]> git.ipfire.org Git - thirdparty/systemd.git/blob - src/basic/copy.c
projects / thirdparty / systemd.git / blob
? search:
summary | shortlog | log | commit | commitdiff | tree
blame | history | raw | HEAD
Merge pull request #9193 from keszybz/coverity
[thirdparty/systemd.git] / src / basic / copy.c
1 /* SPDX-License-Identifier: LGPL-2.1+ */
2 /***
3 This file is part of systemd.
4
5 Copyright 2014 Lennart Poettering
6 ***/
7
8 #include <dirent.h>
9 #include <errno.h>
10 #include <fcntl.h>
11 #include <stddef.h>
12 #include <stdio.h>
13 #include <stdlib.h>
14 #include <string.h>
15 #include <sys/sendfile.h>
16 #include <sys/stat.h>
17 #include <sys/xattr.h>
18 #include <time.h>
19 #include <unistd.h>
20
21 #include "alloc-util.h"
22 #include "btrfs-util.h"
23 #include "chattr-util.h"
24 #include "copy.h"
25 #include "dirent-util.h"
26 #include "fd-util.h"
27 #include "fileio.h"
28 #include "fs-util.h"
29 #include "io-util.h"
30 #include "macro.h"
31 #include "missing.h"
32 #include "mount-util.h"
33 #include "string-util.h"
34 #include "strv.h"
35 #include "time-util.h"
36 #include "umask-util.h"
37 #include "user-util.h"
38 #include "xattr-util.h"
39
40 #define COPY_BUFFER_SIZE (16U*1024U)
41
42 /* A safety net for descending recursively into file system trees to copy. On Linux PATH_MAX is 4096, which means the
43 * deepest valid path one can build is around 2048, which we hence use as a safety net here, to not spin endlessly in
44 * case of bind mount cycles and suchlike. */
45 #define COPY_DEPTH_MAX 2048U
46
47 static ssize_t try_copy_file_range(
48 int fd_in, loff_t *off_in,
49 int fd_out, loff_t *off_out,
50 size_t len,
51 unsigned int flags) {
52
53 static int have = -1;
54 ssize_t r;
55
56 if (have == 0)
57 return -ENOSYS;
58
59 r = copy_file_range(fd_in, off_in, fd_out, off_out, len, flags);
60 if (have < 0)
61 have = r >= 0 || errno != ENOSYS;
62 if (r < 0)
63 return -errno;
64
65 return r;
66 }
67
68 enum {
69 FD_IS_NO_PIPE,
70 FD_IS_BLOCKING_PIPE,
71 FD_IS_NONBLOCKING_PIPE,
72 };
73
74 static int fd_is_nonblock_pipe(int fd) {
75 struct stat st;
76 int flags;
77
78 /* Checks whether the specified file descriptor refers to a pipe, and if so if O_NONBLOCK is set. */
79
80 if (fstat(fd, &st) < 0)
81 return -errno;
82
83 if (!S_ISFIFO(st.st_mode))
84 return FD_IS_NO_PIPE;
85
86 flags = fcntl(fd, F_GETFL);
87 if (flags < 0)
88 return -errno;
89
90 return FLAGS_SET(flags, O_NONBLOCK) ? FD_IS_NONBLOCKING_PIPE : FD_IS_BLOCKING_PIPE;
91 }
92
93 int copy_bytes_full(
94 int fdf, int fdt,
95 uint64_t max_bytes,
96 CopyFlags copy_flags,
97 void **ret_remains,
98 size_t *ret_remains_size) {
99
100 bool try_cfr = true, try_sendfile = true, try_splice = true;
101 int r, nonblock_pipe = -1;
102 size_t m = SSIZE_MAX; /* that is the maximum that sendfile and c_f_r accept */
103
104 assert(fdf >= 0);
105 assert(fdt >= 0);
106
107 /* Tries to copy bytes from the file descriptor 'fdf' to 'fdt' in the smartest possible way. Copies a maximum
108 * of 'max_bytes', which may be specified as UINT64_MAX, in which no maximum is applied. Returns negative on
109 * error, zero if EOF is hit before the bytes limit is hit and positive otherwise. If the copy fails for some
110 * reason but we read but didn't yet write some data an ret_remains/ret_remains_size is not NULL, then it will
111 * be initialized with an allocated buffer containing this "remaining" data. Note that these two parameters are
112 * initialized with a valid buffer only on failure and only if there's actually data already read. Otherwise
113 * these parameters if non-NULL are set to NULL. */
114
115 if (ret_remains)
116 *ret_remains = NULL;
117 if (ret_remains_size)
118 *ret_remains_size = 0;
119
120 /* Try btrfs reflinks first. This only works on regular, seekable files, hence let's check the file offsets of
121 * source and destination first. */
122 if ((copy_flags & COPY_REFLINK)) {
123 off_t foffset;
124
125 foffset = lseek(fdf, 0, SEEK_CUR);
126 if (foffset >= 0) {
127 off_t toffset;
128
129 toffset = lseek(fdt, 0, SEEK_CUR);
130 if (toffset >= 0) {
131
132 if (foffset == 0 && toffset == 0 && max_bytes == UINT64_MAX)
133 r = btrfs_reflink(fdf, fdt); /* full file reflink */
134 else
135 r = btrfs_clone_range(fdf, foffset, fdt, toffset, max_bytes == UINT64_MAX ? 0 : max_bytes); /* partial reflink */
136 if (r >= 0) {
137 off_t t;
138
139 /* This worked, yay! Now — to be fully correct — let's adjust the file pointers */
140 if (max_bytes == UINT64_MAX) {
141
142 /* We cloned to the end of the source file, let's position the read
143 * pointer there, and query it at the same time. */
144 t = lseek(fdf, 0, SEEK_END);
145 if (t < 0)
146 return -errno;
147 if (t < foffset)
148 return -ESPIPE;
149
150 /* Let's adjust the destination file write pointer by the same number
151 * of bytes. */
152 t = lseek(fdt, toffset + (t - foffset), SEEK_SET);
153 if (t < 0)
154 return -errno;
155
156 return 0; /* we copied the whole thing, hence hit EOF, return 0 */
157 } else {
158 t = lseek(fdf, foffset + max_bytes, SEEK_SET);
159 if (t < 0)
160 return -errno;
161
162 t = lseek(fdt, toffset + max_bytes, SEEK_SET);
163 if (t < 0)
164 return -errno;
165
166 return 1; /* we copied only some number of bytes, which worked, but this means we didn't hit EOF, return 1 */
167 }
168 }
169
170 log_debug_errno(r, "Reflinking didn't work, falling back to non-reflink copying: %m");
171 }
172 }
173 }
174
175 for (;;) {
176 ssize_t n;
177
178 if (max_bytes <= 0)
179 return 1; /* return > 0 if we hit the max_bytes limit */
180
181 if (max_bytes != UINT64_MAX && m > max_bytes)
182 m = max_bytes;
183
184 /* First try copy_file_range(), unless we already tried */
185 if (try_cfr) {
186 n = try_copy_file_range(fdf, NULL, fdt, NULL, m, 0u);
187 if (n < 0) {
188 if (!IN_SET(n, -EINVAL, -ENOSYS, -EXDEV, -EBADF))
189 return n;
190
191 try_cfr = false;
192 /* use fallback below */
193 } else if (n == 0) /* EOF */
194 break;
195 else
196 /* Success! */
197 goto next;
198 }
199
200 /* First try sendfile(), unless we already tried */
201 if (try_sendfile) {
202 n = sendfile(fdt, fdf, NULL, m);
203 if (n < 0) {
204 if (!IN_SET(errno, EINVAL, ENOSYS))
205 return -errno;
206
207 try_sendfile = false;
208 /* use fallback below */
209 } else if (n == 0) /* EOF */
210 break;
211 else
212 /* Success! */
213 goto next;
214 }
215
216 /* Then try splice, unless we already tried. */
217 if (try_splice) {
218
219 /* splice()'s asynchronous I/O support is a bit weird. When it encounters a pipe file
220 * descriptor, then it will ignore its O_NONBLOCK flag and instead only honour the
221 * SPLICE_F_NONBLOCK flag specified in its flag parameter. Let's hide this behaviour here, and
222 * check if either of the specified fds are a pipe, and if so, let's pass the flag
223 * automatically, depending on O_NONBLOCK being set.
224 *
225 * Here's a twist though: when we use it to move data between two pipes of which one has
226 * O_NONBLOCK set and the other has not, then we have no individual control over O_NONBLOCK
227 * behaviour. Hence in that case we can't use splice() and still guarantee systematic
228 * O_NONBLOCK behaviour, hence don't. */
229
230 if (nonblock_pipe < 0) {
231 int a, b;
232
233 /* Check if either of these fds is a pipe, and if so non-blocking or not */
234 a = fd_is_nonblock_pipe(fdf);
235 if (a < 0)
236 return a;
237
238 b = fd_is_nonblock_pipe(fdt);
239 if (b < 0)
240 return b;
241
242 if ((a == FD_IS_NO_PIPE && b == FD_IS_NO_PIPE) ||
243 (a == FD_IS_BLOCKING_PIPE && b == FD_IS_NONBLOCKING_PIPE) ||
244 (a == FD_IS_NONBLOCKING_PIPE && b == FD_IS_BLOCKING_PIPE))
245
246 /* splice() only works if one of the fds is a pipe. If neither is, let's skip
247 * this step right-away. As mentioned above, if one of the two fds refers to a
248 * blocking pipe and the other to a non-blocking pipe, we can't use splice()
249 * either, hence don't try either. This hence means we can only use splice() if
250 * either only one of the two fds is a pipe, or if both are pipes with the same
251 * nonblocking flag setting. */
252
253 try_splice = false;
254 else
255 nonblock_pipe = a == FD_IS_NONBLOCKING_PIPE || b == FD_IS_NONBLOCKING_PIPE;
256 }
257 }
258
259 if (try_splice) {
260 n = splice(fdf, NULL, fdt, NULL, m, nonblock_pipe ? SPLICE_F_NONBLOCK : 0);
261 if (n < 0) {
262 if (!IN_SET(errno, EINVAL, ENOSYS))
263 return -errno;
264
265 try_splice = false;
266 /* use fallback below */
267 } else if (n == 0) /* EOF */
268 break;
269 else
270 /* Success! */
271 goto next;
272 }
273
274 /* As a fallback just copy bits by hand */
275 {
276 uint8_t buf[MIN(m, COPY_BUFFER_SIZE)], *p = buf;
277 ssize_t z;
278
279 n = read(fdf, buf, sizeof buf);
280 if (n < 0)
281 return -errno;
282 if (n == 0) /* EOF */
283 break;
284
285 z = (size_t) n;
286 do {
287 ssize_t k;
288
289 k = write(fdt, p, z);
290 if (k < 0) {
291 r = -errno;
292
293 if (ret_remains) {
294 void *copy;
295
296 copy = memdup(p, z);
297 if (!copy)
298 return -ENOMEM;
299
300 *ret_remains = copy;
301 }
302
303 if (ret_remains_size)
304 *ret_remains_size = z;
305
306 return r;
307 }
308
309 assert(k <= z);
310 z -= k;
311 p += k;
312 } while (z > 0);
313 }
314
315 next:
316 if (max_bytes != (uint64_t) -1) {
317 assert(max_bytes >= (uint64_t) n);
318 max_bytes -= n;
319 }
320 /* sendfile accepts at most SSIZE_MAX-offset bytes to copy,
321 * so reduce our maximum by the amount we already copied,
322 * but don't go below our copy buffer size, unless we are
323 * close the limit of bytes we are allowed to copy. */
324 m = MAX(MIN(COPY_BUFFER_SIZE, max_bytes), m - n);
325 }
326
327 return 0; /* return 0 if we hit EOF earlier than the size limit */
328 }
329
330 static int fd_copy_symlink(
331 int df,
332 const char *from,
333 const struct stat *st,
334 int dt,
335 const char *to,
336 uid_t override_uid,
337 gid_t override_gid,
338 CopyFlags copy_flags) {
339
340 _cleanup_free_ char *target = NULL;
341 int r;
342
343 assert(from);
344 assert(st);
345 assert(to);
346
347 r = readlinkat_malloc(df, from, &target);
348 if (r < 0)
349 return r;
350
351 if (symlinkat(target, dt, to) < 0)
352 return -errno;
353
354 if (fchownat(dt, to,
355 uid_is_valid(override_uid) ? override_uid : st->st_uid,
356 gid_is_valid(override_gid) ? override_gid : st->st_gid,
357 AT_SYMLINK_NOFOLLOW) < 0)
358 return -errno;
359
360 return 0;
361 }
362
363 static int fd_copy_regular(
364 int df,
365 const char *from,
366 const struct stat *st,
367 int dt,
368 const char *to,
369 uid_t override_uid,
370 gid_t override_gid,
371 CopyFlags copy_flags) {
372
373 _cleanup_close_ int fdf = -1, fdt = -1;
374 struct timespec ts[2];
375 int r, q;
376
377 assert(from);
378 assert(st);
379 assert(to);
380
381 fdf = openat(df, from, O_RDONLY|O_CLOEXEC|O_NOCTTY|O_NOFOLLOW);
382 if (fdf < 0)
383 return -errno;
384
385 fdt = openat(dt, to, O_WRONLY|O_CREAT|O_EXCL|O_CLOEXEC|O_NOCTTY|O_NOFOLLOW, st->st_mode & 07777);
386 if (fdt < 0)
387 return -errno;
388
389 r = copy_bytes(fdf, fdt, (uint64_t) -1, copy_flags);
390 if (r < 0) {
391 (void) unlinkat(dt, to, 0);
392 return r;
393 }
394
395 if (fchown(fdt,
396 uid_is_valid(override_uid) ? override_uid : st->st_uid,
397 gid_is_valid(override_gid) ? override_gid : st->st_gid) < 0)
398 r = -errno;
399
400 if (fchmod(fdt, st->st_mode & 07777) < 0)
401 r = -errno;
402
403 ts[0] = st->st_atim;
404 ts[1] = st->st_mtim;
405 (void) futimens(fdt, ts);
406 (void) copy_xattr(fdf, fdt);
407
408 q = close(fdt);
409 fdt = -1;
410
411 if (q < 0) {
412 r = -errno;
413 (void) unlinkat(dt, to, 0);
414 }
415
416 return r;
417 }
418
419 static int fd_copy_fifo(
420 int df,
421 const char *from,
422 const struct stat *st,
423 int dt,
424 const char *to,
425 uid_t override_uid,
426 gid_t override_gid,
427 CopyFlags copy_flags) {
428 int r;
429
430 assert(from);
431 assert(st);
432 assert(to);
433
434 r = mkfifoat(dt, to, st->st_mode & 07777);
435 if (r < 0)
436 return -errno;
437
438 if (fchownat(dt, to,
439 uid_is_valid(override_uid) ? override_uid : st->st_uid,
440 gid_is_valid(override_gid) ? override_gid : st->st_gid,
441 AT_SYMLINK_NOFOLLOW) < 0)
442 r = -errno;
443
444 if (fchmodat(dt, to, st->st_mode & 07777, 0) < 0)
445 r = -errno;
446
447 return r;
448 }
449
450 static int fd_copy_node(
451 int df,
452 const char *from,
453 const struct stat *st,
454 int dt,
455 const char *to,
456 uid_t override_uid,
457 gid_t override_gid,
458 CopyFlags copy_flags) {
459 int r;
460
461 assert(from);
462 assert(st);
463 assert(to);
464
465 r = mknodat(dt, to, st->st_mode, st->st_rdev);
466 if (r < 0)
467 return -errno;
468
469 if (fchownat(dt, to,
470 uid_is_valid(override_uid) ? override_uid : st->st_uid,
471 gid_is_valid(override_gid) ? override_gid : st->st_gid,
472 AT_SYMLINK_NOFOLLOW) < 0)
473 r = -errno;
474
475 if (fchmodat(dt, to, st->st_mode & 07777, 0) < 0)
476 r = -errno;
477
478 return r;
479 }
480
481 static int fd_copy_directory(
482 int df,
483 const char *from,
484 const struct stat *st,
485 int dt,
486 const char *to,
487 dev_t original_device,
488 unsigned depth_left,
489 uid_t override_uid,
490 gid_t override_gid,
491 CopyFlags copy_flags) {
492
493 _cleanup_close_ int fdf = -1, fdt = -1;
494 _cleanup_closedir_ DIR *d = NULL;
495 struct dirent *de;
496 bool created;
497 int r;
498
499 assert(st);
500 assert(to);
501
502 if (depth_left == 0)
503 return -ENAMETOOLONG;
504
505 if (from)
506 fdf = openat(df, from, O_RDONLY|O_DIRECTORY|O_CLOEXEC|O_NOCTTY|O_NOFOLLOW);
507 else
508 fdf = fcntl(df, F_DUPFD_CLOEXEC, 3);
509 if (fdf < 0)
510 return -errno;
511
512 d = fdopendir(fdf);
513 if (!d)
514 return -errno;
515 fdf = -1;
516
517 r = mkdirat(dt, to, st->st_mode & 07777);
518 if (r >= 0)
519 created = true;
520 else if (errno == EEXIST && (copy_flags & COPY_MERGE))
521 created = false;
522 else
523 return -errno;
524
525 fdt = openat(dt, to, O_RDONLY|O_DIRECTORY|O_CLOEXEC|O_NOCTTY|O_NOFOLLOW);
526 if (fdt < 0)
527 return -errno;
528
529 r = 0;
530
531 FOREACH_DIRENT_ALL(de, d, return -errno) {
532 struct stat buf;
533 int q;
534
535 if (dot_or_dot_dot(de->d_name))
536 continue;
537
538 if (fstatat(dirfd(d), de->d_name, &buf, AT_SYMLINK_NOFOLLOW) < 0) {
539 r = -errno;
540 continue;
541 }
542
543 if (S_ISDIR(buf.st_mode)) {
544 /*
545 * Don't descend into directories on other file systems, if this is requested. We do a simple
546 * .st_dev check here, which basically comes for free. Note that we do this check only on
547 * directories, not other kind of file system objects, for two reason:
548 *
549 * • The kernel's overlayfs pseudo file system that overlays multiple real file systems
550 * propagates the .st_dev field of the file system a file originates from all the way up
551 * through the stack to stat(). It doesn't do that for directories however. This means that
552 * comparing .st_dev on non-directories suggests that they all are mount points. To avoid
553 * confusion we hence avoid relying on this check for regular files.
554 *
555 * • The main reason we do this check at all is to protect ourselves from bind mount cycles,
556 * where we really want to avoid descending down in all eternity. However the .st_dev check
557 * is usually not sufficient for this protection anyway, as bind mount cycles from the same
558 * file system onto itself can't be detected that way. (Note we also do a recursion depth
559 * check, which is probably the better protection in this regard, which is why
560 * COPY_SAME_MOUNT is optional).
561 */
562
563 if (FLAGS_SET(copy_flags, COPY_SAME_MOUNT)) {
564 if (buf.st_dev != original_device)
565 continue;
566
567 r = fd_is_mount_point(dirfd(d), de->d_name, 0);
568 if (r < 0)
569 return r;
570 if (r > 0)
571 continue;
572 }
573
574 q = fd_copy_directory(dirfd(d), de->d_name, &buf, fdt, de->d_name, original_device, depth_left-1, override_uid, override_gid, copy_flags);
575 } else if (S_ISREG(buf.st_mode))
576 q = fd_copy_regular(dirfd(d), de->d_name, &buf, fdt, de->d_name, override_uid, override_gid, copy_flags);
577 else if (S_ISLNK(buf.st_mode))
578 q = fd_copy_symlink(dirfd(d), de->d_name, &buf, fdt, de->d_name, override_uid, override_gid, copy_flags);
579 else if (S_ISFIFO(buf.st_mode))
580 q = fd_copy_fifo(dirfd(d), de->d_name, &buf, fdt, de->d_name, override_uid, override_gid, copy_flags);
581 else if (S_ISBLK(buf.st_mode) || S_ISCHR(buf.st_mode) || S_ISSOCK(buf.st_mode))
582 q = fd_copy_node(dirfd(d), de->d_name, &buf, fdt, de->d_name, override_uid, override_gid, copy_flags);
583 else
584 q = -EOPNOTSUPP;
585
586 if (q == -EEXIST && (copy_flags & COPY_MERGE))
587 q = 0;
588
589 if (q < 0)
590 r = q;
591 }
592
593 if (created) {
594 struct timespec ut[2] = {
595 st->st_atim,
596 st->st_mtim
597 };
598
599 if (fchown(fdt,
600 uid_is_valid(override_uid) ? override_uid : st->st_uid,
601 gid_is_valid(override_gid) ? override_gid : st->st_gid) < 0)
602 r = -errno;
603
604 if (fchmod(fdt, st->st_mode & 07777) < 0)
605 r = -errno;
606
607 (void) copy_xattr(dirfd(d), fdt);
608 (void) futimens(fdt, ut);
609 }
610
611 return r;
612 }
613
614 int copy_tree_at(int fdf, const char *from, int fdt, const char *to, uid_t override_uid, gid_t override_gid, CopyFlags copy_flags) {
615 struct stat st;
616
617 assert(from);
618 assert(to);
619
620 if (fstatat(fdf, from, &st, AT_SYMLINK_NOFOLLOW) < 0)
621 return -errno;
622
623 if (S_ISREG(st.st_mode))
624 return fd_copy_regular(fdf, from, &st, fdt, to, override_uid, override_gid, copy_flags);
625 else if (S_ISDIR(st.st_mode))
626 return fd_copy_directory(fdf, from, &st, fdt, to, st.st_dev, COPY_DEPTH_MAX, override_uid, override_gid, copy_flags);
627 else if (S_ISLNK(st.st_mode))
628 return fd_copy_symlink(fdf, from, &st, fdt, to, override_uid, override_gid, copy_flags);
629 else if (S_ISFIFO(st.st_mode))
630 return fd_copy_fifo(fdf, from, &st, fdt, to, override_uid, override_gid, copy_flags);
631 else if (S_ISBLK(st.st_mode) || S_ISCHR(st.st_mode) || S_ISSOCK(st.st_mode))
632 return fd_copy_node(fdf, from, &st, fdt, to, override_uid, override_gid, copy_flags);
633 else
634 return -EOPNOTSUPP;
635 }
636
637 int copy_tree(const char *from, const char *to, uid_t override_uid, gid_t override_gid, CopyFlags copy_flags) {
638 return copy_tree_at(AT_FDCWD, from, AT_FDCWD, to, override_uid, override_gid, copy_flags);
639 }
640
641 int copy_directory_fd(int dirfd, const char *to, CopyFlags copy_flags) {
642 struct stat st;
643
644 assert(dirfd >= 0);
645 assert(to);
646
647 if (fstat(dirfd, &st) < 0)
648 return -errno;
649
650 if (!S_ISDIR(st.st_mode))
651 return -ENOTDIR;
652
653 return fd_copy_directory(dirfd, NULL, &st, AT_FDCWD, to, st.st_dev, COPY_DEPTH_MAX, UID_INVALID, GID_INVALID, copy_flags);
654 }
655
656 int copy_directory(const char *from, const char *to, CopyFlags copy_flags) {
657 struct stat st;
658
659 assert(from);
660 assert(to);
661
662 if (lstat(from, &st) < 0)
663 return -errno;
664
665 if (!S_ISDIR(st.st_mode))
666 return -ENOTDIR;
667
668 return fd_copy_directory(AT_FDCWD, from, &st, AT_FDCWD, to, st.st_dev, COPY_DEPTH_MAX, UID_INVALID, GID_INVALID, copy_flags);
669 }
670
671 int copy_file_fd(const char *from, int fdt, CopyFlags copy_flags) {
672 _cleanup_close_ int fdf = -1;
673 int r;
674
675 assert(from);
676 assert(fdt >= 0);
677
678 fdf = open(from, O_RDONLY|O_CLOEXEC|O_NOCTTY);
679 if (fdf < 0)
680 return -errno;
681
682 r = copy_bytes(fdf, fdt, (uint64_t) -1, copy_flags);
683
684 (void) copy_times(fdf, fdt);
685 (void) copy_xattr(fdf, fdt);
686
687 return r;
688 }
689
690 int copy_file(const char *from, const char *to, int flags, mode_t mode, unsigned chattr_flags, CopyFlags copy_flags) {
691 int fdt = -1, r;
692
693 assert(from);
694 assert(to);
695
696 RUN_WITH_UMASK(0000) {
697 fdt = open(to, flags|O_WRONLY|O_CREAT|O_CLOEXEC|O_NOCTTY, mode);
698 if (fdt < 0)
699 return -errno;
700 }
701
702 if (chattr_flags != 0)
703 (void) chattr_fd(fdt, chattr_flags, (unsigned) -1);
704
705 r = copy_file_fd(from, fdt, copy_flags);
706 if (r < 0) {
707 close(fdt);
708 (void) unlink(to);
709 return r;
710 }
711
712 if (close(fdt) < 0) {
713 unlink_noerrno(to);
714 return -errno;
715 }
716
717 return 0;
718 }
719
720 int copy_file_atomic(const char *from, const char *to, mode_t mode, unsigned chattr_flags, CopyFlags copy_flags) {
721 _cleanup_free_ char *t = NULL;
722 int r;
723
724 assert(from);
725 assert(to);
726
727 r = tempfn_random(to, NULL, &t);
728 if (r < 0)
729 return r;
730
731 r = copy_file(from, t, O_NOFOLLOW|O_EXCL, mode, chattr_flags, copy_flags);
732 if (r < 0)
733 return r;
734
735 if (copy_flags & COPY_REPLACE) {
736 r = renameat(AT_FDCWD, t, AT_FDCWD, to);
737 if (r < 0)
738 r = -errno;
739 } else
740 r = rename_noreplace(AT_FDCWD, t, AT_FDCWD, to);
741 if (r < 0) {
742 (void) unlink(t);
743 return r;
744 }
745
746 return 0;
747 }
748
749 int copy_times(int fdf, int fdt) {
750 struct timespec ut[2];
751 struct stat st;
752 usec_t crtime = 0;
753
754 assert(fdf >= 0);
755 assert(fdt >= 0);
756
757 if (fstat(fdf, &st) < 0)
758 return -errno;
759
760 ut[0] = st.st_atim;
761 ut[1] = st.st_mtim;
762
763 if (futimens(fdt, ut) < 0)
764 return -errno;
765
766 if (fd_getcrtime(fdf, &crtime) >= 0)
767 (void) fd_setcrtime(fdt, crtime);
768
769 return 0;
770 }
771
772 int copy_xattr(int fdf, int fdt) {
773 _cleanup_free_ char *bufa = NULL, *bufb = NULL;
774 size_t sza = 100, szb = 100;
775 ssize_t n;
776 int ret = 0;
777 const char *p;
778
779 for (;;) {
780 bufa = malloc(sza);
781 if (!bufa)
782 return -ENOMEM;
783
784 n = flistxattr(fdf, bufa, sza);
785 if (n == 0)
786 return 0;
787 if (n > 0)
788 break;
789 if (errno != ERANGE)
790 return -errno;
791
792 sza *= 2;
793
794 bufa = mfree(bufa);
795 }
796
797 p = bufa;
798 while (n > 0) {
799 size_t l;
800
801 l = strlen(p);
802 assert(l < (size_t) n);
803
804 if (startswith(p, "user.")) {
805 ssize_t m;
806
807 if (!bufb) {
808 bufb = malloc(szb);
809 if (!bufb)
810 return -ENOMEM;
811 }
812
813 m = fgetxattr(fdf, p, bufb, szb);
814 if (m < 0) {
815 if (errno == ERANGE) {
816 szb *= 2;
817 bufb = mfree(bufb);
818 continue;
819 }
820
821 return -errno;
822 }
823
824 if (fsetxattr(fdt, p, bufb, m, 0) < 0)
825 ret = -errno;
826 }
827
828 p += l + 1;
829 n -= l + 1;
830 }
831
832 return ret;
833 }
Unnamed repository; edit this file 'description' to name the repository.