repo: make ownership checks optional

Introduce the `GIT_OPT_SET_OWNER_VALIDATION` option, so that users can disable repository ownership validation.

repo: make ownership checks optional
Introduce the `GIT_OPT_SET_OWNER_VALIDATION` option, so that users can disable repository ownership validation.
b58e9053 · Edward Thomson · eb8c3e5d · b58e9053 · b58e9053 · b58e9053
Commit b58e9053 authored Apr 11, 2022 by Edward Thomson
Showing with 40 additions and 2 deletions

include/git2/common.h
+11 -1

src/libgit2.c
+8 -0

src/repository.c
+3 -1

src/repository.h
+1 -0

tests/clar_libgit2.c
+5 -0

tests/clar_libgit2.h
+1 -0

tests/main.c
+1 -0

tests/repo/open.c
+10 -0

No files found.
--- a/include/git2/common.h
+++ b/include/git2/common.h
@@ -211,7 +211,9 @@ typedef enum {
 	GIT_OPT_SET_ODB_PACKED_PRIORITY,
 	GIT_OPT_SET_ODB_LOOSE_PRIORITY,
 	GIT_OPT_GET_EXTENSIONS,
-	GIT_OPT_SET_EXTENSIONS
+	GIT_OPT_SET_EXTENSIONS,
+	GIT_OPT_GET_OWNER_VALIDATION,
+	GIT_OPT_SET_OWNER_VALIDATION
 } git_libgit2_opt_t;
 /**
@@ -449,6 +451,14 @@ typedef enum {
 *      > to support repositories with the `noop` extension but does want
 *      > to support repositories with the `newext` extension.
 *
+ *   opts(GIT_OPT_GET_OWNER_VALIDATION, int *enabled)
+ *      > Gets the owner validation setting for repository
+ *      > directories.
+ *
+ *   opts(GIT_OPT_SET_OWNER_VALIDATION, int enabled)
+ *      > Set that repository directories should be owned by the current
+ *      > user. The default is to validate ownership.
+ *
 * @param option Option key
 * @param ... value to set the option
 * @return 0 on success, <0 on failure

--- a/src/libgit2.c
+++ b/src/libgit2.c
@@ -390,6 +390,14 @@ int git_libgit2_opts(int key, ...)
 		}
 		break;
+	case GIT_OPT_GET_OWNER_VALIDATION:
+		*(va_arg(ap, int *)) = git_repository__validate_ownership;
+		break;
+	case GIT_OPT_SET_OWNER_VALIDATION:
+		git_repository__validate_ownership = (va_arg(ap, int) != 0);
+		break;
 	default:
 		git_error_set(GIT_ERROR_INVALID, "invalid option key");
 		error = -1;

--- a/src/repository.c
+++ b/src/repository.c
@@ -38,6 +38,7 @@
 # include "win32/w32_util.h"
 #endif
+bool git_repository__validate_ownership = true;
 bool git_repository__fsync_gitdir = false;
 static const struct {
@@ -976,7 +977,8 @@ int git_repository_open_ext(
 	 */
 	validation_path = repo->is_bare ? repo->gitdir : repo->workdir;
-	if ((error = validate_ownership(validation_path)) < 0)
+	if (git_repository__validate_ownership &&
+	    (error = validate_ownership(validation_path)) < 0)
 		goto cleanup;
 cleanup:

--- a/src/repository.h
+++ b/src/repository.h
@@ -34,6 +34,7 @@
 #define GIT_DIR_SHORTNAME "GIT~1"
 extern bool git_repository__fsync_gitdir;
+extern bool git_repository__validate_ownership;
 /** Cvar cache identifiers */
 typedef enum {

--- a/tests/clar_libgit2.c
+++ b/tests/clar_libgit2.c
@@ -603,6 +603,11 @@ void cl_sandbox_set_search_path_defaults(void)
 	git_buf_dispose(&path);
 }
+void cl_sandbox_disable_ownership_validation(void)
+{
+	git_libgit2_opts(GIT_OPT_SET_OWNER_VALIDATION, 0);
+}
 #ifdef GIT_WIN32
 bool cl_sandbox_supports_8dot3(void)
 {

--- a/tests/clar_libgit2.h
+++ b/tests/clar_libgit2.h
@@ -222,6 +222,7 @@ void cl_fake_home(void);
 void cl_fake_home_cleanup(void *);
 void cl_sandbox_set_search_path_defaults(void);
+void cl_sandbox_disable_ownership_validation(void);
 #ifdef GIT_WIN32
 # define cl_msleep(x) Sleep(x)

--- a/tests/main.c
+++ b/tests/main.c
@@ -26,6 +26,7 @@ int main(int argc, char *argv[])
 	cl_global_trace_register();
 	cl_sandbox_set_search_path_defaults();
+	cl_sandbox_disable_ownership_validation();
 	/* Run the test suite */
 	res = clar_test_run();

--- a/tests/repo/open.c
+++ b/tests/repo/open.c
@@ -3,11 +3,13 @@
 #include "sysdir.h"
 #include <ctype.h>
+static int validate_ownership = 0;
 static git_buf config_path = GIT_BUF_INIT;
 void test_repo_open__initialize(void)
 {
 	cl_git_pass(git_libgit2_opts(GIT_OPT_GET_SEARCH_PATH, GIT_CONFIG_LEVEL_GLOBAL, &config_path));
+	cl_git_pass(git_libgit2_opts(GIT_OPT_GET_OWNER_VALIDATION, &validate_ownership));
 }
 void test_repo_open__cleanup(void)
@@ -23,6 +25,8 @@ void test_repo_open__cleanup(void)
 	cl_git_pass(git_libgit2_opts(GIT_OPT_SET_SEARCH_PATH, GIT_CONFIG_LEVEL_GLOBAL, config_path.ptr));
 	git_buf_dispose(&config_path);
+	cl_git_pass(git_libgit2_opts(GIT_OPT_SET_OWNER_VALIDATION, validate_ownership));
 }
 void test_repo_open__bare_empty_repo(void)
@@ -470,6 +474,8 @@ void test_repo_open__validates_dir_ownership(void)
 {
 	git_repository *repo;
+	cl_git_pass(git_libgit2_opts(GIT_OPT_SET_OWNER_VALIDATION, 1));
 	cl_fixture_sandbox("empty_standard_repo");
 	cl_git_pass(cl_rename("empty_standard_repo/.gitted", "empty_standard_repo/.git"));
@@ -494,6 +500,8 @@ void test_repo_open__can_allowlist_dirs_with_problematic_ownership(void)
 	        config_filename = GIT_BUF_INIT,
 	        config_data = GIT_BUF_INIT;
+	cl_git_pass(git_libgit2_opts(GIT_OPT_SET_OWNER_VALIDATION, 1));
 	cl_fixture_sandbox("empty_standard_repo");
 	cl_git_pass(cl_rename("empty_standard_repo/.gitted", "empty_standard_repo/.git"));
@@ -537,6 +545,8 @@ void test_repo_open__can_reset_safe_directory_list(void)
 	        config_filename = GIT_BUF_INIT,
 	        config_data = GIT_BUF_INIT;
+	cl_git_pass(git_libgit2_opts(GIT_OPT_SET_OWNER_VALIDATION, 1));
 	cl_fixture_sandbox("empty_standard_repo");
 	cl_git_pass(cl_rename("empty_standard_repo/.gitted", "empty_standard_repo/.git"));