From e85277e1de9f59ac45df5ffd84c5d9be0e4d20d2 Mon Sep 17 00:00:00 2001
From: Florian Zschocke <florian.zschocke@cycos.com>
Date: Mon, 26 Aug 2013 06:39:57 -0400
Subject: [PATCH] Implement adjusting file permissions for shared repositories.
---
src/main/java/com/gitblit/utils/JGitUtils.java | 222 ++++++++++++++++++++++++++++++++-----------------------
1 files changed, 130 insertions(+), 92 deletions(-)
diff --git a/src/main/java/com/gitblit/utils/JGitUtils.java b/src/main/java/com/gitblit/utils/JGitUtils.java
index 345375a..49b3ad7 100644
--- a/src/main/java/com/gitblit/utils/JGitUtils.java
+++ b/src/main/java/com/gitblit/utils/JGitUtils.java
@@ -32,6 +32,7 @@
import java.util.Map.Entry;
import java.util.regex.Pattern;
+import org.apache.commons.io.filefilter.TrueFileFilter;
import org.eclipse.jgit.api.CloneCommand;
import org.eclipse.jgit.api.FetchCommand;
import org.eclipse.jgit.api.Git;
@@ -89,8 +90,6 @@
import com.gitblit.models.PathModel.PathChangeModel;
import com.gitblit.models.RefModel;
import com.gitblit.models.SubmoduleModel;
-import com.sun.jna.Library;
-import com.sun.jna.Native;
/**
* Collection of static methods for retrieving information from a repository.
@@ -262,111 +261,150 @@
* @return Repository
*/
public static Repository createRepository(File repositoriesFolder, String name) {
+ return createRepository(repositoriesFolder, name, "FALSE");
+ }
+
+ /**
+ * Creates a bare, shared repository.
+ *
+ * @param repositoriesFolder
+ * @param name
+ * @param shared
+ * the setting for the --shared option of "git init".
+ * @return Repository
+ */
+ public static Repository createRepository(File repositoriesFolder, String name, String shared) {
try {
- Git git = Git.init().setDirectory(new File(repositoriesFolder, name)).setBare(true).call();
- return git.getRepository();
- } catch (GitAPIException e) {
+ Repository repo = null;
+ try {
+ Git git = Git.init().setDirectory(new File(repositoriesFolder, name)).setBare(true).call();
+ repo = git.getRepository();
+ } catch (GitAPIException e) {
+ throw new RuntimeException(e);
+ }
+
+ GitConfigSharedRepository sharedRepository = new GitConfigSharedRepository(shared);
+ if (sharedRepository.isShared()) {
+ StoredConfig config = repo.getConfig();
+ config.setString("core", null, "sharedRepository", sharedRepository.getValue());
+ config.setBoolean("receive", null, "denyNonFastforwards", true);
+ config.save();
+
+ if (! JnaUtils.isWindows()) {
+ Iterator<File> iter = org.apache.commons.io.FileUtils.iterateFilesAndDirs(repo.getDirectory(),
+ TrueFileFilter.INSTANCE, TrueFileFilter.INSTANCE);
+ // Adjust permissions on file/directory
+ while (iter.hasNext()) {
+ adjustSharedPerm(iter.next(), sharedRepository);
+ }
+ }
+ }
+
+ return repo;
+ } catch (IOException e) {
throw new RuntimeException(e);
}
}
- /**
- * Creates a bare, shared repository.
- *
- * @param repositoriesFolder
- * @param name
- * @param shared
- * the setting for the --shared option of "git init".
- * @return Repository
- */
- public static Repository createRepository(File repositoriesFolder, String name, String shared) {
- try {
- Repository repo = createRepository(repositoriesFolder, name);
+ private enum GitConfigSharedRepositoryValue
+ {
+ UMASK("0", 0), FALSE("0", 0), OFF("0", 0), NO("0", 0),
+ GROUP("1", 0660), TRUE("1", 0660), ON("1", 0660), YES("1", 0660),
+ ALL("2", 0664), WORLD("2", 0664), EVERYBODY("2", 0664),
+ Oxxx(null, -1);
- GitConfigSharedRepository sharedRepository = new GitConfigSharedRepository(shared);
- if (sharedRepository.isShared()) {
- StoredConfig config = repo.getConfig();
- config.setString("core", null, "sharedRepository", sharedRepository.getValue());
- config.setBoolean("receive", null, "denyNonFastforwards", true);
- config.save();
+ private String configValue;
+ private int permValue;
+ private GitConfigSharedRepositoryValue(String config, int perm) { configValue = config; permValue = perm; };
- if (! System.getProperty("os.name").toLowerCase().startsWith("windows")) {
- final CLibrary libc = (CLibrary) Native.loadLibrary("c", CLibrary.class);
+ public String getConfigValue() { return configValue; };
+ public int getPerm() { return permValue; };
- //libc.chmod("/path/to/file", 0755);
- }
- }
+ }
- return repo;
- } catch (IOException e) {
- throw new RuntimeException(e);
- }
- }
- interface CLibrary extends Library {
- public int chmod(String path, int mode);
- }
- private enum GitConfigSharedRepositoryValue {
- UMASK("0", 0), FALSE("0", 0), OFF("0", 0), NO("0", 0),
- GROUP("1", 0660), TRUE("1", 0660), ON("1", 0660), YES("1", 0660),
- ALL("2", 0664), WORLD("2", 0664), EVERYBODY("2", 0664),
- Oxxx(null, -1);
+ private static class GitConfigSharedRepository
+ {
+ private int intValue;
+ private GitConfigSharedRepositoryValue enumValue;
- private String configValue;
- private int permValue;
- private GitConfigSharedRepositoryValue(String config, int perm) { configValue = config; permValue = perm; };
+ GitConfigSharedRepository(String s) {
+ if ( s == null || s.trim().isEmpty() ) {
+ enumValue = GitConfigSharedRepositoryValue.GROUP;
+ }
+ else {
+ try {
+ // Try one of the string values
+ enumValue = GitConfigSharedRepositoryValue.valueOf(s.trim().toUpperCase());
+ } catch (IllegalArgumentException iae) {
+ try {
+ // Try if this is an octal number
+ int i = Integer.parseInt(s, 8);
+ if ( (i & 0600) != 0600 ) {
+ String msg = String.format("Problem with core.sharedRepository filemode value (0%03o).\nThe owner of files must always have read and write permissions.", i);
+ throw new IllegalArgumentException(msg);
+ }
+ intValue = i & 0666;
+ enumValue = GitConfigSharedRepositoryValue.Oxxx;
+ } catch (NumberFormatException nfe) {
+ throw new IllegalArgumentException("Bad configuration value for 'shared': '" + s + "'");
+ }
+ }
+ }
+ }
- public String getConfigValue() { return configValue; };
- public int getPerm() { return permValue; };
+ String getValue() {
+ if ( enumValue == GitConfigSharedRepositoryValue.Oxxx ) return Integer.toOctalString(intValue);
+ return enumValue.getConfigValue();
+ }
- }
- private static class GitConfigSharedRepository
- {
- private int intValue;
- GitConfigSharedRepositoryValue enumValue;
+ int getPerm() {
+ if ( enumValue == GitConfigSharedRepositoryValue.Oxxx ) return intValue;
+ return enumValue.getPerm();
+ }
- GitConfigSharedRepository(String s)
- {
- if ( s == null || s.trim().isEmpty() ) {
- enumValue = GitConfigSharedRepositoryValue.GROUP;
- }
- else {
- try {
- // Try one of the string values
- enumValue = GitConfigSharedRepositoryValue.valueOf(s.trim().toUpperCase());
- } catch (IllegalArgumentException iae) {
- try {
- // Try if this is an octal number
- int i = Integer.parseInt(s, 8);
- if ( (i & 0600) != 0600 ) {
- String msg = String.format("Problem with core.sharedRepository filemode value (0%03o).\nThe owner of files must always have read and write permissions.", i);
- throw new IllegalArgumentException(msg);
- }
- intValue = i & 0666;
- enumValue = GitConfigSharedRepositoryValue.Oxxx;
- } catch (NumberFormatException nfe) {
- throw new IllegalArgumentException("Bad configuration value for 'shared': '" + s + "'");
- }
- }
- }
- }
-
- String getValue()
- {
- if ( enumValue == GitConfigSharedRepositoryValue.Oxxx ) return Integer.toOctalString(intValue);
- return enumValue.getConfigValue();
- }
+ boolean isCustom() {
+ return enumValue == GitConfigSharedRepositoryValue.Oxxx;
+ }
- int getPerm()
- {
- if ( enumValue == GitConfigSharedRepositoryValue.Oxxx ) return intValue;
- return enumValue.getPerm();
- }
+ boolean isShared() {
+ return (enumValue.getPerm() > 0) || enumValue == GitConfigSharedRepositoryValue.Oxxx;
+ }
+ }
- boolean isShared()
- {
- return (enumValue.getPerm() > 0) || enumValue == GitConfigSharedRepositoryValue.Oxxx;
- }
- }
+
+ public static int adjustSharedPerm(File path, String configShared) {
+ return adjustSharedPerm(path, new GitConfigSharedRepository(configShared));
+ }
+
+
+ public static int adjustSharedPerm(File path, GitConfigSharedRepository configShared) {
+ if (! configShared.isShared()) return 0;
+
+ int perm = configShared.getPerm();
+ int mode = JnaUtils.getFilemode(path);
+ if (mode < 0) return -1;
+
+ // If the owner has no write access, delete it from group and other, too.
+ if ((mode & JnaUtils.S_IWUSR) == 0) perm &= ~0222;
+ // If the owner has execute access, set it for all blocks that have read access.
+ if ((mode & JnaUtils.S_IXUSR) == JnaUtils.S_IXUSR) perm |= (perm & 0444) >> 2;
+
+ if (configShared.isCustom()) {
+ // Use the custom value for access permissions.
+ mode |= (mode & ~0777) | perm;
+ }
+ else {
+ // Just add necessary bits to existing permissions.
+ mode |= perm;
+ }
+
+ if (path.isDirectory()) {
+ mode |= (mode & 0444) >> 2;
+ mode |= JnaUtils.S_ISGID;
+ }
+
+ return JnaUtils.setFilemode(path, mode);
+ }
/**
--
Gitblit v1.9.1