path.con commit cherry-pick: don't forget -s on failure (5ed75e2)
   1/*
   2 * I'm tired of doing "vsnprintf()" etc just to open a
   3 * file, so here's a "return static buffer with printf"
   4 * interface for paths.
   5 *
   6 * It's obviously not thread-safe. Sue me. But it's quite
   7 * useful for doing things like
   8 *
   9 *   f = open(mkpath("%s/%s.git", base, name), O_RDONLY);
  10 *
  11 * which is what it's designed for.
  12 */
  13#include "cache.h"
  14#include "strbuf.h"
  15
  16static char bad_path[] = "/bad-path/";
  17
  18static char *get_pathname(void)
  19{
  20        static char pathname_array[4][PATH_MAX];
  21        static int index;
  22        return pathname_array[3 & ++index];
  23}
  24
  25static char *cleanup_path(char *path)
  26{
  27        /* Clean it up */
  28        if (!memcmp(path, "./", 2)) {
  29                path += 2;
  30                while (*path == '/')
  31                        path++;
  32        }
  33        return path;
  34}
  35
  36char *mksnpath(char *buf, size_t n, const char *fmt, ...)
  37{
  38        va_list args;
  39        unsigned len;
  40
  41        va_start(args, fmt);
  42        len = vsnprintf(buf, n, fmt, args);
  43        va_end(args);
  44        if (len >= n) {
  45                strlcpy(buf, bad_path, n);
  46                return buf;
  47        }
  48        return cleanup_path(buf);
  49}
  50
  51static char *git_vsnpath(char *buf, size_t n, const char *fmt, va_list args)
  52{
  53        const char *git_dir = get_git_dir();
  54        size_t len;
  55
  56        len = strlen(git_dir);
  57        if (n < len + 1)
  58                goto bad;
  59        memcpy(buf, git_dir, len);
  60        if (len && !is_dir_sep(git_dir[len-1]))
  61                buf[len++] = '/';
  62        len += vsnprintf(buf + len, n - len, fmt, args);
  63        if (len >= n)
  64                goto bad;
  65        return cleanup_path(buf);
  66bad:
  67        strlcpy(buf, bad_path, n);
  68        return buf;
  69}
  70
  71char *git_snpath(char *buf, size_t n, const char *fmt, ...)
  72{
  73        va_list args;
  74        va_start(args, fmt);
  75        (void)git_vsnpath(buf, n, fmt, args);
  76        va_end(args);
  77        return buf;
  78}
  79
  80char *git_pathdup(const char *fmt, ...)
  81{
  82        char path[PATH_MAX];
  83        va_list args;
  84        va_start(args, fmt);
  85        (void)git_vsnpath(path, sizeof(path), fmt, args);
  86        va_end(args);
  87        return xstrdup(path);
  88}
  89
  90char *mkpathdup(const char *fmt, ...)
  91{
  92        char *path;
  93        struct strbuf sb = STRBUF_INIT;
  94        va_list args;
  95
  96        va_start(args, fmt);
  97        strbuf_vaddf(&sb, fmt, args);
  98        va_end(args);
  99        path = xstrdup(cleanup_path(sb.buf));
 100
 101        strbuf_release(&sb);
 102        return path;
 103}
 104
 105char *mkpath(const char *fmt, ...)
 106{
 107        va_list args;
 108        unsigned len;
 109        char *pathname = get_pathname();
 110
 111        va_start(args, fmt);
 112        len = vsnprintf(pathname, PATH_MAX, fmt, args);
 113        va_end(args);
 114        if (len >= PATH_MAX)
 115                return bad_path;
 116        return cleanup_path(pathname);
 117}
 118
 119char *git_path(const char *fmt, ...)
 120{
 121        const char *git_dir = get_git_dir();
 122        char *pathname = get_pathname();
 123        va_list args;
 124        unsigned len;
 125
 126        len = strlen(git_dir);
 127        if (len > PATH_MAX-100)
 128                return bad_path;
 129        memcpy(pathname, git_dir, len);
 130        if (len && git_dir[len-1] != '/')
 131                pathname[len++] = '/';
 132        va_start(args, fmt);
 133        len += vsnprintf(pathname + len, PATH_MAX - len, fmt, args);
 134        va_end(args);
 135        if (len >= PATH_MAX)
 136                return bad_path;
 137        return cleanup_path(pathname);
 138}
 139
 140void home_config_paths(char **global, char **xdg, char *file)
 141{
 142        char *xdg_home = getenv("XDG_CONFIG_HOME");
 143        char *home = getenv("HOME");
 144        char *to_free = NULL;
 145
 146        if (!home) {
 147                if (global)
 148                        *global = NULL;
 149        } else {
 150                if (!xdg_home) {
 151                        to_free = mkpathdup("%s/.config", home);
 152                        xdg_home = to_free;
 153                }
 154                if (global)
 155                        *global = mkpathdup("%s/.gitconfig", home);
 156        }
 157
 158        if (!xdg_home)
 159                *xdg = NULL;
 160        else
 161                *xdg = mkpathdup("%s/git/%s", xdg_home, file);
 162
 163        free(to_free);
 164}
 165
 166char *git_path_submodule(const char *path, const char *fmt, ...)
 167{
 168        char *pathname = get_pathname();
 169        struct strbuf buf = STRBUF_INIT;
 170        const char *git_dir;
 171        va_list args;
 172        unsigned len;
 173
 174        len = strlen(path);
 175        if (len > PATH_MAX-100)
 176                return bad_path;
 177
 178        strbuf_addstr(&buf, path);
 179        if (len && path[len-1] != '/')
 180                strbuf_addch(&buf, '/');
 181        strbuf_addstr(&buf, ".git");
 182
 183        git_dir = read_gitfile(buf.buf);
 184        if (git_dir) {
 185                strbuf_reset(&buf);
 186                strbuf_addstr(&buf, git_dir);
 187        }
 188        strbuf_addch(&buf, '/');
 189
 190        if (buf.len >= PATH_MAX)
 191                return bad_path;
 192        memcpy(pathname, buf.buf, buf.len + 1);
 193
 194        strbuf_release(&buf);
 195        len = strlen(pathname);
 196
 197        va_start(args, fmt);
 198        len += vsnprintf(pathname + len, PATH_MAX - len, fmt, args);
 199        va_end(args);
 200        if (len >= PATH_MAX)
 201                return bad_path;
 202        return cleanup_path(pathname);
 203}
 204
 205int validate_headref(const char *path)
 206{
 207        struct stat st;
 208        char *buf, buffer[256];
 209        unsigned char sha1[20];
 210        int fd;
 211        ssize_t len;
 212
 213        if (lstat(path, &st) < 0)
 214                return -1;
 215
 216        /* Make sure it is a "refs/.." symlink */
 217        if (S_ISLNK(st.st_mode)) {
 218                len = readlink(path, buffer, sizeof(buffer)-1);
 219                if (len >= 5 && !memcmp("refs/", buffer, 5))
 220                        return 0;
 221                return -1;
 222        }
 223
 224        /*
 225         * Anything else, just open it and try to see if it is a symbolic ref.
 226         */
 227        fd = open(path, O_RDONLY);
 228        if (fd < 0)
 229                return -1;
 230        len = read_in_full(fd, buffer, sizeof(buffer)-1);
 231        close(fd);
 232
 233        /*
 234         * Is it a symbolic ref?
 235         */
 236        if (len < 4)
 237                return -1;
 238        if (!memcmp("ref:", buffer, 4)) {
 239                buf = buffer + 4;
 240                len -= 4;
 241                while (len && isspace(*buf))
 242                        buf++, len--;
 243                if (len >= 5 && !memcmp("refs/", buf, 5))
 244                        return 0;
 245        }
 246
 247        /*
 248         * Is this a detached HEAD?
 249         */
 250        if (!get_sha1_hex(buffer, sha1))
 251                return 0;
 252
 253        return -1;
 254}
 255
 256static struct passwd *getpw_str(const char *username, size_t len)
 257{
 258        struct passwd *pw;
 259        char *username_z = xmalloc(len + 1);
 260        memcpy(username_z, username, len);
 261        username_z[len] = '\0';
 262        pw = getpwnam(username_z);
 263        free(username_z);
 264        return pw;
 265}
 266
 267/*
 268 * Return a string with ~ and ~user expanded via getpw*.  If buf != NULL,
 269 * then it is a newly allocated string. Returns NULL on getpw failure or
 270 * if path is NULL.
 271 */
 272char *expand_user_path(const char *path)
 273{
 274        struct strbuf user_path = STRBUF_INIT;
 275        const char *first_slash = strchrnul(path, '/');
 276        const char *to_copy = path;
 277
 278        if (path == NULL)
 279                goto return_null;
 280        if (path[0] == '~') {
 281                const char *username = path + 1;
 282                size_t username_len = first_slash - username;
 283                if (username_len == 0) {
 284                        const char *home = getenv("HOME");
 285                        if (!home)
 286                                goto return_null;
 287                        strbuf_add(&user_path, home, strlen(home));
 288                } else {
 289                        struct passwd *pw = getpw_str(username, username_len);
 290                        if (!pw)
 291                                goto return_null;
 292                        strbuf_add(&user_path, pw->pw_dir, strlen(pw->pw_dir));
 293                }
 294                to_copy = first_slash;
 295        }
 296        strbuf_add(&user_path, to_copy, strlen(to_copy));
 297        return strbuf_detach(&user_path, NULL);
 298return_null:
 299        strbuf_release(&user_path);
 300        return NULL;
 301}
 302
 303/*
 304 * First, one directory to try is determined by the following algorithm.
 305 *
 306 * (0) If "strict" is given, the path is used as given and no DWIM is
 307 *     done. Otherwise:
 308 * (1) "~/path" to mean path under the running user's home directory;
 309 * (2) "~user/path" to mean path under named user's home directory;
 310 * (3) "relative/path" to mean cwd relative directory; or
 311 * (4) "/absolute/path" to mean absolute directory.
 312 *
 313 * Unless "strict" is given, we try access() for existence of "%s.git/.git",
 314 * "%s/.git", "%s.git", "%s" in this order.  The first one that exists is
 315 * what we try.
 316 *
 317 * Second, we try chdir() to that.  Upon failure, we return NULL.
 318 *
 319 * Then, we try if the current directory is a valid git repository.
 320 * Upon failure, we return NULL.
 321 *
 322 * If all goes well, we return the directory we used to chdir() (but
 323 * before ~user is expanded), avoiding getcwd() resolving symbolic
 324 * links.  User relative paths are also returned as they are given,
 325 * except DWIM suffixing.
 326 */
 327const char *enter_repo(const char *path, int strict)
 328{
 329        static char used_path[PATH_MAX];
 330        static char validated_path[PATH_MAX];
 331
 332        if (!path)
 333                return NULL;
 334
 335        if (!strict) {
 336                static const char *suffix[] = {
 337                        "/.git", "", ".git/.git", ".git", NULL,
 338                };
 339                const char *gitfile;
 340                int len = strlen(path);
 341                int i;
 342                while ((1 < len) && (path[len-1] == '/'))
 343                        len--;
 344
 345                if (PATH_MAX <= len)
 346                        return NULL;
 347                strncpy(used_path, path, len); used_path[len] = 0 ;
 348                strcpy(validated_path, used_path);
 349
 350                if (used_path[0] == '~') {
 351                        char *newpath = expand_user_path(used_path);
 352                        if (!newpath || (PATH_MAX - 10 < strlen(newpath))) {
 353                                free(newpath);
 354                                return NULL;
 355                        }
 356                        /*
 357                         * Copy back into the static buffer. A pity
 358                         * since newpath was not bounded, but other
 359                         * branches of the if are limited by PATH_MAX
 360                         * anyway.
 361                         */
 362                        strcpy(used_path, newpath); free(newpath);
 363                }
 364                else if (PATH_MAX - 10 < len)
 365                        return NULL;
 366                len = strlen(used_path);
 367                for (i = 0; suffix[i]; i++) {
 368                        struct stat st;
 369                        strcpy(used_path + len, suffix[i]);
 370                        if (!stat(used_path, &st) &&
 371                            (S_ISREG(st.st_mode) ||
 372                            (S_ISDIR(st.st_mode) && is_git_directory(used_path)))) {
 373                                strcat(validated_path, suffix[i]);
 374                                break;
 375                        }
 376                }
 377                if (!suffix[i])
 378                        return NULL;
 379                gitfile = read_gitfile(used_path) ;
 380                if (gitfile)
 381                        strcpy(used_path, gitfile);
 382                if (chdir(used_path))
 383                        return NULL;
 384                path = validated_path;
 385        }
 386        else if (chdir(path))
 387                return NULL;
 388
 389        if (access("objects", X_OK) == 0 && access("refs", X_OK) == 0 &&
 390            validate_headref("HEAD") == 0) {
 391                set_git_dir(".");
 392                check_repository_format();
 393                return path;
 394        }
 395
 396        return NULL;
 397}
 398
 399int set_shared_perm(const char *path, int mode)
 400{
 401        struct stat st;
 402        int tweak, shared, orig_mode;
 403
 404        if (!shared_repository) {
 405                if (mode)
 406                        return chmod(path, mode & ~S_IFMT);
 407                return 0;
 408        }
 409        if (!mode) {
 410                if (lstat(path, &st) < 0)
 411                        return -1;
 412                mode = st.st_mode;
 413                orig_mode = mode;
 414        } else
 415                orig_mode = 0;
 416        if (shared_repository < 0)
 417                shared = -shared_repository;
 418        else
 419                shared = shared_repository;
 420        tweak = shared;
 421
 422        if (!(mode & S_IWUSR))
 423                tweak &= ~0222;
 424        if (mode & S_IXUSR)
 425                /* Copy read bits to execute bits */
 426                tweak |= (tweak & 0444) >> 2;
 427        if (shared_repository < 0)
 428                mode = (mode & ~0777) | tweak;
 429        else
 430                mode |= tweak;
 431
 432        if (S_ISDIR(mode)) {
 433                /* Copy read bits to execute bits */
 434                mode |= (shared & 0444) >> 2;
 435                mode |= FORCE_DIR_SET_GID;
 436        }
 437
 438        if (((shared_repository < 0
 439              ? (orig_mode & (FORCE_DIR_SET_GID | 0777))
 440              : (orig_mode & mode)) != mode) &&
 441            chmod(path, (mode & ~S_IFMT)) < 0)
 442                return -2;
 443        return 0;
 444}
 445
 446const char *relative_path(const char *abs, const char *base)
 447{
 448        static char buf[PATH_MAX + 1];
 449        int i = 0, j = 0;
 450
 451        if (!base || !base[0])
 452                return abs;
 453        while (base[i]) {
 454                if (is_dir_sep(base[i])) {
 455                        if (!is_dir_sep(abs[j]))
 456                                return abs;
 457                        while (is_dir_sep(base[i]))
 458                                i++;
 459                        while (is_dir_sep(abs[j]))
 460                                j++;
 461                        continue;
 462                } else if (abs[j] != base[i]) {
 463                        return abs;
 464                }
 465                i++;
 466                j++;
 467        }
 468        if (
 469            /* "/foo" is a prefix of "/foo" */
 470            abs[j] &&
 471            /* "/foo" is not a prefix of "/foobar" */
 472            !is_dir_sep(base[i-1]) && !is_dir_sep(abs[j])
 473           )
 474                return abs;
 475        while (is_dir_sep(abs[j]))
 476                j++;
 477        if (!abs[j])
 478                strcpy(buf, ".");
 479        else
 480                strcpy(buf, abs + j);
 481        return buf;
 482}
 483
 484/*
 485 * It is okay if dst == src, but they should not overlap otherwise.
 486 *
 487 * Performs the following normalizations on src, storing the result in dst:
 488 * - Ensures that components are separated by '/' (Windows only)
 489 * - Squashes sequences of '/'.
 490 * - Removes "." components.
 491 * - Removes ".." components, and the components the precede them.
 492 * Returns failure (non-zero) if a ".." component appears as first path
 493 * component anytime during the normalization. Otherwise, returns success (0).
 494 *
 495 * Note that this function is purely textual.  It does not follow symlinks,
 496 * verify the existence of the path, or make any system calls.
 497 */
 498int normalize_path_copy(char *dst, const char *src)
 499{
 500        char *dst0;
 501
 502        if (has_dos_drive_prefix(src)) {
 503                *dst++ = *src++;
 504                *dst++ = *src++;
 505        }
 506        dst0 = dst;
 507
 508        if (is_dir_sep(*src)) {
 509                *dst++ = '/';
 510                while (is_dir_sep(*src))
 511                        src++;
 512        }
 513
 514        for (;;) {
 515                char c = *src;
 516
 517                /*
 518                 * A path component that begins with . could be
 519                 * special:
 520                 * (1) "." and ends   -- ignore and terminate.
 521                 * (2) "./"           -- ignore them, eat slash and continue.
 522                 * (3) ".." and ends  -- strip one and terminate.
 523                 * (4) "../"          -- strip one, eat slash and continue.
 524                 */
 525                if (c == '.') {
 526                        if (!src[1]) {
 527                                /* (1) */
 528                                src++;
 529                        } else if (is_dir_sep(src[1])) {
 530                                /* (2) */
 531                                src += 2;
 532                                while (is_dir_sep(*src))
 533                                        src++;
 534                                continue;
 535                        } else if (src[1] == '.') {
 536                                if (!src[2]) {
 537                                        /* (3) */
 538                                        src += 2;
 539                                        goto up_one;
 540                                } else if (is_dir_sep(src[2])) {
 541                                        /* (4) */
 542                                        src += 3;
 543                                        while (is_dir_sep(*src))
 544                                                src++;
 545                                        goto up_one;
 546                                }
 547                        }
 548                }
 549
 550                /* copy up to the next '/', and eat all '/' */
 551                while ((c = *src++) != '\0' && !is_dir_sep(c))
 552                        *dst++ = c;
 553                if (is_dir_sep(c)) {
 554                        *dst++ = '/';
 555                        while (is_dir_sep(c))
 556                                c = *src++;
 557                        src--;
 558                } else if (!c)
 559                        break;
 560                continue;
 561
 562        up_one:
 563                /*
 564                 * dst0..dst is prefix portion, and dst[-1] is '/';
 565                 * go up one level.
 566                 */
 567                dst--;  /* go to trailing '/' */
 568                if (dst <= dst0)
 569                        return -1;
 570                /* Windows: dst[-1] cannot be backslash anymore */
 571                while (dst0 < dst && dst[-1] != '/')
 572                        dst--;
 573        }
 574        *dst = '\0';
 575        return 0;
 576}
 577
 578/*
 579 * path = Canonical absolute path
 580 * prefix_list = Colon-separated list of absolute paths
 581 *
 582 * Determines, for each path in prefix_list, whether the "prefix" really
 583 * is an ancestor directory of path.  Returns the length of the longest
 584 * ancestor directory, excluding any trailing slashes, or -1 if no prefix
 585 * is an ancestor.  (Note that this means 0 is returned if prefix_list is
 586 * "/".) "/foo" is not considered an ancestor of "/foobar".  Directories
 587 * are not considered to be their own ancestors.  path must be in a
 588 * canonical form: empty components, or "." or ".." components are not
 589 * allowed.  prefix_list may be null, which is like "".
 590 */
 591int longest_ancestor_length(const char *path, const char *prefix_list)
 592{
 593        char buf[PATH_MAX+1];
 594        const char *ceil, *colon;
 595        int len, max_len = -1;
 596
 597        if (prefix_list == NULL || !strcmp(path, "/"))
 598                return -1;
 599
 600        for (colon = ceil = prefix_list; *colon; ceil = colon+1) {
 601                for (colon = ceil; *colon && *colon != PATH_SEP; colon++);
 602                len = colon - ceil;
 603                if (len == 0 || len > PATH_MAX || !is_absolute_path(ceil))
 604                        continue;
 605                strlcpy(buf, ceil, len+1);
 606                if (normalize_path_copy(buf, buf) < 0)
 607                        continue;
 608                len = strlen(buf);
 609                if (len > 0 && buf[len-1] == '/')
 610                        buf[--len] = '\0';
 611
 612                if (!strncmp(path, buf, len) &&
 613                    path[len] == '/' &&
 614                    len > max_len) {
 615                        max_len = len;
 616                }
 617        }
 618
 619        return max_len;
 620}
 621
 622/* strip arbitrary amount of directory separators at end of path */
 623static inline int chomp_trailing_dir_sep(const char *path, int len)
 624{
 625        while (len && is_dir_sep(path[len - 1]))
 626                len--;
 627        return len;
 628}
 629
 630/*
 631 * If path ends with suffix (complete path components), returns the
 632 * part before suffix (sans trailing directory separators).
 633 * Otherwise returns NULL.
 634 */
 635char *strip_path_suffix(const char *path, const char *suffix)
 636{
 637        int path_len = strlen(path), suffix_len = strlen(suffix);
 638
 639        while (suffix_len) {
 640                if (!path_len)
 641                        return NULL;
 642
 643                if (is_dir_sep(path[path_len - 1])) {
 644                        if (!is_dir_sep(suffix[suffix_len - 1]))
 645                                return NULL;
 646                        path_len = chomp_trailing_dir_sep(path, path_len);
 647                        suffix_len = chomp_trailing_dir_sep(suffix, suffix_len);
 648                }
 649                else if (path[--path_len] != suffix[--suffix_len])
 650                        return NULL;
 651        }
 652
 653        if (path_len && !is_dir_sep(path[path_len - 1]))
 654                return NULL;
 655        return xstrndup(path, chomp_trailing_dir_sep(path, path_len));
 656}
 657
 658int daemon_avoid_alias(const char *p)
 659{
 660        int sl, ndot;
 661
 662        /*
 663         * This resurrects the belts and suspenders paranoia check by HPA
 664         * done in <435560F7.4080006@zytor.com> thread, now enter_repo()
 665         * does not do getcwd() based path canonicalization.
 666         *
 667         * sl becomes true immediately after seeing '/' and continues to
 668         * be true as long as dots continue after that without intervening
 669         * non-dot character.
 670         */
 671        if (!p || (*p != '/' && *p != '~'))
 672                return -1;
 673        sl = 1; ndot = 0;
 674        p++;
 675
 676        while (1) {
 677                char ch = *p++;
 678                if (sl) {
 679                        if (ch == '.')
 680                                ndot++;
 681                        else if (ch == '/') {
 682                                if (ndot < 3)
 683                                        /* reject //, /./ and /../ */
 684                                        return -1;
 685                                ndot = 0;
 686                        }
 687                        else if (ch == 0) {
 688                                if (0 < ndot && ndot < 3)
 689                                        /* reject /.$ and /..$ */
 690                                        return -1;
 691                                return 0;
 692                        }
 693                        else
 694                                sl = ndot = 0;
 695                }
 696                else if (ch == 0)
 697                        return 0;
 698                else if (ch == '/') {
 699                        sl = 1;
 700                        ndot = 0;
 701                }
 702        }
 703}
 704
 705int offset_1st_component(const char *path)
 706{
 707        if (has_dos_drive_prefix(path))
 708                return 2 + is_dir_sep(path[2]);
 709        return is_dir_sep(path[0]);
 710}