path.c 14.8 KB
Newer Older
1 2 3 4 5 6 7 8 9 10 11 12 13
/*
 * I'm tired of doing "vsnprintf()" etc just to open a
 * file, so here's a "return static buffer with printf"
 * interface for paths.
 *
 * It's obviously not thread-safe. Sue me. But it's quite
 * useful for doing things like
 *
 *   f = open(mkpath("%s/%s.git", base, name), O_RDONLY);
 *
 * which is what it's designed for.
 */
#include "cache.h"
14
#include "strbuf.h"
15 16 17

static char bad_path[] = "/bad-path/";

18 19 20 21 22 23 24
static char *get_pathname(void)
{
	static char pathname_array[4][PATH_MAX];
	static int index;
	return pathname_array[3 & ++index];
}

25 26 27 28 29 30 31 32 33 34 35
static char *cleanup_path(char *path)
{
	/* Clean it up */
	if (!memcmp(path, "./", 2)) {
		path += 2;
		while (*path == '/')
			path++;
	}
	return path;
}

36 37 38 39 40 41 42 43 44
char *mksnpath(char *buf, size_t n, const char *fmt, ...)
{
	va_list args;
	unsigned len;

	va_start(args, fmt);
	len = vsnprintf(buf, n, fmt, args);
	va_end(args);
	if (len >= n) {
45
		strlcpy(buf, bad_path, n);
46 47 48 49 50
		return buf;
	}
	return cleanup_path(buf);
}

51
static char *git_vsnpath(char *buf, size_t n, const char *fmt, va_list args)
52 53 54 55 56 57 58 59 60 61 62 63 64 65 66
{
	const char *git_dir = get_git_dir();
	size_t len;

	len = strlen(git_dir);
	if (n < len + 1)
		goto bad;
	memcpy(buf, git_dir, len);
	if (len && !is_dir_sep(git_dir[len-1]))
		buf[len++] = '/';
	len += vsnprintf(buf + len, n - len, fmt, args);
	if (len >= n)
		goto bad;
	return cleanup_path(buf);
bad:
67
	strlcpy(buf, bad_path, n);
68 69 70
	return buf;
}

71 72 73 74 75 76 77 78 79 80 81 82 83 84 85 86 87 88 89
char *git_snpath(char *buf, size_t n, const char *fmt, ...)
{
	va_list args;
	va_start(args, fmt);
	(void)git_vsnpath(buf, n, fmt, args);
	va_end(args);
	return buf;
}

char *git_pathdup(const char *fmt, ...)
{
	char path[PATH_MAX];
	va_list args;
	va_start(args, fmt);
	(void)git_vsnpath(path, sizeof(path), fmt, args);
	va_end(args);
	return xstrdup(path);
}

90 91 92 93
char *mkpath(const char *fmt, ...)
{
	va_list args;
	unsigned len;
94
	char *pathname = get_pathname();
95 96 97 98 99 100 101 102 103 104 105

	va_start(args, fmt);
	len = vsnprintf(pathname, PATH_MAX, fmt, args);
	va_end(args);
	if (len >= PATH_MAX)
		return bad_path;
	return cleanup_path(pathname);
}

char *git_path(const char *fmt, ...)
{
106
	const char *git_dir = get_git_dir();
107
	char *pathname = get_pathname();
108 109 110 111 112 113 114 115 116 117 118 119 120 121 122 123
	va_list args;
	unsigned len;

	len = strlen(git_dir);
	if (len > PATH_MAX-100)
		return bad_path;
	memcpy(pathname, git_dir, len);
	if (len && git_dir[len-1] != '/')
		pathname[len++] = '/';
	va_start(args, fmt);
	len += vsnprintf(pathname + len, PATH_MAX - len, fmt, args);
	va_end(args);
	if (len >= PATH_MAX)
		return bad_path;
	return cleanup_path(pathname);
}
124

125 126 127 128 129 130 131 132 133 134 135 136 137 138 139 140 141
char *git_path_submodule(const char *path, const char *fmt, ...)
{
	char *pathname = get_pathname();
	struct strbuf buf = STRBUF_INIT;
	const char *git_dir;
	va_list args;
	unsigned len;

	len = strlen(path);
	if (len > PATH_MAX-100)
		return bad_path;

	strbuf_addstr(&buf, path);
	if (len && path[len-1] != '/')
		strbuf_addch(&buf, '/');
	strbuf_addstr(&buf, ".git");

142
	git_dir = read_gitfile(buf.buf);
143 144 145 146 147 148 149 150 151 152 153 154 155 156 157 158 159 160 161 162
	if (git_dir) {
		strbuf_reset(&buf);
		strbuf_addstr(&buf, git_dir);
	}
	strbuf_addch(&buf, '/');

	if (buf.len >= PATH_MAX)
		return bad_path;
	memcpy(pathname, buf.buf, buf.len + 1);

	strbuf_release(&buf);
	len = strlen(pathname);

	va_start(args, fmt);
	len += vsnprintf(pathname + len, PATH_MAX - len, fmt, args);
	va_end(args);
	if (len >= PATH_MAX)
		return bad_path;
	return cleanup_path(pathname);
}
163

164
int validate_headref(const char *path)
165 166 167
{
	struct stat st;
	char *buf, buffer[256];
168
	unsigned char sha1[20];
169 170
	int fd;
	ssize_t len;
171 172 173 174 175 176 177

	if (lstat(path, &st) < 0)
		return -1;

	/* Make sure it is a "refs/.." symlink */
	if (S_ISLNK(st.st_mode)) {
		len = readlink(path, buffer, sizeof(buffer)-1);
178
		if (len >= 5 && !memcmp("refs/", buffer, 5))
179 180 181 182 183 184 185 186 187 188
			return 0;
		return -1;
	}

	/*
	 * Anything else, just open it and try to see if it is a symbolic ref.
	 */
	fd = open(path, O_RDONLY);
	if (fd < 0)
		return -1;
189
	len = read_in_full(fd, buffer, sizeof(buffer)-1);
190 191 192 193 194
	close(fd);

	/*
	 * Is it a symbolic ref?
	 */
195
	if (len < 4)
196
		return -1;
197 198 199 200 201
	if (!memcmp("ref:", buffer, 4)) {
		buf = buffer + 4;
		len -= 4;
		while (len && isspace(*buf))
			buf++, len--;
202
		if (len >= 5 && !memcmp("refs/", buf, 5))
203 204 205 206 207 208 209
			return 0;
	}

	/*
	 * Is this a detached HEAD?
	 */
	if (!get_sha1_hex(buffer, sha1))
210
		return 0;
211

212 213 214
	return -1;
}

215
static struct passwd *getpw_str(const char *username, size_t len)
216
{
217
	struct passwd *pw;
218 219 220 221 222 223 224
	char *username_z = xmalloc(len + 1);
	memcpy(username_z, username, len);
	username_z[len] = '\0';
	pw = getpwnam(username_z);
	free(username_z);
	return pw;
}
225

226 227 228 229 230 231 232 233 234 235 236 237 238 239 240 241
/*
 * Return a string with ~ and ~user expanded via getpw*.  If buf != NULL,
 * then it is a newly allocated string. Returns NULL on getpw failure or
 * if path is NULL.
 */
char *expand_user_path(const char *path)
{
	struct strbuf user_path = STRBUF_INIT;
	const char *first_slash = strchrnul(path, '/');
	const char *to_copy = path;

	if (path == NULL)
		goto return_null;
	if (path[0] == '~') {
		const char *username = path + 1;
		size_t username_len = first_slash - username;
242 243
		if (username_len == 0) {
			const char *home = getenv("HOME");
244 245
			if (!home)
				goto return_null;
246 247 248 249 250 251
			strbuf_add(&user_path, home, strlen(home));
		} else {
			struct passwd *pw = getpw_str(username, username_len);
			if (!pw)
				goto return_null;
			strbuf_add(&user_path, pw->pw_dir, strlen(pw->pw_dir));
252
		}
253
		to_copy = first_slash;
254
	}
255 256 257 258 259
	strbuf_add(&user_path, to_copy, strlen(to_copy));
	return strbuf_detach(&user_path, NULL);
return_null:
	strbuf_release(&user_path);
	return NULL;
260 261
}

262 263 264 265 266 267 268 269 270 271 272 273 274 275 276 277 278 279 280 281 282 283 284 285
/*
 * First, one directory to try is determined by the following algorithm.
 *
 * (0) If "strict" is given, the path is used as given and no DWIM is
 *     done. Otherwise:
 * (1) "~/path" to mean path under the running user's home directory;
 * (2) "~user/path" to mean path under named user's home directory;
 * (3) "relative/path" to mean cwd relative directory; or
 * (4) "/absolute/path" to mean absolute directory.
 *
 * Unless "strict" is given, we try access() for existence of "%s.git/.git",
 * "%s/.git", "%s.git", "%s" in this order.  The first one that exists is
 * what we try.
 *
 * Second, we try chdir() to that.  Upon failure, we return NULL.
 *
 * Then, we try if the current directory is a valid git repository.
 * Upon failure, we return NULL.
 *
 * If all goes well, we return the directory we used to chdir() (but
 * before ~user is expanded), avoiding getcwd() resolving symbolic
 * links.  User relative paths are also returned as they are given,
 * except DWIM suffixing.
 */
286
const char *enter_repo(const char *path, int strict)
287
{
288 289 290 291
	static char used_path[PATH_MAX];
	static char validated_path[PATH_MAX];

	if (!path)
292 293
		return NULL;

294 295 296 297 298 299
	if (!strict) {
		static const char *suffix[] = {
			".git/.git", "/.git", ".git", "", NULL,
		};
		int len = strlen(path);
		int i;
300
		while ((1 < len) && (path[len-1] == '/'))
301
			len--;
302

303
		if (PATH_MAX <= len)
304
			return NULL;
305 306 307 308 309
		strncpy(used_path, path, len); used_path[len] = 0 ;
		strcpy(validated_path, used_path);

		if (used_path[0] == '~') {
			char *newpath = expand_user_path(used_path);
310 311
			if (!newpath || (PATH_MAX - 10 < strlen(newpath))) {
				free(newpath);
312
				return NULL;
313 314 315 316 317 318 319 320
			}
			/*
			 * Copy back into the static buffer. A pity
			 * since newpath was not bounded, but other
			 * branches of the if are limited by PATH_MAX
			 * anyway.
			 */
			strcpy(used_path, newpath); free(newpath);
321 322 323
		}
		else if (PATH_MAX - 10 < len)
			return NULL;
324
		len = strlen(used_path);
325
		for (i = 0; suffix[i]; i++) {
326 327
			strcpy(used_path + len, suffix[i]);
			if (!access(used_path, F_OK)) {
328 329 330 331
				strcat(validated_path, suffix[i]);
				break;
			}
		}
332
		if (!suffix[i] || chdir(used_path))
333
			return NULL;
334
		path = validated_path;
335
	}
336 337
	else if (chdir(path))
		return NULL;
338

339
	if (access("objects", X_OK) == 0 && access("refs", X_OK) == 0 &&
340
	    validate_headref("HEAD") == 0) {
René Scharfe's avatar
René Scharfe committed
341
		set_git_dir(".");
342
		check_repository_format();
343
		return path;
344 345 346 347
	}

	return NULL;
}
348

349
int set_shared_perm(const char *path, int mode)
350 351
{
	struct stat st;
352
	int tweak, shared, orig_mode;
353

354 355 356
	if (!shared_repository) {
		if (mode)
			return chmod(path, mode & ~S_IFMT);
357
		return 0;
358 359 360 361 362 363 364 365
	}
	if (!mode) {
		if (lstat(path, &st) < 0)
			return -1;
		mode = st.st_mode;
		orig_mode = mode;
	} else
		orig_mode = 0;
366 367 368 369 370 371 372 373 374 375 376 377 378 379
	if (shared_repository < 0)
		shared = -shared_repository;
	else
		shared = shared_repository;
	tweak = shared;

	if (!(mode & S_IWUSR))
		tweak &= ~0222;
	if (mode & S_IXUSR)
		/* Copy read bits to execute bits */
		tweak |= (tweak & 0444) >> 2;
	if (shared_repository < 0)
		mode = (mode & ~0777) | tweak;
	else
380
		mode |= tweak;
381 382 383

	if (S_ISDIR(mode)) {
		/* Copy read bits to execute bits */
384 385
		mode |= (shared & 0444) >> 2;
		mode |= FORCE_DIR_SET_GID;
386 387
	}

388
	if (((shared_repository < 0
389 390 391
	      ? (orig_mode & (FORCE_DIR_SET_GID | 0777))
	      : (orig_mode & mode)) != mode) &&
	    chmod(path, (mode & ~S_IFMT)) < 0)
392 393 394
		return -2;
	return 0;
}
395

396
const char *relative_path(const char *abs, const char *base)
397 398
{
	static char buf[PATH_MAX + 1];
399 400 401
	int i = 0, j = 0;

	if (!base || !base[0])
402
		return abs;
403 404 405 406 407 408 409 410 411 412 413 414 415 416 417 418 419 420 421 422 423
	while (base[i]) {
		if (is_dir_sep(base[i])) {
			if (!is_dir_sep(abs[j]))
				return abs;
			while (is_dir_sep(base[i]))
				i++;
			while (is_dir_sep(abs[j]))
				j++;
			continue;
		} else if (abs[j] != base[i]) {
			return abs;
		}
		i++;
		j++;
	}
	if (
	    /* "/foo" is a prefix of "/foo" */
	    abs[j] &&
	    /* "/foo" is not a prefix of "/foobar" */
	    !is_dir_sep(base[i-1]) && !is_dir_sep(abs[j])
	   )
424
		return abs;
425 426 427 428 429 430
	while (is_dir_sep(abs[j]))
		j++;
	if (!abs[j])
		strcpy(buf, ".");
	else
		strcpy(buf, abs + j);
431 432
	return buf;
}
433 434

/*
435
 * It is okay if dst == src, but they should not overlap otherwise.
436
 *
437 438 439
 * Performs the following normalizations on src, storing the result in dst:
 * - Ensures that components are separated by '/' (Windows only)
 * - Squashes sequences of '/'.
440 441
 * - Removes "." components.
 * - Removes ".." components, and the components the precede them.
442 443
 * Returns failure (non-zero) if a ".." component appears as first path
 * component anytime during the normalization. Otherwise, returns success (0).
444 445 446 447
 *
 * Note that this function is purely textual.  It does not follow symlinks,
 * verify the existence of the path, or make any system calls.
 */
448
int normalize_path_copy(char *dst, const char *src)
449
{
450
	char *dst0;
451

452 453 454
	if (has_dos_drive_prefix(src)) {
		*dst++ = *src++;
		*dst++ = *src++;
455
	}
456
	dst0 = dst;
457

458
	if (is_dir_sep(*src)) {
459
		*dst++ = '/';
460 461 462 463 464 465 466 467 468 469 470 471 472 473 474 475 476 477 478 479 480 481 482 483 484 485 486 487 488 489 490 491 492 493 494 495 496 497 498
		while (is_dir_sep(*src))
			src++;
	}

	for (;;) {
		char c = *src;

		/*
		 * A path component that begins with . could be
		 * special:
		 * (1) "." and ends   -- ignore and terminate.
		 * (2) "./"           -- ignore them, eat slash and continue.
		 * (3) ".." and ends  -- strip one and terminate.
		 * (4) "../"          -- strip one, eat slash and continue.
		 */
		if (c == '.') {
			if (!src[1]) {
				/* (1) */
				src++;
			} else if (is_dir_sep(src[1])) {
				/* (2) */
				src += 2;
				while (is_dir_sep(*src))
					src++;
				continue;
			} else if (src[1] == '.') {
				if (!src[2]) {
					/* (3) */
					src += 2;
					goto up_one;
				} else if (is_dir_sep(src[2])) {
					/* (4) */
					src += 3;
					while (is_dir_sep(*src))
						src++;
					goto up_one;
				}
			}
		}
499

500 501 502 503 504 505 506 507 508 509 510 511 512 513 514 515 516
		/* copy up to the next '/', and eat all '/' */
		while ((c = *src++) != '\0' && !is_dir_sep(c))
			*dst++ = c;
		if (is_dir_sep(c)) {
			*dst++ = '/';
			while (is_dir_sep(c))
				c = *src++;
			src--;
		} else if (!c)
			break;
		continue;

	up_one:
		/*
		 * dst0..dst is prefix portion, and dst[-1] is '/';
		 * go up one level.
		 */
517 518
		dst--;	/* go to trailing '/' */
		if (dst <= dst0)
519
			return -1;
520 521 522
		/* Windows: dst[-1] cannot be backslash anymore */
		while (dst0 < dst && dst[-1] != '/')
			dst--;
523
	}
524
	*dst = '\0';
525
	return 0;
526
}
527 528 529 530 531

/*
 * path = Canonical absolute path
 * prefix_list = Colon-separated list of absolute paths
 *
532
 * Determines, for each path in prefix_list, whether the "prefix" really
533 534 535 536 537 538 539 540 541 542 543 544 545 546 547 548 549 550
 * is an ancestor directory of path.  Returns the length of the longest
 * ancestor directory, excluding any trailing slashes, or -1 if no prefix
 * is an ancestor.  (Note that this means 0 is returned if prefix_list is
 * "/".) "/foo" is not considered an ancestor of "/foobar".  Directories
 * are not considered to be their own ancestors.  path must be in a
 * canonical form: empty components, or "." or ".." components are not
 * allowed.  prefix_list may be null, which is like "".
 */
int longest_ancestor_length(const char *path, const char *prefix_list)
{
	char buf[PATH_MAX+1];
	const char *ceil, *colon;
	int len, max_len = -1;

	if (prefix_list == NULL || !strcmp(path, "/"))
		return -1;

	for (colon = ceil = prefix_list; *colon; ceil = colon+1) {
551
		for (colon = ceil; *colon && *colon != PATH_SEP; colon++);
552 553 554 555
		len = colon - ceil;
		if (len == 0 || len > PATH_MAX || !is_absolute_path(ceil))
			continue;
		strlcpy(buf, ceil, len+1);
556 557 558 559 560
		if (normalize_path_copy(buf, buf) < 0)
			continue;
		len = strlen(buf);
		if (len > 0 && buf[len-1] == '/')
			buf[--len] = '\0';
561 562 563 564 565 566 567 568 569 570

		if (!strncmp(path, buf, len) &&
		    path[len] == '/' &&
		    len > max_len) {
			max_len = len;
		}
	}

	return max_len;
}
571 572 573 574 575 576 577 578 579 580 581 582 583 584 585 586 587 588 589 590 591 592 593 594 595 596 597 598 599 600 601 602 603 604 605 606

/* strip arbitrary amount of directory separators at end of path */
static inline int chomp_trailing_dir_sep(const char *path, int len)
{
	while (len && is_dir_sep(path[len - 1]))
		len--;
	return len;
}

/*
 * If path ends with suffix (complete path components), returns the
 * part before suffix (sans trailing directory separators).
 * Otherwise returns NULL.
 */
char *strip_path_suffix(const char *path, const char *suffix)
{
	int path_len = strlen(path), suffix_len = strlen(suffix);

	while (suffix_len) {
		if (!path_len)
			return NULL;

		if (is_dir_sep(path[path_len - 1])) {
			if (!is_dir_sep(suffix[suffix_len - 1]))
				return NULL;
			path_len = chomp_trailing_dir_sep(path, path_len);
			suffix_len = chomp_trailing_dir_sep(suffix, suffix_len);
		}
		else if (path[--path_len] != suffix[--suffix_len])
			return NULL;
	}

	if (path_len && !is_dir_sep(path[path_len - 1]))
		return NULL;
	return xstrndup(path, chomp_trailing_dir_sep(path, path_len));
}
607 608 609 610 611 612 613 614

int daemon_avoid_alias(const char *p)
{
	int sl, ndot;

	/*
	 * This resurrects the belts and suspenders paranoia check by HPA
	 * done in <[email protected]> thread, now enter_repo()
615
	 * does not do getcwd() based path canonicalization.
616 617 618 619 620 621 622 623 624 625 626 627 628 629 630 631 632 633 634 635 636 637 638 639 640 641 642 643 644 645 646 647 648 649 650 651 652 653
	 *
	 * sl becomes true immediately after seeing '/' and continues to
	 * be true as long as dots continue after that without intervening
	 * non-dot character.
	 */
	if (!p || (*p != '/' && *p != '~'))
		return -1;
	sl = 1; ndot = 0;
	p++;

	while (1) {
		char ch = *p++;
		if (sl) {
			if (ch == '.')
				ndot++;
			else if (ch == '/') {
				if (ndot < 3)
					/* reject //, /./ and /../ */
					return -1;
				ndot = 0;
			}
			else if (ch == 0) {
				if (0 < ndot && ndot < 3)
					/* reject /.$ and /..$ */
					return -1;
				return 0;
			}
			else
				sl = ndot = 0;
		}
		else if (ch == 0)
			return 0;
		else if (ch == '/') {
			sl = 1;
			ndot = 0;
		}
	}
}
654 655 656 657 658 659 660

int offset_1st_component(const char *path)
{
	if (has_dos_drive_prefix(path))
		return 2 + is_dir_sep(path[2]);
	return is_dir_sep(path[0]);
}