refs.con commit daemon: do not die on older clients. (83543a2)
   1#include "refs.h"
   2#include "cache.h"
   3
   4#include <errno.h>
   5
   6/* We allow "recursive" symbolic refs. Only within reason, though */
   7#define MAXDEPTH 5
   8
   9const char *resolve_ref(const char *path, unsigned char *sha1, int reading)
  10{
  11        int depth = MAXDEPTH, len;
  12        char buffer[256];
  13
  14        for (;;) {
  15                struct stat st;
  16                char *buf;
  17                int fd;
  18
  19                if (--depth < 0)
  20                        return NULL;
  21
  22                /* Special case: non-existing file.
  23                 * Not having the refs/heads/new-branch is OK
  24                 * if we are writing into it, so is .git/HEAD
  25                 * that points at refs/heads/master still to be
  26                 * born.  It is NOT OK if we are resolving for
  27                 * reading.
  28                 */
  29                if (lstat(path, &st) < 0) {
  30                        if (reading || errno != ENOENT)
  31                                return NULL;
  32                        hashclr(sha1);
  33                        return path;
  34                }
  35
  36                /* Follow "normalized" - ie "refs/.." symlinks by hand */
  37                if (S_ISLNK(st.st_mode)) {
  38                        len = readlink(path, buffer, sizeof(buffer)-1);
  39                        if (len >= 5 && !memcmp("refs/", buffer, 5)) {
  40                                path = git_path("%.*s", len, buffer);
  41                                continue;
  42                        }
  43                }
  44
  45                /* Is it a directory? */
  46                if (S_ISDIR(st.st_mode)) {
  47                        errno = EISDIR;
  48                        return NULL;
  49                }
  50
  51                /*
  52                 * Anything else, just open it and try to use it as
  53                 * a ref
  54                 */
  55                fd = open(path, O_RDONLY);
  56                if (fd < 0)
  57                        return NULL;
  58                len = read(fd, buffer, sizeof(buffer)-1);
  59                close(fd);
  60
  61                /*
  62                 * Is it a symbolic ref?
  63                 */
  64                if (len < 4 || memcmp("ref:", buffer, 4))
  65                        break;
  66                buf = buffer + 4;
  67                len -= 4;
  68                while (len && isspace(*buf))
  69                        buf++, len--;
  70                while (len && isspace(buf[len-1]))
  71                        buf[--len] = 0;
  72                path = git_path("%.*s", len, buf);
  73        }
  74        if (len < 40 || get_sha1_hex(buffer, sha1))
  75                return NULL;
  76        return path;
  77}
  78
  79int create_symref(const char *git_HEAD, const char *refs_heads_master)
  80{
  81        const char *lockpath;
  82        char ref[1000];
  83        int fd, len, written;
  84
  85#ifndef NO_SYMLINK_HEAD
  86        if (prefer_symlink_refs) {
  87                unlink(git_HEAD);
  88                if (!symlink(refs_heads_master, git_HEAD))
  89                        return 0;
  90                fprintf(stderr, "no symlink - falling back to symbolic ref\n");
  91        }
  92#endif
  93
  94        len = snprintf(ref, sizeof(ref), "ref: %s\n", refs_heads_master);
  95        if (sizeof(ref) <= len) {
  96                error("refname too long: %s", refs_heads_master);
  97                return -1;
  98        }
  99        lockpath = mkpath("%s.lock", git_HEAD);
 100        fd = open(lockpath, O_CREAT | O_EXCL | O_WRONLY, 0666); 
 101        written = write(fd, ref, len);
 102        close(fd);
 103        if (written != len) {
 104                unlink(lockpath);
 105                error("Unable to write to %s", lockpath);
 106                return -2;
 107        }
 108        if (rename(lockpath, git_HEAD) < 0) {
 109                unlink(lockpath);
 110                error("Unable to create %s", git_HEAD);
 111                return -3;
 112        }
 113        if (adjust_shared_perm(git_HEAD)) {
 114                unlink(lockpath);
 115                error("Unable to fix permissions on %s", lockpath);
 116                return -4;
 117        }
 118        return 0;
 119}
 120
 121int read_ref(const char *filename, unsigned char *sha1)
 122{
 123        if (resolve_ref(filename, sha1, 1))
 124                return 0;
 125        return -1;
 126}
 127
 128static int do_for_each_ref(const char *base, int (*fn)(const char *path, const unsigned char *sha1), int trim)
 129{
 130        int retval = 0;
 131        DIR *dir = opendir(git_path("%s", base));
 132
 133        if (dir) {
 134                struct dirent *de;
 135                int baselen = strlen(base);
 136                char *path = xmalloc(baselen + 257);
 137
 138                if (!strncmp(base, "./", 2)) {
 139                        base += 2;
 140                        baselen -= 2;
 141                }
 142                memcpy(path, base, baselen);
 143                if (baselen && base[baselen-1] != '/')
 144                        path[baselen++] = '/';
 145
 146                while ((de = readdir(dir)) != NULL) {
 147                        unsigned char sha1[20];
 148                        struct stat st;
 149                        int namelen;
 150
 151                        if (de->d_name[0] == '.')
 152                                continue;
 153                        namelen = strlen(de->d_name);
 154                        if (namelen > 255)
 155                                continue;
 156                        if (has_extension(de->d_name, ".lock"))
 157                                continue;
 158                        memcpy(path + baselen, de->d_name, namelen+1);
 159                        if (stat(git_path("%s", path), &st) < 0)
 160                                continue;
 161                        if (S_ISDIR(st.st_mode)) {
 162                                retval = do_for_each_ref(path, fn, trim);
 163                                if (retval)
 164                                        break;
 165                                continue;
 166                        }
 167                        if (read_ref(git_path("%s", path), sha1) < 0) {
 168                                error("%s points nowhere!", path);
 169                                continue;
 170                        }
 171                        if (!has_sha1_file(sha1)) {
 172                                error("%s does not point to a valid "
 173                                      "commit object!", path);
 174                                continue;
 175                        }
 176                        retval = fn(path + trim, sha1);
 177                        if (retval)
 178                                break;
 179                }
 180                free(path);
 181                closedir(dir);
 182        }
 183        return retval;
 184}
 185
 186int head_ref(int (*fn)(const char *path, const unsigned char *sha1))
 187{
 188        unsigned char sha1[20];
 189        if (!read_ref(git_path("HEAD"), sha1))
 190                return fn("HEAD", sha1);
 191        return 0;
 192}
 193
 194int for_each_ref(int (*fn)(const char *path, const unsigned char *sha1))
 195{
 196        return do_for_each_ref("refs", fn, 0);
 197}
 198
 199int for_each_tag_ref(int (*fn)(const char *path, const unsigned char *sha1))
 200{
 201        return do_for_each_ref("refs/tags", fn, 10);
 202}
 203
 204int for_each_branch_ref(int (*fn)(const char *path, const unsigned char *sha1))
 205{
 206        return do_for_each_ref("refs/heads", fn, 11);
 207}
 208
 209int for_each_remote_ref(int (*fn)(const char *path, const unsigned char *sha1))
 210{
 211        return do_for_each_ref("refs/remotes", fn, 13);
 212}
 213
 214int get_ref_sha1(const char *ref, unsigned char *sha1)
 215{
 216        if (check_ref_format(ref))
 217                return -1;
 218        return read_ref(git_path("refs/%s", ref), sha1);
 219}
 220
 221/*
 222 * Make sure "ref" is something reasonable to have under ".git/refs/";
 223 * We do not like it if:
 224 *
 225 * - any path component of it begins with ".", or
 226 * - it has double dots "..", or
 227 * - it has ASCII control character, "~", "^", ":" or SP, anywhere, or
 228 * - it ends with a "/".
 229 */
 230
 231static inline int bad_ref_char(int ch)
 232{
 233        return (((unsigned) ch) <= ' ' ||
 234                ch == '~' || ch == '^' || ch == ':' ||
 235                /* 2.13 Pattern Matching Notation */
 236                ch == '?' || ch == '*' || ch == '[');
 237}
 238
 239int check_ref_format(const char *ref)
 240{
 241        int ch, level;
 242        const char *cp = ref;
 243
 244        level = 0;
 245        while (1) {
 246                while ((ch = *cp++) == '/')
 247                        ; /* tolerate duplicated slashes */
 248                if (!ch)
 249                        return -1; /* should not end with slashes */
 250
 251                /* we are at the beginning of the path component */
 252                if (ch == '.' || bad_ref_char(ch))
 253                        return -1;
 254
 255                /* scan the rest of the path component */
 256                while ((ch = *cp++) != 0) {
 257                        if (bad_ref_char(ch))
 258                                return -1;
 259                        if (ch == '/')
 260                                break;
 261                        if (ch == '.' && *cp == '.')
 262                                return -1;
 263                }
 264                level++;
 265                if (!ch) {
 266                        if (level < 2)
 267                                return -1; /* at least of form "heads/blah" */
 268                        return 0;
 269                }
 270        }
 271}
 272
 273static struct ref_lock *verify_lock(struct ref_lock *lock,
 274        const unsigned char *old_sha1, int mustexist)
 275{
 276        char buf[40];
 277        int nr, fd = open(lock->ref_file, O_RDONLY);
 278        if (fd < 0 && (mustexist || errno != ENOENT)) {
 279                error("Can't verify ref %s", lock->ref_file);
 280                unlock_ref(lock);
 281                return NULL;
 282        }
 283        nr = read(fd, buf, 40);
 284        close(fd);
 285        if (nr != 40 || get_sha1_hex(buf, lock->old_sha1) < 0) {
 286                error("Can't verify ref %s", lock->ref_file);
 287                unlock_ref(lock);
 288                return NULL;
 289        }
 290        if (hashcmp(lock->old_sha1, old_sha1)) {
 291                error("Ref %s is at %s but expected %s", lock->ref_file,
 292                        sha1_to_hex(lock->old_sha1), sha1_to_hex(old_sha1));
 293                unlock_ref(lock);
 294                return NULL;
 295        }
 296        return lock;
 297}
 298
 299static struct ref_lock *lock_ref_sha1_basic(const char *path,
 300        int plen,
 301        const unsigned char *old_sha1, int mustexist)
 302{
 303        const char *orig_path = path;
 304        struct ref_lock *lock;
 305        struct stat st;
 306
 307        lock = xcalloc(1, sizeof(struct ref_lock));
 308        lock->lock_fd = -1;
 309
 310        plen = strlen(path) - plen;
 311        path = resolve_ref(path, lock->old_sha1, mustexist);
 312        if (!path) {
 313                int last_errno = errno;
 314                error("unable to resolve reference %s: %s",
 315                        orig_path, strerror(errno));
 316                unlock_ref(lock);
 317                errno = last_errno;
 318                return NULL;
 319        }
 320        lock->lk = xcalloc(1, sizeof(struct lock_file));
 321
 322        lock->ref_file = xstrdup(path);
 323        lock->log_file = xstrdup(git_path("logs/%s", lock->ref_file + plen));
 324        lock->force_write = lstat(lock->ref_file, &st) && errno == ENOENT;
 325
 326        if (safe_create_leading_directories(lock->ref_file))
 327                die("unable to create directory for %s", lock->ref_file);
 328        lock->lock_fd = hold_lock_file_for_update(lock->lk, lock->ref_file, 1);
 329
 330        return old_sha1 ? verify_lock(lock, old_sha1, mustexist) : lock;
 331}
 332
 333struct ref_lock *lock_ref_sha1(const char *ref,
 334        const unsigned char *old_sha1, int mustexist)
 335{
 336        if (check_ref_format(ref))
 337                return NULL;
 338        return lock_ref_sha1_basic(git_path("refs/%s", ref),
 339                5 + strlen(ref), old_sha1, mustexist);
 340}
 341
 342struct ref_lock *lock_any_ref_for_update(const char *ref,
 343        const unsigned char *old_sha1, int mustexist)
 344{
 345        return lock_ref_sha1_basic(git_path("%s", ref),
 346                strlen(ref), old_sha1, mustexist);
 347}
 348
 349void unlock_ref(struct ref_lock *lock)
 350{
 351        if (lock->lock_fd >= 0) {
 352                close(lock->lock_fd);
 353                /* Do not free lock->lk -- atexit() still looks at them */
 354                if (lock->lk)
 355                        rollback_lock_file(lock->lk);
 356        }
 357        free(lock->ref_file);
 358        free(lock->log_file);
 359        free(lock);
 360}
 361
 362static int log_ref_write(struct ref_lock *lock,
 363        const unsigned char *sha1, const char *msg)
 364{
 365        int logfd, written, oflags = O_APPEND | O_WRONLY;
 366        unsigned maxlen, len;
 367        char *logrec;
 368        const char *committer;
 369
 370        if (log_all_ref_updates) {
 371                if (safe_create_leading_directories(lock->log_file) < 0)
 372                        return error("unable to create directory for %s",
 373                                lock->log_file);
 374                oflags |= O_CREAT;
 375        }
 376
 377        logfd = open(lock->log_file, oflags, 0666);
 378        if (logfd < 0) {
 379                if (!log_all_ref_updates && errno == ENOENT)
 380                        return 0;
 381                return error("Unable to append to %s: %s",
 382                        lock->log_file, strerror(errno));
 383        }
 384
 385        committer = git_committer_info(1);
 386        if (msg) {
 387                maxlen = strlen(committer) + strlen(msg) + 2*40 + 5;
 388                logrec = xmalloc(maxlen);
 389                len = snprintf(logrec, maxlen, "%s %s %s\t%s\n",
 390                        sha1_to_hex(lock->old_sha1),
 391                        sha1_to_hex(sha1),
 392                        committer,
 393                        msg);
 394        }
 395        else {
 396                maxlen = strlen(committer) + 2*40 + 4;
 397                logrec = xmalloc(maxlen);
 398                len = snprintf(logrec, maxlen, "%s %s %s\n",
 399                        sha1_to_hex(lock->old_sha1),
 400                        sha1_to_hex(sha1),
 401                        committer);
 402        }
 403        written = len <= maxlen ? write(logfd, logrec, len) : -1;
 404        free(logrec);
 405        close(logfd);
 406        if (written != len)
 407                return error("Unable to append to %s", lock->log_file);
 408        return 0;
 409}
 410
 411int write_ref_sha1(struct ref_lock *lock,
 412        const unsigned char *sha1, const char *logmsg)
 413{
 414        static char term = '\n';
 415
 416        if (!lock)
 417                return -1;
 418        if (!lock->force_write && !hashcmp(lock->old_sha1, sha1)) {
 419                unlock_ref(lock);
 420                return 0;
 421        }
 422        if (write(lock->lock_fd, sha1_to_hex(sha1), 40) != 40 ||
 423            write(lock->lock_fd, &term, 1) != 1
 424                || close(lock->lock_fd) < 0) {
 425                error("Couldn't write %s", lock->lk->filename);
 426                unlock_ref(lock);
 427                return -1;
 428        }
 429        if (log_ref_write(lock, sha1, logmsg) < 0) {
 430                unlock_ref(lock);
 431                return -1;
 432        }
 433        if (commit_lock_file(lock->lk)) {
 434                error("Couldn't set %s", lock->ref_file);
 435                unlock_ref(lock);
 436                return -1;
 437        }
 438        lock->lock_fd = -1;
 439        unlock_ref(lock);
 440        return 0;
 441}
 442
 443int read_ref_at(const char *ref, unsigned long at_time, unsigned char *sha1)
 444{
 445        const char *logfile, *logdata, *logend, *rec, *lastgt, *lastrec;
 446        char *tz_c;
 447        int logfd, tz;
 448        struct stat st;
 449        unsigned long date;
 450        unsigned char logged_sha1[20];
 451
 452        logfile = git_path("logs/%s", ref);
 453        logfd = open(logfile, O_RDONLY, 0);
 454        if (logfd < 0)
 455                die("Unable to read log %s: %s", logfile, strerror(errno));
 456        fstat(logfd, &st);
 457        if (!st.st_size)
 458                die("Log %s is empty.", logfile);
 459        logdata = mmap(NULL, st.st_size, PROT_READ, MAP_PRIVATE, logfd, 0);
 460        close(logfd);
 461
 462        lastrec = NULL;
 463        rec = logend = logdata + st.st_size;
 464        while (logdata < rec) {
 465                if (logdata < rec && *(rec-1) == '\n')
 466                        rec--;
 467                lastgt = NULL;
 468                while (logdata < rec && *(rec-1) != '\n') {
 469                        rec--;
 470                        if (*rec == '>')
 471                                lastgt = rec;
 472                }
 473                if (!lastgt)
 474                        die("Log %s is corrupt.", logfile);
 475                date = strtoul(lastgt + 1, &tz_c, 10);
 476                if (date <= at_time) {
 477                        if (lastrec) {
 478                                if (get_sha1_hex(lastrec, logged_sha1))
 479                                        die("Log %s is corrupt.", logfile);
 480                                if (get_sha1_hex(rec + 41, sha1))
 481                                        die("Log %s is corrupt.", logfile);
 482                                if (hashcmp(logged_sha1, sha1)) {
 483                                        tz = strtoul(tz_c, NULL, 10);
 484                                        fprintf(stderr,
 485                                                "warning: Log %s has gap after %s.\n",
 486                                                logfile, show_rfc2822_date(date, tz));
 487                                }
 488                        }
 489                        else if (date == at_time) {
 490                                if (get_sha1_hex(rec + 41, sha1))
 491                                        die("Log %s is corrupt.", logfile);
 492                        }
 493                        else {
 494                                if (get_sha1_hex(rec + 41, logged_sha1))
 495                                        die("Log %s is corrupt.", logfile);
 496                                if (hashcmp(logged_sha1, sha1)) {
 497                                        tz = strtoul(tz_c, NULL, 10);
 498                                        fprintf(stderr,
 499                                                "warning: Log %s unexpectedly ended on %s.\n",
 500                                                logfile, show_rfc2822_date(date, tz));
 501                                }
 502                        }
 503                        munmap((void*)logdata, st.st_size);
 504                        return 0;
 505                }
 506                lastrec = rec;
 507        }
 508
 509        rec = logdata;
 510        while (rec < logend && *rec != '>' && *rec != '\n')
 511                rec++;
 512        if (rec == logend || *rec == '\n')
 513                die("Log %s is corrupt.", logfile);
 514        date = strtoul(rec + 1, &tz_c, 10);
 515        tz = strtoul(tz_c, NULL, 10);
 516        if (get_sha1_hex(logdata, sha1))
 517                die("Log %s is corrupt.", logfile);
 518        munmap((void*)logdata, st.st_size);
 519        fprintf(stderr, "warning: Log %s only goes back to %s.\n",
 520                logfile, show_rfc2822_date(date, tz));
 521        return 0;
 522}