| blob | a5f91702149d259375663ba03afb51c02b8bbbe3 |
1 /*
2 * lock.c: mod_dav_svn locking provider functions
3 *
4 * ====================================================================
5 * Copyright (c) 2000-2006 CollabNet. All rights reserved.
6 *
7 * This software is licensed as described in the file COPYING, which
8 * you should have received as part of this distribution. The terms
9 * are also available at http://subversion.tigris.org/license-1.html.
10 * If newer versions of this license are posted there, you may use a
11 * newer version instead, at your option.
12 *
13 * This software consists of voluntary contributions made by many
14 * individuals. For exact contribution history, see the revision
15 * history and logs, available at http://subversion.tigris.org/.
16 * ====================================================================
17 */
19 #include <apr_uuid.h>
20 #include <apr_time.h>
22 #include <httpd.h>
23 #include <http_log.h>
24 #include <mod_dav.h>
36 struct dav_lockdb_private
37 {
38 /* These represent 'custom' request hearders only sent by svn clients: */
39 svn_boolean_t lock_steal;
40 svn_boolean_t lock_break;
41 svn_boolean_t keep_locks;
42 svn_revnum_t working_revnum;
44 /* The original request, so we can set 'custom' output headers. */
46 };
49 /* Helper func: convert an svn_lock_t to a dav_lock, allocated in
50 pool. EXISTS_P indicates whether slock->path actually exists or not.
51 If HIDE_AUTH_USER is set, then do not return the svn lock's 'owner'
52 as dlock->auth_user.
53 */
54 static void
57 svn_boolean_t hide_auth_user,
58 svn_boolean_t exists_p,
60 {
73 /* the svn_lock_t 'comment' field maps to the 'DAV:owner' field. */
75 {
77 {
78 /* This comment was originally given to us by an svn client,
79 so, we need to wrap the naked comment with <DAV:owner>,
80 and xml-escape it for safe transport, lest we send back
81 an invalid http response. (mod_dav won't do it for us,
82 because it assumes that it personally created every lock
83 in the repository.) */
89 }
90 else
91 {
93 }
94 }
95 else
98 /* the svn_lock_t 'owner' is the actual authenticated owner of the
99 lock, and maps to the 'auth_user' field in the mod_dav lock. */
101 /* (If the client ran 'svn unlock --force', then we don't want to
102 return lock->auth_user. Otherwise mod_dav will throw an error
103 when lock->auth_user and r->user don't match.) */
107 /* This is absurd. apr_time.h has an apr_time_t->time_t func,
108 but not the reverse?? */
111 else
115 }
118 /* Helper func for dav_lock_to_svn_lock: take an incoming
119 "<D:owner><foo></D:owner>" tag and convert it to
120 "<foo>". */
125 {
128 apr_status_t apr_err;
137 {
142 }
147 }
150 /* Helper func: convert a dav_lock to an svn_lock_t, allocated in pool. */
156 svn_boolean_t is_svn_client,
158 {
161 /* Sanity checks */
164 DAV_ERR_LOCK_SAVE_LOCK,
169 DAV_ERR_LOCK_SAVE_LOCK,
176 /* DAV has no concept of lock creationdate, so assume 'now' */
182 /* We need to be very careful about stripping the <D:owner> tag away
183 from the cdata. It's okay to do for svn clients, but not other
184 DAV clients! */
186 {
188 {
189 /* mod_dav has forcibly xml-escaped the comment before
190 handing it to us; we need to xml-unescape it (and remove
191 the <D:owner> wrapper) when storing in the repository, so
192 it looks reasonable to the rest of svn. */
198 }
199 else
200 {
201 /* The comment comes from a non-svn client; don't touch
202 this data at all. */
205 }
206 }
210 else
215 }
218 /* ---------------------------------------------------------------- */
219 /* mod_dav locking vtable starts here: */
222 /* Return the supportedlock property for a resource */
225 {
226 /* This is imitating what mod_dav_fs is doing. Note that unlike
227 mod_dav_fs, however, we don't support "shared" locks, only
228 "exclusive" ones. Nor do we support locks on collections. */
230 "<D:lockentry>" DEBUG_CR
231 "<D:lockscope><D:exclusive/></D:lockscope>" DEBUG_CR
232 "<D:locktype><D:write/></D:locktype>" DEBUG_CR
237 else
239 }
242 /* Parse a lock token URI, returning a lock token object allocated
243 * in the given pool.
244 */
249 {
252 /* libsvn_fs already produces a valid locktoken URI. */
257 }
260 /* Format a lock token object into a URI string, allocated in
261 * the given pool.
262 *
263 * Always returns non-NULL.
264 */
267 {
268 /* libsvn_fs already produces a valid locktoken URI. */
270 }
273 /* Compare two lock tokens.
274 *
275 * Result < 0 => lt1 < lt2
276 * Result == 0 => lt1 == lt2
277 * Result > 0 => lt1 > lt2
278 */
279 static int
281 {
283 }
286 /* Open the provider's lock database.
287 *
288 * The provider may or may not use a "real" database for locks
289 * (a lock could be an attribute on a resource, for example).
290 *
291 * The provider may choose to use the value of the DAVLockDB directive
292 * (as returned by dav_get_lockdb_path()) to decide where to place
293 * any storage it may need.
294 *
295 * The request storage pool should be associated with the lockdb,
296 * so it can be used in subsequent operations.
297 *
298 * If ro != 0, only readonly operations will be performed.
299 * If force == 0, the open can be "lazy"; no subsequent locking operations
300 * may occur.
301 * If force != 0, locking operations will definitely occur.
302 */
305 {
312 /* Is this an svn client? */
314 /* Check to see if an svn client sent any custom X-SVN-* headers in
315 the request. */
318 {
319 /* 'svn [lock | unlock] --force' */
326 }
328 /* 'svn lock' wants to make svn_fs_lock() do an out-of-dateness check. */
333 /* The generic lockdb structure. */
340 }
343 /* Indicates completion of locking operations */
344 static void
346 {
347 /* nothing to do here. */
349 }
352 /* Take a resource out of the lock-null state. */
355 {
357 /* mod_dav_svn supports RFC2518bis which does not actually require
358 the server to create lock-null resources. Instead, we create
359 zero byte files when a lock comes in on a non-existent path.
360 mod_dav_svn never creates any lock-null resources, so this
361 function is never called by mod_dav. */
364 }
367 /*
368 ** Create a (direct) lock structure for the given resource. A locktoken
369 ** will be created.
370 **
371 ** The lock provider may store private information into lock->info.
372 */
375 {
395 /* allowing mod_dav to fill in dlock->timeout, owner, auth_user. */
396 /* dlock->info and dlock->next are NULL by default. */
400 }
403 /*
404 ** Get the locks associated with the specified resource.
405 **
406 ** If resolve_locks is true (non-zero), then any indirect locks are
407 ** resolved to their actual, direct lock (i.e. the reference to followed
408 ** to the original lock).
409 **
410 ** The locks, if any, are returned as a linked list in no particular
411 ** order. If no locks are present, then *locks will be NULL.
412 **
413 ** #define DAV_GETLOCKS_RESOLVED 0 -- resolve indirects to directs
414 ** #define DAV_GETLOCKS_PARTIAL 1 -- leave indirects partially filled
415 ** #define DAV_GETLOCKS_COMPLETE 2 -- fill out indirect locks
416 */
422 {
428 /* We only support exclusive locks, not shared ones. So this
429 function always returns a "list" of exactly one lock, or just a
430 NULL list. The 'calltype' arg is also meaningless, since we
431 don't support locks on collections. */
433 /* Sanity check: if the resource has no associated path in the fs,
434 then there's nothing to do. */
436 {
439 }
441 /* The Big Lie: if the client ran 'svn lock', then we have
442 to pretend that there's no existing lock. Otherwise mod_dav will
443 throw '403 Locked' without even attempting to create a new
444 lock. For the --force case, this is required and for the non-force case,
445 we allow the filesystem to produce a better error for svn clients.
446 */
448 {
451 }
453 /* If the resource's fs path is unreadable, we don't want to say
454 anything about locks attached to it.*/
457 DAV_ERR_LOCK_SAVE_LOCK,
470 {
474 /* Let svn clients know the creationdate of the slock. */
479 /* Let svn clients know who "owns" the slock. */
482 }
486 }
489 /*
490 ** Find a particular lock on a resource (specified by its locktoken).
491 **
492 ** *lock will be set to NULL if the lock is not found.
493 **
494 ** Note that the provider can optimize the unmarshalling -- only one
495 ** lock (or none) must be constructed and returned.
496 **
497 ** If partial_ok is true (non-zero), then an indirect lock can be
498 ** partially filled in. Otherwise, another lookup is done and the
499 ** lock structure will be filled out as a DAV_LOCKREC_INDIRECT.
500 */
507 {
513 /* If the resource's fs path is unreadable, we don't want to say
514 anything about locks attached to it.*/
517 DAV_ERR_LOCK_SAVE_LOCK,
530 {
531 /* Sanity check. */
534 DAV_ERR_LOCK_SAVE_LOCK,
540 /* Let svn clients know the creationdate of the slock. */
545 /* Let svn clients know the 'owner' of the slock. */
548 }
552 }
555 /*
556 ** Quick test to see if the resource has *any* locks on it.
557 **
558 ** This is typically used to determine if a non-existent resource
559 ** has a lock and is (therefore) a locknull resource.
560 **
561 ** WARNING: this function may return TRUE even when timed-out locks
562 ** exist (i.e. it may not perform timeout checks).
563 */
566 {
571 /* Sanity check: if the resource has no associated path in the fs,
572 then there's nothing to do. */
574 {
577 }
579 /* The Big Lie: if the client ran 'svn lock', then we have
580 to pretend that there's no existing lock. Otherwise mod_dav will
581 throw '403 Locked' without even attempting to create a new
582 lock. For the --force case, this is required and for the non-force case,
583 we allow the filesystem to produce a better error for svn clients.
584 */
586 {
589 }
591 /* If the resource's fs path is unreadable, we don't want to say
592 anything about locks attached to it.*/
595 DAV_ERR_LOCK_SAVE_LOCK,
609 }
612 /*
613 ** Append the specified lock(s) to the set of locks on this resource.
614 **
615 ** If "make_indirect" is true (non-zero), then the specified lock(s)
616 ** should be converted to an indirect lock (if it is a direct lock)
617 ** before appending. Note that the conversion to an indirect lock does
618 ** not alter the passed-in lock -- the change is internal the
619 ** append_locks function.
620 **
621 ** Multiple locks are specified using the lock->next links.
622 */
628 {
634 /* If the resource's fs path is unreadable, we don't allow a lock to
635 be created on it. */
638 DAV_ERR_LOCK_SAVE_LOCK,
643 DAV_ERR_LOCK_SAVE_LOCK,
646 /* RFC2518bis (section 7.4) doesn't require us to support
647 'lock-null' resources at all. Instead, it asks that we treat
648 'LOCK nonexistentURL' as a PUT (followed by a LOCK) of a 0-byte file. */
650 {
659 DAV_ERR_LOCK_SAVE_LOCK,
660 "Subversion clients may not lock "
665 DAV_ERR_LOCK_SAVE_LOCK,
666 "Attempted to lock non-existent path;"
669 /* Commit a 0-byte file: */
703 {
707 "Conflict when committing "
710 }
711 }
713 /* Convert the dav_lock into an svn_lock_t. */
720 /* Now use the svn_lock_t to actually perform the lock. */
733 {
736 DAV_ERR_LOCK_SAVE_LOCK,
738 }
745 /* A standard webdav LOCK response doesn't include any information
746 about the creation date. We send it in a custom header, so that
747 svn clients can fill in svn_lock_t->creation_date. A generic DAV
748 client should just ignore the header. */
752 /* A standard webdav LOCK response doesn't include any information
753 about the owner of the lock. ('DAV:owner' has nothing to do with
754 authorization, it's just a comment that we map to
755 svn_lock_t->comment.) We send the owner in a custom header, so
756 that svn clients can fill in svn_lock_t->owner. A generic DAV
757 client should just ignore the header. */
761 /* Log the locking as a 'high-level' action. */
767 }
770 /*
771 ** Remove any lock that has the specified locktoken.
772 **
773 ** If locktoken == NULL, then ALL locks are removed.
774 */
779 {
785 /* Sanity check: if the resource has no associated path in the fs,
786 then there's nothing to do. */
790 /* Another easy out: if an svn client sent a 'keep_locks' header
791 (typically in a DELETE request, as part of 'svn commit
792 --no-unlock'), then ignore dav_method_delete()'s attempt to
793 unconditionally remove the lock. */
797 /* If the resource's fs path is unreadable, we don't allow a lock to
798 be removed from it. */
801 DAV_ERR_LOCK_SAVE_LOCK,
805 {
806 /* Need to manually discover any lock on the resource. */
817 }
818 else
819 {
821 }
824 {
825 /* Notice that a generic DAV client is unable to forcibly
826 'break' a lock, because info->lock_break will always be
827 FALSE. An svn client, however, can request a 'forced' break.*/
830 token,
835 {
838 DAV_ERR_LOCK_SAVE_LOCK,
840 }
846 /* Log the unlocking as a 'high-level' action. */
852 }
855 }
858 /*
859 ** Refresh all locks, found on the specified resource, which has a
860 ** locktoken in the provided list.
861 **
862 ** If the lock is indirect, then the direct lock is referenced and
863 ** refreshed.
864 **
865 ** Each lock that is updated is returned in the <locks> argument.
866 ** Note that the locks will be fully resolved.
867 */
874 {
875 /* We're not looping over a list of locks, since we only support one
876 lock per resource. */
882 /* If the resource's fs path is unreadable, we don't want to say
883 anything about locks attached to it.*/
886 DAV_ERR_LOCK_SAVE_LOCK,
889 /* Convert the path into an svn_lock_t. */
899 /* Sanity check: does the incoming token actually represent the
900 current lock on the incoming resource? */
904 DAV_ERR_LOCK_SAVE_LOCK,
907 /* Now use the tweaked svn_lock_t to 'refresh' the existing lock. */
916 SVN_INVALID_REVNUM,
921 {
924 DAV_ERR_LOCK_SAVE_LOCK,
926 }
932 /* Convert the refreshed lock into a dav_lock and return it. */
937 }
940 /* The main locking vtable, provided to mod_dav */
942 get_supportedlock,
943 parse_locktoken,
944 format_locktoken,
945 compare_locktoken,
946 open_lockdb,
947 close_lockdb,
948 remove_locknull_state,
949 create_lock,
950 get_locks,
951 find_lock,
952 has_locks,
953 append_locks,
954 remove_lock,
955 refresh_locks,
956 NULL,
957 NULL /* hook structure context */
958 };