path.c 15 KB
Newer Older
1 2 3 4 5 6 7 8 9 10 11 12 13
/*
 * I'm tired of doing "vsnprintf()" etc just to open a
 * file, so here's a "return static buffer with printf"
 * interface for paths.
 *
 * It's obviously not thread-safe. Sue me. But it's quite
 * useful for doing things like
 *
 *   f = open(mkpath("%s/%s.git", base, name), O_RDONLY);
 *
 * which is what it's designed for.
 */
#include "cache.h"
14
#include "strbuf.h"
15 16 17

static char bad_path[] = "/bad-path/";

18 19 20 21 22 23 24
static char *get_pathname(void)
{
	static char pathname_array[4][PATH_MAX];
	static int index;
	return pathname_array[3 & ++index];
}

25 26 27 28 29 30 31 32 33 34 35
static char *cleanup_path(char *path)
{
	/* Clean it up */
	if (!memcmp(path, "./", 2)) {
		path += 2;
		while (*path == '/')
			path++;
	}
	return path;
}

36 37 38 39 40 41 42 43 44
char *mksnpath(char *buf, size_t n, const char *fmt, ...)
{
	va_list args;
	unsigned len;

	va_start(args, fmt);
	len = vsnprintf(buf, n, fmt, args);
	va_end(args);
	if (len >= n) {
45
		strlcpy(buf, bad_path, n);
46 47 48 49 50
		return buf;
	}
	return cleanup_path(buf);
}

51
static char *git_vsnpath(char *buf, size_t n, const char *fmt, va_list args)
52 53 54 55 56 57 58 59 60 61 62 63 64 65 66
{
	const char *git_dir = get_git_dir();
	size_t len;

	len = strlen(git_dir);
	if (n < len + 1)
		goto bad;
	memcpy(buf, git_dir, len);
	if (len && !is_dir_sep(git_dir[len-1]))
		buf[len++] = '/';
	len += vsnprintf(buf + len, n - len, fmt, args);
	if (len >= n)
		goto bad;
	return cleanup_path(buf);
bad:
67
	strlcpy(buf, bad_path, n);
68 69 70
	return buf;
}

71 72 73 74 75 76 77 78 79 80 81 82 83 84 85 86 87 88 89
char *git_snpath(char *buf, size_t n, const char *fmt, ...)
{
	va_list args;
	va_start(args, fmt);
	(void)git_vsnpath(buf, n, fmt, args);
	va_end(args);
	return buf;
}

char *git_pathdup(const char *fmt, ...)
{
	char path[PATH_MAX];
	va_list args;
	va_start(args, fmt);
	(void)git_vsnpath(path, sizeof(path), fmt, args);
	va_end(args);
	return xstrdup(path);
}

90 91 92 93
char *mkpath(const char *fmt, ...)
{
	va_list args;
	unsigned len;
94
	char *pathname = get_pathname();
95 96 97 98 99 100 101 102 103 104 105

	va_start(args, fmt);
	len = vsnprintf(pathname, PATH_MAX, fmt, args);
	va_end(args);
	if (len >= PATH_MAX)
		return bad_path;
	return cleanup_path(pathname);
}

char *git_path(const char *fmt, ...)
{
106
	const char *git_dir = get_git_dir();
107
	char *pathname = get_pathname();
108 109 110 111 112 113 114 115 116 117 118 119 120 121 122 123
	va_list args;
	unsigned len;

	len = strlen(git_dir);
	if (len > PATH_MAX-100)
		return bad_path;
	memcpy(pathname, git_dir, len);
	if (len && git_dir[len-1] != '/')
		pathname[len++] = '/';
	va_start(args, fmt);
	len += vsnprintf(pathname + len, PATH_MAX - len, fmt, args);
	va_end(args);
	if (len >= PATH_MAX)
		return bad_path;
	return cleanup_path(pathname);
}
124

125 126 127 128 129 130 131 132 133 134 135 136 137 138 139 140 141
char *git_path_submodule(const char *path, const char *fmt, ...)
{
	char *pathname = get_pathname();
	struct strbuf buf = STRBUF_INIT;
	const char *git_dir;
	va_list args;
	unsigned len;

	len = strlen(path);
	if (len > PATH_MAX-100)
		return bad_path;

	strbuf_addstr(&buf, path);
	if (len && path[len-1] != '/')
		strbuf_addch(&buf, '/');
	strbuf_addstr(&buf, ".git");

142
	git_dir = read_gitfile(buf.buf);
143 144 145 146 147 148 149 150 151 152 153 154 155 156 157 158 159 160 161 162
	if (git_dir) {
		strbuf_reset(&buf);
		strbuf_addstr(&buf, git_dir);
	}
	strbuf_addch(&buf, '/');

	if (buf.len >= PATH_MAX)
		return bad_path;
	memcpy(pathname, buf.buf, buf.len + 1);

	strbuf_release(&buf);
	len = strlen(pathname);

	va_start(args, fmt);
	len += vsnprintf(pathname + len, PATH_MAX - len, fmt, args);
	va_end(args);
	if (len >= PATH_MAX)
		return bad_path;
	return cleanup_path(pathname);
}
163

164
int validate_headref(const char *path)
165 166 167
{
	struct stat st;
	char *buf, buffer[256];
168
	unsigned char sha1[20];
169 170
	int fd;
	ssize_t len;
171 172 173 174 175 176 177

	if (lstat(path, &st) < 0)
		return -1;

	/* Make sure it is a "refs/.." symlink */
	if (S_ISLNK(st.st_mode)) {
		len = readlink(path, buffer, sizeof(buffer)-1);
178
		if (len >= 5 && !memcmp("refs/", buffer, 5))
179 180 181 182 183 184 185 186 187 188
			return 0;
		return -1;
	}

	/*
	 * Anything else, just open it and try to see if it is a symbolic ref.
	 */
	fd = open(path, O_RDONLY);
	if (fd < 0)
		return -1;
189
	len = read_in_full(fd, buffer, sizeof(buffer)-1);
190 191 192 193 194
	close(fd);

	/*
	 * Is it a symbolic ref?
	 */
195
	if (len < 4)
196
		return -1;
197 198 199 200 201
	if (!memcmp("ref:", buffer, 4)) {
		buf = buffer + 4;
		len -= 4;
		while (len && isspace(*buf))
			buf++, len--;
202
		if (len >= 5 && !memcmp("refs/", buf, 5))
203 204 205 206 207 208 209
			return 0;
	}

	/*
	 * Is this a detached HEAD?
	 */
	if (!get_sha1_hex(buffer, sha1))
210
		return 0;
211

212 213 214
	return -1;
}

215
static struct passwd *getpw_str(const char *username, size_t len)
216
{
217
	struct passwd *pw;
218 219 220 221 222 223 224
	char *username_z = xmalloc(len + 1);
	memcpy(username_z, username, len);
	username_z[len] = '\0';
	pw = getpwnam(username_z);
	free(username_z);
	return pw;
}
225

226 227 228 229 230 231 232 233 234 235 236 237 238 239 240 241
/*
 * Return a string with ~ and ~user expanded via getpw*.  If buf != NULL,
 * then it is a newly allocated string. Returns NULL on getpw failure or
 * if path is NULL.
 */
char *expand_user_path(const char *path)
{
	struct strbuf user_path = STRBUF_INIT;
	const char *first_slash = strchrnul(path, '/');
	const char *to_copy = path;

	if (path == NULL)
		goto return_null;
	if (path[0] == '~') {
		const char *username = path + 1;
		size_t username_len = first_slash - username;
242 243
		if (username_len == 0) {
			const char *home = getenv("HOME");
244 245
			if (!home)
				goto return_null;
246 247 248 249 250 251
			strbuf_add(&user_path, home, strlen(home));
		} else {
			struct passwd *pw = getpw_str(username, username_len);
			if (!pw)
				goto return_null;
			strbuf_add(&user_path, pw->pw_dir, strlen(pw->pw_dir));
252
		}
253
		to_copy = first_slash;
254
	}
255 256 257 258 259
	strbuf_add(&user_path, to_copy, strlen(to_copy));
	return strbuf_detach(&user_path, NULL);
return_null:
	strbuf_release(&user_path);
	return NULL;
260 261
}

262 263 264 265 266 267 268 269 270 271 272 273 274 275 276 277 278 279 280 281 282 283 284 285
/*
 * First, one directory to try is determined by the following algorithm.
 *
 * (0) If "strict" is given, the path is used as given and no DWIM is
 *     done. Otherwise:
 * (1) "~/path" to mean path under the running user's home directory;
 * (2) "~user/path" to mean path under named user's home directory;
 * (3) "relative/path" to mean cwd relative directory; or
 * (4) "/absolute/path" to mean absolute directory.
 *
 * Unless "strict" is given, we try access() for existence of "%s.git/.git",
 * "%s/.git", "%s.git", "%s" in this order.  The first one that exists is
 * what we try.
 *
 * Second, we try chdir() to that.  Upon failure, we return NULL.
 *
 * Then, we try if the current directory is a valid git repository.
 * Upon failure, we return NULL.
 *
 * If all goes well, we return the directory we used to chdir() (but
 * before ~user is expanded), avoiding getcwd() resolving symbolic
 * links.  User relative paths are also returned as they are given,
 * except DWIM suffixing.
 */
286
const char *enter_repo(const char *path, int strict)
287
{
288 289 290 291
	static char used_path[PATH_MAX];
	static char validated_path[PATH_MAX];

	if (!path)
292 293
		return NULL;

294 295
	if (!strict) {
		static const char *suffix[] = {
296
			"/.git", "", ".git/.git", ".git", NULL,
297
		};
298
		const char *gitfile;
299 300
		int len = strlen(path);
		int i;
301
		while ((1 < len) && (path[len-1] == '/'))
302
			len--;
303

304
		if (PATH_MAX <= len)
305
			return NULL;
306 307 308 309 310
		strncpy(used_path, path, len); used_path[len] = 0 ;
		strcpy(validated_path, used_path);

		if (used_path[0] == '~') {
			char *newpath = expand_user_path(used_path);
311 312
			if (!newpath || (PATH_MAX - 10 < strlen(newpath))) {
				free(newpath);
313
				return NULL;
314 315 316 317 318 319 320 321
			}
			/*
			 * Copy back into the static buffer. A pity
			 * since newpath was not bounded, but other
			 * branches of the if are limited by PATH_MAX
			 * anyway.
			 */
			strcpy(used_path, newpath); free(newpath);
322 323 324
		}
		else if (PATH_MAX - 10 < len)
			return NULL;
325
		len = strlen(used_path);
326
		for (i = 0; suffix[i]; i++) {
327
			struct stat st;
328
			strcpy(used_path + len, suffix[i]);
329 330 331
			if (!stat(used_path, &st) &&
			    (S_ISREG(st.st_mode) ||
			    (S_ISDIR(st.st_mode) && is_git_directory(used_path)))) {
332 333 334 335
				strcat(validated_path, suffix[i]);
				break;
			}
		}
336 337 338 339 340 341
		if (!suffix[i])
			return NULL;
		gitfile = read_gitfile(used_path) ;
		if (gitfile)
			strcpy(used_path, gitfile);
		if (chdir(used_path))
342
			return NULL;
343
		path = validated_path;
344
	}
345 346
	else if (chdir(path))
		return NULL;
347

348
	if (access("objects", X_OK) == 0 && access("refs", X_OK) == 0 &&
349
	    validate_headref("HEAD") == 0) {
René Scharfe's avatar
René Scharfe committed
350
		set_git_dir(".");
351
		check_repository_format();
352
		return path;
353 354 355 356
	}

	return NULL;
}
357

358
int set_shared_perm(const char *path, int mode)
359 360
{
	struct stat st;
361
	int tweak, shared, orig_mode;
362

363 364 365
	if (!shared_repository) {
		if (mode)
			return chmod(path, mode & ~S_IFMT);
366
		return 0;
367 368 369 370 371 372 373 374
	}
	if (!mode) {
		if (lstat(path, &st) < 0)
			return -1;
		mode = st.st_mode;
		orig_mode = mode;
	} else
		orig_mode = 0;
375 376 377 378 379 380 381 382 383 384 385 386 387 388
	if (shared_repository < 0)
		shared = -shared_repository;
	else
		shared = shared_repository;
	tweak = shared;

	if (!(mode & S_IWUSR))
		tweak &= ~0222;
	if (mode & S_IXUSR)
		/* Copy read bits to execute bits */
		tweak |= (tweak & 0444) >> 2;
	if (shared_repository < 0)
		mode = (mode & ~0777) | tweak;
	else
389
		mode |= tweak;
390 391 392

	if (S_ISDIR(mode)) {
		/* Copy read bits to execute bits */
393 394
		mode |= (shared & 0444) >> 2;
		mode |= FORCE_DIR_SET_GID;
395 396
	}

397
	if (((shared_repository < 0
398 399 400
	      ? (orig_mode & (FORCE_DIR_SET_GID | 0777))
	      : (orig_mode & mode)) != mode) &&
	    chmod(path, (mode & ~S_IFMT)) < 0)
401 402 403
		return -2;
	return 0;
}
404

405
const char *relative_path(const char *abs, const char *base)
406 407
{
	static char buf[PATH_MAX + 1];
408 409 410
	int i = 0, j = 0;

	if (!base || !base[0])
411
		return abs;
412 413 414 415 416 417 418 419 420 421 422 423 424 425 426 427 428 429 430 431 432
	while (base[i]) {
		if (is_dir_sep(base[i])) {
			if (!is_dir_sep(abs[j]))
				return abs;
			while (is_dir_sep(base[i]))
				i++;
			while (is_dir_sep(abs[j]))
				j++;
			continue;
		} else if (abs[j] != base[i]) {
			return abs;
		}
		i++;
		j++;
	}
	if (
	    /* "/foo" is a prefix of "/foo" */
	    abs[j] &&
	    /* "/foo" is not a prefix of "/foobar" */
	    !is_dir_sep(base[i-1]) && !is_dir_sep(abs[j])
	   )
433
		return abs;
434 435 436 437 438 439
	while (is_dir_sep(abs[j]))
		j++;
	if (!abs[j])
		strcpy(buf, ".");
	else
		strcpy(buf, abs + j);
440 441
	return buf;
}
442 443

/*
444
 * It is okay if dst == src, but they should not overlap otherwise.
445
 *
446 447 448
 * Performs the following normalizations on src, storing the result in dst:
 * - Ensures that components are separated by '/' (Windows only)
 * - Squashes sequences of '/'.
449 450
 * - Removes "." components.
 * - Removes ".." components, and the components the precede them.
451 452
 * Returns failure (non-zero) if a ".." component appears as first path
 * component anytime during the normalization. Otherwise, returns success (0).
453 454 455 456
 *
 * Note that this function is purely textual.  It does not follow symlinks,
 * verify the existence of the path, or make any system calls.
 */
457
int normalize_path_copy(char *dst, const char *src)
458
{
459
	char *dst0;
460

461 462 463
	if (has_dos_drive_prefix(src)) {
		*dst++ = *src++;
		*dst++ = *src++;
464
	}
465
	dst0 = dst;
466

467
	if (is_dir_sep(*src)) {
468
		*dst++ = '/';
469 470 471 472 473 474 475 476 477 478 479 480 481 482 483 484 485 486 487 488 489 490 491 492 493 494 495 496 497 498 499 500 501 502 503 504 505 506 507
		while (is_dir_sep(*src))
			src++;
	}

	for (;;) {
		char c = *src;

		/*
		 * A path component that begins with . could be
		 * special:
		 * (1) "." and ends   -- ignore and terminate.
		 * (2) "./"           -- ignore them, eat slash and continue.
		 * (3) ".." and ends  -- strip one and terminate.
		 * (4) "../"          -- strip one, eat slash and continue.
		 */
		if (c == '.') {
			if (!src[1]) {
				/* (1) */
				src++;
			} else if (is_dir_sep(src[1])) {
				/* (2) */
				src += 2;
				while (is_dir_sep(*src))
					src++;
				continue;
			} else if (src[1] == '.') {
				if (!src[2]) {
					/* (3) */
					src += 2;
					goto up_one;
				} else if (is_dir_sep(src[2])) {
					/* (4) */
					src += 3;
					while (is_dir_sep(*src))
						src++;
					goto up_one;
				}
			}
		}
508

509 510 511 512 513 514 515 516 517 518 519 520 521 522 523 524 525
		/* copy up to the next '/', and eat all '/' */
		while ((c = *src++) != '\0' && !is_dir_sep(c))
			*dst++ = c;
		if (is_dir_sep(c)) {
			*dst++ = '/';
			while (is_dir_sep(c))
				c = *src++;
			src--;
		} else if (!c)
			break;
		continue;

	up_one:
		/*
		 * dst0..dst is prefix portion, and dst[-1] is '/';
		 * go up one level.
		 */
526 527
		dst--;	/* go to trailing '/' */
		if (dst <= dst0)
528
			return -1;
529 530 531
		/* Windows: dst[-1] cannot be backslash anymore */
		while (dst0 < dst && dst[-1] != '/')
			dst--;
532
	}
533
	*dst = '\0';
534
	return 0;
535
}
536 537 538 539 540

/*
 * path = Canonical absolute path
 * prefix_list = Colon-separated list of absolute paths
 *
541
 * Determines, for each path in prefix_list, whether the "prefix" really
542 543 544 545 546 547 548 549 550 551 552 553 554 555 556 557 558 559
 * is an ancestor directory of path.  Returns the length of the longest
 * ancestor directory, excluding any trailing slashes, or -1 if no prefix
 * is an ancestor.  (Note that this means 0 is returned if prefix_list is
 * "/".) "/foo" is not considered an ancestor of "/foobar".  Directories
 * are not considered to be their own ancestors.  path must be in a
 * canonical form: empty components, or "." or ".." components are not
 * allowed.  prefix_list may be null, which is like "".
 */
int longest_ancestor_length(const char *path, const char *prefix_list)
{
	char buf[PATH_MAX+1];
	const char *ceil, *colon;
	int len, max_len = -1;

	if (prefix_list == NULL || !strcmp(path, "/"))
		return -1;

	for (colon = ceil = prefix_list; *colon; ceil = colon+1) {
560
		for (colon = ceil; *colon && *colon != PATH_SEP; colon++);
561 562 563 564
		len = colon - ceil;
		if (len == 0 || len > PATH_MAX || !is_absolute_path(ceil))
			continue;
		strlcpy(buf, ceil, len+1);
565 566 567 568 569
		if (normalize_path_copy(buf, buf) < 0)
			continue;
		len = strlen(buf);
		if (len > 0 && buf[len-1] == '/')
			buf[--len] = '\0';
570 571 572 573 574 575 576 577 578 579

		if (!strncmp(path, buf, len) &&
		    path[len] == '/' &&
		    len > max_len) {
			max_len = len;
		}
	}

	return max_len;
}
580 581 582 583 584 585 586 587 588 589 590 591 592 593 594 595 596 597 598 599 600 601 602 603 604 605 606 607 608 609 610 611 612 613 614 615

/* strip arbitrary amount of directory separators at end of path */
static inline int chomp_trailing_dir_sep(const char *path, int len)
{
	while (len && is_dir_sep(path[len - 1]))
		len--;
	return len;
}

/*
 * If path ends with suffix (complete path components), returns the
 * part before suffix (sans trailing directory separators).
 * Otherwise returns NULL.
 */
char *strip_path_suffix(const char *path, const char *suffix)
{
	int path_len = strlen(path), suffix_len = strlen(suffix);

	while (suffix_len) {
		if (!path_len)
			return NULL;

		if (is_dir_sep(path[path_len - 1])) {
			if (!is_dir_sep(suffix[suffix_len - 1]))
				return NULL;
			path_len = chomp_trailing_dir_sep(path, path_len);
			suffix_len = chomp_trailing_dir_sep(suffix, suffix_len);
		}
		else if (path[--path_len] != suffix[--suffix_len])
			return NULL;
	}

	if (path_len && !is_dir_sep(path[path_len - 1]))
		return NULL;
	return xstrndup(path, chomp_trailing_dir_sep(path, path_len));
}
616 617 618 619 620 621 622 623

int daemon_avoid_alias(const char *p)
{
	int sl, ndot;

	/*
	 * This resurrects the belts and suspenders paranoia check by HPA
	 * done in <[email protected]> thread, now enter_repo()
624
	 * does not do getcwd() based path canonicalization.
625 626 627 628 629 630 631 632 633 634 635 636 637 638 639 640 641 642 643 644 645 646 647 648 649 650 651 652 653 654 655 656 657 658 659 660 661 662
	 *
	 * sl becomes true immediately after seeing '/' and continues to
	 * be true as long as dots continue after that without intervening
	 * non-dot character.
	 */
	if (!p || (*p != '/' && *p != '~'))
		return -1;
	sl = 1; ndot = 0;
	p++;

	while (1) {
		char ch = *p++;
		if (sl) {
			if (ch == '.')
				ndot++;
			else if (ch == '/') {
				if (ndot < 3)
					/* reject //, /./ and /../ */
					return -1;
				ndot = 0;
			}
			else if (ch == 0) {
				if (0 < ndot && ndot < 3)
					/* reject /.$ and /..$ */
					return -1;
				return 0;
			}
			else
				sl = ndot = 0;
		}
		else if (ch == 0)
			return 0;
		else if (ch == '/') {
			sl = 1;
			ndot = 0;
		}
	}
}
663 664 665 666 667 668 669

int offset_1st_component(const char *path)
{
	if (has_dos_drive_prefix(path))
		return 2 + is_dir_sep(path[2]);
	return is_dir_sep(path[0]);
}