| /* |
| * I'm tired of doing "vsnprintf()" etc just to open a |
| * file, so here's a "return static buffer with printf" |
| * interface for paths. |
| * |
| * It's obviously not thread-safe. Sue me. But it's quite |
| * useful for doing things like |
| * |
| * f = open(mkpath("%s/%s.git", base, name), O_RDONLY); |
| * |
| * which is what it's designed for. |
| */ |
| #include "cache.h" |
| #include "strbuf.h" |
| |
| static char bad_path[] = "/bad-path/"; |
| |
| static char *get_pathname(void) |
| { |
| static char pathname_array[4][PATH_MAX]; |
| static int index; |
| return pathname_array[3 & ++index]; |
| } |
| |
| static char *cleanup_path(char *path) |
| { |
| /* Clean it up */ |
| if (!memcmp(path, "./", 2)) { |
| path += 2; |
| while (*path == '/') |
| path++; |
| } |
| return path; |
| } |
| |
| char *mksnpath(char *buf, size_t n, const char *fmt, ...) |
| { |
| va_list args; |
| unsigned len; |
| |
| va_start(args, fmt); |
| len = vsnprintf(buf, n, fmt, args); |
| va_end(args); |
| if (len >= n) { |
| strlcpy(buf, bad_path, n); |
| return buf; |
| } |
| return cleanup_path(buf); |
| } |
| |
| static char *git_vsnpath(char *buf, size_t n, const char *fmt, va_list args) |
| { |
| const char *git_dir = get_git_dir(); |
| size_t len; |
| |
| len = strlen(git_dir); |
| if (n < len + 1) |
| goto bad; |
| memcpy(buf, git_dir, len); |
| if (len && !is_dir_sep(git_dir[len-1])) |
| buf[len++] = '/'; |
| len += vsnprintf(buf + len, n - len, fmt, args); |
| if (len >= n) |
| goto bad; |
| return cleanup_path(buf); |
| bad: |
| strlcpy(buf, bad_path, n); |
| return buf; |
| } |
| |
| char *git_snpath(char *buf, size_t n, const char *fmt, ...) |
| { |
| va_list args; |
| va_start(args, fmt); |
| (void)git_vsnpath(buf, n, fmt, args); |
| va_end(args); |
| return buf; |
| } |
| |
| char *git_pathdup(const char *fmt, ...) |
| { |
| char path[PATH_MAX]; |
| va_list args; |
| va_start(args, fmt); |
| (void)git_vsnpath(path, sizeof(path), fmt, args); |
| va_end(args); |
| return xstrdup(path); |
| } |
| |
| char *mkpath(const char *fmt, ...) |
| { |
| va_list args; |
| unsigned len; |
| char *pathname = get_pathname(); |
| |
| va_start(args, fmt); |
| len = vsnprintf(pathname, PATH_MAX, fmt, args); |
| va_end(args); |
| if (len >= PATH_MAX) |
| return bad_path; |
| return cleanup_path(pathname); |
| } |
| |
| char *git_path(const char *fmt, ...) |
| { |
| const char *git_dir = get_git_dir(); |
| char *pathname = get_pathname(); |
| va_list args; |
| unsigned len; |
| |
| len = strlen(git_dir); |
| if (len > PATH_MAX-100) |
| return bad_path; |
| memcpy(pathname, git_dir, len); |
| if (len && git_dir[len-1] != '/') |
| pathname[len++] = '/'; |
| va_start(args, fmt); |
| len += vsnprintf(pathname + len, PATH_MAX - len, fmt, args); |
| va_end(args); |
| if (len >= PATH_MAX) |
| return bad_path; |
| return cleanup_path(pathname); |
| } |
| |
| |
| /* git_mkstemp() - create tmp file honoring TMPDIR variable */ |
| int git_mkstemp(char *path, size_t len, const char *template) |
| { |
| const char *tmp; |
| size_t n; |
| |
| tmp = getenv("TMPDIR"); |
| if (!tmp) |
| tmp = "/tmp"; |
| n = snprintf(path, len, "%s/%s", tmp, template); |
| if (len <= n) { |
| errno = ENAMETOOLONG; |
| return -1; |
| } |
| return mkstemp(path); |
| } |
| |
| /* git_mkstemps() - create tmp file with suffix honoring TMPDIR variable. */ |
| int git_mkstemps(char *path, size_t len, const char *template, int suffix_len) |
| { |
| const char *tmp; |
| size_t n; |
| |
| tmp = getenv("TMPDIR"); |
| if (!tmp) |
| tmp = "/tmp"; |
| n = snprintf(path, len, "%s/%s", tmp, template); |
| if (len <= n) { |
| errno = ENAMETOOLONG; |
| return -1; |
| } |
| return mkstemps(path, suffix_len); |
| } |
| |
| /* Adapted from libiberty's mkstemp.c. */ |
| |
| #undef TMP_MAX |
| #define TMP_MAX 16384 |
| |
| int git_mkstemps_mode(char *pattern, int suffix_len, int mode) |
| { |
| static const char letters[] = |
| "abcdefghijklmnopqrstuvwxyz" |
| "ABCDEFGHIJKLMNOPQRSTUVWXYZ" |
| "0123456789"; |
| static const int num_letters = 62; |
| uint64_t value; |
| struct timeval tv; |
| char *template; |
| size_t len; |
| int fd, count; |
| |
| len = strlen(pattern); |
| |
| if (len < 6 + suffix_len) { |
| errno = EINVAL; |
| return -1; |
| } |
| |
| if (strncmp(&pattern[len - 6 - suffix_len], "XXXXXX", 6)) { |
| errno = EINVAL; |
| return -1; |
| } |
| |
| /* |
| * Replace pattern's XXXXXX characters with randomness. |
| * Try TMP_MAX different filenames. |
| */ |
| gettimeofday(&tv, NULL); |
| value = ((size_t)(tv.tv_usec << 16)) ^ tv.tv_sec ^ getpid(); |
| template = &pattern[len - 6 - suffix_len]; |
| for (count = 0; count < TMP_MAX; ++count) { |
| uint64_t v = value; |
| /* Fill in the random bits. */ |
| template[0] = letters[v % num_letters]; v /= num_letters; |
| template[1] = letters[v % num_letters]; v /= num_letters; |
| template[2] = letters[v % num_letters]; v /= num_letters; |
| template[3] = letters[v % num_letters]; v /= num_letters; |
| template[4] = letters[v % num_letters]; v /= num_letters; |
| template[5] = letters[v % num_letters]; v /= num_letters; |
| |
| fd = open(pattern, O_CREAT | O_EXCL | O_RDWR, mode); |
| if (fd > 0) |
| return fd; |
| /* |
| * Fatal error (EPERM, ENOSPC etc). |
| * It doesn't make sense to loop. |
| */ |
| if (errno != EEXIST) |
| break; |
| /* |
| * This is a random value. It is only necessary that |
| * the next TMP_MAX values generated by adding 7777 to |
| * VALUE are different with (module 2^32). |
| */ |
| value += 7777; |
| } |
| /* We return the null string if we can't find a unique file name. */ |
| pattern[0] = '\0'; |
| return -1; |
| } |
| |
| int git_mkstemp_mode(char *pattern, int mode) |
| { |
| /* mkstemp is just mkstemps with no suffix */ |
| return git_mkstemps_mode(pattern, 0, mode); |
| } |
| |
| int gitmkstemps(char *pattern, int suffix_len) |
| { |
| return git_mkstemps_mode(pattern, suffix_len, 0600); |
| } |
| |
| int validate_headref(const char *path) |
| { |
| struct stat st; |
| char *buf, buffer[256]; |
| unsigned char sha1[20]; |
| int fd; |
| ssize_t len; |
| |
| if (lstat(path, &st) < 0) |
| return -1; |
| |
| /* Make sure it is a "refs/.." symlink */ |
| if (S_ISLNK(st.st_mode)) { |
| len = readlink(path, buffer, sizeof(buffer)-1); |
| if (len >= 5 && !memcmp("refs/", buffer, 5)) |
| return 0; |
| return -1; |
| } |
| |
| /* |
| * Anything else, just open it and try to see if it is a symbolic ref. |
| */ |
| fd = open(path, O_RDONLY); |
| if (fd < 0) |
| return -1; |
| len = read_in_full(fd, buffer, sizeof(buffer)-1); |
| close(fd); |
| |
| /* |
| * Is it a symbolic ref? |
| */ |
| if (len < 4) |
| return -1; |
| if (!memcmp("ref:", buffer, 4)) { |
| buf = buffer + 4; |
| len -= 4; |
| while (len && isspace(*buf)) |
| buf++, len--; |
| if (len >= 5 && !memcmp("refs/", buf, 5)) |
| return 0; |
| } |
| |
| /* |
| * Is this a detached HEAD? |
| */ |
| if (!get_sha1_hex(buffer, sha1)) |
| return 0; |
| |
| return -1; |
| } |
| |
| static struct passwd *getpw_str(const char *username, size_t len) |
| { |
| struct passwd *pw; |
| char *username_z = xmalloc(len + 1); |
| memcpy(username_z, username, len); |
| username_z[len] = '\0'; |
| pw = getpwnam(username_z); |
| free(username_z); |
| return pw; |
| } |
| |
| /* |
| * Return a string with ~ and ~user expanded via getpw*. If buf != NULL, |
| * then it is a newly allocated string. Returns NULL on getpw failure or |
| * if path is NULL. |
| */ |
| char *expand_user_path(const char *path) |
| { |
| struct strbuf user_path = STRBUF_INIT; |
| const char *first_slash = strchrnul(path, '/'); |
| const char *to_copy = path; |
| |
| if (path == NULL) |
| goto return_null; |
| if (path[0] == '~') { |
| const char *username = path + 1; |
| size_t username_len = first_slash - username; |
| if (username_len == 0) { |
| const char *home = getenv("HOME"); |
| if (!home) |
| goto return_null; |
| strbuf_add(&user_path, home, strlen(home)); |
| } else { |
| struct passwd *pw = getpw_str(username, username_len); |
| if (!pw) |
| goto return_null; |
| strbuf_add(&user_path, pw->pw_dir, strlen(pw->pw_dir)); |
| } |
| to_copy = first_slash; |
| } |
| strbuf_add(&user_path, to_copy, strlen(to_copy)); |
| return strbuf_detach(&user_path, NULL); |
| return_null: |
| strbuf_release(&user_path); |
| return NULL; |
| } |
| |
| /* |
| * First, one directory to try is determined by the following algorithm. |
| * |
| * (0) If "strict" is given, the path is used as given and no DWIM is |
| * done. Otherwise: |
| * (1) "~/path" to mean path under the running user's home directory; |
| * (2) "~user/path" to mean path under named user's home directory; |
| * (3) "relative/path" to mean cwd relative directory; or |
| * (4) "/absolute/path" to mean absolute directory. |
| * |
| * Unless "strict" is given, we try access() for existence of "%s.git/.git", |
| * "%s/.git", "%s.git", "%s" in this order. The first one that exists is |
| * what we try. |
| * |
| * Second, we try chdir() to that. Upon failure, we return NULL. |
| * |
| * Then, we try if the current directory is a valid git repository. |
| * Upon failure, we return NULL. |
| * |
| * If all goes well, we return the directory we used to chdir() (but |
| * before ~user is expanded), avoiding getcwd() resolving symbolic |
| * links. User relative paths are also returned as they are given, |
| * except DWIM suffixing. |
| */ |
| char *enter_repo(char *path, int strict) |
| { |
| static char used_path[PATH_MAX]; |
| static char validated_path[PATH_MAX]; |
| |
| if (!path) |
| return NULL; |
| |
| if (!strict) { |
| static const char *suffix[] = { |
| ".git/.git", "/.git", ".git", "", NULL, |
| }; |
| int len = strlen(path); |
| int i; |
| while ((1 < len) && (path[len-1] == '/')) { |
| path[len-1] = 0; |
| len--; |
| } |
| if (PATH_MAX <= len) |
| return NULL; |
| if (path[0] == '~') { |
| char *newpath = expand_user_path(path); |
| if (!newpath || (PATH_MAX - 10 < strlen(newpath))) { |
| free(newpath); |
| return NULL; |
| } |
| /* |
| * Copy back into the static buffer. A pity |
| * since newpath was not bounded, but other |
| * branches of the if are limited by PATH_MAX |
| * anyway. |
| */ |
| strcpy(used_path, newpath); free(newpath); |
| strcpy(validated_path, path); |
| path = used_path; |
| } |
| else if (PATH_MAX - 10 < len) |
| return NULL; |
| else { |
| path = strcpy(used_path, path); |
| strcpy(validated_path, path); |
| } |
| len = strlen(path); |
| for (i = 0; suffix[i]; i++) { |
| strcpy(path + len, suffix[i]); |
| if (!access(path, F_OK)) { |
| strcat(validated_path, suffix[i]); |
| break; |
| } |
| } |
| if (!suffix[i] || chdir(path)) |
| return NULL; |
| path = validated_path; |
| } |
| else if (chdir(path)) |
| return NULL; |
| |
| if (access("objects", X_OK) == 0 && access("refs", X_OK) == 0 && |
| validate_headref("HEAD") == 0) { |
| setenv(GIT_DIR_ENVIRONMENT, ".", 1); |
| check_repository_format(); |
| return path; |
| } |
| |
| return NULL; |
| } |
| |
| int set_shared_perm(const char *path, int mode) |
| { |
| struct stat st; |
| int tweak, shared, orig_mode; |
| |
| if (!shared_repository) { |
| if (mode) |
| return chmod(path, mode & ~S_IFMT); |
| return 0; |
| } |
| if (!mode) { |
| if (lstat(path, &st) < 0) |
| return -1; |
| mode = st.st_mode; |
| orig_mode = mode; |
| } else |
| orig_mode = 0; |
| if (shared_repository < 0) |
| shared = -shared_repository; |
| else |
| shared = shared_repository; |
| tweak = shared; |
| |
| if (!(mode & S_IWUSR)) |
| tweak &= ~0222; |
| if (mode & S_IXUSR) |
| /* Copy read bits to execute bits */ |
| tweak |= (tweak & 0444) >> 2; |
| if (shared_repository < 0) |
| mode = (mode & ~0777) | tweak; |
| else |
| mode |= tweak; |
| |
| if (S_ISDIR(mode)) { |
| /* Copy read bits to execute bits */ |
| mode |= (shared & 0444) >> 2; |
| mode |= FORCE_DIR_SET_GID; |
| } |
| |
| if (((shared_repository < 0 |
| ? (orig_mode & (FORCE_DIR_SET_GID | 0777)) |
| : (orig_mode & mode)) != mode) && |
| chmod(path, (mode & ~S_IFMT)) < 0) |
| return -2; |
| return 0; |
| } |
| |
| const char *make_relative_path(const char *abs, const char *base) |
| { |
| static char buf[PATH_MAX + 1]; |
| int i = 0, j = 0; |
| |
| if (!base || !base[0]) |
| return abs; |
| while (base[i]) { |
| if (is_dir_sep(base[i])) { |
| if (!is_dir_sep(abs[j])) |
| return abs; |
| while (is_dir_sep(base[i])) |
| i++; |
| while (is_dir_sep(abs[j])) |
| j++; |
| continue; |
| } else if (abs[j] != base[i]) { |
| return abs; |
| } |
| i++; |
| j++; |
| } |
| if ( |
| /* "/foo" is a prefix of "/foo" */ |
| abs[j] && |
| /* "/foo" is not a prefix of "/foobar" */ |
| !is_dir_sep(base[i-1]) && !is_dir_sep(abs[j]) |
| ) |
| return abs; |
| while (is_dir_sep(abs[j])) |
| j++; |
| if (!abs[j]) |
| strcpy(buf, "."); |
| else |
| strcpy(buf, abs + j); |
| return buf; |
| } |
| |
| /* |
| * It is okay if dst == src, but they should not overlap otherwise. |
| * |
| * Performs the following normalizations on src, storing the result in dst: |
| * - Ensures that components are separated by '/' (Windows only) |
| * - Squashes sequences of '/'. |
| * - Removes "." components. |
| * - Removes ".." components, and the components the precede them. |
| * Returns failure (non-zero) if a ".." component appears as first path |
| * component anytime during the normalization. Otherwise, returns success (0). |
| * |
| * Note that this function is purely textual. It does not follow symlinks, |
| * verify the existence of the path, or make any system calls. |
| */ |
| int normalize_path_copy(char *dst, const char *src) |
| { |
| char *dst0; |
| |
| if (has_dos_drive_prefix(src)) { |
| *dst++ = *src++; |
| *dst++ = *src++; |
| } |
| dst0 = dst; |
| |
| if (is_dir_sep(*src)) { |
| *dst++ = '/'; |
| while (is_dir_sep(*src)) |
| src++; |
| } |
| |
| for (;;) { |
| char c = *src; |
| |
| /* |
| * A path component that begins with . could be |
| * special: |
| * (1) "." and ends -- ignore and terminate. |
| * (2) "./" -- ignore them, eat slash and continue. |
| * (3) ".." and ends -- strip one and terminate. |
| * (4) "../" -- strip one, eat slash and continue. |
| */ |
| if (c == '.') { |
| if (!src[1]) { |
| /* (1) */ |
| src++; |
| } else if (is_dir_sep(src[1])) { |
| /* (2) */ |
| src += 2; |
| while (is_dir_sep(*src)) |
| src++; |
| continue; |
| } else if (src[1] == '.') { |
| if (!src[2]) { |
| /* (3) */ |
| src += 2; |
| goto up_one; |
| } else if (is_dir_sep(src[2])) { |
| /* (4) */ |
| src += 3; |
| while (is_dir_sep(*src)) |
| src++; |
| goto up_one; |
| } |
| } |
| } |
| |
| /* copy up to the next '/', and eat all '/' */ |
| while ((c = *src++) != '\0' && !is_dir_sep(c)) |
| *dst++ = c; |
| if (is_dir_sep(c)) { |
| *dst++ = '/'; |
| while (is_dir_sep(c)) |
| c = *src++; |
| src--; |
| } else if (!c) |
| break; |
| continue; |
| |
| up_one: |
| /* |
| * dst0..dst is prefix portion, and dst[-1] is '/'; |
| * go up one level. |
| */ |
| dst--; /* go to trailing '/' */ |
| if (dst <= dst0) |
| return -1; |
| /* Windows: dst[-1] cannot be backslash anymore */ |
| while (dst0 < dst && dst[-1] != '/') |
| dst--; |
| } |
| *dst = '\0'; |
| return 0; |
| } |
| |
| /* |
| * path = Canonical absolute path |
| * prefix_list = Colon-separated list of absolute paths |
| * |
| * Determines, for each path in prefix_list, whether the "prefix" really |
| * is an ancestor directory of path. Returns the length of the longest |
| * ancestor directory, excluding any trailing slashes, or -1 if no prefix |
| * is an ancestor. (Note that this means 0 is returned if prefix_list is |
| * "/".) "/foo" is not considered an ancestor of "/foobar". Directories |
| * are not considered to be their own ancestors. path must be in a |
| * canonical form: empty components, or "." or ".." components are not |
| * allowed. prefix_list may be null, which is like "". |
| */ |
| int longest_ancestor_length(const char *path, const char *prefix_list) |
| { |
| char buf[PATH_MAX+1]; |
| const char *ceil, *colon; |
| int len, max_len = -1; |
| |
| if (prefix_list == NULL || !strcmp(path, "/")) |
| return -1; |
| |
| for (colon = ceil = prefix_list; *colon; ceil = colon+1) { |
| for (colon = ceil; *colon && *colon != PATH_SEP; colon++); |
| len = colon - ceil; |
| if (len == 0 || len > PATH_MAX || !is_absolute_path(ceil)) |
| continue; |
| strlcpy(buf, ceil, len+1); |
| if (normalize_path_copy(buf, buf) < 0) |
| continue; |
| len = strlen(buf); |
| if (len > 0 && buf[len-1] == '/') |
| buf[--len] = '\0'; |
| |
| if (!strncmp(path, buf, len) && |
| path[len] == '/' && |
| len > max_len) { |
| max_len = len; |
| } |
| } |
| |
| return max_len; |
| } |
| |
| /* strip arbitrary amount of directory separators at end of path */ |
| static inline int chomp_trailing_dir_sep(const char *path, int len) |
| { |
| while (len && is_dir_sep(path[len - 1])) |
| len--; |
| return len; |
| } |
| |
| /* |
| * If path ends with suffix (complete path components), returns the |
| * part before suffix (sans trailing directory separators). |
| * Otherwise returns NULL. |
| */ |
| char *strip_path_suffix(const char *path, const char *suffix) |
| { |
| int path_len = strlen(path), suffix_len = strlen(suffix); |
| |
| while (suffix_len) { |
| if (!path_len) |
| return NULL; |
| |
| if (is_dir_sep(path[path_len - 1])) { |
| if (!is_dir_sep(suffix[suffix_len - 1])) |
| return NULL; |
| path_len = chomp_trailing_dir_sep(path, path_len); |
| suffix_len = chomp_trailing_dir_sep(suffix, suffix_len); |
| } |
| else if (path[--path_len] != suffix[--suffix_len]) |
| return NULL; |
| } |
| |
| if (path_len && !is_dir_sep(path[path_len - 1])) |
| return NULL; |
| return xstrndup(path, chomp_trailing_dir_sep(path, path_len)); |
| } |
| |
| int daemon_avoid_alias(const char *p) |
| { |
| int sl, ndot; |
| |
| /* |
| * This resurrects the belts and suspenders paranoia check by HPA |
| * done in <435560F7.4080006@zytor.com> thread, now enter_repo() |
| * does not do getcwd() based path canonicalization. |
| * |
| * sl becomes true immediately after seeing '/' and continues to |
| * be true as long as dots continue after that without intervening |
| * non-dot character. |
| */ |
| if (!p || (*p != '/' && *p != '~')) |
| return -1; |
| sl = 1; ndot = 0; |
| p++; |
| |
| while (1) { |
| char ch = *p++; |
| if (sl) { |
| if (ch == '.') |
| ndot++; |
| else if (ch == '/') { |
| if (ndot < 3) |
| /* reject //, /./ and /../ */ |
| return -1; |
| ndot = 0; |
| } |
| else if (ch == 0) { |
| if (0 < ndot && ndot < 3) |
| /* reject /.$ and /..$ */ |
| return -1; |
| return 0; |
| } |
| else |
| sl = ndot = 0; |
| } |
| else if (ch == 0) |
| return 0; |
| else if (ch == '/') { |
| sl = 1; |
| ndot = 0; |
| } |
| } |
| } |