upload-pack: Improve error message when bad ref requested
[git/kusma.git] / path.c
blob6b23023095d7e1a5cfc1aef8db6d6e5fb56b32de
1 /*
2 * I'm tired of doing "vsnprintf()" etc just to open a
3 * file, so here's a "return static buffer with printf"
4 * interface for paths.
6 * It's obviously not thread-safe. Sue me. But it's quite
7 * useful for doing things like
9 * f = open(mkpath("%s/%s.git", base, name), O_RDONLY);
11 * which is what it's designed for.
13 #include "cache.h"
14 #include "strbuf.h"
16 static char bad_path[] = "/bad-path/";
18 static char *get_pathname(void)
20 static char pathname_array[4][PATH_MAX];
21 static int index;
22 return pathname_array[3 & ++index];
25 static char *cleanup_path(char *path)
27 /* Clean it up */
28 if (!memcmp(path, "./", 2)) {
29 path += 2;
30 while (*path == '/')
31 path++;
33 return path;
36 char *mksnpath(char *buf, size_t n, const char *fmt, ...)
38 va_list args;
39 unsigned len;
41 va_start(args, fmt);
42 len = vsnprintf(buf, n, fmt, args);
43 va_end(args);
44 if (len >= n) {
45 strlcpy(buf, bad_path, n);
46 return buf;
48 return cleanup_path(buf);
51 static char *git_vsnpath(char *buf, size_t n, const char *fmt, va_list args)
53 const char *git_dir = get_git_dir();
54 size_t len;
56 len = strlen(git_dir);
57 if (n < len + 1)
58 goto bad;
59 memcpy(buf, git_dir, len);
60 if (len && !is_dir_sep(git_dir[len-1]))
61 buf[len++] = '/';
62 len += vsnprintf(buf + len, n - len, fmt, args);
63 if (len >= n)
64 goto bad;
65 return cleanup_path(buf);
66 bad:
67 strlcpy(buf, bad_path, n);
68 return buf;
71 char *git_snpath(char *buf, size_t n, const char *fmt, ...)
73 va_list args;
74 va_start(args, fmt);
75 (void)git_vsnpath(buf, n, fmt, args);
76 va_end(args);
77 return buf;
80 char *git_pathdup(const char *fmt, ...)
82 char path[PATH_MAX];
83 va_list args;
84 va_start(args, fmt);
85 (void)git_vsnpath(path, sizeof(path), fmt, args);
86 va_end(args);
87 return xstrdup(path);
90 char *mkpath(const char *fmt, ...)
92 va_list args;
93 unsigned len;
94 char *pathname = get_pathname();
96 va_start(args, fmt);
97 len = vsnprintf(pathname, PATH_MAX, fmt, args);
98 va_end(args);
99 if (len >= PATH_MAX)
100 return bad_path;
101 return cleanup_path(pathname);
104 char *git_path(const char *fmt, ...)
106 const char *git_dir = get_git_dir();
107 char *pathname = get_pathname();
108 va_list args;
109 unsigned len;
111 len = strlen(git_dir);
112 if (len > PATH_MAX-100)
113 return bad_path;
114 memcpy(pathname, git_dir, len);
115 if (len && git_dir[len-1] != '/')
116 pathname[len++] = '/';
117 va_start(args, fmt);
118 len += vsnprintf(pathname + len, PATH_MAX - len, fmt, args);
119 va_end(args);
120 if (len >= PATH_MAX)
121 return bad_path;
122 return cleanup_path(pathname);
126 /* git_mkstemp() - create tmp file honoring TMPDIR variable */
127 int git_mkstemp(char *path, size_t len, const char *template)
129 const char *tmp;
130 size_t n;
132 tmp = getenv("TMPDIR");
133 if (!tmp)
134 tmp = "/tmp";
135 n = snprintf(path, len, "%s/%s", tmp, template);
136 if (len <= n) {
137 errno = ENAMETOOLONG;
138 return -1;
140 return mkstemp(path);
143 /* git_mkstemps() - create tmp file with suffix honoring TMPDIR variable. */
144 int git_mkstemps(char *path, size_t len, const char *template, int suffix_len)
146 const char *tmp;
147 size_t n;
149 tmp = getenv("TMPDIR");
150 if (!tmp)
151 tmp = "/tmp";
152 n = snprintf(path, len, "%s/%s", tmp, template);
153 if (len <= n) {
154 errno = ENAMETOOLONG;
155 return -1;
157 return mkstemps(path, suffix_len);
160 /* Adapted from libiberty's mkstemp.c. */
162 #undef TMP_MAX
163 #define TMP_MAX 16384
165 int git_mkstemps_mode(char *pattern, int suffix_len, int mode)
167 static const char letters[] =
168 "abcdefghijklmnopqrstuvwxyz"
169 "ABCDEFGHIJKLMNOPQRSTUVWXYZ"
170 "0123456789";
171 static const int num_letters = 62;
172 uint64_t value;
173 struct timeval tv;
174 char *template;
175 size_t len;
176 int fd, count;
178 len = strlen(pattern);
180 if (len < 6 + suffix_len) {
181 errno = EINVAL;
182 return -1;
185 if (strncmp(&pattern[len - 6 - suffix_len], "XXXXXX", 6)) {
186 errno = EINVAL;
187 return -1;
191 * Replace pattern's XXXXXX characters with randomness.
192 * Try TMP_MAX different filenames.
194 gettimeofday(&tv, NULL);
195 value = ((size_t)(tv.tv_usec << 16)) ^ tv.tv_sec ^ getpid();
196 template = &pattern[len - 6 - suffix_len];
197 for (count = 0; count < TMP_MAX; ++count) {
198 uint64_t v = value;
199 /* Fill in the random bits. */
200 template[0] = letters[v % num_letters]; v /= num_letters;
201 template[1] = letters[v % num_letters]; v /= num_letters;
202 template[2] = letters[v % num_letters]; v /= num_letters;
203 template[3] = letters[v % num_letters]; v /= num_letters;
204 template[4] = letters[v % num_letters]; v /= num_letters;
205 template[5] = letters[v % num_letters]; v /= num_letters;
207 fd = open(pattern, O_CREAT | O_EXCL | O_RDWR, mode);
208 if (fd > 0)
209 return fd;
211 * Fatal error (EPERM, ENOSPC etc).
212 * It doesn't make sense to loop.
214 if (errno != EEXIST)
215 break;
217 * This is a random value. It is only necessary that
218 * the next TMP_MAX values generated by adding 7777 to
219 * VALUE are different with (module 2^32).
221 value += 7777;
223 /* We return the null string if we can't find a unique file name. */
224 pattern[0] = '\0';
225 return -1;
228 int git_mkstemp_mode(char *pattern, int mode)
230 /* mkstemp is just mkstemps with no suffix */
231 return git_mkstemps_mode(pattern, 0, mode);
234 int gitmkstemps(char *pattern, int suffix_len)
236 return git_mkstemps_mode(pattern, suffix_len, 0600);
239 int validate_headref(const char *path)
241 struct stat st;
242 char *buf, buffer[256];
243 unsigned char sha1[20];
244 int fd;
245 ssize_t len;
247 if (lstat(path, &st) < 0)
248 return -1;
250 /* Make sure it is a "refs/.." symlink */
251 if (S_ISLNK(st.st_mode)) {
252 len = readlink(path, buffer, sizeof(buffer)-1);
253 if (len >= 5 && !memcmp("refs/", buffer, 5))
254 return 0;
255 return -1;
259 * Anything else, just open it and try to see if it is a symbolic ref.
261 fd = open(path, O_RDONLY);
262 if (fd < 0)
263 return -1;
264 len = read_in_full(fd, buffer, sizeof(buffer)-1);
265 close(fd);
268 * Is it a symbolic ref?
270 if (len < 4)
271 return -1;
272 if (!memcmp("ref:", buffer, 4)) {
273 buf = buffer + 4;
274 len -= 4;
275 while (len && isspace(*buf))
276 buf++, len--;
277 if (len >= 5 && !memcmp("refs/", buf, 5))
278 return 0;
282 * Is this a detached HEAD?
284 if (!get_sha1_hex(buffer, sha1))
285 return 0;
287 return -1;
290 static struct passwd *getpw_str(const char *username, size_t len)
292 struct passwd *pw;
293 char *username_z = xmalloc(len + 1);
294 memcpy(username_z, username, len);
295 username_z[len] = '\0';
296 pw = getpwnam(username_z);
297 free(username_z);
298 return pw;
302 * Return a string with ~ and ~user expanded via getpw*. If buf != NULL,
303 * then it is a newly allocated string. Returns NULL on getpw failure or
304 * if path is NULL.
306 char *expand_user_path(const char *path)
308 struct strbuf user_path = STRBUF_INIT;
309 const char *first_slash = strchrnul(path, '/');
310 const char *to_copy = path;
312 if (path == NULL)
313 goto return_null;
314 if (path[0] == '~') {
315 const char *username = path + 1;
316 size_t username_len = first_slash - username;
317 if (username_len == 0) {
318 const char *home = getenv("HOME");
319 if (!home)
320 goto return_null;
321 strbuf_add(&user_path, home, strlen(home));
322 } else {
323 struct passwd *pw = getpw_str(username, username_len);
324 if (!pw)
325 goto return_null;
326 strbuf_add(&user_path, pw->pw_dir, strlen(pw->pw_dir));
328 to_copy = first_slash;
330 strbuf_add(&user_path, to_copy, strlen(to_copy));
331 return strbuf_detach(&user_path, NULL);
332 return_null:
333 strbuf_release(&user_path);
334 return NULL;
338 * First, one directory to try is determined by the following algorithm.
340 * (0) If "strict" is given, the path is used as given and no DWIM is
341 * done. Otherwise:
342 * (1) "~/path" to mean path under the running user's home directory;
343 * (2) "~user/path" to mean path under named user's home directory;
344 * (3) "relative/path" to mean cwd relative directory; or
345 * (4) "/absolute/path" to mean absolute directory.
347 * Unless "strict" is given, we try access() for existence of "%s.git/.git",
348 * "%s/.git", "%s.git", "%s" in this order. The first one that exists is
349 * what we try.
351 * Second, we try chdir() to that. Upon failure, we return NULL.
353 * Then, we try if the current directory is a valid git repository.
354 * Upon failure, we return NULL.
356 * If all goes well, we return the directory we used to chdir() (but
357 * before ~user is expanded), avoiding getcwd() resolving symbolic
358 * links. User relative paths are also returned as they are given,
359 * except DWIM suffixing.
361 char *enter_repo(char *path, int strict)
363 static char used_path[PATH_MAX];
364 static char validated_path[PATH_MAX];
366 if (!path)
367 return NULL;
369 if (!strict) {
370 static const char *suffix[] = {
371 ".git/.git", "/.git", ".git", "", NULL,
373 int len = strlen(path);
374 int i;
375 while ((1 < len) && (path[len-1] == '/')) {
376 path[len-1] = 0;
377 len--;
379 if (PATH_MAX <= len)
380 return NULL;
381 if (path[0] == '~') {
382 char *newpath = expand_user_path(path);
383 if (!newpath || (PATH_MAX - 10 < strlen(newpath))) {
384 free(newpath);
385 return NULL;
388 * Copy back into the static buffer. A pity
389 * since newpath was not bounded, but other
390 * branches of the if are limited by PATH_MAX
391 * anyway.
393 strcpy(used_path, newpath); free(newpath);
394 strcpy(validated_path, path);
395 path = used_path;
397 else if (PATH_MAX - 10 < len)
398 return NULL;
399 else {
400 path = strcpy(used_path, path);
401 strcpy(validated_path, path);
403 len = strlen(path);
404 for (i = 0; suffix[i]; i++) {
405 strcpy(path + len, suffix[i]);
406 if (!access(path, F_OK)) {
407 strcat(validated_path, suffix[i]);
408 break;
411 if (!suffix[i] || chdir(path))
412 return NULL;
413 path = validated_path;
415 else if (chdir(path))
416 return NULL;
418 if (access("objects", X_OK) == 0 && access("refs", X_OK) == 0 &&
419 validate_headref("HEAD") == 0) {
420 set_git_dir(".");
421 check_repository_format();
422 return path;
425 return NULL;
428 int set_shared_perm(const char *path, int mode)
430 struct stat st;
431 int tweak, shared, orig_mode;
433 if (!shared_repository) {
434 if (mode)
435 return chmod(path, mode & ~S_IFMT);
436 return 0;
438 if (!mode) {
439 if (lstat(path, &st) < 0)
440 return -1;
441 mode = st.st_mode;
442 orig_mode = mode;
443 } else
444 orig_mode = 0;
445 if (shared_repository < 0)
446 shared = -shared_repository;
447 else
448 shared = shared_repository;
449 tweak = shared;
451 if (!(mode & S_IWUSR))
452 tweak &= ~0222;
453 if (mode & S_IXUSR)
454 /* Copy read bits to execute bits */
455 tweak |= (tweak & 0444) >> 2;
456 if (shared_repository < 0)
457 mode = (mode & ~0777) | tweak;
458 else
459 mode |= tweak;
461 if (S_ISDIR(mode)) {
462 /* Copy read bits to execute bits */
463 mode |= (shared & 0444) >> 2;
464 mode |= FORCE_DIR_SET_GID;
467 if (((shared_repository < 0
468 ? (orig_mode & (FORCE_DIR_SET_GID | 0777))
469 : (orig_mode & mode)) != mode) &&
470 chmod(path, (mode & ~S_IFMT)) < 0)
471 return -2;
472 return 0;
475 const char *make_relative_path(const char *abs, const char *base)
477 static char buf[PATH_MAX + 1];
478 int i = 0, j = 0;
480 if (!base || !base[0])
481 return abs;
482 while (base[i]) {
483 if (is_dir_sep(base[i])) {
484 if (!is_dir_sep(abs[j]))
485 return abs;
486 while (is_dir_sep(base[i]))
487 i++;
488 while (is_dir_sep(abs[j]))
489 j++;
490 continue;
491 } else if (abs[j] != base[i]) {
492 return abs;
494 i++;
495 j++;
497 if (
498 /* "/foo" is a prefix of "/foo" */
499 abs[j] &&
500 /* "/foo" is not a prefix of "/foobar" */
501 !is_dir_sep(base[i-1]) && !is_dir_sep(abs[j])
503 return abs;
504 while (is_dir_sep(abs[j]))
505 j++;
506 if (!abs[j])
507 strcpy(buf, ".");
508 else
509 strcpy(buf, abs + j);
510 return buf;
514 * It is okay if dst == src, but they should not overlap otherwise.
516 * Performs the following normalizations on src, storing the result in dst:
517 * - Ensures that components are separated by '/' (Windows only)
518 * - Squashes sequences of '/'.
519 * - Removes "." components.
520 * - Removes ".." components, and the components the precede them.
521 * Returns failure (non-zero) if a ".." component appears as first path
522 * component anytime during the normalization. Otherwise, returns success (0).
524 * Note that this function is purely textual. It does not follow symlinks,
525 * verify the existence of the path, or make any system calls.
527 int normalize_path_copy(char *dst, const char *src)
529 char *dst0;
531 if (has_dos_drive_prefix(src)) {
532 *dst++ = *src++;
533 *dst++ = *src++;
535 dst0 = dst;
537 if (is_dir_sep(*src)) {
538 *dst++ = '/';
539 while (is_dir_sep(*src))
540 src++;
543 for (;;) {
544 char c = *src;
547 * A path component that begins with . could be
548 * special:
549 * (1) "." and ends -- ignore and terminate.
550 * (2) "./" -- ignore them, eat slash and continue.
551 * (3) ".." and ends -- strip one and terminate.
552 * (4) "../" -- strip one, eat slash and continue.
554 if (c == '.') {
555 if (!src[1]) {
556 /* (1) */
557 src++;
558 } else if (is_dir_sep(src[1])) {
559 /* (2) */
560 src += 2;
561 while (is_dir_sep(*src))
562 src++;
563 continue;
564 } else if (src[1] == '.') {
565 if (!src[2]) {
566 /* (3) */
567 src += 2;
568 goto up_one;
569 } else if (is_dir_sep(src[2])) {
570 /* (4) */
571 src += 3;
572 while (is_dir_sep(*src))
573 src++;
574 goto up_one;
579 /* copy up to the next '/', and eat all '/' */
580 while ((c = *src++) != '\0' && !is_dir_sep(c))
581 *dst++ = c;
582 if (is_dir_sep(c)) {
583 *dst++ = '/';
584 while (is_dir_sep(c))
585 c = *src++;
586 src--;
587 } else if (!c)
588 break;
589 continue;
591 up_one:
593 * dst0..dst is prefix portion, and dst[-1] is '/';
594 * go up one level.
596 dst--; /* go to trailing '/' */
597 if (dst <= dst0)
598 return -1;
599 /* Windows: dst[-1] cannot be backslash anymore */
600 while (dst0 < dst && dst[-1] != '/')
601 dst--;
603 *dst = '\0';
604 return 0;
608 * path = Canonical absolute path
609 * prefix_list = Colon-separated list of absolute paths
611 * Determines, for each path in prefix_list, whether the "prefix" really
612 * is an ancestor directory of path. Returns the length of the longest
613 * ancestor directory, excluding any trailing slashes, or -1 if no prefix
614 * is an ancestor. (Note that this means 0 is returned if prefix_list is
615 * "/".) "/foo" is not considered an ancestor of "/foobar". Directories
616 * are not considered to be their own ancestors. path must be in a
617 * canonical form: empty components, or "." or ".." components are not
618 * allowed. prefix_list may be null, which is like "".
620 int longest_ancestor_length(const char *path, const char *prefix_list)
622 char buf[PATH_MAX+1];
623 const char *ceil, *colon;
624 int len, max_len = -1;
626 if (prefix_list == NULL || !strcmp(path, "/"))
627 return -1;
629 for (colon = ceil = prefix_list; *colon; ceil = colon+1) {
630 for (colon = ceil; *colon && *colon != PATH_SEP; colon++);
631 len = colon - ceil;
632 if (len == 0 || len > PATH_MAX || !is_absolute_path(ceil))
633 continue;
634 strlcpy(buf, ceil, len+1);
635 if (normalize_path_copy(buf, buf) < 0)
636 continue;
637 len = strlen(buf);
638 if (len > 0 && buf[len-1] == '/')
639 buf[--len] = '\0';
641 if (!strncmp(path, buf, len) &&
642 path[len] == '/' &&
643 len > max_len) {
644 max_len = len;
648 return max_len;
651 /* strip arbitrary amount of directory separators at end of path */
652 static inline int chomp_trailing_dir_sep(const char *path, int len)
654 while (len && is_dir_sep(path[len - 1]))
655 len--;
656 return len;
660 * If path ends with suffix (complete path components), returns the
661 * part before suffix (sans trailing directory separators).
662 * Otherwise returns NULL.
664 char *strip_path_suffix(const char *path, const char *suffix)
666 int path_len = strlen(path), suffix_len = strlen(suffix);
668 while (suffix_len) {
669 if (!path_len)
670 return NULL;
672 if (is_dir_sep(path[path_len - 1])) {
673 if (!is_dir_sep(suffix[suffix_len - 1]))
674 return NULL;
675 path_len = chomp_trailing_dir_sep(path, path_len);
676 suffix_len = chomp_trailing_dir_sep(suffix, suffix_len);
678 else if (path[--path_len] != suffix[--suffix_len])
679 return NULL;
682 if (path_len && !is_dir_sep(path[path_len - 1]))
683 return NULL;
684 return xstrndup(path, chomp_trailing_dir_sep(path, path_len));
687 int daemon_avoid_alias(const char *p)
689 int sl, ndot;
692 * This resurrects the belts and suspenders paranoia check by HPA
693 * done in <435560F7.4080006@zytor.com> thread, now enter_repo()
694 * does not do getcwd() based path canonicalization.
696 * sl becomes true immediately after seeing '/' and continues to
697 * be true as long as dots continue after that without intervening
698 * non-dot character.
700 if (!p || (*p != '/' && *p != '~'))
701 return -1;
702 sl = 1; ndot = 0;
703 p++;
705 while (1) {
706 char ch = *p++;
707 if (sl) {
708 if (ch == '.')
709 ndot++;
710 else if (ch == '/') {
711 if (ndot < 3)
712 /* reject //, /./ and /../ */
713 return -1;
714 ndot = 0;
716 else if (ch == 0) {
717 if (0 < ndot && ndot < 3)
718 /* reject /.$ and /..$ */
719 return -1;
720 return 0;
722 else
723 sl = ndot = 0;
725 else if (ch == 0)
726 return 0;
727 else if (ch == '/') {
728 sl = 1;
729 ndot = 0;
734 int offset_1st_component(const char *path)
736 if (has_dos_drive_prefix(path))
737 return 2 + is_dir_sep(path[2]);
738 return is_dir_sep(path[0]);