user/sven/git.git/path.c, branch v1.4.4.4

adjust_shared_perm: chmod() only when needed.

2006-11-06T02:36:36Z

When widening permission for files and directories in a 'shared' repository for a user with inappropriate umask() setting for shared work, make sure we call chmod() only when we actually need to. The primary idea owes credit to Johannes. Signed-off-by: Junio C Hamano

Allow multiple "git_path()" uses

2006-09-16T09:21:11Z

This allows you to maintain a few filesystem pathnames concurrently, by simply replacing the single static "pathname" buffer with a LRU of four buffers. We did exactly the same thing with sha1_to_hex(), for pretty much exactly the same reason. Sometimes you want to use two pathnames, and while it's easy enough to xstrdup() them, why not just do the LU buffer thing. Signed-off-by: Linus Torvalds Signed-off-by: Junio C Hamano

Rename safe_strncpy() to strlcpy().

2006-06-25T06:16:25Z

This cleans up the use of safe_strncpy() even more. Since it has the same semantics as strlcpy() use this name instead. Also move the definition from inside path.c to its own file compat/strlcpy.c, and use it conditionally at compile time, since some platforms already has strlcpy(). It's included in the same way as compat/setenv.c. Signed-off-by: Peter Eriksen Signed-off-by: Junio C Hamano

Merge branch 'js/diff'

2006-06-18T00:08:36Z

Implement safe_strncpy() as strlcpy() and use it more.

2006-06-17T05:45:12Z

Signed-off-by: Peter Eriksen Signed-off-by: Junio C Hamano

shared repository: optionally allow reading to "others".

2006-06-10T08:31:31Z

This enhances core.sharedrepository to have additionally specify that read and exec permissions to be given to others as well. It is useful when serving a repository via gitweb and git-daemon that runs as a user outside the project group. The configuration item can take the following values: [core] sharedrepository ; the same as "group" sharedrepository = true ; ditto sharedrepository = 1 ; ditto sharedrepository = group ; allow rwx to group sharedrepository = all ; allow rwx to group, allow rx to other sharedrepository = umask ; not shared - use umask It also extends "git init-db" to take "--shared=all" and friends from the command line. Signed-off-by: Junio C Hamano

shared repository - add a few missing calls to adjust_shared_perm().

2006-06-10T05:15:50Z

There were a few calls to adjust_shared_perm() that were missing: - init-db creates refs, refs/heads, and refs/tags before reading from templates that could specify sharedrepository in the config file; - updating config file created it under user's umask without adjusting; - updating refs created it under user's umask without adjusting; - switching branches created .git/HEAD under user's umask without adjusting. This moves adjust_shared_perm() from sha1_file.c to path.c, since a few SIMPLE_PROGRAM need to call repository configuration functions which in turn need to call adjust_shared_perm(). sha1_file.c needs to link with SHA1 computation library which is usually not linked to SIMPLE_PROGRAM. Signed-off-by: Junio C Hamano

[PATCH] daemon.c and path.enter_repo(): revamp path validation.

2005-12-04T07:17:42Z

The whitelist of git-daemon is checked against return value from enter_repo(), and enter_repo() used to return the value obtained from getcwd() to avoid directory aliasing issues as discussed earier (mid October 2005). Unfortunately, it did not go well as we hoped. For example, /pub on a kernel.org public machine is a symlink to its real mountpoint, and it is understandable that the administrator does not want to adjust the whitelist every time /pub needs to point at a different partition for storage allcation or whatever reasons. Being able to keep using /pub/scm as the whitelist is a desirable property. So this version of enter_repo() reports what it used to chdir() and validate, but does not use getcwd() to canonicalize the directory name. When it sees a user relative path ~user/path, it internally resolves it to try chdir() there, but it still reports ~user/path (possibly after appending .git if allowed to do so, in which case it would report ~user/path.git). What this means is that if a whitelist wants to allow a user relative path, it needs to say "~" (for all users) or list user home directories like "~alice" "~bob". And no, you cannot say /home if the advertised way to access user home directories are ~alice,~bob, etc. The whole point of this is to avoid unnecessary aliasing issues. Anyway, because of this, daemon needs to do a bit more work to guard itself. Namely, it needs to make sure that the accessor does not try to exploit its leading path match rule by inserting /../ in the middle or hanging /.. at the end. I resurrected the belts and suspender paranoia code HPA did for this purpose. This check cannot be done in the enter_repo() unconditionally, because there are valid callers of enter_repo() that want to honor /../; authorized users coming over ssh to run send-pack and fetch-pack should be allowed to do so. Signed-off-by: Junio C Hamano

Check repository format version in enter_repo().

2005-11-27T09:32:59Z

After daemon, upload-pack and receive-pack find out where the git directory is and chdir() there, make sure that repository is in a format we understand, after putenv("GIT_DIR=.") so that it knows to pick up the configuration file from there. Signed-off-by: Junio C Hamano

Fix "do not DWIM" patch to enter_repo"

2005-11-21T07:37:13Z

We wanted --strict to mean "do not DWIM", but the code required to see absolute path. daemon does its own path verification and chdirs to the verified repository, so enter_repo() called from upload-pack will always enter ".". Requiring absolute path does not make any sense. Signed-off-by: Junio C Hamano