path.con commit resolve-undo: basic tests (9d9a2f4)
   1/*
   2 * I'm tired of doing "vsnprintf()" etc just to open a
   3 * file, so here's a "return static buffer with printf"
   4 * interface for paths.
   5 *
   6 * It's obviously not thread-safe. Sue me. But it's quite
   7 * useful for doing things like
   8 *
   9 *   f = open(mkpath("%s/%s.git", base, name), O_RDONLY);
  10 *
  11 * which is what it's designed for.
  12 */
  13#include "cache.h"
  14#include "strbuf.h"
  15
  16static char bad_path[] = "/bad-path/";
  17
  18static char *get_pathname(void)
  19{
  20        static char pathname_array[4][PATH_MAX];
  21        static int index;
  22        return pathname_array[3 & ++index];
  23}
  24
  25static char *cleanup_path(char *path)
  26{
  27        /* Clean it up */
  28        if (!memcmp(path, "./", 2)) {
  29                path += 2;
  30                while (*path == '/')
  31                        path++;
  32        }
  33        return path;
  34}
  35
  36char *mksnpath(char *buf, size_t n, const char *fmt, ...)
  37{
  38        va_list args;
  39        unsigned len;
  40
  41        va_start(args, fmt);
  42        len = vsnprintf(buf, n, fmt, args);
  43        va_end(args);
  44        if (len >= n) {
  45                strlcpy(buf, bad_path, n);
  46                return buf;
  47        }
  48        return cleanup_path(buf);
  49}
  50
  51static char *git_vsnpath(char *buf, size_t n, const char *fmt, va_list args)
  52{
  53        const char *git_dir = get_git_dir();
  54        size_t len;
  55
  56        len = strlen(git_dir);
  57        if (n < len + 1)
  58                goto bad;
  59        memcpy(buf, git_dir, len);
  60        if (len && !is_dir_sep(git_dir[len-1]))
  61                buf[len++] = '/';
  62        len += vsnprintf(buf + len, n - len, fmt, args);
  63        if (len >= n)
  64                goto bad;
  65        return cleanup_path(buf);
  66bad:
  67        strlcpy(buf, bad_path, n);
  68        return buf;
  69}
  70
  71char *git_snpath(char *buf, size_t n, const char *fmt, ...)
  72{
  73        va_list args;
  74        va_start(args, fmt);
  75        (void)git_vsnpath(buf, n, fmt, args);
  76        va_end(args);
  77        return buf;
  78}
  79
  80char *git_pathdup(const char *fmt, ...)
  81{
  82        char path[PATH_MAX];
  83        va_list args;
  84        va_start(args, fmt);
  85        (void)git_vsnpath(path, sizeof(path), fmt, args);
  86        va_end(args);
  87        return xstrdup(path);
  88}
  89
  90char *mkpath(const char *fmt, ...)
  91{
  92        va_list args;
  93        unsigned len;
  94        char *pathname = get_pathname();
  95
  96        va_start(args, fmt);
  97        len = vsnprintf(pathname, PATH_MAX, fmt, args);
  98        va_end(args);
  99        if (len >= PATH_MAX)
 100                return bad_path;
 101        return cleanup_path(pathname);
 102}
 103
 104char *git_path(const char *fmt, ...)
 105{
 106        const char *git_dir = get_git_dir();
 107        char *pathname = get_pathname();
 108        va_list args;
 109        unsigned len;
 110
 111        len = strlen(git_dir);
 112        if (len > PATH_MAX-100)
 113                return bad_path;
 114        memcpy(pathname, git_dir, len);
 115        if (len && git_dir[len-1] != '/')
 116                pathname[len++] = '/';
 117        va_start(args, fmt);
 118        len += vsnprintf(pathname + len, PATH_MAX - len, fmt, args);
 119        va_end(args);
 120        if (len >= PATH_MAX)
 121                return bad_path;
 122        return cleanup_path(pathname);
 123}
 124
 125
 126/* git_mkstemp() - create tmp file honoring TMPDIR variable */
 127int git_mkstemp(char *path, size_t len, const char *template)
 128{
 129        const char *tmp;
 130        size_t n;
 131
 132        tmp = getenv("TMPDIR");
 133        if (!tmp)
 134                tmp = "/tmp";
 135        n = snprintf(path, len, "%s/%s", tmp, template);
 136        if (len <= n) {
 137                errno = ENAMETOOLONG;
 138                return -1;
 139        }
 140        return mkstemp(path);
 141}
 142
 143/* git_mkstemps() - create tmp file with suffix honoring TMPDIR variable. */
 144int git_mkstemps(char *path, size_t len, const char *template, int suffix_len)
 145{
 146        const char *tmp;
 147        size_t n;
 148
 149        tmp = getenv("TMPDIR");
 150        if (!tmp)
 151                tmp = "/tmp";
 152        n = snprintf(path, len, "%s/%s", tmp, template);
 153        if (len <= n) {
 154                errno = ENAMETOOLONG;
 155                return -1;
 156        }
 157        return mkstemps(path, suffix_len);
 158}
 159
 160int validate_headref(const char *path)
 161{
 162        struct stat st;
 163        char *buf, buffer[256];
 164        unsigned char sha1[20];
 165        int fd;
 166        ssize_t len;
 167
 168        if (lstat(path, &st) < 0)
 169                return -1;
 170
 171        /* Make sure it is a "refs/.." symlink */
 172        if (S_ISLNK(st.st_mode)) {
 173                len = readlink(path, buffer, sizeof(buffer)-1);
 174                if (len >= 5 && !memcmp("refs/", buffer, 5))
 175                        return 0;
 176                return -1;
 177        }
 178
 179        /*
 180         * Anything else, just open it and try to see if it is a symbolic ref.
 181         */
 182        fd = open(path, O_RDONLY);
 183        if (fd < 0)
 184                return -1;
 185        len = read_in_full(fd, buffer, sizeof(buffer)-1);
 186        close(fd);
 187
 188        /*
 189         * Is it a symbolic ref?
 190         */
 191        if (len < 4)
 192                return -1;
 193        if (!memcmp("ref:", buffer, 4)) {
 194                buf = buffer + 4;
 195                len -= 4;
 196                while (len && isspace(*buf))
 197                        buf++, len--;
 198                if (len >= 5 && !memcmp("refs/", buf, 5))
 199                        return 0;
 200        }
 201
 202        /*
 203         * Is this a detached HEAD?
 204         */
 205        if (!get_sha1_hex(buffer, sha1))
 206                return 0;
 207
 208        return -1;
 209}
 210
 211static struct passwd *getpw_str(const char *username, size_t len)
 212{
 213        struct passwd *pw;
 214        char *username_z = xmalloc(len + 1);
 215        memcpy(username_z, username, len);
 216        username_z[len] = '\0';
 217        pw = getpwnam(username_z);
 218        free(username_z);
 219        return pw;
 220}
 221
 222/*
 223 * Return a string with ~ and ~user expanded via getpw*.  If buf != NULL,
 224 * then it is a newly allocated string. Returns NULL on getpw failure or
 225 * if path is NULL.
 226 */
 227char *expand_user_path(const char *path)
 228{
 229        struct strbuf user_path = STRBUF_INIT;
 230        const char *first_slash = strchrnul(path, '/');
 231        const char *to_copy = path;
 232
 233        if (path == NULL)
 234                goto return_null;
 235        if (path[0] == '~') {
 236                const char *username = path + 1;
 237                size_t username_len = first_slash - username;
 238                if (username_len == 0) {
 239                        const char *home = getenv("HOME");
 240                        strbuf_add(&user_path, home, strlen(home));
 241                } else {
 242                        struct passwd *pw = getpw_str(username, username_len);
 243                        if (!pw)
 244                                goto return_null;
 245                        strbuf_add(&user_path, pw->pw_dir, strlen(pw->pw_dir));
 246                }
 247                to_copy = first_slash;
 248        }
 249        strbuf_add(&user_path, to_copy, strlen(to_copy));
 250        return strbuf_detach(&user_path, NULL);
 251return_null:
 252        strbuf_release(&user_path);
 253        return NULL;
 254}
 255
 256/*
 257 * First, one directory to try is determined by the following algorithm.
 258 *
 259 * (0) If "strict" is given, the path is used as given and no DWIM is
 260 *     done. Otherwise:
 261 * (1) "~/path" to mean path under the running user's home directory;
 262 * (2) "~user/path" to mean path under named user's home directory;
 263 * (3) "relative/path" to mean cwd relative directory; or
 264 * (4) "/absolute/path" to mean absolute directory.
 265 *
 266 * Unless "strict" is given, we try access() for existence of "%s.git/.git",
 267 * "%s/.git", "%s.git", "%s" in this order.  The first one that exists is
 268 * what we try.
 269 *
 270 * Second, we try chdir() to that.  Upon failure, we return NULL.
 271 *
 272 * Then, we try if the current directory is a valid git repository.
 273 * Upon failure, we return NULL.
 274 *
 275 * If all goes well, we return the directory we used to chdir() (but
 276 * before ~user is expanded), avoiding getcwd() resolving symbolic
 277 * links.  User relative paths are also returned as they are given,
 278 * except DWIM suffixing.
 279 */
 280char *enter_repo(char *path, int strict)
 281{
 282        static char used_path[PATH_MAX];
 283        static char validated_path[PATH_MAX];
 284
 285        if (!path)
 286                return NULL;
 287
 288        if (!strict) {
 289                static const char *suffix[] = {
 290                        ".git/.git", "/.git", ".git", "", NULL,
 291                };
 292                int len = strlen(path);
 293                int i;
 294                while ((1 < len) && (path[len-1] == '/')) {
 295                        path[len-1] = 0;
 296                        len--;
 297                }
 298                if (PATH_MAX <= len)
 299                        return NULL;
 300                if (path[0] == '~') {
 301                        char *newpath = expand_user_path(path);
 302                        if (!newpath || (PATH_MAX - 10 < strlen(newpath))) {
 303                                free(newpath);
 304                                return NULL;
 305                        }
 306                        /*
 307                         * Copy back into the static buffer. A pity
 308                         * since newpath was not bounded, but other
 309                         * branches of the if are limited by PATH_MAX
 310                         * anyway.
 311                         */
 312                        strcpy(used_path, newpath); free(newpath);
 313                        strcpy(validated_path, path);
 314                        path = used_path;
 315                }
 316                else if (PATH_MAX - 10 < len)
 317                        return NULL;
 318                else {
 319                        path = strcpy(used_path, path);
 320                        strcpy(validated_path, path);
 321                }
 322                len = strlen(path);
 323                for (i = 0; suffix[i]; i++) {
 324                        strcpy(path + len, suffix[i]);
 325                        if (!access(path, F_OK)) {
 326                                strcat(validated_path, suffix[i]);
 327                                break;
 328                        }
 329                }
 330                if (!suffix[i] || chdir(path))
 331                        return NULL;
 332                path = validated_path;
 333        }
 334        else if (chdir(path))
 335                return NULL;
 336
 337        if (access("objects", X_OK) == 0 && access("refs", X_OK) == 0 &&
 338            validate_headref("HEAD") == 0) {
 339                setenv(GIT_DIR_ENVIRONMENT, ".", 1);
 340                check_repository_format();
 341                return path;
 342        }
 343
 344        return NULL;
 345}
 346
 347int set_shared_perm(const char *path, int mode)
 348{
 349        struct stat st;
 350        int tweak, shared, orig_mode;
 351
 352        if (!shared_repository) {
 353                if (mode)
 354                        return chmod(path, mode & ~S_IFMT);
 355                return 0;
 356        }
 357        if (!mode) {
 358                if (lstat(path, &st) < 0)
 359                        return -1;
 360                mode = st.st_mode;
 361                orig_mode = mode;
 362        } else
 363                orig_mode = 0;
 364        if (shared_repository < 0)
 365                shared = -shared_repository;
 366        else
 367                shared = shared_repository;
 368        tweak = shared;
 369
 370        if (!(mode & S_IWUSR))
 371                tweak &= ~0222;
 372        if (mode & S_IXUSR)
 373                /* Copy read bits to execute bits */
 374                tweak |= (tweak & 0444) >> 2;
 375        if (shared_repository < 0)
 376                mode = (mode & ~0777) | tweak;
 377        else
 378                mode |= tweak;
 379
 380        if (S_ISDIR(mode)) {
 381                /* Copy read bits to execute bits */
 382                mode |= (shared & 0444) >> 2;
 383                mode |= FORCE_DIR_SET_GID;
 384        }
 385
 386        if (((shared_repository < 0
 387              ? (orig_mode & (FORCE_DIR_SET_GID | 0777))
 388              : (orig_mode & mode)) != mode) &&
 389            chmod(path, (mode & ~S_IFMT)) < 0)
 390                return -2;
 391        return 0;
 392}
 393
 394const char *make_relative_path(const char *abs, const char *base)
 395{
 396        static char buf[PATH_MAX + 1];
 397        int baselen;
 398        if (!base)
 399                return abs;
 400        baselen = strlen(base);
 401        if (prefixcmp(abs, base))
 402                return abs;
 403        if (abs[baselen] == '/')
 404                baselen++;
 405        else if (base[baselen - 1] != '/')
 406                return abs;
 407        strcpy(buf, abs + baselen);
 408        return buf;
 409}
 410
 411/*
 412 * It is okay if dst == src, but they should not overlap otherwise.
 413 *
 414 * Performs the following normalizations on src, storing the result in dst:
 415 * - Ensures that components are separated by '/' (Windows only)
 416 * - Squashes sequences of '/'.
 417 * - Removes "." components.
 418 * - Removes ".." components, and the components the precede them.
 419 * Returns failure (non-zero) if a ".." component appears as first path
 420 * component anytime during the normalization. Otherwise, returns success (0).
 421 *
 422 * Note that this function is purely textual.  It does not follow symlinks,
 423 * verify the existence of the path, or make any system calls.
 424 */
 425int normalize_path_copy(char *dst, const char *src)
 426{
 427        char *dst0;
 428
 429        if (has_dos_drive_prefix(src)) {
 430                *dst++ = *src++;
 431                *dst++ = *src++;
 432        }
 433        dst0 = dst;
 434
 435        if (is_dir_sep(*src)) {
 436                *dst++ = '/';
 437                while (is_dir_sep(*src))
 438                        src++;
 439        }
 440
 441        for (;;) {
 442                char c = *src;
 443
 444                /*
 445                 * A path component that begins with . could be
 446                 * special:
 447                 * (1) "." and ends   -- ignore and terminate.
 448                 * (2) "./"           -- ignore them, eat slash and continue.
 449                 * (3) ".." and ends  -- strip one and terminate.
 450                 * (4) "../"          -- strip one, eat slash and continue.
 451                 */
 452                if (c == '.') {
 453                        if (!src[1]) {
 454                                /* (1) */
 455                                src++;
 456                        } else if (is_dir_sep(src[1])) {
 457                                /* (2) */
 458                                src += 2;
 459                                while (is_dir_sep(*src))
 460                                        src++;
 461                                continue;
 462                        } else if (src[1] == '.') {
 463                                if (!src[2]) {
 464                                        /* (3) */
 465                                        src += 2;
 466                                        goto up_one;
 467                                } else if (is_dir_sep(src[2])) {
 468                                        /* (4) */
 469                                        src += 3;
 470                                        while (is_dir_sep(*src))
 471                                                src++;
 472                                        goto up_one;
 473                                }
 474                        }
 475                }
 476
 477                /* copy up to the next '/', and eat all '/' */
 478                while ((c = *src++) != '\0' && !is_dir_sep(c))
 479                        *dst++ = c;
 480                if (is_dir_sep(c)) {
 481                        *dst++ = '/';
 482                        while (is_dir_sep(c))
 483                                c = *src++;
 484                        src--;
 485                } else if (!c)
 486                        break;
 487                continue;
 488
 489        up_one:
 490                /*
 491                 * dst0..dst is prefix portion, and dst[-1] is '/';
 492                 * go up one level.
 493                 */
 494                dst--;  /* go to trailing '/' */
 495                if (dst <= dst0)
 496                        return -1;
 497                /* Windows: dst[-1] cannot be backslash anymore */
 498                while (dst0 < dst && dst[-1] != '/')
 499                        dst--;
 500        }
 501        *dst = '\0';
 502        return 0;
 503}
 504
 505/*
 506 * path = Canonical absolute path
 507 * prefix_list = Colon-separated list of absolute paths
 508 *
 509 * Determines, for each path in prefix_list, whether the "prefix" really
 510 * is an ancestor directory of path.  Returns the length of the longest
 511 * ancestor directory, excluding any trailing slashes, or -1 if no prefix
 512 * is an ancestor.  (Note that this means 0 is returned if prefix_list is
 513 * "/".) "/foo" is not considered an ancestor of "/foobar".  Directories
 514 * are not considered to be their own ancestors.  path must be in a
 515 * canonical form: empty components, or "." or ".." components are not
 516 * allowed.  prefix_list may be null, which is like "".
 517 */
 518int longest_ancestor_length(const char *path, const char *prefix_list)
 519{
 520        char buf[PATH_MAX+1];
 521        const char *ceil, *colon;
 522        int len, max_len = -1;
 523
 524        if (prefix_list == NULL || !strcmp(path, "/"))
 525                return -1;
 526
 527        for (colon = ceil = prefix_list; *colon; ceil = colon+1) {
 528                for (colon = ceil; *colon && *colon != PATH_SEP; colon++);
 529                len = colon - ceil;
 530                if (len == 0 || len > PATH_MAX || !is_absolute_path(ceil))
 531                        continue;
 532                strlcpy(buf, ceil, len+1);
 533                if (normalize_path_copy(buf, buf) < 0)
 534                        continue;
 535                len = strlen(buf);
 536                if (len > 0 && buf[len-1] == '/')
 537                        buf[--len] = '\0';
 538
 539                if (!strncmp(path, buf, len) &&
 540                    path[len] == '/' &&
 541                    len > max_len) {
 542                        max_len = len;
 543                }
 544        }
 545
 546        return max_len;
 547}
 548
 549/* strip arbitrary amount of directory separators at end of path */
 550static inline int chomp_trailing_dir_sep(const char *path, int len)
 551{
 552        while (len && is_dir_sep(path[len - 1]))
 553                len--;
 554        return len;
 555}
 556
 557/*
 558 * If path ends with suffix (complete path components), returns the
 559 * part before suffix (sans trailing directory separators).
 560 * Otherwise returns NULL.
 561 */
 562char *strip_path_suffix(const char *path, const char *suffix)
 563{
 564        int path_len = strlen(path), suffix_len = strlen(suffix);
 565
 566        while (suffix_len) {
 567                if (!path_len)
 568                        return NULL;
 569
 570                if (is_dir_sep(path[path_len - 1])) {
 571                        if (!is_dir_sep(suffix[suffix_len - 1]))
 572                                return NULL;
 573                        path_len = chomp_trailing_dir_sep(path, path_len);
 574                        suffix_len = chomp_trailing_dir_sep(suffix, suffix_len);
 575                }
 576                else if (path[--path_len] != suffix[--suffix_len])
 577                        return NULL;
 578        }
 579
 580        if (path_len && !is_dir_sep(path[path_len - 1]))
 581                return NULL;
 582        return xstrndup(path, chomp_trailing_dir_sep(path, path_len));
 583}
 584
 585int daemon_avoid_alias(const char *p)
 586{
 587        int sl, ndot;
 588
 589        /*
 590         * This resurrects the belts and suspenders paranoia check by HPA
 591         * done in <435560F7.4080006@zytor.com> thread, now enter_repo()
 592         * does not do getcwd() based path canonicalizations.
 593         *
 594         * sl becomes true immediately after seeing '/' and continues to
 595         * be true as long as dots continue after that without intervening
 596         * non-dot character.
 597         */
 598        if (!p || (*p != '/' && *p != '~'))
 599                return -1;
 600        sl = 1; ndot = 0;
 601        p++;
 602
 603        while (1) {
 604                char ch = *p++;
 605                if (sl) {
 606                        if (ch == '.')
 607                                ndot++;
 608                        else if (ch == '/') {
 609                                if (ndot < 3)
 610                                        /* reject //, /./ and /../ */
 611                                        return -1;
 612                                ndot = 0;
 613                        }
 614                        else if (ch == 0) {
 615                                if (0 < ndot && ndot < 3)
 616                                        /* reject /.$ and /..$ */
 617                                        return -1;
 618                                return 0;
 619                        }
 620                        else
 621                                sl = ndot = 0;
 622                }
 623                else if (ch == 0)
 624                        return 0;
 625                else if (ch == '/') {
 626                        sl = 1;
 627                        ndot = 0;
 628                }
 629        }
 630}