]>
Commit | Line | Data |
---|---|---|
db9ecf05 | 1 | /* SPDX-License-Identifier: LGPL-2.1-or-later */ |
a5c32cff | 2 | |
8bdc9a90 | 3 | #include <ctype.h> |
11c3a366 TA |
4 | #include <errno.h> |
5 | #include <fcntl.h> | |
6 | #include <limits.h> | |
7 | #include <stdarg.h> | |
8 | #include <stdint.h> | |
35bbbf85 | 9 | #include <stdio_ext.h> |
11c3a366 | 10 | #include <stdlib.h> |
11c3a366 TA |
11 | #include <sys/stat.h> |
12 | #include <sys/types.h> | |
a5c32cff | 13 | #include <unistd.h> |
cda134ab | 14 | |
b5efdb8a | 15 | #include "alloc-util.h" |
3ffd4af2 LP |
16 | #include "fd-util.h" |
17 | #include "fileio.h" | |
f4f15635 | 18 | #include "fs-util.h" |
07d8c0eb | 19 | #include "hexdecoct.h" |
93cc7779 TA |
20 | #include "log.h" |
21 | #include "macro.h" | |
50ccd864 | 22 | #include "mkdir.h" |
33d52ab9 | 23 | #include "parse-util.h" |
0d39fa9c | 24 | #include "path-util.h" |
b93d3f6b | 25 | #include "socket-util.h" |
33d52ab9 | 26 | #include "stdio-util.h" |
07630cea | 27 | #include "string-util.h" |
e4de7287 | 28 | #include "tmpfile-util.h" |
a5c32cff | 29 | |
c2d11a63 VC |
30 | #define READ_FULL_BYTES_MAX (4U*1024U*1024U) |
31 | ||
fdeea3f4 ZJS |
32 | int fopen_unlocked(const char *path, const char *options, FILE **ret) { |
33 | assert(ret); | |
34 | ||
35 | FILE *f = fopen(path, options); | |
36 | if (!f) | |
37 | return -errno; | |
38 | ||
39 | (void) __fsetlocking(f, FSETLOCKING_BYCALLER); | |
40 | ||
41 | *ret = f; | |
42 | return 0; | |
43 | } | |
44 | ||
02e23d1a ZJS |
45 | int fdopen_unlocked(int fd, const char *options, FILE **ret) { |
46 | assert(ret); | |
47 | ||
48 | FILE *f = fdopen(fd, options); | |
49 | if (!f) | |
50 | return -errno; | |
51 | ||
52 | (void) __fsetlocking(f, FSETLOCKING_BYCALLER); | |
53 | ||
54 | *ret = f; | |
55 | return 0; | |
56 | } | |
57 | ||
3ebbb6cb VC |
58 | int take_fdopen_unlocked(int *fd, const char *options, FILE **ret) { |
59 | int r; | |
60 | ||
61 | assert(fd); | |
62 | ||
63 | r = fdopen_unlocked(*fd, options, ret); | |
64 | if (r < 0) | |
65 | return r; | |
66 | ||
67 | *fd = -1; | |
68 | ||
69 | return 0; | |
70 | } | |
71 | ||
72 | FILE* take_fdopen(int *fd, const char *options) { | |
73 | assert(fd); | |
74 | ||
75 | FILE *f = fdopen(*fd, options); | |
76 | if (!f) | |
77 | return NULL; | |
78 | ||
79 | *fd = -1; | |
80 | ||
81 | return f; | |
82 | } | |
83 | ||
f61457b0 VC |
84 | DIR* take_fdopendir(int *dfd) { |
85 | assert(dfd); | |
86 | ||
87 | DIR *d = fdopendir(*dfd); | |
88 | if (!d) | |
89 | return NULL; | |
90 | ||
91 | *dfd = -1; | |
92 | ||
93 | return d; | |
94 | } | |
95 | ||
2fe21124 ZJS |
96 | FILE* open_memstream_unlocked(char **ptr, size_t *sizeloc) { |
97 | FILE *f = open_memstream(ptr, sizeloc); | |
98 | if (!f) | |
99 | return NULL; | |
100 | ||
101 | (void) __fsetlocking(f, FSETLOCKING_BYCALLER); | |
102 | ||
103 | return f; | |
104 | } | |
105 | ||
673a1e6f ZJS |
106 | FILE* fmemopen_unlocked(void *buf, size_t size, const char *mode) { |
107 | FILE *f = fmemopen(buf, size, mode); | |
108 | if (!f) | |
109 | return NULL; | |
110 | ||
111 | (void) __fsetlocking(f, FSETLOCKING_BYCALLER); | |
112 | ||
113 | return f; | |
114 | } | |
115 | ||
b1837133 LP |
116 | int write_string_stream_ts( |
117 | FILE *f, | |
118 | const char *line, | |
119 | WriteStringFileFlags flags, | |
120 | struct timespec *ts) { | |
dacd6cee | 121 | |
91dc2bf7 | 122 | bool needs_nl; |
14f594b9 | 123 | int r, fd; |
91dc2bf7 | 124 | |
717603e3 LP |
125 | assert(f); |
126 | assert(line); | |
127 | ||
ba8b8c9e MG |
128 | if (ferror(f)) |
129 | return -EIO; | |
130 | ||
14f594b9 LP |
131 | if (ts) { |
132 | /* If we shall set the timestamp we need the fd. But fmemopen() streams generally don't have | |
133 | * an fd. Let's fail early in that case. */ | |
134 | fd = fileno(f); | |
135 | if (fd < 0) | |
136 | return -EBADF; | |
137 | } | |
138 | ||
91dc2bf7 LP |
139 | needs_nl = !(flags & WRITE_STRING_FILE_AVOID_NEWLINE) && !endswith(line, "\n"); |
140 | ||
141 | if (needs_nl && (flags & WRITE_STRING_FILE_DISABLE_BUFFER)) { | |
142 | /* If STDIO buffering was disabled, then let's append the newline character to the string itself, so | |
143 | * that the write goes out in one go, instead of two */ | |
144 | ||
145 | line = strjoina(line, "\n"); | |
146 | needs_nl = false; | |
147 | } | |
148 | ||
94d3b60f MG |
149 | if (fputs(line, f) == EOF) |
150 | return -errno; | |
151 | ||
91dc2bf7 | 152 | if (needs_nl) |
94d3b60f MG |
153 | if (fputc('\n', f) == EOF) |
154 | return -errno; | |
a5c32cff | 155 | |
be83711c CL |
156 | if (flags & WRITE_STRING_FILE_SYNC) |
157 | r = fflush_sync_and_check(f); | |
158 | else | |
159 | r = fflush_and_check(f); | |
160 | if (r < 0) | |
161 | return r; | |
162 | ||
39c38d77 ZJS |
163 | if (ts) { |
164 | struct timespec twice[2] = {*ts, *ts}; | |
165 | ||
14f594b9 | 166 | if (futimens(fd, twice) < 0) |
39c38d77 ZJS |
167 | return -errno; |
168 | } | |
169 | ||
be83711c | 170 | return 0; |
a5c32cff HH |
171 | } |
172 | ||
2eabcc77 LP |
173 | static int write_string_file_atomic( |
174 | const char *fn, | |
175 | const char *line, | |
b1837133 | 176 | WriteStringFileFlags flags, |
2eabcc77 LP |
177 | struct timespec *ts) { |
178 | ||
a5c32cff HH |
179 | _cleanup_fclose_ FILE *f = NULL; |
180 | _cleanup_free_ char *p = NULL; | |
181 | int r; | |
182 | ||
183 | assert(fn); | |
184 | assert(line); | |
185 | ||
95244ceb LP |
186 | /* Note that we'd really like to use O_TMPFILE here, but can't really, since we want replacement |
187 | * semantics here, and O_TMPFILE can't offer that. i.e. rename() replaces but linkat() doesn't. */ | |
188 | ||
a5c32cff HH |
189 | r = fopen_temporary(fn, &f, &p); |
190 | if (r < 0) | |
191 | return r; | |
192 | ||
b1837133 | 193 | r = write_string_stream_ts(f, line, flags, ts); |
9dd1b1e8 LP |
194 | if (r < 0) |
195 | goto fail; | |
196 | ||
95244ceb LP |
197 | r = fchmod_umask(fileno(f), FLAGS_SET(flags, WRITE_STRING_FILE_MODE_0600) ? 0600 : 0644); |
198 | if (r < 0) | |
199 | goto fail; | |
200 | ||
9dd1b1e8 LP |
201 | if (rename(p, fn) < 0) { |
202 | r = -errno; | |
203 | goto fail; | |
a5c32cff HH |
204 | } |
205 | ||
5b3f4a20 LP |
206 | if (FLAGS_SET(flags, WRITE_STRING_FILE_SYNC)) { |
207 | /* Sync the rename, too */ | |
208 | r = fsync_directory_of_file(fileno(f)); | |
209 | if (r < 0) | |
210 | return r; | |
211 | } | |
212 | ||
9dd1b1e8 | 213 | return 0; |
a5c32cff | 214 | |
9dd1b1e8 LP |
215 | fail: |
216 | (void) unlink(p); | |
a5c32cff HH |
217 | return r; |
218 | } | |
219 | ||
b1837133 LP |
220 | int write_string_file_ts( |
221 | const char *fn, | |
222 | const char *line, | |
223 | WriteStringFileFlags flags, | |
224 | struct timespec *ts) { | |
225 | ||
4c1fc3e4 | 226 | _cleanup_fclose_ FILE *f = NULL; |
95244ceb | 227 | int q, r, fd; |
4c1fc3e4 DM |
228 | |
229 | assert(fn); | |
230 | assert(line); | |
231 | ||
265710c2 AJ |
232 | /* We don't know how to verify whether the file contents was already on-disk. */ |
233 | assert(!((flags & WRITE_STRING_FILE_VERIFY_ON_FAILURE) && (flags & WRITE_STRING_FILE_SYNC))); | |
0675e94a | 234 | |
50ccd864 LP |
235 | if (flags & WRITE_STRING_FILE_MKDIR_0755) { |
236 | r = mkdir_parents(fn, 0755); | |
237 | if (r < 0) | |
238 | return r; | |
239 | } | |
240 | ||
4c1fc3e4 DM |
241 | if (flags & WRITE_STRING_FILE_ATOMIC) { |
242 | assert(flags & WRITE_STRING_FILE_CREATE); | |
243 | ||
b1837133 | 244 | r = write_string_file_atomic(fn, line, flags, ts); |
eb3da901 LP |
245 | if (r < 0) |
246 | goto fail; | |
247 | ||
248 | return r; | |
39c38d77 | 249 | } else |
234519ae | 250 | assert(!ts); |
4c1fc3e4 | 251 | |
95244ceb LP |
252 | /* We manually build our own version of fopen(..., "we") that works without O_CREAT and with O_NOFOLLOW if needed. */ |
253 | fd = open(fn, O_WRONLY|O_CLOEXEC|O_NOCTTY | | |
254 | (FLAGS_SET(flags, WRITE_STRING_FILE_NOFOLLOW) ? O_NOFOLLOW : 0) | | |
6797a74f | 255 | (FLAGS_SET(flags, WRITE_STRING_FILE_CREATE) ? O_CREAT : 0) | |
256 | (FLAGS_SET(flags, WRITE_STRING_FILE_TRUNCATE) ? O_TRUNC : 0), | |
95244ceb LP |
257 | (FLAGS_SET(flags, WRITE_STRING_FILE_MODE_0600) ? 0600 : 0666)); |
258 | if (fd < 0) { | |
259 | r = -errno; | |
260 | goto fail; | |
261 | } | |
4c1fc3e4 | 262 | |
95244ceb LP |
263 | r = fdopen_unlocked(fd, "w", &f); |
264 | if (r < 0) { | |
265 | safe_close(fd); | |
266 | goto fail; | |
41f6e627 | 267 | } |
35bbbf85 | 268 | |
12ec9c30 TSH |
269 | if (flags & WRITE_STRING_FILE_DISABLE_BUFFER) |
270 | setvbuf(f, NULL, _IONBF, 0); | |
271 | ||
b1837133 | 272 | r = write_string_stream_ts(f, line, flags, ts); |
eb3da901 LP |
273 | if (r < 0) |
274 | goto fail; | |
275 | ||
276 | return 0; | |
277 | ||
278 | fail: | |
279 | if (!(flags & WRITE_STRING_FILE_VERIFY_ON_FAILURE)) | |
280 | return r; | |
281 | ||
282 | f = safe_fclose(f); | |
283 | ||
284 | /* OK, the operation failed, but let's see if the right | |
285 | * contents in place already. If so, eat up the error. */ | |
286 | ||
287 | q = verify_file(fn, line, !(flags & WRITE_STRING_FILE_AVOID_NEWLINE)); | |
288 | if (q <= 0) | |
289 | return r; | |
290 | ||
291 | return 0; | |
4c1fc3e4 DM |
292 | } |
293 | ||
3130fca5 LP |
294 | int write_string_filef( |
295 | const char *fn, | |
296 | WriteStringFileFlags flags, | |
297 | const char *format, ...) { | |
298 | ||
299 | _cleanup_free_ char *p = NULL; | |
300 | va_list ap; | |
301 | int r; | |
302 | ||
303 | va_start(ap, format); | |
304 | r = vasprintf(&p, format, ap); | |
305 | va_end(ap); | |
306 | ||
307 | if (r < 0) | |
308 | return -ENOMEM; | |
309 | ||
310 | return write_string_file(fn, p, flags); | |
311 | } | |
312 | ||
a5c32cff HH |
313 | int read_one_line_file(const char *fn, char **line) { |
314 | _cleanup_fclose_ FILE *f = NULL; | |
fdeea3f4 | 315 | int r; |
a5c32cff HH |
316 | |
317 | assert(fn); | |
318 | assert(line); | |
319 | ||
fdeea3f4 ZJS |
320 | r = fopen_unlocked(fn, "re", &f); |
321 | if (r < 0) | |
322 | return r; | |
35bbbf85 | 323 | |
d6062e3b | 324 | return read_line(f, LONG_LINE_MAX, line); |
a5c32cff HH |
325 | } |
326 | ||
eb3da901 LP |
327 | int verify_file(const char *fn, const char *blob, bool accept_extra_nl) { |
328 | _cleanup_fclose_ FILE *f = NULL; | |
329 | _cleanup_free_ char *buf = NULL; | |
330 | size_t l, k; | |
fdeea3f4 | 331 | int r; |
15dee3f0 | 332 | |
eb3da901 LP |
333 | assert(fn); |
334 | assert(blob); | |
335 | ||
336 | l = strlen(blob); | |
337 | ||
338 | if (accept_extra_nl && endswith(blob, "\n")) | |
339 | accept_extra_nl = false; | |
340 | ||
341 | buf = malloc(l + accept_extra_nl + 1); | |
342 | if (!buf) | |
343 | return -ENOMEM; | |
344 | ||
fdeea3f4 ZJS |
345 | r = fopen_unlocked(fn, "re", &f); |
346 | if (r < 0) | |
347 | return r; | |
35bbbf85 | 348 | |
eb3da901 LP |
349 | /* We try to read one byte more than we need, so that we know whether we hit eof */ |
350 | errno = 0; | |
351 | k = fread(buf, 1, l + accept_extra_nl + 1, f); | |
352 | if (ferror(f)) | |
66855de7 | 353 | return errno_or_else(EIO); |
eb3da901 LP |
354 | |
355 | if (k != l && k != l + accept_extra_nl) | |
356 | return 0; | |
357 | if (memcmp(buf, blob, l) != 0) | |
358 | return 0; | |
359 | if (k > l && buf[l] != '\n') | |
360 | return 0; | |
15dee3f0 | 361 | |
eb3da901 | 362 | return 1; |
15dee3f0 LP |
363 | } |
364 | ||
21b40f16 FB |
365 | int read_full_virtual_file(const char *filename, char **ret_contents, size_t *ret_size) { |
366 | _cleanup_free_ char *buf = NULL; | |
367 | _cleanup_close_ int fd = -1; | |
368 | struct stat st; | |
369 | size_t n, size; | |
370 | int n_retries; | |
371 | char *p; | |
372 | ||
373 | assert(ret_contents); | |
374 | ||
375 | /* Virtual filesystems such as sysfs or procfs use kernfs, and kernfs can work | |
376 | * with two sorts of virtual files. One sort uses "seq_file", and the results of | |
377 | * the first read are buffered for the second read. The other sort uses "raw" | |
378 | * reads which always go direct to the device. In the latter case, the content of | |
379 | * the virtual file must be retrieved with a single read otherwise a second read | |
380 | * might get the new value instead of finding EOF immediately. That's the reason | |
381 | * why the usage of fread(3) is prohibited in this case as it always performs a | |
382 | * second call to read(2) looking for EOF. See issue 13585. */ | |
383 | ||
384 | fd = open(filename, O_RDONLY|O_CLOEXEC); | |
385 | if (fd < 0) | |
386 | return -errno; | |
387 | ||
388 | /* Start size for files in /proc which usually report a file size of 0. */ | |
389 | size = LINE_MAX / 2; | |
390 | ||
391 | /* Limit the number of attempts to read the number of bytes returned by fstat(). */ | |
392 | n_retries = 3; | |
393 | ||
394 | for (;;) { | |
395 | if (n_retries <= 0) | |
396 | return -EIO; | |
397 | ||
398 | if (fstat(fd, &st) < 0) | |
399 | return -errno; | |
400 | ||
401 | if (!S_ISREG(st.st_mode)) | |
402 | return -EBADF; | |
403 | ||
404 | /* Be prepared for files from /proc which generally report a file size of 0. */ | |
405 | if (st.st_size > 0) { | |
406 | size = st.st_size; | |
407 | n_retries--; | |
408 | } else | |
409 | size = size * 2; | |
410 | ||
411 | if (size > READ_FULL_BYTES_MAX) | |
412 | return -E2BIG; | |
413 | ||
414 | p = realloc(buf, size + 1); | |
415 | if (!p) | |
416 | return -ENOMEM; | |
417 | buf = TAKE_PTR(p); | |
418 | ||
419 | for (;;) { | |
420 | ssize_t k; | |
421 | ||
422 | /* Read one more byte so we can detect whether the content of the | |
423 | * file has already changed or the guessed size for files from /proc | |
424 | * wasn't large enough . */ | |
425 | k = read(fd, buf, size + 1); | |
426 | if (k >= 0) { | |
427 | n = k; | |
428 | break; | |
429 | } | |
430 | ||
6b8664cb | 431 | if (errno != EINTR) |
21b40f16 FB |
432 | return -errno; |
433 | } | |
434 | ||
435 | /* Consider a short read as EOF */ | |
436 | if (n <= size) | |
437 | break; | |
438 | ||
439 | /* Hmm... either we read too few bytes from /proc or less likely the content | |
440 | * of the file might have been changed (and is now bigger) while we were | |
441 | * processing, let's try again either with a bigger guessed size or the new | |
442 | * file size. */ | |
443 | ||
444 | if (lseek(fd, 0, SEEK_SET) < 0) | |
445 | return -errno; | |
446 | } | |
447 | ||
448 | if (n < size) { | |
449 | p = realloc(buf, n + 1); | |
450 | if (!p) | |
451 | return -ENOMEM; | |
452 | buf = TAKE_PTR(p); | |
453 | } | |
454 | ||
455 | if (!ret_size) { | |
456 | /* Safety check: if the caller doesn't want to know the size of what we | |
457 | * just read it will rely on the trailing NUL byte. But if there's an | |
458 | * embedded NUL byte, then we should refuse operation as otherwise | |
459 | * there'd be ambiguity about what we just read. */ | |
460 | ||
461 | if (memchr(buf, 0, n)) | |
462 | return -EBADMSG; | |
463 | } else | |
464 | *ret_size = n; | |
465 | ||
466 | buf[n] = 0; | |
467 | *ret_contents = TAKE_PTR(buf); | |
468 | ||
469 | return 0; | |
470 | } | |
471 | ||
15f8f026 | 472 | int read_full_stream_full( |
2d78717b | 473 | FILE *f, |
50caae7b | 474 | const char *filename, |
15f8f026 | 475 | ReadFullFileFlags flags, |
2d78717b LP |
476 | char **ret_contents, |
477 | size_t *ret_size) { | |
478 | ||
a5c32cff HH |
479 | _cleanup_free_ char *buf = NULL; |
480 | struct stat st; | |
15f8f026 YW |
481 | size_t n, n_next, l; |
482 | int fd, r; | |
a5c32cff | 483 | |
717603e3 | 484 | assert(f); |
2d78717b | 485 | assert(ret_contents); |
89aaf655 | 486 | assert(!FLAGS_SET(flags, READ_FULL_FILE_UNBASE64 | READ_FULL_FILE_UNHEX)); |
a5c32cff | 487 | |
15f8f026 | 488 | n_next = LINE_MAX; /* Start size */ |
a5c32cff | 489 | |
c4054ddf | 490 | fd = fileno(f); |
c668aa8b LP |
491 | if (fd >= 0) { /* If the FILE* object is backed by an fd (as opposed to memory or such, see fmemopen()), let's |
492 | * optimize our buffering */ | |
717603e3 | 493 | |
15f8f026 | 494 | if (fstat(fd, &st) < 0) |
c4054ddf LP |
495 | return -errno; |
496 | ||
497 | if (S_ISREG(st.st_mode)) { | |
717603e3 | 498 | |
c4054ddf LP |
499 | /* Safety check */ |
500 | if (st.st_size > READ_FULL_BYTES_MAX) | |
501 | return -E2BIG; | |
502 | ||
21b40f16 FB |
503 | /* Start with the right file size. Note that we increase the size |
504 | * to read here by one, so that the first read attempt already | |
505 | * makes us notice the EOF. */ | |
c4054ddf | 506 | if (st.st_size > 0) |
15f8f026 | 507 | n_next = st.st_size + 1; |
50caae7b | 508 | |
f2944702 | 509 | if (flags & READ_FULL_FILE_WARN_WORLD_READABLE) |
50caae7b | 510 | (void) warn_file_is_world_accessible(filename, &st, NULL, 0); |
c4054ddf | 511 | } |
717603e3 | 512 | } |
a5c32cff | 513 | |
15f8f026 | 514 | n = l = 0; |
a5c32cff HH |
515 | for (;;) { |
516 | char *t; | |
517 | size_t k; | |
518 | ||
15f8f026 YW |
519 | if (flags & READ_FULL_FILE_SECURE) { |
520 | t = malloc(n_next + 1); | |
521 | if (!t) { | |
522 | r = -ENOMEM; | |
523 | goto finalize; | |
524 | } | |
525 | memcpy_safe(t, buf, n); | |
526 | explicit_bzero_safe(buf, n); | |
c424bed1 | 527 | buf = mfree(buf); |
15f8f026 YW |
528 | } else { |
529 | t = realloc(buf, n_next + 1); | |
530 | if (!t) | |
531 | return -ENOMEM; | |
532 | } | |
a5c32cff HH |
533 | |
534 | buf = t; | |
15f8f026 YW |
535 | n = n_next; |
536 | ||
5a89faf0 | 537 | errno = 0; |
a5c32cff | 538 | k = fread(buf + l, 1, n - l, f); |
b93d3f6b LP |
539 | |
540 | assert(k <= n - l); | |
541 | l += k; | |
a5c32cff | 542 | |
15f8f026 | 543 | if (ferror(f)) { |
66855de7 | 544 | r = errno_or_else(EIO); |
15f8f026 YW |
545 | goto finalize; |
546 | } | |
c2d11a63 | 547 | if (feof(f)) |
a5c32cff | 548 | break; |
a5c32cff | 549 | |
b93d3f6b | 550 | assert(k > 0); /* we can't have read zero bytes because that would have been EOF */ |
a5c32cff HH |
551 | |
552 | /* Safety check */ | |
15f8f026 YW |
553 | if (n >= READ_FULL_BYTES_MAX) { |
554 | r = -E2BIG; | |
555 | goto finalize; | |
556 | } | |
c2d11a63 | 557 | |
15f8f026 | 558 | n_next = MIN(n * 2, READ_FULL_BYTES_MAX); |
a5c32cff HH |
559 | } |
560 | ||
89aaf655 | 561 | if (flags & (READ_FULL_FILE_UNBASE64 | READ_FULL_FILE_UNHEX)) { |
c668aa8b LP |
562 | _cleanup_free_ void *decoded = NULL; |
563 | size_t decoded_size; | |
564 | ||
07d8c0eb | 565 | buf[l++] = 0; |
89aaf655 | 566 | if (flags & READ_FULL_FILE_UNBASE64) |
c668aa8b | 567 | r = unbase64mem_full(buf, l, flags & READ_FULL_FILE_SECURE, &decoded, &decoded_size); |
89aaf655 | 568 | else |
c668aa8b LP |
569 | r = unhexmem_full(buf, l, flags & READ_FULL_FILE_SECURE, &decoded, &decoded_size); |
570 | if (r < 0) | |
571 | goto finalize; | |
572 | ||
573 | if (flags & READ_FULL_FILE_SECURE) | |
574 | explicit_bzero_safe(buf, n); | |
575 | free_and_replace(buf, decoded); | |
576 | n = l = decoded_size; | |
07d8c0eb YW |
577 | } |
578 | ||
2d78717b LP |
579 | if (!ret_size) { |
580 | /* Safety check: if the caller doesn't want to know the size of what we just read it will rely on the | |
581 | * trailing NUL byte. But if there's an embedded NUL byte, then we should refuse operation as otherwise | |
582 | * there'd be ambiguity about what we just read. */ | |
583 | ||
15f8f026 YW |
584 | if (memchr(buf, 0, l)) { |
585 | r = -EBADMSG; | |
586 | goto finalize; | |
587 | } | |
2d78717b LP |
588 | } |
589 | ||
a5c32cff | 590 | buf[l] = 0; |
2d78717b | 591 | *ret_contents = TAKE_PTR(buf); |
a5c32cff | 592 | |
2d78717b LP |
593 | if (ret_size) |
594 | *ret_size = l; | |
a5c32cff HH |
595 | |
596 | return 0; | |
15f8f026 YW |
597 | |
598 | finalize: | |
599 | if (flags & READ_FULL_FILE_SECURE) | |
600 | explicit_bzero_safe(buf, n); | |
601 | ||
602 | return r; | |
a5c32cff HH |
603 | } |
604 | ||
d3dcf4e3 LP |
605 | int read_full_file_full( |
606 | int dir_fd, | |
607 | const char *filename, | |
608 | ReadFullFileFlags flags, | |
609 | const char *bind_name, | |
610 | char **contents, size_t *size) { | |
611 | ||
717603e3 | 612 | _cleanup_fclose_ FILE *f = NULL; |
fdeea3f4 | 613 | int r; |
717603e3 | 614 | |
15f8f026 | 615 | assert(filename); |
717603e3 LP |
616 | assert(contents); |
617 | ||
8241f785 | 618 | r = xfopenat(dir_fd, filename, "re", 0, &f); |
b93d3f6b LP |
619 | if (r < 0) { |
620 | _cleanup_close_ int dfd = -1, sk = -1; | |
621 | union sockaddr_union sa; | |
622 | ||
623 | /* ENXIO is what Linux returns if we open a node that is an AF_UNIX socket */ | |
624 | if (r != -ENXIO) | |
625 | return r; | |
626 | ||
627 | /* If this is enabled, let's try to connect to it */ | |
628 | if (!FLAGS_SET(flags, READ_FULL_FILE_CONNECT_SOCKET)) | |
629 | return -ENXIO; | |
630 | ||
631 | if (dir_fd == AT_FDCWD) | |
632 | r = sockaddr_un_set_path(&sa.un, filename); | |
633 | else { | |
634 | char procfs_path[STRLEN("/proc/self/fd/") + DECIMAL_STR_MAX(int)]; | |
635 | ||
636 | /* If we shall operate relative to some directory, then let's use O_PATH first to | |
637 | * open the socket inode, and then connect to it via /proc/self/fd/. We have to do | |
638 | * this since there's not connectat() that takes a directory fd as first arg. */ | |
639 | ||
640 | dfd = openat(dir_fd, filename, O_PATH|O_CLOEXEC); | |
641 | if (dfd < 0) | |
642 | return -errno; | |
643 | ||
644 | xsprintf(procfs_path, "/proc/self/fd/%i", dfd); | |
645 | r = sockaddr_un_set_path(&sa.un, procfs_path); | |
646 | } | |
647 | if (r < 0) | |
648 | return r; | |
649 | ||
650 | sk = socket(AF_UNIX, SOCK_STREAM|SOCK_CLOEXEC, 0); | |
651 | if (sk < 0) | |
652 | return -errno; | |
653 | ||
d3dcf4e3 LP |
654 | if (bind_name) { |
655 | /* If the caller specified a socket name to bind to, do so before connecting. This is | |
656 | * useful to communicate some minor, short meta-information token from the client to | |
657 | * the server. */ | |
658 | union sockaddr_union bsa; | |
659 | ||
660 | r = sockaddr_un_set_path(&bsa.un, bind_name); | |
661 | if (r < 0) | |
662 | return r; | |
663 | ||
664 | if (bind(sk, &bsa.sa, r) < 0) | |
665 | return r; | |
666 | } | |
667 | ||
b93d3f6b LP |
668 | if (connect(sk, &sa.sa, SOCKADDR_UN_LEN(sa.un)) < 0) |
669 | return errno == ENOTSOCK ? -ENXIO : -errno; /* propagate original error if this is | |
670 | * not a socket after all */ | |
671 | ||
672 | if (shutdown(sk, SHUT_WR) < 0) | |
673 | return -errno; | |
674 | ||
675 | f = fdopen(sk, "r"); | |
676 | if (!f) | |
677 | return -errno; | |
678 | ||
679 | TAKE_FD(sk); | |
680 | } | |
35bbbf85 | 681 | |
8241f785 LP |
682 | (void) __fsetlocking(f, FSETLOCKING_BYCALLER); |
683 | ||
50caae7b | 684 | return read_full_stream_full(f, filename, flags, contents, size); |
717603e3 LP |
685 | } |
686 | ||
68fee104 | 687 | int executable_is_script(const char *path, char **interpreter) { |
c8b32e11 | 688 | _cleanup_free_ char *line = NULL; |
99c61f6b | 689 | size_t len; |
68fee104 | 690 | char *ans; |
99c61f6b | 691 | int r; |
68fee104 ZJS |
692 | |
693 | assert(path); | |
694 | ||
695 | r = read_one_line_file(path, &line); | |
99c61f6b LP |
696 | if (r == -ENOBUFS) /* First line overly long? if so, then it's not a script */ |
697 | return 0; | |
68fee104 ZJS |
698 | if (r < 0) |
699 | return r; | |
700 | ||
701 | if (!startswith(line, "#!")) | |
702 | return 0; | |
703 | ||
704 | ans = strstrip(line + 2); | |
705 | len = strcspn(ans, " \t"); | |
706 | ||
707 | if (len == 0) | |
708 | return 0; | |
709 | ||
710 | ans = strndup(ans, len); | |
711 | if (!ans) | |
712 | return -ENOMEM; | |
713 | ||
714 | *interpreter = ans; | |
715 | return 1; | |
716 | } | |
69ab8088 ZJS |
717 | |
718 | /** | |
0a7b53bd | 719 | * Retrieve one field from a file like /proc/self/status. pattern |
c4cd1d4d AK |
720 | * should not include whitespace or the delimiter (':'). pattern matches only |
721 | * the beginning of a line. Whitespace before ':' is skipped. Whitespace and | |
722 | * zeros after the ':' will be skipped. field must be freed afterwards. | |
723 | * terminator specifies the terminating characters of the field value (not | |
724 | * included in the value). | |
69ab8088 | 725 | */ |
c4cd1d4d | 726 | int get_proc_field(const char *filename, const char *pattern, const char *terminator, char **field) { |
69ab8088 | 727 | _cleanup_free_ char *status = NULL; |
90110825 | 728 | char *t, *f; |
69ab8088 ZJS |
729 | size_t len; |
730 | int r; | |
731 | ||
c4cd1d4d | 732 | assert(terminator); |
69ab8088 | 733 | assert(filename); |
7ff7394d | 734 | assert(pattern); |
69ab8088 ZJS |
735 | assert(field); |
736 | ||
21b40f16 | 737 | r = read_full_virtual_file(filename, &status, NULL); |
69ab8088 ZJS |
738 | if (r < 0) |
739 | return r; | |
740 | ||
c4cd1d4d AK |
741 | t = status; |
742 | ||
743 | do { | |
744 | bool pattern_ok; | |
745 | ||
746 | do { | |
747 | t = strstr(t, pattern); | |
748 | if (!t) | |
749 | return -ENOENT; | |
750 | ||
751 | /* Check that pattern occurs in beginning of line. */ | |
752 | pattern_ok = (t == status || t[-1] == '\n'); | |
753 | ||
754 | t += strlen(pattern); | |
755 | ||
756 | } while (!pattern_ok); | |
757 | ||
758 | t += strspn(t, " \t"); | |
759 | if (!*t) | |
760 | return -ENOENT; | |
761 | ||
762 | } while (*t != ':'); | |
763 | ||
764 | t++; | |
69ab8088 | 765 | |
4ec29144 | 766 | if (*t) { |
1e5413f7 ZJS |
767 | t += strspn(t, " \t"); |
768 | ||
769 | /* Also skip zeros, because when this is used for | |
770 | * capabilities, we don't want the zeros. This way the | |
771 | * same capability set always maps to the same string, | |
772 | * irrespective of the total capability set size. For | |
773 | * other numbers it shouldn't matter. */ | |
774 | t += strspn(t, "0"); | |
4ec29144 ZJS |
775 | /* Back off one char if there's nothing but whitespace |
776 | and zeros */ | |
1e5413f7 | 777 | if (!*t || isspace(*t)) |
313cefa1 | 778 | t--; |
4ec29144 | 779 | } |
69ab8088 | 780 | |
c4cd1d4d | 781 | len = strcspn(t, terminator); |
69ab8088 | 782 | |
90110825 LP |
783 | f = strndup(t, len); |
784 | if (!f) | |
69ab8088 ZJS |
785 | return -ENOMEM; |
786 | ||
90110825 | 787 | *field = f; |
69ab8088 ZJS |
788 | return 0; |
789 | } | |
0d39fa9c LP |
790 | |
791 | DIR *xopendirat(int fd, const char *name, int flags) { | |
792 | int nfd; | |
793 | DIR *d; | |
794 | ||
795 | assert(!(flags & O_CREAT)); | |
796 | ||
797 | nfd = openat(fd, name, O_RDONLY|O_NONBLOCK|O_DIRECTORY|O_CLOEXEC|flags, 0); | |
798 | if (nfd < 0) | |
799 | return NULL; | |
800 | ||
801 | d = fdopendir(nfd); | |
802 | if (!d) { | |
803 | safe_close(nfd); | |
804 | return NULL; | |
805 | } | |
806 | ||
807 | return d; | |
808 | } | |
809 | ||
0a38e6b9 LP |
810 | static int mode_to_flags(const char *mode) { |
811 | const char *p; | |
812 | int flags; | |
813 | ||
814 | if ((p = startswith(mode, "r+"))) | |
815 | flags = O_RDWR; | |
816 | else if ((p = startswith(mode, "r"))) | |
817 | flags = O_RDONLY; | |
818 | else if ((p = startswith(mode, "w+"))) | |
819 | flags = O_RDWR|O_CREAT|O_TRUNC; | |
820 | else if ((p = startswith(mode, "w"))) | |
821 | flags = O_WRONLY|O_CREAT|O_TRUNC; | |
822 | else if ((p = startswith(mode, "a+"))) | |
823 | flags = O_RDWR|O_CREAT|O_APPEND; | |
824 | else if ((p = startswith(mode, "a"))) | |
825 | flags = O_WRONLY|O_CREAT|O_APPEND; | |
826 | else | |
827 | return -EINVAL; | |
828 | ||
829 | for (; *p != 0; p++) { | |
830 | ||
831 | switch (*p) { | |
832 | ||
833 | case 'e': | |
834 | flags |= O_CLOEXEC; | |
835 | break; | |
836 | ||
837 | case 'x': | |
838 | flags |= O_EXCL; | |
839 | break; | |
840 | ||
841 | case 'm': | |
842 | /* ignore this here, fdopen() might care later though */ | |
843 | break; | |
844 | ||
845 | case 'c': /* not sure what to do about this one */ | |
846 | default: | |
847 | return -EINVAL; | |
848 | } | |
849 | } | |
850 | ||
851 | return flags; | |
852 | } | |
853 | ||
854 | int xfopenat(int dir_fd, const char *path, const char *mode, int flags, FILE **ret) { | |
855 | FILE *f; | |
856 | ||
857 | /* A combination of fopen() with openat() */ | |
858 | ||
859 | if (dir_fd == AT_FDCWD && flags == 0) { | |
860 | f = fopen(path, mode); | |
861 | if (!f) | |
862 | return -errno; | |
863 | } else { | |
864 | int fd, mode_flags; | |
865 | ||
866 | mode_flags = mode_to_flags(mode); | |
867 | if (mode_flags < 0) | |
868 | return mode_flags; | |
869 | ||
870 | fd = openat(dir_fd, path, mode_flags | flags); | |
871 | if (fd < 0) | |
872 | return -errno; | |
873 | ||
874 | f = fdopen(fd, mode); | |
875 | if (!f) { | |
876 | safe_close(fd); | |
877 | return -errno; | |
878 | } | |
879 | } | |
880 | ||
881 | *ret = f; | |
882 | return 0; | |
883 | } | |
884 | ||
0d39fa9c LP |
885 | static int search_and_fopen_internal(const char *path, const char *mode, const char *root, char **search, FILE **_f) { |
886 | char **i; | |
887 | ||
888 | assert(path); | |
889 | assert(mode); | |
890 | assert(_f); | |
891 | ||
892 | if (!path_strv_resolve_uniq(search, root)) | |
893 | return -ENOMEM; | |
894 | ||
895 | STRV_FOREACH(i, search) { | |
896 | _cleanup_free_ char *p = NULL; | |
897 | FILE *f; | |
898 | ||
657ee2d8 | 899 | p = path_join(root, *i, path); |
0d39fa9c LP |
900 | if (!p) |
901 | return -ENOMEM; | |
902 | ||
903 | f = fopen(p, mode); | |
904 | if (f) { | |
905 | *_f = f; | |
906 | return 0; | |
907 | } | |
908 | ||
909 | if (errno != ENOENT) | |
910 | return -errno; | |
911 | } | |
912 | ||
913 | return -ENOENT; | |
914 | } | |
915 | ||
916 | int search_and_fopen(const char *path, const char *mode, const char *root, const char **search, FILE **_f) { | |
917 | _cleanup_strv_free_ char **copy = NULL; | |
918 | ||
919 | assert(path); | |
920 | assert(mode); | |
921 | assert(_f); | |
922 | ||
923 | if (path_is_absolute(path)) { | |
924 | FILE *f; | |
925 | ||
926 | f = fopen(path, mode); | |
927 | if (f) { | |
928 | *_f = f; | |
929 | return 0; | |
930 | } | |
931 | ||
932 | return -errno; | |
933 | } | |
934 | ||
935 | copy = strv_copy((char**) search); | |
936 | if (!copy) | |
937 | return -ENOMEM; | |
938 | ||
939 | return search_and_fopen_internal(path, mode, root, copy, _f); | |
940 | } | |
941 | ||
942 | int search_and_fopen_nulstr(const char *path, const char *mode, const char *root, const char *search, FILE **_f) { | |
943 | _cleanup_strv_free_ char **s = NULL; | |
944 | ||
945 | if (path_is_absolute(path)) { | |
946 | FILE *f; | |
947 | ||
948 | f = fopen(path, mode); | |
949 | if (f) { | |
950 | *_f = f; | |
951 | return 0; | |
952 | } | |
953 | ||
954 | return -errno; | |
955 | } | |
956 | ||
957 | s = strv_split_nulstr(search); | |
958 | if (!s) | |
959 | return -ENOMEM; | |
960 | ||
961 | return search_and_fopen_internal(path, mode, root, s, _f); | |
962 | } | |
963 | ||
d338bfff ZJS |
964 | int chase_symlinks_and_fopen_unlocked( |
965 | const char *path, | |
966 | const char *root, | |
967 | unsigned chase_flags, | |
968 | const char *open_flags, | |
969 | FILE **ret_file, | |
970 | char **ret_path) { | |
971 | ||
972 | _cleanup_close_ int fd = -1; | |
973 | _cleanup_free_ char *final_path = NULL; | |
974 | int mode_flags, r; | |
975 | FILE *f; | |
976 | ||
977 | assert(path); | |
978 | assert(open_flags); | |
979 | assert(ret_file); | |
980 | ||
981 | mode_flags = mode_to_flags(open_flags); | |
982 | if (mode_flags < 0) | |
983 | return mode_flags; | |
984 | ||
985 | fd = chase_symlinks_and_open(path, root, chase_flags, mode_flags, ret_path ? &final_path : NULL); | |
986 | if (fd < 0) | |
987 | return fd; | |
988 | ||
989 | r = fdopen_unlocked(fd, open_flags, &f); | |
990 | if (r < 0) | |
991 | return r; | |
992 | TAKE_FD(fd); | |
993 | ||
994 | *ret_file = f; | |
995 | if (ret_path) | |
996 | *ret_path = TAKE_PTR(final_path); | |
997 | return 0; | |
998 | } | |
999 | ||
0d39fa9c LP |
1000 | int fflush_and_check(FILE *f) { |
1001 | assert(f); | |
1002 | ||
1003 | errno = 0; | |
1004 | fflush(f); | |
1005 | ||
1006 | if (ferror(f)) | |
66855de7 | 1007 | return errno_or_else(EIO); |
0d39fa9c LP |
1008 | |
1009 | return 0; | |
1010 | } | |
1011 | ||
0675e94a | 1012 | int fflush_sync_and_check(FILE *f) { |
14f594b9 | 1013 | int r, fd; |
0675e94a AJ |
1014 | |
1015 | assert(f); | |
1016 | ||
1017 | r = fflush_and_check(f); | |
1018 | if (r < 0) | |
1019 | return r; | |
1020 | ||
14f594b9 LP |
1021 | /* Not all file streams have an fd associated (think: fmemopen()), let's handle this gracefully and |
1022 | * assume that in that case we need no explicit syncing */ | |
1023 | fd = fileno(f); | |
1024 | if (fd < 0) | |
1025 | return 0; | |
1026 | ||
1027 | if (fsync(fd) < 0) | |
0675e94a AJ |
1028 | return -errno; |
1029 | ||
14f594b9 | 1030 | r = fsync_directory_of_file(fd); |
8ac2f74f LP |
1031 | if (r < 0) |
1032 | return r; | |
1033 | ||
0675e94a AJ |
1034 | return 0; |
1035 | } | |
1036 | ||
33d52ab9 LP |
1037 | int write_timestamp_file_atomic(const char *fn, usec_t n) { |
1038 | char ln[DECIMAL_STR_MAX(n)+2]; | |
1039 | ||
1040 | /* Creates a "timestamp" file, that contains nothing but a | |
1041 | * usec_t timestamp, formatted in ASCII. */ | |
1042 | ||
1043 | if (n <= 0 || n >= USEC_INFINITY) | |
1044 | return -ERANGE; | |
1045 | ||
1046 | xsprintf(ln, USEC_FMT "\n", n); | |
1047 | ||
1048 | return write_string_file(fn, ln, WRITE_STRING_FILE_CREATE|WRITE_STRING_FILE_ATOMIC); | |
1049 | } | |
1050 | ||
1051 | int read_timestamp_file(const char *fn, usec_t *ret) { | |
1052 | _cleanup_free_ char *ln = NULL; | |
1053 | uint64_t t; | |
1054 | int r; | |
1055 | ||
1056 | r = read_one_line_file(fn, &ln); | |
1057 | if (r < 0) | |
1058 | return r; | |
1059 | ||
1060 | r = safe_atou64(ln, &t); | |
1061 | if (r < 0) | |
1062 | return r; | |
1063 | ||
1064 | if (t <= 0 || t >= (uint64_t) USEC_INFINITY) | |
1065 | return -ERANGE; | |
1066 | ||
1067 | *ret = (usec_t) t; | |
1068 | return 0; | |
1069 | } | |
d390f8ef LP |
1070 | |
1071 | int fputs_with_space(FILE *f, const char *s, const char *separator, bool *space) { | |
1072 | int r; | |
1073 | ||
1074 | assert(s); | |
1075 | ||
1076 | /* Outputs the specified string with fputs(), but optionally prefixes it with a separator. The *space parameter | |
1077 | * when specified shall initially point to a boolean variable initialized to false. It is set to true after the | |
1078 | * first invocation. This call is supposed to be use in loops, where a separator shall be inserted between each | |
1079 | * element, but not before the first one. */ | |
1080 | ||
1081 | if (!f) | |
1082 | f = stdout; | |
1083 | ||
1084 | if (space) { | |
1085 | if (!separator) | |
1086 | separator = " "; | |
1087 | ||
1088 | if (*space) { | |
1089 | r = fputs(separator, f); | |
1090 | if (r < 0) | |
1091 | return r; | |
1092 | } | |
1093 | ||
1094 | *space = true; | |
1095 | } | |
1096 | ||
1097 | return fputs(s, f); | |
1098 | } | |
03532f0a | 1099 | |
838894b0 LP |
1100 | /* A bitmask of the EOL markers we know */ |
1101 | typedef enum EndOfLineMarker { | |
1102 | EOL_NONE = 0, | |
1103 | EOL_ZERO = 1 << 0, /* \0 (aka NUL) */ | |
1104 | EOL_TEN = 1 << 1, /* \n (aka NL, aka LF) */ | |
1105 | EOL_THIRTEEN = 1 << 2, /* \r (aka CR) */ | |
1106 | } EndOfLineMarker; | |
1107 | ||
41f11239 LP |
1108 | static EndOfLineMarker categorize_eol(char c, ReadLineFlags flags) { |
1109 | ||
1110 | if (!IN_SET(flags, READ_LINE_ONLY_NUL)) { | |
1111 | if (c == '\n') | |
1112 | return EOL_TEN; | |
1113 | if (c == '\r') | |
1114 | return EOL_THIRTEEN; | |
1115 | } | |
1116 | ||
838894b0 LP |
1117 | if (c == '\0') |
1118 | return EOL_ZERO; | |
1119 | ||
1120 | return EOL_NONE; | |
1121 | } | |
1122 | ||
57d6f700 | 1123 | DEFINE_TRIVIAL_CLEANUP_FUNC(FILE*, funlockfile); |
f858e514 | 1124 | |
41f11239 | 1125 | int read_line_full(FILE *f, size_t limit, ReadLineFlags flags, char **ret) { |
4f9a66a3 | 1126 | size_t n = 0, allocated = 0, count = 0; |
838894b0 | 1127 | _cleanup_free_ char *buffer = NULL; |
609ae0f5 | 1128 | int r; |
4f9a66a3 LP |
1129 | |
1130 | assert(f); | |
1131 | ||
1132 | /* Something like a bounded version of getline(). | |
1133 | * | |
838894b0 LP |
1134 | * Considers EOF, \n, \r and \0 end of line delimiters (or combinations of these), and does not include these |
1135 | * delimiters in the string returned. Specifically, recognizes the following combinations of markers as line | |
1136 | * endings: | |
1137 | * | |
1138 | * • \n (UNIX) | |
1139 | * • \r (old MacOS) | |
1140 | * • \0 (C strings) | |
1141 | * • \n\0 | |
1142 | * • \r\0 | |
1143 | * • \r\n (Windows) | |
1144 | * • \n\r | |
1145 | * • \r\n\0 | |
1146 | * • \n\r\0 | |
4f9a66a3 LP |
1147 | * |
1148 | * Returns the number of bytes read from the files (i.e. including delimiters — this hence usually differs from | |
1149 | * the number of characters in the returned string). When EOF is hit, 0 is returned. | |
1150 | * | |
1151 | * The input parameter limit is the maximum numbers of characters in the returned string, i.e. excluding | |
1152 | * delimiters. If the limit is hit we fail and return -ENOBUFS. | |
1153 | * | |
1154 | * If a line shall be skipped ret may be initialized as NULL. */ | |
1155 | ||
1156 | if (ret) { | |
1157 | if (!GREEDY_REALLOC(buffer, allocated, 1)) | |
1158 | return -ENOMEM; | |
1159 | } | |
1160 | ||
f858e514 | 1161 | { |
3f691417 | 1162 | _unused_ _cleanup_(funlockfilep) FILE *flocked = f; |
838894b0 | 1163 | EndOfLineMarker previous_eol = EOL_NONE; |
f858e514 | 1164 | flockfile(f); |
4f9a66a3 | 1165 | |
f858e514 | 1166 | for (;;) { |
838894b0 | 1167 | EndOfLineMarker eol; |
03a7dbea | 1168 | char c; |
4f9a66a3 | 1169 | |
f858e514 ZJS |
1170 | if (n >= limit) |
1171 | return -ENOBUFS; | |
4f9a66a3 | 1172 | |
31fd02f0 LP |
1173 | if (count >= INT_MAX) /* We couldn't return the counter anymore as "int", hence refuse this */ |
1174 | return -ENOBUFS; | |
1175 | ||
03a7dbea LP |
1176 | r = safe_fgetc(f, &c); |
1177 | if (r < 0) | |
1178 | return r; | |
91a306b8 | 1179 | if (r == 0) /* EOF is definitely EOL */ |
f858e514 | 1180 | break; |
4f9a66a3 | 1181 | |
41f11239 | 1182 | eol = categorize_eol(c, flags); |
838894b0 LP |
1183 | |
1184 | if (FLAGS_SET(previous_eol, EOL_ZERO) || | |
1185 | (eol == EOL_NONE && previous_eol != EOL_NONE) || | |
1186 | (eol != EOL_NONE && (previous_eol & eol) != 0)) { | |
1187 | /* Previous char was a NUL? This is not an EOL, but the previous char was? This type of | |
517b7760 LP |
1188 | * EOL marker has been seen right before? In either of these three cases we are |
1189 | * done. But first, let's put this character back in the queue. (Note that we have to | |
1190 | * cast this to (unsigned char) here as ungetc() expects a positive 'int', and if we | |
1191 | * are on an architecture where 'char' equals 'signed char' we need to ensure we don't | |
1192 | * pass a negative value here. That said, to complicate things further ungetc() is | |
1193 | * actually happy with most negative characters and implicitly casts them back to | |
1194 | * positive ones as needed, except for \xff (aka -1, aka EOF), which it refuses. What a | |
1195 | * godawful API!) */ | |
1196 | assert_se(ungetc((unsigned char) c, f) != EOF); | |
f858e514 | 1197 | break; |
838894b0 LP |
1198 | } |
1199 | ||
91a306b8 LP |
1200 | count++; |
1201 | ||
838894b0 | 1202 | if (eol != EOL_NONE) { |
451fcbfc LP |
1203 | /* If we are on a tty, we can't shouldn't wait for more input, because that |
1204 | * generally means waiting for the user, interactively. In the case of a TTY | |
1205 | * we expect only \n as the single EOL marker, so we are in the lucky | |
1206 | * position that there is no need to wait. We check this condition last, to | |
1207 | * avoid isatty() check if not necessary. */ | |
ee41670f | 1208 | |
609ae0f5 | 1209 | if ((flags & (READ_LINE_IS_A_TTY|READ_LINE_NOT_A_TTY)) == 0) { |
14f594b9 LP |
1210 | int fd; |
1211 | ||
1212 | fd = fileno(f); | |
1213 | if (fd < 0) /* Maybe an fmemopen() stream? Handle this gracefully, | |
1214 | * and don't call isatty() on an invalid fd */ | |
609ae0f5 | 1215 | flags |= READ_LINE_NOT_A_TTY; |
14f594b9 | 1216 | else |
609ae0f5 | 1217 | flags |= isatty(fd) ? READ_LINE_IS_A_TTY : READ_LINE_NOT_A_TTY; |
14f594b9 | 1218 | } |
609ae0f5 | 1219 | if (FLAGS_SET(flags, READ_LINE_IS_A_TTY)) |
ee41670f ZJS |
1220 | break; |
1221 | } | |
1222 | ||
1223 | if (eol != EOL_NONE) { | |
838894b0 LP |
1224 | previous_eol |= eol; |
1225 | continue; | |
1226 | } | |
4f9a66a3 | 1227 | |
f858e514 ZJS |
1228 | if (ret) { |
1229 | if (!GREEDY_REALLOC(buffer, allocated, n + 2)) | |
1230 | return -ENOMEM; | |
4f9a66a3 | 1231 | |
03a7dbea | 1232 | buffer[n] = c; |
4f9a66a3 LP |
1233 | } |
1234 | ||
f858e514 | 1235 | n++; |
4f9a66a3 | 1236 | } |
4f9a66a3 LP |
1237 | } |
1238 | ||
4f9a66a3 LP |
1239 | if (ret) { |
1240 | buffer[n] = 0; | |
1241 | ||
1cc6c93a | 1242 | *ret = TAKE_PTR(buffer); |
4f9a66a3 LP |
1243 | } |
1244 | ||
1245 | return (int) count; | |
1246 | } | |
285a9b27 LP |
1247 | |
1248 | int safe_fgetc(FILE *f, char *ret) { | |
1249 | int k; | |
1250 | ||
1251 | assert(f); | |
1252 | ||
1253 | /* A safer version of plain fgetc(): let's propagate the error that happened while reading as such, and | |
1254 | * separate the EOF condition from the byte read, to avoid those confusion signed/unsigned issues fgetc() | |
1255 | * has. */ | |
1256 | ||
1257 | errno = 0; | |
1258 | k = fgetc(f); | |
1259 | if (k == EOF) { | |
1260 | if (ferror(f)) | |
66855de7 | 1261 | return errno_or_else(EIO); |
285a9b27 LP |
1262 | |
1263 | if (ret) | |
1264 | *ret = 0; | |
1265 | ||
1266 | return 0; | |
1267 | } | |
1268 | ||
1269 | if (ret) | |
1270 | *ret = k; | |
1271 | ||
1272 | return 1; | |
1273 | } | |
7a309a8c YW |
1274 | |
1275 | int warn_file_is_world_accessible(const char *filename, struct stat *st, const char *unit, unsigned line) { | |
1276 | struct stat _st; | |
1277 | ||
1278 | if (!filename) | |
1279 | return 0; | |
1280 | ||
1281 | if (!st) { | |
1282 | if (stat(filename, &_st) < 0) | |
1283 | return -errno; | |
1284 | st = &_st; | |
1285 | } | |
1286 | ||
1287 | if ((st->st_mode & S_IRWXO) == 0) | |
1288 | return 0; | |
1289 | ||
1290 | if (unit) | |
1291 | log_syntax(unit, LOG_WARNING, filename, line, 0, | |
0f935776 | 1292 | "%s has %04o mode that is too permissive, please adjust the ownership and access mode.", |
7a309a8c YW |
1293 | filename, st->st_mode & 07777); |
1294 | else | |
0f935776 | 1295 | log_warning("%s has %04o mode that is too permissive, please adjust the ownership and access mode.", |
7a309a8c YW |
1296 | filename, st->st_mode & 07777); |
1297 | return 0; | |
1298 | } | |
494735f3 | 1299 | |
90c81688 | 1300 | int sync_rights(int from, int to) { |
494735f3 DDM |
1301 | struct stat st; |
1302 | ||
90c81688 | 1303 | if (fstat(from, &st) < 0) |
494735f3 DDM |
1304 | return -errno; |
1305 | ||
90c81688 | 1306 | return fchmod_and_chown(to, st.st_mode & 07777, st.st_uid, st.st_gid); |
494735f3 DDM |
1307 | } |
1308 | ||
2da3dc69 | 1309 | int rename_and_apply_smack_floor_label(const char *from, const char *to) { |
494735f3 DDM |
1310 | int r = 0; |
1311 | if (rename(from, to) < 0) | |
1312 | return -errno; | |
1313 | ||
1314 | #ifdef SMACK_RUN_LABEL | |
1315 | r = mac_smack_apply(to, SMACK_ATTR_ACCESS, SMACK_FLOOR_LABEL); | |
1316 | if (r < 0) | |
1317 | return r; | |
1318 | #endif | |
1319 | return r; | |
1320 | } |