Merge branch 'js/safe-directory-plus'
Platform-specific code that determines if a directory is OK to use as a repository has been taught to report more details, especially on Windows. * js/safe-directory-plus: mingw: handle a file owned by the Administrators group correctly mingw: be more informative when ownership check fails on FAT32 mingw: provide details about unsafe directories' ownership setup: prepare for more detailed "dubious ownership" messages setup: fix some formatting
This commit is contained in:
commit
7fac7b563b
@ -1,6 +1,7 @@
|
||||
#include "../git-compat-util.h"
|
||||
#include "win32.h"
|
||||
#include <aclapi.h>
|
||||
#include <sddl.h>
|
||||
#include <conio.h>
|
||||
#include <wchar.h>
|
||||
#include "../strbuf.h"
|
||||
@ -2670,7 +2671,22 @@ static PSID get_current_user_sid(void)
|
||||
return result;
|
||||
}
|
||||
|
||||
int is_path_owned_by_current_sid(const char *path)
|
||||
static int acls_supported(const char *path)
|
||||
{
|
||||
size_t offset = offset_1st_component(path);
|
||||
WCHAR wroot[MAX_PATH];
|
||||
DWORD file_system_flags;
|
||||
|
||||
if (offset &&
|
||||
xutftowcsn(wroot, path, MAX_PATH, offset) > 0 &&
|
||||
GetVolumeInformationW(wroot, NULL, 0, NULL, NULL,
|
||||
&file_system_flags, NULL, 0))
|
||||
return !!(file_system_flags & FILE_PERSISTENT_ACLS);
|
||||
|
||||
return 0;
|
||||
}
|
||||
|
||||
int is_path_owned_by_current_sid(const char *path, struct strbuf *report)
|
||||
{
|
||||
WCHAR wpath[MAX_PATH];
|
||||
PSID sid = NULL;
|
||||
@ -2709,6 +2725,7 @@ int is_path_owned_by_current_sid(const char *path)
|
||||
else if (sid && IsValidSid(sid)) {
|
||||
/* Now, verify that the SID matches the current user's */
|
||||
static PSID current_user_sid;
|
||||
BOOL is_member;
|
||||
|
||||
if (!current_user_sid)
|
||||
current_user_sid = get_current_user_sid();
|
||||
@ -2717,6 +2734,46 @@ int is_path_owned_by_current_sid(const char *path)
|
||||
IsValidSid(current_user_sid) &&
|
||||
EqualSid(sid, current_user_sid))
|
||||
result = 1;
|
||||
else if (IsWellKnownSid(sid, WinBuiltinAdministratorsSid) &&
|
||||
CheckTokenMembership(NULL, sid, &is_member) &&
|
||||
is_member)
|
||||
/*
|
||||
* If owned by the Administrators group, and the
|
||||
* current user is an administrator, we consider that
|
||||
* okay, too.
|
||||
*/
|
||||
result = 1;
|
||||
else if (report &&
|
||||
IsWellKnownSid(sid, WinWorldSid) &&
|
||||
!acls_supported(path)) {
|
||||
/*
|
||||
* On FAT32 volumes, ownership is not actually recorded.
|
||||
*/
|
||||
strbuf_addf(report, "'%s' is on a file system that does"
|
||||
"not record ownership\n", path);
|
||||
} else if (report) {
|
||||
LPSTR str1, str2, to_free1 = NULL, to_free2 = NULL;
|
||||
|
||||
if (ConvertSidToStringSidA(sid, &str1))
|
||||
to_free1 = str1;
|
||||
else
|
||||
str1 = "(inconvertible)";
|
||||
|
||||
if (!current_user_sid)
|
||||
str2 = "(none)";
|
||||
else if (!IsValidSid(current_user_sid))
|
||||
str2 = "(invalid)";
|
||||
else if (ConvertSidToStringSidA(current_user_sid, &str2))
|
||||
to_free2 = str2;
|
||||
else
|
||||
str2 = "(inconvertible)";
|
||||
strbuf_addf(report,
|
||||
"'%s' is owned by:\n"
|
||||
"\t'%s'\nbut the current user is:\n"
|
||||
"\t'%s'\n", path, str1, str2);
|
||||
LocalFree(to_free1);
|
||||
LocalFree(to_free2);
|
||||
}
|
||||
}
|
||||
|
||||
/*
|
||||
|
@ -463,7 +463,7 @@ char *mingw_query_user_email(void);
|
||||
* Verifies that the specified path is owned by the user running the
|
||||
* current process.
|
||||
*/
|
||||
int is_path_owned_by_current_sid(const char *path);
|
||||
int is_path_owned_by_current_sid(const char *path, struct strbuf *report);
|
||||
#define is_path_owned_by_current_user is_path_owned_by_current_sid
|
||||
|
||||
/**
|
||||
|
@ -23,6 +23,9 @@
|
||||
#include <crtdbg.h>
|
||||
#endif
|
||||
|
||||
struct strbuf;
|
||||
|
||||
|
||||
#define _FILE_OFFSET_BITS 64
|
||||
|
||||
|
||||
@ -487,7 +490,7 @@ static inline void extract_id_from_env(const char *env, uid_t *id)
|
||||
}
|
||||
}
|
||||
|
||||
static inline int is_path_owned_by_current_uid(const char *path)
|
||||
static inline int is_path_owned_by_current_uid(const char *path, struct strbuf *report)
|
||||
{
|
||||
struct stat st;
|
||||
uid_t euid;
|
||||
|
30
setup.c
30
setup.c
@ -1142,16 +1142,17 @@ static int safe_directory_cb(const char *key, const char *value, void *d)
|
||||
* added, for bare ones their git directory.
|
||||
*/
|
||||
static int ensure_valid_ownership(const char *gitfile,
|
||||
const char *worktree, const char *gitdir)
|
||||
const char *worktree, const char *gitdir,
|
||||
struct strbuf *report)
|
||||
{
|
||||
struct safe_directory_data data = {
|
||||
.path = worktree ? worktree : gitdir
|
||||
};
|
||||
|
||||
if (!git_env_bool("GIT_TEST_ASSUME_DIFFERENT_OWNER", 0) &&
|
||||
(!gitfile || is_path_owned_by_current_user(gitfile)) &&
|
||||
(!worktree || is_path_owned_by_current_user(worktree)) &&
|
||||
(!gitdir || is_path_owned_by_current_user(gitdir)))
|
||||
(!gitfile || is_path_owned_by_current_user(gitfile, report)) &&
|
||||
(!worktree || is_path_owned_by_current_user(worktree, report)) &&
|
||||
(!gitdir || is_path_owned_by_current_user(gitdir, report)))
|
||||
return 1;
|
||||
|
||||
/*
|
||||
@ -1232,6 +1233,7 @@ enum discovery_result {
|
||||
*/
|
||||
static enum discovery_result setup_git_directory_gently_1(struct strbuf *dir,
|
||||
struct strbuf *gitdir,
|
||||
struct strbuf *report,
|
||||
int die_on_error)
|
||||
{
|
||||
const char *env_ceiling_dirs = getenv(CEILING_DIRECTORIES_ENVIRONMENT);
|
||||
@ -1316,10 +1318,11 @@ static enum discovery_result setup_git_directory_gently_1(struct strbuf *dir,
|
||||
strbuf_setlen(dir, offset);
|
||||
if (gitdirenv) {
|
||||
enum discovery_result ret;
|
||||
const char *gitdir_candidate =
|
||||
gitdir_path ? gitdir_path : gitdirenv;
|
||||
|
||||
if (ensure_valid_ownership(gitfile,
|
||||
dir->buf,
|
||||
(gitdir_path ? gitdir_path : gitdirenv))) {
|
||||
if (ensure_valid_ownership(gitfile, dir->buf,
|
||||
gitdir_candidate, report)) {
|
||||
strbuf_addstr(gitdir, gitdirenv);
|
||||
ret = GIT_DIR_DISCOVERED;
|
||||
} else
|
||||
@ -1344,7 +1347,7 @@ static enum discovery_result setup_git_directory_gently_1(struct strbuf *dir,
|
||||
if (is_git_directory(dir->buf)) {
|
||||
if (get_allowed_bare_repo() == ALLOWED_BARE_REPO_EXPLICIT)
|
||||
return GIT_DIR_DISALLOWED_BARE;
|
||||
if (!ensure_valid_ownership(NULL, NULL, dir->buf))
|
||||
if (!ensure_valid_ownership(NULL, NULL, dir->buf, report))
|
||||
return GIT_DIR_INVALID_OWNERSHIP;
|
||||
strbuf_addstr(gitdir, ".");
|
||||
return GIT_DIR_BARE;
|
||||
@ -1377,7 +1380,7 @@ int discover_git_directory(struct strbuf *commondir,
|
||||
return -1;
|
||||
|
||||
cwd_len = dir.len;
|
||||
if (setup_git_directory_gently_1(&dir, gitdir, 0) <= 0) {
|
||||
if (setup_git_directory_gently_1(&dir, gitdir, NULL, 0) <= 0) {
|
||||
strbuf_release(&dir);
|
||||
return -1;
|
||||
}
|
||||
@ -1424,7 +1427,7 @@ int discover_git_directory(struct strbuf *commondir,
|
||||
const char *setup_git_directory_gently(int *nongit_ok)
|
||||
{
|
||||
static struct strbuf cwd = STRBUF_INIT;
|
||||
struct strbuf dir = STRBUF_INIT, gitdir = STRBUF_INIT;
|
||||
struct strbuf dir = STRBUF_INIT, gitdir = STRBUF_INIT, report = STRBUF_INIT;
|
||||
const char *prefix = NULL;
|
||||
struct repository_format repo_fmt = REPOSITORY_FORMAT_INIT;
|
||||
|
||||
@ -1449,7 +1452,7 @@ const char *setup_git_directory_gently(int *nongit_ok)
|
||||
die_errno(_("Unable to read current working directory"));
|
||||
strbuf_addbuf(&dir, &cwd);
|
||||
|
||||
switch (setup_git_directory_gently_1(&dir, &gitdir, 1)) {
|
||||
switch (setup_git_directory_gently_1(&dir, &gitdir, &report, 1)) {
|
||||
case GIT_DIR_EXPLICIT:
|
||||
prefix = setup_explicit_git_dir(gitdir.buf, &cwd, &repo_fmt, nongit_ok);
|
||||
break;
|
||||
@ -1481,12 +1484,14 @@ const char *setup_git_directory_gently(int *nongit_ok)
|
||||
if (!nongit_ok) {
|
||||
struct strbuf quoted = STRBUF_INIT;
|
||||
|
||||
strbuf_complete(&report, '\n');
|
||||
sq_quote_buf_pretty("ed, dir.buf);
|
||||
die(_("detected dubious ownership in repository at '%s'\n"
|
||||
"%s"
|
||||
"To add an exception for this directory, call:\n"
|
||||
"\n"
|
||||
"\tgit config --global --add safe.directory %s"),
|
||||
dir.buf, quoted.buf);
|
||||
dir.buf, report.buf, quoted.buf);
|
||||
}
|
||||
*nongit_ok = 1;
|
||||
break;
|
||||
@ -1573,6 +1578,7 @@ const char *setup_git_directory_gently(int *nongit_ok)
|
||||
|
||||
strbuf_release(&dir);
|
||||
strbuf_release(&gitdir);
|
||||
strbuf_release(&report);
|
||||
clear_repository_format(&repo_fmt);
|
||||
|
||||
return prefix;
|
||||
|
Loading…
Reference in New Issue
Block a user