path.con commit start_command(), if .in/.out > 0, closes file descriptors, not the callers (c20181e)
   1/*
   2 * I'm tired of doing "vsnprintf()" etc just to open a
   3 * file, so here's a "return static buffer with printf"
   4 * interface for paths.
   5 *
   6 * It's obviously not thread-safe. Sue me. But it's quite
   7 * useful for doing things like
   8 *
   9 *   f = open(mkpath("%s/%s.git", base, name), O_RDONLY);
  10 *
  11 * which is what it's designed for.
  12 */
  13#include "cache.h"
  14
  15static char bad_path[] = "/bad-path/";
  16
  17static char *get_pathname(void)
  18{
  19        static char pathname_array[4][PATH_MAX];
  20        static int index;
  21        return pathname_array[3 & ++index];
  22}
  23
  24static char *cleanup_path(char *path)
  25{
  26        /* Clean it up */
  27        if (!memcmp(path, "./", 2)) {
  28                path += 2;
  29                while (*path == '/')
  30                        path++;
  31        }
  32        return path;
  33}
  34
  35char *mkpath(const char *fmt, ...)
  36{
  37        va_list args;
  38        unsigned len;
  39        char *pathname = get_pathname();
  40
  41        va_start(args, fmt);
  42        len = vsnprintf(pathname, PATH_MAX, fmt, args);
  43        va_end(args);
  44        if (len >= PATH_MAX)
  45                return bad_path;
  46        return cleanup_path(pathname);
  47}
  48
  49char *git_path(const char *fmt, ...)
  50{
  51        const char *git_dir = get_git_dir();
  52        char *pathname = get_pathname();
  53        va_list args;
  54        unsigned len;
  55
  56        len = strlen(git_dir);
  57        if (len > PATH_MAX-100)
  58                return bad_path;
  59        memcpy(pathname, git_dir, len);
  60        if (len && git_dir[len-1] != '/')
  61                pathname[len++] = '/';
  62        va_start(args, fmt);
  63        len += vsnprintf(pathname + len, PATH_MAX - len, fmt, args);
  64        va_end(args);
  65        if (len >= PATH_MAX)
  66                return bad_path;
  67        return cleanup_path(pathname);
  68}
  69
  70
  71/* git_mkstemp() - create tmp file honoring TMPDIR variable */
  72int git_mkstemp(char *path, size_t len, const char *template)
  73{
  74        const char *tmp;
  75        size_t n;
  76
  77        tmp = getenv("TMPDIR");
  78        if (!tmp)
  79                tmp = "/tmp";
  80        n = snprintf(path, len, "%s/%s", tmp, template);
  81        if (len <= n) {
  82                errno = ENAMETOOLONG;
  83                return -1;
  84        }
  85        return mkstemp(path);
  86}
  87
  88
  89int validate_headref(const char *path)
  90{
  91        struct stat st;
  92        char *buf, buffer[256];
  93        unsigned char sha1[20];
  94        int len, fd;
  95
  96        if (lstat(path, &st) < 0)
  97                return -1;
  98
  99        /* Make sure it is a "refs/.." symlink */
 100        if (S_ISLNK(st.st_mode)) {
 101                len = readlink(path, buffer, sizeof(buffer)-1);
 102                if (len >= 5 && !memcmp("refs/", buffer, 5))
 103                        return 0;
 104                return -1;
 105        }
 106
 107        /*
 108         * Anything else, just open it and try to see if it is a symbolic ref.
 109         */
 110        fd = open(path, O_RDONLY);
 111        if (fd < 0)
 112                return -1;
 113        len = read_in_full(fd, buffer, sizeof(buffer)-1);
 114        close(fd);
 115
 116        /*
 117         * Is it a symbolic ref?
 118         */
 119        if (len < 4)
 120                return -1;
 121        if (!memcmp("ref:", buffer, 4)) {
 122                buf = buffer + 4;
 123                len -= 4;
 124                while (len && isspace(*buf))
 125                        buf++, len--;
 126                if (len >= 5 && !memcmp("refs/", buf, 5))
 127                        return 0;
 128        }
 129
 130        /*
 131         * Is this a detached HEAD?
 132         */
 133        if (!get_sha1_hex(buffer, sha1))
 134                return 0;
 135
 136        return -1;
 137}
 138
 139static char *user_path(char *buf, char *path, int sz)
 140{
 141        struct passwd *pw;
 142        char *slash;
 143        int len, baselen;
 144
 145        if (!path || path[0] != '~')
 146                return NULL;
 147        path++;
 148        slash = strchr(path, '/');
 149        if (path[0] == '/' || !path[0]) {
 150                pw = getpwuid(getuid());
 151        }
 152        else {
 153                if (slash) {
 154                        *slash = 0;
 155                        pw = getpwnam(path);
 156                        *slash = '/';
 157                }
 158                else
 159                        pw = getpwnam(path);
 160        }
 161        if (!pw || !pw->pw_dir || sz <= strlen(pw->pw_dir))
 162                return NULL;
 163        baselen = strlen(pw->pw_dir);
 164        memcpy(buf, pw->pw_dir, baselen);
 165        while ((1 < baselen) && (buf[baselen-1] == '/')) {
 166                buf[baselen-1] = 0;
 167                baselen--;
 168        }
 169        if (slash && slash[1]) {
 170                len = strlen(slash);
 171                if (sz <= baselen + len)
 172                        return NULL;
 173                memcpy(buf + baselen, slash, len + 1);
 174        }
 175        return buf;
 176}
 177
 178/*
 179 * First, one directory to try is determined by the following algorithm.
 180 *
 181 * (0) If "strict" is given, the path is used as given and no DWIM is
 182 *     done. Otherwise:
 183 * (1) "~/path" to mean path under the running user's home directory;
 184 * (2) "~user/path" to mean path under named user's home directory;
 185 * (3) "relative/path" to mean cwd relative directory; or
 186 * (4) "/absolute/path" to mean absolute directory.
 187 *
 188 * Unless "strict" is given, we try access() for existence of "%s.git/.git",
 189 * "%s/.git", "%s.git", "%s" in this order.  The first one that exists is
 190 * what we try.
 191 *
 192 * Second, we try chdir() to that.  Upon failure, we return NULL.
 193 *
 194 * Then, we try if the current directory is a valid git repository.
 195 * Upon failure, we return NULL.
 196 *
 197 * If all goes well, we return the directory we used to chdir() (but
 198 * before ~user is expanded), avoiding getcwd() resolving symbolic
 199 * links.  User relative paths are also returned as they are given,
 200 * except DWIM suffixing.
 201 */
 202char *enter_repo(char *path, int strict)
 203{
 204        static char used_path[PATH_MAX];
 205        static char validated_path[PATH_MAX];
 206
 207        if (!path)
 208                return NULL;
 209
 210        if (!strict) {
 211                static const char *suffix[] = {
 212                        ".git/.git", "/.git", ".git", "", NULL,
 213                };
 214                int len = strlen(path);
 215                int i;
 216                while ((1 < len) && (path[len-1] == '/')) {
 217                        path[len-1] = 0;
 218                        len--;
 219                }
 220                if (PATH_MAX <= len)
 221                        return NULL;
 222                if (path[0] == '~') {
 223                        if (!user_path(used_path, path, PATH_MAX))
 224                                return NULL;
 225                        strcpy(validated_path, path);
 226                        path = used_path;
 227                }
 228                else if (PATH_MAX - 10 < len)
 229                        return NULL;
 230                else {
 231                        path = strcpy(used_path, path);
 232                        strcpy(validated_path, path);
 233                }
 234                len = strlen(path);
 235                for (i = 0; suffix[i]; i++) {
 236                        strcpy(path + len, suffix[i]);
 237                        if (!access(path, F_OK)) {
 238                                strcat(validated_path, suffix[i]);
 239                                break;
 240                        }
 241                }
 242                if (!suffix[i] || chdir(path))
 243                        return NULL;
 244                path = validated_path;
 245        }
 246        else if (chdir(path))
 247                return NULL;
 248
 249        if (access("objects", X_OK) == 0 && access("refs", X_OK) == 0 &&
 250            validate_headref("HEAD") == 0) {
 251                setenv(GIT_DIR_ENVIRONMENT, ".", 1);
 252                check_repository_format();
 253                return path;
 254        }
 255
 256        return NULL;
 257}
 258
 259int adjust_shared_perm(const char *path)
 260{
 261        struct stat st;
 262        int mode;
 263
 264        if (!shared_repository)
 265                return 0;
 266        if (lstat(path, &st) < 0)
 267                return -1;
 268        mode = st.st_mode;
 269        if (mode & S_IRUSR)
 270                mode |= (shared_repository == PERM_GROUP
 271                         ? S_IRGRP
 272                         : (shared_repository == PERM_EVERYBODY
 273                            ? (S_IRGRP|S_IROTH)
 274                            : 0));
 275
 276        if (mode & S_IWUSR)
 277                mode |= S_IWGRP;
 278
 279        if (mode & S_IXUSR)
 280                mode |= (shared_repository == PERM_GROUP
 281                         ? S_IXGRP
 282                         : (shared_repository == PERM_EVERYBODY
 283                            ? (S_IXGRP|S_IXOTH)
 284                            : 0));
 285        if (S_ISDIR(mode))
 286                mode |= S_ISGID;
 287        if ((mode & st.st_mode) != mode && chmod(path, mode) < 0)
 288                return -2;
 289        return 0;
 290}
 291
 292/* We allow "recursive" symbolic links. Only within reason, though. */
 293#define MAXDEPTH 5
 294
 295const char *make_absolute_path(const char *path)
 296{
 297        static char bufs[2][PATH_MAX + 1], *buf = bufs[0], *next_buf = bufs[1];
 298        char cwd[1024] = "";
 299        int buf_index = 1, len;
 300
 301        int depth = MAXDEPTH;
 302        char *last_elem = NULL;
 303        struct stat st;
 304
 305        if (strlcpy(buf, path, PATH_MAX) >= PATH_MAX)
 306                die ("Too long path: %.*s", 60, path);
 307
 308        while (depth--) {
 309                if (stat(buf, &st) || !S_ISDIR(st.st_mode)) {
 310                        char *last_slash = strrchr(buf, '/');
 311                        if (last_slash) {
 312                                *last_slash = '\0';
 313                                last_elem = xstrdup(last_slash + 1);
 314                        } else
 315                                last_elem = xstrdup(buf);
 316                }
 317
 318                if (*buf) {
 319                        if (!*cwd && !getcwd(cwd, sizeof(cwd)))
 320                                die ("Could not get current working directory");
 321
 322                        if (chdir(buf))
 323                                die ("Could not switch to '%s'", buf);
 324                }
 325                if (!getcwd(buf, PATH_MAX))
 326                        die ("Could not get current working directory");
 327
 328                if (last_elem) {
 329                        int len = strlen(buf);
 330                        if (len + strlen(last_elem) + 2 > PATH_MAX)
 331                                die ("Too long path name: '%s/%s'",
 332                                                buf, last_elem);
 333                        buf[len] = '/';
 334                        strcpy(buf + len + 1, last_elem);
 335                        free(last_elem);
 336                        last_elem = NULL;
 337                }
 338
 339                if (!lstat(buf, &st) && S_ISLNK(st.st_mode)) {
 340                        len = readlink(buf, next_buf, PATH_MAX);
 341                        if (len < 0)
 342                                die ("Invalid symlink: %s", buf);
 343                        next_buf[len] = '\0';
 344                        buf = next_buf;
 345                        buf_index = 1 - buf_index;
 346                        next_buf = bufs[buf_index];
 347                } else
 348                        break;
 349        }
 350
 351        if (*cwd && chdir(cwd))
 352                die ("Could not change back to '%s'", cwd);
 353
 354        return buf;
 355}