]> git.ipfire.org Git - thirdparty/systemd.git/blob - src/basic/fileio.c
projects / thirdparty / systemd.git / blob
? search:
summary | shortlog | log | commit | commitdiff | tree
blame | history | raw | HEAD
Merge pull request #16260 from poettering/pcre2-dlopen
[thirdparty/systemd.git] / src / basic / fileio.c
1 /* SPDX-License-Identifier: LGPL-2.1+ */
2
3 #include <ctype.h>
4 #include <errno.h>
5 #include <fcntl.h>
6 #include <limits.h>
7 #include <stdarg.h>
8 #include <stdint.h>
9 #include <stdio_ext.h>
10 #include <stdlib.h>
11 #include <sys/stat.h>
12 #include <sys/types.h>
13 #include <unistd.h>
14
15 #include "alloc-util.h"
16 #include "fd-util.h"
17 #include "fileio.h"
18 #include "fs-util.h"
19 #include "hexdecoct.h"
20 #include "log.h"
21 #include "macro.h"
22 #include "mkdir.h"
23 #include "parse-util.h"
24 #include "path-util.h"
25 #include "socket-util.h"
26 #include "stdio-util.h"
27 #include "string-util.h"
28 #include "tmpfile-util.h"
29
30 #define READ_FULL_BYTES_MAX (4U*1024U*1024U)
31
32 int fopen_unlocked(const char *path, const char *options, FILE **ret) {
33 assert(ret);
34
35 FILE *f = fopen(path, options);
36 if (!f)
37 return -errno;
38
39 (void) __fsetlocking(f, FSETLOCKING_BYCALLER);
40
41 *ret = f;
42 return 0;
43 }
44
45 int fdopen_unlocked(int fd, const char *options, FILE **ret) {
46 assert(ret);
47
48 FILE *f = fdopen(fd, options);
49 if (!f)
50 return -errno;
51
52 (void) __fsetlocking(f, FSETLOCKING_BYCALLER);
53
54 *ret = f;
55 return 0;
56 }
57
58 int take_fdopen_unlocked(int *fd, const char *options, FILE **ret) {
59 int r;
60
61 assert(fd);
62
63 r = fdopen_unlocked(*fd, options, ret);
64 if (r < 0)
65 return r;
66
67 *fd = -1;
68
69 return 0;
70 }
71
72 FILE* take_fdopen(int *fd, const char *options) {
73 assert(fd);
74
75 FILE *f = fdopen(*fd, options);
76 if (!f)
77 return NULL;
78
79 *fd = -1;
80
81 return f;
82 }
83
84 DIR* take_fdopendir(int *dfd) {
85 assert(dfd);
86
87 DIR *d = fdopendir(*dfd);
88 if (!d)
89 return NULL;
90
91 *dfd = -1;
92
93 return d;
94 }
95
96 FILE* open_memstream_unlocked(char **ptr, size_t *sizeloc) {
97 FILE *f = open_memstream(ptr, sizeloc);
98 if (!f)
99 return NULL;
100
101 (void) __fsetlocking(f, FSETLOCKING_BYCALLER);
102
103 return f;
104 }
105
106 FILE* fmemopen_unlocked(void *buf, size_t size, const char *mode) {
107 FILE *f = fmemopen(buf, size, mode);
108 if (!f)
109 return NULL;
110
111 (void) __fsetlocking(f, FSETLOCKING_BYCALLER);
112
113 return f;
114 }
115
116 int write_string_stream_ts(
117 FILE *f,
118 const char *line,
119 WriteStringFileFlags flags,
120 struct timespec *ts) {
121
122 bool needs_nl;
123 int r, fd;
124
125 assert(f);
126 assert(line);
127
128 if (ferror(f))
129 return -EIO;
130
131 if (ts) {
132 /* If we shall set the timestamp we need the fd. But fmemopen() streams generally don't have
133 * an fd. Let's fail early in that case. */
134 fd = fileno(f);
135 if (fd < 0)
136 return -EBADF;
137 }
138
139 needs_nl = !(flags & WRITE_STRING_FILE_AVOID_NEWLINE) && !endswith(line, "\n");
140
141 if (needs_nl && (flags & WRITE_STRING_FILE_DISABLE_BUFFER)) {
142 /* If STDIO buffering was disabled, then let's append the newline character to the string itself, so
143 * that the write goes out in one go, instead of two */
144
145 line = strjoina(line, "\n");
146 needs_nl = false;
147 }
148
149 if (fputs(line, f) == EOF)
150 return -errno;
151
152 if (needs_nl)
153 if (fputc('\n', f) == EOF)
154 return -errno;
155
156 if (flags & WRITE_STRING_FILE_SYNC)
157 r = fflush_sync_and_check(f);
158 else
159 r = fflush_and_check(f);
160 if (r < 0)
161 return r;
162
163 if (ts) {
164 struct timespec twice[2] = {*ts, *ts};
165
166 if (futimens(fd, twice) < 0)
167 return -errno;
168 }
169
170 return 0;
171 }
172
173 static int write_string_file_atomic(
174 const char *fn,
175 const char *line,
176 WriteStringFileFlags flags,
177 struct timespec *ts) {
178
179 _cleanup_fclose_ FILE *f = NULL;
180 _cleanup_free_ char *p = NULL;
181 int r;
182
183 assert(fn);
184 assert(line);
185
186 /* Note that we'd really like to use O_TMPFILE here, but can't really, since we want replacement
187 * semantics here, and O_TMPFILE can't offer that. i.e. rename() replaces but linkat() doesn't. */
188
189 r = fopen_temporary(fn, &f, &p);
190 if (r < 0)
191 return r;
192
193 r = write_string_stream_ts(f, line, flags, ts);
194 if (r < 0)
195 goto fail;
196
197 r = fchmod_umask(fileno(f), FLAGS_SET(flags, WRITE_STRING_FILE_MODE_0600) ? 0600 : 0644);
198 if (r < 0)
199 goto fail;
200
201 if (rename(p, fn) < 0) {
202 r = -errno;
203 goto fail;
204 }
205
206 if (FLAGS_SET(flags, WRITE_STRING_FILE_SYNC)) {
207 /* Sync the rename, too */
208 r = fsync_directory_of_file(fileno(f));
209 if (r < 0)
210 return r;
211 }
212
213 return 0;
214
215 fail:
216 (void) unlink(p);
217 return r;
218 }
219
220 int write_string_file_ts(
221 const char *fn,
222 const char *line,
223 WriteStringFileFlags flags,
224 struct timespec *ts) {
225
226 _cleanup_fclose_ FILE *f = NULL;
227 int q, r, fd;
228
229 assert(fn);
230 assert(line);
231
232 /* We don't know how to verify whether the file contents was already on-disk. */
233 assert(!((flags & WRITE_STRING_FILE_VERIFY_ON_FAILURE) && (flags & WRITE_STRING_FILE_SYNC)));
234
235 if (flags & WRITE_STRING_FILE_MKDIR_0755) {
236 r = mkdir_parents(fn, 0755);
237 if (r < 0)
238 return r;
239 }
240
241 if (flags & WRITE_STRING_FILE_ATOMIC) {
242 assert(flags & WRITE_STRING_FILE_CREATE);
243
244 r = write_string_file_atomic(fn, line, flags, ts);
245 if (r < 0)
246 goto fail;
247
248 return r;
249 } else
250 assert(!ts);
251
252 /* We manually build our own version of fopen(..., "we") that works without O_CREAT and with O_NOFOLLOW if needed. */
253 fd = open(fn, O_WRONLY|O_CLOEXEC|O_NOCTTY |
254 (FLAGS_SET(flags, WRITE_STRING_FILE_NOFOLLOW) ? O_NOFOLLOW : 0) |
255 (FLAGS_SET(flags, WRITE_STRING_FILE_CREATE) ? O_CREAT : 0),
256 (FLAGS_SET(flags, WRITE_STRING_FILE_MODE_0600) ? 0600 : 0666));
257 if (fd < 0) {
258 r = -errno;
259 goto fail;
260 }
261
262 r = fdopen_unlocked(fd, "w", &f);
263 if (r < 0) {
264 safe_close(fd);
265 goto fail;
266 }
267
268 if (flags & WRITE_STRING_FILE_DISABLE_BUFFER)
269 setvbuf(f, NULL, _IONBF, 0);
270
271 r = write_string_stream_ts(f, line, flags, ts);
272 if (r < 0)
273 goto fail;
274
275 return 0;
276
277 fail:
278 if (!(flags & WRITE_STRING_FILE_VERIFY_ON_FAILURE))
279 return r;
280
281 f = safe_fclose(f);
282
283 /* OK, the operation failed, but let's see if the right
284 * contents in place already. If so, eat up the error. */
285
286 q = verify_file(fn, line, !(flags & WRITE_STRING_FILE_AVOID_NEWLINE));
287 if (q <= 0)
288 return r;
289
290 return 0;
291 }
292
293 int write_string_filef(
294 const char *fn,
295 WriteStringFileFlags flags,
296 const char *format, ...) {
297
298 _cleanup_free_ char *p = NULL;
299 va_list ap;
300 int r;
301
302 va_start(ap, format);
303 r = vasprintf(&p, format, ap);
304 va_end(ap);
305
306 if (r < 0)
307 return -ENOMEM;
308
309 return write_string_file(fn, p, flags);
310 }
311
312 int read_one_line_file(const char *fn, char **line) {
313 _cleanup_fclose_ FILE *f = NULL;
314 int r;
315
316 assert(fn);
317 assert(line);
318
319 r = fopen_unlocked(fn, "re", &f);
320 if (r < 0)
321 return r;
322
323 return read_line(f, LONG_LINE_MAX, line);
324 }
325
326 int verify_file(const char *fn, const char *blob, bool accept_extra_nl) {
327 _cleanup_fclose_ FILE *f = NULL;
328 _cleanup_free_ char *buf = NULL;
329 size_t l, k;
330 int r;
331
332 assert(fn);
333 assert(blob);
334
335 l = strlen(blob);
336
337 if (accept_extra_nl && endswith(blob, "\n"))
338 accept_extra_nl = false;
339
340 buf = malloc(l + accept_extra_nl + 1);
341 if (!buf)
342 return -ENOMEM;
343
344 r = fopen_unlocked(fn, "re", &f);
345 if (r < 0)
346 return r;
347
348 /* We try to read one byte more than we need, so that we know whether we hit eof */
349 errno = 0;
350 k = fread(buf, 1, l + accept_extra_nl + 1, f);
351 if (ferror(f))
352 return errno_or_else(EIO);
353
354 if (k != l && k != l + accept_extra_nl)
355 return 0;
356 if (memcmp(buf, blob, l) != 0)
357 return 0;
358 if (k > l && buf[l] != '\n')
359 return 0;
360
361 return 1;
362 }
363
364 int read_full_virtual_file(const char *filename, char **ret_contents, size_t *ret_size) {
365 _cleanup_free_ char *buf = NULL;
366 _cleanup_close_ int fd = -1;
367 struct stat st;
368 size_t n, size;
369 int n_retries;
370 char *p;
371
372 assert(ret_contents);
373
374 /* Virtual filesystems such as sysfs or procfs use kernfs, and kernfs can work
375 * with two sorts of virtual files. One sort uses "seq_file", and the results of
376 * the first read are buffered for the second read. The other sort uses "raw"
377 * reads which always go direct to the device. In the latter case, the content of
378 * the virtual file must be retrieved with a single read otherwise a second read
379 * might get the new value instead of finding EOF immediately. That's the reason
380 * why the usage of fread(3) is prohibited in this case as it always performs a
381 * second call to read(2) looking for EOF. See issue 13585. */
382
383 fd = open(filename, O_RDONLY|O_CLOEXEC);
384 if (fd < 0)
385 return -errno;
386
387 /* Start size for files in /proc which usually report a file size of 0. */
388 size = LINE_MAX / 2;
389
390 /* Limit the number of attempts to read the number of bytes returned by fstat(). */
391 n_retries = 3;
392
393 for (;;) {
394 if (n_retries <= 0)
395 return -EIO;
396
397 if (fstat(fd, &st) < 0)
398 return -errno;
399
400 if (!S_ISREG(st.st_mode))
401 return -EBADF;
402
403 /* Be prepared for files from /proc which generally report a file size of 0. */
404 if (st.st_size > 0) {
405 size = st.st_size;
406 n_retries--;
407 } else
408 size = size * 2;
409
410 if (size > READ_FULL_BYTES_MAX)
411 return -E2BIG;
412
413 p = realloc(buf, size + 1);
414 if (!p)
415 return -ENOMEM;
416 buf = TAKE_PTR(p);
417
418 for (;;) {
419 ssize_t k;
420
421 /* Read one more byte so we can detect whether the content of the
422 * file has already changed or the guessed size for files from /proc
423 * wasn't large enough . */
424 k = read(fd, buf, size + 1);
425 if (k >= 0) {
426 n = k;
427 break;
428 }
429
430 if (errno != EINTR)
431 return -errno;
432 }
433
434 /* Consider a short read as EOF */
435 if (n <= size)
436 break;
437
438 /* Hmm... either we read too few bytes from /proc or less likely the content
439 * of the file might have been changed (and is now bigger) while we were
440 * processing, let's try again either with a bigger guessed size or the new
441 * file size. */
442
443 if (lseek(fd, 0, SEEK_SET) < 0)
444 return -errno;
445 }
446
447 if (n < size) {
448 p = realloc(buf, n + 1);
449 if (!p)
450 return -ENOMEM;
451 buf = TAKE_PTR(p);
452 }
453
454 if (!ret_size) {
455 /* Safety check: if the caller doesn't want to know the size of what we
456 * just read it will rely on the trailing NUL byte. But if there's an
457 * embedded NUL byte, then we should refuse operation as otherwise
458 * there'd be ambiguity about what we just read. */
459
460 if (memchr(buf, 0, n))
461 return -EBADMSG;
462 } else
463 *ret_size = n;
464
465 buf[n] = 0;
466 *ret_contents = TAKE_PTR(buf);
467
468 return 0;
469 }
470
471 int read_full_stream_full(
472 FILE *f,
473 const char *filename,
474 ReadFullFileFlags flags,
475 char **ret_contents,
476 size_t *ret_size) {
477
478 _cleanup_free_ char *buf = NULL;
479 struct stat st;
480 size_t n, n_next, l;
481 int fd, r;
482
483 assert(f);
484 assert(ret_contents);
485 assert(!FLAGS_SET(flags, READ_FULL_FILE_UNBASE64 | READ_FULL_FILE_UNHEX));
486
487 n_next = LINE_MAX; /* Start size */
488
489 fd = fileno(f);
490 if (fd >= 0) { /* If the FILE* object is backed by an fd (as opposed to memory or such, see fmemopen()), let's
491 * optimize our buffering */
492
493 if (fstat(fd, &st) < 0)
494 return -errno;
495
496 if (S_ISREG(st.st_mode)) {
497
498 /* Safety check */
499 if (st.st_size > READ_FULL_BYTES_MAX)
500 return -E2BIG;
501
502 /* Start with the right file size. Note that we increase the size
503 * to read here by one, so that the first read attempt already
504 * makes us notice the EOF. */
505 if (st.st_size > 0)
506 n_next = st.st_size + 1;
507
508 if (flags & READ_FULL_FILE_WARN_WORLD_READABLE)
509 (void) warn_file_is_world_accessible(filename, &st, NULL, 0);
510 }
511 }
512
513 n = l = 0;
514 for (;;) {
515 char *t;
516 size_t k;
517
518 if (flags & READ_FULL_FILE_SECURE) {
519 t = malloc(n_next + 1);
520 if (!t) {
521 r = -ENOMEM;
522 goto finalize;
523 }
524 memcpy_safe(t, buf, n);
525 explicit_bzero_safe(buf, n);
526 buf = mfree(buf);
527 } else {
528 t = realloc(buf, n_next + 1);
529 if (!t)
530 return -ENOMEM;
531 }
532
533 buf = t;
534 n = n_next;
535
536 errno = 0;
537 k = fread(buf + l, 1, n - l, f);
538
539 assert(k <= n - l);
540 l += k;
541
542 if (ferror(f)) {
543 r = errno_or_else(EIO);
544 goto finalize;
545 }
546 if (feof(f))
547 break;
548
549 assert(k > 0); /* we can't have read zero bytes because that would have been EOF */
550
551 /* Safety check */
552 if (n >= READ_FULL_BYTES_MAX) {
553 r = -E2BIG;
554 goto finalize;
555 }
556
557 n_next = MIN(n * 2, READ_FULL_BYTES_MAX);
558 }
559
560 if (flags & (READ_FULL_FILE_UNBASE64 | READ_FULL_FILE_UNHEX)) {
561 _cleanup_free_ void *decoded = NULL;
562 size_t decoded_size;
563
564 buf[l++] = 0;
565 if (flags & READ_FULL_FILE_UNBASE64)
566 r = unbase64mem_full(buf, l, flags & READ_FULL_FILE_SECURE, &decoded, &decoded_size);
567 else
568 r = unhexmem_full(buf, l, flags & READ_FULL_FILE_SECURE, &decoded, &decoded_size);
569 if (r < 0)
570 goto finalize;
571
572 if (flags & READ_FULL_FILE_SECURE)
573 explicit_bzero_safe(buf, n);
574 free_and_replace(buf, decoded);
575 n = l = decoded_size;
576 }
577
578 if (!ret_size) {
579 /* Safety check: if the caller doesn't want to know the size of what we just read it will rely on the
580 * trailing NUL byte. But if there's an embedded NUL byte, then we should refuse operation as otherwise
581 * there'd be ambiguity about what we just read. */
582
583 if (memchr(buf, 0, l)) {
584 r = -EBADMSG;
585 goto finalize;
586 }
587 }
588
589 buf[l] = 0;
590 *ret_contents = TAKE_PTR(buf);
591
592 if (ret_size)
593 *ret_size = l;
594
595 return 0;
596
597 finalize:
598 if (flags & READ_FULL_FILE_SECURE)
599 explicit_bzero_safe(buf, n);
600
601 return r;
602 }
603
604 int read_full_file_full(int dir_fd, const char *filename, ReadFullFileFlags flags, char **contents, size_t *size) {
605 _cleanup_fclose_ FILE *f = NULL;
606 int r;
607
608 assert(filename);
609 assert(contents);
610
611 r = xfopenat(dir_fd, filename, "re", 0, &f);
612 if (r < 0) {
613 _cleanup_close_ int dfd = -1, sk = -1;
614 union sockaddr_union sa;
615
616 /* ENXIO is what Linux returns if we open a node that is an AF_UNIX socket */
617 if (r != -ENXIO)
618 return r;
619
620 /* If this is enabled, let's try to connect to it */
621 if (!FLAGS_SET(flags, READ_FULL_FILE_CONNECT_SOCKET))
622 return -ENXIO;
623
624 if (dir_fd == AT_FDCWD)
625 r = sockaddr_un_set_path(&sa.un, filename);
626 else {
627 char procfs_path[STRLEN("/proc/self/fd/") + DECIMAL_STR_MAX(int)];
628
629 /* If we shall operate relative to some directory, then let's use O_PATH first to
630 * open the socket inode, and then connect to it via /proc/self/fd/. We have to do
631 * this since there's not connectat() that takes a directory fd as first arg. */
632
633 dfd = openat(dir_fd, filename, O_PATH|O_CLOEXEC);
634 if (dfd < 0)
635 return -errno;
636
637 xsprintf(procfs_path, "/proc/self/fd/%i", dfd);
638 r = sockaddr_un_set_path(&sa.un, procfs_path);
639 }
640 if (r < 0)
641 return r;
642
643 sk = socket(AF_UNIX, SOCK_STREAM|SOCK_CLOEXEC, 0);
644 if (sk < 0)
645 return -errno;
646
647 if (connect(sk, &sa.sa, SOCKADDR_UN_LEN(sa.un)) < 0)
648 return errno == ENOTSOCK ? -ENXIO : -errno; /* propagate original error if this is
649 * not a socket after all */
650
651 if (shutdown(sk, SHUT_WR) < 0)
652 return -errno;
653
654 f = fdopen(sk, "r");
655 if (!f)
656 return -errno;
657
658 TAKE_FD(sk);
659 }
660
661 (void) __fsetlocking(f, FSETLOCKING_BYCALLER);
662
663 return read_full_stream_full(f, filename, flags, contents, size);
664 }
665
666 int executable_is_script(const char *path, char **interpreter) {
667 _cleanup_free_ char *line = NULL;
668 size_t len;
669 char *ans;
670 int r;
671
672 assert(path);
673
674 r = read_one_line_file(path, &line);
675 if (r == -ENOBUFS) /* First line overly long? if so, then it's not a script */
676 return 0;
677 if (r < 0)
678 return r;
679
680 if (!startswith(line, "#!"))
681 return 0;
682
683 ans = strstrip(line + 2);
684 len = strcspn(ans, " \t");
685
686 if (len == 0)
687 return 0;
688
689 ans = strndup(ans, len);
690 if (!ans)
691 return -ENOMEM;
692
693 *interpreter = ans;
694 return 1;
695 }
696
697 /**
698 * Retrieve one field from a file like /proc/self/status. pattern
699 * should not include whitespace or the delimiter (':'). pattern matches only
700 * the beginning of a line. Whitespace before ':' is skipped. Whitespace and
701 * zeros after the ':' will be skipped. field must be freed afterwards.
702 * terminator specifies the terminating characters of the field value (not
703 * included in the value).
704 */
705 int get_proc_field(const char *filename, const char *pattern, const char *terminator, char **field) {
706 _cleanup_free_ char *status = NULL;
707 char *t, *f;
708 size_t len;
709 int r;
710
711 assert(terminator);
712 assert(filename);
713 assert(pattern);
714 assert(field);
715
716 r = read_full_virtual_file(filename, &status, NULL);
717 if (r < 0)
718 return r;
719
720 t = status;
721
722 do {
723 bool pattern_ok;
724
725 do {
726 t = strstr(t, pattern);
727 if (!t)
728 return -ENOENT;
729
730 /* Check that pattern occurs in beginning of line. */
731 pattern_ok = (t == status || t[-1] == '\n');
732
733 t += strlen(pattern);
734
735 } while (!pattern_ok);
736
737 t += strspn(t, " \t");
738 if (!*t)
739 return -ENOENT;
740
741 } while (*t != ':');
742
743 t++;
744
745 if (*t) {
746 t += strspn(t, " \t");
747
748 /* Also skip zeros, because when this is used for
749 * capabilities, we don't want the zeros. This way the
750 * same capability set always maps to the same string,
751 * irrespective of the total capability set size. For
752 * other numbers it shouldn't matter. */
753 t += strspn(t, "0");
754 /* Back off one char if there's nothing but whitespace
755 and zeros */
756 if (!*t || isspace(*t))
757 t--;
758 }
759
760 len = strcspn(t, terminator);
761
762 f = strndup(t, len);
763 if (!f)
764 return -ENOMEM;
765
766 *field = f;
767 return 0;
768 }
769
770 DIR *xopendirat(int fd, const char *name, int flags) {
771 int nfd;
772 DIR *d;
773
774 assert(!(flags & O_CREAT));
775
776 nfd = openat(fd, name, O_RDONLY|O_NONBLOCK|O_DIRECTORY|O_CLOEXEC|flags, 0);
777 if (nfd < 0)
778 return NULL;
779
780 d = fdopendir(nfd);
781 if (!d) {
782 safe_close(nfd);
783 return NULL;
784 }
785
786 return d;
787 }
788
789 static int mode_to_flags(const char *mode) {
790 const char *p;
791 int flags;
792
793 if ((p = startswith(mode, "r+")))
794 flags = O_RDWR;
795 else if ((p = startswith(mode, "r")))
796 flags = O_RDONLY;
797 else if ((p = startswith(mode, "w+")))
798 flags = O_RDWR|O_CREAT|O_TRUNC;
799 else if ((p = startswith(mode, "w")))
800 flags = O_WRONLY|O_CREAT|O_TRUNC;
801 else if ((p = startswith(mode, "a+")))
802 flags = O_RDWR|O_CREAT|O_APPEND;
803 else if ((p = startswith(mode, "a")))
804 flags = O_WRONLY|O_CREAT|O_APPEND;
805 else
806 return -EINVAL;
807
808 for (; *p != 0; p++) {
809
810 switch (*p) {
811
812 case 'e':
813 flags |= O_CLOEXEC;
814 break;
815
816 case 'x':
817 flags |= O_EXCL;
818 break;
819
820 case 'm':
821 /* ignore this here, fdopen() might care later though */
822 break;
823
824 case 'c': /* not sure what to do about this one */
825 default:
826 return -EINVAL;
827 }
828 }
829
830 return flags;
831 }
832
833 int xfopenat(int dir_fd, const char *path, const char *mode, int flags, FILE **ret) {
834 FILE *f;
835
836 /* A combination of fopen() with openat() */
837
838 if (dir_fd == AT_FDCWD && flags == 0) {
839 f = fopen(path, mode);
840 if (!f)
841 return -errno;
842 } else {
843 int fd, mode_flags;
844
845 mode_flags = mode_to_flags(mode);
846 if (mode_flags < 0)
847 return mode_flags;
848
849 fd = openat(dir_fd, path, mode_flags | flags);
850 if (fd < 0)
851 return -errno;
852
853 f = fdopen(fd, mode);
854 if (!f) {
855 safe_close(fd);
856 return -errno;
857 }
858 }
859
860 *ret = f;
861 return 0;
862 }
863
864 static int search_and_fopen_internal(const char *path, const char *mode, const char *root, char **search, FILE **_f) {
865 char **i;
866
867 assert(path);
868 assert(mode);
869 assert(_f);
870
871 if (!path_strv_resolve_uniq(search, root))
872 return -ENOMEM;
873
874 STRV_FOREACH(i, search) {
875 _cleanup_free_ char *p = NULL;
876 FILE *f;
877
878 p = path_join(root, *i, path);
879 if (!p)
880 return -ENOMEM;
881
882 f = fopen(p, mode);
883 if (f) {
884 *_f = f;
885 return 0;
886 }
887
888 if (errno != ENOENT)
889 return -errno;
890 }
891
892 return -ENOENT;
893 }
894
895 int search_and_fopen(const char *path, const char *mode, const char *root, const char **search, FILE **_f) {
896 _cleanup_strv_free_ char **copy = NULL;
897
898 assert(path);
899 assert(mode);
900 assert(_f);
901
902 if (path_is_absolute(path)) {
903 FILE *f;
904
905 f = fopen(path, mode);
906 if (f) {
907 *_f = f;
908 return 0;
909 }
910
911 return -errno;
912 }
913
914 copy = strv_copy((char**) search);
915 if (!copy)
916 return -ENOMEM;
917
918 return search_and_fopen_internal(path, mode, root, copy, _f);
919 }
920
921 int search_and_fopen_nulstr(const char *path, const char *mode, const char *root, const char *search, FILE **_f) {
922 _cleanup_strv_free_ char **s = NULL;
923
924 if (path_is_absolute(path)) {
925 FILE *f;
926
927 f = fopen(path, mode);
928 if (f) {
929 *_f = f;
930 return 0;
931 }
932
933 return -errno;
934 }
935
936 s = strv_split_nulstr(search);
937 if (!s)
938 return -ENOMEM;
939
940 return search_and_fopen_internal(path, mode, root, s, _f);
941 }
942
943 int fflush_and_check(FILE *f) {
944 assert(f);
945
946 errno = 0;
947 fflush(f);
948
949 if (ferror(f))
950 return errno_or_else(EIO);
951
952 return 0;
953 }
954
955 int fflush_sync_and_check(FILE *f) {
956 int r, fd;
957
958 assert(f);
959
960 r = fflush_and_check(f);
961 if (r < 0)
962 return r;
963
964 /* Not all file streams have an fd associated (think: fmemopen()), let's handle this gracefully and
965 * assume that in that case we need no explicit syncing */
966 fd = fileno(f);
967 if (fd < 0)
968 return 0;
969
970 if (fsync(fd) < 0)
971 return -errno;
972
973 r = fsync_directory_of_file(fd);
974 if (r < 0)
975 return r;
976
977 return 0;
978 }
979
980 int write_timestamp_file_atomic(const char *fn, usec_t n) {
981 char ln[DECIMAL_STR_MAX(n)+2];
982
983 /* Creates a "timestamp" file, that contains nothing but a
984 * usec_t timestamp, formatted in ASCII. */
985
986 if (n <= 0 || n >= USEC_INFINITY)
987 return -ERANGE;
988
989 xsprintf(ln, USEC_FMT "\n", n);
990
991 return write_string_file(fn, ln, WRITE_STRING_FILE_CREATE|WRITE_STRING_FILE_ATOMIC);
992 }
993
994 int read_timestamp_file(const char *fn, usec_t *ret) {
995 _cleanup_free_ char *ln = NULL;
996 uint64_t t;
997 int r;
998
999 r = read_one_line_file(fn, &ln);
1000 if (r < 0)
1001 return r;
1002
1003 r = safe_atou64(ln, &t);
1004 if (r < 0)
1005 return r;
1006
1007 if (t <= 0 || t >= (uint64_t) USEC_INFINITY)
1008 return -ERANGE;
1009
1010 *ret = (usec_t) t;
1011 return 0;
1012 }
1013
1014 int fputs_with_space(FILE *f, const char *s, const char *separator, bool *space) {
1015 int r;
1016
1017 assert(s);
1018
1019 /* Outputs the specified string with fputs(), but optionally prefixes it with a separator. The *space parameter
1020 * when specified shall initially point to a boolean variable initialized to false. It is set to true after the
1021 * first invocation. This call is supposed to be use in loops, where a separator shall be inserted between each
1022 * element, but not before the first one. */
1023
1024 if (!f)
1025 f = stdout;
1026
1027 if (space) {
1028 if (!separator)
1029 separator = " ";
1030
1031 if (*space) {
1032 r = fputs(separator, f);
1033 if (r < 0)
1034 return r;
1035 }
1036
1037 *space = true;
1038 }
1039
1040 return fputs(s, f);
1041 }
1042
1043 /* A bitmask of the EOL markers we know */
1044 typedef enum EndOfLineMarker {
1045 EOL_NONE = 0,
1046 EOL_ZERO = 1 << 0, /* \0 (aka NUL) */
1047 EOL_TEN = 1 << 1, /* \n (aka NL, aka LF) */
1048 EOL_THIRTEEN = 1 << 2, /* \r (aka CR) */
1049 } EndOfLineMarker;
1050
1051 static EndOfLineMarker categorize_eol(char c, ReadLineFlags flags) {
1052
1053 if (!IN_SET(flags, READ_LINE_ONLY_NUL)) {
1054 if (c == '\n')
1055 return EOL_TEN;
1056 if (c == '\r')
1057 return EOL_THIRTEEN;
1058 }
1059
1060 if (c == '\0')
1061 return EOL_ZERO;
1062
1063 return EOL_NONE;
1064 }
1065
1066 DEFINE_TRIVIAL_CLEANUP_FUNC(FILE*, funlockfile);
1067
1068 int read_line_full(FILE *f, size_t limit, ReadLineFlags flags, char **ret) {
1069 size_t n = 0, allocated = 0, count = 0;
1070 _cleanup_free_ char *buffer = NULL;
1071 int r;
1072
1073 assert(f);
1074
1075 /* Something like a bounded version of getline().
1076 *
1077 * Considers EOF, \n, \r and \0 end of line delimiters (or combinations of these), and does not include these
1078 * delimiters in the string returned. Specifically, recognizes the following combinations of markers as line
1079 * endings:
1080 *
1081 * • \n (UNIX)
1082 * • \r (old MacOS)
1083 * • \0 (C strings)
1084 * • \n\0
1085 * • \r\0
1086 * • \r\n (Windows)
1087 * • \n\r
1088 * • \r\n\0
1089 * • \n\r\0
1090 *
1091 * Returns the number of bytes read from the files (i.e. including delimiters — this hence usually differs from
1092 * the number of characters in the returned string). When EOF is hit, 0 is returned.
1093 *
1094 * The input parameter limit is the maximum numbers of characters in the returned string, i.e. excluding
1095 * delimiters. If the limit is hit we fail and return -ENOBUFS.
1096 *
1097 * If a line shall be skipped ret may be initialized as NULL. */
1098
1099 if (ret) {
1100 if (!GREEDY_REALLOC(buffer, allocated, 1))
1101 return -ENOMEM;
1102 }
1103
1104 {
1105 _unused_ _cleanup_(funlockfilep) FILE *flocked = f;
1106 EndOfLineMarker previous_eol = EOL_NONE;
1107 flockfile(f);
1108
1109 for (;;) {
1110 EndOfLineMarker eol;
1111 char c;
1112
1113 if (n >= limit)
1114 return -ENOBUFS;
1115
1116 if (count >= INT_MAX) /* We couldn't return the counter anymore as "int", hence refuse this */
1117 return -ENOBUFS;
1118
1119 r = safe_fgetc(f, &c);
1120 if (r < 0)
1121 return r;
1122 if (r == 0) /* EOF is definitely EOL */
1123 break;
1124
1125 eol = categorize_eol(c, flags);
1126
1127 if (FLAGS_SET(previous_eol, EOL_ZERO) ||
1128 (eol == EOL_NONE && previous_eol != EOL_NONE) ||
1129 (eol != EOL_NONE && (previous_eol & eol) != 0)) {
1130 /* Previous char was a NUL? This is not an EOL, but the previous char was? This type of
1131 * EOL marker has been seen right before? In either of these three cases we are
1132 * done. But first, let's put this character back in the queue. (Note that we have to
1133 * cast this to (unsigned char) here as ungetc() expects a positive 'int', and if we
1134 * are on an architecture where 'char' equals 'signed char' we need to ensure we don't
1135 * pass a negative value here. That said, to complicate things further ungetc() is
1136 * actually happy with most negative characters and implicitly casts them back to
1137 * positive ones as needed, except for \xff (aka -1, aka EOF), which it refuses. What a
1138 * godawful API!) */
1139 assert_se(ungetc((unsigned char) c, f) != EOF);
1140 break;
1141 }
1142
1143 count++;
1144
1145 if (eol != EOL_NONE) {
1146 /* If we are on a tty, we can't shouldn't wait for more input, because that
1147 * generally means waiting for the user, interactively. In the case of a TTY
1148 * we expect only \n as the single EOL marker, so we are in the lucky
1149 * position that there is no need to wait. We check this condition last, to
1150 * avoid isatty() check if not necessary. */
1151
1152 if ((flags & (READ_LINE_IS_A_TTY|READ_LINE_NOT_A_TTY)) == 0) {
1153 int fd;
1154
1155 fd = fileno(f);
1156 if (fd < 0) /* Maybe an fmemopen() stream? Handle this gracefully,
1157 * and don't call isatty() on an invalid fd */
1158 flags |= READ_LINE_NOT_A_TTY;
1159 else
1160 flags |= isatty(fd) ? READ_LINE_IS_A_TTY : READ_LINE_NOT_A_TTY;
1161 }
1162 if (FLAGS_SET(flags, READ_LINE_IS_A_TTY))
1163 break;
1164 }
1165
1166 if (eol != EOL_NONE) {
1167 previous_eol |= eol;
1168 continue;
1169 }
1170
1171 if (ret) {
1172 if (!GREEDY_REALLOC(buffer, allocated, n + 2))
1173 return -ENOMEM;
1174
1175 buffer[n] = c;
1176 }
1177
1178 n++;
1179 }
1180 }
1181
1182 if (ret) {
1183 buffer[n] = 0;
1184
1185 *ret = TAKE_PTR(buffer);
1186 }
1187
1188 return (int) count;
1189 }
1190
1191 int safe_fgetc(FILE *f, char *ret) {
1192 int k;
1193
1194 assert(f);
1195
1196 /* A safer version of plain fgetc(): let's propagate the error that happened while reading as such, and
1197 * separate the EOF condition from the byte read, to avoid those confusion signed/unsigned issues fgetc()
1198 * has. */
1199
1200 errno = 0;
1201 k = fgetc(f);
1202 if (k == EOF) {
1203 if (ferror(f))
1204 return errno_or_else(EIO);
1205
1206 if (ret)
1207 *ret = 0;
1208
1209 return 0;
1210 }
1211
1212 if (ret)
1213 *ret = k;
1214
1215 return 1;
1216 }
1217
1218 int warn_file_is_world_accessible(const char *filename, struct stat *st, const char *unit, unsigned line) {
1219 struct stat _st;
1220
1221 if (!filename)
1222 return 0;
1223
1224 if (!st) {
1225 if (stat(filename, &_st) < 0)
1226 return -errno;
1227 st = &_st;
1228 }
1229
1230 if ((st->st_mode & S_IRWXO) == 0)
1231 return 0;
1232
1233 if (unit)
1234 log_syntax(unit, LOG_WARNING, filename, line, 0,
1235 "%s has %04o mode that is too permissive, please adjust the ownership and access mode.",
1236 filename, st->st_mode & 07777);
1237 else
1238 log_warning("%s has %04o mode that is too permissive, please adjust the ownership and access mode.",
1239 filename, st->st_mode & 07777);
1240 return 0;
1241 }
1242
1243 int sync_rights(int from, int to) {
1244 struct stat st;
1245
1246 if (fstat(from, &st) < 0)
1247 return -errno;
1248
1249 return fchmod_and_chown(to, st.st_mode & 07777, st.st_uid, st.st_gid);
1250 }
1251
1252 int rename_and_apply_smack_floor_label(const char *from, const char *to) {
1253 int r = 0;
1254 if (rename(from, to) < 0)
1255 return -errno;
1256
1257 #ifdef SMACK_RUN_LABEL
1258 r = mac_smack_apply(to, SMACK_ATTR_ACCESS, SMACK_FLOOR_LABEL);
1259 if (r < 0)
1260 return r;
1261 #endif
1262 return r;
1263 }
Unnamed repository; edit this file 'description' to name the repository.