2 * I'm tired of doing "vsnprintf()" etc just to open a
3 * file, so here's a "return static buffer with printf"
6 * It's obviously not thread-safe. Sue me. But it's quite
7 * useful for doing things like
9 * f = open(mkpath("%s/%s.git", base, name), O_RDONLY);
11 * which is what it's designed for.
16 static char bad_path
[] = "/bad-path/";
18 static char *get_pathname(void)
20 static char pathname_array
[4][PATH_MAX
];
22 return pathname_array
[3 & ++index
];
25 static char *cleanup_path(char *path
)
28 if (!memcmp(path
, "./", 2)) {
36 char *mksnpath(char *buf
, size_t n
, const char *fmt
, ...)
42 len
= vsnprintf(buf
, n
, fmt
, args
);
45 strlcpy(buf
, bad_path
, n
);
48 return cleanup_path(buf
);
51 static char *git_vsnpath(char *buf
, size_t n
, const char *fmt
, va_list args
)
53 const char *git_dir
= get_git_dir();
56 len
= strlen(git_dir
);
59 memcpy(buf
, git_dir
, len
);
60 if (len
&& !is_dir_sep(git_dir
[len
-1]))
62 len
+= vsnprintf(buf
+ len
, n
- len
, fmt
, args
);
65 return cleanup_path(buf
);
67 strlcpy(buf
, bad_path
, n
);
71 char *git_snpath(char *buf
, size_t n
, const char *fmt
, ...)
75 (void)git_vsnpath(buf
, n
, fmt
, args
);
80 char *git_pathdup(const char *fmt
, ...)
85 (void)git_vsnpath(path
, sizeof(path
), fmt
, args
);
90 char *mkpath(const char *fmt
, ...)
94 char *pathname
= get_pathname();
97 len
= vsnprintf(pathname
, PATH_MAX
, fmt
, args
);
101 return cleanup_path(pathname
);
104 char *git_path(const char *fmt
, ...)
106 const char *git_dir
= get_git_dir();
107 char *pathname
= get_pathname();
111 len
= strlen(git_dir
);
112 if (len
> PATH_MAX
-100)
114 memcpy(pathname
, git_dir
, len
);
115 if (len
&& git_dir
[len
-1] != '/')
116 pathname
[len
++] = '/';
118 len
+= vsnprintf(pathname
+ len
, PATH_MAX
- len
, fmt
, args
);
122 return cleanup_path(pathname
);
126 /* git_mkstemp() - create tmp file honoring TMPDIR variable */
127 int git_mkstemp(char *path
, size_t len
, const char *template)
132 tmp
= getenv("TMPDIR");
135 n
= snprintf(path
, len
, "%s/%s", tmp
, template);
137 errno
= ENAMETOOLONG
;
140 return mkstemp(path
);
143 /* git_mkstemps() - create tmp file with suffix honoring TMPDIR variable. */
144 int git_mkstemps(char *path
, size_t len
, const char *template, int suffix_len
)
149 tmp
= getenv("TMPDIR");
152 n
= snprintf(path
, len
, "%s/%s", tmp
, template);
154 errno
= ENAMETOOLONG
;
157 return mkstemps(path
, suffix_len
);
160 /* Adapted from libiberty's mkstemp.c. */
163 #define TMP_MAX 16384
165 int git_mkstemps_mode(char *pattern
, int suffix_len
, int mode
)
167 static const char letters
[] =
168 "abcdefghijklmnopqrstuvwxyz"
169 "ABCDEFGHIJKLMNOPQRSTUVWXYZ"
171 static const int num_letters
= 62;
178 len
= strlen(pattern
);
180 if (len
< 6 + suffix_len
) {
185 if (strncmp(&pattern
[len
- 6 - suffix_len
], "XXXXXX", 6)) {
191 * Replace pattern's XXXXXX characters with randomness.
192 * Try TMP_MAX different filenames.
194 gettimeofday(&tv
, NULL
);
195 value
= ((size_t)(tv
.tv_usec
<< 16)) ^ tv
.tv_sec
^ getpid();
196 template = &pattern
[len
- 6 - suffix_len
];
197 for (count
= 0; count
< TMP_MAX
; ++count
) {
199 /* Fill in the random bits. */
200 template[0] = letters
[v
% num_letters
]; v
/= num_letters
;
201 template[1] = letters
[v
% num_letters
]; v
/= num_letters
;
202 template[2] = letters
[v
% num_letters
]; v
/= num_letters
;
203 template[3] = letters
[v
% num_letters
]; v
/= num_letters
;
204 template[4] = letters
[v
% num_letters
]; v
/= num_letters
;
205 template[5] = letters
[v
% num_letters
]; v
/= num_letters
;
207 fd
= open(pattern
, O_CREAT
| O_EXCL
| O_RDWR
, mode
);
211 * Fatal error (EPERM, ENOSPC etc).
212 * It doesn't make sense to loop.
217 * This is a random value. It is only necessary that
218 * the next TMP_MAX values generated by adding 7777 to
219 * VALUE are different with (module 2^32).
223 /* We return the null string if we can't find a unique file name. */
228 int git_mkstemp_mode(char *pattern
, int mode
)
230 /* mkstemp is just mkstemps with no suffix */
231 return git_mkstemps_mode(pattern
, 0, mode
);
234 int gitmkstemps(char *pattern
, int suffix_len
)
236 return git_mkstemps_mode(pattern
, suffix_len
, 0600);
239 int validate_headref(const char *path
)
242 char *buf
, buffer
[256];
243 unsigned char sha1
[20];
247 if (lstat(path
, &st
) < 0)
250 /* Make sure it is a "refs/.." symlink */
251 if (S_ISLNK(st
.st_mode
)) {
252 len
= readlink(path
, buffer
, sizeof(buffer
)-1);
253 if (len
>= 5 && !memcmp("refs/", buffer
, 5))
259 * Anything else, just open it and try to see if it is a symbolic ref.
261 fd
= open(path
, O_RDONLY
);
264 len
= read_in_full(fd
, buffer
, sizeof(buffer
)-1);
268 * Is it a symbolic ref?
272 if (!memcmp("ref:", buffer
, 4)) {
275 while (len
&& isspace(*buf
))
277 if (len
>= 5 && !memcmp("refs/", buf
, 5))
282 * Is this a detached HEAD?
284 if (!get_sha1_hex(buffer
, sha1
))
290 static struct passwd
*getpw_str(const char *username
, size_t len
)
293 char *username_z
= xmalloc(len
+ 1);
294 memcpy(username_z
, username
, len
);
295 username_z
[len
] = '\0';
296 pw
= getpwnam(username_z
);
302 * Return a string with ~ and ~user expanded via getpw*. If buf != NULL,
303 * then it is a newly allocated string. Returns NULL on getpw failure or
306 char *expand_user_path(const char *path
)
308 struct strbuf user_path
= STRBUF_INIT
;
309 const char *first_slash
= strchrnul(path
, '/');
310 const char *to_copy
= path
;
314 if (path
[0] == '~') {
315 const char *username
= path
+ 1;
316 size_t username_len
= first_slash
- username
;
317 if (username_len
== 0) {
318 const char *home
= get_home_directory();
319 strbuf_add(&user_path
, home
, strlen(home
));
321 struct passwd
*pw
= getpw_str(username
, username_len
);
324 strbuf_add(&user_path
, pw
->pw_dir
, strlen(pw
->pw_dir
));
326 to_copy
= first_slash
;
328 strbuf_add(&user_path
, to_copy
, strlen(to_copy
));
329 return strbuf_detach(&user_path
, NULL
);
331 strbuf_release(&user_path
);
336 * First, one directory to try is determined by the following algorithm.
338 * (0) If "strict" is given, the path is used as given and no DWIM is
340 * (1) "~/path" to mean path under the running user's home directory;
341 * (2) "~user/path" to mean path under named user's home directory;
342 * (3) "relative/path" to mean cwd relative directory; or
343 * (4) "/absolute/path" to mean absolute directory.
345 * Unless "strict" is given, we try access() for existence of "%s.git/.git",
346 * "%s/.git", "%s.git", "%s" in this order. The first one that exists is
349 * Second, we try chdir() to that. Upon failure, we return NULL.
351 * Then, we try if the current directory is a valid git repository.
352 * Upon failure, we return NULL.
354 * If all goes well, we return the directory we used to chdir() (but
355 * before ~user is expanded), avoiding getcwd() resolving symbolic
356 * links. User relative paths are also returned as they are given,
357 * except DWIM suffixing.
359 char *enter_repo(char *path
, int strict
)
361 static char used_path
[PATH_MAX
];
362 static char validated_path
[PATH_MAX
];
368 static const char *suffix
[] = {
369 ".git/.git", "/.git", ".git", "", NULL
,
371 int len
= strlen(path
);
373 while ((1 < len
) && (path
[len
-1] == '/')) {
379 if (path
[0] == '~') {
380 char *newpath
= expand_user_path(path
);
381 if (!newpath
|| (PATH_MAX
- 10 < strlen(newpath
))) {
386 * Copy back into the static buffer. A pity
387 * since newpath was not bounded, but other
388 * branches of the if are limited by PATH_MAX
391 strcpy(used_path
, newpath
); free(newpath
);
392 strcpy(validated_path
, path
);
395 else if (PATH_MAX
- 10 < len
)
398 path
= strcpy(used_path
, path
);
399 strcpy(validated_path
, path
);
402 for (i
= 0; suffix
[i
]; i
++) {
403 strcpy(path
+ len
, suffix
[i
]);
404 if (!access(path
, F_OK
)) {
405 strcat(validated_path
, suffix
[i
]);
409 if (!suffix
[i
] || chdir(path
))
411 path
= validated_path
;
413 else if (chdir(path
))
416 if (access("objects", X_OK
) == 0 && access("refs", X_OK
) == 0 &&
417 validate_headref("HEAD") == 0) {
419 check_repository_format();
426 int set_shared_perm(const char *path
, int mode
)
429 int tweak
, shared
, orig_mode
;
431 if (!shared_repository
) {
433 return chmod(path
, mode
& ~S_IFMT
);
437 if (lstat(path
, &st
) < 0)
443 if (shared_repository
< 0)
444 shared
= -shared_repository
;
446 shared
= shared_repository
;
449 if (!(mode
& S_IWUSR
))
452 /* Copy read bits to execute bits */
453 tweak
|= (tweak
& 0444) >> 2;
454 if (shared_repository
< 0)
455 mode
= (mode
& ~0777) | tweak
;
460 /* Copy read bits to execute bits */
461 mode
|= (shared
& 0444) >> 2;
462 mode
|= FORCE_DIR_SET_GID
;
465 if (((shared_repository
< 0
466 ? (orig_mode
& (FORCE_DIR_SET_GID
| 0777))
467 : (orig_mode
& mode
)) != mode
) &&
468 chmod(path
, (mode
& ~S_IFMT
)) < 0)
473 const char *make_relative_path(const char *abs
, const char *base
)
475 static char buf
[PATH_MAX
+ 1];
478 if (!base
|| !base
[0])
481 if (is_dir_sep(base
[i
])) {
482 if (!is_dir_sep(abs
[j
]))
484 while (is_dir_sep(base
[i
]))
486 while (is_dir_sep(abs
[j
]))
489 } else if (abs
[j
] != base
[i
]) {
496 /* "/foo" is a prefix of "/foo" */
498 /* "/foo" is not a prefix of "/foobar" */
499 !is_dir_sep(base
[i
-1]) && !is_dir_sep(abs
[j
])
502 while (is_dir_sep(abs
[j
]))
507 strcpy(buf
, abs
+ j
);
512 * It is okay if dst == src, but they should not overlap otherwise.
514 * Performs the following normalizations on src, storing the result in dst:
515 * - Ensures that components are separated by '/' (Windows only)
516 * - Squashes sequences of '/'.
517 * - Removes "." components.
518 * - Removes ".." components, and the components the precede them.
519 * Returns failure (non-zero) if a ".." component appears as first path
520 * component anytime during the normalization. Otherwise, returns success (0).
522 * Note that this function is purely textual. It does not follow symlinks,
523 * verify the existence of the path, or make any system calls.
525 int normalize_path_copy(char *dst
, const char *src
)
529 if (has_dos_drive_prefix(src
)) {
535 if (is_dir_sep(*src
)) {
537 while (is_dir_sep(*src
))
545 * A path component that begins with . could be
547 * (1) "." and ends -- ignore and terminate.
548 * (2) "./" -- ignore them, eat slash and continue.
549 * (3) ".." and ends -- strip one and terminate.
550 * (4) "../" -- strip one, eat slash and continue.
556 } else if (is_dir_sep(src
[1])) {
559 while (is_dir_sep(*src
))
562 } else if (src
[1] == '.') {
567 } else if (is_dir_sep(src
[2])) {
570 while (is_dir_sep(*src
))
577 /* copy up to the next '/', and eat all '/' */
578 while ((c
= *src
++) != '\0' && !is_dir_sep(c
))
582 while (is_dir_sep(c
))
591 * dst0..dst is prefix portion, and dst[-1] is '/';
594 dst
--; /* go to trailing '/' */
597 /* Windows: dst[-1] cannot be backslash anymore */
598 while (dst0
< dst
&& dst
[-1] != '/')
606 * path = Canonical absolute path
607 * prefix_list = Colon-separated list of absolute paths
609 * Determines, for each path in prefix_list, whether the "prefix" really
610 * is an ancestor directory of path. Returns the length of the longest
611 * ancestor directory, excluding any trailing slashes, or -1 if no prefix
612 * is an ancestor. (Note that this means 0 is returned if prefix_list is
613 * "/".) "/foo" is not considered an ancestor of "/foobar". Directories
614 * are not considered to be their own ancestors. path must be in a
615 * canonical form: empty components, or "." or ".." components are not
616 * allowed. prefix_list may be null, which is like "".
618 int longest_ancestor_length(const char *path
, const char *prefix_list
)
620 char buf
[PATH_MAX
+1];
621 const char *ceil
, *colon
;
622 int len
, max_len
= -1;
624 if (prefix_list
== NULL
|| !strcmp(path
, "/"))
627 for (colon
= ceil
= prefix_list
; *colon
; ceil
= colon
+1) {
628 for (colon
= ceil
; *colon
&& *colon
!= PATH_SEP
; colon
++);
630 if (len
== 0 || len
> PATH_MAX
|| !is_absolute_path(ceil
))
632 strlcpy(buf
, ceil
, len
+1);
633 if (normalize_path_copy(buf
, buf
) < 0)
636 if (len
> 0 && buf
[len
-1] == '/')
639 if (!strncmp(path
, buf
, len
) &&
649 /* strip arbitrary amount of directory separators at end of path */
650 static inline int chomp_trailing_dir_sep(const char *path
, int len
)
652 while (len
&& is_dir_sep(path
[len
- 1]))
658 * If path ends with suffix (complete path components), returns the
659 * part before suffix (sans trailing directory separators).
660 * Otherwise returns NULL.
662 char *strip_path_suffix(const char *path
, const char *suffix
)
664 int path_len
= strlen(path
), suffix_len
= strlen(suffix
);
670 if (is_dir_sep(path
[path_len
- 1])) {
671 if (!is_dir_sep(suffix
[suffix_len
- 1]))
673 path_len
= chomp_trailing_dir_sep(path
, path_len
);
674 suffix_len
= chomp_trailing_dir_sep(suffix
, suffix_len
);
676 else if (path
[--path_len
] != suffix
[--suffix_len
])
680 if (path_len
&& !is_dir_sep(path
[path_len
- 1]))
682 return xstrndup(path
, chomp_trailing_dir_sep(path
, path_len
));
685 int daemon_avoid_alias(const char *p
)
690 * This resurrects the belts and suspenders paranoia check by HPA
691 * done in <435560F7.4080006@zytor.com> thread, now enter_repo()
692 * does not do getcwd() based path canonicalization.
694 * sl becomes true immediately after seeing '/' and continues to
695 * be true as long as dots continue after that without intervening
698 if (!p
|| (*p
!= '/' && *p
!= '~'))
708 else if (ch
== '/') {
710 /* reject //, /./ and /../ */
715 if (0 < ndot
&& ndot
< 3)
716 /* reject /.$ and /..$ */
725 else if (ch
== '/') {
732 int offset_1st_component(const char *path
)
734 if (has_dos_drive_prefix(path
))
735 return 2 + is_dir_sep(path
[2]);
736 return is_dir_sep(path
[0]);