path.con commit cvsserver: add comments about database schema/usage (196e48f)
   1/*
   2 * I'm tired of doing "vsnprintf()" etc just to open a
   3 * file, so here's a "return static buffer with printf"
   4 * interface for paths.
   5 *
   6 * It's obviously not thread-safe. Sue me. But it's quite
   7 * useful for doing things like
   8 *
   9 *   f = open(mkpath("%s/%s.git", base, name), O_RDONLY);
  10 *
  11 * which is what it's designed for.
  12 */
  13#include "cache.h"
  14#include "strbuf.h"
  15
  16static char bad_path[] = "/bad-path/";
  17
  18static char *get_pathname(void)
  19{
  20        static char pathname_array[4][PATH_MAX];
  21        static int index;
  22        return pathname_array[3 & ++index];
  23}
  24
  25static char *cleanup_path(char *path)
  26{
  27        /* Clean it up */
  28        if (!memcmp(path, "./", 2)) {
  29                path += 2;
  30                while (*path == '/')
  31                        path++;
  32        }
  33        return path;
  34}
  35
  36char *mksnpath(char *buf, size_t n, const char *fmt, ...)
  37{
  38        va_list args;
  39        unsigned len;
  40
  41        va_start(args, fmt);
  42        len = vsnprintf(buf, n, fmt, args);
  43        va_end(args);
  44        if (len >= n) {
  45                strlcpy(buf, bad_path, n);
  46                return buf;
  47        }
  48        return cleanup_path(buf);
  49}
  50
  51static char *vsnpath(char *buf, size_t n, const char *fmt, va_list args)
  52{
  53        const char *git_dir = get_git_dir();
  54        size_t len;
  55
  56        len = strlen(git_dir);
  57        if (n < len + 1)
  58                goto bad;
  59        memcpy(buf, git_dir, len);
  60        if (len && !is_dir_sep(git_dir[len-1]))
  61                buf[len++] = '/';
  62        len += vsnprintf(buf + len, n - len, fmt, args);
  63        if (len >= n)
  64                goto bad;
  65        return cleanup_path(buf);
  66bad:
  67        strlcpy(buf, bad_path, n);
  68        return buf;
  69}
  70
  71char *git_snpath(char *buf, size_t n, const char *fmt, ...)
  72{
  73        char *ret;
  74        va_list args;
  75        va_start(args, fmt);
  76        ret = vsnpath(buf, n, fmt, args);
  77        va_end(args);
  78        return ret;
  79}
  80
  81char *git_pathdup(const char *fmt, ...)
  82{
  83        char path[PATH_MAX], *ret;
  84        va_list args;
  85        va_start(args, fmt);
  86        ret = vsnpath(path, sizeof(path), fmt, args);
  87        va_end(args);
  88        return xstrdup(ret);
  89}
  90
  91char *mkpathdup(const char *fmt, ...)
  92{
  93        char *path;
  94        struct strbuf sb = STRBUF_INIT;
  95        va_list args;
  96
  97        va_start(args, fmt);
  98        strbuf_vaddf(&sb, fmt, args);
  99        va_end(args);
 100        path = xstrdup(cleanup_path(sb.buf));
 101
 102        strbuf_release(&sb);
 103        return path;
 104}
 105
 106char *mkpath(const char *fmt, ...)
 107{
 108        va_list args;
 109        unsigned len;
 110        char *pathname = get_pathname();
 111
 112        va_start(args, fmt);
 113        len = vsnprintf(pathname, PATH_MAX, fmt, args);
 114        va_end(args);
 115        if (len >= PATH_MAX)
 116                return bad_path;
 117        return cleanup_path(pathname);
 118}
 119
 120char *git_path(const char *fmt, ...)
 121{
 122        char *pathname = get_pathname();
 123        va_list args;
 124        char *ret;
 125
 126        va_start(args, fmt);
 127        ret = vsnpath(pathname, PATH_MAX, fmt, args);
 128        va_end(args);
 129        return ret;
 130}
 131
 132void home_config_paths(char **global, char **xdg, char *file)
 133{
 134        char *xdg_home = getenv("XDG_CONFIG_HOME");
 135        char *home = getenv("HOME");
 136        char *to_free = NULL;
 137
 138        if (!home) {
 139                if (global)
 140                        *global = NULL;
 141        } else {
 142                if (!xdg_home) {
 143                        to_free = mkpathdup("%s/.config", home);
 144                        xdg_home = to_free;
 145                }
 146                if (global)
 147                        *global = mkpathdup("%s/.gitconfig", home);
 148        }
 149
 150        if (!xdg_home)
 151                *xdg = NULL;
 152        else
 153                *xdg = mkpathdup("%s/git/%s", xdg_home, file);
 154
 155        free(to_free);
 156}
 157
 158char *git_path_submodule(const char *path, const char *fmt, ...)
 159{
 160        char *pathname = get_pathname();
 161        struct strbuf buf = STRBUF_INIT;
 162        const char *git_dir;
 163        va_list args;
 164        unsigned len;
 165
 166        len = strlen(path);
 167        if (len > PATH_MAX-100)
 168                return bad_path;
 169
 170        strbuf_addstr(&buf, path);
 171        if (len && path[len-1] != '/')
 172                strbuf_addch(&buf, '/');
 173        strbuf_addstr(&buf, ".git");
 174
 175        git_dir = read_gitfile(buf.buf);
 176        if (git_dir) {
 177                strbuf_reset(&buf);
 178                strbuf_addstr(&buf, git_dir);
 179        }
 180        strbuf_addch(&buf, '/');
 181
 182        if (buf.len >= PATH_MAX)
 183                return bad_path;
 184        memcpy(pathname, buf.buf, buf.len + 1);
 185
 186        strbuf_release(&buf);
 187        len = strlen(pathname);
 188
 189        va_start(args, fmt);
 190        len += vsnprintf(pathname + len, PATH_MAX - len, fmt, args);
 191        va_end(args);
 192        if (len >= PATH_MAX)
 193                return bad_path;
 194        return cleanup_path(pathname);
 195}
 196
 197int validate_headref(const char *path)
 198{
 199        struct stat st;
 200        char *buf, buffer[256];
 201        unsigned char sha1[20];
 202        int fd;
 203        ssize_t len;
 204
 205        if (lstat(path, &st) < 0)
 206                return -1;
 207
 208        /* Make sure it is a "refs/.." symlink */
 209        if (S_ISLNK(st.st_mode)) {
 210                len = readlink(path, buffer, sizeof(buffer)-1);
 211                if (len >= 5 && !memcmp("refs/", buffer, 5))
 212                        return 0;
 213                return -1;
 214        }
 215
 216        /*
 217         * Anything else, just open it and try to see if it is a symbolic ref.
 218         */
 219        fd = open(path, O_RDONLY);
 220        if (fd < 0)
 221                return -1;
 222        len = read_in_full(fd, buffer, sizeof(buffer)-1);
 223        close(fd);
 224
 225        /*
 226         * Is it a symbolic ref?
 227         */
 228        if (len < 4)
 229                return -1;
 230        if (!memcmp("ref:", buffer, 4)) {
 231                buf = buffer + 4;
 232                len -= 4;
 233                while (len && isspace(*buf))
 234                        buf++, len--;
 235                if (len >= 5 && !memcmp("refs/", buf, 5))
 236                        return 0;
 237        }
 238
 239        /*
 240         * Is this a detached HEAD?
 241         */
 242        if (!get_sha1_hex(buffer, sha1))
 243                return 0;
 244
 245        return -1;
 246}
 247
 248static struct passwd *getpw_str(const char *username, size_t len)
 249{
 250        struct passwd *pw;
 251        char *username_z = xmalloc(len + 1);
 252        memcpy(username_z, username, len);
 253        username_z[len] = '\0';
 254        pw = getpwnam(username_z);
 255        free(username_z);
 256        return pw;
 257}
 258
 259/*
 260 * Return a string with ~ and ~user expanded via getpw*.  If buf != NULL,
 261 * then it is a newly allocated string. Returns NULL on getpw failure or
 262 * if path is NULL.
 263 */
 264char *expand_user_path(const char *path)
 265{
 266        struct strbuf user_path = STRBUF_INIT;
 267        const char *first_slash = strchrnul(path, '/');
 268        const char *to_copy = path;
 269
 270        if (path == NULL)
 271                goto return_null;
 272        if (path[0] == '~') {
 273                const char *username = path + 1;
 274                size_t username_len = first_slash - username;
 275                if (username_len == 0) {
 276                        const char *home = getenv("HOME");
 277                        if (!home)
 278                                goto return_null;
 279                        strbuf_add(&user_path, home, strlen(home));
 280                } else {
 281                        struct passwd *pw = getpw_str(username, username_len);
 282                        if (!pw)
 283                                goto return_null;
 284                        strbuf_add(&user_path, pw->pw_dir, strlen(pw->pw_dir));
 285                }
 286                to_copy = first_slash;
 287        }
 288        strbuf_add(&user_path, to_copy, strlen(to_copy));
 289        return strbuf_detach(&user_path, NULL);
 290return_null:
 291        strbuf_release(&user_path);
 292        return NULL;
 293}
 294
 295/*
 296 * First, one directory to try is determined by the following algorithm.
 297 *
 298 * (0) If "strict" is given, the path is used as given and no DWIM is
 299 *     done. Otherwise:
 300 * (1) "~/path" to mean path under the running user's home directory;
 301 * (2) "~user/path" to mean path under named user's home directory;
 302 * (3) "relative/path" to mean cwd relative directory; or
 303 * (4) "/absolute/path" to mean absolute directory.
 304 *
 305 * Unless "strict" is given, we try access() for existence of "%s.git/.git",
 306 * "%s/.git", "%s.git", "%s" in this order.  The first one that exists is
 307 * what we try.
 308 *
 309 * Second, we try chdir() to that.  Upon failure, we return NULL.
 310 *
 311 * Then, we try if the current directory is a valid git repository.
 312 * Upon failure, we return NULL.
 313 *
 314 * If all goes well, we return the directory we used to chdir() (but
 315 * before ~user is expanded), avoiding getcwd() resolving symbolic
 316 * links.  User relative paths are also returned as they are given,
 317 * except DWIM suffixing.
 318 */
 319const char *enter_repo(const char *path, int strict)
 320{
 321        static char used_path[PATH_MAX];
 322        static char validated_path[PATH_MAX];
 323
 324        if (!path)
 325                return NULL;
 326
 327        if (!strict) {
 328                static const char *suffix[] = {
 329                        "/.git", "", ".git/.git", ".git", NULL,
 330                };
 331                const char *gitfile;
 332                int len = strlen(path);
 333                int i;
 334                while ((1 < len) && (path[len-1] == '/'))
 335                        len--;
 336
 337                if (PATH_MAX <= len)
 338                        return NULL;
 339                strncpy(used_path, path, len); used_path[len] = 0 ;
 340                strcpy(validated_path, used_path);
 341
 342                if (used_path[0] == '~') {
 343                        char *newpath = expand_user_path(used_path);
 344                        if (!newpath || (PATH_MAX - 10 < strlen(newpath))) {
 345                                free(newpath);
 346                                return NULL;
 347                        }
 348                        /*
 349                         * Copy back into the static buffer. A pity
 350                         * since newpath was not bounded, but other
 351                         * branches of the if are limited by PATH_MAX
 352                         * anyway.
 353                         */
 354                        strcpy(used_path, newpath); free(newpath);
 355                }
 356                else if (PATH_MAX - 10 < len)
 357                        return NULL;
 358                len = strlen(used_path);
 359                for (i = 0; suffix[i]; i++) {
 360                        struct stat st;
 361                        strcpy(used_path + len, suffix[i]);
 362                        if (!stat(used_path, &st) &&
 363                            (S_ISREG(st.st_mode) ||
 364                            (S_ISDIR(st.st_mode) && is_git_directory(used_path)))) {
 365                                strcat(validated_path, suffix[i]);
 366                                break;
 367                        }
 368                }
 369                if (!suffix[i])
 370                        return NULL;
 371                gitfile = read_gitfile(used_path) ;
 372                if (gitfile)
 373                        strcpy(used_path, gitfile);
 374                if (chdir(used_path))
 375                        return NULL;
 376                path = validated_path;
 377        }
 378        else if (chdir(path))
 379                return NULL;
 380
 381        if (access("objects", X_OK) == 0 && access("refs", X_OK) == 0 &&
 382            validate_headref("HEAD") == 0) {
 383                set_git_dir(".");
 384                check_repository_format();
 385                return path;
 386        }
 387
 388        return NULL;
 389}
 390
 391int set_shared_perm(const char *path, int mode)
 392{
 393        struct stat st;
 394        int tweak, shared, orig_mode;
 395
 396        if (!shared_repository) {
 397                if (mode)
 398                        return chmod(path, mode & ~S_IFMT);
 399                return 0;
 400        }
 401        if (!mode) {
 402                if (lstat(path, &st) < 0)
 403                        return -1;
 404                mode = st.st_mode;
 405                orig_mode = mode;
 406        } else
 407                orig_mode = 0;
 408        if (shared_repository < 0)
 409                shared = -shared_repository;
 410        else
 411                shared = shared_repository;
 412        tweak = shared;
 413
 414        if (!(mode & S_IWUSR))
 415                tweak &= ~0222;
 416        if (mode & S_IXUSR)
 417                /* Copy read bits to execute bits */
 418                tweak |= (tweak & 0444) >> 2;
 419        if (shared_repository < 0)
 420                mode = (mode & ~0777) | tweak;
 421        else
 422                mode |= tweak;
 423
 424        if (S_ISDIR(mode)) {
 425                /* Copy read bits to execute bits */
 426                mode |= (shared & 0444) >> 2;
 427                mode |= FORCE_DIR_SET_GID;
 428        }
 429
 430        if (((shared_repository < 0
 431              ? (orig_mode & (FORCE_DIR_SET_GID | 0777))
 432              : (orig_mode & mode)) != mode) &&
 433            chmod(path, (mode & ~S_IFMT)) < 0)
 434                return -2;
 435        return 0;
 436}
 437
 438const char *relative_path(const char *abs, const char *base)
 439{
 440        static char buf[PATH_MAX + 1];
 441        int i = 0, j = 0;
 442
 443        if (!base || !base[0])
 444                return abs;
 445        while (base[i]) {
 446                if (is_dir_sep(base[i])) {
 447                        if (!is_dir_sep(abs[j]))
 448                                return abs;
 449                        while (is_dir_sep(base[i]))
 450                                i++;
 451                        while (is_dir_sep(abs[j]))
 452                                j++;
 453                        continue;
 454                } else if (abs[j] != base[i]) {
 455                        return abs;
 456                }
 457                i++;
 458                j++;
 459        }
 460        if (
 461            /* "/foo" is a prefix of "/foo" */
 462            abs[j] &&
 463            /* "/foo" is not a prefix of "/foobar" */
 464            !is_dir_sep(base[i-1]) && !is_dir_sep(abs[j])
 465           )
 466                return abs;
 467        while (is_dir_sep(abs[j]))
 468                j++;
 469        if (!abs[j])
 470                strcpy(buf, ".");
 471        else
 472                strcpy(buf, abs + j);
 473        return buf;
 474}
 475
 476/*
 477 * It is okay if dst == src, but they should not overlap otherwise.
 478 *
 479 * Performs the following normalizations on src, storing the result in dst:
 480 * - Ensures that components are separated by '/' (Windows only)
 481 * - Squashes sequences of '/'.
 482 * - Removes "." components.
 483 * - Removes ".." components, and the components the precede them.
 484 * Returns failure (non-zero) if a ".." component appears as first path
 485 * component anytime during the normalization. Otherwise, returns success (0).
 486 *
 487 * Note that this function is purely textual.  It does not follow symlinks,
 488 * verify the existence of the path, or make any system calls.
 489 */
 490int normalize_path_copy(char *dst, const char *src)
 491{
 492        char *dst0;
 493
 494        if (has_dos_drive_prefix(src)) {
 495                *dst++ = *src++;
 496                *dst++ = *src++;
 497        }
 498        dst0 = dst;
 499
 500        if (is_dir_sep(*src)) {
 501                *dst++ = '/';
 502                while (is_dir_sep(*src))
 503                        src++;
 504        }
 505
 506        for (;;) {
 507                char c = *src;
 508
 509                /*
 510                 * A path component that begins with . could be
 511                 * special:
 512                 * (1) "." and ends   -- ignore and terminate.
 513                 * (2) "./"           -- ignore them, eat slash and continue.
 514                 * (3) ".." and ends  -- strip one and terminate.
 515                 * (4) "../"          -- strip one, eat slash and continue.
 516                 */
 517                if (c == '.') {
 518                        if (!src[1]) {
 519                                /* (1) */
 520                                src++;
 521                        } else if (is_dir_sep(src[1])) {
 522                                /* (2) */
 523                                src += 2;
 524                                while (is_dir_sep(*src))
 525                                        src++;
 526                                continue;
 527                        } else if (src[1] == '.') {
 528                                if (!src[2]) {
 529                                        /* (3) */
 530                                        src += 2;
 531                                        goto up_one;
 532                                } else if (is_dir_sep(src[2])) {
 533                                        /* (4) */
 534                                        src += 3;
 535                                        while (is_dir_sep(*src))
 536                                                src++;
 537                                        goto up_one;
 538                                }
 539                        }
 540                }
 541
 542                /* copy up to the next '/', and eat all '/' */
 543                while ((c = *src++) != '\0' && !is_dir_sep(c))
 544                        *dst++ = c;
 545                if (is_dir_sep(c)) {
 546                        *dst++ = '/';
 547                        while (is_dir_sep(c))
 548                                c = *src++;
 549                        src--;
 550                } else if (!c)
 551                        break;
 552                continue;
 553
 554        up_one:
 555                /*
 556                 * dst0..dst is prefix portion, and dst[-1] is '/';
 557                 * go up one level.
 558                 */
 559                dst--;  /* go to trailing '/' */
 560                if (dst <= dst0)
 561                        return -1;
 562                /* Windows: dst[-1] cannot be backslash anymore */
 563                while (dst0 < dst && dst[-1] != '/')
 564                        dst--;
 565        }
 566        *dst = '\0';
 567        return 0;
 568}
 569
 570/*
 571 * path = Canonical absolute path
 572 * prefix_list = Colon-separated list of absolute paths
 573 *
 574 * Determines, for each path in prefix_list, whether the "prefix" really
 575 * is an ancestor directory of path.  Returns the length of the longest
 576 * ancestor directory, excluding any trailing slashes, or -1 if no prefix
 577 * is an ancestor.  (Note that this means 0 is returned if prefix_list is
 578 * "/".) "/foo" is not considered an ancestor of "/foobar".  Directories
 579 * are not considered to be their own ancestors.  path must be in a
 580 * canonical form: empty components, or "." or ".." components are not
 581 * allowed.  prefix_list may be null, which is like "".
 582 */
 583int longest_ancestor_length(const char *path, const char *prefix_list)
 584{
 585        char buf[PATH_MAX+1];
 586        const char *ceil, *colon;
 587        int len, max_len = -1;
 588
 589        if (prefix_list == NULL || !strcmp(path, "/"))
 590                return -1;
 591
 592        for (colon = ceil = prefix_list; *colon; ceil = colon+1) {
 593                for (colon = ceil; *colon && *colon != PATH_SEP; colon++);
 594                len = colon - ceil;
 595                if (len == 0 || len > PATH_MAX || !is_absolute_path(ceil))
 596                        continue;
 597                strlcpy(buf, ceil, len+1);
 598                if (normalize_path_copy(buf, buf) < 0)
 599                        continue;
 600                len = strlen(buf);
 601                if (len > 0 && buf[len-1] == '/')
 602                        buf[--len] = '\0';
 603
 604                if (!strncmp(path, buf, len) &&
 605                    path[len] == '/' &&
 606                    len > max_len) {
 607                        max_len = len;
 608                }
 609        }
 610
 611        return max_len;
 612}
 613
 614/* strip arbitrary amount of directory separators at end of path */
 615static inline int chomp_trailing_dir_sep(const char *path, int len)
 616{
 617        while (len && is_dir_sep(path[len - 1]))
 618                len--;
 619        return len;
 620}
 621
 622/*
 623 * If path ends with suffix (complete path components), returns the
 624 * part before suffix (sans trailing directory separators).
 625 * Otherwise returns NULL.
 626 */
 627char *strip_path_suffix(const char *path, const char *suffix)
 628{
 629        int path_len = strlen(path), suffix_len = strlen(suffix);
 630
 631        while (suffix_len) {
 632                if (!path_len)
 633                        return NULL;
 634
 635                if (is_dir_sep(path[path_len - 1])) {
 636                        if (!is_dir_sep(suffix[suffix_len - 1]))
 637                                return NULL;
 638                        path_len = chomp_trailing_dir_sep(path, path_len);
 639                        suffix_len = chomp_trailing_dir_sep(suffix, suffix_len);
 640                }
 641                else if (path[--path_len] != suffix[--suffix_len])
 642                        return NULL;
 643        }
 644
 645        if (path_len && !is_dir_sep(path[path_len - 1]))
 646                return NULL;
 647        return xstrndup(path, chomp_trailing_dir_sep(path, path_len));
 648}
 649
 650int daemon_avoid_alias(const char *p)
 651{
 652        int sl, ndot;
 653
 654        /*
 655         * This resurrects the belts and suspenders paranoia check by HPA
 656         * done in <435560F7.4080006@zytor.com> thread, now enter_repo()
 657         * does not do getcwd() based path canonicalization.
 658         *
 659         * sl becomes true immediately after seeing '/' and continues to
 660         * be true as long as dots continue after that without intervening
 661         * non-dot character.
 662         */
 663        if (!p || (*p != '/' && *p != '~'))
 664                return -1;
 665        sl = 1; ndot = 0;
 666        p++;
 667
 668        while (1) {
 669                char ch = *p++;
 670                if (sl) {
 671                        if (ch == '.')
 672                                ndot++;
 673                        else if (ch == '/') {
 674                                if (ndot < 3)
 675                                        /* reject //, /./ and /../ */
 676                                        return -1;
 677                                ndot = 0;
 678                        }
 679                        else if (ch == 0) {
 680                                if (0 < ndot && ndot < 3)
 681                                        /* reject /.$ and /..$ */
 682                                        return -1;
 683                                return 0;
 684                        }
 685                        else
 686                                sl = ndot = 0;
 687                }
 688                else if (ch == 0)
 689                        return 0;
 690                else if (ch == '/') {
 691                        sl = 1;
 692                        ndot = 0;
 693                }
 694        }
 695}
 696
 697int offset_1st_component(const char *path)
 698{
 699        if (has_dos_drive_prefix(path))
 700                return 2 + is_dir_sep(path[2]);
 701        return is_dir_sep(path[0]);
 702}