]>
Commit | Line | Data |
---|---|---|
53e1b683 | 1 | /* SPDX-License-Identifier: LGPL-2.1+ */ |
a5c32cff | 2 | |
8bdc9a90 | 3 | #include <ctype.h> |
11c3a366 TA |
4 | #include <errno.h> |
5 | #include <fcntl.h> | |
6 | #include <limits.h> | |
7 | #include <stdarg.h> | |
8 | #include <stdint.h> | |
35bbbf85 | 9 | #include <stdio_ext.h> |
11c3a366 TA |
10 | #include <stdlib.h> |
11 | #include <string.h> | |
12 | #include <sys/stat.h> | |
13 | #include <sys/types.h> | |
a5c32cff | 14 | #include <unistd.h> |
cda134ab | 15 | |
b5efdb8a | 16 | #include "alloc-util.h" |
3ffd4af2 LP |
17 | #include "fd-util.h" |
18 | #include "fileio.h" | |
f4f15635 | 19 | #include "fs-util.h" |
07d8c0eb | 20 | #include "hexdecoct.h" |
93cc7779 TA |
21 | #include "log.h" |
22 | #include "macro.h" | |
1d9ed171 | 23 | #include "missing.h" |
33d52ab9 | 24 | #include "parse-util.h" |
0d39fa9c | 25 | #include "path-util.h" |
33d52ab9 | 26 | #include "stdio-util.h" |
07630cea | 27 | #include "string-util.h" |
e4de7287 | 28 | #include "tmpfile-util.h" |
a5c32cff | 29 | |
c2d11a63 VC |
30 | #define READ_FULL_BYTES_MAX (4U*1024U*1024U) |
31 | ||
fdeea3f4 ZJS |
32 | int fopen_unlocked(const char *path, const char *options, FILE **ret) { |
33 | assert(ret); | |
34 | ||
35 | FILE *f = fopen(path, options); | |
36 | if (!f) | |
37 | return -errno; | |
38 | ||
39 | (void) __fsetlocking(f, FSETLOCKING_BYCALLER); | |
40 | ||
41 | *ret = f; | |
42 | return 0; | |
43 | } | |
44 | ||
b1837133 LP |
45 | int write_string_stream_ts( |
46 | FILE *f, | |
47 | const char *line, | |
48 | WriteStringFileFlags flags, | |
49 | struct timespec *ts) { | |
dacd6cee | 50 | |
91dc2bf7 | 51 | bool needs_nl; |
be83711c | 52 | int r; |
91dc2bf7 | 53 | |
717603e3 LP |
54 | assert(f); |
55 | assert(line); | |
56 | ||
ba8b8c9e MG |
57 | if (ferror(f)) |
58 | return -EIO; | |
59 | ||
91dc2bf7 LP |
60 | needs_nl = !(flags & WRITE_STRING_FILE_AVOID_NEWLINE) && !endswith(line, "\n"); |
61 | ||
62 | if (needs_nl && (flags & WRITE_STRING_FILE_DISABLE_BUFFER)) { | |
63 | /* If STDIO buffering was disabled, then let's append the newline character to the string itself, so | |
64 | * that the write goes out in one go, instead of two */ | |
65 | ||
66 | line = strjoina(line, "\n"); | |
67 | needs_nl = false; | |
68 | } | |
69 | ||
94d3b60f MG |
70 | if (fputs(line, f) == EOF) |
71 | return -errno; | |
72 | ||
91dc2bf7 | 73 | if (needs_nl) |
94d3b60f MG |
74 | if (fputc('\n', f) == EOF) |
75 | return -errno; | |
a5c32cff | 76 | |
be83711c CL |
77 | if (flags & WRITE_STRING_FILE_SYNC) |
78 | r = fflush_sync_and_check(f); | |
79 | else | |
80 | r = fflush_and_check(f); | |
81 | if (r < 0) | |
82 | return r; | |
83 | ||
39c38d77 ZJS |
84 | if (ts) { |
85 | struct timespec twice[2] = {*ts, *ts}; | |
86 | ||
87 | if (futimens(fileno(f), twice) < 0) | |
88 | return -errno; | |
89 | } | |
90 | ||
be83711c | 91 | return 0; |
a5c32cff HH |
92 | } |
93 | ||
2eabcc77 LP |
94 | static int write_string_file_atomic( |
95 | const char *fn, | |
96 | const char *line, | |
b1837133 | 97 | WriteStringFileFlags flags, |
2eabcc77 LP |
98 | struct timespec *ts) { |
99 | ||
a5c32cff HH |
100 | _cleanup_fclose_ FILE *f = NULL; |
101 | _cleanup_free_ char *p = NULL; | |
102 | int r; | |
103 | ||
104 | assert(fn); | |
105 | assert(line); | |
106 | ||
107 | r = fopen_temporary(fn, &f, &p); | |
108 | if (r < 0) | |
109 | return r; | |
110 | ||
35bbbf85 | 111 | (void) __fsetlocking(f, FSETLOCKING_BYCALLER); |
0d39fa9c | 112 | (void) fchmod_umask(fileno(f), 0644); |
a5c32cff | 113 | |
b1837133 | 114 | r = write_string_stream_ts(f, line, flags, ts); |
9dd1b1e8 LP |
115 | if (r < 0) |
116 | goto fail; | |
117 | ||
118 | if (rename(p, fn) < 0) { | |
119 | r = -errno; | |
120 | goto fail; | |
a5c32cff HH |
121 | } |
122 | ||
9dd1b1e8 | 123 | return 0; |
a5c32cff | 124 | |
9dd1b1e8 LP |
125 | fail: |
126 | (void) unlink(p); | |
a5c32cff HH |
127 | return r; |
128 | } | |
129 | ||
b1837133 LP |
130 | int write_string_file_ts( |
131 | const char *fn, | |
132 | const char *line, | |
133 | WriteStringFileFlags flags, | |
134 | struct timespec *ts) { | |
135 | ||
4c1fc3e4 | 136 | _cleanup_fclose_ FILE *f = NULL; |
eb3da901 | 137 | int q, r; |
4c1fc3e4 DM |
138 | |
139 | assert(fn); | |
140 | assert(line); | |
141 | ||
265710c2 AJ |
142 | /* We don't know how to verify whether the file contents was already on-disk. */ |
143 | assert(!((flags & WRITE_STRING_FILE_VERIFY_ON_FAILURE) && (flags & WRITE_STRING_FILE_SYNC))); | |
0675e94a | 144 | |
4c1fc3e4 DM |
145 | if (flags & WRITE_STRING_FILE_ATOMIC) { |
146 | assert(flags & WRITE_STRING_FILE_CREATE); | |
147 | ||
b1837133 | 148 | r = write_string_file_atomic(fn, line, flags, ts); |
eb3da901 LP |
149 | if (r < 0) |
150 | goto fail; | |
151 | ||
152 | return r; | |
39c38d77 | 153 | } else |
234519ae | 154 | assert(!ts); |
4c1fc3e4 DM |
155 | |
156 | if (flags & WRITE_STRING_FILE_CREATE) { | |
157 | f = fopen(fn, "we"); | |
eb3da901 LP |
158 | if (!f) { |
159 | r = -errno; | |
160 | goto fail; | |
161 | } | |
4c1fc3e4 DM |
162 | } else { |
163 | int fd; | |
164 | ||
165 | /* We manually build our own version of fopen(..., "we") that | |
166 | * works without O_CREAT */ | |
835d18ba | 167 | fd = open(fn, O_WRONLY|O_CLOEXEC|O_NOCTTY | ((flags & WRITE_STRING_FILE_NOFOLLOW) ? O_NOFOLLOW : 0)); |
eb3da901 LP |
168 | if (fd < 0) { |
169 | r = -errno; | |
170 | goto fail; | |
171 | } | |
4c1fc3e4 | 172 | |
e92aaed3 | 173 | f = fdopen(fd, "w"); |
4c1fc3e4 | 174 | if (!f) { |
eb3da901 | 175 | r = -errno; |
4c1fc3e4 | 176 | safe_close(fd); |
eb3da901 | 177 | goto fail; |
4c1fc3e4 DM |
178 | } |
179 | } | |
180 | ||
35bbbf85 LP |
181 | (void) __fsetlocking(f, FSETLOCKING_BYCALLER); |
182 | ||
12ec9c30 TSH |
183 | if (flags & WRITE_STRING_FILE_DISABLE_BUFFER) |
184 | setvbuf(f, NULL, _IONBF, 0); | |
185 | ||
b1837133 | 186 | r = write_string_stream_ts(f, line, flags, ts); |
eb3da901 LP |
187 | if (r < 0) |
188 | goto fail; | |
189 | ||
190 | return 0; | |
191 | ||
192 | fail: | |
193 | if (!(flags & WRITE_STRING_FILE_VERIFY_ON_FAILURE)) | |
194 | return r; | |
195 | ||
196 | f = safe_fclose(f); | |
197 | ||
198 | /* OK, the operation failed, but let's see if the right | |
199 | * contents in place already. If so, eat up the error. */ | |
200 | ||
201 | q = verify_file(fn, line, !(flags & WRITE_STRING_FILE_AVOID_NEWLINE)); | |
202 | if (q <= 0) | |
203 | return r; | |
204 | ||
205 | return 0; | |
4c1fc3e4 DM |
206 | } |
207 | ||
3130fca5 LP |
208 | int write_string_filef( |
209 | const char *fn, | |
210 | WriteStringFileFlags flags, | |
211 | const char *format, ...) { | |
212 | ||
213 | _cleanup_free_ char *p = NULL; | |
214 | va_list ap; | |
215 | int r; | |
216 | ||
217 | va_start(ap, format); | |
218 | r = vasprintf(&p, format, ap); | |
219 | va_end(ap); | |
220 | ||
221 | if (r < 0) | |
222 | return -ENOMEM; | |
223 | ||
224 | return write_string_file(fn, p, flags); | |
225 | } | |
226 | ||
a5c32cff HH |
227 | int read_one_line_file(const char *fn, char **line) { |
228 | _cleanup_fclose_ FILE *f = NULL; | |
fdeea3f4 | 229 | int r; |
a5c32cff HH |
230 | |
231 | assert(fn); | |
232 | assert(line); | |
233 | ||
fdeea3f4 ZJS |
234 | r = fopen_unlocked(fn, "re", &f); |
235 | if (r < 0) | |
236 | return r; | |
35bbbf85 | 237 | |
d6062e3b | 238 | return read_line(f, LONG_LINE_MAX, line); |
a5c32cff HH |
239 | } |
240 | ||
eb3da901 LP |
241 | int verify_file(const char *fn, const char *blob, bool accept_extra_nl) { |
242 | _cleanup_fclose_ FILE *f = NULL; | |
243 | _cleanup_free_ char *buf = NULL; | |
244 | size_t l, k; | |
fdeea3f4 | 245 | int r; |
15dee3f0 | 246 | |
eb3da901 LP |
247 | assert(fn); |
248 | assert(blob); | |
249 | ||
250 | l = strlen(blob); | |
251 | ||
252 | if (accept_extra_nl && endswith(blob, "\n")) | |
253 | accept_extra_nl = false; | |
254 | ||
255 | buf = malloc(l + accept_extra_nl + 1); | |
256 | if (!buf) | |
257 | return -ENOMEM; | |
258 | ||
fdeea3f4 ZJS |
259 | r = fopen_unlocked(fn, "re", &f); |
260 | if (r < 0) | |
261 | return r; | |
35bbbf85 | 262 | |
eb3da901 LP |
263 | /* We try to read one byte more than we need, so that we know whether we hit eof */ |
264 | errno = 0; | |
265 | k = fread(buf, 1, l + accept_extra_nl + 1, f); | |
266 | if (ferror(f)) | |
267 | return errno > 0 ? -errno : -EIO; | |
268 | ||
269 | if (k != l && k != l + accept_extra_nl) | |
270 | return 0; | |
271 | if (memcmp(buf, blob, l) != 0) | |
272 | return 0; | |
273 | if (k > l && buf[l] != '\n') | |
274 | return 0; | |
15dee3f0 | 275 | |
eb3da901 | 276 | return 1; |
15dee3f0 LP |
277 | } |
278 | ||
15f8f026 | 279 | int read_full_stream_full( |
2d78717b | 280 | FILE *f, |
50caae7b | 281 | const char *filename, |
15f8f026 | 282 | ReadFullFileFlags flags, |
2d78717b LP |
283 | char **ret_contents, |
284 | size_t *ret_size) { | |
285 | ||
a5c32cff HH |
286 | _cleanup_free_ char *buf = NULL; |
287 | struct stat st; | |
15f8f026 YW |
288 | size_t n, n_next, l; |
289 | int fd, r; | |
a5c32cff | 290 | |
717603e3 | 291 | assert(f); |
2d78717b | 292 | assert(ret_contents); |
07d8c0eb | 293 | assert(!(flags & READ_FULL_FILE_UNBASE64) || ret_size); |
a5c32cff | 294 | |
15f8f026 | 295 | n_next = LINE_MAX; /* Start size */ |
a5c32cff | 296 | |
c4054ddf LP |
297 | fd = fileno(f); |
298 | if (fd >= 0) { /* If the FILE* object is backed by an fd (as opposed to memory or such, see fmemopen(), let's | |
299 | * optimize our buffering) */ | |
717603e3 | 300 | |
15f8f026 | 301 | if (fstat(fd, &st) < 0) |
c4054ddf LP |
302 | return -errno; |
303 | ||
304 | if (S_ISREG(st.st_mode)) { | |
717603e3 | 305 | |
c4054ddf LP |
306 | /* Safety check */ |
307 | if (st.st_size > READ_FULL_BYTES_MAX) | |
308 | return -E2BIG; | |
309 | ||
310 | /* Start with the right file size, but be prepared for files from /proc which generally report a file | |
311 | * size of 0. Note that we increase the size to read here by one, so that the first read attempt | |
312 | * already makes us notice the EOF. */ | |
313 | if (st.st_size > 0) | |
15f8f026 | 314 | n_next = st.st_size + 1; |
50caae7b YW |
315 | |
316 | if (flags & READ_FULL_FILE_SECURE) | |
317 | (void) warn_file_is_world_accessible(filename, &st, NULL, 0); | |
c4054ddf | 318 | } |
717603e3 | 319 | } |
a5c32cff | 320 | |
15f8f026 | 321 | n = l = 0; |
a5c32cff HH |
322 | for (;;) { |
323 | char *t; | |
324 | size_t k; | |
325 | ||
15f8f026 YW |
326 | if (flags & READ_FULL_FILE_SECURE) { |
327 | t = malloc(n_next + 1); | |
328 | if (!t) { | |
329 | r = -ENOMEM; | |
330 | goto finalize; | |
331 | } | |
332 | memcpy_safe(t, buf, n); | |
333 | explicit_bzero_safe(buf, n); | |
334 | } else { | |
335 | t = realloc(buf, n_next + 1); | |
336 | if (!t) | |
337 | return -ENOMEM; | |
338 | } | |
a5c32cff HH |
339 | |
340 | buf = t; | |
15f8f026 YW |
341 | n = n_next; |
342 | ||
5a89faf0 | 343 | errno = 0; |
a5c32cff | 344 | k = fread(buf + l, 1, n - l, f); |
c2d11a63 VC |
345 | if (k > 0) |
346 | l += k; | |
a5c32cff | 347 | |
15f8f026 YW |
348 | if (ferror(f)) { |
349 | r = errno > 0 ? -errno : -EIO; | |
350 | goto finalize; | |
351 | } | |
a5c32cff | 352 | |
c2d11a63 | 353 | if (feof(f)) |
a5c32cff | 354 | break; |
a5c32cff | 355 | |
c2d11a63 VC |
356 | /* We aren't expecting fread() to return a short read outside |
357 | * of (error && eof), assert buffer is full and enlarge buffer. | |
358 | */ | |
359 | assert(l == n); | |
a5c32cff HH |
360 | |
361 | /* Safety check */ | |
15f8f026 YW |
362 | if (n >= READ_FULL_BYTES_MAX) { |
363 | r = -E2BIG; | |
364 | goto finalize; | |
365 | } | |
c2d11a63 | 366 | |
15f8f026 | 367 | n_next = MIN(n * 2, READ_FULL_BYTES_MAX); |
a5c32cff HH |
368 | } |
369 | ||
07d8c0eb YW |
370 | if (flags & READ_FULL_FILE_UNBASE64) { |
371 | buf[l++] = 0; | |
372 | r = unbase64mem_full(buf, l, flags & READ_FULL_FILE_SECURE, (void **) ret_contents, ret_size); | |
373 | goto finalize; | |
374 | } | |
375 | ||
2d78717b LP |
376 | if (!ret_size) { |
377 | /* Safety check: if the caller doesn't want to know the size of what we just read it will rely on the | |
378 | * trailing NUL byte. But if there's an embedded NUL byte, then we should refuse operation as otherwise | |
379 | * there'd be ambiguity about what we just read. */ | |
380 | ||
15f8f026 YW |
381 | if (memchr(buf, 0, l)) { |
382 | r = -EBADMSG; | |
383 | goto finalize; | |
384 | } | |
2d78717b LP |
385 | } |
386 | ||
a5c32cff | 387 | buf[l] = 0; |
2d78717b | 388 | *ret_contents = TAKE_PTR(buf); |
a5c32cff | 389 | |
2d78717b LP |
390 | if (ret_size) |
391 | *ret_size = l; | |
a5c32cff HH |
392 | |
393 | return 0; | |
15f8f026 YW |
394 | |
395 | finalize: | |
396 | if (flags & READ_FULL_FILE_SECURE) | |
397 | explicit_bzero_safe(buf, n); | |
398 | ||
399 | return r; | |
a5c32cff HH |
400 | } |
401 | ||
15f8f026 | 402 | int read_full_file_full(const char *filename, ReadFullFileFlags flags, char **contents, size_t *size) { |
717603e3 | 403 | _cleanup_fclose_ FILE *f = NULL; |
fdeea3f4 | 404 | int r; |
717603e3 | 405 | |
15f8f026 | 406 | assert(filename); |
717603e3 LP |
407 | assert(contents); |
408 | ||
fdeea3f4 ZJS |
409 | r = fopen_unlocked(filename, "re", &f); |
410 | if (r < 0) | |
411 | return r; | |
35bbbf85 | 412 | |
50caae7b | 413 | return read_full_stream_full(f, filename, flags, contents, size); |
717603e3 LP |
414 | } |
415 | ||
68fee104 | 416 | int executable_is_script(const char *path, char **interpreter) { |
c8b32e11 | 417 | _cleanup_free_ char *line = NULL; |
99c61f6b | 418 | size_t len; |
68fee104 | 419 | char *ans; |
99c61f6b | 420 | int r; |
68fee104 ZJS |
421 | |
422 | assert(path); | |
423 | ||
424 | r = read_one_line_file(path, &line); | |
99c61f6b LP |
425 | if (r == -ENOBUFS) /* First line overly long? if so, then it's not a script */ |
426 | return 0; | |
68fee104 ZJS |
427 | if (r < 0) |
428 | return r; | |
429 | ||
430 | if (!startswith(line, "#!")) | |
431 | return 0; | |
432 | ||
433 | ans = strstrip(line + 2); | |
434 | len = strcspn(ans, " \t"); | |
435 | ||
436 | if (len == 0) | |
437 | return 0; | |
438 | ||
439 | ans = strndup(ans, len); | |
440 | if (!ans) | |
441 | return -ENOMEM; | |
442 | ||
443 | *interpreter = ans; | |
444 | return 1; | |
445 | } | |
69ab8088 ZJS |
446 | |
447 | /** | |
0a7b53bd | 448 | * Retrieve one field from a file like /proc/self/status. pattern |
c4cd1d4d AK |
449 | * should not include whitespace or the delimiter (':'). pattern matches only |
450 | * the beginning of a line. Whitespace before ':' is skipped. Whitespace and | |
451 | * zeros after the ':' will be skipped. field must be freed afterwards. | |
452 | * terminator specifies the terminating characters of the field value (not | |
453 | * included in the value). | |
69ab8088 | 454 | */ |
c4cd1d4d | 455 | int get_proc_field(const char *filename, const char *pattern, const char *terminator, char **field) { |
69ab8088 | 456 | _cleanup_free_ char *status = NULL; |
90110825 | 457 | char *t, *f; |
69ab8088 ZJS |
458 | size_t len; |
459 | int r; | |
460 | ||
c4cd1d4d | 461 | assert(terminator); |
69ab8088 | 462 | assert(filename); |
7ff7394d | 463 | assert(pattern); |
69ab8088 ZJS |
464 | assert(field); |
465 | ||
466 | r = read_full_file(filename, &status, NULL); | |
467 | if (r < 0) | |
468 | return r; | |
469 | ||
c4cd1d4d AK |
470 | t = status; |
471 | ||
472 | do { | |
473 | bool pattern_ok; | |
474 | ||
475 | do { | |
476 | t = strstr(t, pattern); | |
477 | if (!t) | |
478 | return -ENOENT; | |
479 | ||
480 | /* Check that pattern occurs in beginning of line. */ | |
481 | pattern_ok = (t == status || t[-1] == '\n'); | |
482 | ||
483 | t += strlen(pattern); | |
484 | ||
485 | } while (!pattern_ok); | |
486 | ||
487 | t += strspn(t, " \t"); | |
488 | if (!*t) | |
489 | return -ENOENT; | |
490 | ||
491 | } while (*t != ':'); | |
492 | ||
493 | t++; | |
69ab8088 | 494 | |
4ec29144 | 495 | if (*t) { |
1e5413f7 ZJS |
496 | t += strspn(t, " \t"); |
497 | ||
498 | /* Also skip zeros, because when this is used for | |
499 | * capabilities, we don't want the zeros. This way the | |
500 | * same capability set always maps to the same string, | |
501 | * irrespective of the total capability set size. For | |
502 | * other numbers it shouldn't matter. */ | |
503 | t += strspn(t, "0"); | |
4ec29144 ZJS |
504 | /* Back off one char if there's nothing but whitespace |
505 | and zeros */ | |
1e5413f7 | 506 | if (!*t || isspace(*t)) |
313cefa1 | 507 | t--; |
4ec29144 | 508 | } |
69ab8088 | 509 | |
c4cd1d4d | 510 | len = strcspn(t, terminator); |
69ab8088 | 511 | |
90110825 LP |
512 | f = strndup(t, len); |
513 | if (!f) | |
69ab8088 ZJS |
514 | return -ENOMEM; |
515 | ||
90110825 | 516 | *field = f; |
69ab8088 ZJS |
517 | return 0; |
518 | } | |
0d39fa9c LP |
519 | |
520 | DIR *xopendirat(int fd, const char *name, int flags) { | |
521 | int nfd; | |
522 | DIR *d; | |
523 | ||
524 | assert(!(flags & O_CREAT)); | |
525 | ||
526 | nfd = openat(fd, name, O_RDONLY|O_NONBLOCK|O_DIRECTORY|O_CLOEXEC|flags, 0); | |
527 | if (nfd < 0) | |
528 | return NULL; | |
529 | ||
530 | d = fdopendir(nfd); | |
531 | if (!d) { | |
532 | safe_close(nfd); | |
533 | return NULL; | |
534 | } | |
535 | ||
536 | return d; | |
537 | } | |
538 | ||
539 | static int search_and_fopen_internal(const char *path, const char *mode, const char *root, char **search, FILE **_f) { | |
540 | char **i; | |
541 | ||
542 | assert(path); | |
543 | assert(mode); | |
544 | assert(_f); | |
545 | ||
546 | if (!path_strv_resolve_uniq(search, root)) | |
547 | return -ENOMEM; | |
548 | ||
549 | STRV_FOREACH(i, search) { | |
550 | _cleanup_free_ char *p = NULL; | |
551 | FILE *f; | |
552 | ||
553 | if (root) | |
605405c6 | 554 | p = strjoin(root, *i, "/", path); |
0d39fa9c | 555 | else |
605405c6 | 556 | p = strjoin(*i, "/", path); |
0d39fa9c LP |
557 | if (!p) |
558 | return -ENOMEM; | |
559 | ||
560 | f = fopen(p, mode); | |
561 | if (f) { | |
562 | *_f = f; | |
563 | return 0; | |
564 | } | |
565 | ||
566 | if (errno != ENOENT) | |
567 | return -errno; | |
568 | } | |
569 | ||
570 | return -ENOENT; | |
571 | } | |
572 | ||
573 | int search_and_fopen(const char *path, const char *mode, const char *root, const char **search, FILE **_f) { | |
574 | _cleanup_strv_free_ char **copy = NULL; | |
575 | ||
576 | assert(path); | |
577 | assert(mode); | |
578 | assert(_f); | |
579 | ||
580 | if (path_is_absolute(path)) { | |
581 | FILE *f; | |
582 | ||
583 | f = fopen(path, mode); | |
584 | if (f) { | |
585 | *_f = f; | |
586 | return 0; | |
587 | } | |
588 | ||
589 | return -errno; | |
590 | } | |
591 | ||
592 | copy = strv_copy((char**) search); | |
593 | if (!copy) | |
594 | return -ENOMEM; | |
595 | ||
596 | return search_and_fopen_internal(path, mode, root, copy, _f); | |
597 | } | |
598 | ||
599 | int search_and_fopen_nulstr(const char *path, const char *mode, const char *root, const char *search, FILE **_f) { | |
600 | _cleanup_strv_free_ char **s = NULL; | |
601 | ||
602 | if (path_is_absolute(path)) { | |
603 | FILE *f; | |
604 | ||
605 | f = fopen(path, mode); | |
606 | if (f) { | |
607 | *_f = f; | |
608 | return 0; | |
609 | } | |
610 | ||
611 | return -errno; | |
612 | } | |
613 | ||
614 | s = strv_split_nulstr(search); | |
615 | if (!s) | |
616 | return -ENOMEM; | |
617 | ||
618 | return search_and_fopen_internal(path, mode, root, s, _f); | |
619 | } | |
620 | ||
0d39fa9c LP |
621 | int fflush_and_check(FILE *f) { |
622 | assert(f); | |
623 | ||
624 | errno = 0; | |
625 | fflush(f); | |
626 | ||
627 | if (ferror(f)) | |
f5e5c28f | 628 | return errno > 0 ? -errno : -EIO; |
0d39fa9c LP |
629 | |
630 | return 0; | |
631 | } | |
632 | ||
0675e94a AJ |
633 | int fflush_sync_and_check(FILE *f) { |
634 | int r; | |
635 | ||
636 | assert(f); | |
637 | ||
638 | r = fflush_and_check(f); | |
639 | if (r < 0) | |
640 | return r; | |
641 | ||
642 | if (fsync(fileno(f)) < 0) | |
643 | return -errno; | |
644 | ||
8ac2f74f LP |
645 | r = fsync_directory_of_file(fileno(f)); |
646 | if (r < 0) | |
647 | return r; | |
648 | ||
0675e94a AJ |
649 | return 0; |
650 | } | |
651 | ||
33d52ab9 LP |
652 | int write_timestamp_file_atomic(const char *fn, usec_t n) { |
653 | char ln[DECIMAL_STR_MAX(n)+2]; | |
654 | ||
655 | /* Creates a "timestamp" file, that contains nothing but a | |
656 | * usec_t timestamp, formatted in ASCII. */ | |
657 | ||
658 | if (n <= 0 || n >= USEC_INFINITY) | |
659 | return -ERANGE; | |
660 | ||
661 | xsprintf(ln, USEC_FMT "\n", n); | |
662 | ||
663 | return write_string_file(fn, ln, WRITE_STRING_FILE_CREATE|WRITE_STRING_FILE_ATOMIC); | |
664 | } | |
665 | ||
666 | int read_timestamp_file(const char *fn, usec_t *ret) { | |
667 | _cleanup_free_ char *ln = NULL; | |
668 | uint64_t t; | |
669 | int r; | |
670 | ||
671 | r = read_one_line_file(fn, &ln); | |
672 | if (r < 0) | |
673 | return r; | |
674 | ||
675 | r = safe_atou64(ln, &t); | |
676 | if (r < 0) | |
677 | return r; | |
678 | ||
679 | if (t <= 0 || t >= (uint64_t) USEC_INFINITY) | |
680 | return -ERANGE; | |
681 | ||
682 | *ret = (usec_t) t; | |
683 | return 0; | |
684 | } | |
d390f8ef LP |
685 | |
686 | int fputs_with_space(FILE *f, const char *s, const char *separator, bool *space) { | |
687 | int r; | |
688 | ||
689 | assert(s); | |
690 | ||
691 | /* Outputs the specified string with fputs(), but optionally prefixes it with a separator. The *space parameter | |
692 | * when specified shall initially point to a boolean variable initialized to false. It is set to true after the | |
693 | * first invocation. This call is supposed to be use in loops, where a separator shall be inserted between each | |
694 | * element, but not before the first one. */ | |
695 | ||
696 | if (!f) | |
697 | f = stdout; | |
698 | ||
699 | if (space) { | |
700 | if (!separator) | |
701 | separator = " "; | |
702 | ||
703 | if (*space) { | |
704 | r = fputs(separator, f); | |
705 | if (r < 0) | |
706 | return r; | |
707 | } | |
708 | ||
709 | *space = true; | |
710 | } | |
711 | ||
712 | return fputs(s, f); | |
713 | } | |
03532f0a | 714 | |
838894b0 LP |
715 | /* A bitmask of the EOL markers we know */ |
716 | typedef enum EndOfLineMarker { | |
717 | EOL_NONE = 0, | |
718 | EOL_ZERO = 1 << 0, /* \0 (aka NUL) */ | |
719 | EOL_TEN = 1 << 1, /* \n (aka NL, aka LF) */ | |
720 | EOL_THIRTEEN = 1 << 2, /* \r (aka CR) */ | |
721 | } EndOfLineMarker; | |
722 | ||
41f11239 LP |
723 | static EndOfLineMarker categorize_eol(char c, ReadLineFlags flags) { |
724 | ||
725 | if (!IN_SET(flags, READ_LINE_ONLY_NUL)) { | |
726 | if (c == '\n') | |
727 | return EOL_TEN; | |
728 | if (c == '\r') | |
729 | return EOL_THIRTEEN; | |
730 | } | |
731 | ||
838894b0 LP |
732 | if (c == '\0') |
733 | return EOL_ZERO; | |
734 | ||
735 | return EOL_NONE; | |
736 | } | |
737 | ||
57d6f700 | 738 | DEFINE_TRIVIAL_CLEANUP_FUNC(FILE*, funlockfile); |
f858e514 | 739 | |
41f11239 | 740 | int read_line_full(FILE *f, size_t limit, ReadLineFlags flags, char **ret) { |
4f9a66a3 | 741 | size_t n = 0, allocated = 0, count = 0; |
838894b0 | 742 | _cleanup_free_ char *buffer = NULL; |
03a7dbea | 743 | int r; |
4f9a66a3 LP |
744 | |
745 | assert(f); | |
746 | ||
747 | /* Something like a bounded version of getline(). | |
748 | * | |
838894b0 LP |
749 | * Considers EOF, \n, \r and \0 end of line delimiters (or combinations of these), and does not include these |
750 | * delimiters in the string returned. Specifically, recognizes the following combinations of markers as line | |
751 | * endings: | |
752 | * | |
753 | * • \n (UNIX) | |
754 | * • \r (old MacOS) | |
755 | * • \0 (C strings) | |
756 | * • \n\0 | |
757 | * • \r\0 | |
758 | * • \r\n (Windows) | |
759 | * • \n\r | |
760 | * • \r\n\0 | |
761 | * • \n\r\0 | |
4f9a66a3 LP |
762 | * |
763 | * Returns the number of bytes read from the files (i.e. including delimiters — this hence usually differs from | |
764 | * the number of characters in the returned string). When EOF is hit, 0 is returned. | |
765 | * | |
766 | * The input parameter limit is the maximum numbers of characters in the returned string, i.e. excluding | |
767 | * delimiters. If the limit is hit we fail and return -ENOBUFS. | |
768 | * | |
769 | * If a line shall be skipped ret may be initialized as NULL. */ | |
770 | ||
771 | if (ret) { | |
772 | if (!GREEDY_REALLOC(buffer, allocated, 1)) | |
773 | return -ENOMEM; | |
774 | } | |
775 | ||
f858e514 | 776 | { |
3f691417 | 777 | _unused_ _cleanup_(funlockfilep) FILE *flocked = f; |
838894b0 | 778 | EndOfLineMarker previous_eol = EOL_NONE; |
f858e514 | 779 | flockfile(f); |
4f9a66a3 | 780 | |
f858e514 | 781 | for (;;) { |
838894b0 | 782 | EndOfLineMarker eol; |
03a7dbea | 783 | char c; |
4f9a66a3 | 784 | |
f858e514 ZJS |
785 | if (n >= limit) |
786 | return -ENOBUFS; | |
4f9a66a3 | 787 | |
31fd02f0 LP |
788 | if (count >= INT_MAX) /* We couldn't return the counter anymore as "int", hence refuse this */ |
789 | return -ENOBUFS; | |
790 | ||
03a7dbea LP |
791 | r = safe_fgetc(f, &c); |
792 | if (r < 0) | |
793 | return r; | |
91a306b8 | 794 | if (r == 0) /* EOF is definitely EOL */ |
f858e514 | 795 | break; |
4f9a66a3 | 796 | |
41f11239 | 797 | eol = categorize_eol(c, flags); |
838894b0 LP |
798 | |
799 | if (FLAGS_SET(previous_eol, EOL_ZERO) || | |
800 | (eol == EOL_NONE && previous_eol != EOL_NONE) || | |
801 | (eol != EOL_NONE && (previous_eol & eol) != 0)) { | |
802 | /* Previous char was a NUL? This is not an EOL, but the previous char was? This type of | |
517b7760 LP |
803 | * EOL marker has been seen right before? In either of these three cases we are |
804 | * done. But first, let's put this character back in the queue. (Note that we have to | |
805 | * cast this to (unsigned char) here as ungetc() expects a positive 'int', and if we | |
806 | * are on an architecture where 'char' equals 'signed char' we need to ensure we don't | |
807 | * pass a negative value here. That said, to complicate things further ungetc() is | |
808 | * actually happy with most negative characters and implicitly casts them back to | |
809 | * positive ones as needed, except for \xff (aka -1, aka EOF), which it refuses. What a | |
810 | * godawful API!) */ | |
811 | assert_se(ungetc((unsigned char) c, f) != EOF); | |
f858e514 | 812 | break; |
838894b0 LP |
813 | } |
814 | ||
91a306b8 LP |
815 | count++; |
816 | ||
838894b0 LP |
817 | if (eol != EOL_NONE) { |
818 | previous_eol |= eol; | |
819 | continue; | |
820 | } | |
4f9a66a3 | 821 | |
f858e514 ZJS |
822 | if (ret) { |
823 | if (!GREEDY_REALLOC(buffer, allocated, n + 2)) | |
824 | return -ENOMEM; | |
4f9a66a3 | 825 | |
03a7dbea | 826 | buffer[n] = c; |
4f9a66a3 LP |
827 | } |
828 | ||
f858e514 | 829 | n++; |
4f9a66a3 | 830 | } |
4f9a66a3 LP |
831 | } |
832 | ||
4f9a66a3 LP |
833 | if (ret) { |
834 | buffer[n] = 0; | |
835 | ||
1cc6c93a | 836 | *ret = TAKE_PTR(buffer); |
4f9a66a3 LP |
837 | } |
838 | ||
839 | return (int) count; | |
840 | } | |
285a9b27 LP |
841 | |
842 | int safe_fgetc(FILE *f, char *ret) { | |
843 | int k; | |
844 | ||
845 | assert(f); | |
846 | ||
847 | /* A safer version of plain fgetc(): let's propagate the error that happened while reading as such, and | |
848 | * separate the EOF condition from the byte read, to avoid those confusion signed/unsigned issues fgetc() | |
849 | * has. */ | |
850 | ||
851 | errno = 0; | |
852 | k = fgetc(f); | |
853 | if (k == EOF) { | |
854 | if (ferror(f)) | |
855 | return errno > 0 ? -errno : -EIO; | |
856 | ||
857 | if (ret) | |
858 | *ret = 0; | |
859 | ||
860 | return 0; | |
861 | } | |
862 | ||
863 | if (ret) | |
864 | *ret = k; | |
865 | ||
866 | return 1; | |
867 | } | |
7a309a8c YW |
868 | |
869 | int warn_file_is_world_accessible(const char *filename, struct stat *st, const char *unit, unsigned line) { | |
870 | struct stat _st; | |
871 | ||
872 | if (!filename) | |
873 | return 0; | |
874 | ||
875 | if (!st) { | |
876 | if (stat(filename, &_st) < 0) | |
877 | return -errno; | |
878 | st = &_st; | |
879 | } | |
880 | ||
881 | if ((st->st_mode & S_IRWXO) == 0) | |
882 | return 0; | |
883 | ||
884 | if (unit) | |
885 | log_syntax(unit, LOG_WARNING, filename, line, 0, | |
886 | "%s has %04o mode that is too permissive, please adjust the access mode.", | |
887 | filename, st->st_mode & 07777); | |
888 | else | |
889 | log_warning("%s has %04o mode that is too permissive, please adjust the access mode.", | |
890 | filename, st->st_mode & 07777); | |
891 | return 0; | |
892 | } |