1/*
2 * I'm tired of doing "vsnprintf()" etc just to open a
3 * file, so here's a "return static buffer with printf"
4 * interface for paths.
5 *
6 * It's obviously not thread-safe. Sue me. But it's quite
7 * useful for doing things like
8 *
9 * f = open(mkpath("%s/%s.git", base, name), O_RDONLY);
10 *
11 * which is what it's designed for.
12 */
13#include "cache.h"
14#include "strbuf.h"
15
16static char bad_path[] = "/bad-path/";
17
18static char *get_pathname(void)
19{
20 static char pathname_array[4][PATH_MAX];
21 static int index;
22 return pathname_array[3 & ++index];
23}
24
25static char *cleanup_path(char *path)
26{
27 /* Clean it up */
28 if (!memcmp(path, "./", 2)) {
29 path += 2;
30 while (*path == '/')
31 path++;
32 }
33 return path;
34}
35
36char *mksnpath(char *buf, size_t n, const char *fmt, ...)
37{
38 va_list args;
39 unsigned len;
40
41 va_start(args, fmt);
42 len = vsnprintf(buf, n, fmt, args);
43 va_end(args);
44 if (len >= n) {
45 strlcpy(buf, bad_path, n);
46 return buf;
47 }
48 return cleanup_path(buf);
49}
50
51static char *git_vsnpath(char *buf, size_t n, const char *fmt, va_list args)
52{
53 const char *git_dir = get_git_dir();
54 size_t len;
55
56 len = strlen(git_dir);
57 if (n < len + 1)
58 goto bad;
59 memcpy(buf, git_dir, len);
60 if (len && !is_dir_sep(git_dir[len-1]))
61 buf[len++] = '/';
62 len += vsnprintf(buf + len, n - len, fmt, args);
63 if (len >= n)
64 goto bad;
65 return cleanup_path(buf);
66bad:
67 strlcpy(buf, bad_path, n);
68 return buf;
69}
70
71char *git_snpath(char *buf, size_t n, const char *fmt, ...)
72{
73 va_list args;
74 va_start(args, fmt);
75 (void)git_vsnpath(buf, n, fmt, args);
76 va_end(args);
77 return buf;
78}
79
80char *git_pathdup(const char *fmt, ...)
81{
82 char path[PATH_MAX];
83 va_list args;
84 va_start(args, fmt);
85 (void)git_vsnpath(path, sizeof(path), fmt, args);
86 va_end(args);
87 return xstrdup(path);
88}
89
90char *mkpath(const char *fmt, ...)
91{
92 va_list args;
93 unsigned len;
94 char *pathname = get_pathname();
95
96 va_start(args, fmt);
97 len = vsnprintf(pathname, PATH_MAX, fmt, args);
98 va_end(args);
99 if (len >= PATH_MAX)
100 return bad_path;
101 return cleanup_path(pathname);
102}
103
104char *git_path(const char *fmt, ...)
105{
106 const char *git_dir = get_git_dir();
107 char *pathname = get_pathname();
108 va_list args;
109 unsigned len;
110
111 len = strlen(git_dir);
112 if (len > PATH_MAX-100)
113 return bad_path;
114 memcpy(pathname, git_dir, len);
115 if (len && git_dir[len-1] != '/')
116 pathname[len++] = '/';
117 va_start(args, fmt);
118 len += vsnprintf(pathname + len, PATH_MAX - len, fmt, args);
119 va_end(args);
120 if (len >= PATH_MAX)
121 return bad_path;
122 return cleanup_path(pathname);
123}
124
125char *git_path_submodule(const char *path, const char *fmt, ...)
126{
127 char *pathname = get_pathname();
128 struct strbuf buf = STRBUF_INIT;
129 const char *git_dir;
130 va_list args;
131 unsigned len;
132
133 len = strlen(path);
134 if (len > PATH_MAX-100)
135 return bad_path;
136
137 strbuf_addstr(&buf, path);
138 if (len && path[len-1] != '/')
139 strbuf_addch(&buf, '/');
140 strbuf_addstr(&buf, ".git");
141
142 git_dir = read_gitfile(buf.buf);
143 if (git_dir) {
144 strbuf_reset(&buf);
145 strbuf_addstr(&buf, git_dir);
146 }
147 strbuf_addch(&buf, '/');
148
149 if (buf.len >= PATH_MAX)
150 return bad_path;
151 memcpy(pathname, buf.buf, buf.len + 1);
152
153 strbuf_release(&buf);
154 len = strlen(pathname);
155
156 va_start(args, fmt);
157 len += vsnprintf(pathname + len, PATH_MAX - len, fmt, args);
158 va_end(args);
159 if (len >= PATH_MAX)
160 return bad_path;
161 return cleanup_path(pathname);
162}
163
164int validate_headref(const char *path)
165{
166 struct stat st;
167 char *buf, buffer[256];
168 unsigned char sha1[20];
169 int fd;
170 ssize_t len;
171
172 if (lstat(path, &st) < 0)
173 return -1;
174
175 /* Make sure it is a "refs/.." symlink */
176 if (S_ISLNK(st.st_mode)) {
177 len = readlink(path, buffer, sizeof(buffer)-1);
178 if (len >= 5 && !memcmp("refs/", buffer, 5))
179 return 0;
180 return -1;
181 }
182
183 /*
184 * Anything else, just open it and try to see if it is a symbolic ref.
185 */
186 fd = open(path, O_RDONLY);
187 if (fd < 0)
188 return -1;
189 len = read_in_full(fd, buffer, sizeof(buffer)-1);
190 close(fd);
191
192 /*
193 * Is it a symbolic ref?
194 */
195 if (len < 4)
196 return -1;
197 if (!memcmp("ref:", buffer, 4)) {
198 buf = buffer + 4;
199 len -= 4;
200 while (len && isspace(*buf))
201 buf++, len--;
202 if (len >= 5 && !memcmp("refs/", buf, 5))
203 return 0;
204 }
205
206 /*
207 * Is this a detached HEAD?
208 */
209 if (!get_sha1_hex(buffer, sha1))
210 return 0;
211
212 return -1;
213}
214
215static struct passwd *getpw_str(const char *username, size_t len)
216{
217 struct passwd *pw;
218 char *username_z = xmalloc(len + 1);
219 memcpy(username_z, username, len);
220 username_z[len] = '\0';
221 pw = getpwnam(username_z);
222 free(username_z);
223 return pw;
224}
225
226/*
227 * Return a string with ~ and ~user expanded via getpw*. If buf != NULL,
228 * then it is a newly allocated string. Returns NULL on getpw failure or
229 * if path is NULL.
230 */
231char *expand_user_path(const char *path)
232{
233 struct strbuf user_path = STRBUF_INIT;
234 const char *first_slash = strchrnul(path, '/');
235 const char *to_copy = path;
236
237 if (path == NULL)
238 goto return_null;
239 if (path[0] == '~') {
240 const char *username = path + 1;
241 size_t username_len = first_slash - username;
242 if (username_len == 0) {
243 const char *home = getenv("HOME");
244 if (!home)
245 goto return_null;
246 strbuf_add(&user_path, home, strlen(home));
247 } else {
248 struct passwd *pw = getpw_str(username, username_len);
249 if (!pw)
250 goto return_null;
251 strbuf_add(&user_path, pw->pw_dir, strlen(pw->pw_dir));
252 }
253 to_copy = first_slash;
254 }
255 strbuf_add(&user_path, to_copy, strlen(to_copy));
256 return strbuf_detach(&user_path, NULL);
257return_null:
258 strbuf_release(&user_path);
259 return NULL;
260}
261
262/*
263 * First, one directory to try is determined by the following algorithm.
264 *
265 * (0) If "strict" is given, the path is used as given and no DWIM is
266 * done. Otherwise:
267 * (1) "~/path" to mean path under the running user's home directory;
268 * (2) "~user/path" to mean path under named user's home directory;
269 * (3) "relative/path" to mean cwd relative directory; or
270 * (4) "/absolute/path" to mean absolute directory.
271 *
272 * Unless "strict" is given, we try access() for existence of "%s.git/.git",
273 * "%s/.git", "%s.git", "%s" in this order. The first one that exists is
274 * what we try.
275 *
276 * Second, we try chdir() to that. Upon failure, we return NULL.
277 *
278 * Then, we try if the current directory is a valid git repository.
279 * Upon failure, we return NULL.
280 *
281 * If all goes well, we return the directory we used to chdir() (but
282 * before ~user is expanded), avoiding getcwd() resolving symbolic
283 * links. User relative paths are also returned as they are given,
284 * except DWIM suffixing.
285 */
286const char *enter_repo(const char *path, int strict)
287{
288 static char used_path[PATH_MAX];
289 static char validated_path[PATH_MAX];
290
291 if (!path)
292 return NULL;
293
294 if (!strict) {
295 static const char *suffix[] = {
296 "/.git", "", ".git/.git", ".git", NULL,
297 };
298 const char *gitfile;
299 int len = strlen(path);
300 int i;
301 while ((1 < len) && (path[len-1] == '/'))
302 len--;
303
304 if (PATH_MAX <= len)
305 return NULL;
306 strncpy(used_path, path, len); used_path[len] = 0 ;
307 strcpy(validated_path, used_path);
308
309 if (used_path[0] == '~') {
310 char *newpath = expand_user_path(used_path);
311 if (!newpath || (PATH_MAX - 10 < strlen(newpath))) {
312 free(newpath);
313 return NULL;
314 }
315 /*
316 * Copy back into the static buffer. A pity
317 * since newpath was not bounded, but other
318 * branches of the if are limited by PATH_MAX
319 * anyway.
320 */
321 strcpy(used_path, newpath); free(newpath);
322 }
323 else if (PATH_MAX - 10 < len)
324 return NULL;
325 len = strlen(used_path);
326 for (i = 0; suffix[i]; i++) {
327 struct stat st;
328 strcpy(used_path + len, suffix[i]);
329 if (!stat(used_path, &st) &&
330 (S_ISREG(st.st_mode) ||
331 (S_ISDIR(st.st_mode) && is_git_directory(used_path)))) {
332 strcat(validated_path, suffix[i]);
333 break;
334 }
335 }
336 if (!suffix[i])
337 return NULL;
338 gitfile = read_gitfile(used_path) ;
339 if (gitfile)
340 strcpy(used_path, gitfile);
341 if (chdir(used_path))
342 return NULL;
343 path = validated_path;
344 }
345 else if (chdir(path))
346 return NULL;
347
348 if (access("objects", X_OK) == 0 && access("refs", X_OK) == 0 &&
349 validate_headref("HEAD") == 0) {
350 set_git_dir(".");
351 check_repository_format();
352 return path;
353 }
354
355 return NULL;
356}
357
358int set_shared_perm(const char *path, int mode)
359{
360 struct stat st;
361 int tweak, shared, orig_mode;
362
363 if (!shared_repository) {
364 if (mode)
365 return chmod(path, mode & ~S_IFMT);
366 return 0;
367 }
368 if (!mode) {
369 if (lstat(path, &st) < 0)
370 return -1;
371 mode = st.st_mode;
372 orig_mode = mode;
373 } else
374 orig_mode = 0;
375 if (shared_repository < 0)
376 shared = -shared_repository;
377 else
378 shared = shared_repository;
379 tweak = shared;
380
381 if (!(mode & S_IWUSR))
382 tweak &= ~0222;
383 if (mode & S_IXUSR)
384 /* Copy read bits to execute bits */
385 tweak |= (tweak & 0444) >> 2;
386 if (shared_repository < 0)
387 mode = (mode & ~0777) | tweak;
388 else
389 mode |= tweak;
390
391 if (S_ISDIR(mode)) {
392 /* Copy read bits to execute bits */
393 mode |= (shared & 0444) >> 2;
394 mode |= FORCE_DIR_SET_GID;
395 }
396
397 if (((shared_repository < 0
398 ? (orig_mode & (FORCE_DIR_SET_GID | 0777))
399 : (orig_mode & mode)) != mode) &&
400 chmod(path, (mode & ~S_IFMT)) < 0)
401 return -2;
402 return 0;
403}
404
405const char *relative_path(const char *abs, const char *base)
406{
407 static char buf[PATH_MAX + 1];
408 int i = 0, j = 0;
409
410 if (!base || !base[0])
411 return abs;
412 while (base[i]) {
413 if (is_dir_sep(base[i])) {
414 if (!is_dir_sep(abs[j]))
415 return abs;
416 while (is_dir_sep(base[i]))
417 i++;
418 while (is_dir_sep(abs[j]))
419 j++;
420 continue;
421 } else if (abs[j] != base[i]) {
422 return abs;
423 }
424 i++;
425 j++;
426 }
427 if (
428 /* "/foo" is a prefix of "/foo" */
429 abs[j] &&
430 /* "/foo" is not a prefix of "/foobar" */
431 !is_dir_sep(base[i-1]) && !is_dir_sep(abs[j])
432 )
433 return abs;
434 while (is_dir_sep(abs[j]))
435 j++;
436 if (!abs[j])
437 strcpy(buf, ".");
438 else
439 strcpy(buf, abs + j);
440 return buf;
441}
442
443/*
444 * It is okay if dst == src, but they should not overlap otherwise.
445 *
446 * Performs the following normalizations on src, storing the result in dst:
447 * - Ensures that components are separated by '/' (Windows only)
448 * - Squashes sequences of '/'.
449 * - Removes "." components.
450 * - Removes ".." components, and the components the precede them.
451 * Returns failure (non-zero) if a ".." component appears as first path
452 * component anytime during the normalization. Otherwise, returns success (0).
453 *
454 * Note that this function is purely textual. It does not follow symlinks,
455 * verify the existence of the path, or make any system calls.
456 */
457int normalize_path_copy(char *dst, const char *src)
458{
459 char *dst0;
460
461 if (has_dos_drive_prefix(src)) {
462 *dst++ = *src++;
463 *dst++ = *src++;
464 }
465 dst0 = dst;
466
467 if (is_dir_sep(*src)) {
468 *dst++ = '/';
469 while (is_dir_sep(*src))
470 src++;
471 }
472
473 for (;;) {
474 char c = *src;
475
476 /*
477 * A path component that begins with . could be
478 * special:
479 * (1) "." and ends -- ignore and terminate.
480 * (2) "./" -- ignore them, eat slash and continue.
481 * (3) ".." and ends -- strip one and terminate.
482 * (4) "../" -- strip one, eat slash and continue.
483 */
484 if (c == '.') {
485 if (!src[1]) {
486 /* (1) */
487 src++;
488 } else if (is_dir_sep(src[1])) {
489 /* (2) */
490 src += 2;
491 while (is_dir_sep(*src))
492 src++;
493 continue;
494 } else if (src[1] == '.') {
495 if (!src[2]) {
496 /* (3) */
497 src += 2;
498 goto up_one;
499 } else if (is_dir_sep(src[2])) {
500 /* (4) */
501 src += 3;
502 while (is_dir_sep(*src))
503 src++;
504 goto up_one;
505 }
506 }
507 }
508
509 /* copy up to the next '/', and eat all '/' */
510 while ((c = *src++) != '\0' && !is_dir_sep(c))
511 *dst++ = c;
512 if (is_dir_sep(c)) {
513 *dst++ = '/';
514 while (is_dir_sep(c))
515 c = *src++;
516 src--;
517 } else if (!c)
518 break;
519 continue;
520
521 up_one:
522 /*
523 * dst0..dst is prefix portion, and dst[-1] is '/';
524 * go up one level.
525 */
526 dst--; /* go to trailing '/' */
527 if (dst <= dst0)
528 return -1;
529 /* Windows: dst[-1] cannot be backslash anymore */
530 while (dst0 < dst && dst[-1] != '/')
531 dst--;
532 }
533 *dst = '\0';
534 return 0;
535}
536
537/*
538 * path = Canonical absolute path
539 * prefix_list = Colon-separated list of absolute paths
540 *
541 * Determines, for each path in prefix_list, whether the "prefix" really
542 * is an ancestor directory of path. Returns the length of the longest
543 * ancestor directory, excluding any trailing slashes, or -1 if no prefix
544 * is an ancestor. (Note that this means 0 is returned if prefix_list is
545 * "/".) "/foo" is not considered an ancestor of "/foobar". Directories
546 * are not considered to be their own ancestors. path must be in a
547 * canonical form: empty components, or "." or ".." components are not
548 * allowed. prefix_list may be null, which is like "".
549 */
550int longest_ancestor_length(const char *path, const char *prefix_list)
551{
552 char buf[PATH_MAX+1];
553 const char *ceil, *colon;
554 int len, max_len = -1;
555
556 if (prefix_list == NULL || !strcmp(path, "/"))
557 return -1;
558
559 for (colon = ceil = prefix_list; *colon; ceil = colon+1) {
560 for (colon = ceil; *colon && *colon != PATH_SEP; colon++);
561 len = colon - ceil;
562 if (len == 0 || len > PATH_MAX || !is_absolute_path(ceil))
563 continue;
564 strlcpy(buf, ceil, len+1);
565 if (normalize_path_copy(buf, buf) < 0)
566 continue;
567 len = strlen(buf);
568 if (len > 0 && buf[len-1] == '/')
569 buf[--len] = '\0';
570
571 if (!strncmp(path, buf, len) &&
572 path[len] == '/' &&
573 len > max_len) {
574 max_len = len;
575 }
576 }
577
578 return max_len;
579}
580
581/* strip arbitrary amount of directory separators at end of path */
582static inline int chomp_trailing_dir_sep(const char *path, int len)
583{
584 while (len && is_dir_sep(path[len - 1]))
585 len--;
586 return len;
587}
588
589/*
590 * If path ends with suffix (complete path components), returns the
591 * part before suffix (sans trailing directory separators).
592 * Otherwise returns NULL.
593 */
594char *strip_path_suffix(const char *path, const char *suffix)
595{
596 int path_len = strlen(path), suffix_len = strlen(suffix);
597
598 while (suffix_len) {
599 if (!path_len)
600 return NULL;
601
602 if (is_dir_sep(path[path_len - 1])) {
603 if (!is_dir_sep(suffix[suffix_len - 1]))
604 return NULL;
605 path_len = chomp_trailing_dir_sep(path, path_len);
606 suffix_len = chomp_trailing_dir_sep(suffix, suffix_len);
607 }
608 else if (path[--path_len] != suffix[--suffix_len])
609 return NULL;
610 }
611
612 if (path_len && !is_dir_sep(path[path_len - 1]))
613 return NULL;
614 return xstrndup(path, chomp_trailing_dir_sep(path, path_len));
615}
616
617int daemon_avoid_alias(const char *p)
618{
619 int sl, ndot;
620
621 /*
622 * This resurrects the belts and suspenders paranoia check by HPA
623 * done in <435560F7.4080006@zytor.com> thread, now enter_repo()
624 * does not do getcwd() based path canonicalization.
625 *
626 * sl becomes true immediately after seeing '/' and continues to
627 * be true as long as dots continue after that without intervening
628 * non-dot character.
629 */
630 if (!p || (*p != '/' && *p != '~'))
631 return -1;
632 sl = 1; ndot = 0;
633 p++;
634
635 while (1) {
636 char ch = *p++;
637 if (sl) {
638 if (ch == '.')
639 ndot++;
640 else if (ch == '/') {
641 if (ndot < 3)
642 /* reject //, /./ and /../ */
643 return -1;
644 ndot = 0;
645 }
646 else if (ch == 0) {
647 if (0 < ndot && ndot < 3)
648 /* reject /.$ and /..$ */
649 return -1;
650 return 0;
651 }
652 else
653 sl = ndot = 0;
654 }
655 else if (ch == 0)
656 return 0;
657 else if (ch == '/') {
658 sl = 1;
659 ndot = 0;
660 }
661 }
662}
663
664int offset_1st_component(const char *path)
665{
666 if (has_dos_drive_prefix(path))
667 return 2 + is_dir_sep(path[2]);
668 return is_dir_sep(path[0]);
669}