[thirdparty/git.git] / path.c

/*
 * I'm tired of doing "vsnprintf()" etc just to open a
 * file, so here's a "return static buffer with printf"
 * interface for paths.
 *
 * It's obviously not thread-safe. Sue me. But it's quite
 * useful for doing things like
 *
 *   f = open(mkpath("%s/%s.git", base, name), O_RDONLY);
 *
 * which is what it's designed for.
 */
#include "cache.h"
#include "strbuf.h"
#include "string-list.h"

#ifndef get_st_mode_bits
/*
 * The replacement lstat(2) we use on Cygwin is incomplete and
 * may return wrong permission bits. Most of the time we do not care,
 * but the callsites of this wrapper do care.
 */
int get_st_mode_bits(const char *path, int *mode)
{
	struct stat st;
	if (lstat(path, &st) < 0)
		return -1;
	*mode = st.st_mode;
	return 0;
}
#endif

static char bad_path[] = "/bad-path/";

static char *get_pathname(void)
{
	static char pathname_array[4][PATH_MAX];
	static int index;
	return pathname_array[3 & ++index];
}

static char *cleanup_path(char *path)
{
	/* Clean it up */
	if (!memcmp(path, "./", 2)) {
		path += 2;
		while (*path == '/')
			path++;
	}
	return path;
}

char *mksnpath(char *buf, size_t n, const char *fmt, ...)
{
	va_list args;
	unsigned len;

	va_start(args, fmt);
	len = vsnprintf(buf, n, fmt, args);
	va_end(args);
	if (len >= n) {
		strlcpy(buf, bad_path, n);
		return buf;
	}
	return cleanup_path(buf);
}

static char *vsnpath(char *buf, size_t n, const char *fmt, va_list args)
{
	const char *git_dir = get_git_dir();
	size_t len;

	len = strlen(git_dir);
	if (n < len + 1)
		goto bad;
	memcpy(buf, git_dir, len);
	if (len && !is_dir_sep(git_dir[len-1]))
		buf[len++] = '/';
	len += vsnprintf(buf + len, n - len, fmt, args);
	if (len >= n)
		goto bad;
	return cleanup_path(buf);
bad:
	strlcpy(buf, bad_path, n);
	return buf;
}

char *git_snpath(char *buf, size_t n, const char *fmt, ...)
{
	char *ret;
	va_list args;
	va_start(args, fmt);
	ret = vsnpath(buf, n, fmt, args);
	va_end(args);
	return ret;
}

char *git_pathdup(const char *fmt, ...)
{
	char path[PATH_MAX], *ret;
	va_list args;
	va_start(args, fmt);
	ret = vsnpath(path, sizeof(path), fmt, args);
	va_end(args);
	return xstrdup(ret);
}

char *mkpathdup(const char *fmt, ...)
{
	char *path;
	struct strbuf sb = STRBUF_INIT;
	va_list args;

	va_start(args, fmt);
	strbuf_vaddf(&sb, fmt, args);
	va_end(args);
	path = xstrdup(cleanup_path(sb.buf));

	strbuf_release(&sb);
	return path;
}

char *mkpath(const char *fmt, ...)
{
	va_list args;
	unsigned len;
	char *pathname = get_pathname();

	va_start(args, fmt);
	len = vsnprintf(pathname, PATH_MAX, fmt, args);
	va_end(args);
	if (len >= PATH_MAX)
		return bad_path;
	return cleanup_path(pathname);
}

char *git_path(const char *fmt, ...)
{
	char *pathname = get_pathname();
	va_list args;
	char *ret;

	va_start(args, fmt);
	ret = vsnpath(pathname, PATH_MAX, fmt, args);
	va_end(args);
	return ret;
}

void home_config_paths(char **global, char **xdg, char *file)
{
	char *xdg_home = getenv("XDG_CONFIG_HOME");
	char *home = getenv("HOME");
	char *to_free = NULL;

	if (!home) {
		if (global)
			*global = NULL;
	} else {
		if (!xdg_home) {
			to_free = mkpathdup("%s/.config", home);
			xdg_home = to_free;
		}
		if (global)
			*global = mkpathdup("%s/.gitconfig", home);
	}

	if (!xdg_home)
		*xdg = NULL;
	else
		*xdg = mkpathdup("%s/git/%s", xdg_home, file);

	free(to_free);
}

char *git_path_submodule(const char *path, const char *fmt, ...)
{
	char *pathname = get_pathname();
	struct strbuf buf = STRBUF_INIT;
	const char *git_dir;
	va_list args;
	unsigned len;

	len = strlen(path);
	if (len > PATH_MAX-100)
		return bad_path;

	strbuf_addstr(&buf, path);
	if (len && path[len-1] != '/')
		strbuf_addch(&buf, '/');
	strbuf_addstr(&buf, ".git");

	git_dir = read_gitfile(buf.buf);
	if (git_dir) {
		strbuf_reset(&buf);
		strbuf_addstr(&buf, git_dir);
	}
	strbuf_addch(&buf, '/');

	if (buf.len >= PATH_MAX)
		return bad_path;
	memcpy(pathname, buf.buf, buf.len + 1);

	strbuf_release(&buf);
	len = strlen(pathname);

	va_start(args, fmt);
	len += vsnprintf(pathname + len, PATH_MAX - len, fmt, args);
	va_end(args);
	if (len >= PATH_MAX)
		return bad_path;
	return cleanup_path(pathname);
}

int validate_headref(const char *path)
{
	struct stat st;
	char *buf, buffer[256];
	unsigned char sha1[20];
	int fd;
	ssize_t len;

	if (lstat(path, &st) < 0)
		return -1;

	/* Make sure it is a "refs/.." symlink */
	if (S_ISLNK(st.st_mode)) {
		len = readlink(path, buffer, sizeof(buffer)-1);
		if (len >= 5 && !memcmp("refs/", buffer, 5))
			return 0;
		return -1;
	}

	/*
	 * Anything else, just open it and try to see if it is a symbolic ref.
	 */
	fd = open(path, O_RDONLY);
	if (fd < 0)
		return -1;
	len = read_in_full(fd, buffer, sizeof(buffer)-1);
	close(fd);

	/*
	 * Is it a symbolic ref?
	 */
	if (len < 4)
		return -1;
	if (!memcmp("ref:", buffer, 4)) {
		buf = buffer + 4;
		len -= 4;
		while (len && isspace(*buf))
			buf++, len--;
		if (len >= 5 && !memcmp("refs/", buf, 5))
			return 0;
	}

	/*
	 * Is this a detached HEAD?
	 */
	if (!get_sha1_hex(buffer, sha1))
		return 0;

	return -1;
}

static struct passwd *getpw_str(const char *username, size_t len)
{
	struct passwd *pw;
	char *username_z = xmalloc(len + 1);
	memcpy(username_z, username, len);
	username_z[len] = '\0';
	pw = getpwnam(username_z);
	free(username_z);
	return pw;
}

/*
 * Return a string with ~ and ~user expanded via getpw*.  If buf != NULL,
 * then it is a newly allocated string. Returns NULL on getpw failure or
 * if path is NULL.
 */
char *expand_user_path(const char *path)
{
	struct strbuf user_path = STRBUF_INIT;
	const char *first_slash = strchrnul(path, '/');
	const char *to_copy = path;

	if (path == NULL)
		goto return_null;
	if (path[0] == '~') {
		const char *username = path + 1;
		size_t username_len = first_slash - username;
		if (username_len == 0) {
			const char *home = getenv("HOME");
			if (!home)
				goto return_null;
			strbuf_add(&user_path, home, strlen(home));
		} else {
			struct passwd *pw = getpw_str(username, username_len);
			if (!pw)
				goto return_null;
			strbuf_add(&user_path, pw->pw_dir, strlen(pw->pw_dir));
		}
		to_copy = first_slash;
	}
	strbuf_add(&user_path, to_copy, strlen(to_copy));
	return strbuf_detach(&user_path, NULL);
return_null:
	strbuf_release(&user_path);
	return NULL;
}

/*
 * First, one directory to try is determined by the following algorithm.
 *
 * (0) If "strict" is given, the path is used as given and no DWIM is
 *     done. Otherwise:
 * (1) "~/path" to mean path under the running user's home directory;
 * (2) "~user/path" to mean path under named user's home directory;
 * (3) "relative/path" to mean cwd relative directory; or
 * (4) "/absolute/path" to mean absolute directory.
 *
 * Unless "strict" is given, we try access() for existence of "%s.git/.git",
 * "%s/.git", "%s.git", "%s" in this order.  The first one that exists is
 * what we try.
 *
 * Second, we try chdir() to that.  Upon failure, we return NULL.
 *
 * Then, we try if the current directory is a valid git repository.
 * Upon failure, we return NULL.
 *
 * If all goes well, we return the directory we used to chdir() (but
 * before ~user is expanded), avoiding getcwd() resolving symbolic
 * links.  User relative paths are also returned as they are given,
 * except DWIM suffixing.
 */
const char *enter_repo(const char *path, int strict)
{
	static char used_path[PATH_MAX];
	static char validated_path[PATH_MAX];

	if (!path)
		return NULL;

	if (!strict) {
		static const char *suffix[] = {
			"/.git", "", ".git/.git", ".git", NULL,
		};
		const char *gitfile;
		int len = strlen(path);
		int i;
		while ((1 < len) && (path[len-1] == '/'))
			len--;

		if (PATH_MAX <= len)
			return NULL;
		strncpy(used_path, path, len); used_path[len] = 0 ;
		strcpy(validated_path, used_path);

		if (used_path[0] == '~') {
			char *newpath = expand_user_path(used_path);
			if (!newpath || (PATH_MAX - 10 < strlen(newpath))) {
				free(newpath);
				return NULL;
			}
			/*
			 * Copy back into the static buffer. A pity
			 * since newpath was not bounded, but other
			 * branches of the if are limited by PATH_MAX
			 * anyway.
			 */
			strcpy(used_path, newpath); free(newpath);
		}
		else if (PATH_MAX - 10 < len)
			return NULL;
		len = strlen(used_path);
		for (i = 0; suffix[i]; i++) {
			struct stat st;
			strcpy(used_path + len, suffix[i]);
			if (!stat(used_path, &st) &&
			    (S_ISREG(st.st_mode) ||
			    (S_ISDIR(st.st_mode) && is_git_directory(used_path)))) {
				strcat(validated_path, suffix[i]);
				break;
			}
		}
		if (!suffix[i])
			return NULL;
		gitfile = read_gitfile(used_path) ;
		if (gitfile)
			strcpy(used_path, gitfile);
		if (chdir(used_path))
			return NULL;
		path = validated_path;
	}
	else if (chdir(path))
		return NULL;

	if (access("objects", X_OK) == 0 && access("refs", X_OK) == 0 &&
	    validate_headref("HEAD") == 0) {
		set_git_dir(".");
		check_repository_format();
		return path;
	}

	return NULL;
}

int set_shared_perm(const char *path, int mode)
{
	int tweak, shared, orig_mode;

	if (!shared_repository) {
		if (mode)
			return chmod(path, mode & ~S_IFMT);
		return 0;
	}
	if (!mode) {
		if (get_st_mode_bits(path, &mode) < 0)
			return -1;
		orig_mode = mode;
	} else
		orig_mode = 0;
	if (shared_repository < 0)
		shared = -shared_repository;
	else
		shared = shared_repository;
	tweak = shared;

	if (!(mode & S_IWUSR))
		tweak &= ~0222;
	if (mode & S_IXUSR)
		/* Copy read bits to execute bits */
		tweak |= (tweak & 0444) >> 2;
	if (shared_repository < 0)
		mode = (mode & ~0777) | tweak;
	else
		mode |= tweak;

	if (S_ISDIR(mode)) {
		/* Copy read bits to execute bits */
		mode |= (shared & 0444) >> 2;
		mode |= FORCE_DIR_SET_GID;
	}

	if (((shared_repository < 0
	      ? (orig_mode & (FORCE_DIR_SET_GID | 0777))
	      : (orig_mode & mode)) != mode) &&
	    chmod(path, (mode & ~S_IFMT)) < 0)
		return -2;
	return 0;
}

const char *relative_path(const char *abs, const char *base)
{
	static char buf[PATH_MAX + 1];
	int i = 0, j = 0;

	if (!base || !base[0])
		return abs;
	while (base[i]) {
		if (is_dir_sep(base[i])) {
			if (!is_dir_sep(abs[j]))
				return abs;
			while (is_dir_sep(base[i]))
				i++;
			while (is_dir_sep(abs[j]))
				j++;
			continue;
		} else if (abs[j] != base[i]) {
			return abs;
		}
		i++;
		j++;
	}
	if (
	    /* "/foo" is a prefix of "/foo" */
	    abs[j] &&
	    /* "/foo" is not a prefix of "/foobar" */
	    !is_dir_sep(base[i-1]) && !is_dir_sep(abs[j])
	   )
		return abs;
	while (is_dir_sep(abs[j]))
		j++;
	if (!abs[j])
		strcpy(buf, ".");
	else
		strcpy(buf, abs + j);
	return buf;
}

/*
 * It is okay if dst == src, but they should not overlap otherwise.
 *
 * Performs the following normalizations on src, storing the result in dst:
 * - Ensures that components are separated by '/' (Windows only)
 * - Squashes sequences of '/'.
 * - Removes "." components.
 * - Removes ".." components, and the components the precede them.
 * Returns failure (non-zero) if a ".." component appears as first path
 * component anytime during the normalization. Otherwise, returns success (0).
 *
 * Note that this function is purely textual.  It does not follow symlinks,
 * verify the existence of the path, or make any system calls.
 */
int normalize_path_copy(char *dst, const char *src)
{
	char *dst0;

	if (has_dos_drive_prefix(src)) {
		*dst++ = *src++;
		*dst++ = *src++;
	}
	dst0 = dst;

	if (is_dir_sep(*src)) {
		*dst++ = '/';
		while (is_dir_sep(*src))
			src++;
	}

	for (;;) {
		char c = *src;

		/*
		 * A path component that begins with . could be
		 * special:
		 * (1) "." and ends   -- ignore and terminate.
		 * (2) "./"           -- ignore them, eat slash and continue.
		 * (3) ".." and ends  -- strip one and terminate.
		 * (4) "../"          -- strip one, eat slash and continue.
		 */
		if (c == '.') {
			if (!src[1]) {
				/* (1) */
				src++;
			} else if (is_dir_sep(src[1])) {
				/* (2) */
				src += 2;
				while (is_dir_sep(*src))
					src++;
				continue;
			} else if (src[1] == '.') {
				if (!src[2]) {
					/* (3) */
					src += 2;
					goto up_one;
				} else if (is_dir_sep(src[2])) {
					/* (4) */
					src += 3;
					while (is_dir_sep(*src))
						src++;
					goto up_one;
				}
			}
		}

		/* copy up to the next '/', and eat all '/' */
		while ((c = *src++) != '\0' && !is_dir_sep(c))
			*dst++ = c;
		if (is_dir_sep(c)) {
			*dst++ = '/';
			while (is_dir_sep(c))
				c = *src++;
			src--;
		} else if (!c)
			break;
		continue;

	up_one:
		/*
		 * dst0..dst is prefix portion, and dst[-1] is '/';
		 * go up one level.
		 */
		dst--;	/* go to trailing '/' */
		if (dst <= dst0)
			return -1;
		/* Windows: dst[-1] cannot be backslash anymore */
		while (dst0 < dst && dst[-1] != '/')
			dst--;
	}
	*dst = '\0';
	return 0;
}

/*
 * path = Canonical absolute path
 * prefixes = string_list containing normalized, absolute paths without
 * trailing slashes (except for the root directory, which is denoted by "/").
 *
 * Determines, for each path in prefixes, whether the "prefix"
 * is an ancestor directory of path.  Returns the length of the longest
 * ancestor directory, excluding any trailing slashes, or -1 if no prefix
 * is an ancestor.  (Note that this means 0 is returned if prefixes is
 * ["/"].) "/foo" is not considered an ancestor of "/foobar".  Directories
 * are not considered to be their own ancestors.  path must be in a
 * canonical form: empty components, or "." or ".." components are not
 * allowed.
 */
int longest_ancestor_length(const char *path, struct string_list *prefixes)
{
	int i, max_len = -1;

	if (!strcmp(path, "/"))
		return -1;

	for (i = 0; i < prefixes->nr; i++) {
		const char *ceil = prefixes->items[i].string;
		int len = strlen(ceil);

		if (len == 1 && ceil[0] == '/')
			len = 0; /* root matches anything, with length 0 */
		else if (!strncmp(path, ceil, len) && path[len] == '/')
			; /* match of length len */
		else
			continue; /* no match */

		if (len > max_len)
			max_len = len;
	}

	return max_len;
}

/* strip arbitrary amount of directory separators at end of path */
static inline int chomp_trailing_dir_sep(const char *path, int len)
{
	while (len && is_dir_sep(path[len - 1]))
		len--;
	return len;
}

/*
 * If path ends with suffix (complete path components), returns the
 * part before suffix (sans trailing directory separators).
 * Otherwise returns NULL.
 */
char *strip_path_suffix(const char *path, const char *suffix)
{
	int path_len = strlen(path), suffix_len = strlen(suffix);

	while (suffix_len) {
		if (!path_len)
			return NULL;

		if (is_dir_sep(path[path_len - 1])) {
			if (!is_dir_sep(suffix[suffix_len - 1]))
				return NULL;
			path_len = chomp_trailing_dir_sep(path, path_len);
			suffix_len = chomp_trailing_dir_sep(suffix, suffix_len);
		}
		else if (path[--path_len] != suffix[--suffix_len])
			return NULL;
	}

	if (path_len && !is_dir_sep(path[path_len - 1]))
		return NULL;
	return xstrndup(path, chomp_trailing_dir_sep(path, path_len));
}

int daemon_avoid_alias(const char *p)
{
	int sl, ndot;

	/*
	 * This resurrects the belts and suspenders paranoia check by HPA
	 * done in <435560F7.4080006@zytor.com> thread, now enter_repo()
	 * does not do getcwd() based path canonicalization.
	 *
	 * sl becomes true immediately after seeing '/' and continues to
	 * be true as long as dots continue after that without intervening
	 * non-dot character.
	 */
	if (!p || (*p != '/' && *p != '~'))
		return -1;
	sl = 1; ndot = 0;
	p++;

	while (1) {
		char ch = *p++;
		if (sl) {
			if (ch == '.')
				ndot++;
			else if (ch == '/') {
				if (ndot < 3)
					/* reject //, /./ and /../ */
					return -1;
				ndot = 0;
			}
			else if (ch == 0) {
				if (0 < ndot && ndot < 3)
					/* reject /.$ and /..$ */
					return -1;
				return 0;
			}
			else
				sl = ndot = 0;
		}
		else if (ch == 0)
			return 0;
		else if (ch == '/') {
			sl = 1;
			ndot = 0;
		}
	}
}

int offset_1st_component(const char *path)
{
	if (has_dos_drive_prefix(path))
		return 2 + is_dir_sep(path[2]);
	return is_dir_sep(path[0]);
}
Commit	Line	Data
26c8a533 LT	1	/*
	2	* I'm tired of doing "vsnprintf()" etc just to open a
	3	* file, so here's a "return static buffer with printf"
	4	* interface for paths.
	5	*
	6	* It's obviously not thread-safe. Sue me. But it's quite
	7	* useful for doing things like
	8	*
	9	* f = open(mkpath("%s/%s.git", base, name), O_RDONLY);
	10	*
	11	* which is what it's designed for.
	12	*/
	13	#include "cache.h"
395de250	14	#include "strbuf.h"
a5ccdbe4	15	#include "string-list.h"
26c8a533	16
0117c2f0 TB	17	#ifndef get_st_mode_bits
	18	/*
	19	* The replacement lstat(2) we use on Cygwin is incomplete and
	20	* may return wrong permission bits. Most of the time we do not care,
	21	* but the callsites of this wrapper do care.
	22	*/
	23	int get_st_mode_bits(const char path, int mode)
	24	{
	25	struct stat st;
	26	if (lstat(path, &st) < 0)
	27	return -1;
	28	*mode = st.st_mode;
	29	return 0;
	30	}
	31	#endif
	32
26c8a533 LT	33	static char bad_path[] = "/bad-path/";
26c8a533 LT	34
e7676d2f LT	35	static char *get_pathname(void)
	36	{
	37	static char pathname_array[4][PATH_MAX];
	38	static int index;
	39	return pathname_array[3 & ++index];
	40	}
	41
26c8a533 LT	42	static char cleanup_path(char path)
	43	{
	44	/* Clean it up */
	45	if (!memcmp(path, "./", 2)) {
	46	path += 2;
	47	while (*path == '/')
	48	path++;
	49	}
	50	return path;
	51	}
	52
108bebea AR	53	char mksnpath(char buf, size_t n, const char *fmt, ...)
	54	{
	55	va_list args;
	56	unsigned len;
	57
	58	va_start(args, fmt);
	59	len = vsnprintf(buf, n, fmt, args);
	60	va_end(args);
	61	if (len >= n) {
9db56f71	62	strlcpy(buf, bad_path, n);
108bebea AR	63	return buf;
	64	}
	65	return cleanup_path(buf);
	66	}
	67
5b3b8fa2	68	static char vsnpath(char buf, size_t n, const char *fmt, va_list args)
fe2d7776 AR	69	{
fe2d7776 AR	70	const char *git_dir = get_git_dir();
fe2d7776 AR	71	size_t len;
	72
	73	len = strlen(git_dir);
	74	if (n < len + 1)
	75	goto bad;
	76	memcpy(buf, git_dir, len);
	77	if (len && !is_dir_sep(git_dir[len-1]))
	78	buf[len++] = '/';
fe2d7776	79	len += vsnprintf(buf + len, n - len, fmt, args);
fe2d7776 AR	80	if (len >= n)
	81	goto bad;
	82	return cleanup_path(buf);
	83	bad:
9db56f71	84	strlcpy(buf, bad_path, n);
fe2d7776 AR	85	return buf;
	86	}
	87
aba13e7c AR	88	char git_snpath(char buf, size_t n, const char *fmt, ...)
aba13e7c AR	89	{
66a51a9a	90	char *ret;
aba13e7c AR	91	va_list args;
aba13e7c AR	92	va_start(args, fmt);
66a51a9a	93	ret = vsnpath(buf, n, fmt, args);
aba13e7c	94	va_end(args);
66a51a9a	95	return ret;
aba13e7c AR	96	}
	97
	98	char git_pathdup(const char fmt, ...)
	99	{
66a51a9a	100	char path[PATH_MAX], *ret;
aba13e7c AR	101	va_list args;
aba13e7c AR	102	va_start(args, fmt);
66a51a9a	103	ret = vsnpath(path, sizeof(path), fmt, args);
aba13e7c	104	va_end(args);
66a51a9a	105	return xstrdup(ret);
aba13e7c AR	106	}
aba13e7c AR	107
21cf3227 HKNN	108	char mkpathdup(const char fmt, ...)
	109	{
	110	char *path;
	111	struct strbuf sb = STRBUF_INIT;
	112	va_list args;
	113
	114	va_start(args, fmt);
	115	strbuf_vaddf(&sb, fmt, args);
	116	va_end(args);
	117	path = xstrdup(cleanup_path(sb.buf));
	118
	119	strbuf_release(&sb);
	120	return path;
	121	}
	122
26c8a533 LT	123	char mkpath(const char fmt, ...)
	124	{
	125	va_list args;
	126	unsigned len;
e7676d2f	127	char *pathname = get_pathname();
26c8a533 LT	128
	129	va_start(args, fmt);
	130	len = vsnprintf(pathname, PATH_MAX, fmt, args);
	131	va_end(args);
	132	if (len >= PATH_MAX)
	133	return bad_path;
	134	return cleanup_path(pathname);
	135	}
	136
	137	char git_path(const char fmt, ...)
	138	{
e7676d2f	139	char *pathname = get_pathname();
26c8a533	140	va_list args;
5c44252e	141	char *ret;
26c8a533	142
26c8a533	143	va_start(args, fmt);
5c44252e	144	ret = vsnpath(pathname, PATH_MAX, fmt, args);
26c8a533	145	va_end(args);
5c44252e	146	return ret;
26c8a533	147	}
f2db68ed	148
21cf3227 HKNN	149	void home_config_paths(char global, char xdg, char *file)
	150	{
	151	char *xdg_home = getenv("XDG_CONFIG_HOME");
	152	char *home = getenv("HOME");
	153	char *to_free = NULL;
	154
	155	if (!home) {
	156	if (global)
	157	*global = NULL;
	158	} else {
	159	if (!xdg_home) {
	160	to_free = mkpathdup("%s/.config", home);
	161	xdg_home = to_free;
	162	}
	163	if (global)
	164	*global = mkpathdup("%s/.gitconfig", home);
	165	}
	166
	167	if (!xdg_home)
	168	*xdg = NULL;
	169	else
	170	*xdg = mkpathdup("%s/git/%s", xdg_home, file);
	171
	172	free(to_free);
	173	}
	174
0bad611b HV	175	char git_path_submodule(const char path, const char *fmt, ...)
	176	{
	177	char *pathname = get_pathname();
	178	struct strbuf buf = STRBUF_INIT;
	179	const char *git_dir;
	180	va_list args;
	181	unsigned len;
	182
	183	len = strlen(path);
	184	if (len > PATH_MAX-100)
	185	return bad_path;
	186
	187	strbuf_addstr(&buf, path);
	188	if (len && path[len-1] != '/')
	189	strbuf_addch(&buf, '/');
	190	strbuf_addstr(&buf, ".git");
	191
13d6ec91	192	git_dir = read_gitfile(buf.buf);
0bad611b HV	193	if (git_dir) {
	194	strbuf_reset(&buf);
	195	strbuf_addstr(&buf, git_dir);
	196	}
	197	strbuf_addch(&buf, '/');
	198
	199	if (buf.len >= PATH_MAX)
	200	return bad_path;
	201	memcpy(pathname, buf.buf, buf.len + 1);
	202
	203	strbuf_release(&buf);
	204	len = strlen(pathname);
	205
	206	va_start(args, fmt);
	207	len += vsnprintf(pathname + len, PATH_MAX - len, fmt, args);
	208	va_end(args);
	209	if (len >= PATH_MAX)
	210	return bad_path;
	211	return cleanup_path(pathname);
	212	}
f2db68ed	213
c847f537	214	int validate_headref(const char *path)
0870ca7f JH	215	{
	216	struct stat st;
	217	char *buf, buffer[256];
c847f537	218	unsigned char sha1[20];
0104ca09 HO	219	int fd;
0104ca09 HO	220	ssize_t len;
0870ca7f JH	221
	222	if (lstat(path, &st) < 0)
	223	return -1;
	224
	225	/* Make sure it is a "refs/.." symlink */
	226	if (S_ISLNK(st.st_mode)) {
	227	len = readlink(path, buffer, sizeof(buffer)-1);
222b1673	228	if (len >= 5 && !memcmp("refs/", buffer, 5))
0870ca7f JH	229	return 0;
	230	return -1;
	231	}
	232
	233	/*
	234	* Anything else, just open it and try to see if it is a symbolic ref.
	235	*/
	236	fd = open(path, O_RDONLY);
	237	if (fd < 0)
	238	return -1;
93d26e4c	239	len = read_in_full(fd, buffer, sizeof(buffer)-1);
0870ca7f JH	240	close(fd);
	241
	242	/*
	243	* Is it a symbolic ref?
	244	*/
c847f537	245	if (len < 4)
0870ca7f	246	return -1;
c847f537 JH	247	if (!memcmp("ref:", buffer, 4)) {
	248	buf = buffer + 4;
	249	len -= 4;
	250	while (len && isspace(*buf))
	251	buf++, len--;
222b1673	252	if (len >= 5 && !memcmp("refs/", buf, 5))
c847f537 JH	253	return 0;
	254	}
	255
	256	/*
	257	* Is this a detached HEAD?
	258	*/
	259	if (!get_sha1_hex(buffer, sha1))
0870ca7f	260	return 0;
c847f537	261
0870ca7f JH	262	return -1;
	263	}
	264
395de250	265	static struct passwd getpw_str(const char username, size_t len)
54f4b874	266	{
d79374c7	267	struct passwd *pw;
395de250 MM	268	char *username_z = xmalloc(len + 1);
	269	memcpy(username_z, username, len);
	270	username_z[len] = '\0';
	271	pw = getpwnam(username_z);
	272	free(username_z);
	273	return pw;
	274	}
54f4b874	275
395de250 MM	276	/*
	277	* Return a string with ~ and ~user expanded via getpw*. If buf != NULL,
	278	* then it is a newly allocated string. Returns NULL on getpw failure or
	279	* if path is NULL.
	280	*/
	281	char expand_user_path(const char path)
	282	{
	283	struct strbuf user_path = STRBUF_INIT;
	284	const char *first_slash = strchrnul(path, '/');
	285	const char *to_copy = path;
	286
	287	if (path == NULL)
	288	goto return_null;
	289	if (path[0] == '~') {
	290	const char *username = path + 1;
	291	size_t username_len = first_slash - username;
df2a79f4 MM	292	if (username_len == 0) {
df2a79f4 MM	293	const char *home = getenv("HOME");
79bf1490 JN	294	if (!home)
79bf1490 JN	295	goto return_null;
df2a79f4 MM	296	strbuf_add(&user_path, home, strlen(home));
	297	} else {
	298	struct passwd *pw = getpw_str(username, username_len);
	299	if (!pw)
	300	goto return_null;
	301	strbuf_add(&user_path, pw->pw_dir, strlen(pw->pw_dir));
54f4b874	302	}
395de250	303	to_copy = first_slash;
d79374c7	304	}
395de250 MM	305	strbuf_add(&user_path, to_copy, strlen(to_copy));
	306	return strbuf_detach(&user_path, NULL);
	307	return_null:
	308	strbuf_release(&user_path);
	309	return NULL;
54f4b874 AE	310	}
54f4b874 AE	311
d79374c7 JH	312	/*
	313	* First, one directory to try is determined by the following algorithm.
	314	*
	315	* (0) If "strict" is given, the path is used as given and no DWIM is
	316	* done. Otherwise:
	317	* (1) "~/path" to mean path under the running user's home directory;
	318	* (2) "~user/path" to mean path under named user's home directory;
	319	* (3) "relative/path" to mean cwd relative directory; or
	320	* (4) "/absolute/path" to mean absolute directory.
	321	*
	322	* Unless "strict" is given, we try access() for existence of "%s.git/.git",
	323	* "%s/.git", "%s.git", "%s" in this order. The first one that exists is
	324	* what we try.
	325	*
	326	* Second, we try chdir() to that. Upon failure, we return NULL.
	327	*
	328	* Then, we try if the current directory is a valid git repository.
	329	* Upon failure, we return NULL.
	330	*
	331	* If all goes well, we return the directory we used to chdir() (but
	332	* before ~user is expanded), avoiding getcwd() resolving symbolic
	333	* links. User relative paths are also returned as they are given,
	334	* except DWIM suffixing.
	335	*/
1c64b48e	336	const char enter_repo(const char path, int strict)
54f4b874	337	{
d79374c7 JH	338	static char used_path[PATH_MAX];
	339	static char validated_path[PATH_MAX];
	340
	341	if (!path)
54f4b874 AE	342	return NULL;
54f4b874 AE	343
d79374c7 JH	344	if (!strict) {
d79374c7 JH	345	static const char *suffix[] = {
b3256eb8	346	"/.git", "", ".git/.git", ".git", NULL,
d79374c7	347	};
03106768	348	const char *gitfile;
d79374c7 JH	349	int len = strlen(path);
d79374c7 JH	350	int i;
1c64b48e	351	while ((1 < len) && (path[len-1] == '/'))
d79374c7	352	len--;
1c64b48e	353
d79374c7	354	if (PATH_MAX <= len)
54f4b874	355	return NULL;
1c64b48e EFL	356	strncpy(used_path, path, len); used_path[len] = 0 ;
	357	strcpy(validated_path, used_path);
	358
	359	if (used_path[0] == '~') {
	360	char *newpath = expand_user_path(used_path);
395de250 MM	361	if (!newpath \|\| (PATH_MAX - 10 < strlen(newpath))) {
395de250 MM	362	free(newpath);
d79374c7	363	return NULL;
395de250 MM	364	}
	365	/*
	366	* Copy back into the static buffer. A pity
	367	* since newpath was not bounded, but other
	368	* branches of the if are limited by PATH_MAX
	369	* anyway.
	370	*/
	371	strcpy(used_path, newpath); free(newpath);
d79374c7 JH	372	}
	373	else if (PATH_MAX - 10 < len)
	374	return NULL;
1c64b48e	375	len = strlen(used_path);
d79374c7	376	for (i = 0; suffix[i]; i++) {
b3256eb8	377	struct stat st;
1c64b48e	378	strcpy(used_path + len, suffix[i]);
b3256eb8 JK	379	if (!stat(used_path, &st) &&
	380	(S_ISREG(st.st_mode) \|\|
	381	(S_ISDIR(st.st_mode) && is_git_directory(used_path)))) {
d79374c7 JH	382	strcat(validated_path, suffix[i]);
	383	break;
	384	}
	385	}
03106768 PH	386	if (!suffix[i])
	387	return NULL;
	388	gitfile = read_gitfile(used_path) ;
	389	if (gitfile)
	390	strcpy(used_path, gitfile);
	391	if (chdir(used_path))
0870ca7f	392	return NULL;
d79374c7	393	path = validated_path;
0870ca7f	394	}
d79374c7 JH	395	else if (chdir(path))
d79374c7 JH	396	return NULL;
54f4b874	397
d79374c7	398	if (access("objects", X_OK) == 0 && access("refs", X_OK) == 0 &&
c847f537	399	validate_headref("HEAD") == 0) {
717c3972	400	set_git_dir(".");
1644162a	401	check_repository_format();
d79374c7	402	return path;
54f4b874 AE	403	}
	404
	405	return NULL;
	406	}
138086a7	407
17e61b82	408	int set_shared_perm(const char *path, int mode)
138086a7	409	{
17e61b82	410	int tweak, shared, orig_mode;
138086a7	411
17e61b82 JH	412	if (!shared_repository) {
	413	if (mode)
	414	return chmod(path, mode & ~S_IFMT);
138086a7	415	return 0;
17e61b82 JH	416	}
17e61b82 JH	417	if (!mode) {
0117c2f0	418	if (get_st_mode_bits(path, &mode) < 0)
17e61b82	419	return -1;
17e61b82 JH	420	orig_mode = mode;
	421	} else
	422	orig_mode = 0;
5a688fe4 JH	423	if (shared_repository < 0)
	424	shared = -shared_repository;
	425	else
	426	shared = shared_repository;
	427	tweak = shared;
	428
	429	if (!(mode & S_IWUSR))
	430	tweak &= ~0222;
	431	if (mode & S_IXUSR)
	432	/* Copy read bits to execute bits */
	433	tweak \|= (tweak & 0444) >> 2;
	434	if (shared_repository < 0)
	435	mode = (mode & ~0777) \| tweak;
	436	else
8c6202d8	437	mode \|= tweak;
06cbe855 HO	438
06cbe855 HO	439	if (S_ISDIR(mode)) {
06cbe855	440	/* Copy read bits to execute bits */
5a688fe4 JH	441	mode \|= (shared & 0444) >> 2;
5a688fe4 JH	442	mode \|= FORCE_DIR_SET_GID;
06cbe855 HO	443	}
06cbe855 HO	444
5a688fe4	445	if (((shared_repository < 0
17e61b82 JH	446	? (orig_mode & (FORCE_DIR_SET_GID \| 0777))
	447	: (orig_mode & mode)) != mode) &&
	448	chmod(path, (mode & ~S_IFMT)) < 0)
138086a7 JH	449	return -2;
	450	return 0;
	451	}
e5392c51	452
e2a57aac	453	const char relative_path(const char abs, const char *base)
044bbbcb LT	454	{
044bbbcb LT	455	static char buf[PATH_MAX + 1];
288123f0 JH	456	int i = 0, j = 0;
	457
	458	if (!base \|\| !base[0])
044bbbcb	459	return abs;
288123f0 JH	460	while (base[i]) {
	461	if (is_dir_sep(base[i])) {
	462	if (!is_dir_sep(abs[j]))
	463	return abs;
	464	while (is_dir_sep(base[i]))
	465	i++;
	466	while (is_dir_sep(abs[j]))
	467	j++;
	468	continue;
	469	} else if (abs[j] != base[i]) {
	470	return abs;
	471	}
	472	i++;
	473	j++;
	474	}
	475	if (
	476	/* "/foo" is a prefix of "/foo" */
	477	abs[j] &&
	478	/* "/foo" is not a prefix of "/foobar" */
	479	!is_dir_sep(base[i-1]) && !is_dir_sep(abs[j])
	480	)
044bbbcb	481	return abs;
288123f0 JH	482	while (is_dir_sep(abs[j]))
	483	j++;
	484	if (!abs[j])
	485	strcpy(buf, ".");
	486	else
	487	strcpy(buf, abs + j);
044bbbcb LT	488	return buf;
044bbbcb LT	489	}
ae299be0 DR	490
ae299be0 DR	491	/*
f2a782b8	492	* It is okay if dst == src, but they should not overlap otherwise.
ae299be0	493	*
f2a782b8 JS	494	* Performs the following normalizations on src, storing the result in dst:
	495	* - Ensures that components are separated by '/' (Windows only)
	496	* - Squashes sequences of '/'.
ae299be0 DR	497	* - Removes "." components.
ae299be0 DR	498	* - Removes ".." components, and the components the precede them.
f2a782b8 JS	499	* Returns failure (non-zero) if a ".." component appears as first path
f2a782b8 JS	500	* component anytime during the normalization. Otherwise, returns success (0).
ae299be0 DR	501	*
	502	* Note that this function is purely textual. It does not follow symlinks,
	503	* verify the existence of the path, or make any system calls.
	504	*/
f3cad0ad	505	int normalize_path_copy(char dst, const char src)
ae299be0	506	{
f3cad0ad	507	char *dst0;
ae299be0	508
f3cad0ad JS	509	if (has_dos_drive_prefix(src)) {
	510	dst++ = src++;
	511	dst++ = src++;
ae299be0	512	}
f3cad0ad	513	dst0 = dst;
ae299be0	514
f3cad0ad	515	if (is_dir_sep(*src)) {
ae299be0	516	*dst++ = '/';
f3cad0ad JS	517	while (is_dir_sep(*src))
	518	src++;
	519	}
	520
	521	for (;;) {
	522	char c = *src;
	523
	524	/*
	525	* A path component that begins with . could be
	526	* special:
	527	* (1) "." and ends -- ignore and terminate.
	528	* (2) "./" -- ignore them, eat slash and continue.
	529	* (3) ".." and ends -- strip one and terminate.
	530	* (4) "../" -- strip one, eat slash and continue.
	531	*/
	532	if (c == '.') {
	533	if (!src[1]) {
	534	/* (1) */
	535	src++;
	536	} else if (is_dir_sep(src[1])) {
	537	/* (2) */
	538	src += 2;
	539	while (is_dir_sep(*src))
	540	src++;
	541	continue;
	542	} else if (src[1] == '.') {
	543	if (!src[2]) {
	544	/* (3) */
	545	src += 2;
	546	goto up_one;
	547	} else if (is_dir_sep(src[2])) {
	548	/* (4) */
	549	src += 3;
	550	while (is_dir_sep(*src))
	551	src++;
	552	goto up_one;
	553	}
	554	}
	555	}
ae299be0	556
f3cad0ad JS	557	/* copy up to the next '/', and eat all '/' */
	558	while ((c = *src++) != '\0' && !is_dir_sep(c))
	559	*dst++ = c;
	560	if (is_dir_sep(c)) {
	561	*dst++ = '/';
	562	while (is_dir_sep(c))
	563	c = *src++;
	564	src--;
	565	} else if (!c)
	566	break;
	567	continue;
	568
	569	up_one:
	570	/*
	571	* dst0..dst is prefix portion, and dst[-1] is '/';
	572	* go up one level.
	573	*/
f42302b4 JS	574	dst--; /* go to trailing '/' */
f42302b4 JS	575	if (dst <= dst0)
f3cad0ad	576	return -1;
f42302b4 JS	577	/* Windows: dst[-1] cannot be backslash anymore */
	578	while (dst0 < dst && dst[-1] != '/')
	579	dst--;
f3cad0ad	580	}
ae299be0	581	*dst = '\0';
f3cad0ad	582	return 0;
ae299be0	583	}
0454dd93 DR	584
	585	/*
	586	* path = Canonical absolute path
9e2326c7 MH	587	* prefixes = string_list containing normalized, absolute paths without
9e2326c7 MH	588	* trailing slashes (except for the root directory, which is denoted by "/").
0454dd93	589	*
9e2326c7	590	* Determines, for each path in prefixes, whether the "prefix"
0454dd93 DR	591	* is an ancestor directory of path. Returns the length of the longest
0454dd93 DR	592	* ancestor directory, excluding any trailing slashes, or -1 if no prefix
31171d9e MH	593	* is an ancestor. (Note that this means 0 is returned if prefixes is
31171d9e MH	594	* ["/"].) "/foo" is not considered an ancestor of "/foobar". Directories
0454dd93 DR	595	* are not considered to be their own ancestors. path must be in a
0454dd93 DR	596	* canonical form: empty components, or "." or ".." components are not
9e2326c7	597	* allowed.
0454dd93	598	*/
31171d9e	599	int longest_ancestor_length(const char path, struct string_list prefixes)
0454dd93	600	{
a5ccdbe4	601	int i, max_len = -1;
0454dd93	602
31171d9e	603	if (!strcmp(path, "/"))
0454dd93 DR	604	return -1;
0454dd93 DR	605
31171d9e MH	606	for (i = 0; i < prefixes->nr; i++) {
31171d9e MH	607	const char *ceil = prefixes->items[i].string;
a5ccdbe4 MH	608	int len = strlen(ceil);
a5ccdbe4 MH	609
9e2326c7 MH	610	if (len == 1 && ceil[0] == '/')
	611	len = 0; /* root matches anything, with length 0 */
	612	else if (!strncmp(path, ceil, len) && path[len] == '/')
	613	; /* match of length len */
	614	else
	615	continue; /* no match */
0454dd93	616
9e2326c7	617	if (len > max_len)
0454dd93	618	max_len = len;
0454dd93 DR	619	}
	620
	621	return max_len;
	622	}
4fcc86b0 JS	623
	624	/* strip arbitrary amount of directory separators at end of path */
	625	static inline int chomp_trailing_dir_sep(const char *path, int len)
	626	{
	627	while (len && is_dir_sep(path[len - 1]))
	628	len--;
	629	return len;
	630	}
	631
	632	/*
	633	* If path ends with suffix (complete path components), returns the
	634	* part before suffix (sans trailing directory separators).
	635	* Otherwise returns NULL.
	636	*/
	637	char strip_path_suffix(const char path, const char *suffix)
	638	{
	639	int path_len = strlen(path), suffix_len = strlen(suffix);
	640
	641	while (suffix_len) {
	642	if (!path_len)
	643	return NULL;
	644
	645	if (is_dir_sep(path[path_len - 1])) {
	646	if (!is_dir_sep(suffix[suffix_len - 1]))
	647	return NULL;
	648	path_len = chomp_trailing_dir_sep(path, path_len);
	649	suffix_len = chomp_trailing_dir_sep(suffix, suffix_len);
	650	}
	651	else if (path[--path_len] != suffix[--suffix_len])
	652	return NULL;
	653	}
	654
	655	if (path_len && !is_dir_sep(path[path_len - 1]))
	656	return NULL;
	657	return xstrndup(path, chomp_trailing_dir_sep(path, path_len));
	658	}
34b6cb8b SP	659
	660	int daemon_avoid_alias(const char *p)
	661	{
	662	int sl, ndot;
	663
	664	/*
	665	* This resurrects the belts and suspenders paranoia check by HPA
	666	* done in <435560F7.4080006@zytor.com> thread, now enter_repo()
9517e6b8	667	* does not do getcwd() based path canonicalization.
34b6cb8b SP	668	*
	669	* sl becomes true immediately after seeing '/' and continues to
	670	* be true as long as dots continue after that without intervening
	671	* non-dot character.
	672	*/
	673	if (!p \|\| (p != '/' && p != '~'))
	674	return -1;
	675	sl = 1; ndot = 0;
	676	p++;
	677
	678	while (1) {
	679	char ch = *p++;
	680	if (sl) {
	681	if (ch == '.')
	682	ndot++;
	683	else if (ch == '/') {
	684	if (ndot < 3)
	685	/* reject //, /./ and /../ */
	686	return -1;
	687	ndot = 0;
	688	}
	689	else if (ch == 0) {
	690	if (0 < ndot && ndot < 3)
	691	/* reject /.$ and /..$ */
	692	return -1;
	693	return 0;
	694	}
	695	else
	696	sl = ndot = 0;
	697	}
	698	else if (ch == 0)
	699	return 0;
	700	else if (ch == '/') {
	701	sl = 1;
	702	ndot = 0;
	703	}
	704	}
	705	}
4bb43de2 NTND	706
	707	int offset_1st_component(const char *path)
	708	{
	709	if (has_dos_drive_prefix(path))
	710	return 2 + is_dir_sep(path[2]);
	711	return is_dir_sep(path[0]);
	712	}