path.c 14.9 KB
Newer Older
1 2 3 4 5 6 7 8 9 10 11 12 13
/*
 * I'm tired of doing "vsnprintf()" etc just to open a
 * file, so here's a "return static buffer with printf"
 * interface for paths.
 *
 * It's obviously not thread-safe. Sue me. But it's quite
 * useful for doing things like
 *
 *   f = open(mkpath("%s/%s.git", base, name), O_RDONLY);
 *
 * which is what it's designed for.
 */
#include "cache.h"
14
#include "strbuf.h"
15 16 17

static char bad_path[] = "/bad-path/";

18 19 20 21 22 23 24
static char *get_pathname(void)
{
	static char pathname_array[4][PATH_MAX];
	static int index;
	return pathname_array[3 & ++index];
}

25 26 27 28 29 30 31 32 33 34 35
static char *cleanup_path(char *path)
{
	/* Clean it up */
	if (!memcmp(path, "./", 2)) {
		path += 2;
		while (*path == '/')
			path++;
	}
	return path;
}

36 37 38 39 40 41 42 43 44
char *mksnpath(char *buf, size_t n, const char *fmt, ...)
{
	va_list args;
	unsigned len;

	va_start(args, fmt);
	len = vsnprintf(buf, n, fmt, args);
	va_end(args);
	if (len >= n) {
45
		strlcpy(buf, bad_path, n);
46 47 48 49 50
		return buf;
	}
	return cleanup_path(buf);
}

51
static char *git_vsnpath(char *buf, size_t n, const char *fmt, va_list args)
52 53 54 55 56 57 58 59 60 61 62 63 64 65 66
{
	const char *git_dir = get_git_dir();
	size_t len;

	len = strlen(git_dir);
	if (n < len + 1)
		goto bad;
	memcpy(buf, git_dir, len);
	if (len && !is_dir_sep(git_dir[len-1]))
		buf[len++] = '/';
	len += vsnprintf(buf + len, n - len, fmt, args);
	if (len >= n)
		goto bad;
	return cleanup_path(buf);
bad:
67
	strlcpy(buf, bad_path, n);
68 69 70
	return buf;
}

71 72 73 74 75 76 77 78 79 80 81 82 83 84 85 86 87 88 89
char *git_snpath(char *buf, size_t n, const char *fmt, ...)
{
	va_list args;
	va_start(args, fmt);
	(void)git_vsnpath(buf, n, fmt, args);
	va_end(args);
	return buf;
}

char *git_pathdup(const char *fmt, ...)
{
	char path[PATH_MAX];
	va_list args;
	va_start(args, fmt);
	(void)git_vsnpath(path, sizeof(path), fmt, args);
	va_end(args);
	return xstrdup(path);
}

90 91 92 93
char *mkpath(const char *fmt, ...)
{
	va_list args;
	unsigned len;
94
	char *pathname = get_pathname();
95 96 97 98 99 100 101 102 103 104 105

	va_start(args, fmt);
	len = vsnprintf(pathname, PATH_MAX, fmt, args);
	va_end(args);
	if (len >= PATH_MAX)
		return bad_path;
	return cleanup_path(pathname);
}

char *git_path(const char *fmt, ...)
{
106
	const char *git_dir = get_git_dir();
107
	char *pathname = get_pathname();
108 109 110 111 112 113 114 115 116 117 118 119 120 121 122 123
	va_list args;
	unsigned len;

	len = strlen(git_dir);
	if (len > PATH_MAX-100)
		return bad_path;
	memcpy(pathname, git_dir, len);
	if (len && git_dir[len-1] != '/')
		pathname[len++] = '/';
	va_start(args, fmt);
	len += vsnprintf(pathname + len, PATH_MAX - len, fmt, args);
	va_end(args);
	if (len >= PATH_MAX)
		return bad_path;
	return cleanup_path(pathname);
}
124

125 126 127 128 129 130 131 132 133 134 135 136 137 138 139 140 141
char *git_path_submodule(const char *path, const char *fmt, ...)
{
	char *pathname = get_pathname();
	struct strbuf buf = STRBUF_INIT;
	const char *git_dir;
	va_list args;
	unsigned len;

	len = strlen(path);
	if (len > PATH_MAX-100)
		return bad_path;

	strbuf_addstr(&buf, path);
	if (len && path[len-1] != '/')
		strbuf_addch(&buf, '/');
	strbuf_addstr(&buf, ".git");

142
	git_dir = read_gitfile(buf.buf);
143 144 145 146 147 148 149 150 151 152 153 154 155 156 157 158 159 160 161 162
	if (git_dir) {
		strbuf_reset(&buf);
		strbuf_addstr(&buf, git_dir);
	}
	strbuf_addch(&buf, '/');

	if (buf.len >= PATH_MAX)
		return bad_path;
	memcpy(pathname, buf.buf, buf.len + 1);

	strbuf_release(&buf);
	len = strlen(pathname);

	va_start(args, fmt);
	len += vsnprintf(pathname + len, PATH_MAX - len, fmt, args);
	va_end(args);
	if (len >= PATH_MAX)
		return bad_path;
	return cleanup_path(pathname);
}
163

164
int validate_headref(const char *path)
165 166 167
{
	struct stat st;
	char *buf, buffer[256];
168
	unsigned char sha1[20];
169 170
	int fd;
	ssize_t len;
171 172 173 174 175 176 177

	if (lstat(path, &st) < 0)
		return -1;

	/* Make sure it is a "refs/.." symlink */
	if (S_ISLNK(st.st_mode)) {
		len = readlink(path, buffer, sizeof(buffer)-1);
178
		if (len >= 5 && !memcmp("refs/", buffer, 5))
179 180 181 182 183 184 185 186 187 188
			return 0;
		return -1;
	}

	/*
	 * Anything else, just open it and try to see if it is a symbolic ref.
	 */
	fd = open(path, O_RDONLY);
	if (fd < 0)
		return -1;
189
	len = read_in_full(fd, buffer, sizeof(buffer)-1);
190 191 192 193 194
	close(fd);

	/*
	 * Is it a symbolic ref?
	 */
195
	if (len < 4)
196
		return -1;
197 198 199 200 201
	if (!memcmp("ref:", buffer, 4)) {
		buf = buffer + 4;
		len -= 4;
		while (len && isspace(*buf))
			buf++, len--;
202
		if (len >= 5 && !memcmp("refs/", buf, 5))
203 204 205 206 207 208 209
			return 0;
	}

	/*
	 * Is this a detached HEAD?
	 */
	if (!get_sha1_hex(buffer, sha1))
210
		return 0;
211

212 213 214
	return -1;
}

215
static struct passwd *getpw_str(const char *username, size_t len)
216
{
217
	struct passwd *pw;
218 219 220 221 222 223 224
	char *username_z = xmalloc(len + 1);
	memcpy(username_z, username, len);
	username_z[len] = '\0';
	pw = getpwnam(username_z);
	free(username_z);
	return pw;
}
225

226 227 228 229 230 231 232 233 234 235 236 237 238 239 240 241
/*
 * Return a string with ~ and ~user expanded via getpw*.  If buf != NULL,
 * then it is a newly allocated string. Returns NULL on getpw failure or
 * if path is NULL.
 */
char *expand_user_path(const char *path)
{
	struct strbuf user_path = STRBUF_INIT;
	const char *first_slash = strchrnul(path, '/');
	const char *to_copy = path;

	if (path == NULL)
		goto return_null;
	if (path[0] == '~') {
		const char *username = path + 1;
		size_t username_len = first_slash - username;
242 243
		if (username_len == 0) {
			const char *home = getenv("HOME");
244 245
			if (!home)
				goto return_null;
246 247 248 249 250 251
			strbuf_add(&user_path, home, strlen(home));
		} else {
			struct passwd *pw = getpw_str(username, username_len);
			if (!pw)
				goto return_null;
			strbuf_add(&user_path, pw->pw_dir, strlen(pw->pw_dir));
252
		}
253
		to_copy = first_slash;
254
	}
255 256 257 258 259
	strbuf_add(&user_path, to_copy, strlen(to_copy));
	return strbuf_detach(&user_path, NULL);
return_null:
	strbuf_release(&user_path);
	return NULL;
260 261
}

262 263 264 265 266 267 268 269 270 271 272 273 274 275 276 277 278 279 280 281 282 283 284 285
/*
 * First, one directory to try is determined by the following algorithm.
 *
 * (0) If "strict" is given, the path is used as given and no DWIM is
 *     done. Otherwise:
 * (1) "~/path" to mean path under the running user's home directory;
 * (2) "~user/path" to mean path under named user's home directory;
 * (3) "relative/path" to mean cwd relative directory; or
 * (4) "/absolute/path" to mean absolute directory.
 *
 * Unless "strict" is given, we try access() for existence of "%s.git/.git",
 * "%s/.git", "%s.git", "%s" in this order.  The first one that exists is
 * what we try.
 *
 * Second, we try chdir() to that.  Upon failure, we return NULL.
 *
 * Then, we try if the current directory is a valid git repository.
 * Upon failure, we return NULL.
 *
 * If all goes well, we return the directory we used to chdir() (but
 * before ~user is expanded), avoiding getcwd() resolving symbolic
 * links.  User relative paths are also returned as they are given,
 * except DWIM suffixing.
 */
286
const char *enter_repo(const char *path, int strict)
287
{
288 289 290 291
	static char used_path[PATH_MAX];
	static char validated_path[PATH_MAX];

	if (!path)
292 293
		return NULL;

294 295 296 297
	if (!strict) {
		static const char *suffix[] = {
			".git/.git", "/.git", ".git", "", NULL,
		};
298
		const char *gitfile;
299 300
		int len = strlen(path);
		int i;
301
		while ((1 < len) && (path[len-1] == '/'))
302
			len--;
303

304
		if (PATH_MAX <= len)
305
			return NULL;
306 307 308 309 310
		strncpy(used_path, path, len); used_path[len] = 0 ;
		strcpy(validated_path, used_path);

		if (used_path[0] == '~') {
			char *newpath = expand_user_path(used_path);
311 312
			if (!newpath || (PATH_MAX - 10 < strlen(newpath))) {
				free(newpath);
313
				return NULL;
314 315 316 317 318 319 320 321
			}
			/*
			 * Copy back into the static buffer. A pity
			 * since newpath was not bounded, but other
			 * branches of the if are limited by PATH_MAX
			 * anyway.
			 */
			strcpy(used_path, newpath); free(newpath);
322 323 324
		}
		else if (PATH_MAX - 10 < len)
			return NULL;
325
		len = strlen(used_path);
326
		for (i = 0; suffix[i]; i++) {
327 328
			strcpy(used_path + len, suffix[i]);
			if (!access(used_path, F_OK)) {
329 330 331 332
				strcat(validated_path, suffix[i]);
				break;
			}
		}
333 334 335 336 337 338
		if (!suffix[i])
			return NULL;
		gitfile = read_gitfile(used_path) ;
		if (gitfile)
			strcpy(used_path, gitfile);
		if (chdir(used_path))
339
			return NULL;
340
		path = validated_path;
341
	}
342 343
	else if (chdir(path))
		return NULL;
344

345
	if (access("objects", X_OK) == 0 && access("refs", X_OK) == 0 &&
346
	    validate_headref("HEAD") == 0) {
René Scharfe's avatar
René Scharfe committed
347
		set_git_dir(".");
348
		check_repository_format();
349
		return path;
350 351 352 353
	}

	return NULL;
}
354

355
int set_shared_perm(const char *path, int mode)
356 357
{
	struct stat st;
358
	int tweak, shared, orig_mode;
359

360 361 362
	if (!shared_repository) {
		if (mode)
			return chmod(path, mode & ~S_IFMT);
363
		return 0;
364 365 366 367 368 369 370 371
	}
	if (!mode) {
		if (lstat(path, &st) < 0)
			return -1;
		mode = st.st_mode;
		orig_mode = mode;
	} else
		orig_mode = 0;
372 373 374 375 376 377 378 379 380 381 382 383 384 385
	if (shared_repository < 0)
		shared = -shared_repository;
	else
		shared = shared_repository;
	tweak = shared;

	if (!(mode & S_IWUSR))
		tweak &= ~0222;
	if (mode & S_IXUSR)
		/* Copy read bits to execute bits */
		tweak |= (tweak & 0444) >> 2;
	if (shared_repository < 0)
		mode = (mode & ~0777) | tweak;
	else
386
		mode |= tweak;
387 388 389

	if (S_ISDIR(mode)) {
		/* Copy read bits to execute bits */
390 391
		mode |= (shared & 0444) >> 2;
		mode |= FORCE_DIR_SET_GID;
392 393
	}

394
	if (((shared_repository < 0
395 396 397
	      ? (orig_mode & (FORCE_DIR_SET_GID | 0777))
	      : (orig_mode & mode)) != mode) &&
	    chmod(path, (mode & ~S_IFMT)) < 0)
398 399 400
		return -2;
	return 0;
}
401

402
const char *relative_path(const char *abs, const char *base)
403 404
{
	static char buf[PATH_MAX + 1];
405 406 407
	int i = 0, j = 0;

	if (!base || !base[0])
408
		return abs;
409 410 411 412 413 414 415 416 417 418 419 420 421 422 423 424 425 426 427 428 429
	while (base[i]) {
		if (is_dir_sep(base[i])) {
			if (!is_dir_sep(abs[j]))
				return abs;
			while (is_dir_sep(base[i]))
				i++;
			while (is_dir_sep(abs[j]))
				j++;
			continue;
		} else if (abs[j] != base[i]) {
			return abs;
		}
		i++;
		j++;
	}
	if (
	    /* "/foo" is a prefix of "/foo" */
	    abs[j] &&
	    /* "/foo" is not a prefix of "/foobar" */
	    !is_dir_sep(base[i-1]) && !is_dir_sep(abs[j])
	   )
430
		return abs;
431 432 433 434 435 436
	while (is_dir_sep(abs[j]))
		j++;
	if (!abs[j])
		strcpy(buf, ".");
	else
		strcpy(buf, abs + j);
437 438
	return buf;
}
439 440

/*
441
 * It is okay if dst == src, but they should not overlap otherwise.
442
 *
443 444 445
 * Performs the following normalizations on src, storing the result in dst:
 * - Ensures that components are separated by '/' (Windows only)
 * - Squashes sequences of '/'.
446 447
 * - Removes "." components.
 * - Removes ".." components, and the components the precede them.
448 449
 * Returns failure (non-zero) if a ".." component appears as first path
 * component anytime during the normalization. Otherwise, returns success (0).
450 451 452 453
 *
 * Note that this function is purely textual.  It does not follow symlinks,
 * verify the existence of the path, or make any system calls.
 */
454
int normalize_path_copy(char *dst, const char *src)
455
{
456
	char *dst0;
457

458 459 460
	if (has_dos_drive_prefix(src)) {
		*dst++ = *src++;
		*dst++ = *src++;
461
	}
462
	dst0 = dst;
463

464
	if (is_dir_sep(*src)) {
465
		*dst++ = '/';
466 467 468 469 470 471 472 473 474 475 476 477 478 479 480 481 482 483 484 485 486 487 488 489 490 491 492 493 494 495 496 497 498 499 500 501 502 503 504
		while (is_dir_sep(*src))
			src++;
	}

	for (;;) {
		char c = *src;

		/*
		 * A path component that begins with . could be
		 * special:
		 * (1) "." and ends   -- ignore and terminate.
		 * (2) "./"           -- ignore them, eat slash and continue.
		 * (3) ".." and ends  -- strip one and terminate.
		 * (4) "../"          -- strip one, eat slash and continue.
		 */
		if (c == '.') {
			if (!src[1]) {
				/* (1) */
				src++;
			} else if (is_dir_sep(src[1])) {
				/* (2) */
				src += 2;
				while (is_dir_sep(*src))
					src++;
				continue;
			} else if (src[1] == '.') {
				if (!src[2]) {
					/* (3) */
					src += 2;
					goto up_one;
				} else if (is_dir_sep(src[2])) {
					/* (4) */
					src += 3;
					while (is_dir_sep(*src))
						src++;
					goto up_one;
				}
			}
		}
505

506 507 508 509 510 511 512 513 514 515 516 517 518 519 520 521 522
		/* copy up to the next '/', and eat all '/' */
		while ((c = *src++) != '\0' && !is_dir_sep(c))
			*dst++ = c;
		if (is_dir_sep(c)) {
			*dst++ = '/';
			while (is_dir_sep(c))
				c = *src++;
			src--;
		} else if (!c)
			break;
		continue;

	up_one:
		/*
		 * dst0..dst is prefix portion, and dst[-1] is '/';
		 * go up one level.
		 */
523 524
		dst--;	/* go to trailing '/' */
		if (dst <= dst0)
525
			return -1;
526 527 528
		/* Windows: dst[-1] cannot be backslash anymore */
		while (dst0 < dst && dst[-1] != '/')
			dst--;
529
	}
530
	*dst = '\0';
531
	return 0;
532
}
533 534 535 536 537

/*
 * path = Canonical absolute path
 * prefix_list = Colon-separated list of absolute paths
 *
538
 * Determines, for each path in prefix_list, whether the "prefix" really
539 540 541 542 543 544 545 546 547 548 549 550 551 552 553 554 555 556
 * is an ancestor directory of path.  Returns the length of the longest
 * ancestor directory, excluding any trailing slashes, or -1 if no prefix
 * is an ancestor.  (Note that this means 0 is returned if prefix_list is
 * "/".) "/foo" is not considered an ancestor of "/foobar".  Directories
 * are not considered to be their own ancestors.  path must be in a
 * canonical form: empty components, or "." or ".." components are not
 * allowed.  prefix_list may be null, which is like "".
 */
int longest_ancestor_length(const char *path, const char *prefix_list)
{
	char buf[PATH_MAX+1];
	const char *ceil, *colon;
	int len, max_len = -1;

	if (prefix_list == NULL || !strcmp(path, "/"))
		return -1;

	for (colon = ceil = prefix_list; *colon; ceil = colon+1) {
557
		for (colon = ceil; *colon && *colon != PATH_SEP; colon++);
558 559 560 561
		len = colon - ceil;
		if (len == 0 || len > PATH_MAX || !is_absolute_path(ceil))
			continue;
		strlcpy(buf, ceil, len+1);
562 563 564 565 566
		if (normalize_path_copy(buf, buf) < 0)
			continue;
		len = strlen(buf);
		if (len > 0 && buf[len-1] == '/')
			buf[--len] = '\0';
567 568 569 570 571 572 573 574 575 576

		if (!strncmp(path, buf, len) &&
		    path[len] == '/' &&
		    len > max_len) {
			max_len = len;
		}
	}

	return max_len;
}
577 578 579 580 581 582 583 584 585 586 587 588 589 590 591 592 593 594 595 596 597 598 599 600 601 602 603 604 605 606 607 608 609 610 611 612

/* strip arbitrary amount of directory separators at end of path */
static inline int chomp_trailing_dir_sep(const char *path, int len)
{
	while (len && is_dir_sep(path[len - 1]))
		len--;
	return len;
}

/*
 * If path ends with suffix (complete path components), returns the
 * part before suffix (sans trailing directory separators).
 * Otherwise returns NULL.
 */
char *strip_path_suffix(const char *path, const char *suffix)
{
	int path_len = strlen(path), suffix_len = strlen(suffix);

	while (suffix_len) {
		if (!path_len)
			return NULL;

		if (is_dir_sep(path[path_len - 1])) {
			if (!is_dir_sep(suffix[suffix_len - 1]))
				return NULL;
			path_len = chomp_trailing_dir_sep(path, path_len);
			suffix_len = chomp_trailing_dir_sep(suffix, suffix_len);
		}
		else if (path[--path_len] != suffix[--suffix_len])
			return NULL;
	}

	if (path_len && !is_dir_sep(path[path_len - 1]))
		return NULL;
	return xstrndup(path, chomp_trailing_dir_sep(path, path_len));
}
613 614 615 616 617 618 619 620

int daemon_avoid_alias(const char *p)
{
	int sl, ndot;

	/*
	 * This resurrects the belts and suspenders paranoia check by HPA
	 * done in <[email protected]> thread, now enter_repo()
621
	 * does not do getcwd() based path canonicalization.
622 623 624 625 626 627 628 629 630 631 632 633 634 635 636 637 638 639 640 641 642 643 644 645 646 647 648 649 650 651 652 653 654 655 656 657 658 659
	 *
	 * sl becomes true immediately after seeing '/' and continues to
	 * be true as long as dots continue after that without intervening
	 * non-dot character.
	 */
	if (!p || (*p != '/' && *p != '~'))
		return -1;
	sl = 1; ndot = 0;
	p++;

	while (1) {
		char ch = *p++;
		if (sl) {
			if (ch == '.')
				ndot++;
			else if (ch == '/') {
				if (ndot < 3)
					/* reject //, /./ and /../ */
					return -1;
				ndot = 0;
			}
			else if (ch == 0) {
				if (0 < ndot && ndot < 3)
					/* reject /.$ and /..$ */
					return -1;
				return 0;
			}
			else
				sl = ndot = 0;
		}
		else if (ch == 0)
			return 0;
		else if (ch == '/') {
			sl = 1;
			ndot = 0;
		}
	}
}
660 661 662 663 664 665 666

int offset_1st_component(const char *path)
{
	if (has_dos_drive_prefix(path))
		return 2 + is_dir_sep(path[2]);
	return is_dir_sep(path[0]);
}