From 17d3883fe9c88b823002ad9fafb42313ddc3d3d5 Mon Sep 17 00:00:00 2001 From: Johannes Schindelin Date: Mon, 8 Aug 2022 13:27:47 +0000 Subject: setup: prepare for more detailed "dubious ownership" messages When verifying the ownership of the Git directory, we sometimes would like to say a bit more about it, e.g. when using a platform-dependent code path (think: Windows has the permission model that is so different from Unix'), but only when it is a appropriate to actually say something. To allow for that, collect that information and hand it back to the caller (whose responsibility it is to show it or not). Note: We do not actually fill in any platform-dependent information yet, this commit just adds the infrastructure to be able to do so. Based-on-an-idea-by: Junio C Hamano Signed-off-by: Johannes Schindelin Signed-off-by: Junio C Hamano --- compat/mingw.c | 2 +- compat/mingw.h | 2 +- 2 files changed, 2 insertions(+), 2 deletions(-) (limited to 'compat') diff --git a/compat/mingw.c b/compat/mingw.c index 2607de93af..f12b7df16d 100644 --- a/compat/mingw.c +++ b/compat/mingw.c @@ -2673,7 +2673,7 @@ static PSID get_current_user_sid(void) return result; } -int is_path_owned_by_current_sid(const char *path) +int is_path_owned_by_current_sid(const char *path, struct strbuf *report) { WCHAR wpath[MAX_PATH]; PSID sid = NULL; diff --git a/compat/mingw.h b/compat/mingw.h index a74da68f31..209cf7ceba 100644 --- a/compat/mingw.h +++ b/compat/mingw.h @@ -463,7 +463,7 @@ char *mingw_query_user_email(void); * Verifies that the specified path is owned by the user running the * current process. */ -int is_path_owned_by_current_sid(const char *path); +int is_path_owned_by_current_sid(const char *path, struct strbuf *report); #define is_path_owned_by_current_user is_path_owned_by_current_sid /** -- cgit v1.2.3 From e883e04b68ba7393029bcbeaa2aacb3dff5d3fbd Mon Sep 17 00:00:00 2001 From: Johannes Schindelin Date: Mon, 8 Aug 2022 13:27:48 +0000 Subject: mingw: provide details about unsafe directories' ownership When Git refuses to use an existing repository because it is owned by someone else than the current user, it can be a bit tricky on Windows to figure out what is going on. Let's help with that by providing more detailed information. Signed-off-by: Johannes Schindelin Signed-off-by: Junio C Hamano --- compat/mingw.c | 24 ++++++++++++++++++++++++ 1 file changed, 24 insertions(+) (limited to 'compat') diff --git a/compat/mingw.c b/compat/mingw.c index f12b7df16d..2c09c5bffe 100644 --- a/compat/mingw.c +++ b/compat/mingw.c @@ -1,6 +1,7 @@ #include "../git-compat-util.h" #include "win32.h" #include +#include #include #include #include "../strbuf.h" @@ -2720,6 +2721,29 @@ int is_path_owned_by_current_sid(const char *path, struct strbuf *report) IsValidSid(current_user_sid) && EqualSid(sid, current_user_sid)) result = 1; + else if (report) { + LPSTR str1, str2, to_free1 = NULL, to_free2 = NULL; + + if (ConvertSidToStringSidA(sid, &str1)) + to_free1 = str1; + else + str1 = "(inconvertible)"; + + if (!current_user_sid) + str2 = "(none)"; + else if (!IsValidSid(current_user_sid)) + str2 = "(invalid)"; + else if (ConvertSidToStringSidA(current_user_sid, &str2)) + to_free2 = str2; + else + str2 = "(inconvertible)"; + strbuf_addf(report, + "'%s' is owned by:\n" + "\t'%s'\nbut the current user is:\n" + "\t'%s'\n", path, str1, str2); + LocalFree(to_free1); + LocalFree(to_free2); + } } /* -- cgit v1.2.3 From 7c83470e64eadab74689427fcd95e72f0a772ab5 Mon Sep 17 00:00:00 2001 From: Johannes Schindelin Date: Mon, 8 Aug 2022 13:27:49 +0000 Subject: mingw: be more informative when ownership check fails on FAT32 The FAT file system has no concept of ACLs. Therefore, it cannot store any ownership information anyway, and the `GetNamedSecurityInfoW()` call pretends that everything is owned "by the world". Let's special-case that scenario and tell the user what's going on. This addresses https://github.com/git-for-windows/git/issues/3886 Signed-off-by: Johannes Schindelin Signed-off-by: Junio C Hamano --- compat/mingw.c | 25 ++++++++++++++++++++++++- 1 file changed, 24 insertions(+), 1 deletion(-) (limited to 'compat') diff --git a/compat/mingw.c b/compat/mingw.c index 2c09c5bffe..22f960c7e3 100644 --- a/compat/mingw.c +++ b/compat/mingw.c @@ -2674,6 +2674,21 @@ static PSID get_current_user_sid(void) return result; } +static int acls_supported(const char *path) +{ + size_t offset = offset_1st_component(path); + WCHAR wroot[MAX_PATH]; + DWORD file_system_flags; + + if (offset && + xutftowcsn(wroot, path, MAX_PATH, offset) > 0 && + GetVolumeInformationW(wroot, NULL, 0, NULL, NULL, + &file_system_flags, NULL, 0)) + return !!(file_system_flags & FILE_PERSISTENT_ACLS); + + return 0; +} + int is_path_owned_by_current_sid(const char *path, struct strbuf *report) { WCHAR wpath[MAX_PATH]; @@ -2721,7 +2736,15 @@ int is_path_owned_by_current_sid(const char *path, struct strbuf *report) IsValidSid(current_user_sid) && EqualSid(sid, current_user_sid)) result = 1; - else if (report) { + else if (report && + IsWellKnownSid(sid, WinWorldSid) && + !acls_supported(path)) { + /* + * On FAT32 volumes, ownership is not actually recorded. + */ + strbuf_addf(report, "'%s' is on a file system that does" + "not record ownership\n", path); + } else if (report) { LPSTR str1, str2, to_free1 = NULL, to_free2 = NULL; if (ConvertSidToStringSidA(sid, &str1)) -- cgit v1.2.3 From 3f7207e2ea967fd2b46d9e0ae85246e93b38ed58 Mon Sep 17 00:00:00 2001 From: Johannes Schindelin Date: Mon, 8 Aug 2022 13:27:50 +0000 Subject: mingw: handle a file owned by the Administrators group correctly When an Administrator creates a file or directory, the created file/directory is owned not by the Administrator SID, but by the _Administrators Group_ SID. The reason is that users with administrator privileges usually run in unprivileged ("non-elevated") mode, and their user SID does not change when running in elevated mode. This is is relevant e.g. when running a GitHub workflow on a build agent, which runs in elevated mode: cloning a Git repository in a script step will cause the worktree to be owned by the Administrators Group SID, for example. Let's handle this case as following: if the current user is an administrator, Git should consider a worktree owned by the Administrators Group as if it were owned by said user. Signed-off-by: Johannes Schindelin Signed-off-by: Junio C Hamano --- compat/mingw.c | 10 ++++++++++ 1 file changed, 10 insertions(+) (limited to 'compat') diff --git a/compat/mingw.c b/compat/mingw.c index 22f960c7e3..7aa9318db7 100644 --- a/compat/mingw.c +++ b/compat/mingw.c @@ -2728,6 +2728,7 @@ int is_path_owned_by_current_sid(const char *path, struct strbuf *report) else if (sid && IsValidSid(sid)) { /* Now, verify that the SID matches the current user's */ static PSID current_user_sid; + BOOL is_member; if (!current_user_sid) current_user_sid = get_current_user_sid(); @@ -2736,6 +2737,15 @@ int is_path_owned_by_current_sid(const char *path, struct strbuf *report) IsValidSid(current_user_sid) && EqualSid(sid, current_user_sid)) result = 1; + else if (IsWellKnownSid(sid, WinBuiltinAdministratorsSid) && + CheckTokenMembership(NULL, sid, &is_member) && + is_member) + /* + * If owned by the Administrators group, and the + * current user is an administrator, we consider that + * okay, too. + */ + result = 1; else if (report && IsWellKnownSid(sid, WinWorldSid) && !acls_supported(path)) { -- cgit v1.2.3