]> git.ipfire.org Git - thirdparty/systemd.git/blame - src/basic/fileio.c
projects / thirdparty / systemd.git / blame
? search:
summary | shortlog | log | commit | commitdiff | tree
blob | blame (incremental) | history | HEAD
Add fopen_unlocked() wrapper
[thirdparty/systemd.git] / src / basic / fileio.c
CommitLineData
53e1b683 1/* SPDX-License-Identifier: LGPL-2.1+ */
a5c32cff 2
8bdc9a90 3#include <ctype.h>
11c3a366
TA		 4#include <errno.h>
5#include <fcntl.h>
6#include <limits.h>
7#include <stdarg.h>
8#include <stdint.h>
35bbbf85 9#include <stdio_ext.h>
11c3a366
TA		 10#include <stdlib.h>
11#include <string.h>
12#include <sys/stat.h>
13#include <sys/types.h>
a5c32cff 14#include <unistd.h>
cda134ab 15
b5efdb8a 16#include "alloc-util.h"
3ffd4af2
LP		 17#include "fd-util.h"
18#include "fileio.h"
f4f15635 19#include "fs-util.h"
07d8c0eb 20#include "hexdecoct.h"
93cc7779
TA		 21#include "log.h"
22#include "macro.h"
1d9ed171 23#include "missing.h"
33d52ab9 24#include "parse-util.h"
0d39fa9c 25#include "path-util.h"
33d52ab9 26#include "stdio-util.h"
07630cea 27#include "string-util.h"
e4de7287 28#include "tmpfile-util.h"
a5c32cff 29
c2d11a63
VC		 30#define READ_FULL_BYTES_MAX (4U*1024U*1024U)
31
fdeea3f4
ZJS		 32int fopen_unlocked(const char *path, const char *options, FILE **ret) {
33 assert(ret);
34
35 FILE *f = fopen(path, options);
36 if (!f)
37 return -errno;
38
39 (void) __fsetlocking(f, FSETLOCKING_BYCALLER);
40
41 *ret = f;
42 return 0;
43}
44
b1837133
LP		 45int write_string_stream_ts(
46 FILE *f,
47 const char *line,
48 WriteStringFileFlags flags,
49 struct timespec *ts) {
dacd6cee 50
91dc2bf7 51 bool needs_nl;
be83711c 52 int r;
91dc2bf7 53
717603e3
LP		 54 assert(f);
55 assert(line);
56
ba8b8c9e
MG		 57 if (ferror(f))
58 return -EIO;
59
91dc2bf7
LP		 60 needs_nl = !(flags & WRITE_STRING_FILE_AVOID_NEWLINE) && !endswith(line, "\n");
61
62 if (needs_nl && (flags & WRITE_STRING_FILE_DISABLE_BUFFER)) {
63 /* If STDIO buffering was disabled, then let's append the newline character to the string itself, so
64 * that the write goes out in one go, instead of two */
65
66 line = strjoina(line, "\n");
67 needs_nl = false;
68 }
69
94d3b60f
MG		 70 if (fputs(line, f) == EOF)
71 return -errno;
72
91dc2bf7 73 if (needs_nl)
94d3b60f
MG		 74 if (fputc('\n', f) == EOF)
75 return -errno;
a5c32cff 76
be83711c
CL		 77 if (flags & WRITE_STRING_FILE_SYNC)
78 r = fflush_sync_and_check(f);
79 else
80 r = fflush_and_check(f);
81 if (r < 0)
82 return r;
83
39c38d77
ZJS		 84 if (ts) {
85 struct timespec twice[2] = {*ts, *ts};
86
87 if (futimens(fileno(f), twice) < 0)
88 return -errno;
89 }
90
be83711c 91 return 0;
a5c32cff
HH		 92}
93
2eabcc77
LP		 94static int write_string_file_atomic(
95 const char *fn,
96 const char *line,
b1837133 97 WriteStringFileFlags flags,
2eabcc77
LP		 98 struct timespec *ts) {
99
a5c32cff
HH		 100 _cleanup_fclose_ FILE *f = NULL;
101 _cleanup_free_ char *p = NULL;
102 int r;
103
104 assert(fn);
105 assert(line);
106
107 r = fopen_temporary(fn, &f, &p);
108 if (r < 0)
109 return r;
110
35bbbf85 111 (void) __fsetlocking(f, FSETLOCKING_BYCALLER);
0d39fa9c 112 (void) fchmod_umask(fileno(f), 0644);
a5c32cff 113
b1837133 114 r = write_string_stream_ts(f, line, flags, ts);
9dd1b1e8
LP		 115 if (r < 0)
116 goto fail;
117
118 if (rename(p, fn) < 0) {
119 r = -errno;
120 goto fail;
a5c32cff
HH		 121 }
122
9dd1b1e8 123 return 0;
a5c32cff 124
9dd1b1e8
LP		 125fail:
126 (void) unlink(p);
a5c32cff
HH		 127 return r;
128}
129
b1837133
LP		 130int write_string_file_ts(
131 const char *fn,
132 const char *line,
133 WriteStringFileFlags flags,
134 struct timespec *ts) {
135
4c1fc3e4 136 _cleanup_fclose_ FILE *f = NULL;
eb3da901 137 int q, r;
4c1fc3e4
DM		 138
139 assert(fn);
140 assert(line);
141
265710c2
AJ		 142 /* We don't know how to verify whether the file contents was already on-disk. */
143 assert(!((flags & WRITE_STRING_FILE_VERIFY_ON_FAILURE) && (flags & WRITE_STRING_FILE_SYNC)));
0675e94a 144
4c1fc3e4
DM		 145 if (flags & WRITE_STRING_FILE_ATOMIC) {
146 assert(flags & WRITE_STRING_FILE_CREATE);
147
b1837133 148 r = write_string_file_atomic(fn, line, flags, ts);
eb3da901
LP		 149 if (r < 0)
150 goto fail;
151
152 return r;
39c38d77 153 } else
234519ae 154 assert(!ts);
4c1fc3e4
DM		 155
156 if (flags & WRITE_STRING_FILE_CREATE) {
157 f = fopen(fn, "we");
eb3da901
LP		 158 if (!f) {
159 r = -errno;
160 goto fail;
161 }
4c1fc3e4
DM		 162 } else {
163 int fd;
164
165 /* We manually build our own version of fopen(..., "we") that
166 * works without O_CREAT */
835d18ba 167 fd = open(fn, O_WRONLY|O_CLOEXEC|O_NOCTTY | ((flags & WRITE_STRING_FILE_NOFOLLOW) ? O_NOFOLLOW : 0));
eb3da901
LP		 168 if (fd < 0) {
169 r = -errno;
170 goto fail;
171 }
4c1fc3e4 172
e92aaed3 173 f = fdopen(fd, "w");
4c1fc3e4 174 if (!f) {
eb3da901 175 r = -errno;
4c1fc3e4 176 safe_close(fd);
eb3da901 177 goto fail;
4c1fc3e4
DM		 178 }
179 }
180
35bbbf85
LP		 181 (void) __fsetlocking(f, FSETLOCKING_BYCALLER);
182
12ec9c30
TSH		 183 if (flags & WRITE_STRING_FILE_DISABLE_BUFFER)
184 setvbuf(f, NULL, _IONBF, 0);
185
b1837133 186 r = write_string_stream_ts(f, line, flags, ts);
eb3da901
LP		 187 if (r < 0)
188 goto fail;
189
190 return 0;
191
192fail:
193 if (!(flags & WRITE_STRING_FILE_VERIFY_ON_FAILURE))
194 return r;
195
196 f = safe_fclose(f);
197
198 /* OK, the operation failed, but let's see if the right
199 * contents in place already. If so, eat up the error. */
200
201 q = verify_file(fn, line, !(flags & WRITE_STRING_FILE_AVOID_NEWLINE));
202 if (q <= 0)
203 return r;
204
205 return 0;
4c1fc3e4
DM		 206}
207
3130fca5
LP		 208int write_string_filef(
209 const char *fn,
210 WriteStringFileFlags flags,
211 const char *format, ...) {
212
213 _cleanup_free_ char *p = NULL;
214 va_list ap;
215 int r;
216
217 va_start(ap, format);
218 r = vasprintf(&p, format, ap);
219 va_end(ap);
220
221 if (r < 0)
222 return -ENOMEM;
223
224 return write_string_file(fn, p, flags);
225}
226
a5c32cff
HH		 227int read_one_line_file(const char *fn, char **line) {
228 _cleanup_fclose_ FILE *f = NULL;
fdeea3f4 229 int r;
a5c32cff
HH		 230
231 assert(fn);
232 assert(line);
233
fdeea3f4
ZJS		 234 r = fopen_unlocked(fn, "re", &f);
235 if (r < 0)
236 return r;
35bbbf85 237
d6062e3b 238 return read_line(f, LONG_LINE_MAX, line);
a5c32cff
HH		 239}
240
eb3da901
LP		 241int verify_file(const char *fn, const char *blob, bool accept_extra_nl) {
242 _cleanup_fclose_ FILE *f = NULL;
243 _cleanup_free_ char *buf = NULL;
244 size_t l, k;
fdeea3f4 245 int r;
15dee3f0 246
eb3da901
LP		 247 assert(fn);
248 assert(blob);
249
250 l = strlen(blob);
251
252 if (accept_extra_nl && endswith(blob, "\n"))
253 accept_extra_nl = false;
254
255 buf = malloc(l + accept_extra_nl + 1);
256 if (!buf)
257 return -ENOMEM;
258
fdeea3f4
ZJS		 259 r = fopen_unlocked(fn, "re", &f);
260 if (r < 0)
261 return r;
35bbbf85 262
eb3da901
LP		 263 /* We try to read one byte more than we need, so that we know whether we hit eof */
264 errno = 0;
265 k = fread(buf, 1, l + accept_extra_nl + 1, f);
266 if (ferror(f))
267 return errno > 0 ? -errno : -EIO;
268
269 if (k != l && k != l + accept_extra_nl)
270 return 0;
271 if (memcmp(buf, blob, l) != 0)
272 return 0;
273 if (k > l && buf[l] != '\n')
274 return 0;
15dee3f0 275
eb3da901 276 return 1;
15dee3f0
LP		 277}
278
15f8f026 279int read_full_stream_full(
2d78717b 280 FILE *f,
50caae7b 281 const char *filename,
15f8f026 282 ReadFullFileFlags flags,
2d78717b
LP		 283 char **ret_contents,
284 size_t *ret_size) {
285
a5c32cff
HH		 286 _cleanup_free_ char *buf = NULL;
287 struct stat st;
15f8f026
YW		 288 size_t n, n_next, l;
289 int fd, r;
a5c32cff 290
717603e3 291 assert(f);
2d78717b 292 assert(ret_contents);
07d8c0eb 293 assert(!(flags & READ_FULL_FILE_UNBASE64) || ret_size);
a5c32cff 294
15f8f026 295 n_next = LINE_MAX; /* Start size */
a5c32cff 296
c4054ddf
LP		 297 fd = fileno(f);
298 if (fd >= 0) { /* If the FILE* object is backed by an fd (as opposed to memory or such, see fmemopen(), let's
299 * optimize our buffering) */
717603e3 300
15f8f026 301 if (fstat(fd, &st) < 0)
c4054ddf
LP		 302 return -errno;
303
304 if (S_ISREG(st.st_mode)) {
717603e3 305
c4054ddf
LP		 306 /* Safety check */
307 if (st.st_size > READ_FULL_BYTES_MAX)
308 return -E2BIG;
309
310 /* Start with the right file size, but be prepared for files from /proc which generally report a file
311 * size of 0. Note that we increase the size to read here by one, so that the first read attempt
312 * already makes us notice the EOF. */
313 if (st.st_size > 0)
15f8f026 314 n_next = st.st_size + 1;
50caae7b
YW		 315
316 if (flags & READ_FULL_FILE_SECURE)
317 (void) warn_file_is_world_accessible(filename, &st, NULL, 0);
c4054ddf 318 }
717603e3 319 }
a5c32cff 320
15f8f026 321 n = l = 0;
a5c32cff
HH		 322 for (;;) {
323 char *t;
324 size_t k;
325
15f8f026
YW		 326 if (flags & READ_FULL_FILE_SECURE) {
327 t = malloc(n_next + 1);
328 if (!t) {
329 r = -ENOMEM;
330 goto finalize;
331 }
332 memcpy_safe(t, buf, n);
333 explicit_bzero_safe(buf, n);
334 } else {
335 t = realloc(buf, n_next + 1);
336 if (!t)
337 return -ENOMEM;
338 }
a5c32cff
HH		 339
340 buf = t;
15f8f026
YW		 341 n = n_next;
342
5a89faf0 343 errno = 0;
a5c32cff 344 k = fread(buf + l, 1, n - l, f);
c2d11a63
VC		 345 if (k > 0)
346 l += k;
a5c32cff 347
15f8f026
YW		 348 if (ferror(f)) {
349 r = errno > 0 ? -errno : -EIO;
350 goto finalize;
351 }
a5c32cff 352
c2d11a63 353 if (feof(f))
a5c32cff 354 break;
a5c32cff 355
c2d11a63
VC		 356 /* We aren't expecting fread() to return a short read outside
357 * of (error && eof), assert buffer is full and enlarge buffer.
358 */
359 assert(l == n);
a5c32cff
HH		 360
361 /* Safety check */
15f8f026
YW		 362 if (n >= READ_FULL_BYTES_MAX) {
363 r = -E2BIG;
364 goto finalize;
365 }
c2d11a63 366
15f8f026 367 n_next = MIN(n * 2, READ_FULL_BYTES_MAX);
a5c32cff
HH		 368 }
369
07d8c0eb
YW		 370 if (flags & READ_FULL_FILE_UNBASE64) {
371 buf[l++] = 0;
372 r = unbase64mem_full(buf, l, flags & READ_FULL_FILE_SECURE, (void **) ret_contents, ret_size);
373 goto finalize;
374 }
375
2d78717b
LP		 376 if (!ret_size) {
377 /* Safety check: if the caller doesn't want to know the size of what we just read it will rely on the
378 * trailing NUL byte. But if there's an embedded NUL byte, then we should refuse operation as otherwise
379 * there'd be ambiguity about what we just read. */
380
15f8f026
YW		 381 if (memchr(buf, 0, l)) {
382 r = -EBADMSG;
383 goto finalize;
384 }
2d78717b
LP		 385 }
386
a5c32cff 387 buf[l] = 0;
2d78717b 388 *ret_contents = TAKE_PTR(buf);
a5c32cff 389
2d78717b
LP		 390 if (ret_size)
391 *ret_size = l;
a5c32cff
HH		 392
393 return 0;
15f8f026
YW		 394
395finalize:
396 if (flags & READ_FULL_FILE_SECURE)
397 explicit_bzero_safe(buf, n);
398
399 return r;
a5c32cff
HH		 400}
401
15f8f026 402int read_full_file_full(const char *filename, ReadFullFileFlags flags, char **contents, size_t *size) {
717603e3 403 _cleanup_fclose_ FILE *f = NULL;
fdeea3f4 404 int r;
717603e3 405
15f8f026 406 assert(filename);
717603e3
LP		 407 assert(contents);
408
fdeea3f4
ZJS		 409 r = fopen_unlocked(filename, "re", &f);
410 if (r < 0)
411 return r;
35bbbf85 412
50caae7b 413 return read_full_stream_full(f, filename, flags, contents, size);
717603e3
LP		 414}
415
68fee104 416int executable_is_script(const char *path, char **interpreter) {
c8b32e11 417 _cleanup_free_ char *line = NULL;
99c61f6b 418 size_t len;
68fee104 419 char *ans;
99c61f6b 420 int r;
68fee104
ZJS		 421
422 assert(path);
423
424 r = read_one_line_file(path, &line);
99c61f6b
LP		 425 if (r == -ENOBUFS) /* First line overly long? if so, then it's not a script */
426 return 0;
68fee104
ZJS		 427 if (r < 0)
428 return r;
429
430 if (!startswith(line, "#!"))
431 return 0;
432
433 ans = strstrip(line + 2);
434 len = strcspn(ans, " \t");
435
436 if (len == 0)
437 return 0;
438
439 ans = strndup(ans, len);
440 if (!ans)
441 return -ENOMEM;
442
443 *interpreter = ans;
444 return 1;
445}
69ab8088
ZJS		 446
447/**
0a7b53bd 448 * Retrieve one field from a file like /proc/self/status. pattern
c4cd1d4d
AK		 449 * should not include whitespace or the delimiter (':'). pattern matches only
450 * the beginning of a line. Whitespace before ':' is skipped. Whitespace and
451 * zeros after the ':' will be skipped. field must be freed afterwards.
452 * terminator specifies the terminating characters of the field value (not
453 * included in the value).
69ab8088 454 */
c4cd1d4d 455int get_proc_field(const char *filename, const char *pattern, const char *terminator, char **field) {
69ab8088 456 _cleanup_free_ char *status = NULL;
90110825 457 char *t, *f;
69ab8088
ZJS		 458 size_t len;
459 int r;
460
c4cd1d4d 461 assert(terminator);
69ab8088 462 assert(filename);
7ff7394d 463 assert(pattern);
69ab8088
ZJS		 464 assert(field);
465
466 r = read_full_file(filename, &status, NULL);
467 if (r < 0)
468 return r;
469
c4cd1d4d
AK		 470 t = status;
471
472 do {
473 bool pattern_ok;
474
475 do {
476 t = strstr(t, pattern);
477 if (!t)
478 return -ENOENT;
479
480 /* Check that pattern occurs in beginning of line. */
481 pattern_ok = (t == status || t[-1] == '\n');
482
483 t += strlen(pattern);
484
485 } while (!pattern_ok);
486
487 t += strspn(t, " \t");
488 if (!*t)
489 return -ENOENT;
490
491 } while (*t != ':');
492
493 t++;
69ab8088 494
4ec29144 495 if (*t) {
1e5413f7
ZJS		 496 t += strspn(t, " \t");
497
498 /* Also skip zeros, because when this is used for
499 * capabilities, we don't want the zeros. This way the
500 * same capability set always maps to the same string,
501 * irrespective of the total capability set size. For
502 * other numbers it shouldn't matter. */
503 t += strspn(t, "0");
4ec29144
ZJS		 504 /* Back off one char if there's nothing but whitespace
505 and zeros */
1e5413f7 506 if (!*t || isspace(*t))
313cefa1 507 t--;
4ec29144 508 }
69ab8088 509
c4cd1d4d 510 len = strcspn(t, terminator);
69ab8088 511
90110825
LP		 512 f = strndup(t, len);
513 if (!f)
69ab8088
ZJS		 514 return -ENOMEM;
515
90110825 516 *field = f;
69ab8088
ZJS		 517 return 0;
518}
0d39fa9c
LP		 519
520DIR *xopendirat(int fd, const char *name, int flags) {
521 int nfd;
522 DIR *d;
523
524 assert(!(flags & O_CREAT));
525
526 nfd = openat(fd, name, O_RDONLY|O_NONBLOCK|O_DIRECTORY|O_CLOEXEC|flags, 0);
527 if (nfd < 0)
528 return NULL;
529
530 d = fdopendir(nfd);
531 if (!d) {
532 safe_close(nfd);
533 return NULL;
534 }
535
536 return d;
537}
538
539static int search_and_fopen_internal(const char *path, const char *mode, const char *root, char **search, FILE **_f) {
540 char **i;
541
542 assert(path);
543 assert(mode);
544 assert(_f);
545
546 if (!path_strv_resolve_uniq(search, root))
547 return -ENOMEM;
548
549 STRV_FOREACH(i, search) {
550 _cleanup_free_ char *p = NULL;
551 FILE *f;
552
553 if (root)
605405c6 554 p = strjoin(root, *i, "/", path);
0d39fa9c 555 else
605405c6 556 p = strjoin(*i, "/", path);
0d39fa9c
LP		 557 if (!p)
558 return -ENOMEM;
559
560 f = fopen(p, mode);
561 if (f) {
562 *_f = f;
563 return 0;
564 }
565
566 if (errno != ENOENT)
567 return -errno;
568 }
569
570 return -ENOENT;
571}
572
573int search_and_fopen(const char *path, const char *mode, const char *root, const char **search, FILE **_f) {
574 _cleanup_strv_free_ char **copy = NULL;
575
576 assert(path);
577 assert(mode);
578 assert(_f);
579
580 if (path_is_absolute(path)) {
581 FILE *f;
582
583 f = fopen(path, mode);
584 if (f) {
585 *_f = f;
586 return 0;
587 }
588
589 return -errno;
590 }
591
592 copy = strv_copy((char**) search);
593 if (!copy)
594 return -ENOMEM;
595
596 return search_and_fopen_internal(path, mode, root, copy, _f);
597}
598
599int search_and_fopen_nulstr(const char *path, const char *mode, const char *root, const char *search, FILE **_f) {
600 _cleanup_strv_free_ char **s = NULL;
601
602 if (path_is_absolute(path)) {
603 FILE *f;
604
605 f = fopen(path, mode);
606 if (f) {
607 *_f = f;
608 return 0;
609 }
610
611 return -errno;
612 }
613
614 s = strv_split_nulstr(search);
615 if (!s)
616 return -ENOMEM;
617
618 return search_and_fopen_internal(path, mode, root, s, _f);
619}
620
0d39fa9c
LP		 621int fflush_and_check(FILE *f) {
622 assert(f);
623
624 errno = 0;
625 fflush(f);
626
627 if (ferror(f))
f5e5c28f 628 return errno > 0 ? -errno : -EIO;
0d39fa9c
LP		 629
630 return 0;
631}
632
0675e94a
AJ		 633int fflush_sync_and_check(FILE *f) {
634 int r;
635
636 assert(f);
637
638 r = fflush_and_check(f);
639 if (r < 0)
640 return r;
641
642 if (fsync(fileno(f)) < 0)
643 return -errno;
644
8ac2f74f
LP		 645 r = fsync_directory_of_file(fileno(f));
646 if (r < 0)
647 return r;
648
0675e94a
AJ		 649 return 0;
650}
651
33d52ab9
LP		 652int write_timestamp_file_atomic(const char *fn, usec_t n) {
653 char ln[DECIMAL_STR_MAX(n)+2];
654
655 /* Creates a "timestamp" file, that contains nothing but a
656 * usec_t timestamp, formatted in ASCII. */
657
658 if (n <= 0 || n >= USEC_INFINITY)
659 return -ERANGE;
660
661 xsprintf(ln, USEC_FMT "\n", n);
662
663 return write_string_file(fn, ln, WRITE_STRING_FILE_CREATE|WRITE_STRING_FILE_ATOMIC);
664}
665
666int read_timestamp_file(const char *fn, usec_t *ret) {
667 _cleanup_free_ char *ln = NULL;
668 uint64_t t;
669 int r;
670
671 r = read_one_line_file(fn, &ln);
672 if (r < 0)
673 return r;
674
675 r = safe_atou64(ln, &t);
676 if (r < 0)
677 return r;
678
679 if (t <= 0 || t >= (uint64_t) USEC_INFINITY)
680 return -ERANGE;
681
682 *ret = (usec_t) t;
683 return 0;
684}
d390f8ef
LP		 685
686int fputs_with_space(FILE *f, const char *s, const char *separator, bool *space) {
687 int r;
688
689 assert(s);
690
691 /* Outputs the specified string with fputs(), but optionally prefixes it with a separator. The *space parameter
692 * when specified shall initially point to a boolean variable initialized to false. It is set to true after the
693 * first invocation. This call is supposed to be use in loops, where a separator shall be inserted between each
694 * element, but not before the first one. */
695
696 if (!f)
697 f = stdout;
698
699 if (space) {
700 if (!separator)
701 separator = " ";
702
703 if (*space) {
704 r = fputs(separator, f);
705 if (r < 0)
706 return r;
707 }
708
709 *space = true;
710 }
711
712 return fputs(s, f);
713}
03532f0a 714
838894b0
LP		 715/* A bitmask of the EOL markers we know */
716typedef enum EndOfLineMarker {
717 EOL_NONE = 0,
718 EOL_ZERO = 1 << 0, /* \0 (aka NUL) */
719 EOL_TEN = 1 << 1, /* \n (aka NL, aka LF) */
720 EOL_THIRTEEN = 1 << 2, /* \r (aka CR) */
721} EndOfLineMarker;
722
41f11239
LP		 723static EndOfLineMarker categorize_eol(char c, ReadLineFlags flags) {
724
725 if (!IN_SET(flags, READ_LINE_ONLY_NUL)) {
726 if (c == '\n')
727 return EOL_TEN;
728 if (c == '\r')
729 return EOL_THIRTEEN;
730 }
731
838894b0
LP		 732 if (c == '\0')
733 return EOL_ZERO;
734
735 return EOL_NONE;
736}
737
57d6f700 738DEFINE_TRIVIAL_CLEANUP_FUNC(FILE*, funlockfile);
f858e514 739
41f11239 740int read_line_full(FILE *f, size_t limit, ReadLineFlags flags, char **ret) {
4f9a66a3 741 size_t n = 0, allocated = 0, count = 0;
838894b0 742 _cleanup_free_ char *buffer = NULL;
03a7dbea 743 int r;
4f9a66a3
LP		 744
745 assert(f);
746
747 /* Something like a bounded version of getline().
748 *
838894b0
LP		 749 * Considers EOF, \n, \r and \0 end of line delimiters (or combinations of these), and does not include these
750 * delimiters in the string returned. Specifically, recognizes the following combinations of markers as line
751 * endings:
752 *
753 * • \n (UNIX)
754 * • \r (old MacOS)
755 * • \0 (C strings)
756 * • \n\0
757 * • \r\0
758 * • \r\n (Windows)
759 * • \n\r
760 * • \r\n\0
761 * • \n\r\0
4f9a66a3
LP		 762 *
763 * Returns the number of bytes read from the files (i.e. including delimiters — this hence usually differs from
764 * the number of characters in the returned string). When EOF is hit, 0 is returned.
765 *
766 * The input parameter limit is the maximum numbers of characters in the returned string, i.e. excluding
767 * delimiters. If the limit is hit we fail and return -ENOBUFS.
768 *
769 * If a line shall be skipped ret may be initialized as NULL. */
770
771 if (ret) {
772 if (!GREEDY_REALLOC(buffer, allocated, 1))
773 return -ENOMEM;
774 }
775
f858e514 776 {
3f691417 777 _unused_ _cleanup_(funlockfilep) FILE *flocked = f;
838894b0 778 EndOfLineMarker previous_eol = EOL_NONE;
f858e514 779 flockfile(f);
4f9a66a3 780
f858e514 781 for (;;) {
838894b0 782 EndOfLineMarker eol;
03a7dbea 783 char c;
4f9a66a3 784
f858e514
ZJS		 785 if (n >= limit)
786 return -ENOBUFS;
4f9a66a3 787
31fd02f0
LP		 788 if (count >= INT_MAX) /* We couldn't return the counter anymore as "int", hence refuse this */
789 return -ENOBUFS;
790
03a7dbea
LP		 791 r = safe_fgetc(f, &c);
792 if (r < 0)
793 return r;
91a306b8 794 if (r == 0) /* EOF is definitely EOL */
f858e514 795 break;
4f9a66a3 796
41f11239 797 eol = categorize_eol(c, flags);
838894b0
LP		 798
799 if (FLAGS_SET(previous_eol, EOL_ZERO) ||
800 (eol == EOL_NONE && previous_eol != EOL_NONE) ||
801 (eol != EOL_NONE && (previous_eol & eol) != 0)) {
802 /* Previous char was a NUL? This is not an EOL, but the previous char was? This type of
517b7760
LP		 803 * EOL marker has been seen right before? In either of these three cases we are
804 * done. But first, let's put this character back in the queue. (Note that we have to
805 * cast this to (unsigned char) here as ungetc() expects a positive 'int', and if we
806 * are on an architecture where 'char' equals 'signed char' we need to ensure we don't
807 * pass a negative value here. That said, to complicate things further ungetc() is
808 * actually happy with most negative characters and implicitly casts them back to
809 * positive ones as needed, except for \xff (aka -1, aka EOF), which it refuses. What a
810 * godawful API!) */
811 assert_se(ungetc((unsigned char) c, f) != EOF);
f858e514 812 break;
838894b0
LP		 813 }
814
91a306b8
LP		 815 count++;
816
838894b0
LP		 817 if (eol != EOL_NONE) {
818 previous_eol |= eol;
819 continue;
820 }
4f9a66a3 821
f858e514
ZJS		 822 if (ret) {
823 if (!GREEDY_REALLOC(buffer, allocated, n + 2))
824 return -ENOMEM;
4f9a66a3 825
03a7dbea 826 buffer[n] = c;
4f9a66a3
LP		 827 }
828
f858e514 829 n++;
4f9a66a3 830 }
4f9a66a3
LP		 831 }
832
4f9a66a3
LP		 833 if (ret) {
834 buffer[n] = 0;
835
1cc6c93a 836 *ret = TAKE_PTR(buffer);
4f9a66a3
LP		 837 }
838
839 return (int) count;
840}
285a9b27
LP		 841
842int safe_fgetc(FILE *f, char *ret) {
843 int k;
844
845 assert(f);
846
847 /* A safer version of plain fgetc(): let's propagate the error that happened while reading as such, and
848 * separate the EOF condition from the byte read, to avoid those confusion signed/unsigned issues fgetc()
849 * has. */
850
851 errno = 0;
852 k = fgetc(f);
853 if (k == EOF) {
854 if (ferror(f))
855 return errno > 0 ? -errno : -EIO;
856
857 if (ret)
858 *ret = 0;
859
860 return 0;
861 }
862
863 if (ret)
864 *ret = k;
865
866 return 1;
867}
7a309a8c
YW		 868
869int warn_file_is_world_accessible(const char *filename, struct stat *st, const char *unit, unsigned line) {
870 struct stat _st;
871
872 if (!filename)
873 return 0;
874
875 if (!st) {
876 if (stat(filename, &_st) < 0)
877 return -errno;
878 st = &_st;
879 }
880
881 if ((st->st_mode & S_IRWXO) == 0)
882 return 0;
883
884 if (unit)
885 log_syntax(unit, LOG_WARNING, filename, line, 0,
886 "%s has %04o mode that is too permissive, please adjust the access mode.",
887 filename, st->st_mode & 07777);
888 else
889 log_warning("%s has %04o mode that is too permissive, please adjust the access mode.",
890 filename, st->st_mode & 07777);
891 return 0;
892}
Unnamed repository; edit this file 'description' to name the repository.