]> git.ipfire.org Git - thirdparty/systemd.git/blob - src/basic/fileio.c
projects / thirdparty / systemd.git / blob
? search:
summary | shortlog | log | commit | commitdiff | tree
blame | history | raw | HEAD
Merge pull request #17766 from weblate/weblate-systemd-master
[thirdparty/systemd.git] / src / basic / fileio.c
1 /* SPDX-License-Identifier: LGPL-2.1-or-later */
2
3 #include <ctype.h>
4 #include <errno.h>
5 #include <fcntl.h>
6 #include <limits.h>
7 #include <stdarg.h>
8 #include <stdint.h>
9 #include <stdio_ext.h>
10 #include <stdlib.h>
11 #include <sys/stat.h>
12 #include <sys/types.h>
13 #include <unistd.h>
14
15 #include "alloc-util.h"
16 #include "fd-util.h"
17 #include "fileio.h"
18 #include "fs-util.h"
19 #include "hexdecoct.h"
20 #include "log.h"
21 #include "macro.h"
22 #include "mkdir.h"
23 #include "parse-util.h"
24 #include "path-util.h"
25 #include "socket-util.h"
26 #include "stdio-util.h"
27 #include "string-util.h"
28 #include "tmpfile-util.h"
29
30 #define READ_FULL_BYTES_MAX (4U*1024U*1024U)
31
32 int fopen_unlocked(const char *path, const char *options, FILE **ret) {
33 assert(ret);
34
35 FILE *f = fopen(path, options);
36 if (!f)
37 return -errno;
38
39 (void) __fsetlocking(f, FSETLOCKING_BYCALLER);
40
41 *ret = f;
42 return 0;
43 }
44
45 int fdopen_unlocked(int fd, const char *options, FILE **ret) {
46 assert(ret);
47
48 FILE *f = fdopen(fd, options);
49 if (!f)
50 return -errno;
51
52 (void) __fsetlocking(f, FSETLOCKING_BYCALLER);
53
54 *ret = f;
55 return 0;
56 }
57
58 int take_fdopen_unlocked(int *fd, const char *options, FILE **ret) {
59 int r;
60
61 assert(fd);
62
63 r = fdopen_unlocked(*fd, options, ret);
64 if (r < 0)
65 return r;
66
67 *fd = -1;
68
69 return 0;
70 }
71
72 FILE* take_fdopen(int *fd, const char *options) {
73 assert(fd);
74
75 FILE *f = fdopen(*fd, options);
76 if (!f)
77 return NULL;
78
79 *fd = -1;
80
81 return f;
82 }
83
84 DIR* take_fdopendir(int *dfd) {
85 assert(dfd);
86
87 DIR *d = fdopendir(*dfd);
88 if (!d)
89 return NULL;
90
91 *dfd = -1;
92
93 return d;
94 }
95
96 FILE* open_memstream_unlocked(char **ptr, size_t *sizeloc) {
97 FILE *f = open_memstream(ptr, sizeloc);
98 if (!f)
99 return NULL;
100
101 (void) __fsetlocking(f, FSETLOCKING_BYCALLER);
102
103 return f;
104 }
105
106 FILE* fmemopen_unlocked(void *buf, size_t size, const char *mode) {
107 FILE *f = fmemopen(buf, size, mode);
108 if (!f)
109 return NULL;
110
111 (void) __fsetlocking(f, FSETLOCKING_BYCALLER);
112
113 return f;
114 }
115
116 int write_string_stream_ts(
117 FILE *f,
118 const char *line,
119 WriteStringFileFlags flags,
120 const struct timespec *ts) {
121
122 bool needs_nl;
123 int r, fd;
124
125 assert(f);
126 assert(line);
127
128 if (ferror(f))
129 return -EIO;
130
131 if (ts) {
132 /* If we shall set the timestamp we need the fd. But fmemopen() streams generally don't have
133 * an fd. Let's fail early in that case. */
134 fd = fileno(f);
135 if (fd < 0)
136 return -EBADF;
137 }
138
139 needs_nl = !(flags & WRITE_STRING_FILE_AVOID_NEWLINE) && !endswith(line, "\n");
140
141 if (needs_nl && (flags & WRITE_STRING_FILE_DISABLE_BUFFER)) {
142 /* If STDIO buffering was disabled, then let's append the newline character to the string itself, so
143 * that the write goes out in one go, instead of two */
144
145 line = strjoina(line, "\n");
146 needs_nl = false;
147 }
148
149 if (fputs(line, f) == EOF)
150 return -errno;
151
152 if (needs_nl)
153 if (fputc('\n', f) == EOF)
154 return -errno;
155
156 if (flags & WRITE_STRING_FILE_SYNC)
157 r = fflush_sync_and_check(f);
158 else
159 r = fflush_and_check(f);
160 if (r < 0)
161 return r;
162
163 if (ts) {
164 const struct timespec twice[2] = {*ts, *ts};
165
166 if (futimens(fd, twice) < 0)
167 return -errno;
168 }
169
170 return 0;
171 }
172
173 static int write_string_file_atomic(
174 const char *fn,
175 const char *line,
176 WriteStringFileFlags flags,
177 const struct timespec *ts) {
178
179 _cleanup_fclose_ FILE *f = NULL;
180 _cleanup_free_ char *p = NULL;
181 int r;
182
183 assert(fn);
184 assert(line);
185
186 /* Note that we'd really like to use O_TMPFILE here, but can't really, since we want replacement
187 * semantics here, and O_TMPFILE can't offer that. i.e. rename() replaces but linkat() doesn't. */
188
189 r = fopen_temporary(fn, &f, &p);
190 if (r < 0)
191 return r;
192
193 r = write_string_stream_ts(f, line, flags, ts);
194 if (r < 0)
195 goto fail;
196
197 r = fchmod_umask(fileno(f), FLAGS_SET(flags, WRITE_STRING_FILE_MODE_0600) ? 0600 : 0644);
198 if (r < 0)
199 goto fail;
200
201 if (rename(p, fn) < 0) {
202 r = -errno;
203 goto fail;
204 }
205
206 if (FLAGS_SET(flags, WRITE_STRING_FILE_SYNC)) {
207 /* Sync the rename, too */
208 r = fsync_directory_of_file(fileno(f));
209 if (r < 0)
210 return r;
211 }
212
213 return 0;
214
215 fail:
216 (void) unlink(p);
217 return r;
218 }
219
220 int write_string_file_ts(
221 const char *fn,
222 const char *line,
223 WriteStringFileFlags flags,
224 const struct timespec *ts) {
225
226 _cleanup_fclose_ FILE *f = NULL;
227 int q, r, fd;
228
229 assert(fn);
230 assert(line);
231
232 /* We don't know how to verify whether the file contents was already on-disk. */
233 assert(!((flags & WRITE_STRING_FILE_VERIFY_ON_FAILURE) && (flags & WRITE_STRING_FILE_SYNC)));
234
235 if (flags & WRITE_STRING_FILE_MKDIR_0755) {
236 r = mkdir_parents(fn, 0755);
237 if (r < 0)
238 return r;
239 }
240
241 if (flags & WRITE_STRING_FILE_ATOMIC) {
242 assert(flags & WRITE_STRING_FILE_CREATE);
243
244 r = write_string_file_atomic(fn, line, flags, ts);
245 if (r < 0)
246 goto fail;
247
248 return r;
249 } else
250 assert(!ts);
251
252 /* We manually build our own version of fopen(..., "we") that works without O_CREAT and with O_NOFOLLOW if needed. */
253 fd = open(fn, O_WRONLY|O_CLOEXEC|O_NOCTTY |
254 (FLAGS_SET(flags, WRITE_STRING_FILE_NOFOLLOW) ? O_NOFOLLOW : 0) |
255 (FLAGS_SET(flags, WRITE_STRING_FILE_CREATE) ? O_CREAT : 0) |
256 (FLAGS_SET(flags, WRITE_STRING_FILE_TRUNCATE) ? O_TRUNC : 0),
257 (FLAGS_SET(flags, WRITE_STRING_FILE_MODE_0600) ? 0600 : 0666));
258 if (fd < 0) {
259 r = -errno;
260 goto fail;
261 }
262
263 r = fdopen_unlocked(fd, "w", &f);
264 if (r < 0) {
265 safe_close(fd);
266 goto fail;
267 }
268
269 if (flags & WRITE_STRING_FILE_DISABLE_BUFFER)
270 setvbuf(f, NULL, _IONBF, 0);
271
272 r = write_string_stream_ts(f, line, flags, ts);
273 if (r < 0)
274 goto fail;
275
276 return 0;
277
278 fail:
279 if (!(flags & WRITE_STRING_FILE_VERIFY_ON_FAILURE))
280 return r;
281
282 f = safe_fclose(f);
283
284 /* OK, the operation failed, but let's see if the right
285 * contents in place already. If so, eat up the error. */
286
287 q = verify_file(fn, line, !(flags & WRITE_STRING_FILE_AVOID_NEWLINE));
288 if (q <= 0)
289 return r;
290
291 return 0;
292 }
293
294 int write_string_filef(
295 const char *fn,
296 WriteStringFileFlags flags,
297 const char *format, ...) {
298
299 _cleanup_free_ char *p = NULL;
300 va_list ap;
301 int r;
302
303 va_start(ap, format);
304 r = vasprintf(&p, format, ap);
305 va_end(ap);
306
307 if (r < 0)
308 return -ENOMEM;
309
310 return write_string_file(fn, p, flags);
311 }
312
313 int read_one_line_file(const char *fn, char **line) {
314 _cleanup_fclose_ FILE *f = NULL;
315 int r;
316
317 assert(fn);
318 assert(line);
319
320 r = fopen_unlocked(fn, "re", &f);
321 if (r < 0)
322 return r;
323
324 return read_line(f, LONG_LINE_MAX, line);
325 }
326
327 int verify_file(const char *fn, const char *blob, bool accept_extra_nl) {
328 _cleanup_fclose_ FILE *f = NULL;
329 _cleanup_free_ char *buf = NULL;
330 size_t l, k;
331 int r;
332
333 assert(fn);
334 assert(blob);
335
336 l = strlen(blob);
337
338 if (accept_extra_nl && endswith(blob, "\n"))
339 accept_extra_nl = false;
340
341 buf = malloc(l + accept_extra_nl + 1);
342 if (!buf)
343 return -ENOMEM;
344
345 r = fopen_unlocked(fn, "re", &f);
346 if (r < 0)
347 return r;
348
349 /* We try to read one byte more than we need, so that we know whether we hit eof */
350 errno = 0;
351 k = fread(buf, 1, l + accept_extra_nl + 1, f);
352 if (ferror(f))
353 return errno_or_else(EIO);
354
355 if (k != l && k != l + accept_extra_nl)
356 return 0;
357 if (memcmp(buf, blob, l) != 0)
358 return 0;
359 if (k > l && buf[l] != '\n')
360 return 0;
361
362 return 1;
363 }
364
365 int read_full_virtual_file(const char *filename, char **ret_contents, size_t *ret_size) {
366 _cleanup_free_ char *buf = NULL;
367 _cleanup_close_ int fd = -1;
368 struct stat st;
369 size_t n, size;
370 int n_retries;
371 char *p;
372
373 assert(ret_contents);
374
375 /* Virtual filesystems such as sysfs or procfs use kernfs, and kernfs can work
376 * with two sorts of virtual files. One sort uses "seq_file", and the results of
377 * the first read are buffered for the second read. The other sort uses "raw"
378 * reads which always go direct to the device. In the latter case, the content of
379 * the virtual file must be retrieved with a single read otherwise a second read
380 * might get the new value instead of finding EOF immediately. That's the reason
381 * why the usage of fread(3) is prohibited in this case as it always performs a
382 * second call to read(2) looking for EOF. See issue 13585. */
383
384 fd = open(filename, O_RDONLY|O_CLOEXEC);
385 if (fd < 0)
386 return -errno;
387
388 /* Start size for files in /proc which usually report a file size of 0. */
389 size = LINE_MAX / 2;
390
391 /* Limit the number of attempts to read the number of bytes returned by fstat(). */
392 n_retries = 3;
393
394 for (;;) {
395 if (n_retries <= 0)
396 return -EIO;
397
398 if (fstat(fd, &st) < 0)
399 return -errno;
400
401 if (!S_ISREG(st.st_mode))
402 return -EBADF;
403
404 /* Be prepared for files from /proc which generally report a file size of 0. */
405 if (st.st_size > 0) {
406 size = st.st_size;
407 n_retries--;
408 } else
409 size = size * 2;
410
411 if (size > READ_FULL_BYTES_MAX)
412 return -E2BIG;
413
414 p = realloc(buf, size + 1);
415 if (!p)
416 return -ENOMEM;
417 buf = TAKE_PTR(p);
418
419 for (;;) {
420 ssize_t k;
421
422 /* Read one more byte so we can detect whether the content of the
423 * file has already changed or the guessed size for files from /proc
424 * wasn't large enough . */
425 k = read(fd, buf, size + 1);
426 if (k >= 0) {
427 n = k;
428 break;
429 }
430
431 if (errno != EINTR)
432 return -errno;
433 }
434
435 /* Consider a short read as EOF */
436 if (n <= size)
437 break;
438
439 /* Hmm... either we read too few bytes from /proc or less likely the content
440 * of the file might have been changed (and is now bigger) while we were
441 * processing, let's try again either with a bigger guessed size or the new
442 * file size. */
443
444 if (lseek(fd, 0, SEEK_SET) < 0)
445 return -errno;
446 }
447
448 if (n < size) {
449 p = realloc(buf, n + 1);
450 if (!p)
451 return -ENOMEM;
452 buf = TAKE_PTR(p);
453 }
454
455 if (!ret_size) {
456 /* Safety check: if the caller doesn't want to know the size of what we
457 * just read it will rely on the trailing NUL byte. But if there's an
458 * embedded NUL byte, then we should refuse operation as otherwise
459 * there'd be ambiguity about what we just read. */
460
461 if (memchr(buf, 0, n))
462 return -EBADMSG;
463 } else
464 *ret_size = n;
465
466 buf[n] = 0;
467 *ret_contents = TAKE_PTR(buf);
468
469 return 0;
470 }
471
472 int read_full_stream_full(
473 FILE *f,
474 const char *filename,
475 uint64_t offset,
476 size_t size,
477 ReadFullFileFlags flags,
478 char **ret_contents,
479 size_t *ret_size) {
480
481 _cleanup_free_ char *buf = NULL;
482 size_t n, n_next, l;
483 int fd, r;
484
485 assert(f);
486 assert(ret_contents);
487 assert(!FLAGS_SET(flags, READ_FULL_FILE_UNBASE64 | READ_FULL_FILE_UNHEX));
488
489 if (offset != UINT64_MAX && offset > LONG_MAX)
490 return -ERANGE;
491
492 n_next = size != SIZE_MAX ? size : LINE_MAX; /* Start size */
493
494 fd = fileno(f);
495 if (fd >= 0) { /* If the FILE* object is backed by an fd (as opposed to memory or such, see
496 * fmemopen()), let's optimize our buffering */
497 struct stat st;
498
499 if (fstat(fd, &st) < 0)
500 return -errno;
501
502 if (S_ISREG(st.st_mode)) {
503 if (size == SIZE_MAX) {
504 uint64_t rsize =
505 LESS_BY((uint64_t) st.st_size, offset == UINT64_MAX ? 0 : offset);
506
507 /* Safety check */
508 if (rsize > READ_FULL_BYTES_MAX)
509 return -E2BIG;
510
511 /* Start with the right file size. Note that we increase the size to read
512 * here by one, so that the first read attempt already makes us notice the
513 * EOF. If the reported size of the file is zero, we avoid this logic
514 * however, since quite likely it might be a virtual file in procfs that all
515 * report a zero file size. */
516 if (st.st_size > 0)
517 n_next = rsize + 1;
518 }
519
520 if (flags & READ_FULL_FILE_WARN_WORLD_READABLE)
521 (void) warn_file_is_world_accessible(filename, &st, NULL, 0);
522 }
523 }
524
525 if (offset != UINT64_MAX && fseek(f, offset, SEEK_SET) < 0)
526 return -errno;
527
528 n = l = 0;
529 for (;;) {
530 char *t;
531 size_t k;
532
533 if (flags & READ_FULL_FILE_SECURE) {
534 t = malloc(n_next + 1);
535 if (!t) {
536 r = -ENOMEM;
537 goto finalize;
538 }
539 memcpy_safe(t, buf, n);
540 explicit_bzero_safe(buf, n);
541 buf = mfree(buf);
542 } else {
543 t = realloc(buf, n_next + 1);
544 if (!t)
545 return -ENOMEM;
546 }
547
548 buf = t;
549 n = n_next;
550
551 errno = 0;
552 k = fread(buf + l, 1, n - l, f);
553
554 assert(k <= n - l);
555 l += k;
556
557 if (ferror(f)) {
558 r = errno_or_else(EIO);
559 goto finalize;
560 }
561 if (feof(f))
562 break;
563
564 if (size != SIZE_MAX) { /* If we got asked to read some specific size, we already sized the buffer right, hence leave */
565 assert(l == size);
566 break;
567 }
568
569 assert(k > 0); /* we can't have read zero bytes because that would have been EOF */
570
571 /* Safety check */
572 if (n >= READ_FULL_BYTES_MAX) {
573 r = -E2BIG;
574 goto finalize;
575 }
576
577 n_next = MIN(n * 2, READ_FULL_BYTES_MAX);
578 }
579
580 if (flags & (READ_FULL_FILE_UNBASE64 | READ_FULL_FILE_UNHEX)) {
581 _cleanup_free_ void *decoded = NULL;
582 size_t decoded_size;
583
584 buf[l++] = 0;
585 if (flags & READ_FULL_FILE_UNBASE64)
586 r = unbase64mem_full(buf, l, flags & READ_FULL_FILE_SECURE, &decoded, &decoded_size);
587 else
588 r = unhexmem_full(buf, l, flags & READ_FULL_FILE_SECURE, &decoded, &decoded_size);
589 if (r < 0)
590 goto finalize;
591
592 if (flags & READ_FULL_FILE_SECURE)
593 explicit_bzero_safe(buf, n);
594 free_and_replace(buf, decoded);
595 n = l = decoded_size;
596 }
597
598 if (!ret_size) {
599 /* Safety check: if the caller doesn't want to know the size of what we just read it will rely on the
600 * trailing NUL byte. But if there's an embedded NUL byte, then we should refuse operation as otherwise
601 * there'd be ambiguity about what we just read. */
602
603 if (memchr(buf, 0, l)) {
604 r = -EBADMSG;
605 goto finalize;
606 }
607 }
608
609 buf[l] = 0;
610 *ret_contents = TAKE_PTR(buf);
611
612 if (ret_size)
613 *ret_size = l;
614
615 return 0;
616
617 finalize:
618 if (flags & READ_FULL_FILE_SECURE)
619 explicit_bzero_safe(buf, n);
620
621 return r;
622 }
623
624 int read_full_file_full(
625 int dir_fd,
626 const char *filename,
627 uint64_t offset,
628 size_t size,
629 ReadFullFileFlags flags,
630 const char *bind_name,
631 char **ret_contents,
632 size_t *ret_size) {
633
634 _cleanup_fclose_ FILE *f = NULL;
635 int r;
636
637 assert(filename);
638 assert(ret_contents);
639
640 r = xfopenat(dir_fd, filename, "re", 0, &f);
641 if (r < 0) {
642 _cleanup_close_ int dfd = -1, sk = -1;
643 union sockaddr_union sa;
644
645 /* ENXIO is what Linux returns if we open a node that is an AF_UNIX socket */
646 if (r != -ENXIO)
647 return r;
648
649 /* If this is enabled, let's try to connect to it */
650 if (!FLAGS_SET(flags, READ_FULL_FILE_CONNECT_SOCKET))
651 return -ENXIO;
652
653 /* Seeking is not supported on AF_UNIX sockets */
654 if (offset != UINT64_MAX)
655 return -ESPIPE;
656
657 if (dir_fd == AT_FDCWD)
658 r = sockaddr_un_set_path(&sa.un, filename);
659 else {
660 char procfs_path[STRLEN("/proc/self/fd/") + DECIMAL_STR_MAX(int)];
661
662 /* If we shall operate relative to some directory, then let's use O_PATH first to
663 * open the socket inode, and then connect to it via /proc/self/fd/. We have to do
664 * this since there's not connectat() that takes a directory fd as first arg. */
665
666 dfd = openat(dir_fd, filename, O_PATH|O_CLOEXEC);
667 if (dfd < 0)
668 return -errno;
669
670 xsprintf(procfs_path, "/proc/self/fd/%i", dfd);
671 r = sockaddr_un_set_path(&sa.un, procfs_path);
672 }
673 if (r < 0)
674 return r;
675
676 sk = socket(AF_UNIX, SOCK_STREAM|SOCK_CLOEXEC, 0);
677 if (sk < 0)
678 return -errno;
679
680 if (bind_name) {
681 /* If the caller specified a socket name to bind to, do so before connecting. This is
682 * useful to communicate some minor, short meta-information token from the client to
683 * the server. */
684 union sockaddr_union bsa;
685
686 r = sockaddr_un_set_path(&bsa.un, bind_name);
687 if (r < 0)
688 return r;
689
690 if (bind(sk, &bsa.sa, r) < 0)
691 return r;
692 }
693
694 if (connect(sk, &sa.sa, SOCKADDR_UN_LEN(sa.un)) < 0)
695 return errno == ENOTSOCK ? -ENXIO : -errno; /* propagate original error if this is
696 * not a socket after all */
697
698 if (shutdown(sk, SHUT_WR) < 0)
699 return -errno;
700
701 f = fdopen(sk, "r");
702 if (!f)
703 return -errno;
704
705 TAKE_FD(sk);
706 }
707
708 (void) __fsetlocking(f, FSETLOCKING_BYCALLER);
709
710 return read_full_stream_full(f, filename, offset, size, flags, ret_contents, ret_size);
711 }
712
713 int executable_is_script(const char *path, char **interpreter) {
714 _cleanup_free_ char *line = NULL;
715 size_t len;
716 char *ans;
717 int r;
718
719 assert(path);
720
721 r = read_one_line_file(path, &line);
722 if (r == -ENOBUFS) /* First line overly long? if so, then it's not a script */
723 return 0;
724 if (r < 0)
725 return r;
726
727 if (!startswith(line, "#!"))
728 return 0;
729
730 ans = strstrip(line + 2);
731 len = strcspn(ans, " \t");
732
733 if (len == 0)
734 return 0;
735
736 ans = strndup(ans, len);
737 if (!ans)
738 return -ENOMEM;
739
740 *interpreter = ans;
741 return 1;
742 }
743
744 /**
745 * Retrieve one field from a file like /proc/self/status. pattern
746 * should not include whitespace or the delimiter (':'). pattern matches only
747 * the beginning of a line. Whitespace before ':' is skipped. Whitespace and
748 * zeros after the ':' will be skipped. field must be freed afterwards.
749 * terminator specifies the terminating characters of the field value (not
750 * included in the value).
751 */
752 int get_proc_field(const char *filename, const char *pattern, const char *terminator, char **field) {
753 _cleanup_free_ char *status = NULL;
754 char *t, *f;
755 size_t len;
756 int r;
757
758 assert(terminator);
759 assert(filename);
760 assert(pattern);
761 assert(field);
762
763 r = read_full_virtual_file(filename, &status, NULL);
764 if (r < 0)
765 return r;
766
767 t = status;
768
769 do {
770 bool pattern_ok;
771
772 do {
773 t = strstr(t, pattern);
774 if (!t)
775 return -ENOENT;
776
777 /* Check that pattern occurs in beginning of line. */
778 pattern_ok = (t == status || t[-1] == '\n');
779
780 t += strlen(pattern);
781
782 } while (!pattern_ok);
783
784 t += strspn(t, " \t");
785 if (!*t)
786 return -ENOENT;
787
788 } while (*t != ':');
789
790 t++;
791
792 if (*t) {
793 t += strspn(t, " \t");
794
795 /* Also skip zeros, because when this is used for
796 * capabilities, we don't want the zeros. This way the
797 * same capability set always maps to the same string,
798 * irrespective of the total capability set size. For
799 * other numbers it shouldn't matter. */
800 t += strspn(t, "0");
801 /* Back off one char if there's nothing but whitespace
802 and zeros */
803 if (!*t || isspace(*t))
804 t--;
805 }
806
807 len = strcspn(t, terminator);
808
809 f = strndup(t, len);
810 if (!f)
811 return -ENOMEM;
812
813 *field = f;
814 return 0;
815 }
816
817 DIR *xopendirat(int fd, const char *name, int flags) {
818 int nfd;
819 DIR *d;
820
821 assert(!(flags & O_CREAT));
822
823 nfd = openat(fd, name, O_RDONLY|O_NONBLOCK|O_DIRECTORY|O_CLOEXEC|flags, 0);
824 if (nfd < 0)
825 return NULL;
826
827 d = fdopendir(nfd);
828 if (!d) {
829 safe_close(nfd);
830 return NULL;
831 }
832
833 return d;
834 }
835
836 static int mode_to_flags(const char *mode) {
837 const char *p;
838 int flags;
839
840 if ((p = startswith(mode, "r+")))
841 flags = O_RDWR;
842 else if ((p = startswith(mode, "r")))
843 flags = O_RDONLY;
844 else if ((p = startswith(mode, "w+")))
845 flags = O_RDWR|O_CREAT|O_TRUNC;
846 else if ((p = startswith(mode, "w")))
847 flags = O_WRONLY|O_CREAT|O_TRUNC;
848 else if ((p = startswith(mode, "a+")))
849 flags = O_RDWR|O_CREAT|O_APPEND;
850 else if ((p = startswith(mode, "a")))
851 flags = O_WRONLY|O_CREAT|O_APPEND;
852 else
853 return -EINVAL;
854
855 for (; *p != 0; p++) {
856
857 switch (*p) {
858
859 case 'e':
860 flags |= O_CLOEXEC;
861 break;
862
863 case 'x':
864 flags |= O_EXCL;
865 break;
866
867 case 'm':
868 /* ignore this here, fdopen() might care later though */
869 break;
870
871 case 'c': /* not sure what to do about this one */
872 default:
873 return -EINVAL;
874 }
875 }
876
877 return flags;
878 }
879
880 int xfopenat(int dir_fd, const char *path, const char *mode, int flags, FILE **ret) {
881 FILE *f;
882
883 /* A combination of fopen() with openat() */
884
885 if (dir_fd == AT_FDCWD && flags == 0) {
886 f = fopen(path, mode);
887 if (!f)
888 return -errno;
889 } else {
890 int fd, mode_flags;
891
892 mode_flags = mode_to_flags(mode);
893 if (mode_flags < 0)
894 return mode_flags;
895
896 fd = openat(dir_fd, path, mode_flags | flags);
897 if (fd < 0)
898 return -errno;
899
900 f = fdopen(fd, mode);
901 if (!f) {
902 safe_close(fd);
903 return -errno;
904 }
905 }
906
907 *ret = f;
908 return 0;
909 }
910
911 static int search_and_fopen_internal(const char *path, const char *mode, const char *root, char **search, FILE **_f) {
912 char **i;
913
914 assert(path);
915 assert(mode);
916 assert(_f);
917
918 if (!path_strv_resolve_uniq(search, root))
919 return -ENOMEM;
920
921 STRV_FOREACH(i, search) {
922 _cleanup_free_ char *p = NULL;
923 FILE *f;
924
925 p = path_join(root, *i, path);
926 if (!p)
927 return -ENOMEM;
928
929 f = fopen(p, mode);
930 if (f) {
931 *_f = f;
932 return 0;
933 }
934
935 if (errno != ENOENT)
936 return -errno;
937 }
938
939 return -ENOENT;
940 }
941
942 int search_and_fopen(const char *path, const char *mode, const char *root, const char **search, FILE **_f) {
943 _cleanup_strv_free_ char **copy = NULL;
944
945 assert(path);
946 assert(mode);
947 assert(_f);
948
949 if (path_is_absolute(path)) {
950 FILE *f;
951
952 f = fopen(path, mode);
953 if (f) {
954 *_f = f;
955 return 0;
956 }
957
958 return -errno;
959 }
960
961 copy = strv_copy((char**) search);
962 if (!copy)
963 return -ENOMEM;
964
965 return search_and_fopen_internal(path, mode, root, copy, _f);
966 }
967
968 int search_and_fopen_nulstr(const char *path, const char *mode, const char *root, const char *search, FILE **_f) {
969 _cleanup_strv_free_ char **s = NULL;
970
971 if (path_is_absolute(path)) {
972 FILE *f;
973
974 f = fopen(path, mode);
975 if (f) {
976 *_f = f;
977 return 0;
978 }
979
980 return -errno;
981 }
982
983 s = strv_split_nulstr(search);
984 if (!s)
985 return -ENOMEM;
986
987 return search_and_fopen_internal(path, mode, root, s, _f);
988 }
989
990 int chase_symlinks_and_fopen_unlocked(
991 const char *path,
992 const char *root,
993 unsigned chase_flags,
994 const char *open_flags,
995 FILE **ret_file,
996 char **ret_path) {
997
998 _cleanup_close_ int fd = -1;
999 _cleanup_free_ char *final_path = NULL;
1000 int mode_flags, r;
1001 FILE *f;
1002
1003 assert(path);
1004 assert(open_flags);
1005 assert(ret_file);
1006
1007 mode_flags = mode_to_flags(open_flags);
1008 if (mode_flags < 0)
1009 return mode_flags;
1010
1011 fd = chase_symlinks_and_open(path, root, chase_flags, mode_flags, ret_path ? &final_path : NULL);
1012 if (fd < 0)
1013 return fd;
1014
1015 r = fdopen_unlocked(fd, open_flags, &f);
1016 if (r < 0)
1017 return r;
1018 TAKE_FD(fd);
1019
1020 *ret_file = f;
1021 if (ret_path)
1022 *ret_path = TAKE_PTR(final_path);
1023 return 0;
1024 }
1025
1026 int fflush_and_check(FILE *f) {
1027 assert(f);
1028
1029 errno = 0;
1030 fflush(f);
1031
1032 if (ferror(f))
1033 return errno_or_else(EIO);
1034
1035 return 0;
1036 }
1037
1038 int fflush_sync_and_check(FILE *f) {
1039 int r, fd;
1040
1041 assert(f);
1042
1043 r = fflush_and_check(f);
1044 if (r < 0)
1045 return r;
1046
1047 /* Not all file streams have an fd associated (think: fmemopen()), let's handle this gracefully and
1048 * assume that in that case we need no explicit syncing */
1049 fd = fileno(f);
1050 if (fd < 0)
1051 return 0;
1052
1053 if (fsync(fd) < 0)
1054 return -errno;
1055
1056 r = fsync_directory_of_file(fd);
1057 if (r < 0)
1058 return r;
1059
1060 return 0;
1061 }
1062
1063 int write_timestamp_file_atomic(const char *fn, usec_t n) {
1064 char ln[DECIMAL_STR_MAX(n)+2];
1065
1066 /* Creates a "timestamp" file, that contains nothing but a
1067 * usec_t timestamp, formatted in ASCII. */
1068
1069 if (n <= 0 || n >= USEC_INFINITY)
1070 return -ERANGE;
1071
1072 xsprintf(ln, USEC_FMT "\n", n);
1073
1074 return write_string_file(fn, ln, WRITE_STRING_FILE_CREATE|WRITE_STRING_FILE_ATOMIC);
1075 }
1076
1077 int read_timestamp_file(const char *fn, usec_t *ret) {
1078 _cleanup_free_ char *ln = NULL;
1079 uint64_t t;
1080 int r;
1081
1082 r = read_one_line_file(fn, &ln);
1083 if (r < 0)
1084 return r;
1085
1086 r = safe_atou64(ln, &t);
1087 if (r < 0)
1088 return r;
1089
1090 if (t <= 0 || t >= (uint64_t) USEC_INFINITY)
1091 return -ERANGE;
1092
1093 *ret = (usec_t) t;
1094 return 0;
1095 }
1096
1097 int fputs_with_space(FILE *f, const char *s, const char *separator, bool *space) {
1098 int r;
1099
1100 assert(s);
1101
1102 /* Outputs the specified string with fputs(), but optionally prefixes it with a separator. The *space parameter
1103 * when specified shall initially point to a boolean variable initialized to false. It is set to true after the
1104 * first invocation. This call is supposed to be use in loops, where a separator shall be inserted between each
1105 * element, but not before the first one. */
1106
1107 if (!f)
1108 f = stdout;
1109
1110 if (space) {
1111 if (!separator)
1112 separator = " ";
1113
1114 if (*space) {
1115 r = fputs(separator, f);
1116 if (r < 0)
1117 return r;
1118 }
1119
1120 *space = true;
1121 }
1122
1123 return fputs(s, f);
1124 }
1125
1126 /* A bitmask of the EOL markers we know */
1127 typedef enum EndOfLineMarker {
1128 EOL_NONE = 0,
1129 EOL_ZERO = 1 << 0, /* \0 (aka NUL) */
1130 EOL_TEN = 1 << 1, /* \n (aka NL, aka LF) */
1131 EOL_THIRTEEN = 1 << 2, /* \r (aka CR) */
1132 } EndOfLineMarker;
1133
1134 static EndOfLineMarker categorize_eol(char c, ReadLineFlags flags) {
1135
1136 if (!IN_SET(flags, READ_LINE_ONLY_NUL)) {
1137 if (c == '\n')
1138 return EOL_TEN;
1139 if (c == '\r')
1140 return EOL_THIRTEEN;
1141 }
1142
1143 if (c == '\0')
1144 return EOL_ZERO;
1145
1146 return EOL_NONE;
1147 }
1148
1149 DEFINE_TRIVIAL_CLEANUP_FUNC(FILE*, funlockfile);
1150
1151 int read_line_full(FILE *f, size_t limit, ReadLineFlags flags, char **ret) {
1152 size_t n = 0, allocated = 0, count = 0;
1153 _cleanup_free_ char *buffer = NULL;
1154 int r;
1155
1156 assert(f);
1157
1158 /* Something like a bounded version of getline().
1159 *
1160 * Considers EOF, \n, \r and \0 end of line delimiters (or combinations of these), and does not include these
1161 * delimiters in the string returned. Specifically, recognizes the following combinations of markers as line
1162 * endings:
1163 *
1164 * • \n (UNIX)
1165 * • \r (old MacOS)
1166 * • \0 (C strings)
1167 * • \n\0
1168 * • \r\0
1169 * • \r\n (Windows)
1170 * • \n\r
1171 * • \r\n\0
1172 * • \n\r\0
1173 *
1174 * Returns the number of bytes read from the files (i.e. including delimiters — this hence usually differs from
1175 * the number of characters in the returned string). When EOF is hit, 0 is returned.
1176 *
1177 * The input parameter limit is the maximum numbers of characters in the returned string, i.e. excluding
1178 * delimiters. If the limit is hit we fail and return -ENOBUFS.
1179 *
1180 * If a line shall be skipped ret may be initialized as NULL. */
1181
1182 if (ret) {
1183 if (!GREEDY_REALLOC(buffer, allocated, 1))
1184 return -ENOMEM;
1185 }
1186
1187 {
1188 _unused_ _cleanup_(funlockfilep) FILE *flocked = f;
1189 EndOfLineMarker previous_eol = EOL_NONE;
1190 flockfile(f);
1191
1192 for (;;) {
1193 EndOfLineMarker eol;
1194 char c;
1195
1196 if (n >= limit)
1197 return -ENOBUFS;
1198
1199 if (count >= INT_MAX) /* We couldn't return the counter anymore as "int", hence refuse this */
1200 return -ENOBUFS;
1201
1202 r = safe_fgetc(f, &c);
1203 if (r < 0)
1204 return r;
1205 if (r == 0) /* EOF is definitely EOL */
1206 break;
1207
1208 eol = categorize_eol(c, flags);
1209
1210 if (FLAGS_SET(previous_eol, EOL_ZERO) ||
1211 (eol == EOL_NONE && previous_eol != EOL_NONE) ||
1212 (eol != EOL_NONE && (previous_eol & eol) != 0)) {
1213 /* Previous char was a NUL? This is not an EOL, but the previous char was? This type of
1214 * EOL marker has been seen right before? In either of these three cases we are
1215 * done. But first, let's put this character back in the queue. (Note that we have to
1216 * cast this to (unsigned char) here as ungetc() expects a positive 'int', and if we
1217 * are on an architecture where 'char' equals 'signed char' we need to ensure we don't
1218 * pass a negative value here. That said, to complicate things further ungetc() is
1219 * actually happy with most negative characters and implicitly casts them back to
1220 * positive ones as needed, except for \xff (aka -1, aka EOF), which it refuses. What a
1221 * godawful API!) */
1222 assert_se(ungetc((unsigned char) c, f) != EOF);
1223 break;
1224 }
1225
1226 count++;
1227
1228 if (eol != EOL_NONE) {
1229 /* If we are on a tty, we can't shouldn't wait for more input, because that
1230 * generally means waiting for the user, interactively. In the case of a TTY
1231 * we expect only \n as the single EOL marker, so we are in the lucky
1232 * position that there is no need to wait. We check this condition last, to
1233 * avoid isatty() check if not necessary. */
1234
1235 if ((flags & (READ_LINE_IS_A_TTY|READ_LINE_NOT_A_TTY)) == 0) {
1236 int fd;
1237
1238 fd = fileno(f);
1239 if (fd < 0) /* Maybe an fmemopen() stream? Handle this gracefully,
1240 * and don't call isatty() on an invalid fd */
1241 flags |= READ_LINE_NOT_A_TTY;
1242 else
1243 flags |= isatty(fd) ? READ_LINE_IS_A_TTY : READ_LINE_NOT_A_TTY;
1244 }
1245 if (FLAGS_SET(flags, READ_LINE_IS_A_TTY))
1246 break;
1247 }
1248
1249 if (eol != EOL_NONE) {
1250 previous_eol |= eol;
1251 continue;
1252 }
1253
1254 if (ret) {
1255 if (!GREEDY_REALLOC(buffer, allocated, n + 2))
1256 return -ENOMEM;
1257
1258 buffer[n] = c;
1259 }
1260
1261 n++;
1262 }
1263 }
1264
1265 if (ret) {
1266 buffer[n] = 0;
1267
1268 *ret = TAKE_PTR(buffer);
1269 }
1270
1271 return (int) count;
1272 }
1273
1274 int safe_fgetc(FILE *f, char *ret) {
1275 int k;
1276
1277 assert(f);
1278
1279 /* A safer version of plain fgetc(): let's propagate the error that happened while reading as such, and
1280 * separate the EOF condition from the byte read, to avoid those confusion signed/unsigned issues fgetc()
1281 * has. */
1282
1283 errno = 0;
1284 k = fgetc(f);
1285 if (k == EOF) {
1286 if (ferror(f))
1287 return errno_or_else(EIO);
1288
1289 if (ret)
1290 *ret = 0;
1291
1292 return 0;
1293 }
1294
1295 if (ret)
1296 *ret = k;
1297
1298 return 1;
1299 }
1300
1301 int warn_file_is_world_accessible(const char *filename, struct stat *st, const char *unit, unsigned line) {
1302 struct stat _st;
1303
1304 if (!filename)
1305 return 0;
1306
1307 if (!st) {
1308 if (stat(filename, &_st) < 0)
1309 return -errno;
1310 st = &_st;
1311 }
1312
1313 if ((st->st_mode & S_IRWXO) == 0)
1314 return 0;
1315
1316 if (unit)
1317 log_syntax(unit, LOG_WARNING, filename, line, 0,
1318 "%s has %04o mode that is too permissive, please adjust the ownership and access mode.",
1319 filename, st->st_mode & 07777);
1320 else
1321 log_warning("%s has %04o mode that is too permissive, please adjust the ownership and access mode.",
1322 filename, st->st_mode & 07777);
1323 return 0;
1324 }
1325
1326 int sync_rights(int from, int to) {
1327 struct stat st;
1328
1329 if (fstat(from, &st) < 0)
1330 return -errno;
1331
1332 return fchmod_and_chown(to, st.st_mode & 07777, st.st_uid, st.st_gid);
1333 }
1334
1335 int rename_and_apply_smack_floor_label(const char *from, const char *to) {
1336 int r = 0;
1337 if (rename(from, to) < 0)
1338 return -errno;
1339
1340 #ifdef SMACK_RUN_LABEL
1341 r = mac_smack_apply(to, SMACK_ATTR_ACCESS, SMACK_FLOOR_LABEL);
1342 if (r < 0)
1343 return r;
1344 #endif
1345 return r;
1346 }
Unnamed repository; edit this file 'description' to name the repository.