]>
Commit | Line | Data |
---|---|---|
53e1b683 | 1 | /* SPDX-License-Identifier: LGPL-2.1+ */ |
a5c32cff | 2 | |
8bdc9a90 | 3 | #include <ctype.h> |
11c3a366 TA |
4 | #include <errno.h> |
5 | #include <fcntl.h> | |
6 | #include <limits.h> | |
7 | #include <stdarg.h> | |
8 | #include <stdint.h> | |
35bbbf85 | 9 | #include <stdio_ext.h> |
11c3a366 | 10 | #include <stdlib.h> |
11c3a366 TA |
11 | #include <sys/stat.h> |
12 | #include <sys/types.h> | |
a5c32cff | 13 | #include <unistd.h> |
cda134ab | 14 | |
b5efdb8a | 15 | #include "alloc-util.h" |
3ffd4af2 LP |
16 | #include "fd-util.h" |
17 | #include "fileio.h" | |
f4f15635 | 18 | #include "fs-util.h" |
07d8c0eb | 19 | #include "hexdecoct.h" |
93cc7779 TA |
20 | #include "log.h" |
21 | #include "macro.h" | |
50ccd864 | 22 | #include "mkdir.h" |
33d52ab9 | 23 | #include "parse-util.h" |
0d39fa9c | 24 | #include "path-util.h" |
b93d3f6b | 25 | #include "socket-util.h" |
33d52ab9 | 26 | #include "stdio-util.h" |
07630cea | 27 | #include "string-util.h" |
e4de7287 | 28 | #include "tmpfile-util.h" |
a5c32cff | 29 | |
c2d11a63 VC |
30 | #define READ_FULL_BYTES_MAX (4U*1024U*1024U) |
31 | ||
fdeea3f4 ZJS |
32 | int fopen_unlocked(const char *path, const char *options, FILE **ret) { |
33 | assert(ret); | |
34 | ||
35 | FILE *f = fopen(path, options); | |
36 | if (!f) | |
37 | return -errno; | |
38 | ||
39 | (void) __fsetlocking(f, FSETLOCKING_BYCALLER); | |
40 | ||
41 | *ret = f; | |
42 | return 0; | |
43 | } | |
44 | ||
02e23d1a ZJS |
45 | int fdopen_unlocked(int fd, const char *options, FILE **ret) { |
46 | assert(ret); | |
47 | ||
48 | FILE *f = fdopen(fd, options); | |
49 | if (!f) | |
50 | return -errno; | |
51 | ||
52 | (void) __fsetlocking(f, FSETLOCKING_BYCALLER); | |
53 | ||
54 | *ret = f; | |
55 | return 0; | |
56 | } | |
57 | ||
3ebbb6cb VC |
58 | int take_fdopen_unlocked(int *fd, const char *options, FILE **ret) { |
59 | int r; | |
60 | ||
61 | assert(fd); | |
62 | ||
63 | r = fdopen_unlocked(*fd, options, ret); | |
64 | if (r < 0) | |
65 | return r; | |
66 | ||
67 | *fd = -1; | |
68 | ||
69 | return 0; | |
70 | } | |
71 | ||
72 | FILE* take_fdopen(int *fd, const char *options) { | |
73 | assert(fd); | |
74 | ||
75 | FILE *f = fdopen(*fd, options); | |
76 | if (!f) | |
77 | return NULL; | |
78 | ||
79 | *fd = -1; | |
80 | ||
81 | return f; | |
82 | } | |
83 | ||
f61457b0 VC |
84 | DIR* take_fdopendir(int *dfd) { |
85 | assert(dfd); | |
86 | ||
87 | DIR *d = fdopendir(*dfd); | |
88 | if (!d) | |
89 | return NULL; | |
90 | ||
91 | *dfd = -1; | |
92 | ||
93 | return d; | |
94 | } | |
95 | ||
2fe21124 ZJS |
96 | FILE* open_memstream_unlocked(char **ptr, size_t *sizeloc) { |
97 | FILE *f = open_memstream(ptr, sizeloc); | |
98 | if (!f) | |
99 | return NULL; | |
100 | ||
101 | (void) __fsetlocking(f, FSETLOCKING_BYCALLER); | |
102 | ||
103 | return f; | |
104 | } | |
105 | ||
673a1e6f ZJS |
106 | FILE* fmemopen_unlocked(void *buf, size_t size, const char *mode) { |
107 | FILE *f = fmemopen(buf, size, mode); | |
108 | if (!f) | |
109 | return NULL; | |
110 | ||
111 | (void) __fsetlocking(f, FSETLOCKING_BYCALLER); | |
112 | ||
113 | return f; | |
114 | } | |
115 | ||
b1837133 LP |
116 | int write_string_stream_ts( |
117 | FILE *f, | |
118 | const char *line, | |
119 | WriteStringFileFlags flags, | |
120 | struct timespec *ts) { | |
dacd6cee | 121 | |
91dc2bf7 | 122 | bool needs_nl; |
14f594b9 | 123 | int r, fd; |
91dc2bf7 | 124 | |
717603e3 LP |
125 | assert(f); |
126 | assert(line); | |
127 | ||
ba8b8c9e MG |
128 | if (ferror(f)) |
129 | return -EIO; | |
130 | ||
14f594b9 LP |
131 | if (ts) { |
132 | /* If we shall set the timestamp we need the fd. But fmemopen() streams generally don't have | |
133 | * an fd. Let's fail early in that case. */ | |
134 | fd = fileno(f); | |
135 | if (fd < 0) | |
136 | return -EBADF; | |
137 | } | |
138 | ||
91dc2bf7 LP |
139 | needs_nl = !(flags & WRITE_STRING_FILE_AVOID_NEWLINE) && !endswith(line, "\n"); |
140 | ||
141 | if (needs_nl && (flags & WRITE_STRING_FILE_DISABLE_BUFFER)) { | |
142 | /* If STDIO buffering was disabled, then let's append the newline character to the string itself, so | |
143 | * that the write goes out in one go, instead of two */ | |
144 | ||
145 | line = strjoina(line, "\n"); | |
146 | needs_nl = false; | |
147 | } | |
148 | ||
94d3b60f MG |
149 | if (fputs(line, f) == EOF) |
150 | return -errno; | |
151 | ||
91dc2bf7 | 152 | if (needs_nl) |
94d3b60f MG |
153 | if (fputc('\n', f) == EOF) |
154 | return -errno; | |
a5c32cff | 155 | |
be83711c CL |
156 | if (flags & WRITE_STRING_FILE_SYNC) |
157 | r = fflush_sync_and_check(f); | |
158 | else | |
159 | r = fflush_and_check(f); | |
160 | if (r < 0) | |
161 | return r; | |
162 | ||
39c38d77 ZJS |
163 | if (ts) { |
164 | struct timespec twice[2] = {*ts, *ts}; | |
165 | ||
14f594b9 | 166 | if (futimens(fd, twice) < 0) |
39c38d77 ZJS |
167 | return -errno; |
168 | } | |
169 | ||
be83711c | 170 | return 0; |
a5c32cff HH |
171 | } |
172 | ||
2eabcc77 LP |
173 | static int write_string_file_atomic( |
174 | const char *fn, | |
175 | const char *line, | |
b1837133 | 176 | WriteStringFileFlags flags, |
2eabcc77 LP |
177 | struct timespec *ts) { |
178 | ||
a5c32cff HH |
179 | _cleanup_fclose_ FILE *f = NULL; |
180 | _cleanup_free_ char *p = NULL; | |
181 | int r; | |
182 | ||
183 | assert(fn); | |
184 | assert(line); | |
185 | ||
95244ceb LP |
186 | /* Note that we'd really like to use O_TMPFILE here, but can't really, since we want replacement |
187 | * semantics here, and O_TMPFILE can't offer that. i.e. rename() replaces but linkat() doesn't. */ | |
188 | ||
a5c32cff HH |
189 | r = fopen_temporary(fn, &f, &p); |
190 | if (r < 0) | |
191 | return r; | |
192 | ||
b1837133 | 193 | r = write_string_stream_ts(f, line, flags, ts); |
9dd1b1e8 LP |
194 | if (r < 0) |
195 | goto fail; | |
196 | ||
95244ceb LP |
197 | r = fchmod_umask(fileno(f), FLAGS_SET(flags, WRITE_STRING_FILE_MODE_0600) ? 0600 : 0644); |
198 | if (r < 0) | |
199 | goto fail; | |
200 | ||
9dd1b1e8 LP |
201 | if (rename(p, fn) < 0) { |
202 | r = -errno; | |
203 | goto fail; | |
a5c32cff HH |
204 | } |
205 | ||
5b3f4a20 LP |
206 | if (FLAGS_SET(flags, WRITE_STRING_FILE_SYNC)) { |
207 | /* Sync the rename, too */ | |
208 | r = fsync_directory_of_file(fileno(f)); | |
209 | if (r < 0) | |
210 | return r; | |
211 | } | |
212 | ||
9dd1b1e8 | 213 | return 0; |
a5c32cff | 214 | |
9dd1b1e8 LP |
215 | fail: |
216 | (void) unlink(p); | |
a5c32cff HH |
217 | return r; |
218 | } | |
219 | ||
b1837133 LP |
220 | int write_string_file_ts( |
221 | const char *fn, | |
222 | const char *line, | |
223 | WriteStringFileFlags flags, | |
224 | struct timespec *ts) { | |
225 | ||
4c1fc3e4 | 226 | _cleanup_fclose_ FILE *f = NULL; |
95244ceb | 227 | int q, r, fd; |
4c1fc3e4 DM |
228 | |
229 | assert(fn); | |
230 | assert(line); | |
231 | ||
265710c2 AJ |
232 | /* We don't know how to verify whether the file contents was already on-disk. */ |
233 | assert(!((flags & WRITE_STRING_FILE_VERIFY_ON_FAILURE) && (flags & WRITE_STRING_FILE_SYNC))); | |
0675e94a | 234 | |
50ccd864 LP |
235 | if (flags & WRITE_STRING_FILE_MKDIR_0755) { |
236 | r = mkdir_parents(fn, 0755); | |
237 | if (r < 0) | |
238 | return r; | |
239 | } | |
240 | ||
4c1fc3e4 DM |
241 | if (flags & WRITE_STRING_FILE_ATOMIC) { |
242 | assert(flags & WRITE_STRING_FILE_CREATE); | |
243 | ||
b1837133 | 244 | r = write_string_file_atomic(fn, line, flags, ts); |
eb3da901 LP |
245 | if (r < 0) |
246 | goto fail; | |
247 | ||
248 | return r; | |
39c38d77 | 249 | } else |
234519ae | 250 | assert(!ts); |
4c1fc3e4 | 251 | |
95244ceb LP |
252 | /* We manually build our own version of fopen(..., "we") that works without O_CREAT and with O_NOFOLLOW if needed. */ |
253 | fd = open(fn, O_WRONLY|O_CLOEXEC|O_NOCTTY | | |
254 | (FLAGS_SET(flags, WRITE_STRING_FILE_NOFOLLOW) ? O_NOFOLLOW : 0) | | |
6797a74f | 255 | (FLAGS_SET(flags, WRITE_STRING_FILE_CREATE) ? O_CREAT : 0) | |
256 | (FLAGS_SET(flags, WRITE_STRING_FILE_TRUNCATE) ? O_TRUNC : 0), | |
95244ceb LP |
257 | (FLAGS_SET(flags, WRITE_STRING_FILE_MODE_0600) ? 0600 : 0666)); |
258 | if (fd < 0) { | |
259 | r = -errno; | |
260 | goto fail; | |
261 | } | |
4c1fc3e4 | 262 | |
95244ceb LP |
263 | r = fdopen_unlocked(fd, "w", &f); |
264 | if (r < 0) { | |
265 | safe_close(fd); | |
266 | goto fail; | |
41f6e627 | 267 | } |
35bbbf85 | 268 | |
12ec9c30 TSH |
269 | if (flags & WRITE_STRING_FILE_DISABLE_BUFFER) |
270 | setvbuf(f, NULL, _IONBF, 0); | |
271 | ||
b1837133 | 272 | r = write_string_stream_ts(f, line, flags, ts); |
eb3da901 LP |
273 | if (r < 0) |
274 | goto fail; | |
275 | ||
276 | return 0; | |
277 | ||
278 | fail: | |
279 | if (!(flags & WRITE_STRING_FILE_VERIFY_ON_FAILURE)) | |
280 | return r; | |
281 | ||
282 | f = safe_fclose(f); | |
283 | ||
284 | /* OK, the operation failed, but let's see if the right | |
285 | * contents in place already. If so, eat up the error. */ | |
286 | ||
287 | q = verify_file(fn, line, !(flags & WRITE_STRING_FILE_AVOID_NEWLINE)); | |
288 | if (q <= 0) | |
289 | return r; | |
290 | ||
291 | return 0; | |
4c1fc3e4 DM |
292 | } |
293 | ||
3130fca5 LP |
294 | int write_string_filef( |
295 | const char *fn, | |
296 | WriteStringFileFlags flags, | |
297 | const char *format, ...) { | |
298 | ||
299 | _cleanup_free_ char *p = NULL; | |
300 | va_list ap; | |
301 | int r; | |
302 | ||
303 | va_start(ap, format); | |
304 | r = vasprintf(&p, format, ap); | |
305 | va_end(ap); | |
306 | ||
307 | if (r < 0) | |
308 | return -ENOMEM; | |
309 | ||
310 | return write_string_file(fn, p, flags); | |
311 | } | |
312 | ||
a5c32cff HH |
313 | int read_one_line_file(const char *fn, char **line) { |
314 | _cleanup_fclose_ FILE *f = NULL; | |
fdeea3f4 | 315 | int r; |
a5c32cff HH |
316 | |
317 | assert(fn); | |
318 | assert(line); | |
319 | ||
fdeea3f4 ZJS |
320 | r = fopen_unlocked(fn, "re", &f); |
321 | if (r < 0) | |
322 | return r; | |
35bbbf85 | 323 | |
d6062e3b | 324 | return read_line(f, LONG_LINE_MAX, line); |
a5c32cff HH |
325 | } |
326 | ||
eb3da901 LP |
327 | int verify_file(const char *fn, const char *blob, bool accept_extra_nl) { |
328 | _cleanup_fclose_ FILE *f = NULL; | |
329 | _cleanup_free_ char *buf = NULL; | |
330 | size_t l, k; | |
fdeea3f4 | 331 | int r; |
15dee3f0 | 332 | |
eb3da901 LP |
333 | assert(fn); |
334 | assert(blob); | |
335 | ||
336 | l = strlen(blob); | |
337 | ||
338 | if (accept_extra_nl && endswith(blob, "\n")) | |
339 | accept_extra_nl = false; | |
340 | ||
341 | buf = malloc(l + accept_extra_nl + 1); | |
342 | if (!buf) | |
343 | return -ENOMEM; | |
344 | ||
fdeea3f4 ZJS |
345 | r = fopen_unlocked(fn, "re", &f); |
346 | if (r < 0) | |
347 | return r; | |
35bbbf85 | 348 | |
eb3da901 LP |
349 | /* We try to read one byte more than we need, so that we know whether we hit eof */ |
350 | errno = 0; | |
351 | k = fread(buf, 1, l + accept_extra_nl + 1, f); | |
352 | if (ferror(f)) | |
66855de7 | 353 | return errno_or_else(EIO); |
eb3da901 LP |
354 | |
355 | if (k != l && k != l + accept_extra_nl) | |
356 | return 0; | |
357 | if (memcmp(buf, blob, l) != 0) | |
358 | return 0; | |
359 | if (k > l && buf[l] != '\n') | |
360 | return 0; | |
15dee3f0 | 361 | |
eb3da901 | 362 | return 1; |
15dee3f0 LP |
363 | } |
364 | ||
21b40f16 FB |
365 | int read_full_virtual_file(const char *filename, char **ret_contents, size_t *ret_size) { |
366 | _cleanup_free_ char *buf = NULL; | |
367 | _cleanup_close_ int fd = -1; | |
368 | struct stat st; | |
369 | size_t n, size; | |
370 | int n_retries; | |
371 | char *p; | |
372 | ||
373 | assert(ret_contents); | |
374 | ||
375 | /* Virtual filesystems such as sysfs or procfs use kernfs, and kernfs can work | |
376 | * with two sorts of virtual files. One sort uses "seq_file", and the results of | |
377 | * the first read are buffered for the second read. The other sort uses "raw" | |
378 | * reads which always go direct to the device. In the latter case, the content of | |
379 | * the virtual file must be retrieved with a single read otherwise a second read | |
380 | * might get the new value instead of finding EOF immediately. That's the reason | |
381 | * why the usage of fread(3) is prohibited in this case as it always performs a | |
382 | * second call to read(2) looking for EOF. See issue 13585. */ | |
383 | ||
384 | fd = open(filename, O_RDONLY|O_CLOEXEC); | |
385 | if (fd < 0) | |
386 | return -errno; | |
387 | ||
388 | /* Start size for files in /proc which usually report a file size of 0. */ | |
389 | size = LINE_MAX / 2; | |
390 | ||
391 | /* Limit the number of attempts to read the number of bytes returned by fstat(). */ | |
392 | n_retries = 3; | |
393 | ||
394 | for (;;) { | |
395 | if (n_retries <= 0) | |
396 | return -EIO; | |
397 | ||
398 | if (fstat(fd, &st) < 0) | |
399 | return -errno; | |
400 | ||
401 | if (!S_ISREG(st.st_mode)) | |
402 | return -EBADF; | |
403 | ||
404 | /* Be prepared for files from /proc which generally report a file size of 0. */ | |
405 | if (st.st_size > 0) { | |
406 | size = st.st_size; | |
407 | n_retries--; | |
408 | } else | |
409 | size = size * 2; | |
410 | ||
411 | if (size > READ_FULL_BYTES_MAX) | |
412 | return -E2BIG; | |
413 | ||
414 | p = realloc(buf, size + 1); | |
415 | if (!p) | |
416 | return -ENOMEM; | |
417 | buf = TAKE_PTR(p); | |
418 | ||
419 | for (;;) { | |
420 | ssize_t k; | |
421 | ||
422 | /* Read one more byte so we can detect whether the content of the | |
423 | * file has already changed or the guessed size for files from /proc | |
424 | * wasn't large enough . */ | |
425 | k = read(fd, buf, size + 1); | |
426 | if (k >= 0) { | |
427 | n = k; | |
428 | break; | |
429 | } | |
430 | ||
6b8664cb | 431 | if (errno != EINTR) |
21b40f16 FB |
432 | return -errno; |
433 | } | |
434 | ||
435 | /* Consider a short read as EOF */ | |
436 | if (n <= size) | |
437 | break; | |
438 | ||
439 | /* Hmm... either we read too few bytes from /proc or less likely the content | |
440 | * of the file might have been changed (and is now bigger) while we were | |
441 | * processing, let's try again either with a bigger guessed size or the new | |
442 | * file size. */ | |
443 | ||
444 | if (lseek(fd, 0, SEEK_SET) < 0) | |
445 | return -errno; | |
446 | } | |
447 | ||
448 | if (n < size) { | |
449 | p = realloc(buf, n + 1); | |
450 | if (!p) | |
451 | return -ENOMEM; | |
452 | buf = TAKE_PTR(p); | |
453 | } | |
454 | ||
455 | if (!ret_size) { | |
456 | /* Safety check: if the caller doesn't want to know the size of what we | |
457 | * just read it will rely on the trailing NUL byte. But if there's an | |
458 | * embedded NUL byte, then we should refuse operation as otherwise | |
459 | * there'd be ambiguity about what we just read. */ | |
460 | ||
461 | if (memchr(buf, 0, n)) | |
462 | return -EBADMSG; | |
463 | } else | |
464 | *ret_size = n; | |
465 | ||
466 | buf[n] = 0; | |
467 | *ret_contents = TAKE_PTR(buf); | |
468 | ||
469 | return 0; | |
470 | } | |
471 | ||
15f8f026 | 472 | int read_full_stream_full( |
2d78717b | 473 | FILE *f, |
50caae7b | 474 | const char *filename, |
15f8f026 | 475 | ReadFullFileFlags flags, |
2d78717b LP |
476 | char **ret_contents, |
477 | size_t *ret_size) { | |
478 | ||
a5c32cff HH |
479 | _cleanup_free_ char *buf = NULL; |
480 | struct stat st; | |
15f8f026 YW |
481 | size_t n, n_next, l; |
482 | int fd, r; | |
a5c32cff | 483 | |
717603e3 | 484 | assert(f); |
2d78717b | 485 | assert(ret_contents); |
89aaf655 | 486 | assert(!FLAGS_SET(flags, READ_FULL_FILE_UNBASE64 | READ_FULL_FILE_UNHEX)); |
a5c32cff | 487 | |
15f8f026 | 488 | n_next = LINE_MAX; /* Start size */ |
a5c32cff | 489 | |
c4054ddf | 490 | fd = fileno(f); |
c668aa8b LP |
491 | if (fd >= 0) { /* If the FILE* object is backed by an fd (as opposed to memory or such, see fmemopen()), let's |
492 | * optimize our buffering */ | |
717603e3 | 493 | |
15f8f026 | 494 | if (fstat(fd, &st) < 0) |
c4054ddf LP |
495 | return -errno; |
496 | ||
497 | if (S_ISREG(st.st_mode)) { | |
717603e3 | 498 | |
c4054ddf LP |
499 | /* Safety check */ |
500 | if (st.st_size > READ_FULL_BYTES_MAX) | |
501 | return -E2BIG; | |
502 | ||
21b40f16 FB |
503 | /* Start with the right file size. Note that we increase the size |
504 | * to read here by one, so that the first read attempt already | |
505 | * makes us notice the EOF. */ | |
c4054ddf | 506 | if (st.st_size > 0) |
15f8f026 | 507 | n_next = st.st_size + 1; |
50caae7b | 508 | |
f2944702 | 509 | if (flags & READ_FULL_FILE_WARN_WORLD_READABLE) |
50caae7b | 510 | (void) warn_file_is_world_accessible(filename, &st, NULL, 0); |
c4054ddf | 511 | } |
717603e3 | 512 | } |
a5c32cff | 513 | |
15f8f026 | 514 | n = l = 0; |
a5c32cff HH |
515 | for (;;) { |
516 | char *t; | |
517 | size_t k; | |
518 | ||
15f8f026 YW |
519 | if (flags & READ_FULL_FILE_SECURE) { |
520 | t = malloc(n_next + 1); | |
521 | if (!t) { | |
522 | r = -ENOMEM; | |
523 | goto finalize; | |
524 | } | |
525 | memcpy_safe(t, buf, n); | |
526 | explicit_bzero_safe(buf, n); | |
c424bed1 | 527 | buf = mfree(buf); |
15f8f026 YW |
528 | } else { |
529 | t = realloc(buf, n_next + 1); | |
530 | if (!t) | |
531 | return -ENOMEM; | |
532 | } | |
a5c32cff HH |
533 | |
534 | buf = t; | |
15f8f026 YW |
535 | n = n_next; |
536 | ||
5a89faf0 | 537 | errno = 0; |
a5c32cff | 538 | k = fread(buf + l, 1, n - l, f); |
b93d3f6b LP |
539 | |
540 | assert(k <= n - l); | |
541 | l += k; | |
a5c32cff | 542 | |
15f8f026 | 543 | if (ferror(f)) { |
66855de7 | 544 | r = errno_or_else(EIO); |
15f8f026 YW |
545 | goto finalize; |
546 | } | |
c2d11a63 | 547 | if (feof(f)) |
a5c32cff | 548 | break; |
a5c32cff | 549 | |
b93d3f6b | 550 | assert(k > 0); /* we can't have read zero bytes because that would have been EOF */ |
a5c32cff HH |
551 | |
552 | /* Safety check */ | |
15f8f026 YW |
553 | if (n >= READ_FULL_BYTES_MAX) { |
554 | r = -E2BIG; | |
555 | goto finalize; | |
556 | } | |
c2d11a63 | 557 | |
15f8f026 | 558 | n_next = MIN(n * 2, READ_FULL_BYTES_MAX); |
a5c32cff HH |
559 | } |
560 | ||
89aaf655 | 561 | if (flags & (READ_FULL_FILE_UNBASE64 | READ_FULL_FILE_UNHEX)) { |
c668aa8b LP |
562 | _cleanup_free_ void *decoded = NULL; |
563 | size_t decoded_size; | |
564 | ||
07d8c0eb | 565 | buf[l++] = 0; |
89aaf655 | 566 | if (flags & READ_FULL_FILE_UNBASE64) |
c668aa8b | 567 | r = unbase64mem_full(buf, l, flags & READ_FULL_FILE_SECURE, &decoded, &decoded_size); |
89aaf655 | 568 | else |
c668aa8b LP |
569 | r = unhexmem_full(buf, l, flags & READ_FULL_FILE_SECURE, &decoded, &decoded_size); |
570 | if (r < 0) | |
571 | goto finalize; | |
572 | ||
573 | if (flags & READ_FULL_FILE_SECURE) | |
574 | explicit_bzero_safe(buf, n); | |
575 | free_and_replace(buf, decoded); | |
576 | n = l = decoded_size; | |
07d8c0eb YW |
577 | } |
578 | ||
2d78717b LP |
579 | if (!ret_size) { |
580 | /* Safety check: if the caller doesn't want to know the size of what we just read it will rely on the | |
581 | * trailing NUL byte. But if there's an embedded NUL byte, then we should refuse operation as otherwise | |
582 | * there'd be ambiguity about what we just read. */ | |
583 | ||
15f8f026 YW |
584 | if (memchr(buf, 0, l)) { |
585 | r = -EBADMSG; | |
586 | goto finalize; | |
587 | } | |
2d78717b LP |
588 | } |
589 | ||
a5c32cff | 590 | buf[l] = 0; |
2d78717b | 591 | *ret_contents = TAKE_PTR(buf); |
a5c32cff | 592 | |
2d78717b LP |
593 | if (ret_size) |
594 | *ret_size = l; | |
a5c32cff HH |
595 | |
596 | return 0; | |
15f8f026 YW |
597 | |
598 | finalize: | |
599 | if (flags & READ_FULL_FILE_SECURE) | |
600 | explicit_bzero_safe(buf, n); | |
601 | ||
602 | return r; | |
a5c32cff HH |
603 | } |
604 | ||
8241f785 | 605 | int read_full_file_full(int dir_fd, const char *filename, ReadFullFileFlags flags, char **contents, size_t *size) { |
717603e3 | 606 | _cleanup_fclose_ FILE *f = NULL; |
fdeea3f4 | 607 | int r; |
717603e3 | 608 | |
15f8f026 | 609 | assert(filename); |
717603e3 LP |
610 | assert(contents); |
611 | ||
8241f785 | 612 | r = xfopenat(dir_fd, filename, "re", 0, &f); |
b93d3f6b LP |
613 | if (r < 0) { |
614 | _cleanup_close_ int dfd = -1, sk = -1; | |
615 | union sockaddr_union sa; | |
616 | ||
617 | /* ENXIO is what Linux returns if we open a node that is an AF_UNIX socket */ | |
618 | if (r != -ENXIO) | |
619 | return r; | |
620 | ||
621 | /* If this is enabled, let's try to connect to it */ | |
622 | if (!FLAGS_SET(flags, READ_FULL_FILE_CONNECT_SOCKET)) | |
623 | return -ENXIO; | |
624 | ||
625 | if (dir_fd == AT_FDCWD) | |
626 | r = sockaddr_un_set_path(&sa.un, filename); | |
627 | else { | |
628 | char procfs_path[STRLEN("/proc/self/fd/") + DECIMAL_STR_MAX(int)]; | |
629 | ||
630 | /* If we shall operate relative to some directory, then let's use O_PATH first to | |
631 | * open the socket inode, and then connect to it via /proc/self/fd/. We have to do | |
632 | * this since there's not connectat() that takes a directory fd as first arg. */ | |
633 | ||
634 | dfd = openat(dir_fd, filename, O_PATH|O_CLOEXEC); | |
635 | if (dfd < 0) | |
636 | return -errno; | |
637 | ||
638 | xsprintf(procfs_path, "/proc/self/fd/%i", dfd); | |
639 | r = sockaddr_un_set_path(&sa.un, procfs_path); | |
640 | } | |
641 | if (r < 0) | |
642 | return r; | |
643 | ||
644 | sk = socket(AF_UNIX, SOCK_STREAM|SOCK_CLOEXEC, 0); | |
645 | if (sk < 0) | |
646 | return -errno; | |
647 | ||
648 | if (connect(sk, &sa.sa, SOCKADDR_UN_LEN(sa.un)) < 0) | |
649 | return errno == ENOTSOCK ? -ENXIO : -errno; /* propagate original error if this is | |
650 | * not a socket after all */ | |
651 | ||
652 | if (shutdown(sk, SHUT_WR) < 0) | |
653 | return -errno; | |
654 | ||
655 | f = fdopen(sk, "r"); | |
656 | if (!f) | |
657 | return -errno; | |
658 | ||
659 | TAKE_FD(sk); | |
660 | } | |
35bbbf85 | 661 | |
8241f785 LP |
662 | (void) __fsetlocking(f, FSETLOCKING_BYCALLER); |
663 | ||
50caae7b | 664 | return read_full_stream_full(f, filename, flags, contents, size); |
717603e3 LP |
665 | } |
666 | ||
68fee104 | 667 | int executable_is_script(const char *path, char **interpreter) { |
c8b32e11 | 668 | _cleanup_free_ char *line = NULL; |
99c61f6b | 669 | size_t len; |
68fee104 | 670 | char *ans; |
99c61f6b | 671 | int r; |
68fee104 ZJS |
672 | |
673 | assert(path); | |
674 | ||
675 | r = read_one_line_file(path, &line); | |
99c61f6b LP |
676 | if (r == -ENOBUFS) /* First line overly long? if so, then it's not a script */ |
677 | return 0; | |
68fee104 ZJS |
678 | if (r < 0) |
679 | return r; | |
680 | ||
681 | if (!startswith(line, "#!")) | |
682 | return 0; | |
683 | ||
684 | ans = strstrip(line + 2); | |
685 | len = strcspn(ans, " \t"); | |
686 | ||
687 | if (len == 0) | |
688 | return 0; | |
689 | ||
690 | ans = strndup(ans, len); | |
691 | if (!ans) | |
692 | return -ENOMEM; | |
693 | ||
694 | *interpreter = ans; | |
695 | return 1; | |
696 | } | |
69ab8088 ZJS |
697 | |
698 | /** | |
0a7b53bd | 699 | * Retrieve one field from a file like /proc/self/status. pattern |
c4cd1d4d AK |
700 | * should not include whitespace or the delimiter (':'). pattern matches only |
701 | * the beginning of a line. Whitespace before ':' is skipped. Whitespace and | |
702 | * zeros after the ':' will be skipped. field must be freed afterwards. | |
703 | * terminator specifies the terminating characters of the field value (not | |
704 | * included in the value). | |
69ab8088 | 705 | */ |
c4cd1d4d | 706 | int get_proc_field(const char *filename, const char *pattern, const char *terminator, char **field) { |
69ab8088 | 707 | _cleanup_free_ char *status = NULL; |
90110825 | 708 | char *t, *f; |
69ab8088 ZJS |
709 | size_t len; |
710 | int r; | |
711 | ||
c4cd1d4d | 712 | assert(terminator); |
69ab8088 | 713 | assert(filename); |
7ff7394d | 714 | assert(pattern); |
69ab8088 ZJS |
715 | assert(field); |
716 | ||
21b40f16 | 717 | r = read_full_virtual_file(filename, &status, NULL); |
69ab8088 ZJS |
718 | if (r < 0) |
719 | return r; | |
720 | ||
c4cd1d4d AK |
721 | t = status; |
722 | ||
723 | do { | |
724 | bool pattern_ok; | |
725 | ||
726 | do { | |
727 | t = strstr(t, pattern); | |
728 | if (!t) | |
729 | return -ENOENT; | |
730 | ||
731 | /* Check that pattern occurs in beginning of line. */ | |
732 | pattern_ok = (t == status || t[-1] == '\n'); | |
733 | ||
734 | t += strlen(pattern); | |
735 | ||
736 | } while (!pattern_ok); | |
737 | ||
738 | t += strspn(t, " \t"); | |
739 | if (!*t) | |
740 | return -ENOENT; | |
741 | ||
742 | } while (*t != ':'); | |
743 | ||
744 | t++; | |
69ab8088 | 745 | |
4ec29144 | 746 | if (*t) { |
1e5413f7 ZJS |
747 | t += strspn(t, " \t"); |
748 | ||
749 | /* Also skip zeros, because when this is used for | |
750 | * capabilities, we don't want the zeros. This way the | |
751 | * same capability set always maps to the same string, | |
752 | * irrespective of the total capability set size. For | |
753 | * other numbers it shouldn't matter. */ | |
754 | t += strspn(t, "0"); | |
4ec29144 ZJS |
755 | /* Back off one char if there's nothing but whitespace |
756 | and zeros */ | |
1e5413f7 | 757 | if (!*t || isspace(*t)) |
313cefa1 | 758 | t--; |
4ec29144 | 759 | } |
69ab8088 | 760 | |
c4cd1d4d | 761 | len = strcspn(t, terminator); |
69ab8088 | 762 | |
90110825 LP |
763 | f = strndup(t, len); |
764 | if (!f) | |
69ab8088 ZJS |
765 | return -ENOMEM; |
766 | ||
90110825 | 767 | *field = f; |
69ab8088 ZJS |
768 | return 0; |
769 | } | |
0d39fa9c LP |
770 | |
771 | DIR *xopendirat(int fd, const char *name, int flags) { | |
772 | int nfd; | |
773 | DIR *d; | |
774 | ||
775 | assert(!(flags & O_CREAT)); | |
776 | ||
777 | nfd = openat(fd, name, O_RDONLY|O_NONBLOCK|O_DIRECTORY|O_CLOEXEC|flags, 0); | |
778 | if (nfd < 0) | |
779 | return NULL; | |
780 | ||
781 | d = fdopendir(nfd); | |
782 | if (!d) { | |
783 | safe_close(nfd); | |
784 | return NULL; | |
785 | } | |
786 | ||
787 | return d; | |
788 | } | |
789 | ||
0a38e6b9 LP |
790 | static int mode_to_flags(const char *mode) { |
791 | const char *p; | |
792 | int flags; | |
793 | ||
794 | if ((p = startswith(mode, "r+"))) | |
795 | flags = O_RDWR; | |
796 | else if ((p = startswith(mode, "r"))) | |
797 | flags = O_RDONLY; | |
798 | else if ((p = startswith(mode, "w+"))) | |
799 | flags = O_RDWR|O_CREAT|O_TRUNC; | |
800 | else if ((p = startswith(mode, "w"))) | |
801 | flags = O_WRONLY|O_CREAT|O_TRUNC; | |
802 | else if ((p = startswith(mode, "a+"))) | |
803 | flags = O_RDWR|O_CREAT|O_APPEND; | |
804 | else if ((p = startswith(mode, "a"))) | |
805 | flags = O_WRONLY|O_CREAT|O_APPEND; | |
806 | else | |
807 | return -EINVAL; | |
808 | ||
809 | for (; *p != 0; p++) { | |
810 | ||
811 | switch (*p) { | |
812 | ||
813 | case 'e': | |
814 | flags |= O_CLOEXEC; | |
815 | break; | |
816 | ||
817 | case 'x': | |
818 | flags |= O_EXCL; | |
819 | break; | |
820 | ||
821 | case 'm': | |
822 | /* ignore this here, fdopen() might care later though */ | |
823 | break; | |
824 | ||
825 | case 'c': /* not sure what to do about this one */ | |
826 | default: | |
827 | return -EINVAL; | |
828 | } | |
829 | } | |
830 | ||
831 | return flags; | |
832 | } | |
833 | ||
834 | int xfopenat(int dir_fd, const char *path, const char *mode, int flags, FILE **ret) { | |
835 | FILE *f; | |
836 | ||
837 | /* A combination of fopen() with openat() */ | |
838 | ||
839 | if (dir_fd == AT_FDCWD && flags == 0) { | |
840 | f = fopen(path, mode); | |
841 | if (!f) | |
842 | return -errno; | |
843 | } else { | |
844 | int fd, mode_flags; | |
845 | ||
846 | mode_flags = mode_to_flags(mode); | |
847 | if (mode_flags < 0) | |
848 | return mode_flags; | |
849 | ||
850 | fd = openat(dir_fd, path, mode_flags | flags); | |
851 | if (fd < 0) | |
852 | return -errno; | |
853 | ||
854 | f = fdopen(fd, mode); | |
855 | if (!f) { | |
856 | safe_close(fd); | |
857 | return -errno; | |
858 | } | |
859 | } | |
860 | ||
861 | *ret = f; | |
862 | return 0; | |
863 | } | |
864 | ||
0d39fa9c LP |
865 | static int search_and_fopen_internal(const char *path, const char *mode, const char *root, char **search, FILE **_f) { |
866 | char **i; | |
867 | ||
868 | assert(path); | |
869 | assert(mode); | |
870 | assert(_f); | |
871 | ||
872 | if (!path_strv_resolve_uniq(search, root)) | |
873 | return -ENOMEM; | |
874 | ||
875 | STRV_FOREACH(i, search) { | |
876 | _cleanup_free_ char *p = NULL; | |
877 | FILE *f; | |
878 | ||
657ee2d8 | 879 | p = path_join(root, *i, path); |
0d39fa9c LP |
880 | if (!p) |
881 | return -ENOMEM; | |
882 | ||
883 | f = fopen(p, mode); | |
884 | if (f) { | |
885 | *_f = f; | |
886 | return 0; | |
887 | } | |
888 | ||
889 | if (errno != ENOENT) | |
890 | return -errno; | |
891 | } | |
892 | ||
893 | return -ENOENT; | |
894 | } | |
895 | ||
896 | int search_and_fopen(const char *path, const char *mode, const char *root, const char **search, FILE **_f) { | |
897 | _cleanup_strv_free_ char **copy = NULL; | |
898 | ||
899 | assert(path); | |
900 | assert(mode); | |
901 | assert(_f); | |
902 | ||
903 | if (path_is_absolute(path)) { | |
904 | FILE *f; | |
905 | ||
906 | f = fopen(path, mode); | |
907 | if (f) { | |
908 | *_f = f; | |
909 | return 0; | |
910 | } | |
911 | ||
912 | return -errno; | |
913 | } | |
914 | ||
915 | copy = strv_copy((char**) search); | |
916 | if (!copy) | |
917 | return -ENOMEM; | |
918 | ||
919 | return search_and_fopen_internal(path, mode, root, copy, _f); | |
920 | } | |
921 | ||
922 | int search_and_fopen_nulstr(const char *path, const char *mode, const char *root, const char *search, FILE **_f) { | |
923 | _cleanup_strv_free_ char **s = NULL; | |
924 | ||
925 | if (path_is_absolute(path)) { | |
926 | FILE *f; | |
927 | ||
928 | f = fopen(path, mode); | |
929 | if (f) { | |
930 | *_f = f; | |
931 | return 0; | |
932 | } | |
933 | ||
934 | return -errno; | |
935 | } | |
936 | ||
937 | s = strv_split_nulstr(search); | |
938 | if (!s) | |
939 | return -ENOMEM; | |
940 | ||
941 | return search_and_fopen_internal(path, mode, root, s, _f); | |
942 | } | |
943 | ||
d338bfff ZJS |
944 | int chase_symlinks_and_fopen_unlocked( |
945 | const char *path, | |
946 | const char *root, | |
947 | unsigned chase_flags, | |
948 | const char *open_flags, | |
949 | FILE **ret_file, | |
950 | char **ret_path) { | |
951 | ||
952 | _cleanup_close_ int fd = -1; | |
953 | _cleanup_free_ char *final_path = NULL; | |
954 | int mode_flags, r; | |
955 | FILE *f; | |
956 | ||
957 | assert(path); | |
958 | assert(open_flags); | |
959 | assert(ret_file); | |
960 | ||
961 | mode_flags = mode_to_flags(open_flags); | |
962 | if (mode_flags < 0) | |
963 | return mode_flags; | |
964 | ||
965 | fd = chase_symlinks_and_open(path, root, chase_flags, mode_flags, ret_path ? &final_path : NULL); | |
966 | if (fd < 0) | |
967 | return fd; | |
968 | ||
969 | r = fdopen_unlocked(fd, open_flags, &f); | |
970 | if (r < 0) | |
971 | return r; | |
972 | TAKE_FD(fd); | |
973 | ||
974 | *ret_file = f; | |
975 | if (ret_path) | |
976 | *ret_path = TAKE_PTR(final_path); | |
977 | return 0; | |
978 | } | |
979 | ||
0d39fa9c LP |
980 | int fflush_and_check(FILE *f) { |
981 | assert(f); | |
982 | ||
983 | errno = 0; | |
984 | fflush(f); | |
985 | ||
986 | if (ferror(f)) | |
66855de7 | 987 | return errno_or_else(EIO); |
0d39fa9c LP |
988 | |
989 | return 0; | |
990 | } | |
991 | ||
0675e94a | 992 | int fflush_sync_and_check(FILE *f) { |
14f594b9 | 993 | int r, fd; |
0675e94a AJ |
994 | |
995 | assert(f); | |
996 | ||
997 | r = fflush_and_check(f); | |
998 | if (r < 0) | |
999 | return r; | |
1000 | ||
14f594b9 LP |
1001 | /* Not all file streams have an fd associated (think: fmemopen()), let's handle this gracefully and |
1002 | * assume that in that case we need no explicit syncing */ | |
1003 | fd = fileno(f); | |
1004 | if (fd < 0) | |
1005 | return 0; | |
1006 | ||
1007 | if (fsync(fd) < 0) | |
0675e94a AJ |
1008 | return -errno; |
1009 | ||
14f594b9 | 1010 | r = fsync_directory_of_file(fd); |
8ac2f74f LP |
1011 | if (r < 0) |
1012 | return r; | |
1013 | ||
0675e94a AJ |
1014 | return 0; |
1015 | } | |
1016 | ||
33d52ab9 LP |
1017 | int write_timestamp_file_atomic(const char *fn, usec_t n) { |
1018 | char ln[DECIMAL_STR_MAX(n)+2]; | |
1019 | ||
1020 | /* Creates a "timestamp" file, that contains nothing but a | |
1021 | * usec_t timestamp, formatted in ASCII. */ | |
1022 | ||
1023 | if (n <= 0 || n >= USEC_INFINITY) | |
1024 | return -ERANGE; | |
1025 | ||
1026 | xsprintf(ln, USEC_FMT "\n", n); | |
1027 | ||
1028 | return write_string_file(fn, ln, WRITE_STRING_FILE_CREATE|WRITE_STRING_FILE_ATOMIC); | |
1029 | } | |
1030 | ||
1031 | int read_timestamp_file(const char *fn, usec_t *ret) { | |
1032 | _cleanup_free_ char *ln = NULL; | |
1033 | uint64_t t; | |
1034 | int r; | |
1035 | ||
1036 | r = read_one_line_file(fn, &ln); | |
1037 | if (r < 0) | |
1038 | return r; | |
1039 | ||
1040 | r = safe_atou64(ln, &t); | |
1041 | if (r < 0) | |
1042 | return r; | |
1043 | ||
1044 | if (t <= 0 || t >= (uint64_t) USEC_INFINITY) | |
1045 | return -ERANGE; | |
1046 | ||
1047 | *ret = (usec_t) t; | |
1048 | return 0; | |
1049 | } | |
d390f8ef LP |
1050 | |
1051 | int fputs_with_space(FILE *f, const char *s, const char *separator, bool *space) { | |
1052 | int r; | |
1053 | ||
1054 | assert(s); | |
1055 | ||
1056 | /* Outputs the specified string with fputs(), but optionally prefixes it with a separator. The *space parameter | |
1057 | * when specified shall initially point to a boolean variable initialized to false. It is set to true after the | |
1058 | * first invocation. This call is supposed to be use in loops, where a separator shall be inserted between each | |
1059 | * element, but not before the first one. */ | |
1060 | ||
1061 | if (!f) | |
1062 | f = stdout; | |
1063 | ||
1064 | if (space) { | |
1065 | if (!separator) | |
1066 | separator = " "; | |
1067 | ||
1068 | if (*space) { | |
1069 | r = fputs(separator, f); | |
1070 | if (r < 0) | |
1071 | return r; | |
1072 | } | |
1073 | ||
1074 | *space = true; | |
1075 | } | |
1076 | ||
1077 | return fputs(s, f); | |
1078 | } | |
03532f0a | 1079 | |
838894b0 LP |
1080 | /* A bitmask of the EOL markers we know */ |
1081 | typedef enum EndOfLineMarker { | |
1082 | EOL_NONE = 0, | |
1083 | EOL_ZERO = 1 << 0, /* \0 (aka NUL) */ | |
1084 | EOL_TEN = 1 << 1, /* \n (aka NL, aka LF) */ | |
1085 | EOL_THIRTEEN = 1 << 2, /* \r (aka CR) */ | |
1086 | } EndOfLineMarker; | |
1087 | ||
41f11239 LP |
1088 | static EndOfLineMarker categorize_eol(char c, ReadLineFlags flags) { |
1089 | ||
1090 | if (!IN_SET(flags, READ_LINE_ONLY_NUL)) { | |
1091 | if (c == '\n') | |
1092 | return EOL_TEN; | |
1093 | if (c == '\r') | |
1094 | return EOL_THIRTEEN; | |
1095 | } | |
1096 | ||
838894b0 LP |
1097 | if (c == '\0') |
1098 | return EOL_ZERO; | |
1099 | ||
1100 | return EOL_NONE; | |
1101 | } | |
1102 | ||
57d6f700 | 1103 | DEFINE_TRIVIAL_CLEANUP_FUNC(FILE*, funlockfile); |
f858e514 | 1104 | |
41f11239 | 1105 | int read_line_full(FILE *f, size_t limit, ReadLineFlags flags, char **ret) { |
4f9a66a3 | 1106 | size_t n = 0, allocated = 0, count = 0; |
838894b0 | 1107 | _cleanup_free_ char *buffer = NULL; |
609ae0f5 | 1108 | int r; |
4f9a66a3 LP |
1109 | |
1110 | assert(f); | |
1111 | ||
1112 | /* Something like a bounded version of getline(). | |
1113 | * | |
838894b0 LP |
1114 | * Considers EOF, \n, \r and \0 end of line delimiters (or combinations of these), and does not include these |
1115 | * delimiters in the string returned. Specifically, recognizes the following combinations of markers as line | |
1116 | * endings: | |
1117 | * | |
1118 | * • \n (UNIX) | |
1119 | * • \r (old MacOS) | |
1120 | * • \0 (C strings) | |
1121 | * • \n\0 | |
1122 | * • \r\0 | |
1123 | * • \r\n (Windows) | |
1124 | * • \n\r | |
1125 | * • \r\n\0 | |
1126 | * • \n\r\0 | |
4f9a66a3 LP |
1127 | * |
1128 | * Returns the number of bytes read from the files (i.e. including delimiters — this hence usually differs from | |
1129 | * the number of characters in the returned string). When EOF is hit, 0 is returned. | |
1130 | * | |
1131 | * The input parameter limit is the maximum numbers of characters in the returned string, i.e. excluding | |
1132 | * delimiters. If the limit is hit we fail and return -ENOBUFS. | |
1133 | * | |
1134 | * If a line shall be skipped ret may be initialized as NULL. */ | |
1135 | ||
1136 | if (ret) { | |
1137 | if (!GREEDY_REALLOC(buffer, allocated, 1)) | |
1138 | return -ENOMEM; | |
1139 | } | |
1140 | ||
f858e514 | 1141 | { |
3f691417 | 1142 | _unused_ _cleanup_(funlockfilep) FILE *flocked = f; |
838894b0 | 1143 | EndOfLineMarker previous_eol = EOL_NONE; |
f858e514 | 1144 | flockfile(f); |
4f9a66a3 | 1145 | |
f858e514 | 1146 | for (;;) { |
838894b0 | 1147 | EndOfLineMarker eol; |
03a7dbea | 1148 | char c; |
4f9a66a3 | 1149 | |
f858e514 ZJS |
1150 | if (n >= limit) |
1151 | return -ENOBUFS; | |
4f9a66a3 | 1152 | |
31fd02f0 LP |
1153 | if (count >= INT_MAX) /* We couldn't return the counter anymore as "int", hence refuse this */ |
1154 | return -ENOBUFS; | |
1155 | ||
03a7dbea LP |
1156 | r = safe_fgetc(f, &c); |
1157 | if (r < 0) | |
1158 | return r; | |
91a306b8 | 1159 | if (r == 0) /* EOF is definitely EOL */ |
f858e514 | 1160 | break; |
4f9a66a3 | 1161 | |
41f11239 | 1162 | eol = categorize_eol(c, flags); |
838894b0 LP |
1163 | |
1164 | if (FLAGS_SET(previous_eol, EOL_ZERO) || | |
1165 | (eol == EOL_NONE && previous_eol != EOL_NONE) || | |
1166 | (eol != EOL_NONE && (previous_eol & eol) != 0)) { | |
1167 | /* Previous char was a NUL? This is not an EOL, but the previous char was? This type of | |
517b7760 LP |
1168 | * EOL marker has been seen right before? In either of these three cases we are |
1169 | * done. But first, let's put this character back in the queue. (Note that we have to | |
1170 | * cast this to (unsigned char) here as ungetc() expects a positive 'int', and if we | |
1171 | * are on an architecture where 'char' equals 'signed char' we need to ensure we don't | |
1172 | * pass a negative value here. That said, to complicate things further ungetc() is | |
1173 | * actually happy with most negative characters and implicitly casts them back to | |
1174 | * positive ones as needed, except for \xff (aka -1, aka EOF), which it refuses. What a | |
1175 | * godawful API!) */ | |
1176 | assert_se(ungetc((unsigned char) c, f) != EOF); | |
f858e514 | 1177 | break; |
838894b0 LP |
1178 | } |
1179 | ||
91a306b8 LP |
1180 | count++; |
1181 | ||
838894b0 | 1182 | if (eol != EOL_NONE) { |
451fcbfc LP |
1183 | /* If we are on a tty, we can't shouldn't wait for more input, because that |
1184 | * generally means waiting for the user, interactively. In the case of a TTY | |
1185 | * we expect only \n as the single EOL marker, so we are in the lucky | |
1186 | * position that there is no need to wait. We check this condition last, to | |
1187 | * avoid isatty() check if not necessary. */ | |
ee41670f | 1188 | |
609ae0f5 | 1189 | if ((flags & (READ_LINE_IS_A_TTY|READ_LINE_NOT_A_TTY)) == 0) { |
14f594b9 LP |
1190 | int fd; |
1191 | ||
1192 | fd = fileno(f); | |
1193 | if (fd < 0) /* Maybe an fmemopen() stream? Handle this gracefully, | |
1194 | * and don't call isatty() on an invalid fd */ | |
609ae0f5 | 1195 | flags |= READ_LINE_NOT_A_TTY; |
14f594b9 | 1196 | else |
609ae0f5 | 1197 | flags |= isatty(fd) ? READ_LINE_IS_A_TTY : READ_LINE_NOT_A_TTY; |
14f594b9 | 1198 | } |
609ae0f5 | 1199 | if (FLAGS_SET(flags, READ_LINE_IS_A_TTY)) |
ee41670f ZJS |
1200 | break; |
1201 | } | |
1202 | ||
1203 | if (eol != EOL_NONE) { | |
838894b0 LP |
1204 | previous_eol |= eol; |
1205 | continue; | |
1206 | } | |
4f9a66a3 | 1207 | |
f858e514 ZJS |
1208 | if (ret) { |
1209 | if (!GREEDY_REALLOC(buffer, allocated, n + 2)) | |
1210 | return -ENOMEM; | |
4f9a66a3 | 1211 | |
03a7dbea | 1212 | buffer[n] = c; |
4f9a66a3 LP |
1213 | } |
1214 | ||
f858e514 | 1215 | n++; |
4f9a66a3 | 1216 | } |
4f9a66a3 LP |
1217 | } |
1218 | ||
4f9a66a3 LP |
1219 | if (ret) { |
1220 | buffer[n] = 0; | |
1221 | ||
1cc6c93a | 1222 | *ret = TAKE_PTR(buffer); |
4f9a66a3 LP |
1223 | } |
1224 | ||
1225 | return (int) count; | |
1226 | } | |
285a9b27 LP |
1227 | |
1228 | int safe_fgetc(FILE *f, char *ret) { | |
1229 | int k; | |
1230 | ||
1231 | assert(f); | |
1232 | ||
1233 | /* A safer version of plain fgetc(): let's propagate the error that happened while reading as such, and | |
1234 | * separate the EOF condition from the byte read, to avoid those confusion signed/unsigned issues fgetc() | |
1235 | * has. */ | |
1236 | ||
1237 | errno = 0; | |
1238 | k = fgetc(f); | |
1239 | if (k == EOF) { | |
1240 | if (ferror(f)) | |
66855de7 | 1241 | return errno_or_else(EIO); |
285a9b27 LP |
1242 | |
1243 | if (ret) | |
1244 | *ret = 0; | |
1245 | ||
1246 | return 0; | |
1247 | } | |
1248 | ||
1249 | if (ret) | |
1250 | *ret = k; | |
1251 | ||
1252 | return 1; | |
1253 | } | |
7a309a8c YW |
1254 | |
1255 | int warn_file_is_world_accessible(const char *filename, struct stat *st, const char *unit, unsigned line) { | |
1256 | struct stat _st; | |
1257 | ||
1258 | if (!filename) | |
1259 | return 0; | |
1260 | ||
1261 | if (!st) { | |
1262 | if (stat(filename, &_st) < 0) | |
1263 | return -errno; | |
1264 | st = &_st; | |
1265 | } | |
1266 | ||
1267 | if ((st->st_mode & S_IRWXO) == 0) | |
1268 | return 0; | |
1269 | ||
1270 | if (unit) | |
1271 | log_syntax(unit, LOG_WARNING, filename, line, 0, | |
0f935776 | 1272 | "%s has %04o mode that is too permissive, please adjust the ownership and access mode.", |
7a309a8c YW |
1273 | filename, st->st_mode & 07777); |
1274 | else | |
0f935776 | 1275 | log_warning("%s has %04o mode that is too permissive, please adjust the ownership and access mode.", |
7a309a8c YW |
1276 | filename, st->st_mode & 07777); |
1277 | return 0; | |
1278 | } | |
494735f3 | 1279 | |
90c81688 | 1280 | int sync_rights(int from, int to) { |
494735f3 DDM |
1281 | struct stat st; |
1282 | ||
90c81688 | 1283 | if (fstat(from, &st) < 0) |
494735f3 DDM |
1284 | return -errno; |
1285 | ||
90c81688 | 1286 | return fchmod_and_chown(to, st.st_mode & 07777, st.st_uid, st.st_gid); |
494735f3 DDM |
1287 | } |
1288 | ||
2da3dc69 | 1289 | int rename_and_apply_smack_floor_label(const char *from, const char *to) { |
494735f3 DDM |
1290 | int r = 0; |
1291 | if (rename(from, to) < 0) | |
1292 | return -errno; | |
1293 | ||
1294 | #ifdef SMACK_RUN_LABEL | |
1295 | r = mac_smack_apply(to, SMACK_ATTR_ACCESS, SMACK_FLOOR_LABEL); | |
1296 | if (r < 0) | |
1297 | return r; | |
1298 | #endif | |
1299 | return r; | |
1300 | } |