Check and document the options to prevent mistakes.
[gitweb.git] / refs.c
diff --git a/refs.c b/refs.c
index 5a8cbd4ef386da60d3f7a2cac4563fc993e38b94..713ca467368e24f6112663b7b96921f9d1bbc145 100644 (file)
--- a/refs.c
+++ b/refs.c
@@ -2,55 +2,10 @@
 #include "cache.h"
 
 #include <errno.h>
-#include <ctype.h>
 
 /* We allow "recursive" symbolic refs. Only within reason, though */
 #define MAXDEPTH 5
 
-#ifndef USE_SYMLINK_HEAD
-#define USE_SYMLINK_HEAD 1
-#endif
-
-int validate_symref(const char *path)
-{
-       struct stat st;
-       char *buf, buffer[256];
-       int len, fd;
-
-       if (lstat(path, &st) < 0)
-               return -1;
-
-       /* Make sure it is a "refs/.." symlink */
-       if (S_ISLNK(st.st_mode)) {
-               len = readlink(path, buffer, sizeof(buffer)-1);
-               if (len >= 5 && !memcmp("refs/", buffer, 5))
-                       return 0;
-               return -1;
-       }
-
-       /*
-        * Anything else, just open it and try to see if it is a symbolic ref.
-        */
-       fd = open(path, O_RDONLY);
-       if (fd < 0)
-               return -1;
-       len = read(fd, buffer, sizeof(buffer)-1);
-       close(fd);
-
-       /*
-        * Is it a symbolic ref?
-        */
-       if (len < 4 || memcmp("ref:", buffer, 4))
-               return -1;
-       buf = buffer + 4;
-       len -= 4;
-       while (len && isspace(*buf))
-               buf++, len--;
-       if (len >= 5 && !memcmp("refs/", buf, 5))
-               return 0;
-       return -1;
-}
-
 const char *resolve_ref(const char *path, unsigned char *sha1, int reading)
 {
        int depth = MAXDEPTH, len;
@@ -117,14 +72,19 @@ const char *resolve_ref(const char *path, unsigned char *sha1, int reading)
 
 int create_symref(const char *git_HEAD, const char *refs_heads_master)
 {
-#if USE_SYMLINK_HEAD
-       unlink(git_HEAD);
-       return symlink(refs_heads_master, git_HEAD);
-#else
        const char *lockpath;
        char ref[1000];
        int fd, len, written;
 
+#ifndef NO_SYMLINK_HEAD
+       if (prefer_symlink_refs) {
+               unlink(git_HEAD);
+               if (!symlink(refs_heads_master, git_HEAD))
+                       return 0;
+               fprintf(stderr, "no symlink - falling back to symbolic ref\n");
+       }
+#endif
+
        len = snprintf(ref, sizeof(ref), "ref: %s\n", refs_heads_master);
        if (sizeof(ref) <= len) {
                error("refname too long: %s", refs_heads_master);
@@ -144,8 +104,12 @@ int create_symref(const char *git_HEAD, const char *refs_heads_master)
                error("Unable to create %s", git_HEAD);
                return -3;
        }
+       if (adjust_shared_perm(git_HEAD)) {
+               unlink(lockpath);
+               error("Unable to fix permissions on %s", lockpath);
+               return -4;
+       }
        return 0;
-#endif
 }
 
 int read_ref(const char *filename, unsigned char *sha1)
@@ -155,7 +119,7 @@ int read_ref(const char *filename, unsigned char *sha1)
        return -1;
 }
 
-static int do_for_each_ref(const char *base, int (*fn)(const char *path, const unsigned char *sha1))
+static int do_for_each_ref(const char *base, int (*fn)(const char *path, const unsigned char *sha1), int trim)
 {
        int retval = 0;
        DIR *dir = opendir(git_path("%s", base));
@@ -183,20 +147,27 @@ static int do_for_each_ref(const char *base, int (*fn)(const char *path, const u
                        namelen = strlen(de->d_name);
                        if (namelen > 255)
                                continue;
+                       if (namelen>5 && !strcmp(de->d_name+namelen-5,".lock"))
+                               continue;
                        memcpy(path + baselen, de->d_name, namelen+1);
                        if (stat(git_path("%s", path), &st) < 0)
                                continue;
                        if (S_ISDIR(st.st_mode)) {
-                               retval = do_for_each_ref(path, fn);
+                               retval = do_for_each_ref(path, fn, trim);
                                if (retval)
                                        break;
                                continue;
                        }
-                       if (read_ref(git_path("%s", path), sha1) < 0)
+                       if (read_ref(git_path("%s", path), sha1) < 0) {
+                               error("%s points nowhere!", path);
                                continue;
-                       if (!has_sha1_file(sha1))
+                       }
+                       if (!has_sha1_file(sha1)) {
+                               error("%s does not point to a valid "
+                                     "commit object!", path);
                                continue;
-                       retval = fn(path, sha1);
+                       }
+                       retval = fn(path + trim, sha1);
                        if (retval)
                                break;
                }
@@ -216,155 +187,334 @@ int head_ref(int (*fn)(const char *path, const unsigned char *sha1))
 
 int for_each_ref(int (*fn)(const char *path, const unsigned char *sha1))
 {
-       return do_for_each_ref("refs", fn);
+       return do_for_each_ref("refs", fn, 0);
 }
 
-static char *ref_file_name(const char *ref)
+int for_each_tag_ref(int (*fn)(const char *path, const unsigned char *sha1))
 {
-       char *base = get_refs_directory();
-       int baselen = strlen(base);
-       int reflen = strlen(ref);
-       char *ret = xmalloc(baselen + 2 + reflen);
-       sprintf(ret, "%s/%s", base, ref);
-       return ret;
+       return do_for_each_ref("refs/tags", fn, 10);
 }
 
-static char *ref_lock_file_name(const char *ref)
+int for_each_branch_ref(int (*fn)(const char *path, const unsigned char *sha1))
 {
-       char *base = get_refs_directory();
-       int baselen = strlen(base);
-       int reflen = strlen(ref);
-       char *ret = xmalloc(baselen + 7 + reflen);
-       sprintf(ret, "%s/%s.lock", base, ref);
-       return ret;
+       return do_for_each_ref("refs/heads", fn, 11);
 }
 
-int get_ref_sha1(const char *ref, unsigned char *sha1)
+int for_each_remote_ref(int (*fn)(const char *path, const unsigned char *sha1))
 {
-       const char *filename;
+       return do_for_each_ref("refs/remotes", fn, 13);
+}
 
+int get_ref_sha1(const char *ref, unsigned char *sha1)
+{
        if (check_ref_format(ref))
                return -1;
-       filename = git_path("refs/%s", ref);
-       return read_ref(filename, sha1);
+       return read_ref(git_path("refs/%s", ref), sha1);
 }
 
-static int lock_ref_file(const char *filename, const char *lock_filename,
-                        const unsigned char *old_sha1)
+/*
+ * Make sure "ref" is something reasonable to have under ".git/refs/";
+ * We do not like it if:
+ *
+ * - any path component of it begins with ".", or
+ * - it has double dots "..", or
+ * - it has ASCII control character, "~", "^", ":" or SP, anywhere, or
+ * - it ends with a "/".
+ */
+
+static inline int bad_ref_char(int ch)
 {
-       int fd = open(lock_filename, O_WRONLY | O_CREAT | O_EXCL, 0666);
-       unsigned char current_sha1[20];
-       int retval;
-       if (fd < 0) {
-               return error("Couldn't open lock file for %s: %s",
-                            filename, strerror(errno));
-       }
-       retval = read_ref(filename, current_sha1);
-       if (old_sha1) {
-               if (retval) {
-                       close(fd);
-                       unlink(lock_filename);
-                       return error("Could not read the current value of %s",
-                                    filename);
-               }
-               if (memcmp(current_sha1, old_sha1, 20)) {
-                       close(fd);
-                       unlink(lock_filename);
-                       error("The current value of %s is %s",
-                             filename, sha1_to_hex(current_sha1));
-                       return error("Expected %s",
-                                    sha1_to_hex(old_sha1));
+       return (((unsigned) ch) <= ' ' ||
+               ch == '~' || ch == '^' || ch == ':' ||
+               /* 2.13 Pattern Matching Notation */
+               ch == '?' || ch == '*' || ch == '[');
+}
+
+int check_ref_format(const char *ref)
+{
+       int ch, level;
+       const char *cp = ref;
+
+       level = 0;
+       while (1) {
+               while ((ch = *cp++) == '/')
+                       ; /* tolerate duplicated slashes */
+               if (!ch)
+                       return -1; /* should not end with slashes */
+
+               /* we are at the beginning of the path component */
+               if (ch == '.' || bad_ref_char(ch))
+                       return -1;
+
+               /* scan the rest of the path component */
+               while ((ch = *cp++) != 0) {
+                       if (bad_ref_char(ch))
+                               return -1;
+                       if (ch == '/')
+                               break;
+                       if (ch == '.' && *cp == '.')
+                               return -1;
                }
-       } else {
-               if (!retval) {
-                       close(fd);
-                       unlink(lock_filename);
-                       return error("Unexpectedly found a value of %s for %s",
-                                    sha1_to_hex(current_sha1), filename);
+               level++;
+               if (!ch) {
+                       if (level < 2)
+                               return -1; /* at least of form "heads/blah" */
+                       return 0;
                }
        }
-       return fd;
 }
 
-int lock_ref_sha1(const char *ref, const unsigned char *old_sha1)
+static struct ref_lock *verify_lock(struct ref_lock *lock,
+       const unsigned char *old_sha1, int mustexist)
 {
-       char *filename;
-       char *lock_filename;
-       int retval;
-       if (check_ref_format(ref))
-               return -1;
-       filename = ref_file_name(ref);
-       lock_filename = ref_lock_file_name(ref);
-       retval = lock_ref_file(filename, lock_filename, old_sha1);
-       free(filename);
-       free(lock_filename);
-       return retval;
+       char buf[40];
+       int nr, fd = open(lock->ref_file, O_RDONLY);
+       if (fd < 0 && (mustexist || errno != ENOENT)) {
+               error("Can't verify ref %s", lock->ref_file);
+               unlock_ref(lock);
+               return NULL;
+       }
+       nr = read(fd, buf, 40);
+       close(fd);
+       if (nr != 40 || get_sha1_hex(buf, lock->old_sha1) < 0) {
+               error("Can't verify ref %s", lock->ref_file);
+               unlock_ref(lock);
+               return NULL;
+       }
+       if (memcmp(lock->old_sha1, old_sha1, 20)) {
+               error("Ref %s is at %s but expected %s", lock->ref_file,
+                       sha1_to_hex(lock->old_sha1), sha1_to_hex(old_sha1));
+               unlock_ref(lock);
+               return NULL;
+       }
+       return lock;
 }
 
-static int write_ref_file(const char *filename,
-                         const char *lock_filename, int fd,
-                         const unsigned char *sha1)
+static struct ref_lock *lock_ref_sha1_basic(const char *path,
+       int plen,
+       const unsigned char *old_sha1, int mustexist)
 {
-       char *hex = sha1_to_hex(sha1);
-       char term = '\n';
-       if (write(fd, hex, 40) < 40 ||
-           write(fd, &term, 1) < 1) {
-               error("Couldn't write %s\n", filename);
-               close(fd);
-               return -1;
+       struct ref_lock *lock;
+       struct stat st;
+
+       lock = xcalloc(1, sizeof(struct ref_lock));
+       lock->lock_fd = -1;
+
+       plen = strlen(path) - plen;
+       path = resolve_ref(path, lock->old_sha1, mustexist);
+       if (!path) {
+               unlock_ref(lock);
+               return NULL;
        }
-       close(fd);
-       rename(lock_filename, filename);
-       return 0;
+       lock->lk = xcalloc(1, sizeof(struct lock_file));
+
+       lock->ref_file = strdup(path);
+       lock->log_file = strdup(git_path("logs/%s", lock->ref_file + plen));
+       lock->force_write = lstat(lock->ref_file, &st) && errno == ENOENT;
+
+       if (safe_create_leading_directories(lock->ref_file))
+               die("unable to create directory for %s", lock->ref_file);
+       lock->lock_fd = hold_lock_file_for_update(lock->lk, lock->ref_file);
+       if (lock->lock_fd < 0) {
+               error("Couldn't open lock file %s: %s",
+                     lock->lk->filename, strerror(errno));
+               unlock_ref(lock);
+               return NULL;
+       }
+
+       return old_sha1 ? verify_lock(lock, old_sha1, mustexist) : lock;
 }
 
-int write_ref_sha1(const char *ref, int fd, const unsigned char *sha1)
+struct ref_lock *lock_ref_sha1(const char *ref,
+       const unsigned char *old_sha1, int mustexist)
 {
-       char *filename;
-       char *lock_filename;
-       int retval;
-       if (fd < 0)
-               return -1;
        if (check_ref_format(ref))
-               return -1;
-       filename = ref_file_name(ref);
-       lock_filename = ref_lock_file_name(ref);
-       retval = write_ref_file(filename, lock_filename, fd, sha1);
-       free(filename);
-       free(lock_filename);
-       return retval;
+               return NULL;
+       return lock_ref_sha1_basic(git_path("refs/%s", ref),
+               5 + strlen(ref), old_sha1, mustexist);
 }
 
-int check_ref_format(const char *ref)
+struct ref_lock *lock_any_ref_for_update(const char *ref,
+       const unsigned char *old_sha1, int mustexist)
+{
+       return lock_ref_sha1_basic(git_path("%s", ref),
+               strlen(ref), old_sha1, mustexist);
+}
+
+void unlock_ref(struct ref_lock *lock)
+{
+       if (lock->lock_fd >= 0) {
+               close(lock->lock_fd);
+               /* Do not free lock->lk -- atexit() still looks at them */
+               if (lock->lk)
+                       rollback_lock_file(lock->lk);
+       }
+       if (lock->ref_file)
+               free(lock->ref_file);
+       if (lock->log_file)
+               free(lock->log_file);
+       free(lock);
+}
+
+static int log_ref_write(struct ref_lock *lock,
+       const unsigned char *sha1, const char *msg)
+{
+       int logfd, written, oflags = O_APPEND | O_WRONLY;
+       unsigned maxlen, len;
+       char *logrec;
+       const char *comitter;
+
+       if (log_all_ref_updates) {
+               if (safe_create_leading_directories(lock->log_file) < 0)
+                       return error("unable to create directory for %s",
+                               lock->log_file);
+               oflags |= O_CREAT;
+       }
+
+       logfd = open(lock->log_file, oflags, 0666);
+       if (logfd < 0) {
+               if (!log_all_ref_updates && errno == ENOENT)
+                       return 0;
+               return error("Unable to append to %s: %s",
+                       lock->log_file, strerror(errno));
+       }
+
+       setup_ident();
+       comitter = git_committer_info(1);
+       if (msg) {
+               maxlen = strlen(comitter) + strlen(msg) + 2*40 + 5;
+               logrec = xmalloc(maxlen);
+               len = snprintf(logrec, maxlen, "%s %s %s\t%s\n",
+                       sha1_to_hex(lock->old_sha1),
+                       sha1_to_hex(sha1),
+                       comitter,
+                       msg);
+       }
+       else {
+               maxlen = strlen(comitter) + 2*40 + 4;
+               logrec = xmalloc(maxlen);
+               len = snprintf(logrec, maxlen, "%s %s %s\n",
+                       sha1_to_hex(lock->old_sha1),
+                       sha1_to_hex(sha1),
+                       comitter);
+       }
+       written = len <= maxlen ? write(logfd, logrec, len) : -1;
+       free(logrec);
+       close(logfd);
+       if (written != len)
+               return error("Unable to append to %s", lock->log_file);
+       return 0;
+}
+
+int write_ref_sha1(struct ref_lock *lock,
+       const unsigned char *sha1, const char *logmsg)
 {
-       char *middle;
-       if (ref[0] == '.' || ref[0] == '/')
+       static char term = '\n';
+
+       if (!lock)
+               return -1;
+       if (!lock->force_write && !memcmp(lock->old_sha1, sha1, 20)) {
+               unlock_ref(lock);
+               return 0;
+       }
+       if (write(lock->lock_fd, sha1_to_hex(sha1), 40) != 40 ||
+           write(lock->lock_fd, &term, 1) != 1
+               || close(lock->lock_fd) < 0) {
+               error("Couldn't write %s", lock->lk->filename);
+               unlock_ref(lock);
                return -1;
-       middle = strchr(ref, '/');
-       if (!middle || !middle[1])
+       }
+       if (log_ref_write(lock, sha1, logmsg) < 0) {
+               unlock_ref(lock);
                return -1;
-       if (strchr(middle + 1, '/'))
+       }
+       if (commit_lock_file(lock->lk)) {
+               error("Couldn't set %s", lock->ref_file);
+               unlock_ref(lock);
                return -1;
+       }
+       lock->lock_fd = -1;
+       unlock_ref(lock);
        return 0;
 }
 
-int write_ref_sha1_unlocked(const char *ref, const unsigned char *sha1)
+int read_ref_at(const char *ref, unsigned long at_time, unsigned char *sha1)
 {
-       char *filename;
-       char *lock_filename;
-       int fd;
-       int retval;
-       if (check_ref_format(ref))
-               return -1;
-       filename = ref_file_name(ref);
-       lock_filename = ref_lock_file_name(ref);
-       fd = open(lock_filename, O_WRONLY | O_CREAT | O_EXCL, 0666);
-       if (fd < 0) {
-               error("Writing %s", lock_filename);
-               perror("Open");
+       const char *logfile, *logdata, *logend, *rec, *lastgt, *lastrec;
+       char *tz_c;
+       int logfd, tz;
+       struct stat st;
+       unsigned long date;
+       unsigned char logged_sha1[20];
+
+       logfile = git_path("logs/%s", ref);
+       logfd = open(logfile, O_RDONLY, 0);
+       if (logfd < 0)
+               die("Unable to read log %s: %s", logfile, strerror(errno));
+       fstat(logfd, &st);
+       if (!st.st_size)
+               die("Log %s is empty.", logfile);
+       logdata = mmap(NULL, st.st_size, PROT_READ, MAP_PRIVATE, logfd, 0);
+       close(logfd);
+
+       lastrec = NULL;
+       rec = logend = logdata + st.st_size;
+       while (logdata < rec) {
+               if (logdata < rec && *(rec-1) == '\n')
+                       rec--;
+               lastgt = NULL;
+               while (logdata < rec && *(rec-1) != '\n') {
+                       rec--;
+                       if (*rec == '>')
+                               lastgt = rec;
+               }
+               if (!lastgt)
+                       die("Log %s is corrupt.", logfile);
+               date = strtoul(lastgt + 1, &tz_c, 10);
+               if (date <= at_time) {
+                       if (lastrec) {
+                               if (get_sha1_hex(lastrec, logged_sha1))
+                                       die("Log %s is corrupt.", logfile);
+                               if (get_sha1_hex(rec + 41, sha1))
+                                       die("Log %s is corrupt.", logfile);
+                               if (memcmp(logged_sha1, sha1, 20)) {
+                                       tz = strtoul(tz_c, NULL, 10);
+                                       fprintf(stderr,
+                                               "warning: Log %s has gap after %s.\n",
+                                               logfile, show_rfc2822_date(date, tz));
+                               }
+                       }
+                       else if (date == at_time) {
+                               if (get_sha1_hex(rec + 41, sha1))
+                                       die("Log %s is corrupt.", logfile);
+                       }
+                       else {
+                               if (get_sha1_hex(rec + 41, logged_sha1))
+                                       die("Log %s is corrupt.", logfile);
+                               if (memcmp(logged_sha1, sha1, 20)) {
+                                       tz = strtoul(tz_c, NULL, 10);
+                                       fprintf(stderr,
+                                               "warning: Log %s unexpectedly ended on %s.\n",
+                                               logfile, show_rfc2822_date(date, tz));
+                               }
+                       }
+                       munmap((void*)logdata, st.st_size);
+                       return 0;
+               }
+               lastrec = rec;
        }
-       retval = write_ref_file(filename, lock_filename, fd, sha1);
-       free(filename);
-       free(lock_filename);
-       return retval;
+
+       rec = logdata;
+       while (rec < logend && *rec != '>' && *rec != '\n')
+               rec++;
+       if (rec == logend || *rec == '\n')
+               die("Log %s is corrupt.", logfile);
+       date = strtoul(rec + 1, &tz_c, 10);
+       tz = strtoul(tz_c, NULL, 10);
+       if (get_sha1_hex(logdata, sha1))
+               die("Log %s is corrupt.", logfile);
+       munmap((void*)logdata, st.st_size);
+       fprintf(stderr, "warning: Log %s only goes back to %s.\n",
+               logfile, show_rfc2822_date(date, tz));
+       return 0;
 }