path.con commit Merge branch 'cb/do-not-pretend-to-hijack-long-help' (5366afa)
   1/*
   2 * I'm tired of doing "vsnprintf()" etc just to open a
   3 * file, so here's a "return static buffer with printf"
   4 * interface for paths.
   5 *
   6 * It's obviously not thread-safe. Sue me. But it's quite
   7 * useful for doing things like
   8 *
   9 *   f = open(mkpath("%s/%s.git", base, name), O_RDONLY);
  10 *
  11 * which is what it's designed for.
  12 */
  13#include "cache.h"
  14#include "strbuf.h"
  15
  16static char bad_path[] = "/bad-path/";
  17
  18static char *get_pathname(void)
  19{
  20        static char pathname_array[4][PATH_MAX];
  21        static int index;
  22        return pathname_array[3 & ++index];
  23}
  24
  25static char *cleanup_path(char *path)
  26{
  27        /* Clean it up */
  28        if (!memcmp(path, "./", 2)) {
  29                path += 2;
  30                while (*path == '/')
  31                        path++;
  32        }
  33        return path;
  34}
  35
  36char *mksnpath(char *buf, size_t n, const char *fmt, ...)
  37{
  38        va_list args;
  39        unsigned len;
  40
  41        va_start(args, fmt);
  42        len = vsnprintf(buf, n, fmt, args);
  43        va_end(args);
  44        if (len >= n) {
  45                strlcpy(buf, bad_path, n);
  46                return buf;
  47        }
  48        return cleanup_path(buf);
  49}
  50
  51static char *git_vsnpath(char *buf, size_t n, const char *fmt, va_list args)
  52{
  53        const char *git_dir = get_git_dir();
  54        size_t len;
  55
  56        len = strlen(git_dir);
  57        if (n < len + 1)
  58                goto bad;
  59        memcpy(buf, git_dir, len);
  60        if (len && !is_dir_sep(git_dir[len-1]))
  61                buf[len++] = '/';
  62        len += vsnprintf(buf + len, n - len, fmt, args);
  63        if (len >= n)
  64                goto bad;
  65        return cleanup_path(buf);
  66bad:
  67        strlcpy(buf, bad_path, n);
  68        return buf;
  69}
  70
  71char *git_snpath(char *buf, size_t n, const char *fmt, ...)
  72{
  73        va_list args;
  74        va_start(args, fmt);
  75        (void)git_vsnpath(buf, n, fmt, args);
  76        va_end(args);
  77        return buf;
  78}
  79
  80char *git_pathdup(const char *fmt, ...)
  81{
  82        char path[PATH_MAX];
  83        va_list args;
  84        va_start(args, fmt);
  85        (void)git_vsnpath(path, sizeof(path), fmt, args);
  86        va_end(args);
  87        return xstrdup(path);
  88}
  89
  90char *mkpath(const char *fmt, ...)
  91{
  92        va_list args;
  93        unsigned len;
  94        char *pathname = get_pathname();
  95
  96        va_start(args, fmt);
  97        len = vsnprintf(pathname, PATH_MAX, fmt, args);
  98        va_end(args);
  99        if (len >= PATH_MAX)
 100                return bad_path;
 101        return cleanup_path(pathname);
 102}
 103
 104char *git_path(const char *fmt, ...)
 105{
 106        const char *git_dir = get_git_dir();
 107        char *pathname = get_pathname();
 108        va_list args;
 109        unsigned len;
 110
 111        len = strlen(git_dir);
 112        if (len > PATH_MAX-100)
 113                return bad_path;
 114        memcpy(pathname, git_dir, len);
 115        if (len && git_dir[len-1] != '/')
 116                pathname[len++] = '/';
 117        va_start(args, fmt);
 118        len += vsnprintf(pathname + len, PATH_MAX - len, fmt, args);
 119        va_end(args);
 120        if (len >= PATH_MAX)
 121                return bad_path;
 122        return cleanup_path(pathname);
 123}
 124
 125char *git_path_submodule(const char *path, const char *fmt, ...)
 126{
 127        char *pathname = get_pathname();
 128        struct strbuf buf = STRBUF_INIT;
 129        const char *git_dir;
 130        va_list args;
 131        unsigned len;
 132
 133        len = strlen(path);
 134        if (len > PATH_MAX-100)
 135                return bad_path;
 136
 137        strbuf_addstr(&buf, path);
 138        if (len && path[len-1] != '/')
 139                strbuf_addch(&buf, '/');
 140        strbuf_addstr(&buf, ".git");
 141
 142        git_dir = read_gitfile(buf.buf);
 143        if (git_dir) {
 144                strbuf_reset(&buf);
 145                strbuf_addstr(&buf, git_dir);
 146        }
 147        strbuf_addch(&buf, '/');
 148
 149        if (buf.len >= PATH_MAX)
 150                return bad_path;
 151        memcpy(pathname, buf.buf, buf.len + 1);
 152
 153        strbuf_release(&buf);
 154        len = strlen(pathname);
 155
 156        va_start(args, fmt);
 157        len += vsnprintf(pathname + len, PATH_MAX - len, fmt, args);
 158        va_end(args);
 159        if (len >= PATH_MAX)
 160                return bad_path;
 161        return cleanup_path(pathname);
 162}
 163
 164int validate_headref(const char *path)
 165{
 166        struct stat st;
 167        char *buf, buffer[256];
 168        unsigned char sha1[20];
 169        int fd;
 170        ssize_t len;
 171
 172        if (lstat(path, &st) < 0)
 173                return -1;
 174
 175        /* Make sure it is a "refs/.." symlink */
 176        if (S_ISLNK(st.st_mode)) {
 177                len = readlink(path, buffer, sizeof(buffer)-1);
 178                if (len >= 5 && !memcmp("refs/", buffer, 5))
 179                        return 0;
 180                return -1;
 181        }
 182
 183        /*
 184         * Anything else, just open it and try to see if it is a symbolic ref.
 185         */
 186        fd = open(path, O_RDONLY);
 187        if (fd < 0)
 188                return -1;
 189        len = read_in_full(fd, buffer, sizeof(buffer)-1);
 190        close(fd);
 191
 192        /*
 193         * Is it a symbolic ref?
 194         */
 195        if (len < 4)
 196                return -1;
 197        if (!memcmp("ref:", buffer, 4)) {
 198                buf = buffer + 4;
 199                len -= 4;
 200                while (len && isspace(*buf))
 201                        buf++, len--;
 202                if (len >= 5 && !memcmp("refs/", buf, 5))
 203                        return 0;
 204        }
 205
 206        /*
 207         * Is this a detached HEAD?
 208         */
 209        if (!get_sha1_hex(buffer, sha1))
 210                return 0;
 211
 212        return -1;
 213}
 214
 215static struct passwd *getpw_str(const char *username, size_t len)
 216{
 217        struct passwd *pw;
 218        char *username_z = xmalloc(len + 1);
 219        memcpy(username_z, username, len);
 220        username_z[len] = '\0';
 221        pw = getpwnam(username_z);
 222        free(username_z);
 223        return pw;
 224}
 225
 226/*
 227 * Return a string with ~ and ~user expanded via getpw*.  If buf != NULL,
 228 * then it is a newly allocated string. Returns NULL on getpw failure or
 229 * if path is NULL.
 230 */
 231char *expand_user_path(const char *path)
 232{
 233        struct strbuf user_path = STRBUF_INIT;
 234        const char *first_slash = strchrnul(path, '/');
 235        const char *to_copy = path;
 236
 237        if (path == NULL)
 238                goto return_null;
 239        if (path[0] == '~') {
 240                const char *username = path + 1;
 241                size_t username_len = first_slash - username;
 242                if (username_len == 0) {
 243                        const char *home = getenv("HOME");
 244                        if (!home)
 245                                goto return_null;
 246                        strbuf_add(&user_path, home, strlen(home));
 247                } else {
 248                        struct passwd *pw = getpw_str(username, username_len);
 249                        if (!pw)
 250                                goto return_null;
 251                        strbuf_add(&user_path, pw->pw_dir, strlen(pw->pw_dir));
 252                }
 253                to_copy = first_slash;
 254        }
 255        strbuf_add(&user_path, to_copy, strlen(to_copy));
 256        return strbuf_detach(&user_path, NULL);
 257return_null:
 258        strbuf_release(&user_path);
 259        return NULL;
 260}
 261
 262/*
 263 * First, one directory to try is determined by the following algorithm.
 264 *
 265 * (0) If "strict" is given, the path is used as given and no DWIM is
 266 *     done. Otherwise:
 267 * (1) "~/path" to mean path under the running user's home directory;
 268 * (2) "~user/path" to mean path under named user's home directory;
 269 * (3) "relative/path" to mean cwd relative directory; or
 270 * (4) "/absolute/path" to mean absolute directory.
 271 *
 272 * Unless "strict" is given, we try access() for existence of "%s.git/.git",
 273 * "%s/.git", "%s.git", "%s" in this order.  The first one that exists is
 274 * what we try.
 275 *
 276 * Second, we try chdir() to that.  Upon failure, we return NULL.
 277 *
 278 * Then, we try if the current directory is a valid git repository.
 279 * Upon failure, we return NULL.
 280 *
 281 * If all goes well, we return the directory we used to chdir() (but
 282 * before ~user is expanded), avoiding getcwd() resolving symbolic
 283 * links.  User relative paths are also returned as they are given,
 284 * except DWIM suffixing.
 285 */
 286char *enter_repo(char *path, int strict)
 287{
 288        static char used_path[PATH_MAX];
 289        static char validated_path[PATH_MAX];
 290
 291        if (!path)
 292                return NULL;
 293
 294        if (!strict) {
 295                static const char *suffix[] = {
 296                        ".git/.git", "/.git", ".git", "", NULL,
 297                };
 298                int len = strlen(path);
 299                int i;
 300                while ((1 < len) && (path[len-1] == '/')) {
 301                        path[len-1] = 0;
 302                        len--;
 303                }
 304                if (PATH_MAX <= len)
 305                        return NULL;
 306                if (path[0] == '~') {
 307                        char *newpath = expand_user_path(path);
 308                        if (!newpath || (PATH_MAX - 10 < strlen(newpath))) {
 309                                free(newpath);
 310                                return NULL;
 311                        }
 312                        /*
 313                         * Copy back into the static buffer. A pity
 314                         * since newpath was not bounded, but other
 315                         * branches of the if are limited by PATH_MAX
 316                         * anyway.
 317                         */
 318                        strcpy(used_path, newpath); free(newpath);
 319                        strcpy(validated_path, path);
 320                        path = used_path;
 321                }
 322                else if (PATH_MAX - 10 < len)
 323                        return NULL;
 324                else {
 325                        path = strcpy(used_path, path);
 326                        strcpy(validated_path, path);
 327                }
 328                len = strlen(path);
 329                for (i = 0; suffix[i]; i++) {
 330                        strcpy(path + len, suffix[i]);
 331                        if (!access(path, F_OK)) {
 332                                strcat(validated_path, suffix[i]);
 333                                break;
 334                        }
 335                }
 336                if (!suffix[i] || chdir(path))
 337                        return NULL;
 338                path = validated_path;
 339        }
 340        else if (chdir(path))
 341                return NULL;
 342
 343        if (access("objects", X_OK) == 0 && access("refs", X_OK) == 0 &&
 344            validate_headref("HEAD") == 0) {
 345                set_git_dir(".");
 346                check_repository_format();
 347                return path;
 348        }
 349
 350        return NULL;
 351}
 352
 353int set_shared_perm(const char *path, int mode)
 354{
 355        struct stat st;
 356        int tweak, shared, orig_mode;
 357
 358        if (!shared_repository) {
 359                if (mode)
 360                        return chmod(path, mode & ~S_IFMT);
 361                return 0;
 362        }
 363        if (!mode) {
 364                if (lstat(path, &st) < 0)
 365                        return -1;
 366                mode = st.st_mode;
 367                orig_mode = mode;
 368        } else
 369                orig_mode = 0;
 370        if (shared_repository < 0)
 371                shared = -shared_repository;
 372        else
 373                shared = shared_repository;
 374        tweak = shared;
 375
 376        if (!(mode & S_IWUSR))
 377                tweak &= ~0222;
 378        if (mode & S_IXUSR)
 379                /* Copy read bits to execute bits */
 380                tweak |= (tweak & 0444) >> 2;
 381        if (shared_repository < 0)
 382                mode = (mode & ~0777) | tweak;
 383        else
 384                mode |= tweak;
 385
 386        if (S_ISDIR(mode)) {
 387                /* Copy read bits to execute bits */
 388                mode |= (shared & 0444) >> 2;
 389                mode |= FORCE_DIR_SET_GID;
 390        }
 391
 392        if (((shared_repository < 0
 393              ? (orig_mode & (FORCE_DIR_SET_GID | 0777))
 394              : (orig_mode & mode)) != mode) &&
 395            chmod(path, (mode & ~S_IFMT)) < 0)
 396                return -2;
 397        return 0;
 398}
 399
 400const char *relative_path(const char *abs, const char *base)
 401{
 402        static char buf[PATH_MAX + 1];
 403        int i = 0, j = 0;
 404
 405        if (!base || !base[0])
 406                return abs;
 407        while (base[i]) {
 408                if (is_dir_sep(base[i])) {
 409                        if (!is_dir_sep(abs[j]))
 410                                return abs;
 411                        while (is_dir_sep(base[i]))
 412                                i++;
 413                        while (is_dir_sep(abs[j]))
 414                                j++;
 415                        continue;
 416                } else if (abs[j] != base[i]) {
 417                        return abs;
 418                }
 419                i++;
 420                j++;
 421        }
 422        if (
 423            /* "/foo" is a prefix of "/foo" */
 424            abs[j] &&
 425            /* "/foo" is not a prefix of "/foobar" */
 426            !is_dir_sep(base[i-1]) && !is_dir_sep(abs[j])
 427           )
 428                return abs;
 429        while (is_dir_sep(abs[j]))
 430                j++;
 431        if (!abs[j])
 432                strcpy(buf, ".");
 433        else
 434                strcpy(buf, abs + j);
 435        return buf;
 436}
 437
 438/*
 439 * It is okay if dst == src, but they should not overlap otherwise.
 440 *
 441 * Performs the following normalizations on src, storing the result in dst:
 442 * - Ensures that components are separated by '/' (Windows only)
 443 * - Squashes sequences of '/'.
 444 * - Removes "." components.
 445 * - Removes ".." components, and the components the precede them.
 446 * Returns failure (non-zero) if a ".." component appears as first path
 447 * component anytime during the normalization. Otherwise, returns success (0).
 448 *
 449 * Note that this function is purely textual.  It does not follow symlinks,
 450 * verify the existence of the path, or make any system calls.
 451 */
 452int normalize_path_copy(char *dst, const char *src)
 453{
 454        char *dst0;
 455
 456        if (has_dos_drive_prefix(src)) {
 457                *dst++ = *src++;
 458                *dst++ = *src++;
 459        }
 460        dst0 = dst;
 461
 462        if (is_dir_sep(*src)) {
 463                *dst++ = '/';
 464                while (is_dir_sep(*src))
 465                        src++;
 466        }
 467
 468        for (;;) {
 469                char c = *src;
 470
 471                /*
 472                 * A path component that begins with . could be
 473                 * special:
 474                 * (1) "." and ends   -- ignore and terminate.
 475                 * (2) "./"           -- ignore them, eat slash and continue.
 476                 * (3) ".." and ends  -- strip one and terminate.
 477                 * (4) "../"          -- strip one, eat slash and continue.
 478                 */
 479                if (c == '.') {
 480                        if (!src[1]) {
 481                                /* (1) */
 482                                src++;
 483                        } else if (is_dir_sep(src[1])) {
 484                                /* (2) */
 485                                src += 2;
 486                                while (is_dir_sep(*src))
 487                                        src++;
 488                                continue;
 489                        } else if (src[1] == '.') {
 490                                if (!src[2]) {
 491                                        /* (3) */
 492                                        src += 2;
 493                                        goto up_one;
 494                                } else if (is_dir_sep(src[2])) {
 495                                        /* (4) */
 496                                        src += 3;
 497                                        while (is_dir_sep(*src))
 498                                                src++;
 499                                        goto up_one;
 500                                }
 501                        }
 502                }
 503
 504                /* copy up to the next '/', and eat all '/' */
 505                while ((c = *src++) != '\0' && !is_dir_sep(c))
 506                        *dst++ = c;
 507                if (is_dir_sep(c)) {
 508                        *dst++ = '/';
 509                        while (is_dir_sep(c))
 510                                c = *src++;
 511                        src--;
 512                } else if (!c)
 513                        break;
 514                continue;
 515
 516        up_one:
 517                /*
 518                 * dst0..dst is prefix portion, and dst[-1] is '/';
 519                 * go up one level.
 520                 */
 521                dst--;  /* go to trailing '/' */
 522                if (dst <= dst0)
 523                        return -1;
 524                /* Windows: dst[-1] cannot be backslash anymore */
 525                while (dst0 < dst && dst[-1] != '/')
 526                        dst--;
 527        }
 528        *dst = '\0';
 529        return 0;
 530}
 531
 532/*
 533 * path = Canonical absolute path
 534 * prefix_list = Colon-separated list of absolute paths
 535 *
 536 * Determines, for each path in prefix_list, whether the "prefix" really
 537 * is an ancestor directory of path.  Returns the length of the longest
 538 * ancestor directory, excluding any trailing slashes, or -1 if no prefix
 539 * is an ancestor.  (Note that this means 0 is returned if prefix_list is
 540 * "/".) "/foo" is not considered an ancestor of "/foobar".  Directories
 541 * are not considered to be their own ancestors.  path must be in a
 542 * canonical form: empty components, or "." or ".." components are not
 543 * allowed.  prefix_list may be null, which is like "".
 544 */
 545int longest_ancestor_length(const char *path, const char *prefix_list)
 546{
 547        char buf[PATH_MAX+1];
 548        const char *ceil, *colon;
 549        int len, max_len = -1;
 550
 551        if (prefix_list == NULL || !strcmp(path, "/"))
 552                return -1;
 553
 554        for (colon = ceil = prefix_list; *colon; ceil = colon+1) {
 555                for (colon = ceil; *colon && *colon != PATH_SEP; colon++);
 556                len = colon - ceil;
 557                if (len == 0 || len > PATH_MAX || !is_absolute_path(ceil))
 558                        continue;
 559                strlcpy(buf, ceil, len+1);
 560                if (normalize_path_copy(buf, buf) < 0)
 561                        continue;
 562                len = strlen(buf);
 563                if (len > 0 && buf[len-1] == '/')
 564                        buf[--len] = '\0';
 565
 566                if (!strncmp(path, buf, len) &&
 567                    path[len] == '/' &&
 568                    len > max_len) {
 569                        max_len = len;
 570                }
 571        }
 572
 573        return max_len;
 574}
 575
 576/* strip arbitrary amount of directory separators at end of path */
 577static inline int chomp_trailing_dir_sep(const char *path, int len)
 578{
 579        while (len && is_dir_sep(path[len - 1]))
 580                len--;
 581        return len;
 582}
 583
 584/*
 585 * If path ends with suffix (complete path components), returns the
 586 * part before suffix (sans trailing directory separators).
 587 * Otherwise returns NULL.
 588 */
 589char *strip_path_suffix(const char *path, const char *suffix)
 590{
 591        int path_len = strlen(path), suffix_len = strlen(suffix);
 592
 593        while (suffix_len) {
 594                if (!path_len)
 595                        return NULL;
 596
 597                if (is_dir_sep(path[path_len - 1])) {
 598                        if (!is_dir_sep(suffix[suffix_len - 1]))
 599                                return NULL;
 600                        path_len = chomp_trailing_dir_sep(path, path_len);
 601                        suffix_len = chomp_trailing_dir_sep(suffix, suffix_len);
 602                }
 603                else if (path[--path_len] != suffix[--suffix_len])
 604                        return NULL;
 605        }
 606
 607        if (path_len && !is_dir_sep(path[path_len - 1]))
 608                return NULL;
 609        return xstrndup(path, chomp_trailing_dir_sep(path, path_len));
 610}
 611
 612int daemon_avoid_alias(const char *p)
 613{
 614        int sl, ndot;
 615
 616        /*
 617         * This resurrects the belts and suspenders paranoia check by HPA
 618         * done in <435560F7.4080006@zytor.com> thread, now enter_repo()
 619         * does not do getcwd() based path canonicalization.
 620         *
 621         * sl becomes true immediately after seeing '/' and continues to
 622         * be true as long as dots continue after that without intervening
 623         * non-dot character.
 624         */
 625        if (!p || (*p != '/' && *p != '~'))
 626                return -1;
 627        sl = 1; ndot = 0;
 628        p++;
 629
 630        while (1) {
 631                char ch = *p++;
 632                if (sl) {
 633                        if (ch == '.')
 634                                ndot++;
 635                        else if (ch == '/') {
 636                                if (ndot < 3)
 637                                        /* reject //, /./ and /../ */
 638                                        return -1;
 639                                ndot = 0;
 640                        }
 641                        else if (ch == 0) {
 642                                if (0 < ndot && ndot < 3)
 643                                        /* reject /.$ and /..$ */
 644                                        return -1;
 645                                return 0;
 646                        }
 647                        else
 648                                sl = ndot = 0;
 649                }
 650                else if (ch == 0)
 651                        return 0;
 652                else if (ch == '/') {
 653                        sl = 1;
 654                        ndot = 0;
 655                }
 656        }
 657}
 658
 659int offset_1st_component(const char *path)
 660{
 661        if (has_dos_drive_prefix(path))
 662                return 2 + is_dir_sep(path[2]);
 663        return is_dir_sep(path[0]);
 664}