]> git.ipfire.org Git - thirdparty/systemd.git/blame - src/basic/fileio.c
projects / thirdparty / systemd.git / blame
? search:
summary | shortlog | log | commit | commitdiff | tree
blob | blame (incremental) | history | HEAD
license: LGPL-2.1+ -> LGPL-2.1-or-later
[thirdparty/systemd.git] / src / basic / fileio.c
CommitLineData
db9ecf05 1/* SPDX-License-Identifier: LGPL-2.1-or-later */
a5c32cff 2
8bdc9a90 3#include <ctype.h>
11c3a366
TA		 4#include <errno.h>
5#include <fcntl.h>
6#include <limits.h>
7#include <stdarg.h>
8#include <stdint.h>
35bbbf85 9#include <stdio_ext.h>
11c3a366 10#include <stdlib.h>
11c3a366
TA		 11#include <sys/stat.h>
12#include <sys/types.h>
a5c32cff 13#include <unistd.h>
cda134ab 14
b5efdb8a 15#include "alloc-util.h"
3ffd4af2
LP		 16#include "fd-util.h"
17#include "fileio.h"
f4f15635 18#include "fs-util.h"
07d8c0eb 19#include "hexdecoct.h"
93cc7779
TA		 20#include "log.h"
21#include "macro.h"
50ccd864 22#include "mkdir.h"
33d52ab9 23#include "parse-util.h"
0d39fa9c 24#include "path-util.h"
b93d3f6b 25#include "socket-util.h"
33d52ab9 26#include "stdio-util.h"
07630cea 27#include "string-util.h"
e4de7287 28#include "tmpfile-util.h"
a5c32cff 29
c2d11a63
VC		 30#define READ_FULL_BYTES_MAX (4U*1024U*1024U)
31
fdeea3f4
ZJS		 32int fopen_unlocked(const char *path, const char *options, FILE **ret) {
33 assert(ret);
34
35 FILE *f = fopen(path, options);
36 if (!f)
37 return -errno;
38
39 (void) __fsetlocking(f, FSETLOCKING_BYCALLER);
40
41 *ret = f;
42 return 0;
43}
44
02e23d1a
ZJS		 45int fdopen_unlocked(int fd, const char *options, FILE **ret) {
46 assert(ret);
47
48 FILE *f = fdopen(fd, options);
49 if (!f)
50 return -errno;
51
52 (void) __fsetlocking(f, FSETLOCKING_BYCALLER);
53
54 *ret = f;
55 return 0;
56}
57
3ebbb6cb
VC		 58int take_fdopen_unlocked(int *fd, const char *options, FILE **ret) {
59 int r;
60
61 assert(fd);
62
63 r = fdopen_unlocked(*fd, options, ret);
64 if (r < 0)
65 return r;
66
67 *fd = -1;
68
69 return 0;
70}
71
72FILE* take_fdopen(int *fd, const char *options) {
73 assert(fd);
74
75 FILE *f = fdopen(*fd, options);
76 if (!f)
77 return NULL;
78
79 *fd = -1;
80
81 return f;
82}
83
f61457b0
VC		 84DIR* take_fdopendir(int *dfd) {
85 assert(dfd);
86
87 DIR *d = fdopendir(*dfd);
88 if (!d)
89 return NULL;
90
91 *dfd = -1;
92
93 return d;
94}
95
2fe21124
ZJS		 96FILE* open_memstream_unlocked(char **ptr, size_t *sizeloc) {
97 FILE *f = open_memstream(ptr, sizeloc);
98 if (!f)
99 return NULL;
100
101 (void) __fsetlocking(f, FSETLOCKING_BYCALLER);
102
103 return f;
104}
105
673a1e6f
ZJS		 106FILE* fmemopen_unlocked(void *buf, size_t size, const char *mode) {
107 FILE *f = fmemopen(buf, size, mode);
108 if (!f)
109 return NULL;
110
111 (void) __fsetlocking(f, FSETLOCKING_BYCALLER);
112
113 return f;
114}
115
b1837133
LP		 116int write_string_stream_ts(
117 FILE *f,
118 const char *line,
119 WriteStringFileFlags flags,
120 struct timespec *ts) {
dacd6cee 121
91dc2bf7 122 bool needs_nl;
14f594b9 123 int r, fd;
91dc2bf7 124
717603e3
LP		 125 assert(f);
126 assert(line);
127
ba8b8c9e
MG		 128 if (ferror(f))
129 return -EIO;
130
14f594b9
LP		 131 if (ts) {
132 /* If we shall set the timestamp we need the fd. But fmemopen() streams generally don't have
133 * an fd. Let's fail early in that case. */
134 fd = fileno(f);
135 if (fd < 0)
136 return -EBADF;
137 }
138
91dc2bf7
LP		 139 needs_nl = !(flags & WRITE_STRING_FILE_AVOID_NEWLINE) && !endswith(line, "\n");
140
141 if (needs_nl && (flags & WRITE_STRING_FILE_DISABLE_BUFFER)) {
142 /* If STDIO buffering was disabled, then let's append the newline character to the string itself, so
143 * that the write goes out in one go, instead of two */
144
145 line = strjoina(line, "\n");
146 needs_nl = false;
147 }
148
94d3b60f
MG		 149 if (fputs(line, f) == EOF)
150 return -errno;
151
91dc2bf7 152 if (needs_nl)
94d3b60f
MG		 153 if (fputc('\n', f) == EOF)
154 return -errno;
a5c32cff 155
be83711c
CL		 156 if (flags & WRITE_STRING_FILE_SYNC)
157 r = fflush_sync_and_check(f);
158 else
159 r = fflush_and_check(f);
160 if (r < 0)
161 return r;
162
39c38d77
ZJS		 163 if (ts) {
164 struct timespec twice[2] = {*ts, *ts};
165
14f594b9 166 if (futimens(fd, twice) < 0)
39c38d77
ZJS		 167 return -errno;
168 }
169
be83711c 170 return 0;
a5c32cff
HH		 171}
172
2eabcc77
LP		 173static int write_string_file_atomic(
174 const char *fn,
175 const char *line,
b1837133 176 WriteStringFileFlags flags,
2eabcc77
LP		 177 struct timespec *ts) {
178
a5c32cff
HH		 179 _cleanup_fclose_ FILE *f = NULL;
180 _cleanup_free_ char *p = NULL;
181 int r;
182
183 assert(fn);
184 assert(line);
185
95244ceb
LP		 186 /* Note that we'd really like to use O_TMPFILE here, but can't really, since we want replacement
187 * semantics here, and O_TMPFILE can't offer that. i.e. rename() replaces but linkat() doesn't. */
188
a5c32cff
HH		 189 r = fopen_temporary(fn, &f, &p);
190 if (r < 0)
191 return r;
192
b1837133 193 r = write_string_stream_ts(f, line, flags, ts);
9dd1b1e8
LP		 194 if (r < 0)
195 goto fail;
196
95244ceb
LP		 197 r = fchmod_umask(fileno(f), FLAGS_SET(flags, WRITE_STRING_FILE_MODE_0600) ? 0600 : 0644);
198 if (r < 0)
199 goto fail;
200
9dd1b1e8
LP		 201 if (rename(p, fn) < 0) {
202 r = -errno;
203 goto fail;
a5c32cff
HH		 204 }
205
5b3f4a20
LP		 206 if (FLAGS_SET(flags, WRITE_STRING_FILE_SYNC)) {
207 /* Sync the rename, too */
208 r = fsync_directory_of_file(fileno(f));
209 if (r < 0)
210 return r;
211 }
212
9dd1b1e8 213 return 0;
a5c32cff 214
9dd1b1e8
LP		 215fail:
216 (void) unlink(p);
a5c32cff
HH		 217 return r;
218}
219
b1837133
LP		 220int write_string_file_ts(
221 const char *fn,
222 const char *line,
223 WriteStringFileFlags flags,
224 struct timespec *ts) {
225
4c1fc3e4 226 _cleanup_fclose_ FILE *f = NULL;
95244ceb 227 int q, r, fd;
4c1fc3e4
DM		 228
229 assert(fn);
230 assert(line);
231
265710c2
AJ		 232 /* We don't know how to verify whether the file contents was already on-disk. */
233 assert(!((flags & WRITE_STRING_FILE_VERIFY_ON_FAILURE) && (flags & WRITE_STRING_FILE_SYNC)));
0675e94a 234
50ccd864
LP		 235 if (flags & WRITE_STRING_FILE_MKDIR_0755) {
236 r = mkdir_parents(fn, 0755);
237 if (r < 0)
238 return r;
239 }
240
4c1fc3e4
DM		 241 if (flags & WRITE_STRING_FILE_ATOMIC) {
242 assert(flags & WRITE_STRING_FILE_CREATE);
243
b1837133 244 r = write_string_file_atomic(fn, line, flags, ts);
eb3da901
LP		 245 if (r < 0)
246 goto fail;
247
248 return r;
39c38d77 249 } else
234519ae 250 assert(!ts);
4c1fc3e4 251
95244ceb
LP		 252 /* We manually build our own version of fopen(..., "we") that works without O_CREAT and with O_NOFOLLOW if needed. */
253 fd = open(fn, O_WRONLY|O_CLOEXEC|O_NOCTTY |
254 (FLAGS_SET(flags, WRITE_STRING_FILE_NOFOLLOW) ? O_NOFOLLOW : 0) |
6797a74f 255 (FLAGS_SET(flags, WRITE_STRING_FILE_CREATE) ? O_CREAT : 0) |
256 (FLAGS_SET(flags, WRITE_STRING_FILE_TRUNCATE) ? O_TRUNC : 0),
95244ceb
LP		 257 (FLAGS_SET(flags, WRITE_STRING_FILE_MODE_0600) ? 0600 : 0666));
258 if (fd < 0) {
259 r = -errno;
260 goto fail;
261 }
4c1fc3e4 262
95244ceb
LP		 263 r = fdopen_unlocked(fd, "w", &f);
264 if (r < 0) {
265 safe_close(fd);
266 goto fail;
41f6e627 267 }
35bbbf85 268
12ec9c30
TSH		 269 if (flags & WRITE_STRING_FILE_DISABLE_BUFFER)
270 setvbuf(f, NULL, _IONBF, 0);
271
b1837133 272 r = write_string_stream_ts(f, line, flags, ts);
eb3da901
LP		 273 if (r < 0)
274 goto fail;
275
276 return 0;
277
278fail:
279 if (!(flags & WRITE_STRING_FILE_VERIFY_ON_FAILURE))
280 return r;
281
282 f = safe_fclose(f);
283
284 /* OK, the operation failed, but let's see if the right
285 * contents in place already. If so, eat up the error. */
286
287 q = verify_file(fn, line, !(flags & WRITE_STRING_FILE_AVOID_NEWLINE));
288 if (q <= 0)
289 return r;
290
291 return 0;
4c1fc3e4
DM		 292}
293
3130fca5
LP		 294int write_string_filef(
295 const char *fn,
296 WriteStringFileFlags flags,
297 const char *format, ...) {
298
299 _cleanup_free_ char *p = NULL;
300 va_list ap;
301 int r;
302
303 va_start(ap, format);
304 r = vasprintf(&p, format, ap);
305 va_end(ap);
306
307 if (r < 0)
308 return -ENOMEM;
309
310 return write_string_file(fn, p, flags);
311}
312
a5c32cff
HH		 313int read_one_line_file(const char *fn, char **line) {
314 _cleanup_fclose_ FILE *f = NULL;
fdeea3f4 315 int r;
a5c32cff
HH		 316
317 assert(fn);
318 assert(line);
319
fdeea3f4
ZJS		 320 r = fopen_unlocked(fn, "re", &f);
321 if (r < 0)
322 return r;
35bbbf85 323
d6062e3b 324 return read_line(f, LONG_LINE_MAX, line);
a5c32cff
HH		 325}
326
eb3da901
LP		 327int verify_file(const char *fn, const char *blob, bool accept_extra_nl) {
328 _cleanup_fclose_ FILE *f = NULL;
329 _cleanup_free_ char *buf = NULL;
330 size_t l, k;
fdeea3f4 331 int r;
15dee3f0 332
eb3da901
LP		 333 assert(fn);
334 assert(blob);
335
336 l = strlen(blob);
337
338 if (accept_extra_nl && endswith(blob, "\n"))
339 accept_extra_nl = false;
340
341 buf = malloc(l + accept_extra_nl + 1);
342 if (!buf)
343 return -ENOMEM;
344
fdeea3f4
ZJS		 345 r = fopen_unlocked(fn, "re", &f);
346 if (r < 0)
347 return r;
35bbbf85 348
eb3da901
LP		 349 /* We try to read one byte more than we need, so that we know whether we hit eof */
350 errno = 0;
351 k = fread(buf, 1, l + accept_extra_nl + 1, f);
352 if (ferror(f))
66855de7 353 return errno_or_else(EIO);
eb3da901
LP		 354
355 if (k != l && k != l + accept_extra_nl)
356 return 0;
357 if (memcmp(buf, blob, l) != 0)
358 return 0;
359 if (k > l && buf[l] != '\n')
360 return 0;
15dee3f0 361
eb3da901 362 return 1;
15dee3f0
LP		 363}
364
21b40f16
FB		 365int read_full_virtual_file(const char *filename, char **ret_contents, size_t *ret_size) {
366 _cleanup_free_ char *buf = NULL;
367 _cleanup_close_ int fd = -1;
368 struct stat st;
369 size_t n, size;
370 int n_retries;
371 char *p;
372
373 assert(ret_contents);
374
375 /* Virtual filesystems such as sysfs or procfs use kernfs, and kernfs can work
376 * with two sorts of virtual files. One sort uses "seq_file", and the results of
377 * the first read are buffered for the second read. The other sort uses "raw"
378 * reads which always go direct to the device. In the latter case, the content of
379 * the virtual file must be retrieved with a single read otherwise a second read
380 * might get the new value instead of finding EOF immediately. That's the reason
381 * why the usage of fread(3) is prohibited in this case as it always performs a
382 * second call to read(2) looking for EOF. See issue 13585. */
383
384 fd = open(filename, O_RDONLY|O_CLOEXEC);
385 if (fd < 0)
386 return -errno;
387
388 /* Start size for files in /proc which usually report a file size of 0. */
389 size = LINE_MAX / 2;
390
391 /* Limit the number of attempts to read the number of bytes returned by fstat(). */
392 n_retries = 3;
393
394 for (;;) {
395 if (n_retries <= 0)
396 return -EIO;
397
398 if (fstat(fd, &st) < 0)
399 return -errno;
400
401 if (!S_ISREG(st.st_mode))
402 return -EBADF;
403
404 /* Be prepared for files from /proc which generally report a file size of 0. */
405 if (st.st_size > 0) {
406 size = st.st_size;
407 n_retries--;
408 } else
409 size = size * 2;
410
411 if (size > READ_FULL_BYTES_MAX)
412 return -E2BIG;
413
414 p = realloc(buf, size + 1);
415 if (!p)
416 return -ENOMEM;
417 buf = TAKE_PTR(p);
418
419 for (;;) {
420 ssize_t k;
421
422 /* Read one more byte so we can detect whether the content of the
423 * file has already changed or the guessed size for files from /proc
424 * wasn't large enough . */
425 k = read(fd, buf, size + 1);
426 if (k >= 0) {
427 n = k;
428 break;
429 }
430
6b8664cb 431 if (errno != EINTR)
21b40f16
FB		 432 return -errno;
433 }
434
435 /* Consider a short read as EOF */
436 if (n <= size)
437 break;
438
439 /* Hmm... either we read too few bytes from /proc or less likely the content
440 * of the file might have been changed (and is now bigger) while we were
441 * processing, let's try again either with a bigger guessed size or the new
442 * file size. */
443
444 if (lseek(fd, 0, SEEK_SET) < 0)
445 return -errno;
446 }
447
448 if (n < size) {
449 p = realloc(buf, n + 1);
450 if (!p)
451 return -ENOMEM;
452 buf = TAKE_PTR(p);
453 }
454
455 if (!ret_size) {
456 /* Safety check: if the caller doesn't want to know the size of what we
457 * just read it will rely on the trailing NUL byte. But if there's an
458 * embedded NUL byte, then we should refuse operation as otherwise
459 * there'd be ambiguity about what we just read. */
460
461 if (memchr(buf, 0, n))
462 return -EBADMSG;
463 } else
464 *ret_size = n;
465
466 buf[n] = 0;
467 *ret_contents = TAKE_PTR(buf);
468
469 return 0;
470}
471
15f8f026 472int read_full_stream_full(
2d78717b 473 FILE *f,
50caae7b 474 const char *filename,
15f8f026 475 ReadFullFileFlags flags,
2d78717b
LP		 476 char **ret_contents,
477 size_t *ret_size) {
478
a5c32cff
HH		 479 _cleanup_free_ char *buf = NULL;
480 struct stat st;
15f8f026
YW		 481 size_t n, n_next, l;
482 int fd, r;
a5c32cff 483
717603e3 484 assert(f);
2d78717b 485 assert(ret_contents);
89aaf655 486 assert(!FLAGS_SET(flags, READ_FULL_FILE_UNBASE64 | READ_FULL_FILE_UNHEX));
a5c32cff 487
15f8f026 488 n_next = LINE_MAX; /* Start size */
a5c32cff 489
c4054ddf 490 fd = fileno(f);
c668aa8b
LP		 491 if (fd >= 0) { /* If the FILE* object is backed by an fd (as opposed to memory or such, see fmemopen()), let's
492 * optimize our buffering */
717603e3 493
15f8f026 494 if (fstat(fd, &st) < 0)
c4054ddf
LP		 495 return -errno;
496
497 if (S_ISREG(st.st_mode)) {
717603e3 498
c4054ddf
LP		 499 /* Safety check */
500 if (st.st_size > READ_FULL_BYTES_MAX)
501 return -E2BIG;
502
21b40f16
FB		 503 /* Start with the right file size. Note that we increase the size
504 * to read here by one, so that the first read attempt already
505 * makes us notice the EOF. */
c4054ddf 506 if (st.st_size > 0)
15f8f026 507 n_next = st.st_size + 1;
50caae7b 508
f2944702 509 if (flags & READ_FULL_FILE_WARN_WORLD_READABLE)
50caae7b 510 (void) warn_file_is_world_accessible(filename, &st, NULL, 0);
c4054ddf 511 }
717603e3 512 }
a5c32cff 513
15f8f026 514 n = l = 0;
a5c32cff
HH		 515 for (;;) {
516 char *t;
517 size_t k;
518
15f8f026
YW		 519 if (flags & READ_FULL_FILE_SECURE) {
520 t = malloc(n_next + 1);
521 if (!t) {
522 r = -ENOMEM;
523 goto finalize;
524 }
525 memcpy_safe(t, buf, n);
526 explicit_bzero_safe(buf, n);
c424bed1 527 buf = mfree(buf);
15f8f026
YW		 528 } else {
529 t = realloc(buf, n_next + 1);
530 if (!t)
531 return -ENOMEM;
532 }
a5c32cff
HH		 533
534 buf = t;
15f8f026
YW		 535 n = n_next;
536
5a89faf0 537 errno = 0;
a5c32cff 538 k = fread(buf + l, 1, n - l, f);
b93d3f6b
LP		 539
540 assert(k <= n - l);
541 l += k;
a5c32cff 542
15f8f026 543 if (ferror(f)) {
66855de7 544 r = errno_or_else(EIO);
15f8f026
YW		 545 goto finalize;
546 }
c2d11a63 547 if (feof(f))
a5c32cff 548 break;
a5c32cff 549
b93d3f6b 550 assert(k > 0); /* we can't have read zero bytes because that would have been EOF */
a5c32cff
HH		 551
552 /* Safety check */
15f8f026
YW		 553 if (n >= READ_FULL_BYTES_MAX) {
554 r = -E2BIG;
555 goto finalize;
556 }
c2d11a63 557
15f8f026 558 n_next = MIN(n * 2, READ_FULL_BYTES_MAX);
a5c32cff
HH		 559 }
560
89aaf655 561 if (flags & (READ_FULL_FILE_UNBASE64 | READ_FULL_FILE_UNHEX)) {
c668aa8b
LP		 562 _cleanup_free_ void *decoded = NULL;
563 size_t decoded_size;
564
07d8c0eb 565 buf[l++] = 0;
89aaf655 566 if (flags & READ_FULL_FILE_UNBASE64)
c668aa8b 567 r = unbase64mem_full(buf, l, flags & READ_FULL_FILE_SECURE, &decoded, &decoded_size);
89aaf655 568 else
c668aa8b
LP		 569 r = unhexmem_full(buf, l, flags & READ_FULL_FILE_SECURE, &decoded, &decoded_size);
570 if (r < 0)
571 goto finalize;
572
573 if (flags & READ_FULL_FILE_SECURE)
574 explicit_bzero_safe(buf, n);
575 free_and_replace(buf, decoded);
576 n = l = decoded_size;
07d8c0eb
YW		 577 }
578
2d78717b
LP		 579 if (!ret_size) {
580 /* Safety check: if the caller doesn't want to know the size of what we just read it will rely on the
581 * trailing NUL byte. But if there's an embedded NUL byte, then we should refuse operation as otherwise
582 * there'd be ambiguity about what we just read. */
583
15f8f026
YW		 584 if (memchr(buf, 0, l)) {
585 r = -EBADMSG;
586 goto finalize;
587 }
2d78717b
LP		 588 }
589
a5c32cff 590 buf[l] = 0;
2d78717b 591 *ret_contents = TAKE_PTR(buf);
a5c32cff 592
2d78717b
LP		 593 if (ret_size)
594 *ret_size = l;
a5c32cff
HH		 595
596 return 0;
15f8f026
YW		 597
598finalize:
599 if (flags & READ_FULL_FILE_SECURE)
600 explicit_bzero_safe(buf, n);
601
602 return r;
a5c32cff
HH		 603}
604
d3dcf4e3
LP		 605int read_full_file_full(
606 int dir_fd,
607 const char *filename,
608 ReadFullFileFlags flags,
609 const char *bind_name,
610 char **contents, size_t *size) {
611
717603e3 612 _cleanup_fclose_ FILE *f = NULL;
fdeea3f4 613 int r;
717603e3 614
15f8f026 615 assert(filename);
717603e3
LP		 616 assert(contents);
617
8241f785 618 r = xfopenat(dir_fd, filename, "re", 0, &f);
b93d3f6b
LP		 619 if (r < 0) {
620 _cleanup_close_ int dfd = -1, sk = -1;
621 union sockaddr_union sa;
622
623 /* ENXIO is what Linux returns if we open a node that is an AF_UNIX socket */
624 if (r != -ENXIO)
625 return r;
626
627 /* If this is enabled, let's try to connect to it */
628 if (!FLAGS_SET(flags, READ_FULL_FILE_CONNECT_SOCKET))
629 return -ENXIO;
630
631 if (dir_fd == AT_FDCWD)
632 r = sockaddr_un_set_path(&sa.un, filename);
633 else {
634 char procfs_path[STRLEN("/proc/self/fd/") + DECIMAL_STR_MAX(int)];
635
636 /* If we shall operate relative to some directory, then let's use O_PATH first to
637 * open the socket inode, and then connect to it via /proc/self/fd/. We have to do
638 * this since there's not connectat() that takes a directory fd as first arg. */
639
640 dfd = openat(dir_fd, filename, O_PATH|O_CLOEXEC);
641 if (dfd < 0)
642 return -errno;
643
644 xsprintf(procfs_path, "/proc/self/fd/%i", dfd);
645 r = sockaddr_un_set_path(&sa.un, procfs_path);
646 }
647 if (r < 0)
648 return r;
649
650 sk = socket(AF_UNIX, SOCK_STREAM|SOCK_CLOEXEC, 0);
651 if (sk < 0)
652 return -errno;
653
d3dcf4e3
LP		 654 if (bind_name) {
655 /* If the caller specified a socket name to bind to, do so before connecting. This is
656 * useful to communicate some minor, short meta-information token from the client to
657 * the server. */
658 union sockaddr_union bsa;
659
660 r = sockaddr_un_set_path(&bsa.un, bind_name);
661 if (r < 0)
662 return r;
663
664 if (bind(sk, &bsa.sa, r) < 0)
665 return r;
666 }
667
b93d3f6b
LP		 668 if (connect(sk, &sa.sa, SOCKADDR_UN_LEN(sa.un)) < 0)
669 return errno == ENOTSOCK ? -ENXIO : -errno; /* propagate original error if this is
670 * not a socket after all */
671
672 if (shutdown(sk, SHUT_WR) < 0)
673 return -errno;
674
675 f = fdopen(sk, "r");
676 if (!f)
677 return -errno;
678
679 TAKE_FD(sk);
680 }
35bbbf85 681
8241f785
LP		 682 (void) __fsetlocking(f, FSETLOCKING_BYCALLER);
683
50caae7b 684 return read_full_stream_full(f, filename, flags, contents, size);
717603e3
LP		 685}
686
68fee104 687int executable_is_script(const char *path, char **interpreter) {
c8b32e11 688 _cleanup_free_ char *line = NULL;
99c61f6b 689 size_t len;
68fee104 690 char *ans;
99c61f6b 691 int r;
68fee104
ZJS		 692
693 assert(path);
694
695 r = read_one_line_file(path, &line);
99c61f6b
LP		 696 if (r == -ENOBUFS) /* First line overly long? if so, then it's not a script */
697 return 0;
68fee104
ZJS		 698 if (r < 0)
699 return r;
700
701 if (!startswith(line, "#!"))
702 return 0;
703
704 ans = strstrip(line + 2);
705 len = strcspn(ans, " \t");
706
707 if (len == 0)
708 return 0;
709
710 ans = strndup(ans, len);
711 if (!ans)
712 return -ENOMEM;
713
714 *interpreter = ans;
715 return 1;
716}
69ab8088
ZJS		 717
718/**
0a7b53bd 719 * Retrieve one field from a file like /proc/self/status. pattern
c4cd1d4d
AK		 720 * should not include whitespace or the delimiter (':'). pattern matches only
721 * the beginning of a line. Whitespace before ':' is skipped. Whitespace and
722 * zeros after the ':' will be skipped. field must be freed afterwards.
723 * terminator specifies the terminating characters of the field value (not
724 * included in the value).
69ab8088 725 */
c4cd1d4d 726int get_proc_field(const char *filename, const char *pattern, const char *terminator, char **field) {
69ab8088 727 _cleanup_free_ char *status = NULL;
90110825 728 char *t, *f;
69ab8088
ZJS		 729 size_t len;
730 int r;
731
c4cd1d4d 732 assert(terminator);
69ab8088 733 assert(filename);
7ff7394d 734 assert(pattern);
69ab8088
ZJS		 735 assert(field);
736
21b40f16 737 r = read_full_virtual_file(filename, &status, NULL);
69ab8088
ZJS		 738 if (r < 0)
739 return r;
740
c4cd1d4d
AK		 741 t = status;
742
743 do {
744 bool pattern_ok;
745
746 do {
747 t = strstr(t, pattern);
748 if (!t)
749 return -ENOENT;
750
751 /* Check that pattern occurs in beginning of line. */
752 pattern_ok = (t == status || t[-1] == '\n');
753
754 t += strlen(pattern);
755
756 } while (!pattern_ok);
757
758 t += strspn(t, " \t");
759 if (!*t)
760 return -ENOENT;
761
762 } while (*t != ':');
763
764 t++;
69ab8088 765
4ec29144 766 if (*t) {
1e5413f7
ZJS		 767 t += strspn(t, " \t");
768
769 /* Also skip zeros, because when this is used for
770 * capabilities, we don't want the zeros. This way the
771 * same capability set always maps to the same string,
772 * irrespective of the total capability set size. For
773 * other numbers it shouldn't matter. */
774 t += strspn(t, "0");
4ec29144
ZJS		 775 /* Back off one char if there's nothing but whitespace
776 and zeros */
1e5413f7 777 if (!*t || isspace(*t))
313cefa1 778 t--;
4ec29144 779 }
69ab8088 780
c4cd1d4d 781 len = strcspn(t, terminator);
69ab8088 782
90110825
LP		 783 f = strndup(t, len);
784 if (!f)
69ab8088
ZJS		 785 return -ENOMEM;
786
90110825 787 *field = f;
69ab8088
ZJS		 788 return 0;
789}
0d39fa9c
LP		 790
791DIR *xopendirat(int fd, const char *name, int flags) {
792 int nfd;
793 DIR *d;
794
795 assert(!(flags & O_CREAT));
796
797 nfd = openat(fd, name, O_RDONLY|O_NONBLOCK|O_DIRECTORY|O_CLOEXEC|flags, 0);
798 if (nfd < 0)
799 return NULL;
800
801 d = fdopendir(nfd);
802 if (!d) {
803 safe_close(nfd);
804 return NULL;
805 }
806
807 return d;
808}
809
0a38e6b9
LP		 810static int mode_to_flags(const char *mode) {
811 const char *p;
812 int flags;
813
814 if ((p = startswith(mode, "r+")))
815 flags = O_RDWR;
816 else if ((p = startswith(mode, "r")))
817 flags = O_RDONLY;
818 else if ((p = startswith(mode, "w+")))
819 flags = O_RDWR|O_CREAT|O_TRUNC;
820 else if ((p = startswith(mode, "w")))
821 flags = O_WRONLY|O_CREAT|O_TRUNC;
822 else if ((p = startswith(mode, "a+")))
823 flags = O_RDWR|O_CREAT|O_APPEND;
824 else if ((p = startswith(mode, "a")))
825 flags = O_WRONLY|O_CREAT|O_APPEND;
826 else
827 return -EINVAL;
828
829 for (; *p != 0; p++) {
830
831 switch (*p) {
832
833 case 'e':
834 flags |= O_CLOEXEC;
835 break;
836
837 case 'x':
838 flags |= O_EXCL;
839 break;
840
841 case 'm':
842 /* ignore this here, fdopen() might care later though */
843 break;
844
845 case 'c': /* not sure what to do about this one */
846 default:
847 return -EINVAL;
848 }
849 }
850
851 return flags;
852}
853
854int xfopenat(int dir_fd, const char *path, const char *mode, int flags, FILE **ret) {
855 FILE *f;
856
857 /* A combination of fopen() with openat() */
858
859 if (dir_fd == AT_FDCWD && flags == 0) {
860 f = fopen(path, mode);
861 if (!f)
862 return -errno;
863 } else {
864 int fd, mode_flags;
865
866 mode_flags = mode_to_flags(mode);
867 if (mode_flags < 0)
868 return mode_flags;
869
870 fd = openat(dir_fd, path, mode_flags | flags);
871 if (fd < 0)
872 return -errno;
873
874 f = fdopen(fd, mode);
875 if (!f) {
876 safe_close(fd);
877 return -errno;
878 }
879 }
880
881 *ret = f;
882 return 0;
883}
884
0d39fa9c
LP		 885static int search_and_fopen_internal(const char *path, const char *mode, const char *root, char **search, FILE **_f) {
886 char **i;
887
888 assert(path);
889 assert(mode);
890 assert(_f);
891
892 if (!path_strv_resolve_uniq(search, root))
893 return -ENOMEM;
894
895 STRV_FOREACH(i, search) {
896 _cleanup_free_ char *p = NULL;
897 FILE *f;
898
657ee2d8 899 p = path_join(root, *i, path);
0d39fa9c
LP		 900 if (!p)
901 return -ENOMEM;
902
903 f = fopen(p, mode);
904 if (f) {
905 *_f = f;
906 return 0;
907 }
908
909 if (errno != ENOENT)
910 return -errno;
911 }
912
913 return -ENOENT;
914}
915
916int search_and_fopen(const char *path, const char *mode, const char *root, const char **search, FILE **_f) {
917 _cleanup_strv_free_ char **copy = NULL;
918
919 assert(path);
920 assert(mode);
921 assert(_f);
922
923 if (path_is_absolute(path)) {
924 FILE *f;
925
926 f = fopen(path, mode);
927 if (f) {
928 *_f = f;
929 return 0;
930 }
931
932 return -errno;
933 }
934
935 copy = strv_copy((char**) search);
936 if (!copy)
937 return -ENOMEM;
938
939 return search_and_fopen_internal(path, mode, root, copy, _f);
940}
941
942int search_and_fopen_nulstr(const char *path, const char *mode, const char *root, const char *search, FILE **_f) {
943 _cleanup_strv_free_ char **s = NULL;
944
945 if (path_is_absolute(path)) {
946 FILE *f;
947
948 f = fopen(path, mode);
949 if (f) {
950 *_f = f;
951 return 0;
952 }
953
954 return -errno;
955 }
956
957 s = strv_split_nulstr(search);
958 if (!s)
959 return -ENOMEM;
960
961 return search_and_fopen_internal(path, mode, root, s, _f);
962}
963
d338bfff
ZJS		 964int chase_symlinks_and_fopen_unlocked(
965 const char *path,
966 const char *root,
967 unsigned chase_flags,
968 const char *open_flags,
969 FILE **ret_file,
970 char **ret_path) {
971
972 _cleanup_close_ int fd = -1;
973 _cleanup_free_ char *final_path = NULL;
974 int mode_flags, r;
975 FILE *f;
976
977 assert(path);
978 assert(open_flags);
979 assert(ret_file);
980
981 mode_flags = mode_to_flags(open_flags);
982 if (mode_flags < 0)
983 return mode_flags;
984
985 fd = chase_symlinks_and_open(path, root, chase_flags, mode_flags, ret_path ? &final_path : NULL);
986 if (fd < 0)
987 return fd;
988
989 r = fdopen_unlocked(fd, open_flags, &f);
990 if (r < 0)
991 return r;
992 TAKE_FD(fd);
993
994 *ret_file = f;
995 if (ret_path)
996 *ret_path = TAKE_PTR(final_path);
997 return 0;
998}
999
0d39fa9c
LP		 1000int fflush_and_check(FILE *f) {
1001 assert(f);
1002
1003 errno = 0;
1004 fflush(f);
1005
1006 if (ferror(f))
66855de7 1007 return errno_or_else(EIO);
0d39fa9c
LP		 1008
1009 return 0;
1010}
1011
0675e94a 1012int fflush_sync_and_check(FILE *f) {
14f594b9 1013 int r, fd;
0675e94a
AJ		 1014
1015 assert(f);
1016
1017 r = fflush_and_check(f);
1018 if (r < 0)
1019 return r;
1020
14f594b9
LP		 1021 /* Not all file streams have an fd associated (think: fmemopen()), let's handle this gracefully and
1022 * assume that in that case we need no explicit syncing */
1023 fd = fileno(f);
1024 if (fd < 0)
1025 return 0;
1026
1027 if (fsync(fd) < 0)
0675e94a
AJ		 1028 return -errno;
1029
14f594b9 1030 r = fsync_directory_of_file(fd);
8ac2f74f
LP		 1031 if (r < 0)
1032 return r;
1033
0675e94a
AJ		 1034 return 0;
1035}
1036
33d52ab9
LP		 1037int write_timestamp_file_atomic(const char *fn, usec_t n) {
1038 char ln[DECIMAL_STR_MAX(n)+2];
1039
1040 /* Creates a "timestamp" file, that contains nothing but a
1041 * usec_t timestamp, formatted in ASCII. */
1042
1043 if (n <= 0 || n >= USEC_INFINITY)
1044 return -ERANGE;
1045
1046 xsprintf(ln, USEC_FMT "\n", n);
1047
1048 return write_string_file(fn, ln, WRITE_STRING_FILE_CREATE|WRITE_STRING_FILE_ATOMIC);
1049}
1050
1051int read_timestamp_file(const char *fn, usec_t *ret) {
1052 _cleanup_free_ char *ln = NULL;
1053 uint64_t t;
1054 int r;
1055
1056 r = read_one_line_file(fn, &ln);
1057 if (r < 0)
1058 return r;
1059
1060 r = safe_atou64(ln, &t);
1061 if (r < 0)
1062 return r;
1063
1064 if (t <= 0 || t >= (uint64_t) USEC_INFINITY)
1065 return -ERANGE;
1066
1067 *ret = (usec_t) t;
1068 return 0;
1069}
d390f8ef
LP		 1070
1071int fputs_with_space(FILE *f, const char *s, const char *separator, bool *space) {
1072 int r;
1073
1074 assert(s);
1075
1076 /* Outputs the specified string with fputs(), but optionally prefixes it with a separator. The *space parameter
1077 * when specified shall initially point to a boolean variable initialized to false. It is set to true after the
1078 * first invocation. This call is supposed to be use in loops, where a separator shall be inserted between each
1079 * element, but not before the first one. */
1080
1081 if (!f)
1082 f = stdout;
1083
1084 if (space) {
1085 if (!separator)
1086 separator = " ";
1087
1088 if (*space) {
1089 r = fputs(separator, f);
1090 if (r < 0)
1091 return r;
1092 }
1093
1094 *space = true;
1095 }
1096
1097 return fputs(s, f);
1098}
03532f0a 1099
838894b0
LP		 1100/* A bitmask of the EOL markers we know */
1101typedef enum EndOfLineMarker {
1102 EOL_NONE = 0,
1103 EOL_ZERO = 1 << 0, /* \0 (aka NUL) */
1104 EOL_TEN = 1 << 1, /* \n (aka NL, aka LF) */
1105 EOL_THIRTEEN = 1 << 2, /* \r (aka CR) */
1106} EndOfLineMarker;
1107
41f11239
LP		 1108static EndOfLineMarker categorize_eol(char c, ReadLineFlags flags) {
1109
1110 if (!IN_SET(flags, READ_LINE_ONLY_NUL)) {
1111 if (c == '\n')
1112 return EOL_TEN;
1113 if (c == '\r')
1114 return EOL_THIRTEEN;
1115 }
1116
838894b0
LP		 1117 if (c == '\0')
1118 return EOL_ZERO;
1119
1120 return EOL_NONE;
1121}
1122
57d6f700 1123DEFINE_TRIVIAL_CLEANUP_FUNC(FILE*, funlockfile);
f858e514 1124
41f11239 1125int read_line_full(FILE *f, size_t limit, ReadLineFlags flags, char **ret) {
4f9a66a3 1126 size_t n = 0, allocated = 0, count = 0;
838894b0 1127 _cleanup_free_ char *buffer = NULL;
609ae0f5 1128 int r;
4f9a66a3
LP		 1129
1130 assert(f);
1131
1132 /* Something like a bounded version of getline().
1133 *
838894b0
LP		 1134 * Considers EOF, \n, \r and \0 end of line delimiters (or combinations of these), and does not include these
1135 * delimiters in the string returned. Specifically, recognizes the following combinations of markers as line
1136 * endings:
1137 *
1138 * • \n (UNIX)
1139 * • \r (old MacOS)
1140 * • \0 (C strings)
1141 * • \n\0
1142 * • \r\0
1143 * • \r\n (Windows)
1144 * • \n\r
1145 * • \r\n\0
1146 * • \n\r\0
4f9a66a3
LP		 1147 *
1148 * Returns the number of bytes read from the files (i.e. including delimiters — this hence usually differs from
1149 * the number of characters in the returned string). When EOF is hit, 0 is returned.
1150 *
1151 * The input parameter limit is the maximum numbers of characters in the returned string, i.e. excluding
1152 * delimiters. If the limit is hit we fail and return -ENOBUFS.
1153 *
1154 * If a line shall be skipped ret may be initialized as NULL. */
1155
1156 if (ret) {
1157 if (!GREEDY_REALLOC(buffer, allocated, 1))
1158 return -ENOMEM;
1159 }
1160
f858e514 1161 {
3f691417 1162 _unused_ _cleanup_(funlockfilep) FILE *flocked = f;
838894b0 1163 EndOfLineMarker previous_eol = EOL_NONE;
f858e514 1164 flockfile(f);
4f9a66a3 1165
f858e514 1166 for (;;) {
838894b0 1167 EndOfLineMarker eol;
03a7dbea 1168 char c;
4f9a66a3 1169
f858e514
ZJS		 1170 if (n >= limit)
1171 return -ENOBUFS;
4f9a66a3 1172
31fd02f0
LP		 1173 if (count >= INT_MAX) /* We couldn't return the counter anymore as "int", hence refuse this */
1174 return -ENOBUFS;
1175
03a7dbea
LP		 1176 r = safe_fgetc(f, &c);
1177 if (r < 0)
1178 return r;
91a306b8 1179 if (r == 0) /* EOF is definitely EOL */
f858e514 1180 break;
4f9a66a3 1181
41f11239 1182 eol = categorize_eol(c, flags);
838894b0
LP		 1183
1184 if (FLAGS_SET(previous_eol, EOL_ZERO) ||
1185 (eol == EOL_NONE && previous_eol != EOL_NONE) ||
1186 (eol != EOL_NONE && (previous_eol & eol) != 0)) {
1187 /* Previous char was a NUL? This is not an EOL, but the previous char was? This type of
517b7760
LP		 1188 * EOL marker has been seen right before? In either of these three cases we are
1189 * done. But first, let's put this character back in the queue. (Note that we have to
1190 * cast this to (unsigned char) here as ungetc() expects a positive 'int', and if we
1191 * are on an architecture where 'char' equals 'signed char' we need to ensure we don't
1192 * pass a negative value here. That said, to complicate things further ungetc() is
1193 * actually happy with most negative characters and implicitly casts them back to
1194 * positive ones as needed, except for \xff (aka -1, aka EOF), which it refuses. What a
1195 * godawful API!) */
1196 assert_se(ungetc((unsigned char) c, f) != EOF);
f858e514 1197 break;
838894b0
LP		 1198 }
1199
91a306b8
LP		 1200 count++;
1201
838894b0 1202 if (eol != EOL_NONE) {
451fcbfc
LP		 1203 /* If we are on a tty, we can't shouldn't wait for more input, because that
1204 * generally means waiting for the user, interactively. In the case of a TTY
1205 * we expect only \n as the single EOL marker, so we are in the lucky
1206 * position that there is no need to wait. We check this condition last, to
1207 * avoid isatty() check if not necessary. */
ee41670f 1208
609ae0f5 1209 if ((flags & (READ_LINE_IS_A_TTY|READ_LINE_NOT_A_TTY)) == 0) {
14f594b9
LP		 1210 int fd;
1211
1212 fd = fileno(f);
1213 if (fd < 0) /* Maybe an fmemopen() stream? Handle this gracefully,
1214 * and don't call isatty() on an invalid fd */
609ae0f5 1215 flags |= READ_LINE_NOT_A_TTY;
14f594b9 1216 else
609ae0f5 1217 flags |= isatty(fd) ? READ_LINE_IS_A_TTY : READ_LINE_NOT_A_TTY;
14f594b9 1218 }
609ae0f5 1219 if (FLAGS_SET(flags, READ_LINE_IS_A_TTY))
ee41670f
ZJS		 1220 break;
1221 }
1222
1223 if (eol != EOL_NONE) {
838894b0
LP		 1224 previous_eol |= eol;
1225 continue;
1226 }
4f9a66a3 1227
f858e514
ZJS		 1228 if (ret) {
1229 if (!GREEDY_REALLOC(buffer, allocated, n + 2))
1230 return -ENOMEM;
4f9a66a3 1231
03a7dbea 1232 buffer[n] = c;
4f9a66a3
LP		 1233 }
1234
f858e514 1235 n++;
4f9a66a3 1236 }
4f9a66a3
LP		 1237 }
1238
4f9a66a3
LP		 1239 if (ret) {
1240 buffer[n] = 0;
1241
1cc6c93a 1242 *ret = TAKE_PTR(buffer);
4f9a66a3
LP		 1243 }
1244
1245 return (int) count;
1246}
285a9b27
LP		 1247
1248int safe_fgetc(FILE *f, char *ret) {
1249 int k;
1250
1251 assert(f);
1252
1253 /* A safer version of plain fgetc(): let's propagate the error that happened while reading as such, and
1254 * separate the EOF condition from the byte read, to avoid those confusion signed/unsigned issues fgetc()
1255 * has. */
1256
1257 errno = 0;
1258 k = fgetc(f);
1259 if (k == EOF) {
1260 if (ferror(f))
66855de7 1261 return errno_or_else(EIO);
285a9b27
LP		 1262
1263 if (ret)
1264 *ret = 0;
1265
1266 return 0;
1267 }
1268
1269 if (ret)
1270 *ret = k;
1271
1272 return 1;
1273}
7a309a8c
YW		 1274
1275int warn_file_is_world_accessible(const char *filename, struct stat *st, const char *unit, unsigned line) {
1276 struct stat _st;
1277
1278 if (!filename)
1279 return 0;
1280
1281 if (!st) {
1282 if (stat(filename, &_st) < 0)
1283 return -errno;
1284 st = &_st;
1285 }
1286
1287 if ((st->st_mode & S_IRWXO) == 0)
1288 return 0;
1289
1290 if (unit)
1291 log_syntax(unit, LOG_WARNING, filename, line, 0,
0f935776 1292 "%s has %04o mode that is too permissive, please adjust the ownership and access mode.",
7a309a8c
YW		 1293 filename, st->st_mode & 07777);
1294 else
0f935776 1295 log_warning("%s has %04o mode that is too permissive, please adjust the ownership and access mode.",
7a309a8c
YW		 1296 filename, st->st_mode & 07777);
1297 return 0;
1298}
494735f3 1299
90c81688 1300int sync_rights(int from, int to) {
494735f3
DDM		 1301 struct stat st;
1302
90c81688 1303 if (fstat(from, &st) < 0)
494735f3
DDM		 1304 return -errno;
1305
90c81688 1306 return fchmod_and_chown(to, st.st_mode & 07777, st.st_uid, st.st_gid);
494735f3
DDM		 1307}
1308
2da3dc69 1309int rename_and_apply_smack_floor_label(const char *from, const char *to) {
494735f3
DDM		 1310 int r = 0;
1311 if (rename(from, to) < 0)
1312 return -errno;
1313
1314#ifdef SMACK_RUN_LABEL
1315 r = mac_smack_apply(to, SMACK_ATTR_ACCESS, SMACK_FLOOR_LABEL);
1316 if (r < 0)
1317 return r;
1318#endif
1319 return r;
1320}
Unnamed repository; edit this file 'description' to name the repository.