src/basic/parse-util.c

   1 /* SPDX-License-Identifier: LGPL-2.1-or-later */
   2
   3 #include <errno.h>
   4 #include <inttypes.h>
   5 #include <net/if.h>
   6 #include <stdio.h>
   7 #include <stdlib.h>
   8 #include <sys/socket.h>
   9
  10 #include "alloc-util.h"
  11 #include "errno-list.h"
  12 #include "extract-word.h"
  13 #include "locale-util.h"
  14 #include "macro.h"
  15 #include "missing_network.h"
  16 #include "parse-util.h"
  17 #include "process-util.h"
  18 #include "stat-util.h"
  19 #include "string-util.h"
  20 #include "strv.h"
  21
  22 int parse_boolean(const char *v) {
  23         if (!v)
  24                 return -EINVAL;
  25
  26         if (STRCASE_IN_SET(v,
  27                            "1",
  28                            "yes",
  29                            "y",
  30                            "true",
  31                            "t",
  32                            "on"))
  33                 return 1;
  34
  35         if (STRCASE_IN_SET(v,
  36                            "0",
  37                            "no",
  38                            "n",
  39                            "false",
  40                            "f",
  41                            "off"))
  42                 return 0;
  43
  44         return -EINVAL;
  45 }
  46
  47 int parse_tristate_full(const char *v, const char *third, int *ret) {
  48         int r;
  49
  50         if (isempty(v) || streq_ptr(v, third)) { /* Empty string is always taken as the third/invalid/auto state */
  51                 if (ret)
  52                         *ret = -1;
  53         } else {
  54                 r = parse_boolean(v);
  55                 if (r < 0)
  56                         return r;
  57
  58                 if (ret)
  59                         *ret = r;
  60         }
  61
  62         return 0;
  63 }
  64
  65 int parse_pid(const char *s, pid_t* ret_pid) {
  66         unsigned long ul = 0;
  67         pid_t pid;
  68         int r;
  69
  70         assert(s);
  71
  72         r = safe_atolu(s, &ul);
  73         if (r < 0)
  74                 return r;
  75
  76         pid = (pid_t) ul;
  77
  78         if ((unsigned long) pid != ul)
  79                 return -ERANGE;
  80
  81         if (!pid_is_valid(pid))
  82                 return -ERANGE;
  83
  84         if (ret_pid)
  85                 *ret_pid = pid;
  86         return 0;
  87 }
  88
  89 int parse_mode(const char *s, mode_t *ret) {
  90         unsigned m;
  91         int r;
  92
  93         assert(s);
  94
  95         r = safe_atou_full(s, 8 |
  96                            SAFE_ATO_REFUSE_PLUS_MINUS, /* Leading '+' or even '-' char? that's just weird,
  97                                                         * refuse. User might have wanted to add mode flags or
  98                                                         * so, but this parser doesn't allow that, so let's
  99                                                         * better be safe. */
 100                            &m);
 101         if (r < 0)
 102                 return r;
 103         if (m > 07777)
 104                 return -ERANGE;
 105
 106         if (ret)
 107                 *ret = m;
 108         return 0;
 109 }
 110
 111 int parse_ifindex(const char *s) {
 112         int ifi, r;
 113
 114         assert(s);
 115
 116         r = safe_atoi(s, &ifi);
 117         if (r < 0)
 118                 return r;
 119         if (ifi <= 0)
 120                 return -EINVAL;
 121
 122         return ifi;
 123 }
 124
 125 int parse_mtu(int family, const char *s, uint32_t *ret) {
 126         uint64_t u;
 127         size_t m;
 128         int r;
 129
 130         r = parse_size(s, 1024, &u);
 131         if (r < 0)
 132                 return r;
 133
 134         if (u > UINT32_MAX)
 135                 return -ERANGE;
 136
 137         if (family == AF_INET6)
 138                 m = IPV6_MIN_MTU; /* This is 1280 */
 139         else
 140                 m = IPV4_MIN_MTU; /* For all other protocols, including 'unspecified' we assume the IPv4 minimal MTU */
 141
 142         if (u < m)
 143                 return -ERANGE;
 144
 145         *ret = (uint32_t) u;
 146         return 0;
 147 }
 148
 149 int parse_size(const char *t, uint64_t base, uint64_t *size) {
 150
 151         /* Soo, sometimes we want to parse IEC binary suffixes, and
 152          * sometimes SI decimal suffixes. This function can parse
 153          * both. Which one is the right way depends on the
 154          * context. Wikipedia suggests that SI is customary for
 155          * hardware metrics and network speeds, while IEC is
 156          * customary for most data sizes used by software and volatile
 157          * (RAM) memory. Hence be careful which one you pick!
 158          *
 159          * In either case we use just K, M, G as suffix, and not Ki,
 160          * Mi, Gi or so (as IEC would suggest). That's because that's
 161          * frickin' ugly. But this means you really need to make sure
 162          * to document which base you are parsing when you use this
 163          * call. */
 164
 165         struct table {
 166                 const char *suffix;
 167                 unsigned long long factor;
 168         };
 169
 170         static const struct table iec[] = {
 171                 { "E", 1024ULL*1024ULL*1024ULL*1024ULL*1024ULL*1024ULL },
 172                 { "P", 1024ULL*1024ULL*1024ULL*1024ULL*1024ULL },
 173                 { "T", 1024ULL*1024ULL*1024ULL*1024ULL },
 174                 { "G", 1024ULL*1024ULL*1024ULL },
 175                 { "M", 1024ULL*1024ULL },
 176                 { "K", 1024ULL },
 177                 { "B", 1ULL },
 178                 { "",  1ULL },
 179         };
 180
 181         static const struct table si[] = {
 182                 { "E", 1000ULL*1000ULL*1000ULL*1000ULL*1000ULL*1000ULL },
 183                 { "P", 1000ULL*1000ULL*1000ULL*1000ULL*1000ULL },
 184                 { "T", 1000ULL*1000ULL*1000ULL*1000ULL },
 185                 { "G", 1000ULL*1000ULL*1000ULL },
 186                 { "M", 1000ULL*1000ULL },
 187                 { "K", 1000ULL },
 188                 { "B", 1ULL },
 189                 { "",  1ULL },
 190         };
 191
 192         const struct table *table;
 193         const char *p;
 194         unsigned long long r = 0;
 195         unsigned n_entries, start_pos = 0;
 196
 197         assert(t);
 198         assert(IN_SET(base, 1000, 1024));
 199         assert(size);
 200
 201         if (base == 1000) {
 202                 table = si;
 203                 n_entries = ELEMENTSOF(si);
 204         } else {
 205                 table = iec;
 206                 n_entries = ELEMENTSOF(iec);
 207         }
 208
 209         p = t;
 210         do {
 211                 unsigned long long l, tmp;
 212                 double frac = 0;
 213                 char *e;
 214                 unsigned i;
 215
 216                 p += strspn(p, WHITESPACE);
 217
 218                 errno = 0;
 219                 l = strtoull(p, &e, 10);
 220                 if (errno > 0)
 221                         return -errno;
 222                 if (e == p)
 223                         return -EINVAL;
 224                 if (*p == '-')
 225                         return -ERANGE;
 226
 227                 if (*e == '.') {
 228                         e++;
 229
 230                         /* strtoull() itself would accept space/+/- */
 231                         if (ascii_isdigit(*e)) {
 232                                 unsigned long long l2;
 233                                 char *e2;
 234
 235                                 l2 = strtoull(e, &e2, 10);
 236                                 if (errno > 0)
 237                                         return -errno;
 238
 239                                 /* Ignore failure. E.g. 10.M is valid */
 240                                 frac = l2;
 241                                 for (; e < e2; e++)
 242                                         frac /= 10;
 243                         }
 244                 }
 245
 246                 e += strspn(e, WHITESPACE);
 247
 248                 for (i = start_pos; i < n_entries; i++)
 249                         if (startswith(e, table[i].suffix))
 250                                 break;
 251
 252                 if (i >= n_entries)
 253                         return -EINVAL;
 254
 255                 if (l + (frac > 0) > ULLONG_MAX / table[i].factor)
 256                         return -ERANGE;
 257
 258                 tmp = l * table[i].factor + (unsigned long long) (frac * table[i].factor);
 259                 if (tmp > ULLONG_MAX - r)
 260                         return -ERANGE;
 261
 262                 r += tmp;
 263                 if ((unsigned long long) (uint64_t) r != r)
 264                         return -ERANGE;
 265
 266                 p = e + strlen(table[i].suffix);
 267
 268                 start_pos = i + 1;
 269
 270         } while (*p);
 271
 272         *size = r;
 273
 274         return 0;
 275 }
 276
 277 int parse_sector_size(const char *t, uint64_t *ret) {
 278         int r;
 279
 280         assert(t);
 281         assert(ret);
 282
 283         uint64_t ss;
 284
 285         r = safe_atou64(t, &ss);
 286         if (r < 0)
 287                 return log_error_errno(r, "Failed to parse sector size parameter %s", t);
 288         if (ss < 512 || ss > 4096) /* Allow up to 4K due to dm-crypt support and 4K alignment by the homed LUKS backend */
 289                 return log_error_errno(SYNTHETIC_ERRNO(ERANGE), "Sector size not between 512 and 4096: %s", t);
 290         if (!ISPOWEROF2(ss))
 291                 return log_error_errno(SYNTHETIC_ERRNO(EINVAL), "Sector size not power of 2: %s", t);
 292
 293         *ret = ss;
 294         return 0;
 295 }
 296
 297 int parse_range(const char *t, unsigned *lower, unsigned *upper) {
 298         _cleanup_free_ char *word = NULL;
 299         unsigned l, u;
 300         int r;
 301
 302         assert(lower);
 303         assert(upper);
 304
 305         /* Extract the lower bound. */
 306         r = extract_first_word(&t, &word, "-", EXTRACT_DONT_COALESCE_SEPARATORS);
 307         if (r < 0)
 308                 return r;
 309         if (r == 0)
 310                 return -EINVAL;
 311
 312         r = safe_atou(word, &l);
 313         if (r < 0)
 314                 return r;
 315
 316         /* Check for the upper bound and extract it if needed */
 317         if (!t)
 318                 /* Single number with no dashes. */
 319                 u = l;
 320         else if (!*t)
 321                 /* Trailing dash is an error. */
 322                 return -EINVAL;
 323         else {
 324                 r = safe_atou(t, &u);
 325                 if (r < 0)
 326                         return r;
 327         }
 328
 329         *lower = l;
 330         *upper = u;
 331         return 0;
 332 }
 333
 334 int parse_errno(const char *t) {
 335         int r, e;
 336
 337         assert(t);
 338
 339         r = errno_from_name(t);
 340         if (r > 0)
 341                 return r;
 342
 343         r = safe_atoi(t, &e);
 344         if (r < 0)
 345                 return r;
 346
 347         /* 0 is also allowed here */
 348         if (!errno_is_valid(e) && e != 0)
 349                 return -ERANGE;
 350
 351         return e;
 352 }
 353
 354 int parse_fd(const char *t) {
 355         int r, fd;
 356
 357         assert(t);
 358
 359         r = safe_atoi(t, &fd);
 360         if (r < 0)
 361                 return r;
 362
 363         if (fd < 0)
 364                 return -EBADF;
 365
 366         return fd;
 367 }
 368
 369 static const char *mangle_base(const char *s, unsigned *base) {
 370         const char *k;
 371
 372         assert(s);
 373         assert(base);
 374
 375         /* Base already explicitly specified, then don't do anything. */
 376         if (SAFE_ATO_MASK_FLAGS(*base) != 0)
 377                 return s;
 378
 379         /* Support Python 3 style "0b" and 0x" prefixes, because they truly make sense, much more than C's "0" prefix for octal. */
 380         k = STARTSWITH_SET(s, "0b", "0B");
 381         if (k) {
 382                 *base = 2 | (*base & SAFE_ATO_ALL_FLAGS);
 383                 return k;
 384         }
 385
 386         k = STARTSWITH_SET(s, "0o", "0O");
 387         if (k) {
 388                 *base = 8 | (*base & SAFE_ATO_ALL_FLAGS);
 389                 return k;
 390         }
 391
 392         return s;
 393 }
 394
 395 int safe_atou_full(const char *s, unsigned base, unsigned *ret_u) {
 396         char *x = NULL;
 397         unsigned long l;
 398
 399         assert(s);
 400         assert(SAFE_ATO_MASK_FLAGS(base) <= 16);
 401
 402         /* strtoul() is happy to parse negative values, and silently converts them to unsigned values without
 403          * generating an error. We want a clean error, hence let's look for the "-" prefix on our own, and
 404          * generate an error. But let's do so only after strtoul() validated that the string is clean
 405          * otherwise, so that we return EINVAL preferably over ERANGE. */
 406
 407         if (FLAGS_SET(base, SAFE_ATO_REFUSE_LEADING_WHITESPACE) &&
 408             strchr(WHITESPACE, s[0]))
 409                 return -EINVAL;
 410
 411         s += strspn(s, WHITESPACE);
 412
 413         if (FLAGS_SET(base, SAFE_ATO_REFUSE_PLUS_MINUS) &&
 414             IN_SET(s[0], '+', '-'))
 415                 return -EINVAL; /* Note that we check the "-" prefix again a second time below, but return a
 416                                  * different error. I.e. if the SAFE_ATO_REFUSE_PLUS_MINUS flag is set we
 417                                  * blanket refuse +/- prefixed integers, while if it is missing we'll just
 418                                  * return ERANGE, because the string actually parses correctly, but doesn't
 419                                  * fit in the return type. */
 420
 421         if (FLAGS_SET(base, SAFE_ATO_REFUSE_LEADING_ZERO) &&
 422             s[0] == '0' && !streq(s, "0"))
 423                 return -EINVAL; /* This is particularly useful to avoid ambiguities between C's octal
 424                                  * notation and assumed-to-be-decimal integers with a leading zero. */
 425
 426         s = mangle_base(s, &base);
 427
 428         errno = 0;
 429         l = strtoul(s, &x, SAFE_ATO_MASK_FLAGS(base) /* Let's mask off the flags bits so that only the actual
 430                                                       * base is left */);
 431         if (errno > 0)
 432                 return -errno;
 433         if (!x || x == s || *x != 0)
 434                 return -EINVAL;
 435         if (l != 0 && s[0] == '-')
 436                 return -ERANGE;
 437         if ((unsigned long) (unsigned) l != l)
 438                 return -ERANGE;
 439
 440         if (ret_u)
 441                 *ret_u = (unsigned) l;
 442
 443         return 0;
 444 }
 445
 446 int safe_atou_bounded(const char *s, unsigned min, unsigned max, unsigned *ret) {
 447         unsigned v;
 448         int r;
 449
 450         r = safe_atou(s, &v);
 451         if (r < 0)
 452                 return r;
 453
 454         if (v < min || v > max)
 455                 return -ERANGE;
 456
 457         *ret = v;
 458         return 0;
 459 }
 460
 461 int safe_atoi(const char *s, int *ret_i) {
 462         unsigned base = 0;
 463         char *x = NULL;
 464         long l;
 465
 466         assert(s);
 467
 468         s += strspn(s, WHITESPACE);
 469         s = mangle_base(s, &base);
 470
 471         errno = 0;
 472         l = strtol(s, &x, base);
 473         if (errno > 0)
 474                 return -errno;
 475         if (!x || x == s || *x != 0)
 476                 return -EINVAL;
 477         if ((long) (int) l != l)
 478                 return -ERANGE;
 479
 480         if (ret_i)
 481                 *ret_i = (int) l;
 482
 483         return 0;
 484 }
 485
 486 int safe_atollu_full(const char *s, unsigned base, unsigned long long *ret_llu) {
 487         char *x = NULL;
 488         unsigned long long l;
 489
 490         assert(s);
 491         assert(SAFE_ATO_MASK_FLAGS(base) <= 16);
 492
 493         if (FLAGS_SET(base, SAFE_ATO_REFUSE_LEADING_WHITESPACE) &&
 494             strchr(WHITESPACE, s[0]))
 495                 return -EINVAL;
 496
 497         s += strspn(s, WHITESPACE);
 498
 499         if (FLAGS_SET(base, SAFE_ATO_REFUSE_PLUS_MINUS) &&
 500             IN_SET(s[0], '+', '-'))
 501                 return -EINVAL;
 502
 503         if (FLAGS_SET(base, SAFE_ATO_REFUSE_LEADING_ZERO) &&
 504             s[0] == '0' && s[1] != 0)
 505                 return -EINVAL;
 506
 507         s = mangle_base(s, &base);
 508
 509         errno = 0;
 510         l = strtoull(s, &x, SAFE_ATO_MASK_FLAGS(base));
 511         if (errno > 0)
 512                 return -errno;
 513         if (!x || x == s || *x != 0)
 514                 return -EINVAL;
 515         if (l != 0 && s[0] == '-')
 516                 return -ERANGE;
 517
 518         if (ret_llu)
 519                 *ret_llu = l;
 520
 521         return 0;
 522 }
 523
 524 int safe_atolli(const char *s, long long int *ret_lli) {
 525         unsigned base = 0;
 526         char *x = NULL;
 527         long long l;
 528
 529         assert(s);
 530
 531         s += strspn(s, WHITESPACE);
 532         s = mangle_base(s, &base);
 533
 534         errno = 0;
 535         l = strtoll(s, &x, base);
 536         if (errno > 0)
 537                 return -errno;
 538         if (!x || x == s || *x != 0)
 539                 return -EINVAL;
 540
 541         if (ret_lli)
 542                 *ret_lli = l;
 543
 544         return 0;
 545 }
 546
 547 int safe_atou8_full(const char *s, unsigned base, uint8_t *ret) {
 548         unsigned u;
 549         int r;
 550
 551         r = safe_atou_full(s, base, &u);
 552         if (r < 0)
 553                 return r;
 554         if (u > UINT8_MAX)
 555                 return -ERANGE;
 556
 557         *ret = (uint8_t) u;
 558         return 0;
 559 }
 560
 561 int safe_atou16_full(const char *s, unsigned base, uint16_t *ret) {
 562         unsigned u;
 563         int r;
 564
 565         r = safe_atou_full(s, base, &u);
 566         if (r < 0)
 567                 return r;
 568         if (u > UINT16_MAX)
 569                 return -ERANGE;
 570
 571         *ret = (uint16_t) u;
 572         return 0;
 573 }
 574
 575 int safe_atoi16(const char *s, int16_t *ret) {
 576         unsigned base = 0;
 577         char *x = NULL;
 578         long l;
 579
 580         assert(s);
 581
 582         s += strspn(s, WHITESPACE);
 583         s = mangle_base(s, &base);
 584
 585         errno = 0;
 586         l = strtol(s, &x, base);
 587         if (errno > 0)
 588                 return -errno;
 589         if (!x || x == s || *x != 0)
 590                 return -EINVAL;
 591         if ((long) (int16_t) l != l)
 592                 return -ERANGE;
 593
 594         if (ret)
 595                 *ret = (int16_t) l;
 596
 597         return 0;
 598 }
 599
 600 int safe_atod(const char *s, double *ret_d) {
 601         _cleanup_(freelocalep) locale_t loc = (locale_t) 0;
 602         char *x = NULL;
 603         double d = 0;
 604
 605         assert(s);
 606
 607         loc = newlocale(LC_NUMERIC_MASK, "C", (locale_t) 0);
 608         if (loc == (locale_t) 0)
 609                 return -errno;
 610
 611         errno = 0;
 612         d = strtod_l(s, &x, loc);
 613         if (errno > 0)
 614                 return -errno;
 615         if (!x || x == s || *x != 0)
 616                 return -EINVAL;
 617
 618         if (ret_d)
 619                 *ret_d = (double) d;
 620
 621         return 0;
 622 }
 623
 624 int parse_fractional_part_u(const char **p, size_t digits, unsigned *res) {
 625         unsigned val = 0;
 626         const char *s;
 627
 628         s = *p;
 629
 630         /* accept any number of digits, strtoull is limited to 19 */
 631         for (size_t i = 0; i < digits; i++,s++) {
 632                 if (!ascii_isdigit(*s)) {
 633                         if (i == 0)
 634                                 return -EINVAL;
 635
 636                         /* too few digits, pad with 0 */
 637                         for (; i < digits; i++)
 638                                 val *= 10;
 639
 640                         break;
 641                 }
 642
 643                 val *= 10;
 644                 val += *s - '0';
 645         }
 646
 647         /* maybe round up */
 648         if (*s >= '5' && *s <= '9')
 649                 val++;
 650
 651         s += strspn(s, DIGITS);
 652
 653         *p = s;
 654         *res = val;
 655
 656         return 0;
 657 }
 658
 659 int parse_nice(const char *p, int *ret) {
 660         int n, r;
 661
 662         r = safe_atoi(p, &n);
 663         if (r < 0)
 664                 return r;
 665
 666         if (!nice_is_valid(n))
 667                 return -ERANGE;
 668
 669         *ret = n;
 670         return 0;
 671 }
 672
 673 int parse_ip_port(const char *s, uint16_t *ret) {
 674         uint16_t l;
 675         int r;
 676
 677         r = safe_atou16_full(s, SAFE_ATO_REFUSE_LEADING_WHITESPACE, &l);
 678         if (r < 0)
 679                 return r;
 680
 681         if (l == 0)
 682                 return -EINVAL;
 683
 684         *ret = (uint16_t) l;
 685
 686         return 0;
 687 }
 688
 689 int parse_ip_port_range(const char *s, uint16_t *low, uint16_t *high) {
 690         unsigned l, h;
 691         int r;
 692
 693         r = parse_range(s, &l, &h);
 694         if (r < 0)
 695                 return r;
 696
 697         if (l <= 0 || l > 65535 || h <= 0 || h > 65535)
 698                 return -EINVAL;
 699
 700         if (h < l)
 701                 return -EINVAL;
 702
 703         *low = l;
 704         *high = h;
 705
 706         return 0;
 707 }
 708
 709 int parse_ip_prefix_length(const char *s, int *ret) {
 710         unsigned l;
 711         int r;
 712
 713         r = safe_atou(s, &l);
 714         if (r < 0)
 715                 return r;
 716
 717         if (l > 128)
 718                 return -ERANGE;
 719
 720         *ret = (int) l;
 721
 722         return 0;
 723 }
 724
 725 int parse_oom_score_adjust(const char *s, int *ret) {
 726         int r, v;
 727
 728         assert(s);
 729         assert(ret);
 730
 731         r = safe_atoi(s, &v);
 732         if (r < 0)
 733                 return r;
 734
 735         if (!oom_score_adjust_is_valid(v))
 736                 return -ERANGE;
 737
 738         *ret = v;
 739         return 0;
 740 }
 741
 742 int store_loadavg_fixed_point(unsigned long i, unsigned long f, loadavg_t *ret) {
 743         assert(ret);
 744
 745         if (i >= (~0UL << LOADAVG_PRECISION_BITS))
 746                 return -ERANGE;
 747
 748         i = i << LOADAVG_PRECISION_BITS;
 749         f = DIV_ROUND_UP((f << LOADAVG_PRECISION_BITS), 100);
 750
 751         if (f >= LOADAVG_FIXED_POINT_1_0)
 752                 return -ERANGE;
 753
 754         *ret = i | f;
 755         return 0;
 756 }
 757
 758 int parse_loadavg_fixed_point(const char *s, loadavg_t *ret) {
 759         const char *d, *f_str, *i_str;
 760         unsigned long i, f;
 761         int r;
 762
 763         assert(s);
 764         assert(ret);
 765
 766         d = strchr(s, '.');
 767         if (!d)
 768                 return -EINVAL;
 769
 770         i_str = strndupa_safe(s, d - s);
 771         f_str = d + 1;
 772
 773         r = safe_atolu_full(i_str, 10, &i);
 774         if (r < 0)
 775                 return r;
 776
 777         r = safe_atolu_full(f_str, 10, &f);
 778         if (r < 0)
 779                 return r;
 780
 781         return store_loadavg_fixed_point(i, f, ret);
 782 }
 783
 784 /* Limitations are described in https://www.netfilter.org/projects/nftables/manpage.html and
 785  * https://bugzilla.netfilter.org/show_bug.cgi?id=1175 */
 786 bool nft_identifier_valid(const char *id) {
 787         if (!id)
 788                 return false;
 789
 790         size_t len = strlen(id);
 791         if (len == 0 || len > 31)
 792                 return false;
 793
 794         if (!ascii_isalpha(id[0]))
 795                 return false;
 796
 797         for (size_t i = 1; i < len; i++)
 798                 if (!ascii_isalpha(id[i]) && !ascii_isdigit(id[i]) && !IN_SET(id[i], '/', '\\', '_', '.'))
 799                         return false;
 800         return true;
 801 }