refs.con commit Check and document the options to prevent mistakes. (79ee555)
   1#include "refs.h"
   2#include "cache.h"
   3
   4#include <errno.h>
   5
   6/* We allow "recursive" symbolic refs. Only within reason, though */
   7#define MAXDEPTH 5
   8
   9const char *resolve_ref(const char *path, unsigned char *sha1, int reading)
  10{
  11        int depth = MAXDEPTH, len;
  12        char buffer[256];
  13
  14        for (;;) {
  15                struct stat st;
  16                char *buf;
  17                int fd;
  18
  19                if (--depth < 0)
  20                        return NULL;
  21
  22                /* Special case: non-existing file.
  23                 * Not having the refs/heads/new-branch is OK
  24                 * if we are writing into it, so is .git/HEAD
  25                 * that points at refs/heads/master still to be
  26                 * born.  It is NOT OK if we are resolving for
  27                 * reading.
  28                 */
  29                if (lstat(path, &st) < 0) {
  30                        if (reading || errno != ENOENT)
  31                                return NULL;
  32                        memset(sha1, 0, 20);
  33                        return path;
  34                }
  35
  36                /* Follow "normalized" - ie "refs/.." symlinks by hand */
  37                if (S_ISLNK(st.st_mode)) {
  38                        len = readlink(path, buffer, sizeof(buffer)-1);
  39                        if (len >= 5 && !memcmp("refs/", buffer, 5)) {
  40                                path = git_path("%.*s", len, buffer);
  41                                continue;
  42                        }
  43                }
  44
  45                /*
  46                 * Anything else, just open it and try to use it as
  47                 * a ref
  48                 */
  49                fd = open(path, O_RDONLY);
  50                if (fd < 0)
  51                        return NULL;
  52                len = read(fd, buffer, sizeof(buffer)-1);
  53                close(fd);
  54
  55                /*
  56                 * Is it a symbolic ref?
  57                 */
  58                if (len < 4 || memcmp("ref:", buffer, 4))
  59                        break;
  60                buf = buffer + 4;
  61                len -= 4;
  62                while (len && isspace(*buf))
  63                        buf++, len--;
  64                while (len && isspace(buf[len-1]))
  65                        buf[--len] = 0;
  66                path = git_path("%.*s", len, buf);
  67        }
  68        if (len < 40 || get_sha1_hex(buffer, sha1))
  69                return NULL;
  70        return path;
  71}
  72
  73int create_symref(const char *git_HEAD, const char *refs_heads_master)
  74{
  75        const char *lockpath;
  76        char ref[1000];
  77        int fd, len, written;
  78
  79#ifndef NO_SYMLINK_HEAD
  80        if (prefer_symlink_refs) {
  81                unlink(git_HEAD);
  82                if (!symlink(refs_heads_master, git_HEAD))
  83                        return 0;
  84                fprintf(stderr, "no symlink - falling back to symbolic ref\n");
  85        }
  86#endif
  87
  88        len = snprintf(ref, sizeof(ref), "ref: %s\n", refs_heads_master);
  89        if (sizeof(ref) <= len) {
  90                error("refname too long: %s", refs_heads_master);
  91                return -1;
  92        }
  93        lockpath = mkpath("%s.lock", git_HEAD);
  94        fd = open(lockpath, O_CREAT | O_EXCL | O_WRONLY, 0666); 
  95        written = write(fd, ref, len);
  96        close(fd);
  97        if (written != len) {
  98                unlink(lockpath);
  99                error("Unable to write to %s", lockpath);
 100                return -2;
 101        }
 102        if (rename(lockpath, git_HEAD) < 0) {
 103                unlink(lockpath);
 104                error("Unable to create %s", git_HEAD);
 105                return -3;
 106        }
 107        if (adjust_shared_perm(git_HEAD)) {
 108                unlink(lockpath);
 109                error("Unable to fix permissions on %s", lockpath);
 110                return -4;
 111        }
 112        return 0;
 113}
 114
 115int read_ref(const char *filename, unsigned char *sha1)
 116{
 117        if (resolve_ref(filename, sha1, 1))
 118                return 0;
 119        return -1;
 120}
 121
 122static int do_for_each_ref(const char *base, int (*fn)(const char *path, const unsigned char *sha1), int trim)
 123{
 124        int retval = 0;
 125        DIR *dir = opendir(git_path("%s", base));
 126
 127        if (dir) {
 128                struct dirent *de;
 129                int baselen = strlen(base);
 130                char *path = xmalloc(baselen + 257);
 131
 132                if (!strncmp(base, "./", 2)) {
 133                        base += 2;
 134                        baselen -= 2;
 135                }
 136                memcpy(path, base, baselen);
 137                if (baselen && base[baselen-1] != '/')
 138                        path[baselen++] = '/';
 139
 140                while ((de = readdir(dir)) != NULL) {
 141                        unsigned char sha1[20];
 142                        struct stat st;
 143                        int namelen;
 144
 145                        if (de->d_name[0] == '.')
 146                                continue;
 147                        namelen = strlen(de->d_name);
 148                        if (namelen > 255)
 149                                continue;
 150                        if (namelen>5 && !strcmp(de->d_name+namelen-5,".lock"))
 151                                continue;
 152                        memcpy(path + baselen, de->d_name, namelen+1);
 153                        if (stat(git_path("%s", path), &st) < 0)
 154                                continue;
 155                        if (S_ISDIR(st.st_mode)) {
 156                                retval = do_for_each_ref(path, fn, trim);
 157                                if (retval)
 158                                        break;
 159                                continue;
 160                        }
 161                        if (read_ref(git_path("%s", path), sha1) < 0) {
 162                                error("%s points nowhere!", path);
 163                                continue;
 164                        }
 165                        if (!has_sha1_file(sha1)) {
 166                                error("%s does not point to a valid "
 167                                      "commit object!", path);
 168                                continue;
 169                        }
 170                        retval = fn(path + trim, sha1);
 171                        if (retval)
 172                                break;
 173                }
 174                free(path);
 175                closedir(dir);
 176        }
 177        return retval;
 178}
 179
 180int head_ref(int (*fn)(const char *path, const unsigned char *sha1))
 181{
 182        unsigned char sha1[20];
 183        if (!read_ref(git_path("HEAD"), sha1))
 184                return fn("HEAD", sha1);
 185        return 0;
 186}
 187
 188int for_each_ref(int (*fn)(const char *path, const unsigned char *sha1))
 189{
 190        return do_for_each_ref("refs", fn, 0);
 191}
 192
 193int for_each_tag_ref(int (*fn)(const char *path, const unsigned char *sha1))
 194{
 195        return do_for_each_ref("refs/tags", fn, 10);
 196}
 197
 198int for_each_branch_ref(int (*fn)(const char *path, const unsigned char *sha1))
 199{
 200        return do_for_each_ref("refs/heads", fn, 11);
 201}
 202
 203int for_each_remote_ref(int (*fn)(const char *path, const unsigned char *sha1))
 204{
 205        return do_for_each_ref("refs/remotes", fn, 13);
 206}
 207
 208int get_ref_sha1(const char *ref, unsigned char *sha1)
 209{
 210        if (check_ref_format(ref))
 211                return -1;
 212        return read_ref(git_path("refs/%s", ref), sha1);
 213}
 214
 215/*
 216 * Make sure "ref" is something reasonable to have under ".git/refs/";
 217 * We do not like it if:
 218 *
 219 * - any path component of it begins with ".", or
 220 * - it has double dots "..", or
 221 * - it has ASCII control character, "~", "^", ":" or SP, anywhere, or
 222 * - it ends with a "/".
 223 */
 224
 225static inline int bad_ref_char(int ch)
 226{
 227        return (((unsigned) ch) <= ' ' ||
 228                ch == '~' || ch == '^' || ch == ':' ||
 229                /* 2.13 Pattern Matching Notation */
 230                ch == '?' || ch == '*' || ch == '[');
 231}
 232
 233int check_ref_format(const char *ref)
 234{
 235        int ch, level;
 236        const char *cp = ref;
 237
 238        level = 0;
 239        while (1) {
 240                while ((ch = *cp++) == '/')
 241                        ; /* tolerate duplicated slashes */
 242                if (!ch)
 243                        return -1; /* should not end with slashes */
 244
 245                /* we are at the beginning of the path component */
 246                if (ch == '.' || bad_ref_char(ch))
 247                        return -1;
 248
 249                /* scan the rest of the path component */
 250                while ((ch = *cp++) != 0) {
 251                        if (bad_ref_char(ch))
 252                                return -1;
 253                        if (ch == '/')
 254                                break;
 255                        if (ch == '.' && *cp == '.')
 256                                return -1;
 257                }
 258                level++;
 259                if (!ch) {
 260                        if (level < 2)
 261                                return -1; /* at least of form "heads/blah" */
 262                        return 0;
 263                }
 264        }
 265}
 266
 267static struct ref_lock *verify_lock(struct ref_lock *lock,
 268        const unsigned char *old_sha1, int mustexist)
 269{
 270        char buf[40];
 271        int nr, fd = open(lock->ref_file, O_RDONLY);
 272        if (fd < 0 && (mustexist || errno != ENOENT)) {
 273                error("Can't verify ref %s", lock->ref_file);
 274                unlock_ref(lock);
 275                return NULL;
 276        }
 277        nr = read(fd, buf, 40);
 278        close(fd);
 279        if (nr != 40 || get_sha1_hex(buf, lock->old_sha1) < 0) {
 280                error("Can't verify ref %s", lock->ref_file);
 281                unlock_ref(lock);
 282                return NULL;
 283        }
 284        if (memcmp(lock->old_sha1, old_sha1, 20)) {
 285                error("Ref %s is at %s but expected %s", lock->ref_file,
 286                        sha1_to_hex(lock->old_sha1), sha1_to_hex(old_sha1));
 287                unlock_ref(lock);
 288                return NULL;
 289        }
 290        return lock;
 291}
 292
 293static struct ref_lock *lock_ref_sha1_basic(const char *path,
 294        int plen,
 295        const unsigned char *old_sha1, int mustexist)
 296{
 297        struct ref_lock *lock;
 298        struct stat st;
 299
 300        lock = xcalloc(1, sizeof(struct ref_lock));
 301        lock->lock_fd = -1;
 302
 303        plen = strlen(path) - plen;
 304        path = resolve_ref(path, lock->old_sha1, mustexist);
 305        if (!path) {
 306                unlock_ref(lock);
 307                return NULL;
 308        }
 309        lock->lk = xcalloc(1, sizeof(struct lock_file));
 310
 311        lock->ref_file = strdup(path);
 312        lock->log_file = strdup(git_path("logs/%s", lock->ref_file + plen));
 313        lock->force_write = lstat(lock->ref_file, &st) && errno == ENOENT;
 314
 315        if (safe_create_leading_directories(lock->ref_file))
 316                die("unable to create directory for %s", lock->ref_file);
 317        lock->lock_fd = hold_lock_file_for_update(lock->lk, lock->ref_file);
 318        if (lock->lock_fd < 0) {
 319                error("Couldn't open lock file %s: %s",
 320                      lock->lk->filename, strerror(errno));
 321                unlock_ref(lock);
 322                return NULL;
 323        }
 324
 325        return old_sha1 ? verify_lock(lock, old_sha1, mustexist) : lock;
 326}
 327
 328struct ref_lock *lock_ref_sha1(const char *ref,
 329        const unsigned char *old_sha1, int mustexist)
 330{
 331        if (check_ref_format(ref))
 332                return NULL;
 333        return lock_ref_sha1_basic(git_path("refs/%s", ref),
 334                5 + strlen(ref), old_sha1, mustexist);
 335}
 336
 337struct ref_lock *lock_any_ref_for_update(const char *ref,
 338        const unsigned char *old_sha1, int mustexist)
 339{
 340        return lock_ref_sha1_basic(git_path("%s", ref),
 341                strlen(ref), old_sha1, mustexist);
 342}
 343
 344void unlock_ref(struct ref_lock *lock)
 345{
 346        if (lock->lock_fd >= 0) {
 347                close(lock->lock_fd);
 348                /* Do not free lock->lk -- atexit() still looks at them */
 349                if (lock->lk)
 350                        rollback_lock_file(lock->lk);
 351        }
 352        if (lock->ref_file)
 353                free(lock->ref_file);
 354        if (lock->log_file)
 355                free(lock->log_file);
 356        free(lock);
 357}
 358
 359static int log_ref_write(struct ref_lock *lock,
 360        const unsigned char *sha1, const char *msg)
 361{
 362        int logfd, written, oflags = O_APPEND | O_WRONLY;
 363        unsigned maxlen, len;
 364        char *logrec;
 365        const char *comitter;
 366
 367        if (log_all_ref_updates) {
 368                if (safe_create_leading_directories(lock->log_file) < 0)
 369                        return error("unable to create directory for %s",
 370                                lock->log_file);
 371                oflags |= O_CREAT;
 372        }
 373
 374        logfd = open(lock->log_file, oflags, 0666);
 375        if (logfd < 0) {
 376                if (!log_all_ref_updates && errno == ENOENT)
 377                        return 0;
 378                return error("Unable to append to %s: %s",
 379                        lock->log_file, strerror(errno));
 380        }
 381
 382        setup_ident();
 383        comitter = git_committer_info(1);
 384        if (msg) {
 385                maxlen = strlen(comitter) + strlen(msg) + 2*40 + 5;
 386                logrec = xmalloc(maxlen);
 387                len = snprintf(logrec, maxlen, "%s %s %s\t%s\n",
 388                        sha1_to_hex(lock->old_sha1),
 389                        sha1_to_hex(sha1),
 390                        comitter,
 391                        msg);
 392        }
 393        else {
 394                maxlen = strlen(comitter) + 2*40 + 4;
 395                logrec = xmalloc(maxlen);
 396                len = snprintf(logrec, maxlen, "%s %s %s\n",
 397                        sha1_to_hex(lock->old_sha1),
 398                        sha1_to_hex(sha1),
 399                        comitter);
 400        }
 401        written = len <= maxlen ? write(logfd, logrec, len) : -1;
 402        free(logrec);
 403        close(logfd);
 404        if (written != len)
 405                return error("Unable to append to %s", lock->log_file);
 406        return 0;
 407}
 408
 409int write_ref_sha1(struct ref_lock *lock,
 410        const unsigned char *sha1, const char *logmsg)
 411{
 412        static char term = '\n';
 413
 414        if (!lock)
 415                return -1;
 416        if (!lock->force_write && !memcmp(lock->old_sha1, sha1, 20)) {
 417                unlock_ref(lock);
 418                return 0;
 419        }
 420        if (write(lock->lock_fd, sha1_to_hex(sha1), 40) != 40 ||
 421            write(lock->lock_fd, &term, 1) != 1
 422                || close(lock->lock_fd) < 0) {
 423                error("Couldn't write %s", lock->lk->filename);
 424                unlock_ref(lock);
 425                return -1;
 426        }
 427        if (log_ref_write(lock, sha1, logmsg) < 0) {
 428                unlock_ref(lock);
 429                return -1;
 430        }
 431        if (commit_lock_file(lock->lk)) {
 432                error("Couldn't set %s", lock->ref_file);
 433                unlock_ref(lock);
 434                return -1;
 435        }
 436        lock->lock_fd = -1;
 437        unlock_ref(lock);
 438        return 0;
 439}
 440
 441int read_ref_at(const char *ref, unsigned long at_time, unsigned char *sha1)
 442{
 443        const char *logfile, *logdata, *logend, *rec, *lastgt, *lastrec;
 444        char *tz_c;
 445        int logfd, tz;
 446        struct stat st;
 447        unsigned long date;
 448        unsigned char logged_sha1[20];
 449
 450        logfile = git_path("logs/%s", ref);
 451        logfd = open(logfile, O_RDONLY, 0);
 452        if (logfd < 0)
 453                die("Unable to read log %s: %s", logfile, strerror(errno));
 454        fstat(logfd, &st);
 455        if (!st.st_size)
 456                die("Log %s is empty.", logfile);
 457        logdata = mmap(NULL, st.st_size, PROT_READ, MAP_PRIVATE, logfd, 0);
 458        close(logfd);
 459
 460        lastrec = NULL;
 461        rec = logend = logdata + st.st_size;
 462        while (logdata < rec) {
 463                if (logdata < rec && *(rec-1) == '\n')
 464                        rec--;
 465                lastgt = NULL;
 466                while (logdata < rec && *(rec-1) != '\n') {
 467                        rec--;
 468                        if (*rec == '>')
 469                                lastgt = rec;
 470                }
 471                if (!lastgt)
 472                        die("Log %s is corrupt.", logfile);
 473                date = strtoul(lastgt + 1, &tz_c, 10);
 474                if (date <= at_time) {
 475                        if (lastrec) {
 476                                if (get_sha1_hex(lastrec, logged_sha1))
 477                                        die("Log %s is corrupt.", logfile);
 478                                if (get_sha1_hex(rec + 41, sha1))
 479                                        die("Log %s is corrupt.", logfile);
 480                                if (memcmp(logged_sha1, sha1, 20)) {
 481                                        tz = strtoul(tz_c, NULL, 10);
 482                                        fprintf(stderr,
 483                                                "warning: Log %s has gap after %s.\n",
 484                                                logfile, show_rfc2822_date(date, tz));
 485                                }
 486                        }
 487                        else if (date == at_time) {
 488                                if (get_sha1_hex(rec + 41, sha1))
 489                                        die("Log %s is corrupt.", logfile);
 490                        }
 491                        else {
 492                                if (get_sha1_hex(rec + 41, logged_sha1))
 493                                        die("Log %s is corrupt.", logfile);
 494                                if (memcmp(logged_sha1, sha1, 20)) {
 495                                        tz = strtoul(tz_c, NULL, 10);
 496                                        fprintf(stderr,
 497                                                "warning: Log %s unexpectedly ended on %s.\n",
 498                                                logfile, show_rfc2822_date(date, tz));
 499                                }
 500                        }
 501                        munmap((void*)logdata, st.st_size);
 502                        return 0;
 503                }
 504                lastrec = rec;
 505        }
 506
 507        rec = logdata;
 508        while (rec < logend && *rec != '>' && *rec != '\n')
 509                rec++;
 510        if (rec == logend || *rec == '\n')
 511                die("Log %s is corrupt.", logfile);
 512        date = strtoul(rec + 1, &tz_c, 10);
 513        tz = strtoul(tz_c, NULL, 10);
 514        if (get_sha1_hex(logdata, sha1))
 515                die("Log %s is corrupt.", logfile);
 516        munmap((void*)logdata, st.st_size);
 517        fprintf(stderr, "warning: Log %s only goes back to %s.\n",
 518                logfile, show_rfc2822_date(date, tz));
 519        return 0;
 520}