t5510: harden the way verify-pack is used
[alt-git.git] / path.c
bloba074aea64921eb1fb90f079ede9087e6b8109f6a
1 /*
2 * I'm tired of doing "vsnprintf()" etc just to open a
3 * file, so here's a "return static buffer with printf"
4 * interface for paths.
6 * It's obviously not thread-safe. Sue me. But it's quite
7 * useful for doing things like
9 * f = open(mkpath("%s/%s.git", base, name), O_RDONLY);
11 * which is what it's designed for.
13 #include "cache.h"
15 static char bad_path[] = "/bad-path/";
17 static char *get_pathname(void)
19 static char pathname_array[4][PATH_MAX];
20 static int index;
21 return pathname_array[3 & ++index];
24 static char *cleanup_path(char *path)
26 /* Clean it up */
27 if (!memcmp(path, "./", 2)) {
28 path += 2;
29 while (*path == '/')
30 path++;
32 return path;
35 char *mksnpath(char *buf, size_t n, const char *fmt, ...)
37 va_list args;
38 unsigned len;
40 va_start(args, fmt);
41 len = vsnprintf(buf, n, fmt, args);
42 va_end(args);
43 if (len >= n) {
44 strlcpy(buf, bad_path, n);
45 return buf;
47 return cleanup_path(buf);
50 static char *git_vsnpath(char *buf, size_t n, const char *fmt, va_list args)
52 const char *git_dir = get_git_dir();
53 size_t len;
55 len = strlen(git_dir);
56 if (n < len + 1)
57 goto bad;
58 memcpy(buf, git_dir, len);
59 if (len && !is_dir_sep(git_dir[len-1]))
60 buf[len++] = '/';
61 len += vsnprintf(buf + len, n - len, fmt, args);
62 if (len >= n)
63 goto bad;
64 return cleanup_path(buf);
65 bad:
66 strlcpy(buf, bad_path, n);
67 return buf;
70 char *git_snpath(char *buf, size_t n, const char *fmt, ...)
72 va_list args;
73 va_start(args, fmt);
74 (void)git_vsnpath(buf, n, fmt, args);
75 va_end(args);
76 return buf;
79 char *git_pathdup(const char *fmt, ...)
81 char path[PATH_MAX];
82 va_list args;
83 va_start(args, fmt);
84 (void)git_vsnpath(path, sizeof(path), fmt, args);
85 va_end(args);
86 return xstrdup(path);
89 char *mkpath(const char *fmt, ...)
91 va_list args;
92 unsigned len;
93 char *pathname = get_pathname();
95 va_start(args, fmt);
96 len = vsnprintf(pathname, PATH_MAX, fmt, args);
97 va_end(args);
98 if (len >= PATH_MAX)
99 return bad_path;
100 return cleanup_path(pathname);
103 char *git_path(const char *fmt, ...)
105 const char *git_dir = get_git_dir();
106 char *pathname = get_pathname();
107 va_list args;
108 unsigned len;
110 len = strlen(git_dir);
111 if (len > PATH_MAX-100)
112 return bad_path;
113 memcpy(pathname, git_dir, len);
114 if (len && git_dir[len-1] != '/')
115 pathname[len++] = '/';
116 va_start(args, fmt);
117 len += vsnprintf(pathname + len, PATH_MAX - len, fmt, args);
118 va_end(args);
119 if (len >= PATH_MAX)
120 return bad_path;
121 return cleanup_path(pathname);
125 /* git_mkstemp() - create tmp file honoring TMPDIR variable */
126 int git_mkstemp(char *path, size_t len, const char *template)
128 const char *tmp;
129 size_t n;
131 tmp = getenv("TMPDIR");
132 if (!tmp)
133 tmp = "/tmp";
134 n = snprintf(path, len, "%s/%s", tmp, template);
135 if (len <= n) {
136 errno = ENAMETOOLONG;
137 return -1;
139 return mkstemp(path);
143 int validate_headref(const char *path)
145 struct stat st;
146 char *buf, buffer[256];
147 unsigned char sha1[20];
148 int fd;
149 ssize_t len;
151 if (lstat(path, &st) < 0)
152 return -1;
154 /* Make sure it is a "refs/.." symlink */
155 if (S_ISLNK(st.st_mode)) {
156 len = readlink(path, buffer, sizeof(buffer)-1);
157 if (len >= 5 && !memcmp("refs/", buffer, 5))
158 return 0;
159 return -1;
163 * Anything else, just open it and try to see if it is a symbolic ref.
165 fd = open(path, O_RDONLY);
166 if (fd < 0)
167 return -1;
168 len = read_in_full(fd, buffer, sizeof(buffer)-1);
169 close(fd);
172 * Is it a symbolic ref?
174 if (len < 4)
175 return -1;
176 if (!memcmp("ref:", buffer, 4)) {
177 buf = buffer + 4;
178 len -= 4;
179 while (len && isspace(*buf))
180 buf++, len--;
181 if (len >= 5 && !memcmp("refs/", buf, 5))
182 return 0;
186 * Is this a detached HEAD?
188 if (!get_sha1_hex(buffer, sha1))
189 return 0;
191 return -1;
194 static char *user_path(char *buf, char *path, int sz)
196 struct passwd *pw;
197 char *slash;
198 int len, baselen;
200 if (!path || path[0] != '~')
201 return NULL;
202 path++;
203 slash = strchr(path, '/');
204 if (path[0] == '/' || !path[0]) {
205 pw = getpwuid(getuid());
207 else {
208 if (slash) {
209 *slash = 0;
210 pw = getpwnam(path);
211 *slash = '/';
213 else
214 pw = getpwnam(path);
216 if (!pw || !pw->pw_dir || sz <= strlen(pw->pw_dir))
217 return NULL;
218 baselen = strlen(pw->pw_dir);
219 memcpy(buf, pw->pw_dir, baselen);
220 while ((1 < baselen) && (buf[baselen-1] == '/')) {
221 buf[baselen-1] = 0;
222 baselen--;
224 if (slash && slash[1]) {
225 len = strlen(slash);
226 if (sz <= baselen + len)
227 return NULL;
228 memcpy(buf + baselen, slash, len + 1);
230 return buf;
234 * First, one directory to try is determined by the following algorithm.
236 * (0) If "strict" is given, the path is used as given and no DWIM is
237 * done. Otherwise:
238 * (1) "~/path" to mean path under the running user's home directory;
239 * (2) "~user/path" to mean path under named user's home directory;
240 * (3) "relative/path" to mean cwd relative directory; or
241 * (4) "/absolute/path" to mean absolute directory.
243 * Unless "strict" is given, we try access() for existence of "%s.git/.git",
244 * "%s/.git", "%s.git", "%s" in this order. The first one that exists is
245 * what we try.
247 * Second, we try chdir() to that. Upon failure, we return NULL.
249 * Then, we try if the current directory is a valid git repository.
250 * Upon failure, we return NULL.
252 * If all goes well, we return the directory we used to chdir() (but
253 * before ~user is expanded), avoiding getcwd() resolving symbolic
254 * links. User relative paths are also returned as they are given,
255 * except DWIM suffixing.
257 char *enter_repo(char *path, int strict)
259 static char used_path[PATH_MAX];
260 static char validated_path[PATH_MAX];
262 if (!path)
263 return NULL;
265 if (!strict) {
266 static const char *suffix[] = {
267 ".git/.git", "/.git", ".git", "", NULL,
269 int len = strlen(path);
270 int i;
271 while ((1 < len) && (path[len-1] == '/')) {
272 path[len-1] = 0;
273 len--;
275 if (PATH_MAX <= len)
276 return NULL;
277 if (path[0] == '~') {
278 if (!user_path(used_path, path, PATH_MAX))
279 return NULL;
280 strcpy(validated_path, path);
281 path = used_path;
283 else if (PATH_MAX - 10 < len)
284 return NULL;
285 else {
286 path = strcpy(used_path, path);
287 strcpy(validated_path, path);
289 len = strlen(path);
290 for (i = 0; suffix[i]; i++) {
291 strcpy(path + len, suffix[i]);
292 if (!access(path, F_OK)) {
293 strcat(validated_path, suffix[i]);
294 break;
297 if (!suffix[i] || chdir(path))
298 return NULL;
299 path = validated_path;
301 else if (chdir(path))
302 return NULL;
304 if (access("objects", X_OK) == 0 && access("refs", X_OK) == 0 &&
305 validate_headref("HEAD") == 0) {
306 setenv(GIT_DIR_ENVIRONMENT, ".", 1);
307 check_repository_format();
308 return path;
311 return NULL;
314 int adjust_shared_perm(const char *path)
316 struct stat st;
317 int mode;
319 if (!shared_repository)
320 return 0;
321 if (lstat(path, &st) < 0)
322 return -1;
323 mode = st.st_mode;
325 if (shared_repository) {
326 int tweak = shared_repository;
327 if (!(mode & S_IWUSR))
328 tweak &= ~0222;
329 mode |= tweak;
330 } else {
331 /* Preserve old PERM_UMASK behaviour */
332 if (mode & S_IWUSR)
333 mode |= S_IWGRP;
336 if (S_ISDIR(mode)) {
337 mode |= FORCE_DIR_SET_GID;
339 /* Copy read bits to execute bits */
340 mode |= (shared_repository & 0444) >> 2;
343 if ((mode & st.st_mode) != mode && chmod(path, mode) < 0)
344 return -2;
345 return 0;
348 const char *make_relative_path(const char *abs, const char *base)
350 static char buf[PATH_MAX + 1];
351 int baselen;
352 if (!base)
353 return abs;
354 baselen = strlen(base);
355 if (prefixcmp(abs, base))
356 return abs;
357 if (abs[baselen] == '/')
358 baselen++;
359 else if (base[baselen - 1] != '/')
360 return abs;
361 strcpy(buf, abs + baselen);
362 return buf;
366 * path = absolute path
367 * buf = buffer of at least max(2, strlen(path)+1) bytes
368 * It is okay if buf == path, but they should not overlap otherwise.
370 * Performs the following normalizations on path, storing the result in buf:
371 * - Removes trailing slashes.
372 * - Removes empty components.
373 * - Removes "." components.
374 * - Removes ".." components, and the components the precede them.
375 * "" and paths that contain only slashes are normalized to "/".
376 * Returns the length of the output.
378 * Note that this function is purely textual. It does not follow symlinks,
379 * verify the existence of the path, or make any system calls.
381 int normalize_absolute_path(char *buf, const char *path)
383 const char *comp_start = path, *comp_end = path;
384 char *dst = buf;
385 int comp_len;
386 assert(buf);
387 assert(path);
389 while (*comp_start) {
390 assert(*comp_start == '/');
391 while (*++comp_end && *comp_end != '/')
392 ; /* nothing */
393 comp_len = comp_end - comp_start;
395 if (!strncmp("/", comp_start, comp_len) ||
396 !strncmp("/.", comp_start, comp_len))
397 goto next;
399 if (!strncmp("/..", comp_start, comp_len)) {
400 while (dst > buf && *--dst != '/')
401 ; /* nothing */
402 goto next;
405 memmove(dst, comp_start, comp_len);
406 dst += comp_len;
407 next:
408 comp_start = comp_end;
411 if (dst == buf)
412 *dst++ = '/';
414 *dst = '\0';
415 return dst - buf;
419 * path = Canonical absolute path
420 * prefix_list = Colon-separated list of absolute paths
422 * Determines, for each path in prefix_list, whether the "prefix" really
423 * is an ancestor directory of path. Returns the length of the longest
424 * ancestor directory, excluding any trailing slashes, or -1 if no prefix
425 * is an ancestor. (Note that this means 0 is returned if prefix_list is
426 * "/".) "/foo" is not considered an ancestor of "/foobar". Directories
427 * are not considered to be their own ancestors. path must be in a
428 * canonical form: empty components, or "." or ".." components are not
429 * allowed. prefix_list may be null, which is like "".
431 int longest_ancestor_length(const char *path, const char *prefix_list)
433 char buf[PATH_MAX+1];
434 const char *ceil, *colon;
435 int len, max_len = -1;
437 if (prefix_list == NULL || !strcmp(path, "/"))
438 return -1;
440 for (colon = ceil = prefix_list; *colon; ceil = colon+1) {
441 for (colon = ceil; *colon && *colon != ':'; colon++);
442 len = colon - ceil;
443 if (len == 0 || len > PATH_MAX || !is_absolute_path(ceil))
444 continue;
445 strlcpy(buf, ceil, len+1);
446 len = normalize_absolute_path(buf, buf);
447 /* Strip "trailing slashes" from "/". */
448 if (len == 1)
449 len = 0;
451 if (!strncmp(path, buf, len) &&
452 path[len] == '/' &&
453 len > max_len) {
454 max_len = len;
458 return max_len;