]>
Commit | Line | Data |
---|---|---|
db9ecf05 | 1 | /* SPDX-License-Identifier: LGPL-2.1-or-later */ |
a5c32cff | 2 | |
8bdc9a90 | 3 | #include <ctype.h> |
11c3a366 TA |
4 | #include <errno.h> |
5 | #include <fcntl.h> | |
6 | #include <limits.h> | |
7 | #include <stdarg.h> | |
8 | #include <stdint.h> | |
35bbbf85 | 9 | #include <stdio_ext.h> |
11c3a366 | 10 | #include <stdlib.h> |
11c3a366 TA |
11 | #include <sys/stat.h> |
12 | #include <sys/types.h> | |
a5c32cff | 13 | #include <unistd.h> |
cda134ab | 14 | |
b5efdb8a | 15 | #include "alloc-util.h" |
3ffd4af2 LP |
16 | #include "fd-util.h" |
17 | #include "fileio.h" | |
f4f15635 | 18 | #include "fs-util.h" |
07d8c0eb | 19 | #include "hexdecoct.h" |
93cc7779 TA |
20 | #include "log.h" |
21 | #include "macro.h" | |
50ccd864 | 22 | #include "mkdir.h" |
33d52ab9 | 23 | #include "parse-util.h" |
0d39fa9c | 24 | #include "path-util.h" |
b93d3f6b | 25 | #include "socket-util.h" |
33d52ab9 | 26 | #include "stdio-util.h" |
07630cea | 27 | #include "string-util.h" |
e4de7287 | 28 | #include "tmpfile-util.h" |
a5c32cff | 29 | |
c2d11a63 VC |
30 | #define READ_FULL_BYTES_MAX (4U*1024U*1024U) |
31 | ||
fdeea3f4 ZJS |
32 | int fopen_unlocked(const char *path, const char *options, FILE **ret) { |
33 | assert(ret); | |
34 | ||
35 | FILE *f = fopen(path, options); | |
36 | if (!f) | |
37 | return -errno; | |
38 | ||
39 | (void) __fsetlocking(f, FSETLOCKING_BYCALLER); | |
40 | ||
41 | *ret = f; | |
42 | return 0; | |
43 | } | |
44 | ||
02e23d1a ZJS |
45 | int fdopen_unlocked(int fd, const char *options, FILE **ret) { |
46 | assert(ret); | |
47 | ||
48 | FILE *f = fdopen(fd, options); | |
49 | if (!f) | |
50 | return -errno; | |
51 | ||
52 | (void) __fsetlocking(f, FSETLOCKING_BYCALLER); | |
53 | ||
54 | *ret = f; | |
55 | return 0; | |
56 | } | |
57 | ||
3ebbb6cb VC |
58 | int take_fdopen_unlocked(int *fd, const char *options, FILE **ret) { |
59 | int r; | |
60 | ||
61 | assert(fd); | |
62 | ||
63 | r = fdopen_unlocked(*fd, options, ret); | |
64 | if (r < 0) | |
65 | return r; | |
66 | ||
67 | *fd = -1; | |
68 | ||
69 | return 0; | |
70 | } | |
71 | ||
72 | FILE* take_fdopen(int *fd, const char *options) { | |
73 | assert(fd); | |
74 | ||
75 | FILE *f = fdopen(*fd, options); | |
76 | if (!f) | |
77 | return NULL; | |
78 | ||
79 | *fd = -1; | |
80 | ||
81 | return f; | |
82 | } | |
83 | ||
f61457b0 VC |
84 | DIR* take_fdopendir(int *dfd) { |
85 | assert(dfd); | |
86 | ||
87 | DIR *d = fdopendir(*dfd); | |
88 | if (!d) | |
89 | return NULL; | |
90 | ||
91 | *dfd = -1; | |
92 | ||
93 | return d; | |
94 | } | |
95 | ||
2fe21124 ZJS |
96 | FILE* open_memstream_unlocked(char **ptr, size_t *sizeloc) { |
97 | FILE *f = open_memstream(ptr, sizeloc); | |
98 | if (!f) | |
99 | return NULL; | |
100 | ||
101 | (void) __fsetlocking(f, FSETLOCKING_BYCALLER); | |
102 | ||
103 | return f; | |
104 | } | |
105 | ||
673a1e6f ZJS |
106 | FILE* fmemopen_unlocked(void *buf, size_t size, const char *mode) { |
107 | FILE *f = fmemopen(buf, size, mode); | |
108 | if (!f) | |
109 | return NULL; | |
110 | ||
111 | (void) __fsetlocking(f, FSETLOCKING_BYCALLER); | |
112 | ||
113 | return f; | |
114 | } | |
115 | ||
b1837133 LP |
116 | int write_string_stream_ts( |
117 | FILE *f, | |
118 | const char *line, | |
119 | WriteStringFileFlags flags, | |
4d5f52e7 | 120 | const struct timespec *ts) { |
dacd6cee | 121 | |
91dc2bf7 | 122 | bool needs_nl; |
14f594b9 | 123 | int r, fd; |
91dc2bf7 | 124 | |
717603e3 LP |
125 | assert(f); |
126 | assert(line); | |
127 | ||
ba8b8c9e MG |
128 | if (ferror(f)) |
129 | return -EIO; | |
130 | ||
14f594b9 LP |
131 | if (ts) { |
132 | /* If we shall set the timestamp we need the fd. But fmemopen() streams generally don't have | |
133 | * an fd. Let's fail early in that case. */ | |
134 | fd = fileno(f); | |
135 | if (fd < 0) | |
136 | return -EBADF; | |
137 | } | |
138 | ||
91dc2bf7 LP |
139 | needs_nl = !(flags & WRITE_STRING_FILE_AVOID_NEWLINE) && !endswith(line, "\n"); |
140 | ||
141 | if (needs_nl && (flags & WRITE_STRING_FILE_DISABLE_BUFFER)) { | |
142 | /* If STDIO buffering was disabled, then let's append the newline character to the string itself, so | |
143 | * that the write goes out in one go, instead of two */ | |
144 | ||
145 | line = strjoina(line, "\n"); | |
146 | needs_nl = false; | |
147 | } | |
148 | ||
94d3b60f MG |
149 | if (fputs(line, f) == EOF) |
150 | return -errno; | |
151 | ||
91dc2bf7 | 152 | if (needs_nl) |
94d3b60f MG |
153 | if (fputc('\n', f) == EOF) |
154 | return -errno; | |
a5c32cff | 155 | |
be83711c CL |
156 | if (flags & WRITE_STRING_FILE_SYNC) |
157 | r = fflush_sync_and_check(f); | |
158 | else | |
159 | r = fflush_and_check(f); | |
160 | if (r < 0) | |
161 | return r; | |
162 | ||
39c38d77 | 163 | if (ts) { |
4d5f52e7 | 164 | const struct timespec twice[2] = {*ts, *ts}; |
39c38d77 | 165 | |
14f594b9 | 166 | if (futimens(fd, twice) < 0) |
39c38d77 ZJS |
167 | return -errno; |
168 | } | |
169 | ||
be83711c | 170 | return 0; |
a5c32cff HH |
171 | } |
172 | ||
2eabcc77 LP |
173 | static int write_string_file_atomic( |
174 | const char *fn, | |
175 | const char *line, | |
b1837133 | 176 | WriteStringFileFlags flags, |
4d5f52e7 | 177 | const struct timespec *ts) { |
2eabcc77 | 178 | |
a5c32cff HH |
179 | _cleanup_fclose_ FILE *f = NULL; |
180 | _cleanup_free_ char *p = NULL; | |
181 | int r; | |
182 | ||
183 | assert(fn); | |
184 | assert(line); | |
185 | ||
95244ceb LP |
186 | /* Note that we'd really like to use O_TMPFILE here, but can't really, since we want replacement |
187 | * semantics here, and O_TMPFILE can't offer that. i.e. rename() replaces but linkat() doesn't. */ | |
188 | ||
a5c32cff HH |
189 | r = fopen_temporary(fn, &f, &p); |
190 | if (r < 0) | |
191 | return r; | |
192 | ||
b1837133 | 193 | r = write_string_stream_ts(f, line, flags, ts); |
9dd1b1e8 LP |
194 | if (r < 0) |
195 | goto fail; | |
196 | ||
95244ceb LP |
197 | r = fchmod_umask(fileno(f), FLAGS_SET(flags, WRITE_STRING_FILE_MODE_0600) ? 0600 : 0644); |
198 | if (r < 0) | |
199 | goto fail; | |
200 | ||
9dd1b1e8 LP |
201 | if (rename(p, fn) < 0) { |
202 | r = -errno; | |
203 | goto fail; | |
a5c32cff HH |
204 | } |
205 | ||
5b3f4a20 LP |
206 | if (FLAGS_SET(flags, WRITE_STRING_FILE_SYNC)) { |
207 | /* Sync the rename, too */ | |
208 | r = fsync_directory_of_file(fileno(f)); | |
209 | if (r < 0) | |
210 | return r; | |
211 | } | |
212 | ||
9dd1b1e8 | 213 | return 0; |
a5c32cff | 214 | |
9dd1b1e8 LP |
215 | fail: |
216 | (void) unlink(p); | |
a5c32cff HH |
217 | return r; |
218 | } | |
219 | ||
b1837133 LP |
220 | int write_string_file_ts( |
221 | const char *fn, | |
222 | const char *line, | |
223 | WriteStringFileFlags flags, | |
4d5f52e7 | 224 | const struct timespec *ts) { |
b1837133 | 225 | |
4c1fc3e4 | 226 | _cleanup_fclose_ FILE *f = NULL; |
95244ceb | 227 | int q, r, fd; |
4c1fc3e4 DM |
228 | |
229 | assert(fn); | |
230 | assert(line); | |
231 | ||
265710c2 AJ |
232 | /* We don't know how to verify whether the file contents was already on-disk. */ |
233 | assert(!((flags & WRITE_STRING_FILE_VERIFY_ON_FAILURE) && (flags & WRITE_STRING_FILE_SYNC))); | |
0675e94a | 234 | |
50ccd864 LP |
235 | if (flags & WRITE_STRING_FILE_MKDIR_0755) { |
236 | r = mkdir_parents(fn, 0755); | |
237 | if (r < 0) | |
238 | return r; | |
239 | } | |
240 | ||
4c1fc3e4 DM |
241 | if (flags & WRITE_STRING_FILE_ATOMIC) { |
242 | assert(flags & WRITE_STRING_FILE_CREATE); | |
243 | ||
b1837133 | 244 | r = write_string_file_atomic(fn, line, flags, ts); |
eb3da901 LP |
245 | if (r < 0) |
246 | goto fail; | |
247 | ||
248 | return r; | |
39c38d77 | 249 | } else |
234519ae | 250 | assert(!ts); |
4c1fc3e4 | 251 | |
95244ceb LP |
252 | /* We manually build our own version of fopen(..., "we") that works without O_CREAT and with O_NOFOLLOW if needed. */ |
253 | fd = open(fn, O_WRONLY|O_CLOEXEC|O_NOCTTY | | |
254 | (FLAGS_SET(flags, WRITE_STRING_FILE_NOFOLLOW) ? O_NOFOLLOW : 0) | | |
6797a74f | 255 | (FLAGS_SET(flags, WRITE_STRING_FILE_CREATE) ? O_CREAT : 0) | |
256 | (FLAGS_SET(flags, WRITE_STRING_FILE_TRUNCATE) ? O_TRUNC : 0), | |
95244ceb LP |
257 | (FLAGS_SET(flags, WRITE_STRING_FILE_MODE_0600) ? 0600 : 0666)); |
258 | if (fd < 0) { | |
259 | r = -errno; | |
260 | goto fail; | |
261 | } | |
4c1fc3e4 | 262 | |
95244ceb LP |
263 | r = fdopen_unlocked(fd, "w", &f); |
264 | if (r < 0) { | |
265 | safe_close(fd); | |
266 | goto fail; | |
41f6e627 | 267 | } |
35bbbf85 | 268 | |
12ec9c30 TSH |
269 | if (flags & WRITE_STRING_FILE_DISABLE_BUFFER) |
270 | setvbuf(f, NULL, _IONBF, 0); | |
271 | ||
b1837133 | 272 | r = write_string_stream_ts(f, line, flags, ts); |
eb3da901 LP |
273 | if (r < 0) |
274 | goto fail; | |
275 | ||
276 | return 0; | |
277 | ||
278 | fail: | |
279 | if (!(flags & WRITE_STRING_FILE_VERIFY_ON_FAILURE)) | |
280 | return r; | |
281 | ||
282 | f = safe_fclose(f); | |
283 | ||
284 | /* OK, the operation failed, but let's see if the right | |
285 | * contents in place already. If so, eat up the error. */ | |
286 | ||
287 | q = verify_file(fn, line, !(flags & WRITE_STRING_FILE_AVOID_NEWLINE)); | |
288 | if (q <= 0) | |
289 | return r; | |
290 | ||
291 | return 0; | |
4c1fc3e4 DM |
292 | } |
293 | ||
3130fca5 LP |
294 | int write_string_filef( |
295 | const char *fn, | |
296 | WriteStringFileFlags flags, | |
297 | const char *format, ...) { | |
298 | ||
299 | _cleanup_free_ char *p = NULL; | |
300 | va_list ap; | |
301 | int r; | |
302 | ||
303 | va_start(ap, format); | |
304 | r = vasprintf(&p, format, ap); | |
305 | va_end(ap); | |
306 | ||
307 | if (r < 0) | |
308 | return -ENOMEM; | |
309 | ||
310 | return write_string_file(fn, p, flags); | |
311 | } | |
312 | ||
a5c32cff HH |
313 | int read_one_line_file(const char *fn, char **line) { |
314 | _cleanup_fclose_ FILE *f = NULL; | |
fdeea3f4 | 315 | int r; |
a5c32cff HH |
316 | |
317 | assert(fn); | |
318 | assert(line); | |
319 | ||
fdeea3f4 ZJS |
320 | r = fopen_unlocked(fn, "re", &f); |
321 | if (r < 0) | |
322 | return r; | |
35bbbf85 | 323 | |
d6062e3b | 324 | return read_line(f, LONG_LINE_MAX, line); |
a5c32cff HH |
325 | } |
326 | ||
eb3da901 LP |
327 | int verify_file(const char *fn, const char *blob, bool accept_extra_nl) { |
328 | _cleanup_fclose_ FILE *f = NULL; | |
329 | _cleanup_free_ char *buf = NULL; | |
330 | size_t l, k; | |
fdeea3f4 | 331 | int r; |
15dee3f0 | 332 | |
eb3da901 LP |
333 | assert(fn); |
334 | assert(blob); | |
335 | ||
336 | l = strlen(blob); | |
337 | ||
338 | if (accept_extra_nl && endswith(blob, "\n")) | |
339 | accept_extra_nl = false; | |
340 | ||
341 | buf = malloc(l + accept_extra_nl + 1); | |
342 | if (!buf) | |
343 | return -ENOMEM; | |
344 | ||
fdeea3f4 ZJS |
345 | r = fopen_unlocked(fn, "re", &f); |
346 | if (r < 0) | |
347 | return r; | |
35bbbf85 | 348 | |
eb3da901 LP |
349 | /* We try to read one byte more than we need, so that we know whether we hit eof */ |
350 | errno = 0; | |
351 | k = fread(buf, 1, l + accept_extra_nl + 1, f); | |
352 | if (ferror(f)) | |
66855de7 | 353 | return errno_or_else(EIO); |
eb3da901 LP |
354 | |
355 | if (k != l && k != l + accept_extra_nl) | |
356 | return 0; | |
357 | if (memcmp(buf, blob, l) != 0) | |
358 | return 0; | |
359 | if (k > l && buf[l] != '\n') | |
360 | return 0; | |
15dee3f0 | 361 | |
eb3da901 | 362 | return 1; |
15dee3f0 LP |
363 | } |
364 | ||
21b40f16 FB |
365 | int read_full_virtual_file(const char *filename, char **ret_contents, size_t *ret_size) { |
366 | _cleanup_free_ char *buf = NULL; | |
367 | _cleanup_close_ int fd = -1; | |
368 | struct stat st; | |
369 | size_t n, size; | |
370 | int n_retries; | |
371 | char *p; | |
372 | ||
373 | assert(ret_contents); | |
374 | ||
375 | /* Virtual filesystems such as sysfs or procfs use kernfs, and kernfs can work | |
376 | * with two sorts of virtual files. One sort uses "seq_file", and the results of | |
377 | * the first read are buffered for the second read. The other sort uses "raw" | |
378 | * reads which always go direct to the device. In the latter case, the content of | |
379 | * the virtual file must be retrieved with a single read otherwise a second read | |
380 | * might get the new value instead of finding EOF immediately. That's the reason | |
381 | * why the usage of fread(3) is prohibited in this case as it always performs a | |
382 | * second call to read(2) looking for EOF. See issue 13585. */ | |
383 | ||
384 | fd = open(filename, O_RDONLY|O_CLOEXEC); | |
385 | if (fd < 0) | |
386 | return -errno; | |
387 | ||
388 | /* Start size for files in /proc which usually report a file size of 0. */ | |
389 | size = LINE_MAX / 2; | |
390 | ||
391 | /* Limit the number of attempts to read the number of bytes returned by fstat(). */ | |
392 | n_retries = 3; | |
393 | ||
394 | for (;;) { | |
395 | if (n_retries <= 0) | |
396 | return -EIO; | |
397 | ||
398 | if (fstat(fd, &st) < 0) | |
399 | return -errno; | |
400 | ||
401 | if (!S_ISREG(st.st_mode)) | |
402 | return -EBADF; | |
403 | ||
404 | /* Be prepared for files from /proc which generally report a file size of 0. */ | |
405 | if (st.st_size > 0) { | |
406 | size = st.st_size; | |
407 | n_retries--; | |
408 | } else | |
409 | size = size * 2; | |
410 | ||
411 | if (size > READ_FULL_BYTES_MAX) | |
412 | return -E2BIG; | |
413 | ||
414 | p = realloc(buf, size + 1); | |
415 | if (!p) | |
416 | return -ENOMEM; | |
417 | buf = TAKE_PTR(p); | |
418 | ||
419 | for (;;) { | |
420 | ssize_t k; | |
421 | ||
422 | /* Read one more byte so we can detect whether the content of the | |
423 | * file has already changed or the guessed size for files from /proc | |
424 | * wasn't large enough . */ | |
425 | k = read(fd, buf, size + 1); | |
426 | if (k >= 0) { | |
427 | n = k; | |
428 | break; | |
429 | } | |
430 | ||
6b8664cb | 431 | if (errno != EINTR) |
21b40f16 FB |
432 | return -errno; |
433 | } | |
434 | ||
435 | /* Consider a short read as EOF */ | |
436 | if (n <= size) | |
437 | break; | |
438 | ||
439 | /* Hmm... either we read too few bytes from /proc or less likely the content | |
440 | * of the file might have been changed (and is now bigger) while we were | |
441 | * processing, let's try again either with a bigger guessed size or the new | |
442 | * file size. */ | |
443 | ||
444 | if (lseek(fd, 0, SEEK_SET) < 0) | |
445 | return -errno; | |
446 | } | |
447 | ||
448 | if (n < size) { | |
449 | p = realloc(buf, n + 1); | |
450 | if (!p) | |
451 | return -ENOMEM; | |
452 | buf = TAKE_PTR(p); | |
453 | } | |
454 | ||
455 | if (!ret_size) { | |
456 | /* Safety check: if the caller doesn't want to know the size of what we | |
457 | * just read it will rely on the trailing NUL byte. But if there's an | |
458 | * embedded NUL byte, then we should refuse operation as otherwise | |
459 | * there'd be ambiguity about what we just read. */ | |
460 | ||
461 | if (memchr(buf, 0, n)) | |
462 | return -EBADMSG; | |
463 | } else | |
464 | *ret_size = n; | |
465 | ||
466 | buf[n] = 0; | |
467 | *ret_contents = TAKE_PTR(buf); | |
468 | ||
469 | return 0; | |
470 | } | |
471 | ||
15f8f026 | 472 | int read_full_stream_full( |
2d78717b | 473 | FILE *f, |
50caae7b | 474 | const char *filename, |
986311c2 LP |
475 | uint64_t offset, |
476 | size_t size, | |
15f8f026 | 477 | ReadFullFileFlags flags, |
2d78717b LP |
478 | char **ret_contents, |
479 | size_t *ret_size) { | |
480 | ||
a5c32cff | 481 | _cleanup_free_ char *buf = NULL; |
15f8f026 YW |
482 | size_t n, n_next, l; |
483 | int fd, r; | |
a5c32cff | 484 | |
717603e3 | 485 | assert(f); |
2d78717b | 486 | assert(ret_contents); |
89aaf655 | 487 | assert(!FLAGS_SET(flags, READ_FULL_FILE_UNBASE64 | READ_FULL_FILE_UNHEX)); |
a5c32cff | 488 | |
986311c2 LP |
489 | if (offset != UINT64_MAX && offset > LONG_MAX) |
490 | return -ERANGE; | |
491 | ||
492 | n_next = size != SIZE_MAX ? size : LINE_MAX; /* Start size */ | |
a5c32cff | 493 | |
c4054ddf | 494 | fd = fileno(f); |
986311c2 LP |
495 | if (fd >= 0) { /* If the FILE* object is backed by an fd (as opposed to memory or such, see |
496 | * fmemopen()), let's optimize our buffering */ | |
497 | struct stat st; | |
717603e3 | 498 | |
15f8f026 | 499 | if (fstat(fd, &st) < 0) |
c4054ddf LP |
500 | return -errno; |
501 | ||
502 | if (S_ISREG(st.st_mode)) { | |
986311c2 LP |
503 | if (size == SIZE_MAX) { |
504 | uint64_t rsize = | |
505 | LESS_BY((uint64_t) st.st_size, offset == UINT64_MAX ? 0 : offset); | |
506 | ||
507 | /* Safety check */ | |
508 | if (rsize > READ_FULL_BYTES_MAX) | |
509 | return -E2BIG; | |
510 | ||
511 | /* Start with the right file size. Note that we increase the size to read | |
512 | * here by one, so that the first read attempt already makes us notice the | |
513 | * EOF. If the reported size of the file is zero, we avoid this logic | |
514 | * however, since quite likely it might be a virtual file in procfs that all | |
515 | * report a zero file size. */ | |
516 | if (st.st_size > 0) | |
517 | n_next = rsize + 1; | |
518 | } | |
50caae7b | 519 | |
f2944702 | 520 | if (flags & READ_FULL_FILE_WARN_WORLD_READABLE) |
50caae7b | 521 | (void) warn_file_is_world_accessible(filename, &st, NULL, 0); |
c4054ddf | 522 | } |
717603e3 | 523 | } |
a5c32cff | 524 | |
986311c2 LP |
525 | if (offset != UINT64_MAX && fseek(f, offset, SEEK_SET) < 0) |
526 | return -errno; | |
527 | ||
15f8f026 | 528 | n = l = 0; |
a5c32cff HH |
529 | for (;;) { |
530 | char *t; | |
531 | size_t k; | |
532 | ||
15f8f026 YW |
533 | if (flags & READ_FULL_FILE_SECURE) { |
534 | t = malloc(n_next + 1); | |
535 | if (!t) { | |
536 | r = -ENOMEM; | |
537 | goto finalize; | |
538 | } | |
539 | memcpy_safe(t, buf, n); | |
540 | explicit_bzero_safe(buf, n); | |
c424bed1 | 541 | buf = mfree(buf); |
15f8f026 YW |
542 | } else { |
543 | t = realloc(buf, n_next + 1); | |
544 | if (!t) | |
545 | return -ENOMEM; | |
546 | } | |
a5c32cff HH |
547 | |
548 | buf = t; | |
15f8f026 YW |
549 | n = n_next; |
550 | ||
5a89faf0 | 551 | errno = 0; |
a5c32cff | 552 | k = fread(buf + l, 1, n - l, f); |
b93d3f6b LP |
553 | |
554 | assert(k <= n - l); | |
555 | l += k; | |
a5c32cff | 556 | |
15f8f026 | 557 | if (ferror(f)) { |
66855de7 | 558 | r = errno_or_else(EIO); |
15f8f026 YW |
559 | goto finalize; |
560 | } | |
c2d11a63 | 561 | if (feof(f)) |
a5c32cff | 562 | break; |
a5c32cff | 563 | |
986311c2 LP |
564 | if (size != SIZE_MAX) { /* If we got asked to read some specific size, we already sized the buffer right, hence leave */ |
565 | assert(l == size); | |
566 | break; | |
567 | } | |
568 | ||
b93d3f6b | 569 | assert(k > 0); /* we can't have read zero bytes because that would have been EOF */ |
a5c32cff HH |
570 | |
571 | /* Safety check */ | |
15f8f026 YW |
572 | if (n >= READ_FULL_BYTES_MAX) { |
573 | r = -E2BIG; | |
574 | goto finalize; | |
575 | } | |
c2d11a63 | 576 | |
15f8f026 | 577 | n_next = MIN(n * 2, READ_FULL_BYTES_MAX); |
a5c32cff HH |
578 | } |
579 | ||
89aaf655 | 580 | if (flags & (READ_FULL_FILE_UNBASE64 | READ_FULL_FILE_UNHEX)) { |
c668aa8b LP |
581 | _cleanup_free_ void *decoded = NULL; |
582 | size_t decoded_size; | |
583 | ||
07d8c0eb | 584 | buf[l++] = 0; |
89aaf655 | 585 | if (flags & READ_FULL_FILE_UNBASE64) |
c668aa8b | 586 | r = unbase64mem_full(buf, l, flags & READ_FULL_FILE_SECURE, &decoded, &decoded_size); |
89aaf655 | 587 | else |
c668aa8b LP |
588 | r = unhexmem_full(buf, l, flags & READ_FULL_FILE_SECURE, &decoded, &decoded_size); |
589 | if (r < 0) | |
590 | goto finalize; | |
591 | ||
592 | if (flags & READ_FULL_FILE_SECURE) | |
593 | explicit_bzero_safe(buf, n); | |
594 | free_and_replace(buf, decoded); | |
595 | n = l = decoded_size; | |
07d8c0eb YW |
596 | } |
597 | ||
2d78717b LP |
598 | if (!ret_size) { |
599 | /* Safety check: if the caller doesn't want to know the size of what we just read it will rely on the | |
600 | * trailing NUL byte. But if there's an embedded NUL byte, then we should refuse operation as otherwise | |
601 | * there'd be ambiguity about what we just read. */ | |
602 | ||
15f8f026 YW |
603 | if (memchr(buf, 0, l)) { |
604 | r = -EBADMSG; | |
605 | goto finalize; | |
606 | } | |
2d78717b LP |
607 | } |
608 | ||
a5c32cff | 609 | buf[l] = 0; |
2d78717b | 610 | *ret_contents = TAKE_PTR(buf); |
a5c32cff | 611 | |
2d78717b LP |
612 | if (ret_size) |
613 | *ret_size = l; | |
a5c32cff HH |
614 | |
615 | return 0; | |
15f8f026 YW |
616 | |
617 | finalize: | |
618 | if (flags & READ_FULL_FILE_SECURE) | |
619 | explicit_bzero_safe(buf, n); | |
620 | ||
621 | return r; | |
a5c32cff HH |
622 | } |
623 | ||
d3dcf4e3 LP |
624 | int read_full_file_full( |
625 | int dir_fd, | |
626 | const char *filename, | |
986311c2 LP |
627 | uint64_t offset, |
628 | size_t size, | |
d3dcf4e3 LP |
629 | ReadFullFileFlags flags, |
630 | const char *bind_name, | |
986311c2 LP |
631 | char **ret_contents, |
632 | size_t *ret_size) { | |
d3dcf4e3 | 633 | |
717603e3 | 634 | _cleanup_fclose_ FILE *f = NULL; |
fdeea3f4 | 635 | int r; |
717603e3 | 636 | |
15f8f026 | 637 | assert(filename); |
986311c2 | 638 | assert(ret_contents); |
717603e3 | 639 | |
8241f785 | 640 | r = xfopenat(dir_fd, filename, "re", 0, &f); |
b93d3f6b LP |
641 | if (r < 0) { |
642 | _cleanup_close_ int dfd = -1, sk = -1; | |
643 | union sockaddr_union sa; | |
644 | ||
645 | /* ENXIO is what Linux returns if we open a node that is an AF_UNIX socket */ | |
646 | if (r != -ENXIO) | |
647 | return r; | |
648 | ||
649 | /* If this is enabled, let's try to connect to it */ | |
650 | if (!FLAGS_SET(flags, READ_FULL_FILE_CONNECT_SOCKET)) | |
651 | return -ENXIO; | |
652 | ||
986311c2 LP |
653 | /* Seeking is not supported on AF_UNIX sockets */ |
654 | if (offset != UINT64_MAX) | |
655 | return -ESPIPE; | |
656 | ||
b93d3f6b LP |
657 | if (dir_fd == AT_FDCWD) |
658 | r = sockaddr_un_set_path(&sa.un, filename); | |
659 | else { | |
660 | char procfs_path[STRLEN("/proc/self/fd/") + DECIMAL_STR_MAX(int)]; | |
661 | ||
662 | /* If we shall operate relative to some directory, then let's use O_PATH first to | |
663 | * open the socket inode, and then connect to it via /proc/self/fd/. We have to do | |
664 | * this since there's not connectat() that takes a directory fd as first arg. */ | |
665 | ||
666 | dfd = openat(dir_fd, filename, O_PATH|O_CLOEXEC); | |
667 | if (dfd < 0) | |
668 | return -errno; | |
669 | ||
670 | xsprintf(procfs_path, "/proc/self/fd/%i", dfd); | |
671 | r = sockaddr_un_set_path(&sa.un, procfs_path); | |
672 | } | |
673 | if (r < 0) | |
674 | return r; | |
675 | ||
676 | sk = socket(AF_UNIX, SOCK_STREAM|SOCK_CLOEXEC, 0); | |
677 | if (sk < 0) | |
678 | return -errno; | |
679 | ||
d3dcf4e3 LP |
680 | if (bind_name) { |
681 | /* If the caller specified a socket name to bind to, do so before connecting. This is | |
682 | * useful to communicate some minor, short meta-information token from the client to | |
683 | * the server. */ | |
684 | union sockaddr_union bsa; | |
685 | ||
686 | r = sockaddr_un_set_path(&bsa.un, bind_name); | |
687 | if (r < 0) | |
688 | return r; | |
689 | ||
690 | if (bind(sk, &bsa.sa, r) < 0) | |
691 | return r; | |
692 | } | |
693 | ||
b93d3f6b LP |
694 | if (connect(sk, &sa.sa, SOCKADDR_UN_LEN(sa.un)) < 0) |
695 | return errno == ENOTSOCK ? -ENXIO : -errno; /* propagate original error if this is | |
696 | * not a socket after all */ | |
697 | ||
698 | if (shutdown(sk, SHUT_WR) < 0) | |
699 | return -errno; | |
700 | ||
701 | f = fdopen(sk, "r"); | |
702 | if (!f) | |
703 | return -errno; | |
704 | ||
705 | TAKE_FD(sk); | |
706 | } | |
35bbbf85 | 707 | |
8241f785 LP |
708 | (void) __fsetlocking(f, FSETLOCKING_BYCALLER); |
709 | ||
986311c2 | 710 | return read_full_stream_full(f, filename, offset, size, flags, ret_contents, ret_size); |
717603e3 LP |
711 | } |
712 | ||
68fee104 | 713 | int executable_is_script(const char *path, char **interpreter) { |
c8b32e11 | 714 | _cleanup_free_ char *line = NULL; |
99c61f6b | 715 | size_t len; |
68fee104 | 716 | char *ans; |
99c61f6b | 717 | int r; |
68fee104 ZJS |
718 | |
719 | assert(path); | |
720 | ||
721 | r = read_one_line_file(path, &line); | |
99c61f6b LP |
722 | if (r == -ENOBUFS) /* First line overly long? if so, then it's not a script */ |
723 | return 0; | |
68fee104 ZJS |
724 | if (r < 0) |
725 | return r; | |
726 | ||
727 | if (!startswith(line, "#!")) | |
728 | return 0; | |
729 | ||
730 | ans = strstrip(line + 2); | |
731 | len = strcspn(ans, " \t"); | |
732 | ||
733 | if (len == 0) | |
734 | return 0; | |
735 | ||
736 | ans = strndup(ans, len); | |
737 | if (!ans) | |
738 | return -ENOMEM; | |
739 | ||
740 | *interpreter = ans; | |
741 | return 1; | |
742 | } | |
69ab8088 ZJS |
743 | |
744 | /** | |
0a7b53bd | 745 | * Retrieve one field from a file like /proc/self/status. pattern |
c4cd1d4d AK |
746 | * should not include whitespace or the delimiter (':'). pattern matches only |
747 | * the beginning of a line. Whitespace before ':' is skipped. Whitespace and | |
748 | * zeros after the ':' will be skipped. field must be freed afterwards. | |
749 | * terminator specifies the terminating characters of the field value (not | |
750 | * included in the value). | |
69ab8088 | 751 | */ |
c4cd1d4d | 752 | int get_proc_field(const char *filename, const char *pattern, const char *terminator, char **field) { |
69ab8088 | 753 | _cleanup_free_ char *status = NULL; |
90110825 | 754 | char *t, *f; |
69ab8088 ZJS |
755 | size_t len; |
756 | int r; | |
757 | ||
c4cd1d4d | 758 | assert(terminator); |
69ab8088 | 759 | assert(filename); |
7ff7394d | 760 | assert(pattern); |
69ab8088 ZJS |
761 | assert(field); |
762 | ||
21b40f16 | 763 | r = read_full_virtual_file(filename, &status, NULL); |
69ab8088 ZJS |
764 | if (r < 0) |
765 | return r; | |
766 | ||
c4cd1d4d AK |
767 | t = status; |
768 | ||
769 | do { | |
770 | bool pattern_ok; | |
771 | ||
772 | do { | |
773 | t = strstr(t, pattern); | |
774 | if (!t) | |
775 | return -ENOENT; | |
776 | ||
777 | /* Check that pattern occurs in beginning of line. */ | |
778 | pattern_ok = (t == status || t[-1] == '\n'); | |
779 | ||
780 | t += strlen(pattern); | |
781 | ||
782 | } while (!pattern_ok); | |
783 | ||
784 | t += strspn(t, " \t"); | |
785 | if (!*t) | |
786 | return -ENOENT; | |
787 | ||
788 | } while (*t != ':'); | |
789 | ||
790 | t++; | |
69ab8088 | 791 | |
4ec29144 | 792 | if (*t) { |
1e5413f7 ZJS |
793 | t += strspn(t, " \t"); |
794 | ||
795 | /* Also skip zeros, because when this is used for | |
796 | * capabilities, we don't want the zeros. This way the | |
797 | * same capability set always maps to the same string, | |
798 | * irrespective of the total capability set size. For | |
799 | * other numbers it shouldn't matter. */ | |
800 | t += strspn(t, "0"); | |
4ec29144 ZJS |
801 | /* Back off one char if there's nothing but whitespace |
802 | and zeros */ | |
1e5413f7 | 803 | if (!*t || isspace(*t)) |
313cefa1 | 804 | t--; |
4ec29144 | 805 | } |
69ab8088 | 806 | |
c4cd1d4d | 807 | len = strcspn(t, terminator); |
69ab8088 | 808 | |
90110825 LP |
809 | f = strndup(t, len); |
810 | if (!f) | |
69ab8088 ZJS |
811 | return -ENOMEM; |
812 | ||
90110825 | 813 | *field = f; |
69ab8088 ZJS |
814 | return 0; |
815 | } | |
0d39fa9c LP |
816 | |
817 | DIR *xopendirat(int fd, const char *name, int flags) { | |
818 | int nfd; | |
819 | DIR *d; | |
820 | ||
821 | assert(!(flags & O_CREAT)); | |
822 | ||
823 | nfd = openat(fd, name, O_RDONLY|O_NONBLOCK|O_DIRECTORY|O_CLOEXEC|flags, 0); | |
824 | if (nfd < 0) | |
825 | return NULL; | |
826 | ||
827 | d = fdopendir(nfd); | |
828 | if (!d) { | |
829 | safe_close(nfd); | |
830 | return NULL; | |
831 | } | |
832 | ||
833 | return d; | |
834 | } | |
835 | ||
0a38e6b9 LP |
836 | static int mode_to_flags(const char *mode) { |
837 | const char *p; | |
838 | int flags; | |
839 | ||
840 | if ((p = startswith(mode, "r+"))) | |
841 | flags = O_RDWR; | |
842 | else if ((p = startswith(mode, "r"))) | |
843 | flags = O_RDONLY; | |
844 | else if ((p = startswith(mode, "w+"))) | |
845 | flags = O_RDWR|O_CREAT|O_TRUNC; | |
846 | else if ((p = startswith(mode, "w"))) | |
847 | flags = O_WRONLY|O_CREAT|O_TRUNC; | |
848 | else if ((p = startswith(mode, "a+"))) | |
849 | flags = O_RDWR|O_CREAT|O_APPEND; | |
850 | else if ((p = startswith(mode, "a"))) | |
851 | flags = O_WRONLY|O_CREAT|O_APPEND; | |
852 | else | |
853 | return -EINVAL; | |
854 | ||
855 | for (; *p != 0; p++) { | |
856 | ||
857 | switch (*p) { | |
858 | ||
859 | case 'e': | |
860 | flags |= O_CLOEXEC; | |
861 | break; | |
862 | ||
863 | case 'x': | |
864 | flags |= O_EXCL; | |
865 | break; | |
866 | ||
867 | case 'm': | |
868 | /* ignore this here, fdopen() might care later though */ | |
869 | break; | |
870 | ||
871 | case 'c': /* not sure what to do about this one */ | |
872 | default: | |
873 | return -EINVAL; | |
874 | } | |
875 | } | |
876 | ||
877 | return flags; | |
878 | } | |
879 | ||
880 | int xfopenat(int dir_fd, const char *path, const char *mode, int flags, FILE **ret) { | |
881 | FILE *f; | |
882 | ||
883 | /* A combination of fopen() with openat() */ | |
884 | ||
885 | if (dir_fd == AT_FDCWD && flags == 0) { | |
886 | f = fopen(path, mode); | |
887 | if (!f) | |
888 | return -errno; | |
889 | } else { | |
890 | int fd, mode_flags; | |
891 | ||
892 | mode_flags = mode_to_flags(mode); | |
893 | if (mode_flags < 0) | |
894 | return mode_flags; | |
895 | ||
896 | fd = openat(dir_fd, path, mode_flags | flags); | |
897 | if (fd < 0) | |
898 | return -errno; | |
899 | ||
900 | f = fdopen(fd, mode); | |
901 | if (!f) { | |
902 | safe_close(fd); | |
903 | return -errno; | |
904 | } | |
905 | } | |
906 | ||
907 | *ret = f; | |
908 | return 0; | |
909 | } | |
910 | ||
0d39fa9c LP |
911 | static int search_and_fopen_internal(const char *path, const char *mode, const char *root, char **search, FILE **_f) { |
912 | char **i; | |
913 | ||
914 | assert(path); | |
915 | assert(mode); | |
916 | assert(_f); | |
917 | ||
918 | if (!path_strv_resolve_uniq(search, root)) | |
919 | return -ENOMEM; | |
920 | ||
921 | STRV_FOREACH(i, search) { | |
922 | _cleanup_free_ char *p = NULL; | |
923 | FILE *f; | |
924 | ||
657ee2d8 | 925 | p = path_join(root, *i, path); |
0d39fa9c LP |
926 | if (!p) |
927 | return -ENOMEM; | |
928 | ||
929 | f = fopen(p, mode); | |
930 | if (f) { | |
931 | *_f = f; | |
932 | return 0; | |
933 | } | |
934 | ||
935 | if (errno != ENOENT) | |
936 | return -errno; | |
937 | } | |
938 | ||
939 | return -ENOENT; | |
940 | } | |
941 | ||
942 | int search_and_fopen(const char *path, const char *mode, const char *root, const char **search, FILE **_f) { | |
943 | _cleanup_strv_free_ char **copy = NULL; | |
944 | ||
945 | assert(path); | |
946 | assert(mode); | |
947 | assert(_f); | |
948 | ||
949 | if (path_is_absolute(path)) { | |
950 | FILE *f; | |
951 | ||
952 | f = fopen(path, mode); | |
953 | if (f) { | |
954 | *_f = f; | |
955 | return 0; | |
956 | } | |
957 | ||
958 | return -errno; | |
959 | } | |
960 | ||
961 | copy = strv_copy((char**) search); | |
962 | if (!copy) | |
963 | return -ENOMEM; | |
964 | ||
965 | return search_and_fopen_internal(path, mode, root, copy, _f); | |
966 | } | |
967 | ||
968 | int search_and_fopen_nulstr(const char *path, const char *mode, const char *root, const char *search, FILE **_f) { | |
969 | _cleanup_strv_free_ char **s = NULL; | |
970 | ||
971 | if (path_is_absolute(path)) { | |
972 | FILE *f; | |
973 | ||
974 | f = fopen(path, mode); | |
975 | if (f) { | |
976 | *_f = f; | |
977 | return 0; | |
978 | } | |
979 | ||
980 | return -errno; | |
981 | } | |
982 | ||
983 | s = strv_split_nulstr(search); | |
984 | if (!s) | |
985 | return -ENOMEM; | |
986 | ||
987 | return search_and_fopen_internal(path, mode, root, s, _f); | |
988 | } | |
989 | ||
d338bfff ZJS |
990 | int chase_symlinks_and_fopen_unlocked( |
991 | const char *path, | |
992 | const char *root, | |
993 | unsigned chase_flags, | |
994 | const char *open_flags, | |
995 | FILE **ret_file, | |
996 | char **ret_path) { | |
997 | ||
998 | _cleanup_close_ int fd = -1; | |
999 | _cleanup_free_ char *final_path = NULL; | |
1000 | int mode_flags, r; | |
1001 | FILE *f; | |
1002 | ||
1003 | assert(path); | |
1004 | assert(open_flags); | |
1005 | assert(ret_file); | |
1006 | ||
1007 | mode_flags = mode_to_flags(open_flags); | |
1008 | if (mode_flags < 0) | |
1009 | return mode_flags; | |
1010 | ||
1011 | fd = chase_symlinks_and_open(path, root, chase_flags, mode_flags, ret_path ? &final_path : NULL); | |
1012 | if (fd < 0) | |
1013 | return fd; | |
1014 | ||
1015 | r = fdopen_unlocked(fd, open_flags, &f); | |
1016 | if (r < 0) | |
1017 | return r; | |
1018 | TAKE_FD(fd); | |
1019 | ||
1020 | *ret_file = f; | |
1021 | if (ret_path) | |
1022 | *ret_path = TAKE_PTR(final_path); | |
1023 | return 0; | |
1024 | } | |
1025 | ||
0d39fa9c LP |
1026 | int fflush_and_check(FILE *f) { |
1027 | assert(f); | |
1028 | ||
1029 | errno = 0; | |
1030 | fflush(f); | |
1031 | ||
1032 | if (ferror(f)) | |
66855de7 | 1033 | return errno_or_else(EIO); |
0d39fa9c LP |
1034 | |
1035 | return 0; | |
1036 | } | |
1037 | ||
0675e94a | 1038 | int fflush_sync_and_check(FILE *f) { |
14f594b9 | 1039 | int r, fd; |
0675e94a AJ |
1040 | |
1041 | assert(f); | |
1042 | ||
1043 | r = fflush_and_check(f); | |
1044 | if (r < 0) | |
1045 | return r; | |
1046 | ||
14f594b9 LP |
1047 | /* Not all file streams have an fd associated (think: fmemopen()), let's handle this gracefully and |
1048 | * assume that in that case we need no explicit syncing */ | |
1049 | fd = fileno(f); | |
1050 | if (fd < 0) | |
1051 | return 0; | |
1052 | ||
1053 | if (fsync(fd) < 0) | |
0675e94a AJ |
1054 | return -errno; |
1055 | ||
14f594b9 | 1056 | r = fsync_directory_of_file(fd); |
8ac2f74f LP |
1057 | if (r < 0) |
1058 | return r; | |
1059 | ||
0675e94a AJ |
1060 | return 0; |
1061 | } | |
1062 | ||
33d52ab9 LP |
1063 | int write_timestamp_file_atomic(const char *fn, usec_t n) { |
1064 | char ln[DECIMAL_STR_MAX(n)+2]; | |
1065 | ||
1066 | /* Creates a "timestamp" file, that contains nothing but a | |
1067 | * usec_t timestamp, formatted in ASCII. */ | |
1068 | ||
1069 | if (n <= 0 || n >= USEC_INFINITY) | |
1070 | return -ERANGE; | |
1071 | ||
1072 | xsprintf(ln, USEC_FMT "\n", n); | |
1073 | ||
1074 | return write_string_file(fn, ln, WRITE_STRING_FILE_CREATE|WRITE_STRING_FILE_ATOMIC); | |
1075 | } | |
1076 | ||
1077 | int read_timestamp_file(const char *fn, usec_t *ret) { | |
1078 | _cleanup_free_ char *ln = NULL; | |
1079 | uint64_t t; | |
1080 | int r; | |
1081 | ||
1082 | r = read_one_line_file(fn, &ln); | |
1083 | if (r < 0) | |
1084 | return r; | |
1085 | ||
1086 | r = safe_atou64(ln, &t); | |
1087 | if (r < 0) | |
1088 | return r; | |
1089 | ||
1090 | if (t <= 0 || t >= (uint64_t) USEC_INFINITY) | |
1091 | return -ERANGE; | |
1092 | ||
1093 | *ret = (usec_t) t; | |
1094 | return 0; | |
1095 | } | |
d390f8ef LP |
1096 | |
1097 | int fputs_with_space(FILE *f, const char *s, const char *separator, bool *space) { | |
1098 | int r; | |
1099 | ||
1100 | assert(s); | |
1101 | ||
1102 | /* Outputs the specified string with fputs(), but optionally prefixes it with a separator. The *space parameter | |
1103 | * when specified shall initially point to a boolean variable initialized to false. It is set to true after the | |
1104 | * first invocation. This call is supposed to be use in loops, where a separator shall be inserted between each | |
1105 | * element, but not before the first one. */ | |
1106 | ||
1107 | if (!f) | |
1108 | f = stdout; | |
1109 | ||
1110 | if (space) { | |
1111 | if (!separator) | |
1112 | separator = " "; | |
1113 | ||
1114 | if (*space) { | |
1115 | r = fputs(separator, f); | |
1116 | if (r < 0) | |
1117 | return r; | |
1118 | } | |
1119 | ||
1120 | *space = true; | |
1121 | } | |
1122 | ||
1123 | return fputs(s, f); | |
1124 | } | |
03532f0a | 1125 | |
838894b0 LP |
1126 | /* A bitmask of the EOL markers we know */ |
1127 | typedef enum EndOfLineMarker { | |
1128 | EOL_NONE = 0, | |
1129 | EOL_ZERO = 1 << 0, /* \0 (aka NUL) */ | |
1130 | EOL_TEN = 1 << 1, /* \n (aka NL, aka LF) */ | |
1131 | EOL_THIRTEEN = 1 << 2, /* \r (aka CR) */ | |
1132 | } EndOfLineMarker; | |
1133 | ||
41f11239 LP |
1134 | static EndOfLineMarker categorize_eol(char c, ReadLineFlags flags) { |
1135 | ||
1136 | if (!IN_SET(flags, READ_LINE_ONLY_NUL)) { | |
1137 | if (c == '\n') | |
1138 | return EOL_TEN; | |
1139 | if (c == '\r') | |
1140 | return EOL_THIRTEEN; | |
1141 | } | |
1142 | ||
838894b0 LP |
1143 | if (c == '\0') |
1144 | return EOL_ZERO; | |
1145 | ||
1146 | return EOL_NONE; | |
1147 | } | |
1148 | ||
fd421c4a | 1149 | DEFINE_TRIVIAL_CLEANUP_FUNC_FULL(FILE*, funlockfile, NULL); |
f858e514 | 1150 | |
41f11239 | 1151 | int read_line_full(FILE *f, size_t limit, ReadLineFlags flags, char **ret) { |
4f9a66a3 | 1152 | size_t n = 0, allocated = 0, count = 0; |
838894b0 | 1153 | _cleanup_free_ char *buffer = NULL; |
609ae0f5 | 1154 | int r; |
4f9a66a3 LP |
1155 | |
1156 | assert(f); | |
1157 | ||
1158 | /* Something like a bounded version of getline(). | |
1159 | * | |
838894b0 LP |
1160 | * Considers EOF, \n, \r and \0 end of line delimiters (or combinations of these), and does not include these |
1161 | * delimiters in the string returned. Specifically, recognizes the following combinations of markers as line | |
1162 | * endings: | |
1163 | * | |
1164 | * • \n (UNIX) | |
1165 | * • \r (old MacOS) | |
1166 | * • \0 (C strings) | |
1167 | * • \n\0 | |
1168 | * • \r\0 | |
1169 | * • \r\n (Windows) | |
1170 | * • \n\r | |
1171 | * • \r\n\0 | |
1172 | * • \n\r\0 | |
4f9a66a3 LP |
1173 | * |
1174 | * Returns the number of bytes read from the files (i.e. including delimiters — this hence usually differs from | |
1175 | * the number of characters in the returned string). When EOF is hit, 0 is returned. | |
1176 | * | |
1177 | * The input parameter limit is the maximum numbers of characters in the returned string, i.e. excluding | |
1178 | * delimiters. If the limit is hit we fail and return -ENOBUFS. | |
1179 | * | |
1180 | * If a line shall be skipped ret may be initialized as NULL. */ | |
1181 | ||
1182 | if (ret) { | |
1183 | if (!GREEDY_REALLOC(buffer, allocated, 1)) | |
1184 | return -ENOMEM; | |
1185 | } | |
1186 | ||
f858e514 | 1187 | { |
3f691417 | 1188 | _unused_ _cleanup_(funlockfilep) FILE *flocked = f; |
838894b0 | 1189 | EndOfLineMarker previous_eol = EOL_NONE; |
f858e514 | 1190 | flockfile(f); |
4f9a66a3 | 1191 | |
f858e514 | 1192 | for (;;) { |
838894b0 | 1193 | EndOfLineMarker eol; |
03a7dbea | 1194 | char c; |
4f9a66a3 | 1195 | |
f858e514 ZJS |
1196 | if (n >= limit) |
1197 | return -ENOBUFS; | |
4f9a66a3 | 1198 | |
31fd02f0 LP |
1199 | if (count >= INT_MAX) /* We couldn't return the counter anymore as "int", hence refuse this */ |
1200 | return -ENOBUFS; | |
1201 | ||
03a7dbea LP |
1202 | r = safe_fgetc(f, &c); |
1203 | if (r < 0) | |
1204 | return r; | |
91a306b8 | 1205 | if (r == 0) /* EOF is definitely EOL */ |
f858e514 | 1206 | break; |
4f9a66a3 | 1207 | |
41f11239 | 1208 | eol = categorize_eol(c, flags); |
838894b0 LP |
1209 | |
1210 | if (FLAGS_SET(previous_eol, EOL_ZERO) || | |
1211 | (eol == EOL_NONE && previous_eol != EOL_NONE) || | |
1212 | (eol != EOL_NONE && (previous_eol & eol) != 0)) { | |
1213 | /* Previous char was a NUL? This is not an EOL, but the previous char was? This type of | |
517b7760 LP |
1214 | * EOL marker has been seen right before? In either of these three cases we are |
1215 | * done. But first, let's put this character back in the queue. (Note that we have to | |
1216 | * cast this to (unsigned char) here as ungetc() expects a positive 'int', and if we | |
1217 | * are on an architecture where 'char' equals 'signed char' we need to ensure we don't | |
1218 | * pass a negative value here. That said, to complicate things further ungetc() is | |
1219 | * actually happy with most negative characters and implicitly casts them back to | |
1220 | * positive ones as needed, except for \xff (aka -1, aka EOF), which it refuses. What a | |
1221 | * godawful API!) */ | |
1222 | assert_se(ungetc((unsigned char) c, f) != EOF); | |
f858e514 | 1223 | break; |
838894b0 LP |
1224 | } |
1225 | ||
91a306b8 LP |
1226 | count++; |
1227 | ||
838894b0 | 1228 | if (eol != EOL_NONE) { |
451fcbfc LP |
1229 | /* If we are on a tty, we can't shouldn't wait for more input, because that |
1230 | * generally means waiting for the user, interactively. In the case of a TTY | |
1231 | * we expect only \n as the single EOL marker, so we are in the lucky | |
1232 | * position that there is no need to wait. We check this condition last, to | |
1233 | * avoid isatty() check if not necessary. */ | |
ee41670f | 1234 | |
609ae0f5 | 1235 | if ((flags & (READ_LINE_IS_A_TTY|READ_LINE_NOT_A_TTY)) == 0) { |
14f594b9 LP |
1236 | int fd; |
1237 | ||
1238 | fd = fileno(f); | |
1239 | if (fd < 0) /* Maybe an fmemopen() stream? Handle this gracefully, | |
1240 | * and don't call isatty() on an invalid fd */ | |
609ae0f5 | 1241 | flags |= READ_LINE_NOT_A_TTY; |
14f594b9 | 1242 | else |
609ae0f5 | 1243 | flags |= isatty(fd) ? READ_LINE_IS_A_TTY : READ_LINE_NOT_A_TTY; |
14f594b9 | 1244 | } |
609ae0f5 | 1245 | if (FLAGS_SET(flags, READ_LINE_IS_A_TTY)) |
ee41670f ZJS |
1246 | break; |
1247 | } | |
1248 | ||
1249 | if (eol != EOL_NONE) { | |
838894b0 LP |
1250 | previous_eol |= eol; |
1251 | continue; | |
1252 | } | |
4f9a66a3 | 1253 | |
f858e514 ZJS |
1254 | if (ret) { |
1255 | if (!GREEDY_REALLOC(buffer, allocated, n + 2)) | |
1256 | return -ENOMEM; | |
4f9a66a3 | 1257 | |
03a7dbea | 1258 | buffer[n] = c; |
4f9a66a3 LP |
1259 | } |
1260 | ||
f858e514 | 1261 | n++; |
4f9a66a3 | 1262 | } |
4f9a66a3 LP |
1263 | } |
1264 | ||
4f9a66a3 LP |
1265 | if (ret) { |
1266 | buffer[n] = 0; | |
1267 | ||
1cc6c93a | 1268 | *ret = TAKE_PTR(buffer); |
4f9a66a3 LP |
1269 | } |
1270 | ||
1271 | return (int) count; | |
1272 | } | |
285a9b27 LP |
1273 | |
1274 | int safe_fgetc(FILE *f, char *ret) { | |
1275 | int k; | |
1276 | ||
1277 | assert(f); | |
1278 | ||
1279 | /* A safer version of plain fgetc(): let's propagate the error that happened while reading as such, and | |
1280 | * separate the EOF condition from the byte read, to avoid those confusion signed/unsigned issues fgetc() | |
1281 | * has. */ | |
1282 | ||
1283 | errno = 0; | |
1284 | k = fgetc(f); | |
1285 | if (k == EOF) { | |
1286 | if (ferror(f)) | |
66855de7 | 1287 | return errno_or_else(EIO); |
285a9b27 LP |
1288 | |
1289 | if (ret) | |
1290 | *ret = 0; | |
1291 | ||
1292 | return 0; | |
1293 | } | |
1294 | ||
1295 | if (ret) | |
1296 | *ret = k; | |
1297 | ||
1298 | return 1; | |
1299 | } | |
7a309a8c YW |
1300 | |
1301 | int warn_file_is_world_accessible(const char *filename, struct stat *st, const char *unit, unsigned line) { | |
1302 | struct stat _st; | |
1303 | ||
1304 | if (!filename) | |
1305 | return 0; | |
1306 | ||
1307 | if (!st) { | |
1308 | if (stat(filename, &_st) < 0) | |
1309 | return -errno; | |
1310 | st = &_st; | |
1311 | } | |
1312 | ||
1313 | if ((st->st_mode & S_IRWXO) == 0) | |
1314 | return 0; | |
1315 | ||
1316 | if (unit) | |
1317 | log_syntax(unit, LOG_WARNING, filename, line, 0, | |
0f935776 | 1318 | "%s has %04o mode that is too permissive, please adjust the ownership and access mode.", |
7a309a8c YW |
1319 | filename, st->st_mode & 07777); |
1320 | else | |
0f935776 | 1321 | log_warning("%s has %04o mode that is too permissive, please adjust the ownership and access mode.", |
7a309a8c YW |
1322 | filename, st->st_mode & 07777); |
1323 | return 0; | |
1324 | } | |
494735f3 | 1325 | |
90c81688 | 1326 | int sync_rights(int from, int to) { |
494735f3 DDM |
1327 | struct stat st; |
1328 | ||
90c81688 | 1329 | if (fstat(from, &st) < 0) |
494735f3 DDM |
1330 | return -errno; |
1331 | ||
90c81688 | 1332 | return fchmod_and_chown(to, st.st_mode & 07777, st.st_uid, st.st_gid); |
494735f3 DDM |
1333 | } |
1334 | ||
2da3dc69 | 1335 | int rename_and_apply_smack_floor_label(const char *from, const char *to) { |
494735f3 DDM |
1336 | int r = 0; |
1337 | if (rename(from, to) < 0) | |
1338 | return -errno; | |
1339 | ||
1340 | #ifdef SMACK_RUN_LABEL | |
1341 | r = mac_smack_apply(to, SMACK_ATTR_ACCESS, SMACK_FLOOR_LABEL); | |
1342 | if (r < 0) | |
1343 | return r; | |
1344 | #endif | |
1345 | return r; | |
1346 | } |