Sign Up
Log In
Log In
or
Sign Up
Places
All Projects
Status Monitor
Collapse sidebar
SUSE:SLE-15-SP1:GA
libgit2.34826
0007-repo-make-ownership-checks-optional.patch
Overview
Repositories
Revisions
Requests
Users
Attributes
Meta
File 0007-repo-make-ownership-checks-optional.patch of Package libgit2.34826
From b58e9053b43f8487b1bf523b2259f76cb868105d Mon Sep 17 00:00:00 2001 From: Edward Thomson <ethomson@edwardthomson.com> Date: Mon, 11 Apr 2022 21:31:25 -0400 Subject: [PATCH 07/20] repo: make ownership checks optional Introduce the `GIT_OPT_SET_OWNER_VALIDATION` option, so that users can disable repository ownership validation. --- include/git2/common.h | 12 +++++++++++- src/libgit2.c | 8 ++++++++ src/repository.c | 4 +++- src/repository.h | 1 + tests/clar_libgit2.c | 5 +++++ tests/clar_libgit2.h | 1 + tests/main.c | 1 + tests/repo/open.c | 10 ++++++++++ 8 files changed, 40 insertions(+), 2 deletions(-) diff --git a/include/git2/common.h b/include/git2/common.h index 2ee829025..134ae6024 100644 --- a/include/git2/common.h +++ b/include/git2/common.h @@ -211,7 +211,9 @@ typedef enum { # GIT_OPT_SET_ODB_PACKED_PRIORITY, # GIT_OPT_SET_ODB_LOOSE_PRIORITY, # GIT_OPT_GET_EXTENSIONS, #- GIT_OPT_SET_EXTENSIONS #+ GIT_OPT_SET_EXTENSIONS, # GIT_OPT_SET_ALLOCATOR, # GIT_OPT_ENABLE_UNSAVED_INDEX_SAFETY, # GIT_OPT_GET_PACK_MAX_OBJECTS, #- GIT_OPT_SET_PACK_MAX_OBJECTS GIT_OPT_ENABLE_FSYNC_GITDIR, GIT_OPT_GET_WINDOWS_SHAREMODE, GIT_OPT_SET_WINDOWS_SHAREMODE, - GIT_OPT_ENABLE_STRICT_HASH_VERIFICATION, + GIT_OPT_ENABLE_STRICT_HASH_VERIFICATION, + GIT_OPT_GET_OWNER_VALIDATION, + GIT_OPT_SET_OWNER_VALIDATION } git_libgit2_opt_t; /** @@ -449,6 +451,14 @@ typedef enum { # * > to support repositories with the `noop` extension but does want # * > to support repositories with the `newext` extension. # * > Set the maximum number of objects libgit2 will allow in a pack # * > file when downloading a pack file from a remote. * > additional checksum calculation on each object. This defaults * > to enabled. * + * opts(GIT_OPT_GET_OWNER_VALIDATION, int *enabled) + * > Gets the owner validation setting for repository + * > directories. + * + * opts(GIT_OPT_SET_OWNER_VALIDATION, int enabled) + * > Set that repository directories should be owned by the current + * > user. The default is to validate ownership. + * * @param option Option key * @param ... value to set the option * @return 0 on success, <0 on failure #diff --git a/src/libgit2.c b/src/libgit2.c diff --git a/src/settings.c b/src/settings.c index cc793b458..dc73fba8b 100644 #--- a/src/libgit2.c #+++ b/src/libgit2.c --- a/src/settings.c +++ b/src/settings.c @@ -390,6 +390,14 @@ int git_libgit2_opts(int key, ...) # } # *(va_arg(ap, size_t *)) = git_indexer__max_objects; git_odb__strict_hash_verification = (va_arg(ap, int) != 0); break; + case GIT_OPT_GET_OWNER_VALIDATION: + *(va_arg(ap, int *)) = git_repository__validate_ownership; + break; + + case GIT_OPT_SET_OWNER_VALIDATION: + git_repository__validate_ownership = (va_arg(ap, int) != 0); + break; + default: # giterr_set(GIT_ERROR_INVALID, "invalid option key"); giterr_set(GITERR_INVALID, "invalid option key"); error = -1; diff --git a/src/repository.c b/src/repository.c index ac2581167..cc69d9692 100644 --- a/src/repository.c +++ b/src/repository.c @@ -38,6 +38,7 @@ # include "win32/w32_util.h" #endif +bool git_repository__validate_ownership = true; bool git_repository__fsync_gitdir = false; static const struct { @@ -976,7 +977,8 @@ int git_repository_open_ext( */ validation_path = repo->is_bare ? repo->gitdir : repo->workdir; - if ((error = validate_ownership(validation_path)) < 0) + if (git_repository__validate_ownership && + (error = validate_ownership(validation_path)) < 0) goto cleanup; cleanup: diff --git a/src/repository.h b/src/repository.h index cbc160140..b0c326a14 100644 --- a/src/repository.h +++ b/src/repository.h @@ -34,6 +34,7 @@ #define GIT_DIR_SHORTNAME "GIT~1" extern bool git_repository__fsync_gitdir; +extern bool git_repository__validate_ownership; /** Cvar cache identifiers */ typedef enum { diff --git a/tests/clar_libgit2.c b/tests/clar_libgit2.c index c4550c32a..3b2473cdc 100644 --- a/tests/clar_libgit2.c +++ b/tests/clar_libgit2.c @@ -603,6 +603,11 @@ void cl_sandbox_set_search_path_defaults(void) # git_buf_dispose(&path); # } # # void cl_sandbox_set_search_path_defaults(void); # git_buf_dispose(&path); git_buf_free(&path); } +void cl_sandbox_disable_ownership_validation(void) +{ + git_libgit2_opts(GIT_OPT_SET_OWNER_VALIDATION, 0); +} + #ifdef GIT_WIN32 bool cl_sandbox_supports_8dot3(void) { diff --git a/tests/clar_libgit2.h b/tests/clar_libgit2.h index e3b7bd9f8..da3f41524 100644 --- a/tests/clar_libgit2.h +++ b/tests/clar_libgit2.h @@ -222,6 +222,7 @@ void cl_fake_home(void); void cl_fake_home_cleanup(void *); void cl_sandbox_set_search_path_defaults(void); +void cl_sandbox_disable_ownership_validation(void); #ifdef GIT_WIN32 # # define cl_msleep(x) Sleep(x) bool cl_sandbox_supports_8dot3(void); diff --git a/tests/main.c b/tests/main.c index 56751c288..d879073a8 100644 --- a/tests/main.c +++ b/tests/main.c @@ -26,6 +26,7 @@ int main(int argc, char *argv[]) # git_libgit2_init(); cl_global_trace_register(); cl_sandbox_set_search_path_defaults(); + cl_sandbox_disable_ownership_validation(); /* Run the test suite */ res = clar_test_run(); diff --git a/tests/repo/open.c b/tests/repo/open.c index f23ba1c18..a2f006c0d 100644 --- a/tests/repo/open.c +++ b/tests/repo/open.c @@ -3,11 +3,13 @@ #include "sysdir.h" #include <ctype.h> +static int validate_ownership = 0; static git_buf config_path = GIT_BUF_INIT; void test_repo_open__initialize(void) { cl_git_pass(git_libgit2_opts(GIT_OPT_GET_SEARCH_PATH, GIT_CONFIG_LEVEL_GLOBAL, &config_path)); + cl_git_pass(git_libgit2_opts(GIT_OPT_GET_OWNER_VALIDATION, &validate_ownership)); } void test_repo_open__cleanup(void) @@ -23,6 +25,8 @@ void test_repo_open__cleanup(void) cl_git_pass(git_libgit2_opts(GIT_OPT_SET_SEARCH_PATH, GIT_CONFIG_LEVEL_GLOBAL, config_path.ptr)); git_buf_free(&config_path); + + cl_git_pass(git_libgit2_opts(GIT_OPT_SET_OWNER_VALIDATION, validate_ownership)); } void test_repo_open__bare_empty_repo(void) @@ -470,6 +474,8 @@ void test_repo_open__validates_dir_ownership(void) { git_repository *repo; + cl_git_pass(git_libgit2_opts(GIT_OPT_SET_OWNER_VALIDATION, 1)); + cl_fixture_sandbox("empty_standard_repo"); cl_git_pass(cl_rename("empty_standard_repo/.gitted", "empty_standard_repo/.git")); @@ -494,6 +500,8 @@ void test_repo_open__can_allowlist_dirs_with_problematic_ownership(void) config_filename = GIT_BUF_INIT, config_data = GIT_BUF_INIT; + cl_git_pass(git_libgit2_opts(GIT_OPT_SET_OWNER_VALIDATION, 1)); + cl_fixture_sandbox("empty_standard_repo"); cl_git_pass(cl_rename("empty_standard_repo/.gitted", "empty_standard_repo/.git")); @@ -537,6 +545,8 @@ void test_repo_open__can_reset_safe_directory_list(void) config_filename = GIT_BUF_INIT, config_data = GIT_BUF_INIT; + cl_git_pass(git_libgit2_opts(GIT_OPT_SET_OWNER_VALIDATION, 1)); + cl_fixture_sandbox("empty_standard_repo"); cl_git_pass(cl_rename("empty_standard_repo/.gitted", "empty_standard_repo/.git")); -- 2.37.1
Locations
Projects
Search
Status Monitor
Help
OpenBuildService.org
Documentation
API Documentation
Code of Conduct
Contact
Support
@OBShq
Terms
openSUSE Build Service is sponsored by
The Open Build Service is an
openSUSE project
.
Sign Up
Log In
Places
Places
All Projects
Status Monitor