1/*
2 * I'm tired of doing "vsnprintf()" etc just to open a
3 * file, so here's a "return static buffer with printf"
4 * interface for paths.
5 *
6 * It's obviously not thread-safe. Sue me. But it's quite
7 * useful for doing things like
8 *
9 * f = open(mkpath("%s/%s.git", base, name), O_RDONLY);
10 *
11 * which is what it's designed for.
12 */
13#include "cache.h"
14#include "strbuf.h"
15
16static char bad_path[] = "/bad-path/";
17
18static char *get_pathname(void)
19{
20 static char pathname_array[4][PATH_MAX];
21 static int index;
22 return pathname_array[3 & ++index];
23}
24
25static char *cleanup_path(char *path)
26{
27 /* Clean it up */
28 if (!memcmp(path, "./", 2)) {
29 path += 2;
30 while (*path == '/')
31 path++;
32 }
33 return path;
34}
35
36char *mksnpath(char *buf, size_t n, const char *fmt, ...)
37{
38 va_list args;
39 unsigned len;
40
41 va_start(args, fmt);
42 len = vsnprintf(buf, n, fmt, args);
43 va_end(args);
44 if (len >= n) {
45 strlcpy(buf, bad_path, n);
46 return buf;
47 }
48 return cleanup_path(buf);
49}
50
51static char *git_vsnpath(char *buf, size_t n, const char *fmt, va_list args)
52{
53 const char *git_dir = get_git_dir();
54 size_t len;
55
56 len = strlen(git_dir);
57 if (n < len + 1)
58 goto bad;
59 memcpy(buf, git_dir, len);
60 if (len && !is_dir_sep(git_dir[len-1]))
61 buf[len++] = '/';
62 len += vsnprintf(buf + len, n - len, fmt, args);
63 if (len >= n)
64 goto bad;
65 return cleanup_path(buf);
66bad:
67 strlcpy(buf, bad_path, n);
68 return buf;
69}
70
71char *git_snpath(char *buf, size_t n, const char *fmt, ...)
72{
73 va_list args;
74 va_start(args, fmt);
75 (void)git_vsnpath(buf, n, fmt, args);
76 va_end(args);
77 return buf;
78}
79
80char *git_pathdup(const char *fmt, ...)
81{
82 char path[PATH_MAX];
83 va_list args;
84 va_start(args, fmt);
85 (void)git_vsnpath(path, sizeof(path), fmt, args);
86 va_end(args);
87 return xstrdup(path);
88}
89
90char *mkpathdup(const char *fmt, ...)
91{
92 char *path;
93 struct strbuf sb = STRBUF_INIT;
94 va_list args;
95
96 va_start(args, fmt);
97 strbuf_vaddf(&sb, fmt, args);
98 va_end(args);
99 path = xstrdup(cleanup_path(sb.buf));
100
101 strbuf_release(&sb);
102 return path;
103}
104
105char *mkpath(const char *fmt, ...)
106{
107 va_list args;
108 unsigned len;
109 char *pathname = get_pathname();
110
111 va_start(args, fmt);
112 len = vsnprintf(pathname, PATH_MAX, fmt, args);
113 va_end(args);
114 if (len >= PATH_MAX)
115 return bad_path;
116 return cleanup_path(pathname);
117}
118
119char *git_path(const char *fmt, ...)
120{
121 const char *git_dir = get_git_dir();
122 char *pathname = get_pathname();
123 va_list args;
124 unsigned len;
125
126 len = strlen(git_dir);
127 if (len > PATH_MAX-100)
128 return bad_path;
129 memcpy(pathname, git_dir, len);
130 if (len && git_dir[len-1] != '/')
131 pathname[len++] = '/';
132 va_start(args, fmt);
133 len += vsnprintf(pathname + len, PATH_MAX - len, fmt, args);
134 va_end(args);
135 if (len >= PATH_MAX)
136 return bad_path;
137 return cleanup_path(pathname);
138}
139
140void home_config_paths(char **global, char **xdg, char *file)
141{
142 char *xdg_home = getenv("XDG_CONFIG_HOME");
143 char *home = getenv("HOME");
144 char *to_free = NULL;
145
146 if (!home) {
147 if (global)
148 *global = NULL;
149 } else {
150 if (!xdg_home) {
151 to_free = mkpathdup("%s/.config", home);
152 xdg_home = to_free;
153 }
154 if (global)
155 *global = mkpathdup("%s/.gitconfig", home);
156 }
157
158 if (!xdg_home)
159 *xdg = NULL;
160 else
161 *xdg = mkpathdup("%s/git/%s", xdg_home, file);
162
163 free(to_free);
164}
165
166char *git_path_submodule(const char *path, const char *fmt, ...)
167{
168 char *pathname = get_pathname();
169 struct strbuf buf = STRBUF_INIT;
170 const char *git_dir;
171 va_list args;
172 unsigned len;
173
174 len = strlen(path);
175 if (len > PATH_MAX-100)
176 return bad_path;
177
178 strbuf_addstr(&buf, path);
179 if (len && path[len-1] != '/')
180 strbuf_addch(&buf, '/');
181 strbuf_addstr(&buf, ".git");
182
183 git_dir = read_gitfile(buf.buf);
184 if (git_dir) {
185 strbuf_reset(&buf);
186 strbuf_addstr(&buf, git_dir);
187 }
188 strbuf_addch(&buf, '/');
189
190 if (buf.len >= PATH_MAX)
191 return bad_path;
192 memcpy(pathname, buf.buf, buf.len + 1);
193
194 strbuf_release(&buf);
195 len = strlen(pathname);
196
197 va_start(args, fmt);
198 len += vsnprintf(pathname + len, PATH_MAX - len, fmt, args);
199 va_end(args);
200 if (len >= PATH_MAX)
201 return bad_path;
202 return cleanup_path(pathname);
203}
204
205int validate_headref(const char *path)
206{
207 struct stat st;
208 char *buf, buffer[256];
209 unsigned char sha1[20];
210 int fd;
211 ssize_t len;
212
213 if (lstat(path, &st) < 0)
214 return -1;
215
216 /* Make sure it is a "refs/.." symlink */
217 if (S_ISLNK(st.st_mode)) {
218 len = readlink(path, buffer, sizeof(buffer)-1);
219 if (len >= 5 && !memcmp("refs/", buffer, 5))
220 return 0;
221 return -1;
222 }
223
224 /*
225 * Anything else, just open it and try to see if it is a symbolic ref.
226 */
227 fd = open(path, O_RDONLY);
228 if (fd < 0)
229 return -1;
230 len = read_in_full(fd, buffer, sizeof(buffer)-1);
231 close(fd);
232
233 /*
234 * Is it a symbolic ref?
235 */
236 if (len < 4)
237 return -1;
238 if (!memcmp("ref:", buffer, 4)) {
239 buf = buffer + 4;
240 len -= 4;
241 while (len && isspace(*buf))
242 buf++, len--;
243 if (len >= 5 && !memcmp("refs/", buf, 5))
244 return 0;
245 }
246
247 /*
248 * Is this a detached HEAD?
249 */
250 if (!get_sha1_hex(buffer, sha1))
251 return 0;
252
253 return -1;
254}
255
256static struct passwd *getpw_str(const char *username, size_t len)
257{
258 struct passwd *pw;
259 char *username_z = xmalloc(len + 1);
260 memcpy(username_z, username, len);
261 username_z[len] = '\0';
262 pw = getpwnam(username_z);
263 free(username_z);
264 return pw;
265}
266
267/*
268 * Return a string with ~ and ~user expanded via getpw*. If buf != NULL,
269 * then it is a newly allocated string. Returns NULL on getpw failure or
270 * if path is NULL.
271 */
272char *expand_user_path(const char *path)
273{
274 struct strbuf user_path = STRBUF_INIT;
275 const char *first_slash = strchrnul(path, '/');
276 const char *to_copy = path;
277
278 if (path == NULL)
279 goto return_null;
280 if (path[0] == '~') {
281 const char *username = path + 1;
282 size_t username_len = first_slash - username;
283 if (username_len == 0) {
284 const char *home = getenv("HOME");
285 if (!home)
286 goto return_null;
287 strbuf_add(&user_path, home, strlen(home));
288 } else {
289 struct passwd *pw = getpw_str(username, username_len);
290 if (!pw)
291 goto return_null;
292 strbuf_add(&user_path, pw->pw_dir, strlen(pw->pw_dir));
293 }
294 to_copy = first_slash;
295 }
296 strbuf_add(&user_path, to_copy, strlen(to_copy));
297 return strbuf_detach(&user_path, NULL);
298return_null:
299 strbuf_release(&user_path);
300 return NULL;
301}
302
303/*
304 * First, one directory to try is determined by the following algorithm.
305 *
306 * (0) If "strict" is given, the path is used as given and no DWIM is
307 * done. Otherwise:
308 * (1) "~/path" to mean path under the running user's home directory;
309 * (2) "~user/path" to mean path under named user's home directory;
310 * (3) "relative/path" to mean cwd relative directory; or
311 * (4) "/absolute/path" to mean absolute directory.
312 *
313 * Unless "strict" is given, we try access() for existence of "%s.git/.git",
314 * "%s/.git", "%s.git", "%s" in this order. The first one that exists is
315 * what we try.
316 *
317 * Second, we try chdir() to that. Upon failure, we return NULL.
318 *
319 * Then, we try if the current directory is a valid git repository.
320 * Upon failure, we return NULL.
321 *
322 * If all goes well, we return the directory we used to chdir() (but
323 * before ~user is expanded), avoiding getcwd() resolving symbolic
324 * links. User relative paths are also returned as they are given,
325 * except DWIM suffixing.
326 */
327const char *enter_repo(const char *path, int strict)
328{
329 static char used_path[PATH_MAX];
330 static char validated_path[PATH_MAX];
331
332 if (!path)
333 return NULL;
334
335 if (!strict) {
336 static const char *suffix[] = {
337 "/.git", "", ".git/.git", ".git", NULL,
338 };
339 const char *gitfile;
340 int len = strlen(path);
341 int i;
342 while ((1 < len) && (path[len-1] == '/'))
343 len--;
344
345 if (PATH_MAX <= len)
346 return NULL;
347 strncpy(used_path, path, len); used_path[len] = 0 ;
348 strcpy(validated_path, used_path);
349
350 if (used_path[0] == '~') {
351 char *newpath = expand_user_path(used_path);
352 if (!newpath || (PATH_MAX - 10 < strlen(newpath))) {
353 free(newpath);
354 return NULL;
355 }
356 /*
357 * Copy back into the static buffer. A pity
358 * since newpath was not bounded, but other
359 * branches of the if are limited by PATH_MAX
360 * anyway.
361 */
362 strcpy(used_path, newpath); free(newpath);
363 }
364 else if (PATH_MAX - 10 < len)
365 return NULL;
366 len = strlen(used_path);
367 for (i = 0; suffix[i]; i++) {
368 struct stat st;
369 strcpy(used_path + len, suffix[i]);
370 if (!stat(used_path, &st) &&
371 (S_ISREG(st.st_mode) ||
372 (S_ISDIR(st.st_mode) && is_git_directory(used_path)))) {
373 strcat(validated_path, suffix[i]);
374 break;
375 }
376 }
377 if (!suffix[i])
378 return NULL;
379 gitfile = read_gitfile(used_path) ;
380 if (gitfile)
381 strcpy(used_path, gitfile);
382 if (chdir(used_path))
383 return NULL;
384 path = validated_path;
385 }
386 else if (chdir(path))
387 return NULL;
388
389 if (access("objects", X_OK) == 0 && access("refs", X_OK) == 0 &&
390 validate_headref("HEAD") == 0) {
391 set_git_dir(".");
392 check_repository_format();
393 return path;
394 }
395
396 return NULL;
397}
398
399int set_shared_perm(const char *path, int mode)
400{
401 struct stat st;
402 int tweak, shared, orig_mode;
403
404 if (!shared_repository) {
405 if (mode)
406 return chmod(path, mode & ~S_IFMT);
407 return 0;
408 }
409 if (!mode) {
410 if (lstat(path, &st) < 0)
411 return -1;
412 mode = st.st_mode;
413 orig_mode = mode;
414 } else
415 orig_mode = 0;
416 if (shared_repository < 0)
417 shared = -shared_repository;
418 else
419 shared = shared_repository;
420 tweak = shared;
421
422 if (!(mode & S_IWUSR))
423 tweak &= ~0222;
424 if (mode & S_IXUSR)
425 /* Copy read bits to execute bits */
426 tweak |= (tweak & 0444) >> 2;
427 if (shared_repository < 0)
428 mode = (mode & ~0777) | tweak;
429 else
430 mode |= tweak;
431
432 if (S_ISDIR(mode)) {
433 /* Copy read bits to execute bits */
434 mode |= (shared & 0444) >> 2;
435 mode |= FORCE_DIR_SET_GID;
436 }
437
438 if (((shared_repository < 0
439 ? (orig_mode & (FORCE_DIR_SET_GID | 0777))
440 : (orig_mode & mode)) != mode) &&
441 chmod(path, (mode & ~S_IFMT)) < 0)
442 return -2;
443 return 0;
444}
445
446const char *relative_path(const char *abs, const char *base)
447{
448 static char buf[PATH_MAX + 1];
449 int i = 0, j = 0;
450
451 if (!base || !base[0])
452 return abs;
453 while (base[i]) {
454 if (is_dir_sep(base[i])) {
455 if (!is_dir_sep(abs[j]))
456 return abs;
457 while (is_dir_sep(base[i]))
458 i++;
459 while (is_dir_sep(abs[j]))
460 j++;
461 continue;
462 } else if (abs[j] != base[i]) {
463 return abs;
464 }
465 i++;
466 j++;
467 }
468 if (
469 /* "/foo" is a prefix of "/foo" */
470 abs[j] &&
471 /* "/foo" is not a prefix of "/foobar" */
472 !is_dir_sep(base[i-1]) && !is_dir_sep(abs[j])
473 )
474 return abs;
475 while (is_dir_sep(abs[j]))
476 j++;
477 if (!abs[j])
478 strcpy(buf, ".");
479 else
480 strcpy(buf, abs + j);
481 return buf;
482}
483
484/*
485 * It is okay if dst == src, but they should not overlap otherwise.
486 *
487 * Performs the following normalizations on src, storing the result in dst:
488 * - Ensures that components are separated by '/' (Windows only)
489 * - Squashes sequences of '/'.
490 * - Removes "." components.
491 * - Removes ".." components, and the components the precede them.
492 * Returns failure (non-zero) if a ".." component appears as first path
493 * component anytime during the normalization. Otherwise, returns success (0).
494 *
495 * Note that this function is purely textual. It does not follow symlinks,
496 * verify the existence of the path, or make any system calls.
497 */
498int normalize_path_copy(char *dst, const char *src)
499{
500 char *dst0;
501
502 if (has_dos_drive_prefix(src)) {
503 *dst++ = *src++;
504 *dst++ = *src++;
505 }
506 dst0 = dst;
507
508 if (is_dir_sep(*src)) {
509 *dst++ = '/';
510 while (is_dir_sep(*src))
511 src++;
512 }
513
514 for (;;) {
515 char c = *src;
516
517 /*
518 * A path component that begins with . could be
519 * special:
520 * (1) "." and ends -- ignore and terminate.
521 * (2) "./" -- ignore them, eat slash and continue.
522 * (3) ".." and ends -- strip one and terminate.
523 * (4) "../" -- strip one, eat slash and continue.
524 */
525 if (c == '.') {
526 if (!src[1]) {
527 /* (1) */
528 src++;
529 } else if (is_dir_sep(src[1])) {
530 /* (2) */
531 src += 2;
532 while (is_dir_sep(*src))
533 src++;
534 continue;
535 } else if (src[1] == '.') {
536 if (!src[2]) {
537 /* (3) */
538 src += 2;
539 goto up_one;
540 } else if (is_dir_sep(src[2])) {
541 /* (4) */
542 src += 3;
543 while (is_dir_sep(*src))
544 src++;
545 goto up_one;
546 }
547 }
548 }
549
550 /* copy up to the next '/', and eat all '/' */
551 while ((c = *src++) != '\0' && !is_dir_sep(c))
552 *dst++ = c;
553 if (is_dir_sep(c)) {
554 *dst++ = '/';
555 while (is_dir_sep(c))
556 c = *src++;
557 src--;
558 } else if (!c)
559 break;
560 continue;
561
562 up_one:
563 /*
564 * dst0..dst is prefix portion, and dst[-1] is '/';
565 * go up one level.
566 */
567 dst--; /* go to trailing '/' */
568 if (dst <= dst0)
569 return -1;
570 /* Windows: dst[-1] cannot be backslash anymore */
571 while (dst0 < dst && dst[-1] != '/')
572 dst--;
573 }
574 *dst = '\0';
575 return 0;
576}
577
578/*
579 * path = Canonical absolute path
580 * prefix_list = Colon-separated list of absolute paths
581 *
582 * Determines, for each path in prefix_list, whether the "prefix" really
583 * is an ancestor directory of path. Returns the length of the longest
584 * ancestor directory, excluding any trailing slashes, or -1 if no prefix
585 * is an ancestor. (Note that this means 0 is returned if prefix_list is
586 * "/".) "/foo" is not considered an ancestor of "/foobar". Directories
587 * are not considered to be their own ancestors. path must be in a
588 * canonical form: empty components, or "." or ".." components are not
589 * allowed. prefix_list may be null, which is like "".
590 */
591int longest_ancestor_length(const char *path, const char *prefix_list)
592{
593 char buf[PATH_MAX+1];
594 const char *ceil, *colon;
595 int len, max_len = -1;
596
597 if (prefix_list == NULL || !strcmp(path, "/"))
598 return -1;
599
600 for (colon = ceil = prefix_list; *colon; ceil = colon+1) {
601 for (colon = ceil; *colon && *colon != PATH_SEP; colon++);
602 len = colon - ceil;
603 if (len == 0 || len > PATH_MAX || !is_absolute_path(ceil))
604 continue;
605 strlcpy(buf, ceil, len+1);
606 if (normalize_path_copy(buf, buf) < 0)
607 continue;
608 len = strlen(buf);
609 if (len > 0 && buf[len-1] == '/')
610 buf[--len] = '\0';
611
612 if (!strncmp(path, buf, len) &&
613 path[len] == '/' &&
614 len > max_len) {
615 max_len = len;
616 }
617 }
618
619 return max_len;
620}
621
622/* strip arbitrary amount of directory separators at end of path */
623static inline int chomp_trailing_dir_sep(const char *path, int len)
624{
625 while (len && is_dir_sep(path[len - 1]))
626 len--;
627 return len;
628}
629
630/*
631 * If path ends with suffix (complete path components), returns the
632 * part before suffix (sans trailing directory separators).
633 * Otherwise returns NULL.
634 */
635char *strip_path_suffix(const char *path, const char *suffix)
636{
637 int path_len = strlen(path), suffix_len = strlen(suffix);
638
639 while (suffix_len) {
640 if (!path_len)
641 return NULL;
642
643 if (is_dir_sep(path[path_len - 1])) {
644 if (!is_dir_sep(suffix[suffix_len - 1]))
645 return NULL;
646 path_len = chomp_trailing_dir_sep(path, path_len);
647 suffix_len = chomp_trailing_dir_sep(suffix, suffix_len);
648 }
649 else if (path[--path_len] != suffix[--suffix_len])
650 return NULL;
651 }
652
653 if (path_len && !is_dir_sep(path[path_len - 1]))
654 return NULL;
655 return xstrndup(path, chomp_trailing_dir_sep(path, path_len));
656}
657
658int daemon_avoid_alias(const char *p)
659{
660 int sl, ndot;
661
662 /*
663 * This resurrects the belts and suspenders paranoia check by HPA
664 * done in <435560F7.4080006@zytor.com> thread, now enter_repo()
665 * does not do getcwd() based path canonicalization.
666 *
667 * sl becomes true immediately after seeing '/' and continues to
668 * be true as long as dots continue after that without intervening
669 * non-dot character.
670 */
671 if (!p || (*p != '/' && *p != '~'))
672 return -1;
673 sl = 1; ndot = 0;
674 p++;
675
676 while (1) {
677 char ch = *p++;
678 if (sl) {
679 if (ch == '.')
680 ndot++;
681 else if (ch == '/') {
682 if (ndot < 3)
683 /* reject //, /./ and /../ */
684 return -1;
685 ndot = 0;
686 }
687 else if (ch == 0) {
688 if (0 < ndot && ndot < 3)
689 /* reject /.$ and /..$ */
690 return -1;
691 return 0;
692 }
693 else
694 sl = ndot = 0;
695 }
696 else if (ch == 0)
697 return 0;
698 else if (ch == '/') {
699 sl = 1;
700 ndot = 0;
701 }
702 }
703}
704
705int offset_1st_component(const char *path)
706{
707 if (has_dos_drive_prefix(path))
708 return 2 + is_dir_sep(path[2]);
709 return is_dir_sep(path[0]);
710}