path.con commit ident: use a dynamic strbuf in fmt_ident (c96f0c8)
   1/*
   2 * I'm tired of doing "vsnprintf()" etc just to open a
   3 * file, so here's a "return static buffer with printf"
   4 * interface for paths.
   5 *
   6 * It's obviously not thread-safe. Sue me. But it's quite
   7 * useful for doing things like
   8 *
   9 *   f = open(mkpath("%s/%s.git", base, name), O_RDONLY);
  10 *
  11 * which is what it's designed for.
  12 */
  13#include "cache.h"
  14#include "strbuf.h"
  15
  16static char bad_path[] = "/bad-path/";
  17
  18static char *get_pathname(void)
  19{
  20        static char pathname_array[4][PATH_MAX];
  21        static int index;
  22        return pathname_array[3 & ++index];
  23}
  24
  25static char *cleanup_path(char *path)
  26{
  27        /* Clean it up */
  28        if (!memcmp(path, "./", 2)) {
  29                path += 2;
  30                while (*path == '/')
  31                        path++;
  32        }
  33        return path;
  34}
  35
  36char *mksnpath(char *buf, size_t n, const char *fmt, ...)
  37{
  38        va_list args;
  39        unsigned len;
  40
  41        va_start(args, fmt);
  42        len = vsnprintf(buf, n, fmt, args);
  43        va_end(args);
  44        if (len >= n) {
  45                strlcpy(buf, bad_path, n);
  46                return buf;
  47        }
  48        return cleanup_path(buf);
  49}
  50
  51static char *git_vsnpath(char *buf, size_t n, const char *fmt, va_list args)
  52{
  53        const char *git_dir = get_git_dir();
  54        size_t len;
  55
  56        len = strlen(git_dir);
  57        if (n < len + 1)
  58                goto bad;
  59        memcpy(buf, git_dir, len);
  60        if (len && !is_dir_sep(git_dir[len-1]))
  61                buf[len++] = '/';
  62        len += vsnprintf(buf + len, n - len, fmt, args);
  63        if (len >= n)
  64                goto bad;
  65        return cleanup_path(buf);
  66bad:
  67        strlcpy(buf, bad_path, n);
  68        return buf;
  69}
  70
  71char *git_snpath(char *buf, size_t n, const char *fmt, ...)
  72{
  73        va_list args;
  74        va_start(args, fmt);
  75        (void)git_vsnpath(buf, n, fmt, args);
  76        va_end(args);
  77        return buf;
  78}
  79
  80char *git_pathdup(const char *fmt, ...)
  81{
  82        char path[PATH_MAX];
  83        va_list args;
  84        va_start(args, fmt);
  85        (void)git_vsnpath(path, sizeof(path), fmt, args);
  86        va_end(args);
  87        return xstrdup(path);
  88}
  89
  90char *mkpath(const char *fmt, ...)
  91{
  92        va_list args;
  93        unsigned len;
  94        char *pathname = get_pathname();
  95
  96        va_start(args, fmt);
  97        len = vsnprintf(pathname, PATH_MAX, fmt, args);
  98        va_end(args);
  99        if (len >= PATH_MAX)
 100                return bad_path;
 101        return cleanup_path(pathname);
 102}
 103
 104char *git_path(const char *fmt, ...)
 105{
 106        const char *git_dir = get_git_dir();
 107        char *pathname = get_pathname();
 108        va_list args;
 109        unsigned len;
 110
 111        len = strlen(git_dir);
 112        if (len > PATH_MAX-100)
 113                return bad_path;
 114        memcpy(pathname, git_dir, len);
 115        if (len && git_dir[len-1] != '/')
 116                pathname[len++] = '/';
 117        va_start(args, fmt);
 118        len += vsnprintf(pathname + len, PATH_MAX - len, fmt, args);
 119        va_end(args);
 120        if (len >= PATH_MAX)
 121                return bad_path;
 122        return cleanup_path(pathname);
 123}
 124
 125char *git_path_submodule(const char *path, const char *fmt, ...)
 126{
 127        char *pathname = get_pathname();
 128        struct strbuf buf = STRBUF_INIT;
 129        const char *git_dir;
 130        va_list args;
 131        unsigned len;
 132
 133        len = strlen(path);
 134        if (len > PATH_MAX-100)
 135                return bad_path;
 136
 137        strbuf_addstr(&buf, path);
 138        if (len && path[len-1] != '/')
 139                strbuf_addch(&buf, '/');
 140        strbuf_addstr(&buf, ".git");
 141
 142        git_dir = read_gitfile(buf.buf);
 143        if (git_dir) {
 144                strbuf_reset(&buf);
 145                strbuf_addstr(&buf, git_dir);
 146        }
 147        strbuf_addch(&buf, '/');
 148
 149        if (buf.len >= PATH_MAX)
 150                return bad_path;
 151        memcpy(pathname, buf.buf, buf.len + 1);
 152
 153        strbuf_release(&buf);
 154        len = strlen(pathname);
 155
 156        va_start(args, fmt);
 157        len += vsnprintf(pathname + len, PATH_MAX - len, fmt, args);
 158        va_end(args);
 159        if (len >= PATH_MAX)
 160                return bad_path;
 161        return cleanup_path(pathname);
 162}
 163
 164int validate_headref(const char *path)
 165{
 166        struct stat st;
 167        char *buf, buffer[256];
 168        unsigned char sha1[20];
 169        int fd;
 170        ssize_t len;
 171
 172        if (lstat(path, &st) < 0)
 173                return -1;
 174
 175        /* Make sure it is a "refs/.." symlink */
 176        if (S_ISLNK(st.st_mode)) {
 177                len = readlink(path, buffer, sizeof(buffer)-1);
 178                if (len >= 5 && !memcmp("refs/", buffer, 5))
 179                        return 0;
 180                return -1;
 181        }
 182
 183        /*
 184         * Anything else, just open it and try to see if it is a symbolic ref.
 185         */
 186        fd = open(path, O_RDONLY);
 187        if (fd < 0)
 188                return -1;
 189        len = read_in_full(fd, buffer, sizeof(buffer)-1);
 190        close(fd);
 191
 192        /*
 193         * Is it a symbolic ref?
 194         */
 195        if (len < 4)
 196                return -1;
 197        if (!memcmp("ref:", buffer, 4)) {
 198                buf = buffer + 4;
 199                len -= 4;
 200                while (len && isspace(*buf))
 201                        buf++, len--;
 202                if (len >= 5 && !memcmp("refs/", buf, 5))
 203                        return 0;
 204        }
 205
 206        /*
 207         * Is this a detached HEAD?
 208         */
 209        if (!get_sha1_hex(buffer, sha1))
 210                return 0;
 211
 212        return -1;
 213}
 214
 215static struct passwd *getpw_str(const char *username, size_t len)
 216{
 217        struct passwd *pw;
 218        char *username_z = xmalloc(len + 1);
 219        memcpy(username_z, username, len);
 220        username_z[len] = '\0';
 221        pw = getpwnam(username_z);
 222        free(username_z);
 223        return pw;
 224}
 225
 226/*
 227 * Return a string with ~ and ~user expanded via getpw*.  If buf != NULL,
 228 * then it is a newly allocated string. Returns NULL on getpw failure or
 229 * if path is NULL.
 230 */
 231char *expand_user_path(const char *path)
 232{
 233        struct strbuf user_path = STRBUF_INIT;
 234        const char *first_slash = strchrnul(path, '/');
 235        const char *to_copy = path;
 236
 237        if (path == NULL)
 238                goto return_null;
 239        if (path[0] == '~') {
 240                const char *username = path + 1;
 241                size_t username_len = first_slash - username;
 242                if (username_len == 0) {
 243                        const char *home = getenv("HOME");
 244                        if (!home)
 245                                goto return_null;
 246                        strbuf_add(&user_path, home, strlen(home));
 247                } else {
 248                        struct passwd *pw = getpw_str(username, username_len);
 249                        if (!pw)
 250                                goto return_null;
 251                        strbuf_add(&user_path, pw->pw_dir, strlen(pw->pw_dir));
 252                }
 253                to_copy = first_slash;
 254        }
 255        strbuf_add(&user_path, to_copy, strlen(to_copy));
 256        return strbuf_detach(&user_path, NULL);
 257return_null:
 258        strbuf_release(&user_path);
 259        return NULL;
 260}
 261
 262/*
 263 * First, one directory to try is determined by the following algorithm.
 264 *
 265 * (0) If "strict" is given, the path is used as given and no DWIM is
 266 *     done. Otherwise:
 267 * (1) "~/path" to mean path under the running user's home directory;
 268 * (2) "~user/path" to mean path under named user's home directory;
 269 * (3) "relative/path" to mean cwd relative directory; or
 270 * (4) "/absolute/path" to mean absolute directory.
 271 *
 272 * Unless "strict" is given, we try access() for existence of "%s.git/.git",
 273 * "%s/.git", "%s.git", "%s" in this order.  The first one that exists is
 274 * what we try.
 275 *
 276 * Second, we try chdir() to that.  Upon failure, we return NULL.
 277 *
 278 * Then, we try if the current directory is a valid git repository.
 279 * Upon failure, we return NULL.
 280 *
 281 * If all goes well, we return the directory we used to chdir() (but
 282 * before ~user is expanded), avoiding getcwd() resolving symbolic
 283 * links.  User relative paths are also returned as they are given,
 284 * except DWIM suffixing.
 285 */
 286const char *enter_repo(const char *path, int strict)
 287{
 288        static char used_path[PATH_MAX];
 289        static char validated_path[PATH_MAX];
 290
 291        if (!path)
 292                return NULL;
 293
 294        if (!strict) {
 295                static const char *suffix[] = {
 296                        "/.git", "", ".git/.git", ".git", NULL,
 297                };
 298                const char *gitfile;
 299                int len = strlen(path);
 300                int i;
 301                while ((1 < len) && (path[len-1] == '/'))
 302                        len--;
 303
 304                if (PATH_MAX <= len)
 305                        return NULL;
 306                strncpy(used_path, path, len); used_path[len] = 0 ;
 307                strcpy(validated_path, used_path);
 308
 309                if (used_path[0] == '~') {
 310                        char *newpath = expand_user_path(used_path);
 311                        if (!newpath || (PATH_MAX - 10 < strlen(newpath))) {
 312                                free(newpath);
 313                                return NULL;
 314                        }
 315                        /*
 316                         * Copy back into the static buffer. A pity
 317                         * since newpath was not bounded, but other
 318                         * branches of the if are limited by PATH_MAX
 319                         * anyway.
 320                         */
 321                        strcpy(used_path, newpath); free(newpath);
 322                }
 323                else if (PATH_MAX - 10 < len)
 324                        return NULL;
 325                len = strlen(used_path);
 326                for (i = 0; suffix[i]; i++) {
 327                        struct stat st;
 328                        strcpy(used_path + len, suffix[i]);
 329                        if (!stat(used_path, &st) &&
 330                            (S_ISREG(st.st_mode) ||
 331                            (S_ISDIR(st.st_mode) && is_git_directory(used_path)))) {
 332                                strcat(validated_path, suffix[i]);
 333                                break;
 334                        }
 335                }
 336                if (!suffix[i])
 337                        return NULL;
 338                gitfile = read_gitfile(used_path) ;
 339                if (gitfile)
 340                        strcpy(used_path, gitfile);
 341                if (chdir(used_path))
 342                        return NULL;
 343                path = validated_path;
 344        }
 345        else if (chdir(path))
 346                return NULL;
 347
 348        if (access("objects", X_OK) == 0 && access("refs", X_OK) == 0 &&
 349            validate_headref("HEAD") == 0) {
 350                set_git_dir(".");
 351                check_repository_format();
 352                return path;
 353        }
 354
 355        return NULL;
 356}
 357
 358int set_shared_perm(const char *path, int mode)
 359{
 360        struct stat st;
 361        int tweak, shared, orig_mode;
 362
 363        if (!shared_repository) {
 364                if (mode)
 365                        return chmod(path, mode & ~S_IFMT);
 366                return 0;
 367        }
 368        if (!mode) {
 369                if (lstat(path, &st) < 0)
 370                        return -1;
 371                mode = st.st_mode;
 372                orig_mode = mode;
 373        } else
 374                orig_mode = 0;
 375        if (shared_repository < 0)
 376                shared = -shared_repository;
 377        else
 378                shared = shared_repository;
 379        tweak = shared;
 380
 381        if (!(mode & S_IWUSR))
 382                tweak &= ~0222;
 383        if (mode & S_IXUSR)
 384                /* Copy read bits to execute bits */
 385                tweak |= (tweak & 0444) >> 2;
 386        if (shared_repository < 0)
 387                mode = (mode & ~0777) | tweak;
 388        else
 389                mode |= tweak;
 390
 391        if (S_ISDIR(mode)) {
 392                /* Copy read bits to execute bits */
 393                mode |= (shared & 0444) >> 2;
 394                mode |= FORCE_DIR_SET_GID;
 395        }
 396
 397        if (((shared_repository < 0
 398              ? (orig_mode & (FORCE_DIR_SET_GID | 0777))
 399              : (orig_mode & mode)) != mode) &&
 400            chmod(path, (mode & ~S_IFMT)) < 0)
 401                return -2;
 402        return 0;
 403}
 404
 405const char *relative_path(const char *abs, const char *base)
 406{
 407        static char buf[PATH_MAX + 1];
 408        int i = 0, j = 0;
 409
 410        if (!base || !base[0])
 411                return abs;
 412        while (base[i]) {
 413                if (is_dir_sep(base[i])) {
 414                        if (!is_dir_sep(abs[j]))
 415                                return abs;
 416                        while (is_dir_sep(base[i]))
 417                                i++;
 418                        while (is_dir_sep(abs[j]))
 419                                j++;
 420                        continue;
 421                } else if (abs[j] != base[i]) {
 422                        return abs;
 423                }
 424                i++;
 425                j++;
 426        }
 427        if (
 428            /* "/foo" is a prefix of "/foo" */
 429            abs[j] &&
 430            /* "/foo" is not a prefix of "/foobar" */
 431            !is_dir_sep(base[i-1]) && !is_dir_sep(abs[j])
 432           )
 433                return abs;
 434        while (is_dir_sep(abs[j]))
 435                j++;
 436        if (!abs[j])
 437                strcpy(buf, ".");
 438        else
 439                strcpy(buf, abs + j);
 440        return buf;
 441}
 442
 443/*
 444 * It is okay if dst == src, but they should not overlap otherwise.
 445 *
 446 * Performs the following normalizations on src, storing the result in dst:
 447 * - Ensures that components are separated by '/' (Windows only)
 448 * - Squashes sequences of '/'.
 449 * - Removes "." components.
 450 * - Removes ".." components, and the components the precede them.
 451 * Returns failure (non-zero) if a ".." component appears as first path
 452 * component anytime during the normalization. Otherwise, returns success (0).
 453 *
 454 * Note that this function is purely textual.  It does not follow symlinks,
 455 * verify the existence of the path, or make any system calls.
 456 */
 457int normalize_path_copy(char *dst, const char *src)
 458{
 459        char *dst0;
 460
 461        if (has_dos_drive_prefix(src)) {
 462                *dst++ = *src++;
 463                *dst++ = *src++;
 464        }
 465        dst0 = dst;
 466
 467        if (is_dir_sep(*src)) {
 468                *dst++ = '/';
 469                while (is_dir_sep(*src))
 470                        src++;
 471        }
 472
 473        for (;;) {
 474                char c = *src;
 475
 476                /*
 477                 * A path component that begins with . could be
 478                 * special:
 479                 * (1) "." and ends   -- ignore and terminate.
 480                 * (2) "./"           -- ignore them, eat slash and continue.
 481                 * (3) ".." and ends  -- strip one and terminate.
 482                 * (4) "../"          -- strip one, eat slash and continue.
 483                 */
 484                if (c == '.') {
 485                        if (!src[1]) {
 486                                /* (1) */
 487                                src++;
 488                        } else if (is_dir_sep(src[1])) {
 489                                /* (2) */
 490                                src += 2;
 491                                while (is_dir_sep(*src))
 492                                        src++;
 493                                continue;
 494                        } else if (src[1] == '.') {
 495                                if (!src[2]) {
 496                                        /* (3) */
 497                                        src += 2;
 498                                        goto up_one;
 499                                } else if (is_dir_sep(src[2])) {
 500                                        /* (4) */
 501                                        src += 3;
 502                                        while (is_dir_sep(*src))
 503                                                src++;
 504                                        goto up_one;
 505                                }
 506                        }
 507                }
 508
 509                /* copy up to the next '/', and eat all '/' */
 510                while ((c = *src++) != '\0' && !is_dir_sep(c))
 511                        *dst++ = c;
 512                if (is_dir_sep(c)) {
 513                        *dst++ = '/';
 514                        while (is_dir_sep(c))
 515                                c = *src++;
 516                        src--;
 517                } else if (!c)
 518                        break;
 519                continue;
 520
 521        up_one:
 522                /*
 523                 * dst0..dst is prefix portion, and dst[-1] is '/';
 524                 * go up one level.
 525                 */
 526                dst--;  /* go to trailing '/' */
 527                if (dst <= dst0)
 528                        return -1;
 529                /* Windows: dst[-1] cannot be backslash anymore */
 530                while (dst0 < dst && dst[-1] != '/')
 531                        dst--;
 532        }
 533        *dst = '\0';
 534        return 0;
 535}
 536
 537/*
 538 * path = Canonical absolute path
 539 * prefix_list = Colon-separated list of absolute paths
 540 *
 541 * Determines, for each path in prefix_list, whether the "prefix" really
 542 * is an ancestor directory of path.  Returns the length of the longest
 543 * ancestor directory, excluding any trailing slashes, or -1 if no prefix
 544 * is an ancestor.  (Note that this means 0 is returned if prefix_list is
 545 * "/".) "/foo" is not considered an ancestor of "/foobar".  Directories
 546 * are not considered to be their own ancestors.  path must be in a
 547 * canonical form: empty components, or "." or ".." components are not
 548 * allowed.  prefix_list may be null, which is like "".
 549 */
 550int longest_ancestor_length(const char *path, const char *prefix_list)
 551{
 552        char buf[PATH_MAX+1];
 553        const char *ceil, *colon;
 554        int len, max_len = -1;
 555
 556        if (prefix_list == NULL || !strcmp(path, "/"))
 557                return -1;
 558
 559        for (colon = ceil = prefix_list; *colon; ceil = colon+1) {
 560                for (colon = ceil; *colon && *colon != PATH_SEP; colon++);
 561                len = colon - ceil;
 562                if (len == 0 || len > PATH_MAX || !is_absolute_path(ceil))
 563                        continue;
 564                strlcpy(buf, ceil, len+1);
 565                if (normalize_path_copy(buf, buf) < 0)
 566                        continue;
 567                len = strlen(buf);
 568                if (len > 0 && buf[len-1] == '/')
 569                        buf[--len] = '\0';
 570
 571                if (!strncmp(path, buf, len) &&
 572                    path[len] == '/' &&
 573                    len > max_len) {
 574                        max_len = len;
 575                }
 576        }
 577
 578        return max_len;
 579}
 580
 581/* strip arbitrary amount of directory separators at end of path */
 582static inline int chomp_trailing_dir_sep(const char *path, int len)
 583{
 584        while (len && is_dir_sep(path[len - 1]))
 585                len--;
 586        return len;
 587}
 588
 589/*
 590 * If path ends with suffix (complete path components), returns the
 591 * part before suffix (sans trailing directory separators).
 592 * Otherwise returns NULL.
 593 */
 594char *strip_path_suffix(const char *path, const char *suffix)
 595{
 596        int path_len = strlen(path), suffix_len = strlen(suffix);
 597
 598        while (suffix_len) {
 599                if (!path_len)
 600                        return NULL;
 601
 602                if (is_dir_sep(path[path_len - 1])) {
 603                        if (!is_dir_sep(suffix[suffix_len - 1]))
 604                                return NULL;
 605                        path_len = chomp_trailing_dir_sep(path, path_len);
 606                        suffix_len = chomp_trailing_dir_sep(suffix, suffix_len);
 607                }
 608                else if (path[--path_len] != suffix[--suffix_len])
 609                        return NULL;
 610        }
 611
 612        if (path_len && !is_dir_sep(path[path_len - 1]))
 613                return NULL;
 614        return xstrndup(path, chomp_trailing_dir_sep(path, path_len));
 615}
 616
 617int daemon_avoid_alias(const char *p)
 618{
 619        int sl, ndot;
 620
 621        /*
 622         * This resurrects the belts and suspenders paranoia check by HPA
 623         * done in <435560F7.4080006@zytor.com> thread, now enter_repo()
 624         * does not do getcwd() based path canonicalization.
 625         *
 626         * sl becomes true immediately after seeing '/' and continues to
 627         * be true as long as dots continue after that without intervening
 628         * non-dot character.
 629         */
 630        if (!p || (*p != '/' && *p != '~'))
 631                return -1;
 632        sl = 1; ndot = 0;
 633        p++;
 634
 635        while (1) {
 636                char ch = *p++;
 637                if (sl) {
 638                        if (ch == '.')
 639                                ndot++;
 640                        else if (ch == '/') {
 641                                if (ndot < 3)
 642                                        /* reject //, /./ and /../ */
 643                                        return -1;
 644                                ndot = 0;
 645                        }
 646                        else if (ch == 0) {
 647                                if (0 < ndot && ndot < 3)
 648                                        /* reject /.$ and /..$ */
 649                                        return -1;
 650                                return 0;
 651                        }
 652                        else
 653                                sl = ndot = 0;
 654                }
 655                else if (ch == 0)
 656                        return 0;
 657                else if (ch == '/') {
 658                        sl = 1;
 659                        ndot = 0;
 660                }
 661        }
 662}
 663
 664int offset_1st_component(const char *path)
 665{
 666        if (has_dos_drive_prefix(path))
 667                return 2 + is_dir_sep(path[2]);
 668        return is_dir_sep(path[0]);
 669}