You can not select more than 25 topics
Topics must start with a letter or number, can include dashes ('-') and can be up to 35 characters long.
651 lines
14 KiB
651 lines
14 KiB
/* |
|
* I'm tired of doing "vsnprintf()" etc just to open a |
|
* file, so here's a "return static buffer with printf" |
|
* interface for paths. |
|
* |
|
* It's obviously not thread-safe. Sue me. But it's quite |
|
* useful for doing things like |
|
* |
|
* f = open(mkpath("%s/%s.git", base, name), O_RDONLY); |
|
* |
|
* which is what it's designed for. |
|
*/ |
|
#include "cache.h" |
|
#include "strbuf.h" |
|
|
|
static char bad_path[] = "/bad-path/"; |
|
|
|
static char *get_pathname(void) |
|
{ |
|
static char pathname_array[4][PATH_MAX]; |
|
static int index; |
|
return pathname_array[3 & ++index]; |
|
} |
|
|
|
static char *cleanup_path(char *path) |
|
{ |
|
/* Clean it up */ |
|
if (!memcmp(path, "./", 2)) { |
|
path += 2; |
|
while (*path == '/') |
|
path++; |
|
} |
|
return path; |
|
} |
|
|
|
char *mksnpath(char *buf, size_t n, const char *fmt, ...) |
|
{ |
|
va_list args; |
|
unsigned len; |
|
|
|
va_start(args, fmt); |
|
len = vsnprintf(buf, n, fmt, args); |
|
va_end(args); |
|
if (len >= n) { |
|
strlcpy(buf, bad_path, n); |
|
return buf; |
|
} |
|
return cleanup_path(buf); |
|
} |
|
|
|
static char *git_vsnpath(char *buf, size_t n, const char *fmt, va_list args) |
|
{ |
|
const char *git_dir = get_git_dir(); |
|
size_t len; |
|
|
|
len = strlen(git_dir); |
|
if (n < len + 1) |
|
goto bad; |
|
memcpy(buf, git_dir, len); |
|
if (len && !is_dir_sep(git_dir[len-1])) |
|
buf[len++] = '/'; |
|
len += vsnprintf(buf + len, n - len, fmt, args); |
|
if (len >= n) |
|
goto bad; |
|
return cleanup_path(buf); |
|
bad: |
|
strlcpy(buf, bad_path, n); |
|
return buf; |
|
} |
|
|
|
char *git_snpath(char *buf, size_t n, const char *fmt, ...) |
|
{ |
|
va_list args; |
|
va_start(args, fmt); |
|
(void)git_vsnpath(buf, n, fmt, args); |
|
va_end(args); |
|
return buf; |
|
} |
|
|
|
char *git_pathdup(const char *fmt, ...) |
|
{ |
|
char path[PATH_MAX]; |
|
va_list args; |
|
va_start(args, fmt); |
|
(void)git_vsnpath(path, sizeof(path), fmt, args); |
|
va_end(args); |
|
return xstrdup(path); |
|
} |
|
|
|
char *mkpath(const char *fmt, ...) |
|
{ |
|
va_list args; |
|
unsigned len; |
|
char *pathname = get_pathname(); |
|
|
|
va_start(args, fmt); |
|
len = vsnprintf(pathname, PATH_MAX, fmt, args); |
|
va_end(args); |
|
if (len >= PATH_MAX) |
|
return bad_path; |
|
return cleanup_path(pathname); |
|
} |
|
|
|
char *git_path(const char *fmt, ...) |
|
{ |
|
const char *git_dir = get_git_dir(); |
|
char *pathname = get_pathname(); |
|
va_list args; |
|
unsigned len; |
|
|
|
len = strlen(git_dir); |
|
if (len > PATH_MAX-100) |
|
return bad_path; |
|
memcpy(pathname, git_dir, len); |
|
if (len && git_dir[len-1] != '/') |
|
pathname[len++] = '/'; |
|
va_start(args, fmt); |
|
len += vsnprintf(pathname + len, PATH_MAX - len, fmt, args); |
|
va_end(args); |
|
if (len >= PATH_MAX) |
|
return bad_path; |
|
return cleanup_path(pathname); |
|
} |
|
|
|
|
|
/* git_mkstemp() - create tmp file honoring TMPDIR variable */ |
|
int git_mkstemp(char *path, size_t len, const char *template) |
|
{ |
|
const char *tmp; |
|
size_t n; |
|
|
|
tmp = getenv("TMPDIR"); |
|
if (!tmp) |
|
tmp = "/tmp"; |
|
n = snprintf(path, len, "%s/%s", tmp, template); |
|
if (len <= n) { |
|
errno = ENAMETOOLONG; |
|
return -1; |
|
} |
|
return mkstemp(path); |
|
} |
|
|
|
/* git_mkstemps() - create tmp file with suffix honoring TMPDIR variable. */ |
|
int git_mkstemps(char *path, size_t len, const char *template, int suffix_len) |
|
{ |
|
const char *tmp; |
|
size_t n; |
|
|
|
tmp = getenv("TMPDIR"); |
|
if (!tmp) |
|
tmp = "/tmp"; |
|
n = snprintf(path, len, "%s/%s", tmp, template); |
|
if (len <= n) { |
|
errno = ENAMETOOLONG; |
|
return -1; |
|
} |
|
return mkstemps(path, suffix_len); |
|
} |
|
|
|
int validate_headref(const char *path) |
|
{ |
|
struct stat st; |
|
char *buf, buffer[256]; |
|
unsigned char sha1[20]; |
|
int fd; |
|
ssize_t len; |
|
|
|
if (lstat(path, &st) < 0) |
|
return -1; |
|
|
|
/* Make sure it is a "refs/.." symlink */ |
|
if (S_ISLNK(st.st_mode)) { |
|
len = readlink(path, buffer, sizeof(buffer)-1); |
|
if (len >= 5 && !memcmp("refs/", buffer, 5)) |
|
return 0; |
|
return -1; |
|
} |
|
|
|
/* |
|
* Anything else, just open it and try to see if it is a symbolic ref. |
|
*/ |
|
fd = open(path, O_RDONLY); |
|
if (fd < 0) |
|
return -1; |
|
len = read_in_full(fd, buffer, sizeof(buffer)-1); |
|
close(fd); |
|
|
|
/* |
|
* Is it a symbolic ref? |
|
*/ |
|
if (len < 4) |
|
return -1; |
|
if (!memcmp("ref:", buffer, 4)) { |
|
buf = buffer + 4; |
|
len -= 4; |
|
while (len && isspace(*buf)) |
|
buf++, len--; |
|
if (len >= 5 && !memcmp("refs/", buf, 5)) |
|
return 0; |
|
} |
|
|
|
/* |
|
* Is this a detached HEAD? |
|
*/ |
|
if (!get_sha1_hex(buffer, sha1)) |
|
return 0; |
|
|
|
return -1; |
|
} |
|
|
|
static struct passwd *getpw_str(const char *username, size_t len) |
|
{ |
|
struct passwd *pw; |
|
char *username_z = xmalloc(len + 1); |
|
memcpy(username_z, username, len); |
|
username_z[len] = '\0'; |
|
pw = getpwnam(username_z); |
|
free(username_z); |
|
return pw; |
|
} |
|
|
|
/* |
|
* Return a string with ~ and ~user expanded via getpw*. If buf != NULL, |
|
* then it is a newly allocated string. Returns NULL on getpw failure or |
|
* if path is NULL. |
|
*/ |
|
char *expand_user_path(const char *path) |
|
{ |
|
struct strbuf user_path = STRBUF_INIT; |
|
const char *first_slash = strchrnul(path, '/'); |
|
const char *to_copy = path; |
|
|
|
if (path == NULL) |
|
goto return_null; |
|
if (path[0] == '~') { |
|
const char *username = path + 1; |
|
size_t username_len = first_slash - username; |
|
if (username_len == 0) { |
|
const char *home = getenv("HOME"); |
|
strbuf_add(&user_path, home, strlen(home)); |
|
} else { |
|
struct passwd *pw = getpw_str(username, username_len); |
|
if (!pw) |
|
goto return_null; |
|
strbuf_add(&user_path, pw->pw_dir, strlen(pw->pw_dir)); |
|
} |
|
to_copy = first_slash; |
|
} |
|
strbuf_add(&user_path, to_copy, strlen(to_copy)); |
|
return strbuf_detach(&user_path, NULL); |
|
return_null: |
|
strbuf_release(&user_path); |
|
return NULL; |
|
} |
|
|
|
/* |
|
* First, one directory to try is determined by the following algorithm. |
|
* |
|
* (0) If "strict" is given, the path is used as given and no DWIM is |
|
* done. Otherwise: |
|
* (1) "~/path" to mean path under the running user's home directory; |
|
* (2) "~user/path" to mean path under named user's home directory; |
|
* (3) "relative/path" to mean cwd relative directory; or |
|
* (4) "/absolute/path" to mean absolute directory. |
|
* |
|
* Unless "strict" is given, we try access() for existence of "%s.git/.git", |
|
* "%s/.git", "%s.git", "%s" in this order. The first one that exists is |
|
* what we try. |
|
* |
|
* Second, we try chdir() to that. Upon failure, we return NULL. |
|
* |
|
* Then, we try if the current directory is a valid git repository. |
|
* Upon failure, we return NULL. |
|
* |
|
* If all goes well, we return the directory we used to chdir() (but |
|
* before ~user is expanded), avoiding getcwd() resolving symbolic |
|
* links. User relative paths are also returned as they are given, |
|
* except DWIM suffixing. |
|
*/ |
|
char *enter_repo(char *path, int strict) |
|
{ |
|
static char used_path[PATH_MAX]; |
|
static char validated_path[PATH_MAX]; |
|
|
|
if (!path) |
|
return NULL; |
|
|
|
if (!strict) { |
|
static const char *suffix[] = { |
|
".git/.git", "/.git", ".git", "", NULL, |
|
}; |
|
int len = strlen(path); |
|
int i; |
|
while ((1 < len) && (path[len-1] == '/')) { |
|
path[len-1] = 0; |
|
len--; |
|
} |
|
if (PATH_MAX <= len) |
|
return NULL; |
|
if (path[0] == '~') { |
|
char *newpath = expand_user_path(path); |
|
if (!newpath || (PATH_MAX - 10 < strlen(newpath))) { |
|
free(newpath); |
|
return NULL; |
|
} |
|
/* |
|
* Copy back into the static buffer. A pity |
|
* since newpath was not bounded, but other |
|
* branches of the if are limited by PATH_MAX |
|
* anyway. |
|
*/ |
|
strcpy(used_path, newpath); free(newpath); |
|
strcpy(validated_path, path); |
|
path = used_path; |
|
} |
|
else if (PATH_MAX - 10 < len) |
|
return NULL; |
|
else { |
|
path = strcpy(used_path, path); |
|
strcpy(validated_path, path); |
|
} |
|
len = strlen(path); |
|
for (i = 0; suffix[i]; i++) { |
|
strcpy(path + len, suffix[i]); |
|
if (!access(path, F_OK)) { |
|
strcat(validated_path, suffix[i]); |
|
break; |
|
} |
|
} |
|
if (!suffix[i] || chdir(path)) |
|
return NULL; |
|
path = validated_path; |
|
} |
|
else if (chdir(path)) |
|
return NULL; |
|
|
|
if (access("objects", X_OK) == 0 && access("refs", X_OK) == 0 && |
|
validate_headref("HEAD") == 0) { |
|
setenv(GIT_DIR_ENVIRONMENT, ".", 1); |
|
check_repository_format(); |
|
return path; |
|
} |
|
|
|
return NULL; |
|
} |
|
|
|
int set_shared_perm(const char *path, int mode) |
|
{ |
|
struct stat st; |
|
int tweak, shared, orig_mode; |
|
|
|
if (!shared_repository) { |
|
if (mode) |
|
return chmod(path, mode & ~S_IFMT); |
|
return 0; |
|
} |
|
if (!mode) { |
|
if (lstat(path, &st) < 0) |
|
return -1; |
|
mode = st.st_mode; |
|
orig_mode = mode; |
|
} else |
|
orig_mode = 0; |
|
if (shared_repository < 0) |
|
shared = -shared_repository; |
|
else |
|
shared = shared_repository; |
|
tweak = shared; |
|
|
|
if (!(mode & S_IWUSR)) |
|
tweak &= ~0222; |
|
if (mode & S_IXUSR) |
|
/* Copy read bits to execute bits */ |
|
tweak |= (tweak & 0444) >> 2; |
|
if (shared_repository < 0) |
|
mode = (mode & ~0777) | tweak; |
|
else |
|
mode |= tweak; |
|
|
|
if (S_ISDIR(mode)) { |
|
/* Copy read bits to execute bits */ |
|
mode |= (shared & 0444) >> 2; |
|
mode |= FORCE_DIR_SET_GID; |
|
} |
|
|
|
if (((shared_repository < 0 |
|
? (orig_mode & (FORCE_DIR_SET_GID | 0777)) |
|
: (orig_mode & mode)) != mode) && |
|
chmod(path, (mode & ~S_IFMT)) < 0) |
|
return -2; |
|
return 0; |
|
} |
|
|
|
const char *make_relative_path(const char *abs, const char *base) |
|
{ |
|
static char buf[PATH_MAX + 1]; |
|
int i = 0, j = 0; |
|
|
|
if (!base || !base[0]) |
|
return abs; |
|
while (base[i]) { |
|
if (is_dir_sep(base[i])) { |
|
if (!is_dir_sep(abs[j])) |
|
return abs; |
|
while (is_dir_sep(base[i])) |
|
i++; |
|
while (is_dir_sep(abs[j])) |
|
j++; |
|
continue; |
|
} else if (abs[j] != base[i]) { |
|
return abs; |
|
} |
|
i++; |
|
j++; |
|
} |
|
if ( |
|
/* "/foo" is a prefix of "/foo" */ |
|
abs[j] && |
|
/* "/foo" is not a prefix of "/foobar" */ |
|
!is_dir_sep(base[i-1]) && !is_dir_sep(abs[j]) |
|
) |
|
return abs; |
|
while (is_dir_sep(abs[j])) |
|
j++; |
|
if (!abs[j]) |
|
strcpy(buf, "."); |
|
else |
|
strcpy(buf, abs + j); |
|
return buf; |
|
} |
|
|
|
/* |
|
* It is okay if dst == src, but they should not overlap otherwise. |
|
* |
|
* Performs the following normalizations on src, storing the result in dst: |
|
* - Ensures that components are separated by '/' (Windows only) |
|
* - Squashes sequences of '/'. |
|
* - Removes "." components. |
|
* - Removes ".." components, and the components the precede them. |
|
* Returns failure (non-zero) if a ".." component appears as first path |
|
* component anytime during the normalization. Otherwise, returns success (0). |
|
* |
|
* Note that this function is purely textual. It does not follow symlinks, |
|
* verify the existence of the path, or make any system calls. |
|
*/ |
|
int normalize_path_copy(char *dst, const char *src) |
|
{ |
|
char *dst0; |
|
|
|
if (has_dos_drive_prefix(src)) { |
|
*dst++ = *src++; |
|
*dst++ = *src++; |
|
} |
|
dst0 = dst; |
|
|
|
if (is_dir_sep(*src)) { |
|
*dst++ = '/'; |
|
while (is_dir_sep(*src)) |
|
src++; |
|
} |
|
|
|
for (;;) { |
|
char c = *src; |
|
|
|
/* |
|
* A path component that begins with . could be |
|
* special: |
|
* (1) "." and ends -- ignore and terminate. |
|
* (2) "./" -- ignore them, eat slash and continue. |
|
* (3) ".." and ends -- strip one and terminate. |
|
* (4) "../" -- strip one, eat slash and continue. |
|
*/ |
|
if (c == '.') { |
|
if (!src[1]) { |
|
/* (1) */ |
|
src++; |
|
} else if (is_dir_sep(src[1])) { |
|
/* (2) */ |
|
src += 2; |
|
while (is_dir_sep(*src)) |
|
src++; |
|
continue; |
|
} else if (src[1] == '.') { |
|
if (!src[2]) { |
|
/* (3) */ |
|
src += 2; |
|
goto up_one; |
|
} else if (is_dir_sep(src[2])) { |
|
/* (4) */ |
|
src += 3; |
|
while (is_dir_sep(*src)) |
|
src++; |
|
goto up_one; |
|
} |
|
} |
|
} |
|
|
|
/* copy up to the next '/', and eat all '/' */ |
|
while ((c = *src++) != '\0' && !is_dir_sep(c)) |
|
*dst++ = c; |
|
if (is_dir_sep(c)) { |
|
*dst++ = '/'; |
|
while (is_dir_sep(c)) |
|
c = *src++; |
|
src--; |
|
} else if (!c) |
|
break; |
|
continue; |
|
|
|
up_one: |
|
/* |
|
* dst0..dst is prefix portion, and dst[-1] is '/'; |
|
* go up one level. |
|
*/ |
|
dst--; /* go to trailing '/' */ |
|
if (dst <= dst0) |
|
return -1; |
|
/* Windows: dst[-1] cannot be backslash anymore */ |
|
while (dst0 < dst && dst[-1] != '/') |
|
dst--; |
|
} |
|
*dst = '\0'; |
|
return 0; |
|
} |
|
|
|
/* |
|
* path = Canonical absolute path |
|
* prefix_list = Colon-separated list of absolute paths |
|
* |
|
* Determines, for each path in prefix_list, whether the "prefix" really |
|
* is an ancestor directory of path. Returns the length of the longest |
|
* ancestor directory, excluding any trailing slashes, or -1 if no prefix |
|
* is an ancestor. (Note that this means 0 is returned if prefix_list is |
|
* "/".) "/foo" is not considered an ancestor of "/foobar". Directories |
|
* are not considered to be their own ancestors. path must be in a |
|
* canonical form: empty components, or "." or ".." components are not |
|
* allowed. prefix_list may be null, which is like "". |
|
*/ |
|
int longest_ancestor_length(const char *path, const char *prefix_list) |
|
{ |
|
char buf[PATH_MAX+1]; |
|
const char *ceil, *colon; |
|
int len, max_len = -1; |
|
|
|
if (prefix_list == NULL || !strcmp(path, "/")) |
|
return -1; |
|
|
|
for (colon = ceil = prefix_list; *colon; ceil = colon+1) { |
|
for (colon = ceil; *colon && *colon != PATH_SEP; colon++); |
|
len = colon - ceil; |
|
if (len == 0 || len > PATH_MAX || !is_absolute_path(ceil)) |
|
continue; |
|
strlcpy(buf, ceil, len+1); |
|
if (normalize_path_copy(buf, buf) < 0) |
|
continue; |
|
len = strlen(buf); |
|
if (len > 0 && buf[len-1] == '/') |
|
buf[--len] = '\0'; |
|
|
|
if (!strncmp(path, buf, len) && |
|
path[len] == '/' && |
|
len > max_len) { |
|
max_len = len; |
|
} |
|
} |
|
|
|
return max_len; |
|
} |
|
|
|
/* strip arbitrary amount of directory separators at end of path */ |
|
static inline int chomp_trailing_dir_sep(const char *path, int len) |
|
{ |
|
while (len && is_dir_sep(path[len - 1])) |
|
len--; |
|
return len; |
|
} |
|
|
|
/* |
|
* If path ends with suffix (complete path components), returns the |
|
* part before suffix (sans trailing directory separators). |
|
* Otherwise returns NULL. |
|
*/ |
|
char *strip_path_suffix(const char *path, const char *suffix) |
|
{ |
|
int path_len = strlen(path), suffix_len = strlen(suffix); |
|
|
|
while (suffix_len) { |
|
if (!path_len) |
|
return NULL; |
|
|
|
if (is_dir_sep(path[path_len - 1])) { |
|
if (!is_dir_sep(suffix[suffix_len - 1])) |
|
return NULL; |
|
path_len = chomp_trailing_dir_sep(path, path_len); |
|
suffix_len = chomp_trailing_dir_sep(suffix, suffix_len); |
|
} |
|
else if (path[--path_len] != suffix[--suffix_len]) |
|
return NULL; |
|
} |
|
|
|
if (path_len && !is_dir_sep(path[path_len - 1])) |
|
return NULL; |
|
return xstrndup(path, chomp_trailing_dir_sep(path, path_len)); |
|
} |
|
|
|
int daemon_avoid_alias(const char *p) |
|
{ |
|
int sl, ndot; |
|
|
|
/* |
|
* This resurrects the belts and suspenders paranoia check by HPA |
|
* done in <435560F7.4080006@zytor.com> thread, now enter_repo() |
|
* does not do getcwd() based path canonicalization. |
|
* |
|
* sl becomes true immediately after seeing '/' and continues to |
|
* be true as long as dots continue after that without intervening |
|
* non-dot character. |
|
*/ |
|
if (!p || (*p != '/' && *p != '~')) |
|
return -1; |
|
sl = 1; ndot = 0; |
|
p++; |
|
|
|
while (1) { |
|
char ch = *p++; |
|
if (sl) { |
|
if (ch == '.') |
|
ndot++; |
|
else if (ch == '/') { |
|
if (ndot < 3) |
|
/* reject //, /./ and /../ */ |
|
return -1; |
|
ndot = 0; |
|
} |
|
else if (ch == 0) { |
|
if (0 < ndot && ndot < 3) |
|
/* reject /.$ and /..$ */ |
|
return -1; |
|
return 0; |
|
} |
|
else |
|
sl = ndot = 0; |
|
} |
|
else if (ch == 0) |
|
return 0; |
|
else if (ch == '/') { |
|
sl = 1; |
|
ndot = 0; |
|
} |
|
} |
|
}
|
|
|