Fix constness of input in mozilla-sha1/sha1.c::SHA1_Update().
[git] / refs.c
1 #include "refs.h"
2 #include "cache.h"
3
4 #include <errno.h>
5
6 /* We allow "recursive" symbolic refs. Only within reason, though */
7 #define MAXDEPTH 5
8
9 #ifndef USE_SYMLINK_HEAD
10 #define USE_SYMLINK_HEAD 1
11 #endif
12
13 int validate_symref(const char *path)
14 {
15         struct stat st;
16         char *buf, buffer[256];
17         int len, fd;
18
19         if (lstat(path, &st) < 0)
20                 return -1;
21
22         /* Make sure it is a "refs/.." symlink */
23         if (S_ISLNK(st.st_mode)) {
24                 len = readlink(path, buffer, sizeof(buffer)-1);
25                 if (len >= 5 && !memcmp("refs/", buffer, 5))
26                         return 0;
27                 return -1;
28         }
29
30         /*
31          * Anything else, just open it and try to see if it is a symbolic ref.
32          */
33         fd = open(path, O_RDONLY);
34         if (fd < 0)
35                 return -1;
36         len = read(fd, buffer, sizeof(buffer)-1);
37         close(fd);
38
39         /*
40          * Is it a symbolic ref?
41          */
42         if (len < 4 || memcmp("ref:", buffer, 4))
43                 return -1;
44         buf = buffer + 4;
45         len -= 4;
46         while (len && isspace(*buf))
47                 buf++, len--;
48         if (len >= 5 && !memcmp("refs/", buf, 5))
49                 return 0;
50         return -1;
51 }
52
53 const char *resolve_ref(const char *path, unsigned char *sha1, int reading)
54 {
55         int depth = MAXDEPTH, len;
56         char buffer[256];
57
58         for (;;) {
59                 struct stat st;
60                 char *buf;
61                 int fd;
62
63                 if (--depth < 0)
64                         return NULL;
65
66                 /* Special case: non-existing file.
67                  * Not having the refs/heads/new-branch is OK
68                  * if we are writing into it, so is .git/HEAD
69                  * that points at refs/heads/master still to be
70                  * born.  It is NOT OK if we are resolving for
71                  * reading.
72                  */
73                 if (lstat(path, &st) < 0) {
74                         if (reading || errno != ENOENT)
75                                 return NULL;
76                         memset(sha1, 0, 20);
77                         return path;
78                 }
79
80                 /* Follow "normalized" - ie "refs/.." symlinks by hand */
81                 if (S_ISLNK(st.st_mode)) {
82                         len = readlink(path, buffer, sizeof(buffer)-1);
83                         if (len >= 5 && !memcmp("refs/", buffer, 5)) {
84                                 path = git_path("%.*s", len, buffer);
85                                 continue;
86                         }
87                 }
88
89                 /*
90                  * Anything else, just open it and try to use it as
91                  * a ref
92                  */
93                 fd = open(path, O_RDONLY);
94                 if (fd < 0)
95                         return NULL;
96                 len = read(fd, buffer, sizeof(buffer)-1);
97                 close(fd);
98
99                 /*
100                  * Is it a symbolic ref?
101                  */
102                 if (len < 4 || memcmp("ref:", buffer, 4))
103                         break;
104                 buf = buffer + 4;
105                 len -= 4;
106                 while (len && isspace(*buf))
107                         buf++, len--;
108                 while (len && isspace(buf[len-1]))
109                         buf[--len] = 0;
110                 path = git_path("%.*s", len, buf);
111         }
112         if (len < 40 || get_sha1_hex(buffer, sha1))
113                 return NULL;
114         return path;
115 }
116
117 int create_symref(const char *git_HEAD, const char *refs_heads_master)
118 {
119         const char *lockpath;
120         char ref[1000];
121         int fd, len, written;
122
123 #if USE_SYMLINK_HEAD
124         unlink(git_HEAD);
125         if (!symlink(refs_heads_master, git_HEAD))
126                 return 0;
127         fprintf(stderr, "no symlink - falling back to symbolic ref\n");
128 #endif
129
130         len = snprintf(ref, sizeof(ref), "ref: %s\n", refs_heads_master);
131         if (sizeof(ref) <= len) {
132                 error("refname too long: %s", refs_heads_master);
133                 return -1;
134         }
135         lockpath = mkpath("%s.lock", git_HEAD);
136         fd = open(lockpath, O_CREAT | O_EXCL | O_WRONLY, 0666); 
137         written = write(fd, ref, len);
138         close(fd);
139         if (written != len) {
140                 unlink(lockpath);
141                 error("Unable to write to %s", lockpath);
142                 return -2;
143         }
144         if (rename(lockpath, git_HEAD) < 0) {
145                 unlink(lockpath);
146                 error("Unable to create %s", git_HEAD);
147                 return -3;
148         }
149         return 0;
150 }
151
152 int read_ref(const char *filename, unsigned char *sha1)
153 {
154         if (resolve_ref(filename, sha1, 1))
155                 return 0;
156         return -1;
157 }
158
159 static int do_for_each_ref(const char *base, int (*fn)(const char *path, const unsigned char *sha1))
160 {
161         int retval = 0;
162         DIR *dir = opendir(git_path("%s", base));
163
164         if (dir) {
165                 struct dirent *de;
166                 int baselen = strlen(base);
167                 char *path = xmalloc(baselen + 257);
168
169                 if (!strncmp(base, "./", 2)) {
170                         base += 2;
171                         baselen -= 2;
172                 }
173                 memcpy(path, base, baselen);
174                 if (baselen && base[baselen-1] != '/')
175                         path[baselen++] = '/';
176
177                 while ((de = readdir(dir)) != NULL) {
178                         unsigned char sha1[20];
179                         struct stat st;
180                         int namelen;
181
182                         if (de->d_name[0] == '.')
183                                 continue;
184                         namelen = strlen(de->d_name);
185                         if (namelen > 255)
186                                 continue;
187                         memcpy(path + baselen, de->d_name, namelen+1);
188                         if (stat(git_path("%s", path), &st) < 0)
189                                 continue;
190                         if (S_ISDIR(st.st_mode)) {
191                                 retval = do_for_each_ref(path, fn);
192                                 if (retval)
193                                         break;
194                                 continue;
195                         }
196                         if (read_ref(git_path("%s", path), sha1) < 0)
197                                 continue;
198                         if (!has_sha1_file(sha1))
199                                 continue;
200                         retval = fn(path, sha1);
201                         if (retval)
202                                 break;
203                 }
204                 free(path);
205                 closedir(dir);
206         }
207         return retval;
208 }
209
210 int head_ref(int (*fn)(const char *path, const unsigned char *sha1))
211 {
212         unsigned char sha1[20];
213         if (!read_ref(git_path("HEAD"), sha1))
214                 return fn("HEAD", sha1);
215         return 0;
216 }
217
218 int for_each_ref(int (*fn)(const char *path, const unsigned char *sha1))
219 {
220         return do_for_each_ref("refs", fn);
221 }
222
223 static char *ref_file_name(const char *ref)
224 {
225         char *base = get_refs_directory();
226         int baselen = strlen(base);
227         int reflen = strlen(ref);
228         char *ret = xmalloc(baselen + 2 + reflen);
229         sprintf(ret, "%s/%s", base, ref);
230         return ret;
231 }
232
233 static char *ref_lock_file_name(const char *ref)
234 {
235         char *base = get_refs_directory();
236         int baselen = strlen(base);
237         int reflen = strlen(ref);
238         char *ret = xmalloc(baselen + 7 + reflen);
239         sprintf(ret, "%s/%s.lock", base, ref);
240         return ret;
241 }
242
243 int get_ref_sha1(const char *ref, unsigned char *sha1)
244 {
245         const char *filename;
246
247         if (check_ref_format(ref))
248                 return -1;
249         filename = git_path("refs/%s", ref);
250         return read_ref(filename, sha1);
251 }
252
253 static int lock_ref_file(const char *filename, const char *lock_filename,
254                          const unsigned char *old_sha1)
255 {
256         int fd = open(lock_filename, O_WRONLY | O_CREAT | O_EXCL, 0666);
257         unsigned char current_sha1[20];
258         int retval;
259         if (fd < 0) {
260                 return error("Couldn't open lock file for %s: %s",
261                              filename, strerror(errno));
262         }
263         retval = read_ref(filename, current_sha1);
264         if (old_sha1) {
265                 if (retval) {
266                         close(fd);
267                         unlink(lock_filename);
268                         return error("Could not read the current value of %s",
269                                      filename);
270                 }
271                 if (memcmp(current_sha1, old_sha1, 20)) {
272                         close(fd);
273                         unlink(lock_filename);
274                         error("The current value of %s is %s",
275                               filename, sha1_to_hex(current_sha1));
276                         return error("Expected %s",
277                                      sha1_to_hex(old_sha1));
278                 }
279         } else {
280                 if (!retval) {
281                         close(fd);
282                         unlink(lock_filename);
283                         return error("Unexpectedly found a value of %s for %s",
284                                      sha1_to_hex(current_sha1), filename);
285                 }
286         }
287         return fd;
288 }
289
290 int lock_ref_sha1(const char *ref, const unsigned char *old_sha1)
291 {
292         char *filename;
293         char *lock_filename;
294         int retval;
295         if (check_ref_format(ref))
296                 return -1;
297         filename = ref_file_name(ref);
298         lock_filename = ref_lock_file_name(ref);
299         retval = lock_ref_file(filename, lock_filename, old_sha1);
300         free(filename);
301         free(lock_filename);
302         return retval;
303 }
304
305 static int write_ref_file(const char *filename,
306                           const char *lock_filename, int fd,
307                           const unsigned char *sha1)
308 {
309         char *hex = sha1_to_hex(sha1);
310         char term = '\n';
311         if (write(fd, hex, 40) < 40 ||
312             write(fd, &term, 1) < 1) {
313                 error("Couldn't write %s\n", filename);
314                 close(fd);
315                 return -1;
316         }
317         close(fd);
318         rename(lock_filename, filename);
319         return 0;
320 }
321
322 int write_ref_sha1(const char *ref, int fd, const unsigned char *sha1)
323 {
324         char *filename;
325         char *lock_filename;
326         int retval;
327         if (fd < 0)
328                 return -1;
329         if (check_ref_format(ref))
330                 return -1;
331         filename = ref_file_name(ref);
332         lock_filename = ref_lock_file_name(ref);
333         retval = write_ref_file(filename, lock_filename, fd, sha1);
334         free(filename);
335         free(lock_filename);
336         return retval;
337 }
338
339 /*
340  * Make sure "ref" is something reasonable to have under ".git/refs/";
341  * We do not like it if:
342  *
343  * - any path component of it begins with ".", or
344  * - it has double dots "..", or
345  * - it has ASCII control character, "~", "^", ":" or SP, anywhere, or
346  * - it ends with a "/".
347  */
348
349 static inline int bad_ref_char(int ch)
350 {
351         return (((unsigned) ch) <= ' ' ||
352                 ch == '~' || ch == '^' || ch == ':');
353 }
354
355 int check_ref_format(const char *ref)
356 {
357         int ch, level;
358         const char *cp = ref;
359
360         level = 0;
361         while (1) {
362                 while ((ch = *cp++) == '/')
363                         ; /* tolerate duplicated slashes */
364                 if (!ch)
365                         return -1; /* should not end with slashes */
366
367                 /* we are at the beginning of the path component */
368                 if (ch == '.' || bad_ref_char(ch))
369                         return -1;
370
371                 /* scan the rest of the path component */
372                 while ((ch = *cp++) != 0) {
373                         if (bad_ref_char(ch))
374                                 return -1;
375                         if (ch == '/')
376                                 break;
377                         if (ch == '.' && *cp == '.')
378                                 return -1;
379                 }
380                 level++;
381                 if (!ch) {
382                         if (level < 2)
383                                 return -1; /* at least of form "heads/blah" */
384                         return 0;
385                 }
386         }
387 }
388
389 int write_ref_sha1_unlocked(const char *ref, const unsigned char *sha1)
390 {
391         char *filename;
392         char *lock_filename;
393         int fd;
394         int retval;
395         if (check_ref_format(ref))
396                 return -1;
397         filename = ref_file_name(ref);
398         lock_filename = ref_lock_file_name(ref);
399         fd = open(lock_filename, O_WRONLY | O_CREAT | O_EXCL, 0666);
400         if (fd < 0) {
401                 error("Writing %s", lock_filename);
402                 perror("Open");
403         }
404         retval = write_ref_file(filename, lock_filename, fd, sha1);
405         free(filename);
406         free(lock_filename);
407         return retval;
408 }