /* This forces creation of new config file */
 269        sprintf(repo_version_string, "%d", GIT_REPO_VERSION);
 270        git_config_set("core.repositoryformatversion", repo_version_string);
 271
 272        path[len] = 0;
 273        strcpy(path + len, "config");
 274
 275        /* Check filemode trustability */
 276        filemode = TEST_FILEMODE;
 277        if (TEST_FILEMODE && !lstat(path, &st1)) {
 278                struct stat st2;
 279                filemode = (!chmod(path, st1.st_mode ^ S_IXUSR) &&
 280                                !lstat(path, &st2) &&
 281                                st1.st_mode != st2.st_mode);
 282        }
 283        git_config_set("core.filemode", filemode ? "true" : "false");
 284
 285        if (is_bare_repository() && !git_work_tree) {
 286                git_config_set("core.bare", "true");
 287        }
 288        else {
 289                git_config_set("core.bare", "false");
 290                /* allow template config file to override the default */
 291                if (log_all_ref_updates == -1)
 292                    git_config_set("core.logallrefupdates", "true");
 293                if (git_work_tree)
 294                        git_config_set("core.worktree", git_work_tree);
 295        }
 296        return reinit;
 297}
 298
 299static const char init_db_usage[] =
 300"git-init [-q | --quiet] [--template=<template-directory>] [--shared]";
 301
 302/*
 303 * If you want to, you can share the DB area with any number of branches.
 304 * That has advantages: you can save space by sharing all the SHA1 objects.
 305 * On the other hand, it might just make lookup slower and messier. You
 306 * be the judge.  The default case is to have one DB per managed directory.
 307 */
 308int cmd_init_db(int argc, const char **argv, const char *prefix)
 309{
 310        const char *git_dir;
 311        const char *git_work_tree;
 312        const char *sha1_dir;
 313        const char *template_dir = NULL;
 314        char *path;
 315        int len, i, reinit;
 316        int quiet = 0;
 317
 318        for (i = 1; i < argc; i++, argv++) {
 319                const char *arg = argv[1];
 320                if (!prefixcmp(arg, "--template="))
 321                        template_dir = arg+11;
 322                else if (!strcmp(arg, "--shared"))
 323                        shared_repository = PERM_GROUP;
 324                else if (!prefixcmp(arg, "--shared="))
 325                        shared_repository = git_config_perm("arg", arg+9);
 326                else if (!strcmp(arg, "-q") || !strcmp(arg, "--quiet"))
 327                        quiet = 1;
 328                else
 329                        usage(init_db_usage);
 330        }
 331
 332        git_work_tree = get_work_tree();
 333
 334        /*
 335         * Set up the default .git directory contents
 336         */
 337        git_dir = getenv(GIT_DIR_ENVIRONMENT);
 338        if (!git_dir)
 339                git_dir = DEFAULT_GIT_DIR_ENVIRONMENT;
 340        safe_create_dir(git_dir, 0);
 341
 342        /* Check to see if the repository version is right.
 343         * Note that a newly created repository does not have
 344         * config file, so this will not fail.  What we are catching
 345         * is an attempt to reinitialize new repository with an old tool.
 346         */
 347        check_repository_format();
 348
 349        reinit = create_default_files(git_dir, git_work_tree, template_dir);
 350
 351        /*
 352         * And set up the object store.
 353         */
 354        sha1_dir = get_object_directory();
 355        len = strlen(sha1_dir);
 356        path = xmalloc(len + 40);
 357        memcpy(path, sha1_dir, len);
 358
 359        safe_create_dir(sha1_dir, 1);
 360        strcpy(path+len, "/pack");
 361        safe_create_dir(path, 1);
 362        strcpy(path+len, "/info");
 363        safe_create_dir(path, 1);
 364
 365        if (shared_repository) {
 366                char buf[10];
 367                /* We do not spell "group" and such, so that
 368                 * the configuration can be read by older version
 369                 * of git.
 370                 */
 371                sprintf(buf, "%d", shared_repository);
 372                git_config_set("core.sharedrepository", buf);
 373                git_config_set("receive.denyNonFastforwards", "true");
 374        }
 375
 376        if (!quiet)
 377                printf("%s%s Git repository in %s/\n",
 378                       reinit ? "Reinitialized existing" : "Initialized empty",
 379                       shared_repository ? " shared" : "",
 380                       git_dir);
 381
 382        return 0;
 383}