path.con commit tests: A SANITY test prereq for testing if we're root (c91cfd1)
   1/*
   2 * I'm tired of doing "vsnprintf()" etc just to open a
   3 * file, so here's a "return static buffer with printf"
   4 * interface for paths.
   5 *
   6 * It's obviously not thread-safe. Sue me. But it's quite
   7 * useful for doing things like
   8 *
   9 *   f = open(mkpath("%s/%s.git", base, name), O_RDONLY);
  10 *
  11 * which is what it's designed for.
  12 */
  13#include "cache.h"
  14#include "strbuf.h"
  15
  16static char bad_path[] = "/bad-path/";
  17
  18static char *get_pathname(void)
  19{
  20        static char pathname_array[4][PATH_MAX];
  21        static int index;
  22        return pathname_array[3 & ++index];
  23}
  24
  25static char *cleanup_path(char *path)
  26{
  27        /* Clean it up */
  28        if (!memcmp(path, "./", 2)) {
  29                path += 2;
  30                while (*path == '/')
  31                        path++;
  32        }
  33        return path;
  34}
  35
  36char *mksnpath(char *buf, size_t n, const char *fmt, ...)
  37{
  38        va_list args;
  39        unsigned len;
  40
  41        va_start(args, fmt);
  42        len = vsnprintf(buf, n, fmt, args);
  43        va_end(args);
  44        if (len >= n) {
  45                strlcpy(buf, bad_path, n);
  46                return buf;
  47        }
  48        return cleanup_path(buf);
  49}
  50
  51static char *git_vsnpath(char *buf, size_t n, const char *fmt, va_list args)
  52{
  53        const char *git_dir = get_git_dir();
  54        size_t len;
  55
  56        len = strlen(git_dir);
  57        if (n < len + 1)
  58                goto bad;
  59        memcpy(buf, git_dir, len);
  60        if (len && !is_dir_sep(git_dir[len-1]))
  61                buf[len++] = '/';
  62        len += vsnprintf(buf + len, n - len, fmt, args);
  63        if (len >= n)
  64                goto bad;
  65        return cleanup_path(buf);
  66bad:
  67        strlcpy(buf, bad_path, n);
  68        return buf;
  69}
  70
  71char *git_snpath(char *buf, size_t n, const char *fmt, ...)
  72{
  73        va_list args;
  74        va_start(args, fmt);
  75        (void)git_vsnpath(buf, n, fmt, args);
  76        va_end(args);
  77        return buf;
  78}
  79
  80char *git_pathdup(const char *fmt, ...)
  81{
  82        char path[PATH_MAX];
  83        va_list args;
  84        va_start(args, fmt);
  85        (void)git_vsnpath(path, sizeof(path), fmt, args);
  86        va_end(args);
  87        return xstrdup(path);
  88}
  89
  90char *mkpath(const char *fmt, ...)
  91{
  92        va_list args;
  93        unsigned len;
  94        char *pathname = get_pathname();
  95
  96        va_start(args, fmt);
  97        len = vsnprintf(pathname, PATH_MAX, fmt, args);
  98        va_end(args);
  99        if (len >= PATH_MAX)
 100                return bad_path;
 101        return cleanup_path(pathname);
 102}
 103
 104char *git_path(const char *fmt, ...)
 105{
 106        const char *git_dir = get_git_dir();
 107        char *pathname = get_pathname();
 108        va_list args;
 109        unsigned len;
 110
 111        len = strlen(git_dir);
 112        if (len > PATH_MAX-100)
 113                return bad_path;
 114        memcpy(pathname, git_dir, len);
 115        if (len && git_dir[len-1] != '/')
 116                pathname[len++] = '/';
 117        va_start(args, fmt);
 118        len += vsnprintf(pathname + len, PATH_MAX - len, fmt, args);
 119        va_end(args);
 120        if (len >= PATH_MAX)
 121                return bad_path;
 122        return cleanup_path(pathname);
 123}
 124
 125
 126/* git_mkstemp() - create tmp file honoring TMPDIR variable */
 127int git_mkstemp(char *path, size_t len, const char *template)
 128{
 129        const char *tmp;
 130        size_t n;
 131
 132        tmp = getenv("TMPDIR");
 133        if (!tmp)
 134                tmp = "/tmp";
 135        n = snprintf(path, len, "%s/%s", tmp, template);
 136        if (len <= n) {
 137                errno = ENAMETOOLONG;
 138                return -1;
 139        }
 140        return mkstemp(path);
 141}
 142
 143/* git_mkstemps() - create tmp file with suffix honoring TMPDIR variable. */
 144int git_mkstemps(char *path, size_t len, const char *template, int suffix_len)
 145{
 146        const char *tmp;
 147        size_t n;
 148
 149        tmp = getenv("TMPDIR");
 150        if (!tmp)
 151                tmp = "/tmp";
 152        n = snprintf(path, len, "%s/%s", tmp, template);
 153        if (len <= n) {
 154                errno = ENAMETOOLONG;
 155                return -1;
 156        }
 157        return mkstemps(path, suffix_len);
 158}
 159
 160/* Adapted from libiberty's mkstemp.c. */
 161
 162#undef TMP_MAX
 163#define TMP_MAX 16384
 164
 165int git_mkstemps_mode(char *pattern, int suffix_len, int mode)
 166{
 167        static const char letters[] =
 168                "abcdefghijklmnopqrstuvwxyz"
 169                "ABCDEFGHIJKLMNOPQRSTUVWXYZ"
 170                "0123456789";
 171        static const int num_letters = 62;
 172        uint64_t value;
 173        struct timeval tv;
 174        char *template;
 175        size_t len;
 176        int fd, count;
 177
 178        len = strlen(pattern);
 179
 180        if (len < 6 + suffix_len) {
 181                errno = EINVAL;
 182                return -1;
 183        }
 184
 185        if (strncmp(&pattern[len - 6 - suffix_len], "XXXXXX", 6)) {
 186                errno = EINVAL;
 187                return -1;
 188        }
 189
 190        /*
 191         * Replace pattern's XXXXXX characters with randomness.
 192         * Try TMP_MAX different filenames.
 193         */
 194        gettimeofday(&tv, NULL);
 195        value = ((size_t)(tv.tv_usec << 16)) ^ tv.tv_sec ^ getpid();
 196        template = &pattern[len - 6 - suffix_len];
 197        for (count = 0; count < TMP_MAX; ++count) {
 198                uint64_t v = value;
 199                /* Fill in the random bits. */
 200                template[0] = letters[v % num_letters]; v /= num_letters;
 201                template[1] = letters[v % num_letters]; v /= num_letters;
 202                template[2] = letters[v % num_letters]; v /= num_letters;
 203                template[3] = letters[v % num_letters]; v /= num_letters;
 204                template[4] = letters[v % num_letters]; v /= num_letters;
 205                template[5] = letters[v % num_letters]; v /= num_letters;
 206
 207                fd = open(pattern, O_CREAT | O_EXCL | O_RDWR, mode);
 208                if (fd > 0)
 209                        return fd;
 210                /*
 211                 * Fatal error (EPERM, ENOSPC etc).
 212                 * It doesn't make sense to loop.
 213                 */
 214                if (errno != EEXIST)
 215                        break;
 216                /*
 217                 * This is a random value.  It is only necessary that
 218                 * the next TMP_MAX values generated by adding 7777 to
 219                 * VALUE are different with (module 2^32).
 220                 */
 221                value += 7777;
 222        }
 223        /* We return the null string if we can't find a unique file name.  */
 224        pattern[0] = '\0';
 225        return -1;
 226}
 227
 228int git_mkstemp_mode(char *pattern, int mode)
 229{
 230        /* mkstemp is just mkstemps with no suffix */
 231        return git_mkstemps_mode(pattern, 0, mode);
 232}
 233
 234int gitmkstemps(char *pattern, int suffix_len)
 235{
 236        return git_mkstemps_mode(pattern, suffix_len, 0600);
 237}
 238
 239int validate_headref(const char *path)
 240{
 241        struct stat st;
 242        char *buf, buffer[256];
 243        unsigned char sha1[20];
 244        int fd;
 245        ssize_t len;
 246
 247        if (lstat(path, &st) < 0)
 248                return -1;
 249
 250        /* Make sure it is a "refs/.." symlink */
 251        if (S_ISLNK(st.st_mode)) {
 252                len = readlink(path, buffer, sizeof(buffer)-1);
 253                if (len >= 5 && !memcmp("refs/", buffer, 5))
 254                        return 0;
 255                return -1;
 256        }
 257
 258        /*
 259         * Anything else, just open it and try to see if it is a symbolic ref.
 260         */
 261        fd = open(path, O_RDONLY);
 262        if (fd < 0)
 263                return -1;
 264        len = read_in_full(fd, buffer, sizeof(buffer)-1);
 265        close(fd);
 266
 267        /*
 268         * Is it a symbolic ref?
 269         */
 270        if (len < 4)
 271                return -1;
 272        if (!memcmp("ref:", buffer, 4)) {
 273                buf = buffer + 4;
 274                len -= 4;
 275                while (len && isspace(*buf))
 276                        buf++, len--;
 277                if (len >= 5 && !memcmp("refs/", buf, 5))
 278                        return 0;
 279        }
 280
 281        /*
 282         * Is this a detached HEAD?
 283         */
 284        if (!get_sha1_hex(buffer, sha1))
 285                return 0;
 286
 287        return -1;
 288}
 289
 290static struct passwd *getpw_str(const char *username, size_t len)
 291{
 292        struct passwd *pw;
 293        char *username_z = xmalloc(len + 1);
 294        memcpy(username_z, username, len);
 295        username_z[len] = '\0';
 296        pw = getpwnam(username_z);
 297        free(username_z);
 298        return pw;
 299}
 300
 301/*
 302 * Return a string with ~ and ~user expanded via getpw*.  If buf != NULL,
 303 * then it is a newly allocated string. Returns NULL on getpw failure or
 304 * if path is NULL.
 305 */
 306char *expand_user_path(const char *path)
 307{
 308        struct strbuf user_path = STRBUF_INIT;
 309        const char *first_slash = strchrnul(path, '/');
 310        const char *to_copy = path;
 311
 312        if (path == NULL)
 313                goto return_null;
 314        if (path[0] == '~') {
 315                const char *username = path + 1;
 316                size_t username_len = first_slash - username;
 317                if (username_len == 0) {
 318                        const char *home = getenv("HOME");
 319                        if (!home)
 320                                goto return_null;
 321                        strbuf_add(&user_path, home, strlen(home));
 322                } else {
 323                        struct passwd *pw = getpw_str(username, username_len);
 324                        if (!pw)
 325                                goto return_null;
 326                        strbuf_add(&user_path, pw->pw_dir, strlen(pw->pw_dir));
 327                }
 328                to_copy = first_slash;
 329        }
 330        strbuf_add(&user_path, to_copy, strlen(to_copy));
 331        return strbuf_detach(&user_path, NULL);
 332return_null:
 333        strbuf_release(&user_path);
 334        return NULL;
 335}
 336
 337/*
 338 * First, one directory to try is determined by the following algorithm.
 339 *
 340 * (0) If "strict" is given, the path is used as given and no DWIM is
 341 *     done. Otherwise:
 342 * (1) "~/path" to mean path under the running user's home directory;
 343 * (2) "~user/path" to mean path under named user's home directory;
 344 * (3) "relative/path" to mean cwd relative directory; or
 345 * (4) "/absolute/path" to mean absolute directory.
 346 *
 347 * Unless "strict" is given, we try access() for existence of "%s.git/.git",
 348 * "%s/.git", "%s.git", "%s" in this order.  The first one that exists is
 349 * what we try.
 350 *
 351 * Second, we try chdir() to that.  Upon failure, we return NULL.
 352 *
 353 * Then, we try if the current directory is a valid git repository.
 354 * Upon failure, we return NULL.
 355 *
 356 * If all goes well, we return the directory we used to chdir() (but
 357 * before ~user is expanded), avoiding getcwd() resolving symbolic
 358 * links.  User relative paths are also returned as they are given,
 359 * except DWIM suffixing.
 360 */
 361char *enter_repo(char *path, int strict)
 362{
 363        static char used_path[PATH_MAX];
 364        static char validated_path[PATH_MAX];
 365
 366        if (!path)
 367                return NULL;
 368
 369        if (!strict) {
 370                static const char *suffix[] = {
 371                        ".git/.git", "/.git", ".git", "", NULL,
 372                };
 373                int len = strlen(path);
 374                int i;
 375                while ((1 < len) && (path[len-1] == '/')) {
 376                        path[len-1] = 0;
 377                        len--;
 378                }
 379                if (PATH_MAX <= len)
 380                        return NULL;
 381                if (path[0] == '~') {
 382                        char *newpath = expand_user_path(path);
 383                        if (!newpath || (PATH_MAX - 10 < strlen(newpath))) {
 384                                free(newpath);
 385                                return NULL;
 386                        }
 387                        /*
 388                         * Copy back into the static buffer. A pity
 389                         * since newpath was not bounded, but other
 390                         * branches of the if are limited by PATH_MAX
 391                         * anyway.
 392                         */
 393                        strcpy(used_path, newpath); free(newpath);
 394                        strcpy(validated_path, path);
 395                        path = used_path;
 396                }
 397                else if (PATH_MAX - 10 < len)
 398                        return NULL;
 399                else {
 400                        path = strcpy(used_path, path);
 401                        strcpy(validated_path, path);
 402                }
 403                len = strlen(path);
 404                for (i = 0; suffix[i]; i++) {
 405                        strcpy(path + len, suffix[i]);
 406                        if (!access(path, F_OK)) {
 407                                strcat(validated_path, suffix[i]);
 408                                break;
 409                        }
 410                }
 411                if (!suffix[i] || chdir(path))
 412                        return NULL;
 413                path = validated_path;
 414        }
 415        else if (chdir(path))
 416                return NULL;
 417
 418        if (access("objects", X_OK) == 0 && access("refs", X_OK) == 0 &&
 419            validate_headref("HEAD") == 0) {
 420                set_git_dir(".");
 421                check_repository_format();
 422                return path;
 423        }
 424
 425        return NULL;
 426}
 427
 428int set_shared_perm(const char *path, int mode)
 429{
 430        struct stat st;
 431        int tweak, shared, orig_mode;
 432
 433        if (!shared_repository) {
 434                if (mode)
 435                        return chmod(path, mode & ~S_IFMT);
 436                return 0;
 437        }
 438        if (!mode) {
 439                if (lstat(path, &st) < 0)
 440                        return -1;
 441                mode = st.st_mode;
 442                orig_mode = mode;
 443        } else
 444                orig_mode = 0;
 445        if (shared_repository < 0)
 446                shared = -shared_repository;
 447        else
 448                shared = shared_repository;
 449        tweak = shared;
 450
 451        if (!(mode & S_IWUSR))
 452                tweak &= ~0222;
 453        if (mode & S_IXUSR)
 454                /* Copy read bits to execute bits */
 455                tweak |= (tweak & 0444) >> 2;
 456        if (shared_repository < 0)
 457                mode = (mode & ~0777) | tweak;
 458        else
 459                mode |= tweak;
 460
 461        if (S_ISDIR(mode)) {
 462                /* Copy read bits to execute bits */
 463                mode |= (shared & 0444) >> 2;
 464                mode |= FORCE_DIR_SET_GID;
 465        }
 466
 467        if (((shared_repository < 0
 468              ? (orig_mode & (FORCE_DIR_SET_GID | 0777))
 469              : (orig_mode & mode)) != mode) &&
 470            chmod(path, (mode & ~S_IFMT)) < 0)
 471                return -2;
 472        return 0;
 473}
 474
 475const char *make_relative_path(const char *abs, const char *base)
 476{
 477        static char buf[PATH_MAX + 1];
 478        int i = 0, j = 0;
 479
 480        if (!base || !base[0])
 481                return abs;
 482        while (base[i]) {
 483                if (is_dir_sep(base[i])) {
 484                        if (!is_dir_sep(abs[j]))
 485                                return abs;
 486                        while (is_dir_sep(base[i]))
 487                                i++;
 488                        while (is_dir_sep(abs[j]))
 489                                j++;
 490                        continue;
 491                } else if (abs[j] != base[i]) {
 492                        return abs;
 493                }
 494                i++;
 495                j++;
 496        }
 497        if (
 498            /* "/foo" is a prefix of "/foo" */
 499            abs[j] &&
 500            /* "/foo" is not a prefix of "/foobar" */
 501            !is_dir_sep(base[i-1]) && !is_dir_sep(abs[j])
 502           )
 503                return abs;
 504        while (is_dir_sep(abs[j]))
 505                j++;
 506        if (!abs[j])
 507                strcpy(buf, ".");
 508        else
 509                strcpy(buf, abs + j);
 510        return buf;
 511}
 512
 513/*
 514 * It is okay if dst == src, but they should not overlap otherwise.
 515 *
 516 * Performs the following normalizations on src, storing the result in dst:
 517 * - Ensures that components are separated by '/' (Windows only)
 518 * - Squashes sequences of '/'.
 519 * - Removes "." components.
 520 * - Removes ".." components, and the components the precede them.
 521 * Returns failure (non-zero) if a ".." component appears as first path
 522 * component anytime during the normalization. Otherwise, returns success (0).
 523 *
 524 * Note that this function is purely textual.  It does not follow symlinks,
 525 * verify the existence of the path, or make any system calls.
 526 */
 527int normalize_path_copy(char *dst, const char *src)
 528{
 529        char *dst0;
 530
 531        if (has_dos_drive_prefix(src)) {
 532                *dst++ = *src++;
 533                *dst++ = *src++;
 534        }
 535        dst0 = dst;
 536
 537        if (is_dir_sep(*src)) {
 538                *dst++ = '/';
 539                while (is_dir_sep(*src))
 540                        src++;
 541        }
 542
 543        for (;;) {
 544                char c = *src;
 545
 546                /*
 547                 * A path component that begins with . could be
 548                 * special:
 549                 * (1) "." and ends   -- ignore and terminate.
 550                 * (2) "./"           -- ignore them, eat slash and continue.
 551                 * (3) ".." and ends  -- strip one and terminate.
 552                 * (4) "../"          -- strip one, eat slash and continue.
 553                 */
 554                if (c == '.') {
 555                        if (!src[1]) {
 556                                /* (1) */
 557                                src++;
 558                        } else if (is_dir_sep(src[1])) {
 559                                /* (2) */
 560                                src += 2;
 561                                while (is_dir_sep(*src))
 562                                        src++;
 563                                continue;
 564                        } else if (src[1] == '.') {
 565                                if (!src[2]) {
 566                                        /* (3) */
 567                                        src += 2;
 568                                        goto up_one;
 569                                } else if (is_dir_sep(src[2])) {
 570                                        /* (4) */
 571                                        src += 3;
 572                                        while (is_dir_sep(*src))
 573                                                src++;
 574                                        goto up_one;
 575                                }
 576                        }
 577                }
 578
 579                /* copy up to the next '/', and eat all '/' */
 580                while ((c = *src++) != '\0' && !is_dir_sep(c))
 581                        *dst++ = c;
 582                if (is_dir_sep(c)) {
 583                        *dst++ = '/';
 584                        while (is_dir_sep(c))
 585                                c = *src++;
 586                        src--;
 587                } else if (!c)
 588                        break;
 589                continue;
 590
 591        up_one:
 592                /*
 593                 * dst0..dst is prefix portion, and dst[-1] is '/';
 594                 * go up one level.
 595                 */
 596                dst--;  /* go to trailing '/' */
 597                if (dst <= dst0)
 598                        return -1;
 599                /* Windows: dst[-1] cannot be backslash anymore */
 600                while (dst0 < dst && dst[-1] != '/')
 601                        dst--;
 602        }
 603        *dst = '\0';
 604        return 0;
 605}
 606
 607/*
 608 * path = Canonical absolute path
 609 * prefix_list = Colon-separated list of absolute paths
 610 *
 611 * Determines, for each path in prefix_list, whether the "prefix" really
 612 * is an ancestor directory of path.  Returns the length of the longest
 613 * ancestor directory, excluding any trailing slashes, or -1 if no prefix
 614 * is an ancestor.  (Note that this means 0 is returned if prefix_list is
 615 * "/".) "/foo" is not considered an ancestor of "/foobar".  Directories
 616 * are not considered to be their own ancestors.  path must be in a
 617 * canonical form: empty components, or "." or ".." components are not
 618 * allowed.  prefix_list may be null, which is like "".
 619 */
 620int longest_ancestor_length(const char *path, const char *prefix_list)
 621{
 622        char buf[PATH_MAX+1];
 623        const char *ceil, *colon;
 624        int len, max_len = -1;
 625
 626        if (prefix_list == NULL || !strcmp(path, "/"))
 627                return -1;
 628
 629        for (colon = ceil = prefix_list; *colon; ceil = colon+1) {
 630                for (colon = ceil; *colon && *colon != PATH_SEP; colon++);
 631                len = colon - ceil;
 632                if (len == 0 || len > PATH_MAX || !is_absolute_path(ceil))
 633                        continue;
 634                strlcpy(buf, ceil, len+1);
 635                if (normalize_path_copy(buf, buf) < 0)
 636                        continue;
 637                len = strlen(buf);
 638                if (len > 0 && buf[len-1] == '/')
 639                        buf[--len] = '\0';
 640
 641                if (!strncmp(path, buf, len) &&
 642                    path[len] == '/' &&
 643                    len > max_len) {
 644                        max_len = len;
 645                }
 646        }
 647
 648        return max_len;
 649}
 650
 651/* strip arbitrary amount of directory separators at end of path */
 652static inline int chomp_trailing_dir_sep(const char *path, int len)
 653{
 654        while (len && is_dir_sep(path[len - 1]))
 655                len--;
 656        return len;
 657}
 658
 659/*
 660 * If path ends with suffix (complete path components), returns the
 661 * part before suffix (sans trailing directory separators).
 662 * Otherwise returns NULL.
 663 */
 664char *strip_path_suffix(const char *path, const char *suffix)
 665{
 666        int path_len = strlen(path), suffix_len = strlen(suffix);
 667
 668        while (suffix_len) {
 669                if (!path_len)
 670                        return NULL;
 671
 672                if (is_dir_sep(path[path_len - 1])) {
 673                        if (!is_dir_sep(suffix[suffix_len - 1]))
 674                                return NULL;
 675                        path_len = chomp_trailing_dir_sep(path, path_len);
 676                        suffix_len = chomp_trailing_dir_sep(suffix, suffix_len);
 677                }
 678                else if (path[--path_len] != suffix[--suffix_len])
 679                        return NULL;
 680        }
 681
 682        if (path_len && !is_dir_sep(path[path_len - 1]))
 683                return NULL;
 684        return xstrndup(path, chomp_trailing_dir_sep(path, path_len));
 685}
 686
 687int daemon_avoid_alias(const char *p)
 688{
 689        int sl, ndot;
 690
 691        /*
 692         * This resurrects the belts and suspenders paranoia check by HPA
 693         * done in <435560F7.4080006@zytor.com> thread, now enter_repo()
 694         * does not do getcwd() based path canonicalization.
 695         *
 696         * sl becomes true immediately after seeing '/' and continues to
 697         * be true as long as dots continue after that without intervening
 698         * non-dot character.
 699         */
 700        if (!p || (*p != '/' && *p != '~'))
 701                return -1;
 702        sl = 1; ndot = 0;
 703        p++;
 704
 705        while (1) {
 706                char ch = *p++;
 707                if (sl) {
 708                        if (ch == '.')
 709                                ndot++;
 710                        else if (ch == '/') {
 711                                if (ndot < 3)
 712                                        /* reject //, /./ and /../ */
 713                                        return -1;
 714                                ndot = 0;
 715                        }
 716                        else if (ch == 0) {
 717                                if (0 < ndot && ndot < 3)
 718                                        /* reject /.$ and /..$ */
 719                                        return -1;
 720                                return 0;
 721                        }
 722                        else
 723                                sl = ndot = 0;
 724                }
 725                else if (ch == 0)
 726                        return 0;
 727                else if (ch == '/') {
 728                        sl = 1;
 729                        ndot = 0;
 730                }
 731        }
 732}
 733
 734int offset_1st_component(const char *path)
 735{
 736        if (has_dos_drive_prefix(path))
 737                return 2 + is_dir_sep(path[2]);
 738        return is_dir_sep(path[0]);
 739}