summaryrefslogtreecommitdiff
diff options
context:
space:
mode:
authorJunio C Hamano <gitster@pobox.com>2022-08-26 18:13:12 (GMT)
committerJunio C Hamano <gitster@pobox.com>2022-08-26 18:13:12 (GMT)
commit10f9eab3473c568264e0f2437d7031c5bb6bb443 (patch)
tree0bae9db3abf709d6559d657ba483fcfe7a8110d1
parent6283c1e6ad2b37be2ec2c312434ff5aebd899ba5 (diff)
parent3f7207e2ea967fd2b46d9e0ae85246e93b38ed58 (diff)
downloadgit-10f9eab3473c568264e0f2437d7031c5bb6bb443.zip
git-10f9eab3473c568264e0f2437d7031c5bb6bb443.tar.gz
git-10f9eab3473c568264e0f2437d7031c5bb6bb443.tar.bz2
Merge branch 'js/safe-directory-plus' into maint
Platform-specific code that determines if a directory is OK to use as a repository has been taught to report more details, especially on Windows. source: <pull.1286.v2.git.1659965270.gitgitgadget@gmail.com> * js/safe-directory-plus: mingw: handle a file owned by the Administrators group correctly mingw: be more informative when ownership check fails on FAT32 mingw: provide details about unsafe directories' ownership setup: prepare for more detailed "dubious ownership" messages setup: fix some formatting
-rw-r--r--compat/mingw.c59
-rw-r--r--compat/mingw.h2
-rw-r--r--git-compat-util.h5
-rw-r--r--setup.c30
4 files changed, 81 insertions, 15 deletions
diff --git a/compat/mingw.c b/compat/mingw.c
index c5ca4eb..901375d 100644
--- a/compat/mingw.c
+++ b/compat/mingw.c
@@ -1,6 +1,7 @@
#include "../git-compat-util.h"
#include "win32.h"
#include <aclapi.h>
+#include <sddl.h>
#include <conio.h>
#include <wchar.h>
#include "../strbuf.h"
@@ -2670,7 +2671,22 @@ static PSID get_current_user_sid(void)
return result;
}
-int is_path_owned_by_current_sid(const char *path)
+static int acls_supported(const char *path)
+{
+ size_t offset = offset_1st_component(path);
+ WCHAR wroot[MAX_PATH];
+ DWORD file_system_flags;
+
+ if (offset &&
+ xutftowcsn(wroot, path, MAX_PATH, offset) > 0 &&
+ GetVolumeInformationW(wroot, NULL, 0, NULL, NULL,
+ &file_system_flags, NULL, 0))
+ return !!(file_system_flags & FILE_PERSISTENT_ACLS);
+
+ return 0;
+}
+
+int is_path_owned_by_current_sid(const char *path, struct strbuf *report)
{
WCHAR wpath[MAX_PATH];
PSID sid = NULL;
@@ -2709,6 +2725,7 @@ int is_path_owned_by_current_sid(const char *path)
else if (sid && IsValidSid(sid)) {
/* Now, verify that the SID matches the current user's */
static PSID current_user_sid;
+ BOOL is_member;
if (!current_user_sid)
current_user_sid = get_current_user_sid();
@@ -2717,6 +2734,46 @@ int is_path_owned_by_current_sid(const char *path)
IsValidSid(current_user_sid) &&
EqualSid(sid, current_user_sid))
result = 1;
+ else if (IsWellKnownSid(sid, WinBuiltinAdministratorsSid) &&
+ CheckTokenMembership(NULL, sid, &is_member) &&
+ is_member)
+ /*
+ * If owned by the Administrators group, and the
+ * current user is an administrator, we consider that
+ * okay, too.
+ */
+ result = 1;
+ else if (report &&
+ IsWellKnownSid(sid, WinWorldSid) &&
+ !acls_supported(path)) {
+ /*
+ * On FAT32 volumes, ownership is not actually recorded.
+ */
+ strbuf_addf(report, "'%s' is on a file system that does"
+ "not record ownership\n", path);
+ } else if (report) {
+ LPSTR str1, str2, to_free1 = NULL, to_free2 = NULL;
+
+ if (ConvertSidToStringSidA(sid, &str1))
+ to_free1 = str1;
+ else
+ str1 = "(inconvertible)";
+
+ if (!current_user_sid)
+ str2 = "(none)";
+ else if (!IsValidSid(current_user_sid))
+ str2 = "(invalid)";
+ else if (ConvertSidToStringSidA(current_user_sid, &str2))
+ to_free2 = str2;
+ else
+ str2 = "(inconvertible)";
+ strbuf_addf(report,
+ "'%s' is owned by:\n"
+ "\t'%s'\nbut the current user is:\n"
+ "\t'%s'\n", path, str1, str2);
+ LocalFree(to_free1);
+ LocalFree(to_free2);
+ }
}
/*
diff --git a/compat/mingw.h b/compat/mingw.h
index a74da68..209cf7c 100644
--- a/compat/mingw.h
+++ b/compat/mingw.h
@@ -463,7 +463,7 @@ char *mingw_query_user_email(void);
* Verifies that the specified path is owned by the user running the
* current process.
*/
-int is_path_owned_by_current_sid(const char *path);
+int is_path_owned_by_current_sid(const char *path, struct strbuf *report);
#define is_path_owned_by_current_user is_path_owned_by_current_sid
/**
diff --git a/git-compat-util.h b/git-compat-util.h
index 58d7708..36a25ae 100644
--- a/git-compat-util.h
+++ b/git-compat-util.h
@@ -23,6 +23,9 @@
#include <crtdbg.h>
#endif
+struct strbuf;
+
+
#define _FILE_OFFSET_BITS 64
@@ -487,7 +490,7 @@ static inline void extract_id_from_env(const char *env, uid_t *id)
}
}
-static inline int is_path_owned_by_current_uid(const char *path)
+static inline int is_path_owned_by_current_uid(const char *path, struct strbuf *report)
{
struct stat st;
uid_t euid;
diff --git a/setup.c b/setup.c
index 09b6549..640f6ea 100644
--- a/setup.c
+++ b/setup.c
@@ -1138,16 +1138,17 @@ static int safe_directory_cb(const char *key, const char *value, void *d)
* added, for bare ones their git directory.
*/
static int ensure_valid_ownership(const char *gitfile,
- const char *worktree, const char *gitdir)
+ const char *worktree, const char *gitdir,
+ struct strbuf *report)
{
struct safe_directory_data data = {
.path = worktree ? worktree : gitdir
};
if (!git_env_bool("GIT_TEST_ASSUME_DIFFERENT_OWNER", 0) &&
- (!gitfile || is_path_owned_by_current_user(gitfile)) &&
- (!worktree || is_path_owned_by_current_user(worktree)) &&
- (!gitdir || is_path_owned_by_current_user(gitdir)))
+ (!gitfile || is_path_owned_by_current_user(gitfile, report)) &&
+ (!worktree || is_path_owned_by_current_user(worktree, report)) &&
+ (!gitdir || is_path_owned_by_current_user(gitdir, report)))
return 1;
/*
@@ -1187,6 +1188,7 @@ enum discovery_result {
*/
static enum discovery_result setup_git_directory_gently_1(struct strbuf *dir,
struct strbuf *gitdir,
+ struct strbuf *report,
int die_on_error)
{
const char *env_ceiling_dirs = getenv(CEILING_DIRECTORIES_ENVIRONMENT);
@@ -1271,10 +1273,11 @@ static enum discovery_result setup_git_directory_gently_1(struct strbuf *dir,
strbuf_setlen(dir, offset);
if (gitdirenv) {
enum discovery_result ret;
+ const char *gitdir_candidate =
+ gitdir_path ? gitdir_path : gitdirenv;
- if (ensure_valid_ownership(gitfile,
- dir->buf,
- (gitdir_path ? gitdir_path : gitdirenv))) {
+ if (ensure_valid_ownership(gitfile, dir->buf,
+ gitdir_candidate, report)) {
strbuf_addstr(gitdir, gitdirenv);
ret = GIT_DIR_DISCOVERED;
} else
@@ -1297,7 +1300,7 @@ static enum discovery_result setup_git_directory_gently_1(struct strbuf *dir,
}
if (is_git_directory(dir->buf)) {
- if (!ensure_valid_ownership(NULL, NULL, dir->buf))
+ if (!ensure_valid_ownership(NULL, NULL, dir->buf, report))
return GIT_DIR_INVALID_OWNERSHIP;
strbuf_addstr(gitdir, ".");
return GIT_DIR_BARE;
@@ -1330,7 +1333,7 @@ int discover_git_directory(struct strbuf *commondir,
return -1;
cwd_len = dir.len;
- if (setup_git_directory_gently_1(&dir, gitdir, 0) <= 0) {
+ if (setup_git_directory_gently_1(&dir, gitdir, NULL, 0) <= 0) {
strbuf_release(&dir);
return -1;
}
@@ -1377,7 +1380,7 @@ int discover_git_directory(struct strbuf *commondir,
const char *setup_git_directory_gently(int *nongit_ok)
{
static struct strbuf cwd = STRBUF_INIT;
- struct strbuf dir = STRBUF_INIT, gitdir = STRBUF_INIT;
+ struct strbuf dir = STRBUF_INIT, gitdir = STRBUF_INIT, report = STRBUF_INIT;
const char *prefix = NULL;
struct repository_format repo_fmt = REPOSITORY_FORMAT_INIT;
@@ -1402,7 +1405,7 @@ const char *setup_git_directory_gently(int *nongit_ok)
die_errno(_("Unable to read current working directory"));
strbuf_addbuf(&dir, &cwd);
- switch (setup_git_directory_gently_1(&dir, &gitdir, 1)) {
+ switch (setup_git_directory_gently_1(&dir, &gitdir, &report, 1)) {
case GIT_DIR_EXPLICIT:
prefix = setup_explicit_git_dir(gitdir.buf, &cwd, &repo_fmt, nongit_ok);
break;
@@ -1434,12 +1437,14 @@ const char *setup_git_directory_gently(int *nongit_ok)
if (!nongit_ok) {
struct strbuf quoted = STRBUF_INIT;
+ strbuf_complete(&report, '\n');
sq_quote_buf_pretty(&quoted, dir.buf);
die(_("detected dubious ownership in repository at '%s'\n"
+ "%s"
"To add an exception for this directory, call:\n"
"\n"
"\tgit config --global --add safe.directory %s"),
- dir.buf, quoted.buf);
+ dir.buf, report.buf, quoted.buf);
}
*nongit_ok = 1;
break;
@@ -1518,6 +1523,7 @@ const char *setup_git_directory_gently(int *nongit_ok)
strbuf_release(&dir);
strbuf_release(&gitdir);
+ strbuf_release(&report);
clear_repository_format(&repo_fmt);
return prefix;