Git-aware CGI to provide dumb HTTP transport
[git/git.git] / path.c
CommitLineData
26c8a533
LT
1/*
2 * I'm tired of doing "vsnprintf()" etc just to open a
3 * file, so here's a "return static buffer with printf"
4 * interface for paths.
5 *
6 * It's obviously not thread-safe. Sue me. But it's quite
7 * useful for doing things like
8 *
9 * f = open(mkpath("%s/%s.git", base, name), O_RDONLY);
10 *
11 * which is what it's designed for.
12 */
13#include "cache.h"
14
26c8a533
LT
15static char bad_path[] = "/bad-path/";
16
e7676d2f
LT
17static char *get_pathname(void)
18{
19 static char pathname_array[4][PATH_MAX];
20 static int index;
21 return pathname_array[3 & ++index];
22}
23
26c8a533
LT
24static char *cleanup_path(char *path)
25{
26 /* Clean it up */
27 if (!memcmp(path, "./", 2)) {
28 path += 2;
29 while (*path == '/')
30 path++;
31 }
32 return path;
33}
34
108bebea
AR
35char *mksnpath(char *buf, size_t n, const char *fmt, ...)
36{
37 va_list args;
38 unsigned len;
39
40 va_start(args, fmt);
41 len = vsnprintf(buf, n, fmt, args);
42 va_end(args);
43 if (len >= n) {
9db56f71 44 strlcpy(buf, bad_path, n);
108bebea
AR
45 return buf;
46 }
47 return cleanup_path(buf);
48}
49
aba13e7c 50static char *git_vsnpath(char *buf, size_t n, const char *fmt, va_list args)
fe2d7776
AR
51{
52 const char *git_dir = get_git_dir();
fe2d7776
AR
53 size_t len;
54
55 len = strlen(git_dir);
56 if (n < len + 1)
57 goto bad;
58 memcpy(buf, git_dir, len);
59 if (len && !is_dir_sep(git_dir[len-1]))
60 buf[len++] = '/';
fe2d7776 61 len += vsnprintf(buf + len, n - len, fmt, args);
fe2d7776
AR
62 if (len >= n)
63 goto bad;
64 return cleanup_path(buf);
65bad:
9db56f71 66 strlcpy(buf, bad_path, n);
fe2d7776
AR
67 return buf;
68}
69
aba13e7c
AR
70char *git_snpath(char *buf, size_t n, const char *fmt, ...)
71{
72 va_list args;
73 va_start(args, fmt);
74 (void)git_vsnpath(buf, n, fmt, args);
75 va_end(args);
76 return buf;
77}
78
79char *git_pathdup(const char *fmt, ...)
80{
81 char path[PATH_MAX];
82 va_list args;
83 va_start(args, fmt);
84 (void)git_vsnpath(path, sizeof(path), fmt, args);
85 va_end(args);
86 return xstrdup(path);
87}
88
26c8a533
LT
89char *mkpath(const char *fmt, ...)
90{
91 va_list args;
92 unsigned len;
e7676d2f 93 char *pathname = get_pathname();
26c8a533
LT
94
95 va_start(args, fmt);
96 len = vsnprintf(pathname, PATH_MAX, fmt, args);
97 va_end(args);
98 if (len >= PATH_MAX)
99 return bad_path;
100 return cleanup_path(pathname);
101}
102
103char *git_path(const char *fmt, ...)
104{
5da1606d 105 const char *git_dir = get_git_dir();
e7676d2f 106 char *pathname = get_pathname();
26c8a533
LT
107 va_list args;
108 unsigned len;
109
110 len = strlen(git_dir);
111 if (len > PATH_MAX-100)
112 return bad_path;
113 memcpy(pathname, git_dir, len);
114 if (len && git_dir[len-1] != '/')
115 pathname[len++] = '/';
116 va_start(args, fmt);
117 len += vsnprintf(pathname + len, PATH_MAX - len, fmt, args);
118 va_end(args);
119 if (len >= PATH_MAX)
120 return bad_path;
121 return cleanup_path(pathname);
122}
f2db68ed
HE
123
124
125/* git_mkstemp() - create tmp file honoring TMPDIR variable */
126int git_mkstemp(char *path, size_t len, const char *template)
127{
e7a7be88
JH
128 const char *tmp;
129 size_t n;
130
131 tmp = getenv("TMPDIR");
132 if (!tmp)
133 tmp = "/tmp";
134 n = snprintf(path, len, "%s/%s", tmp, template);
135 if (len <= n) {
136 errno = ENAMETOOLONG;
137 return -1;
35c3c629 138 }
f2db68ed
HE
139 return mkstemp(path);
140}
141
003b33a8
DA
142/* git_mkstemps() - create tmp file with suffix honoring TMPDIR variable. */
143int git_mkstemps(char *path, size_t len, const char *template, int suffix_len)
144{
145 const char *tmp;
146 size_t n;
147
148 tmp = getenv("TMPDIR");
149 if (!tmp)
150 tmp = "/tmp";
151 n = snprintf(path, len, "%s/%s", tmp, template);
152 if (len <= n) {
153 errno = ENAMETOOLONG;
154 return -1;
155 }
156 return mkstemps(path, suffix_len);
157}
f2db68ed 158
c847f537 159int validate_headref(const char *path)
0870ca7f
JH
160{
161 struct stat st;
162 char *buf, buffer[256];
c847f537 163 unsigned char sha1[20];
0104ca09
HO
164 int fd;
165 ssize_t len;
0870ca7f
JH
166
167 if (lstat(path, &st) < 0)
168 return -1;
169
170 /* Make sure it is a "refs/.." symlink */
171 if (S_ISLNK(st.st_mode)) {
172 len = readlink(path, buffer, sizeof(buffer)-1);
222b1673 173 if (len >= 5 && !memcmp("refs/", buffer, 5))
0870ca7f
JH
174 return 0;
175 return -1;
176 }
177
178 /*
179 * Anything else, just open it and try to see if it is a symbolic ref.
180 */
181 fd = open(path, O_RDONLY);
182 if (fd < 0)
183 return -1;
93d26e4c 184 len = read_in_full(fd, buffer, sizeof(buffer)-1);
0870ca7f
JH
185 close(fd);
186
187 /*
188 * Is it a symbolic ref?
189 */
c847f537 190 if (len < 4)
0870ca7f 191 return -1;
c847f537
JH
192 if (!memcmp("ref:", buffer, 4)) {
193 buf = buffer + 4;
194 len -= 4;
195 while (len && isspace(*buf))
196 buf++, len--;
222b1673 197 if (len >= 5 && !memcmp("refs/", buf, 5))
c847f537
JH
198 return 0;
199 }
200
201 /*
202 * Is this a detached HEAD?
203 */
204 if (!get_sha1_hex(buffer, sha1))
0870ca7f 205 return 0;
c847f537 206
0870ca7f
JH
207 return -1;
208}
209
d79374c7 210static char *user_path(char *buf, char *path, int sz)
54f4b874 211{
d79374c7
JH
212 struct passwd *pw;
213 char *slash;
214 int len, baselen;
54f4b874 215
d79374c7
JH
216 if (!path || path[0] != '~')
217 return NULL;
218 path++;
219 slash = strchr(path, '/');
220 if (path[0] == '/' || !path[0]) {
221 pw = getpwuid(getuid());
222 }
223 else {
224 if (slash) {
225 *slash = 0;
226 pw = getpwnam(path);
227 *slash = '/';
54f4b874 228 }
d79374c7
JH
229 else
230 pw = getpwnam(path);
54f4b874 231 }
d79374c7
JH
232 if (!pw || !pw->pw_dir || sz <= strlen(pw->pw_dir))
233 return NULL;
234 baselen = strlen(pw->pw_dir);
235 memcpy(buf, pw->pw_dir, baselen);
236 while ((1 < baselen) && (buf[baselen-1] == '/')) {
237 buf[baselen-1] = 0;
238 baselen--;
239 }
240 if (slash && slash[1]) {
241 len = strlen(slash);
242 if (sz <= baselen + len)
243 return NULL;
244 memcpy(buf + baselen, slash, len + 1);
245 }
246 return buf;
54f4b874
AE
247}
248
d79374c7
JH
249/*
250 * First, one directory to try is determined by the following algorithm.
251 *
252 * (0) If "strict" is given, the path is used as given and no DWIM is
253 * done. Otherwise:
254 * (1) "~/path" to mean path under the running user's home directory;
255 * (2) "~user/path" to mean path under named user's home directory;
256 * (3) "relative/path" to mean cwd relative directory; or
257 * (4) "/absolute/path" to mean absolute directory.
258 *
259 * Unless "strict" is given, we try access() for existence of "%s.git/.git",
260 * "%s/.git", "%s.git", "%s" in this order. The first one that exists is
261 * what we try.
262 *
263 * Second, we try chdir() to that. Upon failure, we return NULL.
264 *
265 * Then, we try if the current directory is a valid git repository.
266 * Upon failure, we return NULL.
267 *
268 * If all goes well, we return the directory we used to chdir() (but
269 * before ~user is expanded), avoiding getcwd() resolving symbolic
270 * links. User relative paths are also returned as they are given,
271 * except DWIM suffixing.
272 */
54f4b874
AE
273char *enter_repo(char *path, int strict)
274{
d79374c7
JH
275 static char used_path[PATH_MAX];
276 static char validated_path[PATH_MAX];
277
278 if (!path)
54f4b874
AE
279 return NULL;
280
d79374c7
JH
281 if (!strict) {
282 static const char *suffix[] = {
283 ".git/.git", "/.git", ".git", "", NULL,
284 };
285 int len = strlen(path);
286 int i;
287 while ((1 < len) && (path[len-1] == '/')) {
288 path[len-1] = 0;
289 len--;
290 }
291 if (PATH_MAX <= len)
54f4b874 292 return NULL;
d79374c7
JH
293 if (path[0] == '~') {
294 if (!user_path(used_path, path, PATH_MAX))
295 return NULL;
296 strcpy(validated_path, path);
297 path = used_path;
298 }
299 else if (PATH_MAX - 10 < len)
300 return NULL;
301 else {
302 path = strcpy(used_path, path);
303 strcpy(validated_path, path);
304 }
305 len = strlen(path);
306 for (i = 0; suffix[i]; i++) {
307 strcpy(path + len, suffix[i]);
308 if (!access(path, F_OK)) {
309 strcat(validated_path, suffix[i]);
310 break;
311 }
312 }
313 if (!suffix[i] || chdir(path))
0870ca7f 314 return NULL;
d79374c7 315 path = validated_path;
0870ca7f 316 }
d79374c7
JH
317 else if (chdir(path))
318 return NULL;
54f4b874 319
d79374c7 320 if (access("objects", X_OK) == 0 && access("refs", X_OK) == 0 &&
c847f537 321 validate_headref("HEAD") == 0) {
7627943a 322 setenv(GIT_DIR_ENVIRONMENT, ".", 1);
1644162a 323 check_repository_format();
d79374c7 324 return path;
54f4b874
AE
325 }
326
327 return NULL;
328}
138086a7 329
17e61b82 330int set_shared_perm(const char *path, int mode)
138086a7
JH
331{
332 struct stat st;
17e61b82 333 int tweak, shared, orig_mode;
138086a7 334
17e61b82
JH
335 if (!shared_repository) {
336 if (mode)
337 return chmod(path, mode & ~S_IFMT);
138086a7 338 return 0;
17e61b82
JH
339 }
340 if (!mode) {
341 if (lstat(path, &st) < 0)
342 return -1;
343 mode = st.st_mode;
344 orig_mode = mode;
345 } else
346 orig_mode = 0;
5a688fe4
JH
347 if (shared_repository < 0)
348 shared = -shared_repository;
349 else
350 shared = shared_repository;
351 tweak = shared;
352
353 if (!(mode & S_IWUSR))
354 tweak &= ~0222;
355 if (mode & S_IXUSR)
356 /* Copy read bits to execute bits */
357 tweak |= (tweak & 0444) >> 2;
358 if (shared_repository < 0)
359 mode = (mode & ~0777) | tweak;
360 else
8c6202d8 361 mode |= tweak;
06cbe855
HO
362
363 if (S_ISDIR(mode)) {
06cbe855 364 /* Copy read bits to execute bits */
5a688fe4
JH
365 mode |= (shared & 0444) >> 2;
366 mode |= FORCE_DIR_SET_GID;
06cbe855
HO
367 }
368
5a688fe4 369 if (((shared_repository < 0
17e61b82
JH
370 ? (orig_mode & (FORCE_DIR_SET_GID | 0777))
371 : (orig_mode & mode)) != mode) &&
372 chmod(path, (mode & ~S_IFMT)) < 0)
138086a7
JH
373 return -2;
374 return 0;
375}
e5392c51 376
044bbbcb
LT
377const char *make_relative_path(const char *abs, const char *base)
378{
379 static char buf[PATH_MAX + 1];
380 int baselen;
381 if (!base)
382 return abs;
383 baselen = strlen(base);
384 if (prefixcmp(abs, base))
385 return abs;
386 if (abs[baselen] == '/')
387 baselen++;
388 else if (base[baselen - 1] != '/')
389 return abs;
390 strcpy(buf, abs + baselen);
391 return buf;
392}
ae299be0
DR
393
394/*
f2a782b8 395 * It is okay if dst == src, but they should not overlap otherwise.
ae299be0 396 *
f2a782b8
JS
397 * Performs the following normalizations on src, storing the result in dst:
398 * - Ensures that components are separated by '/' (Windows only)
399 * - Squashes sequences of '/'.
ae299be0
DR
400 * - Removes "." components.
401 * - Removes ".." components, and the components the precede them.
f2a782b8
JS
402 * Returns failure (non-zero) if a ".." component appears as first path
403 * component anytime during the normalization. Otherwise, returns success (0).
ae299be0
DR
404 *
405 * Note that this function is purely textual. It does not follow symlinks,
406 * verify the existence of the path, or make any system calls.
407 */
f3cad0ad 408int normalize_path_copy(char *dst, const char *src)
ae299be0 409{
f3cad0ad 410 char *dst0;
ae299be0 411
f3cad0ad
JS
412 if (has_dos_drive_prefix(src)) {
413 *dst++ = *src++;
414 *dst++ = *src++;
ae299be0 415 }
f3cad0ad 416 dst0 = dst;
ae299be0 417
f3cad0ad 418 if (is_dir_sep(*src)) {
ae299be0 419 *dst++ = '/';
f3cad0ad
JS
420 while (is_dir_sep(*src))
421 src++;
422 }
423
424 for (;;) {
425 char c = *src;
426
427 /*
428 * A path component that begins with . could be
429 * special:
430 * (1) "." and ends -- ignore and terminate.
431 * (2) "./" -- ignore them, eat slash and continue.
432 * (3) ".." and ends -- strip one and terminate.
433 * (4) "../" -- strip one, eat slash and continue.
434 */
435 if (c == '.') {
436 if (!src[1]) {
437 /* (1) */
438 src++;
439 } else if (is_dir_sep(src[1])) {
440 /* (2) */
441 src += 2;
442 while (is_dir_sep(*src))
443 src++;
444 continue;
445 } else if (src[1] == '.') {
446 if (!src[2]) {
447 /* (3) */
448 src += 2;
449 goto up_one;
450 } else if (is_dir_sep(src[2])) {
451 /* (4) */
452 src += 3;
453 while (is_dir_sep(*src))
454 src++;
455 goto up_one;
456 }
457 }
458 }
ae299be0 459
f3cad0ad
JS
460 /* copy up to the next '/', and eat all '/' */
461 while ((c = *src++) != '\0' && !is_dir_sep(c))
462 *dst++ = c;
463 if (is_dir_sep(c)) {
464 *dst++ = '/';
465 while (is_dir_sep(c))
466 c = *src++;
467 src--;
468 } else if (!c)
469 break;
470 continue;
471
472 up_one:
473 /*
474 * dst0..dst is prefix portion, and dst[-1] is '/';
475 * go up one level.
476 */
f42302b4
JS
477 dst--; /* go to trailing '/' */
478 if (dst <= dst0)
f3cad0ad 479 return -1;
f42302b4
JS
480 /* Windows: dst[-1] cannot be backslash anymore */
481 while (dst0 < dst && dst[-1] != '/')
482 dst--;
f3cad0ad 483 }
ae299be0 484 *dst = '\0';
f3cad0ad 485 return 0;
ae299be0 486}
0454dd93
DR
487
488/*
489 * path = Canonical absolute path
490 * prefix_list = Colon-separated list of absolute paths
491 *
2860b57a 492 * Determines, for each path in prefix_list, whether the "prefix" really
0454dd93
DR
493 * is an ancestor directory of path. Returns the length of the longest
494 * ancestor directory, excluding any trailing slashes, or -1 if no prefix
495 * is an ancestor. (Note that this means 0 is returned if prefix_list is
496 * "/".) "/foo" is not considered an ancestor of "/foobar". Directories
497 * are not considered to be their own ancestors. path must be in a
498 * canonical form: empty components, or "." or ".." components are not
499 * allowed. prefix_list may be null, which is like "".
500 */
501int longest_ancestor_length(const char *path, const char *prefix_list)
502{
503 char buf[PATH_MAX+1];
504 const char *ceil, *colon;
505 int len, max_len = -1;
506
507 if (prefix_list == NULL || !strcmp(path, "/"))
508 return -1;
509
510 for (colon = ceil = prefix_list; *colon; ceil = colon+1) {
43a7ddb5 511 for (colon = ceil; *colon && *colon != PATH_SEP; colon++);
0454dd93
DR
512 len = colon - ceil;
513 if (len == 0 || len > PATH_MAX || !is_absolute_path(ceil))
514 continue;
515 strlcpy(buf, ceil, len+1);
43a7ddb5
RS
516 if (normalize_path_copy(buf, buf) < 0)
517 continue;
518 len = strlen(buf);
519 if (len > 0 && buf[len-1] == '/')
520 buf[--len] = '\0';
0454dd93
DR
521
522 if (!strncmp(path, buf, len) &&
523 path[len] == '/' &&
524 len > max_len) {
525 max_len = len;
526 }
527 }
528
529 return max_len;
530}
4fcc86b0
JS
531
532/* strip arbitrary amount of directory separators at end of path */
533static inline int chomp_trailing_dir_sep(const char *path, int len)
534{
535 while (len && is_dir_sep(path[len - 1]))
536 len--;
537 return len;
538}
539
540/*
541 * If path ends with suffix (complete path components), returns the
542 * part before suffix (sans trailing directory separators).
543 * Otherwise returns NULL.
544 */
545char *strip_path_suffix(const char *path, const char *suffix)
546{
547 int path_len = strlen(path), suffix_len = strlen(suffix);
548
549 while (suffix_len) {
550 if (!path_len)
551 return NULL;
552
553 if (is_dir_sep(path[path_len - 1])) {
554 if (!is_dir_sep(suffix[suffix_len - 1]))
555 return NULL;
556 path_len = chomp_trailing_dir_sep(path, path_len);
557 suffix_len = chomp_trailing_dir_sep(suffix, suffix_len);
558 }
559 else if (path[--path_len] != suffix[--suffix_len])
560 return NULL;
561 }
562
563 if (path_len && !is_dir_sep(path[path_len - 1]))
564 return NULL;
565 return xstrndup(path, chomp_trailing_dir_sep(path, path_len));
566}