Merge branch 'jc/maint-clean-nested-dir-safety' into maint
[git/spearce.git] / path.c
blob047fdb0a1fe8151f5f275ca5333365df786a8abd
1 /*
2 * I'm tired of doing "vsnprintf()" etc just to open a
3 * file, so here's a "return static buffer with printf"
4 * interface for paths.
6 * It's obviously not thread-safe. Sue me. But it's quite
7 * useful for doing things like
9 * f = open(mkpath("%s/%s.git", base, name), O_RDONLY);
11 * which is what it's designed for.
13 #include "cache.h"
15 static char bad_path[] = "/bad-path/";
17 static char *get_pathname(void)
19 static char pathname_array[4][PATH_MAX];
20 static int index;
21 return pathname_array[3 & ++index];
24 static char *cleanup_path(char *path)
26 /* Clean it up */
27 if (!memcmp(path, "./", 2)) {
28 path += 2;
29 while (*path == '/')
30 path++;
32 return path;
35 char *mksnpath(char *buf, size_t n, const char *fmt, ...)
37 va_list args;
38 unsigned len;
40 va_start(args, fmt);
41 len = vsnprintf(buf, n, fmt, args);
42 va_end(args);
43 if (len >= n) {
44 strlcpy(buf, bad_path, n);
45 return buf;
47 return cleanup_path(buf);
50 static char *git_vsnpath(char *buf, size_t n, const char *fmt, va_list args)
52 const char *git_dir = get_git_dir();
53 size_t len;
55 len = strlen(git_dir);
56 if (n < len + 1)
57 goto bad;
58 memcpy(buf, git_dir, len);
59 if (len && !is_dir_sep(git_dir[len-1]))
60 buf[len++] = '/';
61 len += vsnprintf(buf + len, n - len, fmt, args);
62 if (len >= n)
63 goto bad;
64 return cleanup_path(buf);
65 bad:
66 strlcpy(buf, bad_path, n);
67 return buf;
70 char *git_snpath(char *buf, size_t n, const char *fmt, ...)
72 va_list args;
73 va_start(args, fmt);
74 (void)git_vsnpath(buf, n, fmt, args);
75 va_end(args);
76 return buf;
79 char *git_pathdup(const char *fmt, ...)
81 char path[PATH_MAX];
82 va_list args;
83 va_start(args, fmt);
84 (void)git_vsnpath(path, sizeof(path), fmt, args);
85 va_end(args);
86 return xstrdup(path);
89 char *mkpath(const char *fmt, ...)
91 va_list args;
92 unsigned len;
93 char *pathname = get_pathname();
95 va_start(args, fmt);
96 len = vsnprintf(pathname, PATH_MAX, fmt, args);
97 va_end(args);
98 if (len >= PATH_MAX)
99 return bad_path;
100 return cleanup_path(pathname);
103 char *git_path(const char *fmt, ...)
105 const char *git_dir = get_git_dir();
106 char *pathname = get_pathname();
107 va_list args;
108 unsigned len;
110 len = strlen(git_dir);
111 if (len > PATH_MAX-100)
112 return bad_path;
113 memcpy(pathname, git_dir, len);
114 if (len && git_dir[len-1] != '/')
115 pathname[len++] = '/';
116 va_start(args, fmt);
117 len += vsnprintf(pathname + len, PATH_MAX - len, fmt, args);
118 va_end(args);
119 if (len >= PATH_MAX)
120 return bad_path;
121 return cleanup_path(pathname);
125 /* git_mkstemp() - create tmp file honoring TMPDIR variable */
126 int git_mkstemp(char *path, size_t len, const char *template)
128 const char *tmp;
129 size_t n;
131 tmp = getenv("TMPDIR");
132 if (!tmp)
133 tmp = "/tmp";
134 n = snprintf(path, len, "%s/%s", tmp, template);
135 if (len <= n) {
136 errno = ENAMETOOLONG;
137 return -1;
139 return mkstemp(path);
142 /* git_mkstemps() - create tmp file with suffix honoring TMPDIR variable. */
143 int git_mkstemps(char *path, size_t len, const char *template, int suffix_len)
145 const char *tmp;
146 size_t n;
148 tmp = getenv("TMPDIR");
149 if (!tmp)
150 tmp = "/tmp";
151 n = snprintf(path, len, "%s/%s", tmp, template);
152 if (len <= n) {
153 errno = ENAMETOOLONG;
154 return -1;
156 return mkstemps(path, suffix_len);
159 int validate_headref(const char *path)
161 struct stat st;
162 char *buf, buffer[256];
163 unsigned char sha1[20];
164 int fd;
165 ssize_t len;
167 if (lstat(path, &st) < 0)
168 return -1;
170 /* Make sure it is a "refs/.." symlink */
171 if (S_ISLNK(st.st_mode)) {
172 len = readlink(path, buffer, sizeof(buffer)-1);
173 if (len >= 5 && !memcmp("refs/", buffer, 5))
174 return 0;
175 return -1;
179 * Anything else, just open it and try to see if it is a symbolic ref.
181 fd = open(path, O_RDONLY);
182 if (fd < 0)
183 return -1;
184 len = read_in_full(fd, buffer, sizeof(buffer)-1);
185 close(fd);
188 * Is it a symbolic ref?
190 if (len < 4)
191 return -1;
192 if (!memcmp("ref:", buffer, 4)) {
193 buf = buffer + 4;
194 len -= 4;
195 while (len && isspace(*buf))
196 buf++, len--;
197 if (len >= 5 && !memcmp("refs/", buf, 5))
198 return 0;
202 * Is this a detached HEAD?
204 if (!get_sha1_hex(buffer, sha1))
205 return 0;
207 return -1;
210 static char *user_path(char *buf, char *path, int sz)
212 struct passwd *pw;
213 char *slash;
214 int len, baselen;
216 if (!path || path[0] != '~')
217 return NULL;
218 path++;
219 slash = strchr(path, '/');
220 if (path[0] == '/' || !path[0]) {
221 pw = getpwuid(getuid());
223 else {
224 if (slash) {
225 *slash = 0;
226 pw = getpwnam(path);
227 *slash = '/';
229 else
230 pw = getpwnam(path);
232 if (!pw || !pw->pw_dir || sz <= strlen(pw->pw_dir))
233 return NULL;
234 baselen = strlen(pw->pw_dir);
235 memcpy(buf, pw->pw_dir, baselen);
236 while ((1 < baselen) && (buf[baselen-1] == '/')) {
237 buf[baselen-1] = 0;
238 baselen--;
240 if (slash && slash[1]) {
241 len = strlen(slash);
242 if (sz <= baselen + len)
243 return NULL;
244 memcpy(buf + baselen, slash, len + 1);
246 return buf;
250 * First, one directory to try is determined by the following algorithm.
252 * (0) If "strict" is given, the path is used as given and no DWIM is
253 * done. Otherwise:
254 * (1) "~/path" to mean path under the running user's home directory;
255 * (2) "~user/path" to mean path under named user's home directory;
256 * (3) "relative/path" to mean cwd relative directory; or
257 * (4) "/absolute/path" to mean absolute directory.
259 * Unless "strict" is given, we try access() for existence of "%s.git/.git",
260 * "%s/.git", "%s.git", "%s" in this order. The first one that exists is
261 * what we try.
263 * Second, we try chdir() to that. Upon failure, we return NULL.
265 * Then, we try if the current directory is a valid git repository.
266 * Upon failure, we return NULL.
268 * If all goes well, we return the directory we used to chdir() (but
269 * before ~user is expanded), avoiding getcwd() resolving symbolic
270 * links. User relative paths are also returned as they are given,
271 * except DWIM suffixing.
273 char *enter_repo(char *path, int strict)
275 static char used_path[PATH_MAX];
276 static char validated_path[PATH_MAX];
278 if (!path)
279 return NULL;
281 if (!strict) {
282 static const char *suffix[] = {
283 ".git/.git", "/.git", ".git", "", NULL,
285 int len = strlen(path);
286 int i;
287 while ((1 < len) && (path[len-1] == '/')) {
288 path[len-1] = 0;
289 len--;
291 if (PATH_MAX <= len)
292 return NULL;
293 if (path[0] == '~') {
294 if (!user_path(used_path, path, PATH_MAX))
295 return NULL;
296 strcpy(validated_path, path);
297 path = used_path;
299 else if (PATH_MAX - 10 < len)
300 return NULL;
301 else {
302 path = strcpy(used_path, path);
303 strcpy(validated_path, path);
305 len = strlen(path);
306 for (i = 0; suffix[i]; i++) {
307 strcpy(path + len, suffix[i]);
308 if (!access(path, F_OK)) {
309 strcat(validated_path, suffix[i]);
310 break;
313 if (!suffix[i] || chdir(path))
314 return NULL;
315 path = validated_path;
317 else if (chdir(path))
318 return NULL;
320 if (access("objects", X_OK) == 0 && access("refs", X_OK) == 0 &&
321 validate_headref("HEAD") == 0) {
322 setenv(GIT_DIR_ENVIRONMENT, ".", 1);
323 check_repository_format();
324 return path;
327 return NULL;
330 int set_shared_perm(const char *path, int mode)
332 struct stat st;
333 int tweak, shared, orig_mode;
335 if (!shared_repository) {
336 if (mode)
337 return chmod(path, mode & ~S_IFMT);
338 return 0;
340 if (!mode) {
341 if (lstat(path, &st) < 0)
342 return -1;
343 mode = st.st_mode;
344 orig_mode = mode;
345 } else
346 orig_mode = 0;
347 if (shared_repository < 0)
348 shared = -shared_repository;
349 else
350 shared = shared_repository;
351 tweak = shared;
353 if (!(mode & S_IWUSR))
354 tweak &= ~0222;
355 if (mode & S_IXUSR)
356 /* Copy read bits to execute bits */
357 tweak |= (tweak & 0444) >> 2;
358 if (shared_repository < 0)
359 mode = (mode & ~0777) | tweak;
360 else
361 mode |= tweak;
363 if (S_ISDIR(mode)) {
364 /* Copy read bits to execute bits */
365 mode |= (shared & 0444) >> 2;
366 mode |= FORCE_DIR_SET_GID;
369 if (((shared_repository < 0
370 ? (orig_mode & (FORCE_DIR_SET_GID | 0777))
371 : (orig_mode & mode)) != mode) &&
372 chmod(path, (mode & ~S_IFMT)) < 0)
373 return -2;
374 return 0;
377 const char *make_relative_path(const char *abs, const char *base)
379 static char buf[PATH_MAX + 1];
380 int baselen;
381 if (!base)
382 return abs;
383 baselen = strlen(base);
384 if (prefixcmp(abs, base))
385 return abs;
386 if (abs[baselen] == '/')
387 baselen++;
388 else if (base[baselen - 1] != '/')
389 return abs;
390 strcpy(buf, abs + baselen);
391 return buf;
395 * It is okay if dst == src, but they should not overlap otherwise.
397 * Performs the following normalizations on src, storing the result in dst:
398 * - Ensures that components are separated by '/' (Windows only)
399 * - Squashes sequences of '/'.
400 * - Removes "." components.
401 * - Removes ".." components, and the components the precede them.
402 * Returns failure (non-zero) if a ".." component appears as first path
403 * component anytime during the normalization. Otherwise, returns success (0).
405 * Note that this function is purely textual. It does not follow symlinks,
406 * verify the existence of the path, or make any system calls.
408 int normalize_path_copy(char *dst, const char *src)
410 char *dst0;
412 if (has_dos_drive_prefix(src)) {
413 *dst++ = *src++;
414 *dst++ = *src++;
416 dst0 = dst;
418 if (is_dir_sep(*src)) {
419 *dst++ = '/';
420 while (is_dir_sep(*src))
421 src++;
424 for (;;) {
425 char c = *src;
428 * A path component that begins with . could be
429 * special:
430 * (1) "." and ends -- ignore and terminate.
431 * (2) "./" -- ignore them, eat slash and continue.
432 * (3) ".." and ends -- strip one and terminate.
433 * (4) "../" -- strip one, eat slash and continue.
435 if (c == '.') {
436 if (!src[1]) {
437 /* (1) */
438 src++;
439 } else if (is_dir_sep(src[1])) {
440 /* (2) */
441 src += 2;
442 while (is_dir_sep(*src))
443 src++;
444 continue;
445 } else if (src[1] == '.') {
446 if (!src[2]) {
447 /* (3) */
448 src += 2;
449 goto up_one;
450 } else if (is_dir_sep(src[2])) {
451 /* (4) */
452 src += 3;
453 while (is_dir_sep(*src))
454 src++;
455 goto up_one;
460 /* copy up to the next '/', and eat all '/' */
461 while ((c = *src++) != '\0' && !is_dir_sep(c))
462 *dst++ = c;
463 if (is_dir_sep(c)) {
464 *dst++ = '/';
465 while (is_dir_sep(c))
466 c = *src++;
467 src--;
468 } else if (!c)
469 break;
470 continue;
472 up_one:
474 * dst0..dst is prefix portion, and dst[-1] is '/';
475 * go up one level.
477 dst--; /* go to trailing '/' */
478 if (dst <= dst0)
479 return -1;
480 /* Windows: dst[-1] cannot be backslash anymore */
481 while (dst0 < dst && dst[-1] != '/')
482 dst--;
484 *dst = '\0';
485 return 0;
489 * path = Canonical absolute path
490 * prefix_list = Colon-separated list of absolute paths
492 * Determines, for each path in prefix_list, whether the "prefix" really
493 * is an ancestor directory of path. Returns the length of the longest
494 * ancestor directory, excluding any trailing slashes, or -1 if no prefix
495 * is an ancestor. (Note that this means 0 is returned if prefix_list is
496 * "/".) "/foo" is not considered an ancestor of "/foobar". Directories
497 * are not considered to be their own ancestors. path must be in a
498 * canonical form: empty components, or "." or ".." components are not
499 * allowed. prefix_list may be null, which is like "".
501 int longest_ancestor_length(const char *path, const char *prefix_list)
503 char buf[PATH_MAX+1];
504 const char *ceil, *colon;
505 int len, max_len = -1;
507 if (prefix_list == NULL || !strcmp(path, "/"))
508 return -1;
510 for (colon = ceil = prefix_list; *colon; ceil = colon+1) {
511 for (colon = ceil; *colon && *colon != PATH_SEP; colon++);
512 len = colon - ceil;
513 if (len == 0 || len > PATH_MAX || !is_absolute_path(ceil))
514 continue;
515 strlcpy(buf, ceil, len+1);
516 if (normalize_path_copy(buf, buf) < 0)
517 continue;
518 len = strlen(buf);
519 if (len > 0 && buf[len-1] == '/')
520 buf[--len] = '\0';
522 if (!strncmp(path, buf, len) &&
523 path[len] == '/' &&
524 len > max_len) {
525 max_len = len;
529 return max_len;
532 /* strip arbitrary amount of directory separators at end of path */
533 static inline int chomp_trailing_dir_sep(const char *path, int len)
535 while (len && is_dir_sep(path[len - 1]))
536 len--;
537 return len;
541 * If path ends with suffix (complete path components), returns the
542 * part before suffix (sans trailing directory separators).
543 * Otherwise returns NULL.
545 char *strip_path_suffix(const char *path, const char *suffix)
547 int path_len = strlen(path), suffix_len = strlen(suffix);
549 while (suffix_len) {
550 if (!path_len)
551 return NULL;
553 if (is_dir_sep(path[path_len - 1])) {
554 if (!is_dir_sep(suffix[suffix_len - 1]))
555 return NULL;
556 path_len = chomp_trailing_dir_sep(path, path_len);
557 suffix_len = chomp_trailing_dir_sep(suffix, suffix_len);
559 else if (path[--path_len] != suffix[--suffix_len])
560 return NULL;
563 if (path_len && !is_dir_sep(path[path_len - 1]))
564 return NULL;
565 return xstrndup(path, chomp_trailing_dir_sep(path, path_len));