2020-11-09 05:23:58 +01:00
|
|
|
/* SPDX-License-Identifier: LGPL-2.1-or-later */
|
2013-02-14 12:26:13 +01:00
|
|
|
|
2018-11-30 21:05:49 +01:00
|
|
|
#include <ctype.h>
|
2015-11-30 21:43:37 +01:00
|
|
|
#include <errno.h>
|
|
|
|
|
#include <fcntl.h>
|
|
|
|
|
#include <limits.h>
|
|
|
|
|
#include <stdarg.h>
|
|
|
|
|
#include <stdint.h>
|
2017-12-11 20:01:55 +01:00
|
|
|
#include <stdio_ext.h>
|
2015-11-30 21:43:37 +01:00
|
|
|
#include <stdlib.h>
|
|
|
|
|
#include <sys/stat.h>
|
|
|
|
|
#include <sys/types.h>
|
2013-02-14 12:26:13 +01:00
|
|
|
#include <unistd.h>
|
2014-11-06 21:19:20 +01:00
|
|
|
|
2015-10-27 03:01:06 +01:00
|
|
|
#include "alloc-util.h"
|
2015-10-25 13:14:12 +01:00
|
|
|
#include "fd-util.h"
|
|
|
|
|
#include "fileio.h"
|
2015-10-26 21:16:26 +01:00
|
|
|
#include "fs-util.h"
|
2019-04-08 16:40:22 +02:00
|
|
|
#include "hexdecoct.h"
|
2015-12-01 23:22:03 +01:00
|
|
|
#include "log.h"
|
|
|
|
|
#include "macro.h"
|
2019-04-24 18:42:13 +02:00
|
|
|
#include "mkdir.h"
|
2015-11-12 11:17:01 +01:00
|
|
|
#include "parse-util.h"
|
2015-10-26 18:05:03 +01:00
|
|
|
#include "path-util.h"
|
2020-07-17 12:26:01 +02:00
|
|
|
#include "socket-util.h"
|
2015-11-12 11:17:01 +01:00
|
|
|
#include "stdio-util.h"
|
2015-10-24 22:58:24 +02:00
|
|
|
#include "string-util.h"
|
2018-11-30 21:05:27 +01:00
|
|
|
#include "tmpfile-util.h"
|
2013-02-14 12:26:13 +01:00
|
|
|
|
2016-08-04 22:52:02 +02:00
|
|
|
#define READ_FULL_BYTES_MAX (4U*1024U*1024U)
|
|
|
|
|
|
2019-04-04 10:17:16 +02:00
|
|
|
int fopen_unlocked(const char *path, const char *options, FILE **ret) {
|
|
|
|
|
assert(ret);
|
|
|
|
|
|
|
|
|
|
FILE *f = fopen(path, options);
|
|
|
|
|
if (!f)
|
|
|
|
|
return -errno;
|
|
|
|
|
|
|
|
|
|
(void) __fsetlocking(f, FSETLOCKING_BYCALLER);
|
|
|
|
|
|
|
|
|
|
*ret = f;
|
|
|
|
|
return 0;
|
|
|
|
|
}
|
|
|
|
|
|
2019-04-04 11:27:08 +02:00
|
|
|
int fdopen_unlocked(int fd, const char *options, FILE **ret) {
|
|
|
|
|
assert(ret);
|
|
|
|
|
|
|
|
|
|
FILE *f = fdopen(fd, options);
|
|
|
|
|
if (!f)
|
|
|
|
|
return -errno;
|
|
|
|
|
|
|
|
|
|
(void) __fsetlocking(f, FSETLOCKING_BYCALLER);
|
|
|
|
|
|
|
|
|
|
*ret = f;
|
|
|
|
|
return 0;
|
|
|
|
|
}
|
|
|
|
|
|
2020-03-31 09:49:07 +02:00
|
|
|
int take_fdopen_unlocked(int *fd, const char *options, FILE **ret) {
|
|
|
|
|
int r;
|
|
|
|
|
|
|
|
|
|
assert(fd);
|
|
|
|
|
|
|
|
|
|
r = fdopen_unlocked(*fd, options, ret);
|
|
|
|
|
if (r < 0)
|
|
|
|
|
return r;
|
|
|
|
|
|
|
|
|
|
*fd = -1;
|
|
|
|
|
|
|
|
|
|
return 0;
|
|
|
|
|
}
|
|
|
|
|
|
|
|
|
|
FILE* take_fdopen(int *fd, const char *options) {
|
|
|
|
|
assert(fd);
|
|
|
|
|
|
|
|
|
|
FILE *f = fdopen(*fd, options);
|
|
|
|
|
if (!f)
|
|
|
|
|
return NULL;
|
|
|
|
|
|
|
|
|
|
*fd = -1;
|
|
|
|
|
|
|
|
|
|
return f;
|
|
|
|
|
}
|
|
|
|
|
|
2020-03-31 10:59:33 +02:00
|
|
|
DIR* take_fdopendir(int *dfd) {
|
|
|
|
|
assert(dfd);
|
|
|
|
|
|
|
|
|
|
DIR *d = fdopendir(*dfd);
|
|
|
|
|
if (!d)
|
|
|
|
|
return NULL;
|
|
|
|
|
|
|
|
|
|
*dfd = -1;
|
|
|
|
|
|
|
|
|
|
return d;
|
|
|
|
|
}
|
|
|
|
|
|
2019-04-04 11:46:44 +02:00
|
|
|
FILE* open_memstream_unlocked(char **ptr, size_t *sizeloc) {
|
|
|
|
|
FILE *f = open_memstream(ptr, sizeloc);
|
|
|
|
|
if (!f)
|
|
|
|
|
return NULL;
|
|
|
|
|
|
|
|
|
|
(void) __fsetlocking(f, FSETLOCKING_BYCALLER);
|
|
|
|
|
|
|
|
|
|
return f;
|
|
|
|
|
}
|
|
|
|
|
|
2019-04-04 12:24:38 +02:00
|
|
|
FILE* fmemopen_unlocked(void *buf, size_t size, const char *mode) {
|
|
|
|
|
FILE *f = fmemopen(buf, size, mode);
|
|
|
|
|
if (!f)
|
|
|
|
|
return NULL;
|
|
|
|
|
|
|
|
|
|
(void) __fsetlocking(f, FSETLOCKING_BYCALLER);
|
|
|
|
|
|
|
|
|
|
return f;
|
|
|
|
|
}
|
|
|
|
|
|
2017-09-22 20:55:34 +02:00
|
|
|
int write_string_stream_ts(
|
|
|
|
|
FILE *f,
|
|
|
|
|
const char *line,
|
|
|
|
|
WriteStringFileFlags flags,
|
2020-10-25 13:44:43 +01:00
|
|
|
const struct timespec *ts) {
|
2015-07-29 20:31:07 +02:00
|
|
|
|
2017-12-30 15:42:03 +01:00
|
|
|
bool needs_nl;
|
2020-04-13 10:09:44 +02:00
|
|
|
int r, fd;
|
2017-12-30 15:42:03 +01:00
|
|
|
|
2014-07-03 17:50:55 +02:00
|
|
|
assert(f);
|
|
|
|
|
assert(line);
|
|
|
|
|
|
2017-12-28 16:03:47 +01:00
|
|
|
if (ferror(f))
|
|
|
|
|
return -EIO;
|
|
|
|
|
|
2020-04-13 10:09:44 +02:00
|
|
|
if (ts) {
|
|
|
|
|
/* If we shall set the timestamp we need the fd. But fmemopen() streams generally don't have
|
|
|
|
|
* an fd. Let's fail early in that case. */
|
|
|
|
|
fd = fileno(f);
|
|
|
|
|
if (fd < 0)
|
|
|
|
|
return -EBADF;
|
|
|
|
|
}
|
|
|
|
|
|
2017-12-30 15:42:03 +01:00
|
|
|
needs_nl = !(flags & WRITE_STRING_FILE_AVOID_NEWLINE) && !endswith(line, "\n");
|
|
|
|
|
|
|
|
|
|
if (needs_nl && (flags & WRITE_STRING_FILE_DISABLE_BUFFER)) {
|
|
|
|
|
/* If STDIO buffering was disabled, then let's append the newline character to the string itself, so
|
|
|
|
|
* that the write goes out in one go, instead of two */
|
|
|
|
|
|
|
|
|
|
line = strjoina(line, "\n");
|
|
|
|
|
needs_nl = false;
|
|
|
|
|
}
|
|
|
|
|
|
2017-12-28 03:46:52 +01:00
|
|
|
if (fputs(line, f) == EOF)
|
|
|
|
|
return -errno;
|
|
|
|
|
|
2017-12-30 15:42:03 +01:00
|
|
|
if (needs_nl)
|
2017-12-28 03:46:52 +01:00
|
|
|
if (fputc('\n', f) == EOF)
|
|
|
|
|
return -errno;
|
2013-02-14 12:26:13 +01:00
|
|
|
|
2018-04-24 16:50:42 +02:00
|
|
|
if (flags & WRITE_STRING_FILE_SYNC)
|
|
|
|
|
r = fflush_sync_and_check(f);
|
|
|
|
|
else
|
|
|
|
|
r = fflush_and_check(f);
|
|
|
|
|
if (r < 0)
|
|
|
|
|
return r;
|
|
|
|
|
|
2017-05-11 16:23:36 +02:00
|
|
|
if (ts) {
|
2020-10-25 13:44:43 +01:00
|
|
|
const struct timespec twice[2] = {*ts, *ts};
|
2017-05-11 16:23:36 +02:00
|
|
|
|
2020-04-13 10:09:44 +02:00
|
|
|
if (futimens(fd, twice) < 0)
|
2017-05-11 16:23:36 +02:00
|
|
|
return -errno;
|
|
|
|
|
}
|
|
|
|
|
|
2018-04-24 16:50:42 +02:00
|
|
|
return 0;
|
2013-02-14 12:26:13 +01:00
|
|
|
}
|
|
|
|
|
|
2017-09-22 20:45:06 +02:00
|
|
|
static int write_string_file_atomic(
|
|
|
|
|
const char *fn,
|
|
|
|
|
const char *line,
|
2017-09-22 20:55:34 +02:00
|
|
|
WriteStringFileFlags flags,
|
2020-10-25 13:44:43 +01:00
|
|
|
const struct timespec *ts) {
|
2017-09-22 20:45:06 +02:00
|
|
|
|
2013-02-14 12:26:13 +01:00
|
|
|
_cleanup_fclose_ FILE *f = NULL;
|
|
|
|
|
_cleanup_free_ char *p = NULL;
|
|
|
|
|
int r;
|
|
|
|
|
|
|
|
|
|
assert(fn);
|
|
|
|
|
assert(line);
|
|
|
|
|
|
2019-05-17 15:52:35 +02:00
|
|
|
/* Note that we'd really like to use O_TMPFILE here, but can't really, since we want replacement
|
|
|
|
|
* semantics here, and O_TMPFILE can't offer that. i.e. rename() replaces but linkat() doesn't. */
|
|
|
|
|
|
2013-02-14 12:26:13 +01:00
|
|
|
r = fopen_temporary(fn, &f, &p);
|
|
|
|
|
if (r < 0)
|
|
|
|
|
return r;
|
|
|
|
|
|
2017-09-22 20:55:34 +02:00
|
|
|
r = write_string_stream_ts(f, line, flags, ts);
|
2017-09-22 20:59:39 +02:00
|
|
|
if (r < 0)
|
|
|
|
|
goto fail;
|
|
|
|
|
|
2019-05-17 15:52:35 +02:00
|
|
|
r = fchmod_umask(fileno(f), FLAGS_SET(flags, WRITE_STRING_FILE_MODE_0600) ? 0600 : 0644);
|
|
|
|
|
if (r < 0)
|
|
|
|
|
goto fail;
|
|
|
|
|
|
2017-09-22 20:59:39 +02:00
|
|
|
if (rename(p, fn) < 0) {
|
|
|
|
|
r = -errno;
|
|
|
|
|
goto fail;
|
2013-02-14 12:26:13 +01:00
|
|
|
}
|
|
|
|
|
|
2020-05-20 17:14:48 +02:00
|
|
|
if (FLAGS_SET(flags, WRITE_STRING_FILE_SYNC)) {
|
|
|
|
|
/* Sync the rename, too */
|
|
|
|
|
r = fsync_directory_of_file(fileno(f));
|
|
|
|
|
if (r < 0)
|
|
|
|
|
return r;
|
|
|
|
|
}
|
|
|
|
|
|
2017-09-22 20:59:39 +02:00
|
|
|
return 0;
|
2013-02-14 12:26:13 +01:00
|
|
|
|
2017-09-22 20:59:39 +02:00
|
|
|
fail:
|
|
|
|
|
(void) unlink(p);
|
2013-02-14 12:26:13 +01:00
|
|
|
return r;
|
|
|
|
|
}
|
|
|
|
|
|
2017-09-22 20:55:34 +02:00
|
|
|
int write_string_file_ts(
|
|
|
|
|
const char *fn,
|
|
|
|
|
const char *line,
|
|
|
|
|
WriteStringFileFlags flags,
|
2020-10-25 13:44:43 +01:00
|
|
|
const struct timespec *ts) {
|
2017-09-22 20:55:34 +02:00
|
|
|
|
2015-07-07 01:19:25 +02:00
|
|
|
_cleanup_fclose_ FILE *f = NULL;
|
2019-05-17 15:52:35 +02:00
|
|
|
int q, r, fd;
|
2015-07-07 01:19:25 +02:00
|
|
|
|
|
|
|
|
assert(fn);
|
|
|
|
|
assert(line);
|
|
|
|
|
|
2017-08-29 11:56:32 +02:00
|
|
|
/* We don't know how to verify whether the file contents was already on-disk. */
|
|
|
|
|
assert(!((flags & WRITE_STRING_FILE_VERIFY_ON_FAILURE) && (flags & WRITE_STRING_FILE_SYNC)));
|
2017-08-17 18:09:44 +02:00
|
|
|
|
2019-04-24 18:42:13 +02:00
|
|
|
if (flags & WRITE_STRING_FILE_MKDIR_0755) {
|
|
|
|
|
r = mkdir_parents(fn, 0755);
|
|
|
|
|
if (r < 0)
|
|
|
|
|
return r;
|
|
|
|
|
}
|
|
|
|
|
|
2015-07-07 01:19:25 +02:00
|
|
|
if (flags & WRITE_STRING_FILE_ATOMIC) {
|
|
|
|
|
assert(flags & WRITE_STRING_FILE_CREATE);
|
|
|
|
|
|
2017-09-22 20:55:34 +02:00
|
|
|
r = write_string_file_atomic(fn, line, flags, ts);
|
2015-11-13 00:54:56 +01:00
|
|
|
if (r < 0)
|
|
|
|
|
goto fail;
|
|
|
|
|
|
|
|
|
|
return r;
|
2017-05-11 16:23:36 +02:00
|
|
|
} else
|
2017-12-08 20:52:38 +01:00
|
|
|
assert(!ts);
|
2015-07-07 01:19:25 +02:00
|
|
|
|
2019-05-17 15:52:35 +02:00
|
|
|
/* We manually build our own version of fopen(..., "we") that works without O_CREAT and with O_NOFOLLOW if needed. */
|
|
|
|
|
fd = open(fn, O_WRONLY|O_CLOEXEC|O_NOCTTY |
|
|
|
|
|
(FLAGS_SET(flags, WRITE_STRING_FILE_NOFOLLOW) ? O_NOFOLLOW : 0) |
|
2020-10-21 18:18:25 +02:00
|
|
|
(FLAGS_SET(flags, WRITE_STRING_FILE_CREATE) ? O_CREAT : 0) |
|
|
|
|
|
(FLAGS_SET(flags, WRITE_STRING_FILE_TRUNCATE) ? O_TRUNC : 0),
|
2019-05-17 15:52:35 +02:00
|
|
|
(FLAGS_SET(flags, WRITE_STRING_FILE_MODE_0600) ? 0600 : 0666));
|
|
|
|
|
if (fd < 0) {
|
|
|
|
|
r = -errno;
|
|
|
|
|
goto fail;
|
|
|
|
|
}
|
2015-07-07 01:19:25 +02:00
|
|
|
|
2019-05-17 15:52:35 +02:00
|
|
|
r = fdopen_unlocked(fd, "w", &f);
|
|
|
|
|
if (r < 0) {
|
|
|
|
|
safe_close(fd);
|
|
|
|
|
goto fail;
|
2019-04-04 11:02:11 +02:00
|
|
|
}
|
2017-12-11 20:01:55 +01:00
|
|
|
|
2017-12-12 16:52:45 +01:00
|
|
|
if (flags & WRITE_STRING_FILE_DISABLE_BUFFER)
|
|
|
|
|
setvbuf(f, NULL, _IONBF, 0);
|
|
|
|
|
|
2017-09-22 20:55:34 +02:00
|
|
|
r = write_string_stream_ts(f, line, flags, ts);
|
2015-11-13 00:54:56 +01:00
|
|
|
if (r < 0)
|
|
|
|
|
goto fail;
|
|
|
|
|
|
|
|
|
|
return 0;
|
|
|
|
|
|
|
|
|
|
fail:
|
|
|
|
|
if (!(flags & WRITE_STRING_FILE_VERIFY_ON_FAILURE))
|
|
|
|
|
return r;
|
|
|
|
|
|
|
|
|
|
f = safe_fclose(f);
|
|
|
|
|
|
|
|
|
|
/* OK, the operation failed, but let's see if the right
|
|
|
|
|
* contents in place already. If so, eat up the error. */
|
|
|
|
|
|
|
|
|
|
q = verify_file(fn, line, !(flags & WRITE_STRING_FILE_AVOID_NEWLINE));
|
|
|
|
|
if (q <= 0)
|
|
|
|
|
return r;
|
|
|
|
|
|
|
|
|
|
return 0;
|
2015-07-07 01:19:25 +02:00
|
|
|
}
|
|
|
|
|
|
2018-06-05 16:02:32 +02:00
|
|
|
int write_string_filef(
|
|
|
|
|
const char *fn,
|
|
|
|
|
WriteStringFileFlags flags,
|
|
|
|
|
const char *format, ...) {
|
|
|
|
|
|
|
|
|
|
_cleanup_free_ char *p = NULL;
|
|
|
|
|
va_list ap;
|
|
|
|
|
int r;
|
|
|
|
|
|
|
|
|
|
va_start(ap, format);
|
|
|
|
|
r = vasprintf(&p, format, ap);
|
|
|
|
|
va_end(ap);
|
|
|
|
|
|
|
|
|
|
if (r < 0)
|
|
|
|
|
return -ENOMEM;
|
|
|
|
|
|
|
|
|
|
return write_string_file(fn, p, flags);
|
|
|
|
|
}
|
|
|
|
|
|
2013-02-14 12:26:13 +01:00
|
|
|
int read_one_line_file(const char *fn, char **line) {
|
|
|
|
|
_cleanup_fclose_ FILE *f = NULL;
|
2019-04-04 10:17:16 +02:00
|
|
|
int r;
|
2013-02-14 12:26:13 +01:00
|
|
|
|
|
|
|
|
assert(fn);
|
|
|
|
|
assert(line);
|
|
|
|
|
|
2019-04-04 10:17:16 +02:00
|
|
|
r = fopen_unlocked(fn, "re", &f);
|
|
|
|
|
if (r < 0)
|
|
|
|
|
return r;
|
2017-12-11 20:01:55 +01:00
|
|
|
|
2019-02-01 22:25:53 +01:00
|
|
|
return read_line(f, LONG_LINE_MAX, line);
|
2013-02-14 12:26:13 +01:00
|
|
|
}
|
|
|
|
|
|
2015-11-13 00:54:56 +01:00
|
|
|
int verify_file(const char *fn, const char *blob, bool accept_extra_nl) {
|
|
|
|
|
_cleanup_fclose_ FILE *f = NULL;
|
|
|
|
|
_cleanup_free_ char *buf = NULL;
|
|
|
|
|
size_t l, k;
|
2019-04-04 10:17:16 +02:00
|
|
|
int r;
|
2015-07-06 13:38:47 +02:00
|
|
|
|
2015-11-13 00:54:56 +01:00
|
|
|
assert(fn);
|
|
|
|
|
assert(blob);
|
|
|
|
|
|
|
|
|
|
l = strlen(blob);
|
|
|
|
|
|
|
|
|
|
if (accept_extra_nl && endswith(blob, "\n"))
|
|
|
|
|
accept_extra_nl = false;
|
|
|
|
|
|
|
|
|
|
buf = malloc(l + accept_extra_nl + 1);
|
|
|
|
|
if (!buf)
|
|
|
|
|
return -ENOMEM;
|
|
|
|
|
|
2019-04-04 10:17:16 +02:00
|
|
|
r = fopen_unlocked(fn, "re", &f);
|
|
|
|
|
if (r < 0)
|
|
|
|
|
return r;
|
2017-12-11 20:01:55 +01:00
|
|
|
|
2015-11-13 00:54:56 +01:00
|
|
|
/* We try to read one byte more than we need, so that we know whether we hit eof */
|
|
|
|
|
errno = 0;
|
|
|
|
|
k = fread(buf, 1, l + accept_extra_nl + 1, f);
|
|
|
|
|
if (ferror(f))
|
2019-07-11 15:42:14 +02:00
|
|
|
return errno_or_else(EIO);
|
2015-11-13 00:54:56 +01:00
|
|
|
|
|
|
|
|
if (k != l && k != l + accept_extra_nl)
|
|
|
|
|
return 0;
|
|
|
|
|
if (memcmp(buf, blob, l) != 0)
|
|
|
|
|
return 0;
|
|
|
|
|
if (k > l && buf[l] != '\n')
|
|
|
|
|
return 0;
|
2015-07-06 13:38:47 +02:00
|
|
|
|
2015-11-13 00:54:56 +01:00
|
|
|
return 1;
|
2015-07-06 13:38:47 +02:00
|
|
|
}
|
|
|
|
|
|
2019-10-22 16:09:21 +02:00
|
|
|
int read_full_virtual_file(const char *filename, char **ret_contents, size_t *ret_size) {
|
|
|
|
|
_cleanup_free_ char *buf = NULL;
|
|
|
|
|
_cleanup_close_ int fd = -1;
|
|
|
|
|
struct stat st;
|
|
|
|
|
size_t n, size;
|
|
|
|
|
int n_retries;
|
|
|
|
|
char *p;
|
|
|
|
|
|
|
|
|
|
assert(ret_contents);
|
|
|
|
|
|
|
|
|
|
/* Virtual filesystems such as sysfs or procfs use kernfs, and kernfs can work
|
|
|
|
|
* with two sorts of virtual files. One sort uses "seq_file", and the results of
|
|
|
|
|
* the first read are buffered for the second read. The other sort uses "raw"
|
|
|
|
|
* reads which always go direct to the device. In the latter case, the content of
|
|
|
|
|
* the virtual file must be retrieved with a single read otherwise a second read
|
|
|
|
|
* might get the new value instead of finding EOF immediately. That's the reason
|
|
|
|
|
* why the usage of fread(3) is prohibited in this case as it always performs a
|
|
|
|
|
* second call to read(2) looking for EOF. See issue 13585. */
|
|
|
|
|
|
|
|
|
|
fd = open(filename, O_RDONLY|O_CLOEXEC);
|
|
|
|
|
if (fd < 0)
|
|
|
|
|
return -errno;
|
|
|
|
|
|
|
|
|
|
/* Start size for files in /proc which usually report a file size of 0. */
|
|
|
|
|
size = LINE_MAX / 2;
|
|
|
|
|
|
|
|
|
|
/* Limit the number of attempts to read the number of bytes returned by fstat(). */
|
|
|
|
|
n_retries = 3;
|
|
|
|
|
|
|
|
|
|
for (;;) {
|
|
|
|
|
if (n_retries <= 0)
|
|
|
|
|
return -EIO;
|
|
|
|
|
|
|
|
|
|
if (fstat(fd, &st) < 0)
|
|
|
|
|
return -errno;
|
|
|
|
|
|
|
|
|
|
if (!S_ISREG(st.st_mode))
|
|
|
|
|
return -EBADF;
|
|
|
|
|
|
|
|
|
|
/* Be prepared for files from /proc which generally report a file size of 0. */
|
|
|
|
|
if (st.st_size > 0) {
|
|
|
|
|
size = st.st_size;
|
|
|
|
|
n_retries--;
|
|
|
|
|
} else
|
|
|
|
|
size = size * 2;
|
|
|
|
|
|
|
|
|
|
if (size > READ_FULL_BYTES_MAX)
|
|
|
|
|
return -E2BIG;
|
|
|
|
|
|
|
|
|
|
p = realloc(buf, size + 1);
|
|
|
|
|
if (!p)
|
|
|
|
|
return -ENOMEM;
|
|
|
|
|
buf = TAKE_PTR(p);
|
|
|
|
|
|
|
|
|
|
for (;;) {
|
|
|
|
|
ssize_t k;
|
|
|
|
|
|
|
|
|
|
/* Read one more byte so we can detect whether the content of the
|
|
|
|
|
* file has already changed or the guessed size for files from /proc
|
|
|
|
|
* wasn't large enough . */
|
|
|
|
|
k = read(fd, buf, size + 1);
|
|
|
|
|
if (k >= 0) {
|
|
|
|
|
n = k;
|
|
|
|
|
break;
|
|
|
|
|
}
|
|
|
|
|
|
2020-05-20 18:10:58 +02:00
|
|
|
if (errno != EINTR)
|
2019-10-22 16:09:21 +02:00
|
|
|
return -errno;
|
|
|
|
|
}
|
|
|
|
|
|
|
|
|
|
/* Consider a short read as EOF */
|
|
|
|
|
if (n <= size)
|
|
|
|
|
break;
|
|
|
|
|
|
|
|
|
|
/* Hmm... either we read too few bytes from /proc or less likely the content
|
|
|
|
|
* of the file might have been changed (and is now bigger) while we were
|
|
|
|
|
* processing, let's try again either with a bigger guessed size or the new
|
|
|
|
|
* file size. */
|
|
|
|
|
|
|
|
|
|
if (lseek(fd, 0, SEEK_SET) < 0)
|
|
|
|
|
return -errno;
|
|
|
|
|
}
|
|
|
|
|
|
|
|
|
|
if (n < size) {
|
|
|
|
|
p = realloc(buf, n + 1);
|
|
|
|
|
if (!p)
|
|
|
|
|
return -ENOMEM;
|
|
|
|
|
buf = TAKE_PTR(p);
|
|
|
|
|
}
|
|
|
|
|
|
|
|
|
|
if (!ret_size) {
|
|
|
|
|
/* Safety check: if the caller doesn't want to know the size of what we
|
|
|
|
|
* just read it will rely on the trailing NUL byte. But if there's an
|
|
|
|
|
* embedded NUL byte, then we should refuse operation as otherwise
|
|
|
|
|
* there'd be ambiguity about what we just read. */
|
|
|
|
|
|
|
|
|
|
if (memchr(buf, 0, n))
|
|
|
|
|
return -EBADMSG;
|
|
|
|
|
} else
|
|
|
|
|
*ret_size = n;
|
|
|
|
|
|
|
|
|
|
buf[n] = 0;
|
|
|
|
|
*ret_contents = TAKE_PTR(buf);
|
|
|
|
|
|
|
|
|
|
return 0;
|
|
|
|
|
}
|
|
|
|
|
|
2019-04-07 19:22:40 +02:00
|
|
|
int read_full_stream_full(
|
2018-12-15 12:25:32 +01:00
|
|
|
FILE *f,
|
2019-04-08 07:15:10 +02:00
|
|
|
const char *filename,
|
2020-11-04 20:25:06 +01:00
|
|
|
uint64_t offset,
|
|
|
|
|
size_t size,
|
2019-04-07 19:22:40 +02:00
|
|
|
ReadFullFileFlags flags,
|
2018-12-15 12:25:32 +01:00
|
|
|
char **ret_contents,
|
|
|
|
|
size_t *ret_size) {
|
|
|
|
|
|
2013-02-14 12:26:13 +01:00
|
|
|
_cleanup_free_ char *buf = NULL;
|
2019-04-07 19:22:40 +02:00
|
|
|
size_t n, n_next, l;
|
|
|
|
|
int fd, r;
|
2013-02-14 12:26:13 +01:00
|
|
|
|
2014-07-03 17:50:55 +02:00
|
|
|
assert(f);
|
2018-12-15 12:25:32 +01:00
|
|
|
assert(ret_contents);
|
2019-04-10 11:03:42 +02:00
|
|
|
assert(!FLAGS_SET(flags, READ_FULL_FILE_UNBASE64 | READ_FULL_FILE_UNHEX));
|
2013-02-14 12:26:13 +01:00
|
|
|
|
2020-11-04 20:25:06 +01:00
|
|
|
if (offset != UINT64_MAX && offset > LONG_MAX)
|
|
|
|
|
return -ERANGE;
|
|
|
|
|
|
|
|
|
|
n_next = size != SIZE_MAX ? size : LINE_MAX; /* Start size */
|
2013-02-14 12:26:13 +01:00
|
|
|
|
2018-04-17 11:07:56 +02:00
|
|
|
fd = fileno(f);
|
2020-11-04 20:25:06 +01:00
|
|
|
if (fd >= 0) { /* If the FILE* object is backed by an fd (as opposed to memory or such, see
|
|
|
|
|
* fmemopen()), let's optimize our buffering */
|
|
|
|
|
struct stat st;
|
2014-07-03 17:50:55 +02:00
|
|
|
|
2019-04-07 19:22:40 +02:00
|
|
|
if (fstat(fd, &st) < 0)
|
2018-04-17 11:07:56 +02:00
|
|
|
return -errno;
|
|
|
|
|
|
|
|
|
|
if (S_ISREG(st.st_mode)) {
|
2020-11-04 20:25:06 +01:00
|
|
|
if (size == SIZE_MAX) {
|
|
|
|
|
uint64_t rsize =
|
|
|
|
|
LESS_BY((uint64_t) st.st_size, offset == UINT64_MAX ? 0 : offset);
|
|
|
|
|
|
|
|
|
|
/* Safety check */
|
|
|
|
|
if (rsize > READ_FULL_BYTES_MAX)
|
|
|
|
|
return -E2BIG;
|
|
|
|
|
|
|
|
|
|
/* Start with the right file size. Note that we increase the size to read
|
|
|
|
|
* here by one, so that the first read attempt already makes us notice the
|
|
|
|
|
* EOF. If the reported size of the file is zero, we avoid this logic
|
|
|
|
|
* however, since quite likely it might be a virtual file in procfs that all
|
|
|
|
|
* report a zero file size. */
|
|
|
|
|
if (st.st_size > 0)
|
|
|
|
|
n_next = rsize + 1;
|
|
|
|
|
}
|
2019-04-08 07:15:10 +02:00
|
|
|
|
2020-07-17 11:53:22 +02:00
|
|
|
if (flags & READ_FULL_FILE_WARN_WORLD_READABLE)
|
2019-04-08 07:15:10 +02:00
|
|
|
(void) warn_file_is_world_accessible(filename, &st, NULL, 0);
|
2018-04-17 11:07:56 +02:00
|
|
|
}
|
2014-07-03 17:50:55 +02:00
|
|
|
}
|
2013-02-14 12:26:13 +01:00
|
|
|
|
2020-11-04 20:25:06 +01:00
|
|
|
if (offset != UINT64_MAX && fseek(f, offset, SEEK_SET) < 0)
|
|
|
|
|
return -errno;
|
|
|
|
|
|
2019-04-07 19:22:40 +02:00
|
|
|
n = l = 0;
|
2013-02-14 12:26:13 +01:00
|
|
|
for (;;) {
|
|
|
|
|
char *t;
|
|
|
|
|
size_t k;
|
|
|
|
|
|
2019-04-07 19:22:40 +02:00
|
|
|
if (flags & READ_FULL_FILE_SECURE) {
|
|
|
|
|
t = malloc(n_next + 1);
|
|
|
|
|
if (!t) {
|
|
|
|
|
r = -ENOMEM;
|
|
|
|
|
goto finalize;
|
|
|
|
|
}
|
|
|
|
|
memcpy_safe(t, buf, n);
|
|
|
|
|
explicit_bzero_safe(buf, n);
|
2019-04-14 17:21:27 +02:00
|
|
|
buf = mfree(buf);
|
2019-04-07 19:22:40 +02:00
|
|
|
} else {
|
|
|
|
|
t = realloc(buf, n_next + 1);
|
|
|
|
|
if (!t)
|
|
|
|
|
return -ENOMEM;
|
|
|
|
|
}
|
2013-02-14 12:26:13 +01:00
|
|
|
|
|
|
|
|
buf = t;
|
2019-04-07 19:22:40 +02:00
|
|
|
n = n_next;
|
|
|
|
|
|
2017-09-22 21:05:03 +02:00
|
|
|
errno = 0;
|
2013-02-14 12:26:13 +01:00
|
|
|
k = fread(buf + l, 1, n - l, f);
|
2020-07-17 12:26:01 +02:00
|
|
|
|
|
|
|
|
assert(k <= n - l);
|
|
|
|
|
l += k;
|
2013-02-14 12:26:13 +01:00
|
|
|
|
2019-04-07 19:22:40 +02:00
|
|
|
if (ferror(f)) {
|
2019-07-11 15:42:14 +02:00
|
|
|
r = errno_or_else(EIO);
|
2019-04-07 19:22:40 +02:00
|
|
|
goto finalize;
|
|
|
|
|
}
|
2016-08-04 22:52:02 +02:00
|
|
|
if (feof(f))
|
2013-02-14 12:26:13 +01:00
|
|
|
break;
|
|
|
|
|
|
2020-11-04 20:25:06 +01:00
|
|
|
if (size != SIZE_MAX) { /* If we got asked to read some specific size, we already sized the buffer right, hence leave */
|
|
|
|
|
assert(l == size);
|
|
|
|
|
break;
|
|
|
|
|
}
|
|
|
|
|
|
2020-07-17 12:26:01 +02:00
|
|
|
assert(k > 0); /* we can't have read zero bytes because that would have been EOF */
|
2013-02-14 12:26:13 +01:00
|
|
|
|
|
|
|
|
/* Safety check */
|
2019-04-07 19:22:40 +02:00
|
|
|
if (n >= READ_FULL_BYTES_MAX) {
|
|
|
|
|
r = -E2BIG;
|
|
|
|
|
goto finalize;
|
|
|
|
|
}
|
2016-08-04 22:52:02 +02:00
|
|
|
|
2019-04-07 19:22:40 +02:00
|
|
|
n_next = MIN(n * 2, READ_FULL_BYTES_MAX);
|
2013-02-14 12:26:13 +01:00
|
|
|
}
|
|
|
|
|
|
2019-04-10 11:03:42 +02:00
|
|
|
if (flags & (READ_FULL_FILE_UNBASE64 | READ_FULL_FILE_UNHEX)) {
|
2020-07-17 12:57:00 +02:00
|
|
|
_cleanup_free_ void *decoded = NULL;
|
|
|
|
|
size_t decoded_size;
|
|
|
|
|
|
2019-04-08 16:40:22 +02:00
|
|
|
buf[l++] = 0;
|
2019-04-10 11:03:42 +02:00
|
|
|
if (flags & READ_FULL_FILE_UNBASE64)
|
2020-07-17 12:57:00 +02:00
|
|
|
r = unbase64mem_full(buf, l, flags & READ_FULL_FILE_SECURE, &decoded, &decoded_size);
|
2019-04-10 11:03:42 +02:00
|
|
|
else
|
2020-07-17 12:57:00 +02:00
|
|
|
r = unhexmem_full(buf, l, flags & READ_FULL_FILE_SECURE, &decoded, &decoded_size);
|
|
|
|
|
if (r < 0)
|
|
|
|
|
goto finalize;
|
|
|
|
|
|
|
|
|
|
if (flags & READ_FULL_FILE_SECURE)
|
|
|
|
|
explicit_bzero_safe(buf, n);
|
|
|
|
|
free_and_replace(buf, decoded);
|
|
|
|
|
n = l = decoded_size;
|
2019-04-08 16:40:22 +02:00
|
|
|
}
|
|
|
|
|
|
2018-12-15 12:25:32 +01:00
|
|
|
if (!ret_size) {
|
|
|
|
|
/* Safety check: if the caller doesn't want to know the size of what we just read it will rely on the
|
|
|
|
|
* trailing NUL byte. But if there's an embedded NUL byte, then we should refuse operation as otherwise
|
|
|
|
|
* there'd be ambiguity about what we just read. */
|
|
|
|
|
|
2019-04-07 19:22:40 +02:00
|
|
|
if (memchr(buf, 0, l)) {
|
|
|
|
|
r = -EBADMSG;
|
|
|
|
|
goto finalize;
|
|
|
|
|
}
|
2018-12-15 12:25:32 +01:00
|
|
|
}
|
|
|
|
|
|
2013-02-14 12:26:13 +01:00
|
|
|
buf[l] = 0;
|
2018-12-15 12:25:32 +01:00
|
|
|
*ret_contents = TAKE_PTR(buf);
|
2013-02-14 12:26:13 +01:00
|
|
|
|
2018-12-15 12:25:32 +01:00
|
|
|
if (ret_size)
|
|
|
|
|
*ret_size = l;
|
2013-02-14 12:26:13 +01:00
|
|
|
|
|
|
|
|
return 0;
|
2019-04-07 19:22:40 +02:00
|
|
|
|
|
|
|
|
finalize:
|
|
|
|
|
if (flags & READ_FULL_FILE_SECURE)
|
|
|
|
|
explicit_bzero_safe(buf, n);
|
|
|
|
|
|
|
|
|
|
return r;
|
2013-02-14 12:26:13 +01:00
|
|
|
}
|
|
|
|
|
|
fileio: beef up READ_FULL_FILE_CONNECT_SOCKET to allow setting sender socket name
This beefs up the READ_FULL_FILE_CONNECT_SOCKET logic of
read_full_file_full() a bit: when used a sender socket name may be
specified. If specified as NULL behaviour is as before: the client
socket name is picked by the kernel. But if specified as non-NULL the
client can pick a socket name to use when connecting. This is useful to
communicate a minimal amount of metainformation from client to server,
outside of the transport payload.
Specifically, these beefs up the service credential logic to pass an
abstract AF_UNIX socket name as client socket name when connecting via
READ_FULL_FILE_CONNECT_SOCKET, that includes the requesting unit name
and the eventual credential name. This allows servers implementing the
trivial credential socket logic to distinguish clients: via a simple
getpeername() it can be determined which unit is requesting a
credential, and which credential specifically.
Example: with this patch in place, in a unit file "waldo.service" a
configuration line like the following:
LoadCredential=foo:/run/quux/creds.sock
will result in a connection to the AF_UNIX socket /run/quux/creds.sock,
originating from an abstract namespace AF_UNIX socket:
@$RANDOM/unit/waldo.service/foo
(The $RANDOM is replaced by some randomized string. This is included in
the socket name order to avoid namespace squatting issues: the abstract
socket namespace is open to unprivileged users after all, and care needs
to be taken not to use guessable names)
The services listening on the /run/quux/creds.sock socket may thus
easily retrieve the name of the unit the credential is requested for
plus the credential name, via a simpler getpeername(), discarding the
random preifx and the /unit/ string.
This logic uses "/" as separator between the fields, since both unit
names and credential names appear in the file system, and thus are
designed to use "/" as outer separators. Given that it's a good safe
choice to use as separators here, too avoid any conflicts.
This is a minimal patch only: the new logic is used only for the unit
file credential logic. For other places where we use
READ_FULL_FILE_CONNECT_SOCKET it is probably a good idea to use this
scheme too, but this should be done carefully in later patches, since
the socket names become API that way, and we should determine the right
amount of info to pass over.
2020-11-02 12:07:51 +01:00
|
|
|
int read_full_file_full(
|
|
|
|
|
int dir_fd,
|
|
|
|
|
const char *filename,
|
2020-11-04 20:25:06 +01:00
|
|
|
uint64_t offset,
|
|
|
|
|
size_t size,
|
fileio: beef up READ_FULL_FILE_CONNECT_SOCKET to allow setting sender socket name
This beefs up the READ_FULL_FILE_CONNECT_SOCKET logic of
read_full_file_full() a bit: when used a sender socket name may be
specified. If specified as NULL behaviour is as before: the client
socket name is picked by the kernel. But if specified as non-NULL the
client can pick a socket name to use when connecting. This is useful to
communicate a minimal amount of metainformation from client to server,
outside of the transport payload.
Specifically, these beefs up the service credential logic to pass an
abstract AF_UNIX socket name as client socket name when connecting via
READ_FULL_FILE_CONNECT_SOCKET, that includes the requesting unit name
and the eventual credential name. This allows servers implementing the
trivial credential socket logic to distinguish clients: via a simple
getpeername() it can be determined which unit is requesting a
credential, and which credential specifically.
Example: with this patch in place, in a unit file "waldo.service" a
configuration line like the following:
LoadCredential=foo:/run/quux/creds.sock
will result in a connection to the AF_UNIX socket /run/quux/creds.sock,
originating from an abstract namespace AF_UNIX socket:
@$RANDOM/unit/waldo.service/foo
(The $RANDOM is replaced by some randomized string. This is included in
the socket name order to avoid namespace squatting issues: the abstract
socket namespace is open to unprivileged users after all, and care needs
to be taken not to use guessable names)
The services listening on the /run/quux/creds.sock socket may thus
easily retrieve the name of the unit the credential is requested for
plus the credential name, via a simpler getpeername(), discarding the
random preifx and the /unit/ string.
This logic uses "/" as separator between the fields, since both unit
names and credential names appear in the file system, and thus are
designed to use "/" as outer separators. Given that it's a good safe
choice to use as separators here, too avoid any conflicts.
This is a minimal patch only: the new logic is used only for the unit
file credential logic. For other places where we use
READ_FULL_FILE_CONNECT_SOCKET it is probably a good idea to use this
scheme too, but this should be done carefully in later patches, since
the socket names become API that way, and we should determine the right
amount of info to pass over.
2020-11-02 12:07:51 +01:00
|
|
|
ReadFullFileFlags flags,
|
|
|
|
|
const char *bind_name,
|
2020-11-04 20:25:06 +01:00
|
|
|
char **ret_contents,
|
|
|
|
|
size_t *ret_size) {
|
fileio: beef up READ_FULL_FILE_CONNECT_SOCKET to allow setting sender socket name
This beefs up the READ_FULL_FILE_CONNECT_SOCKET logic of
read_full_file_full() a bit: when used a sender socket name may be
specified. If specified as NULL behaviour is as before: the client
socket name is picked by the kernel. But if specified as non-NULL the
client can pick a socket name to use when connecting. This is useful to
communicate a minimal amount of metainformation from client to server,
outside of the transport payload.
Specifically, these beefs up the service credential logic to pass an
abstract AF_UNIX socket name as client socket name when connecting via
READ_FULL_FILE_CONNECT_SOCKET, that includes the requesting unit name
and the eventual credential name. This allows servers implementing the
trivial credential socket logic to distinguish clients: via a simple
getpeername() it can be determined which unit is requesting a
credential, and which credential specifically.
Example: with this patch in place, in a unit file "waldo.service" a
configuration line like the following:
LoadCredential=foo:/run/quux/creds.sock
will result in a connection to the AF_UNIX socket /run/quux/creds.sock,
originating from an abstract namespace AF_UNIX socket:
@$RANDOM/unit/waldo.service/foo
(The $RANDOM is replaced by some randomized string. This is included in
the socket name order to avoid namespace squatting issues: the abstract
socket namespace is open to unprivileged users after all, and care needs
to be taken not to use guessable names)
The services listening on the /run/quux/creds.sock socket may thus
easily retrieve the name of the unit the credential is requested for
plus the credential name, via a simpler getpeername(), discarding the
random preifx and the /unit/ string.
This logic uses "/" as separator between the fields, since both unit
names and credential names appear in the file system, and thus are
designed to use "/" as outer separators. Given that it's a good safe
choice to use as separators here, too avoid any conflicts.
This is a minimal patch only: the new logic is used only for the unit
file credential logic. For other places where we use
READ_FULL_FILE_CONNECT_SOCKET it is probably a good idea to use this
scheme too, but this should be done carefully in later patches, since
the socket names become API that way, and we should determine the right
amount of info to pass over.
2020-11-02 12:07:51 +01:00
|
|
|
|
2014-07-03 17:50:55 +02:00
|
|
|
_cleanup_fclose_ FILE *f = NULL;
|
2019-04-04 10:17:16 +02:00
|
|
|
int r;
|
2014-07-03 17:50:55 +02:00
|
|
|
|
2019-04-07 19:22:40 +02:00
|
|
|
assert(filename);
|
2020-11-04 20:25:06 +01:00
|
|
|
assert(ret_contents);
|
2014-07-03 17:50:55 +02:00
|
|
|
|
2019-01-08 18:29:36 +01:00
|
|
|
r = xfopenat(dir_fd, filename, "re", 0, &f);
|
2020-07-17 12:26:01 +02:00
|
|
|
if (r < 0) {
|
|
|
|
|
_cleanup_close_ int dfd = -1, sk = -1;
|
|
|
|
|
union sockaddr_union sa;
|
|
|
|
|
|
|
|
|
|
/* ENXIO is what Linux returns if we open a node that is an AF_UNIX socket */
|
|
|
|
|
if (r != -ENXIO)
|
|
|
|
|
return r;
|
|
|
|
|
|
|
|
|
|
/* If this is enabled, let's try to connect to it */
|
|
|
|
|
if (!FLAGS_SET(flags, READ_FULL_FILE_CONNECT_SOCKET))
|
|
|
|
|
return -ENXIO;
|
|
|
|
|
|
2020-11-04 20:25:06 +01:00
|
|
|
/* Seeking is not supported on AF_UNIX sockets */
|
|
|
|
|
if (offset != UINT64_MAX)
|
|
|
|
|
return -ESPIPE;
|
|
|
|
|
|
2020-07-17 12:26:01 +02:00
|
|
|
if (dir_fd == AT_FDCWD)
|
|
|
|
|
r = sockaddr_un_set_path(&sa.un, filename);
|
|
|
|
|
else {
|
|
|
|
|
char procfs_path[STRLEN("/proc/self/fd/") + DECIMAL_STR_MAX(int)];
|
|
|
|
|
|
|
|
|
|
/* If we shall operate relative to some directory, then let's use O_PATH first to
|
|
|
|
|
* open the socket inode, and then connect to it via /proc/self/fd/. We have to do
|
|
|
|
|
* this since there's not connectat() that takes a directory fd as first arg. */
|
|
|
|
|
|
|
|
|
|
dfd = openat(dir_fd, filename, O_PATH|O_CLOEXEC);
|
|
|
|
|
if (dfd < 0)
|
|
|
|
|
return -errno;
|
|
|
|
|
|
|
|
|
|
xsprintf(procfs_path, "/proc/self/fd/%i", dfd);
|
|
|
|
|
r = sockaddr_un_set_path(&sa.un, procfs_path);
|
|
|
|
|
}
|
|
|
|
|
if (r < 0)
|
|
|
|
|
return r;
|
|
|
|
|
|
|
|
|
|
sk = socket(AF_UNIX, SOCK_STREAM|SOCK_CLOEXEC, 0);
|
|
|
|
|
if (sk < 0)
|
|
|
|
|
return -errno;
|
|
|
|
|
|
fileio: beef up READ_FULL_FILE_CONNECT_SOCKET to allow setting sender socket name
This beefs up the READ_FULL_FILE_CONNECT_SOCKET logic of
read_full_file_full() a bit: when used a sender socket name may be
specified. If specified as NULL behaviour is as before: the client
socket name is picked by the kernel. But if specified as non-NULL the
client can pick a socket name to use when connecting. This is useful to
communicate a minimal amount of metainformation from client to server,
outside of the transport payload.
Specifically, these beefs up the service credential logic to pass an
abstract AF_UNIX socket name as client socket name when connecting via
READ_FULL_FILE_CONNECT_SOCKET, that includes the requesting unit name
and the eventual credential name. This allows servers implementing the
trivial credential socket logic to distinguish clients: via a simple
getpeername() it can be determined which unit is requesting a
credential, and which credential specifically.
Example: with this patch in place, in a unit file "waldo.service" a
configuration line like the following:
LoadCredential=foo:/run/quux/creds.sock
will result in a connection to the AF_UNIX socket /run/quux/creds.sock,
originating from an abstract namespace AF_UNIX socket:
@$RANDOM/unit/waldo.service/foo
(The $RANDOM is replaced by some randomized string. This is included in
the socket name order to avoid namespace squatting issues: the abstract
socket namespace is open to unprivileged users after all, and care needs
to be taken not to use guessable names)
The services listening on the /run/quux/creds.sock socket may thus
easily retrieve the name of the unit the credential is requested for
plus the credential name, via a simpler getpeername(), discarding the
random preifx and the /unit/ string.
This logic uses "/" as separator between the fields, since both unit
names and credential names appear in the file system, and thus are
designed to use "/" as outer separators. Given that it's a good safe
choice to use as separators here, too avoid any conflicts.
This is a minimal patch only: the new logic is used only for the unit
file credential logic. For other places where we use
READ_FULL_FILE_CONNECT_SOCKET it is probably a good idea to use this
scheme too, but this should be done carefully in later patches, since
the socket names become API that way, and we should determine the right
amount of info to pass over.
2020-11-02 12:07:51 +01:00
|
|
|
if (bind_name) {
|
|
|
|
|
/* If the caller specified a socket name to bind to, do so before connecting. This is
|
|
|
|
|
* useful to communicate some minor, short meta-information token from the client to
|
|
|
|
|
* the server. */
|
|
|
|
|
union sockaddr_union bsa;
|
|
|
|
|
|
|
|
|
|
r = sockaddr_un_set_path(&bsa.un, bind_name);
|
|
|
|
|
if (r < 0)
|
|
|
|
|
return r;
|
|
|
|
|
|
|
|
|
|
if (bind(sk, &bsa.sa, r) < 0)
|
|
|
|
|
return r;
|
|
|
|
|
}
|
|
|
|
|
|
2020-07-17 12:26:01 +02:00
|
|
|
if (connect(sk, &sa.sa, SOCKADDR_UN_LEN(sa.un)) < 0)
|
|
|
|
|
return errno == ENOTSOCK ? -ENXIO : -errno; /* propagate original error if this is
|
|
|
|
|
* not a socket after all */
|
|
|
|
|
|
|
|
|
|
if (shutdown(sk, SHUT_WR) < 0)
|
|
|
|
|
return -errno;
|
|
|
|
|
|
|
|
|
|
f = fdopen(sk, "r");
|
|
|
|
|
if (!f)
|
|
|
|
|
return -errno;
|
|
|
|
|
|
|
|
|
|
TAKE_FD(sk);
|
|
|
|
|
}
|
2017-12-11 20:01:55 +01:00
|
|
|
|
2019-01-08 18:29:36 +01:00
|
|
|
(void) __fsetlocking(f, FSETLOCKING_BYCALLER);
|
|
|
|
|
|
2020-11-04 20:25:06 +01:00
|
|
|
return read_full_stream_full(f, filename, offset, size, flags, ret_contents, ret_size);
|
2014-07-03 17:50:55 +02:00
|
|
|
}
|
|
|
|
|
|
2013-07-19 10:02:50 +02:00
|
|
|
int executable_is_script(const char *path, char **interpreter) {
|
2014-06-21 05:55:17 +02:00
|
|
|
_cleanup_free_ char *line = NULL;
|
2017-12-30 15:44:29 +01:00
|
|
|
size_t len;
|
2013-07-19 10:02:50 +02:00
|
|
|
char *ans;
|
2017-12-30 15:44:29 +01:00
|
|
|
int r;
|
2013-07-19 10:02:50 +02:00
|
|
|
|
|
|
|
|
assert(path);
|
|
|
|
|
|
|
|
|
|
r = read_one_line_file(path, &line);
|
2017-12-30 15:44:29 +01:00
|
|
|
if (r == -ENOBUFS) /* First line overly long? if so, then it's not a script */
|
|
|
|
|
return 0;
|
2013-07-19 10:02:50 +02:00
|
|
|
if (r < 0)
|
|
|
|
|
return r;
|
|
|
|
|
|
|
|
|
|
if (!startswith(line, "#!"))
|
|
|
|
|
return 0;
|
|
|
|
|
|
|
|
|
|
ans = strstrip(line + 2);
|
|
|
|
|
len = strcspn(ans, " \t");
|
|
|
|
|
|
|
|
|
|
if (len == 0)
|
|
|
|
|
return 0;
|
|
|
|
|
|
|
|
|
|
ans = strndup(ans, len);
|
|
|
|
|
if (!ans)
|
|
|
|
|
return -ENOMEM;
|
|
|
|
|
|
|
|
|
|
*interpreter = ans;
|
|
|
|
|
return 1;
|
|
|
|
|
}
|
2013-09-14 01:41:52 +02:00
|
|
|
|
|
|
|
|
/**
|
2013-09-18 01:34:47 +02:00
|
|
|
* Retrieve one field from a file like /proc/self/status. pattern
|
2015-09-30 14:57:55 +02:00
|
|
|
* should not include whitespace or the delimiter (':'). pattern matches only
|
|
|
|
|
* the beginning of a line. Whitespace before ':' is skipped. Whitespace and
|
|
|
|
|
* zeros after the ':' will be skipped. field must be freed afterwards.
|
|
|
|
|
* terminator specifies the terminating characters of the field value (not
|
|
|
|
|
* included in the value).
|
2013-09-14 01:41:52 +02:00
|
|
|
*/
|
2015-09-30 14:57:55 +02:00
|
|
|
int get_proc_field(const char *filename, const char *pattern, const char *terminator, char **field) {
|
2013-09-14 01:41:52 +02:00
|
|
|
_cleanup_free_ char *status = NULL;
|
2015-07-23 23:36:34 +02:00
|
|
|
char *t, *f;
|
2013-09-14 01:41:52 +02:00
|
|
|
size_t len;
|
|
|
|
|
int r;
|
|
|
|
|
|
2015-09-30 14:57:55 +02:00
|
|
|
assert(terminator);
|
2013-09-14 01:41:52 +02:00
|
|
|
assert(filename);
|
2013-10-12 01:33:13 +02:00
|
|
|
assert(pattern);
|
2013-09-14 01:41:52 +02:00
|
|
|
assert(field);
|
|
|
|
|
|
2019-10-22 16:09:21 +02:00
|
|
|
r = read_full_virtual_file(filename, &status, NULL);
|
2013-09-14 01:41:52 +02:00
|
|
|
if (r < 0)
|
|
|
|
|
return r;
|
|
|
|
|
|
2015-09-30 14:57:55 +02:00
|
|
|
t = status;
|
|
|
|
|
|
|
|
|
|
do {
|
|
|
|
|
bool pattern_ok;
|
|
|
|
|
|
|
|
|
|
do {
|
|
|
|
|
t = strstr(t, pattern);
|
|
|
|
|
if (!t)
|
|
|
|
|
return -ENOENT;
|
|
|
|
|
|
|
|
|
|
/* Check that pattern occurs in beginning of line. */
|
|
|
|
|
pattern_ok = (t == status || t[-1] == '\n');
|
|
|
|
|
|
|
|
|
|
t += strlen(pattern);
|
|
|
|
|
|
|
|
|
|
} while (!pattern_ok);
|
|
|
|
|
|
|
|
|
|
t += strspn(t, " \t");
|
|
|
|
|
if (!*t)
|
|
|
|
|
return -ENOENT;
|
|
|
|
|
|
|
|
|
|
} while (*t != ':');
|
|
|
|
|
|
|
|
|
|
t++;
|
2013-09-14 01:41:52 +02:00
|
|
|
|
2013-09-18 18:39:32 +02:00
|
|
|
if (*t) {
|
2013-09-19 23:22:59 +02:00
|
|
|
t += strspn(t, " \t");
|
|
|
|
|
|
|
|
|
|
/* Also skip zeros, because when this is used for
|
|
|
|
|
* capabilities, we don't want the zeros. This way the
|
|
|
|
|
* same capability set always maps to the same string,
|
|
|
|
|
* irrespective of the total capability set size. For
|
|
|
|
|
* other numbers it shouldn't matter. */
|
|
|
|
|
t += strspn(t, "0");
|
2013-09-18 18:39:32 +02:00
|
|
|
/* Back off one char if there's nothing but whitespace
|
|
|
|
|
and zeros */
|
2013-09-19 23:22:59 +02:00
|
|
|
if (!*t || isspace(*t))
|
2016-02-23 05:32:04 +01:00
|
|
|
t--;
|
2013-09-18 18:39:32 +02:00
|
|
|
}
|
2013-09-14 01:41:52 +02:00
|
|
|
|
2015-09-30 14:57:55 +02:00
|
|
|
len = strcspn(t, terminator);
|
2013-09-14 01:41:52 +02:00
|
|
|
|
2015-07-23 23:36:34 +02:00
|
|
|
f = strndup(t, len);
|
|
|
|
|
if (!f)
|
2013-09-14 01:41:52 +02:00
|
|
|
return -ENOMEM;
|
|
|
|
|
|
2015-07-23 23:36:34 +02:00
|
|
|
*field = f;
|
2013-09-14 01:41:52 +02:00
|
|
|
return 0;
|
|
|
|
|
}
|
2015-10-26 18:05:03 +01:00
|
|
|
|
|
|
|
|
DIR *xopendirat(int fd, const char *name, int flags) {
|
|
|
|
|
int nfd;
|
|
|
|
|
DIR *d;
|
|
|
|
|
|
|
|
|
|
assert(!(flags & O_CREAT));
|
|
|
|
|
|
|
|
|
|
nfd = openat(fd, name, O_RDONLY|O_NONBLOCK|O_DIRECTORY|O_CLOEXEC|flags, 0);
|
|
|
|
|
if (nfd < 0)
|
|
|
|
|
return NULL;
|
|
|
|
|
|
|
|
|
|
d = fdopendir(nfd);
|
|
|
|
|
if (!d) {
|
|
|
|
|
safe_close(nfd);
|
|
|
|
|
return NULL;
|
|
|
|
|
}
|
|
|
|
|
|
|
|
|
|
return d;
|
|
|
|
|
}
|
|
|
|
|
|
2019-01-08 18:23:40 +01:00
|
|
|
static int mode_to_flags(const char *mode) {
|
|
|
|
|
const char *p;
|
|
|
|
|
int flags;
|
|
|
|
|
|
|
|
|
|
if ((p = startswith(mode, "r+")))
|
|
|
|
|
flags = O_RDWR;
|
|
|
|
|
else if ((p = startswith(mode, "r")))
|
|
|
|
|
flags = O_RDONLY;
|
|
|
|
|
else if ((p = startswith(mode, "w+")))
|
|
|
|
|
flags = O_RDWR|O_CREAT|O_TRUNC;
|
|
|
|
|
else if ((p = startswith(mode, "w")))
|
|
|
|
|
flags = O_WRONLY|O_CREAT|O_TRUNC;
|
|
|
|
|
else if ((p = startswith(mode, "a+")))
|
|
|
|
|
flags = O_RDWR|O_CREAT|O_APPEND;
|
|
|
|
|
else if ((p = startswith(mode, "a")))
|
|
|
|
|
flags = O_WRONLY|O_CREAT|O_APPEND;
|
|
|
|
|
else
|
|
|
|
|
return -EINVAL;
|
|
|
|
|
|
|
|
|
|
for (; *p != 0; p++) {
|
|
|
|
|
|
|
|
|
|
switch (*p) {
|
|
|
|
|
|
|
|
|
|
case 'e':
|
|
|
|
|
flags |= O_CLOEXEC;
|
|
|
|
|
break;
|
|
|
|
|
|
|
|
|
|
case 'x':
|
|
|
|
|
flags |= O_EXCL;
|
|
|
|
|
break;
|
|
|
|
|
|
|
|
|
|
case 'm':
|
|
|
|
|
/* ignore this here, fdopen() might care later though */
|
|
|
|
|
break;
|
|
|
|
|
|
|
|
|
|
case 'c': /* not sure what to do about this one */
|
|
|
|
|
default:
|
|
|
|
|
return -EINVAL;
|
|
|
|
|
}
|
|
|
|
|
}
|
|
|
|
|
|
|
|
|
|
return flags;
|
|
|
|
|
}
|
|
|
|
|
|
|
|
|
|
int xfopenat(int dir_fd, const char *path, const char *mode, int flags, FILE **ret) {
|
|
|
|
|
FILE *f;
|
|
|
|
|
|
|
|
|
|
/* A combination of fopen() with openat() */
|
|
|
|
|
|
|
|
|
|
if (dir_fd == AT_FDCWD && flags == 0) {
|
|
|
|
|
f = fopen(path, mode);
|
|
|
|
|
if (!f)
|
|
|
|
|
return -errno;
|
|
|
|
|
} else {
|
|
|
|
|
int fd, mode_flags;
|
|
|
|
|
|
|
|
|
|
mode_flags = mode_to_flags(mode);
|
|
|
|
|
if (mode_flags < 0)
|
|
|
|
|
return mode_flags;
|
|
|
|
|
|
|
|
|
|
fd = openat(dir_fd, path, mode_flags | flags);
|
|
|
|
|
if (fd < 0)
|
|
|
|
|
return -errno;
|
|
|
|
|
|
|
|
|
|
f = fdopen(fd, mode);
|
|
|
|
|
if (!f) {
|
|
|
|
|
safe_close(fd);
|
|
|
|
|
return -errno;
|
|
|
|
|
}
|
|
|
|
|
}
|
|
|
|
|
|
|
|
|
|
*ret = f;
|
|
|
|
|
return 0;
|
|
|
|
|
}
|
|
|
|
|
|
2015-10-26 18:05:03 +01:00
|
|
|
static int search_and_fopen_internal(const char *path, const char *mode, const char *root, char **search, FILE **_f) {
|
|
|
|
|
char **i;
|
|
|
|
|
|
|
|
|
|
assert(path);
|
|
|
|
|
assert(mode);
|
|
|
|
|
assert(_f);
|
|
|
|
|
|
|
|
|
|
if (!path_strv_resolve_uniq(search, root))
|
|
|
|
|
return -ENOMEM;
|
|
|
|
|
|
|
|
|
|
STRV_FOREACH(i, search) {
|
|
|
|
|
_cleanup_free_ char *p = NULL;
|
|
|
|
|
FILE *f;
|
|
|
|
|
|
2019-06-20 20:07:01 +02:00
|
|
|
p = path_join(root, *i, path);
|
2015-10-26 18:05:03 +01:00
|
|
|
if (!p)
|
|
|
|
|
return -ENOMEM;
|
|
|
|
|
|
|
|
|
|
f = fopen(p, mode);
|
|
|
|
|
if (f) {
|
|
|
|
|
*_f = f;
|
|
|
|
|
return 0;
|
|
|
|
|
}
|
|
|
|
|
|
|
|
|
|
if (errno != ENOENT)
|
|
|
|
|
return -errno;
|
|
|
|
|
}
|
|
|
|
|
|
|
|
|
|
return -ENOENT;
|
|
|
|
|
}
|
|
|
|
|
|
|
|
|
|
int search_and_fopen(const char *path, const char *mode, const char *root, const char **search, FILE **_f) {
|
|
|
|
|
_cleanup_strv_free_ char **copy = NULL;
|
|
|
|
|
|
|
|
|
|
assert(path);
|
|
|
|
|
assert(mode);
|
|
|
|
|
assert(_f);
|
|
|
|
|
|
|
|
|
|
if (path_is_absolute(path)) {
|
|
|
|
|
FILE *f;
|
|
|
|
|
|
|
|
|
|
f = fopen(path, mode);
|
|
|
|
|
if (f) {
|
|
|
|
|
*_f = f;
|
|
|
|
|
return 0;
|
|
|
|
|
}
|
|
|
|
|
|
|
|
|
|
return -errno;
|
|
|
|
|
}
|
|
|
|
|
|
|
|
|
|
copy = strv_copy((char**) search);
|
|
|
|
|
if (!copy)
|
|
|
|
|
return -ENOMEM;
|
|
|
|
|
|
|
|
|
|
return search_and_fopen_internal(path, mode, root, copy, _f);
|
|
|
|
|
}
|
|
|
|
|
|
|
|
|
|
int search_and_fopen_nulstr(const char *path, const char *mode, const char *root, const char *search, FILE **_f) {
|
|
|
|
|
_cleanup_strv_free_ char **s = NULL;
|
|
|
|
|
|
|
|
|
|
if (path_is_absolute(path)) {
|
|
|
|
|
FILE *f;
|
|
|
|
|
|
|
|
|
|
f = fopen(path, mode);
|
|
|
|
|
if (f) {
|
|
|
|
|
*_f = f;
|
|
|
|
|
return 0;
|
|
|
|
|
}
|
|
|
|
|
|
|
|
|
|
return -errno;
|
|
|
|
|
}
|
|
|
|
|
|
|
|
|
|
s = strv_split_nulstr(search);
|
|
|
|
|
if (!s)
|
|
|
|
|
return -ENOMEM;
|
|
|
|
|
|
|
|
|
|
return search_and_fopen_internal(path, mode, root, s, _f);
|
|
|
|
|
}
|
|
|
|
|
|
2020-10-01 13:52:16 +02:00
|
|
|
int chase_symlinks_and_fopen_unlocked(
|
|
|
|
|
const char *path,
|
|
|
|
|
const char *root,
|
|
|
|
|
unsigned chase_flags,
|
|
|
|
|
const char *open_flags,
|
|
|
|
|
FILE **ret_file,
|
|
|
|
|
char **ret_path) {
|
|
|
|
|
|
|
|
|
|
_cleanup_close_ int fd = -1;
|
|
|
|
|
_cleanup_free_ char *final_path = NULL;
|
|
|
|
|
int mode_flags, r;
|
|
|
|
|
FILE *f;
|
|
|
|
|
|
|
|
|
|
assert(path);
|
|
|
|
|
assert(open_flags);
|
|
|
|
|
assert(ret_file);
|
|
|
|
|
|
|
|
|
|
mode_flags = mode_to_flags(open_flags);
|
|
|
|
|
if (mode_flags < 0)
|
|
|
|
|
return mode_flags;
|
|
|
|
|
|
|
|
|
|
fd = chase_symlinks_and_open(path, root, chase_flags, mode_flags, ret_path ? &final_path : NULL);
|
|
|
|
|
if (fd < 0)
|
|
|
|
|
return fd;
|
|
|
|
|
|
|
|
|
|
r = fdopen_unlocked(fd, open_flags, &f);
|
|
|
|
|
if (r < 0)
|
|
|
|
|
return r;
|
|
|
|
|
TAKE_FD(fd);
|
|
|
|
|
|
|
|
|
|
*ret_file = f;
|
|
|
|
|
if (ret_path)
|
|
|
|
|
*ret_path = TAKE_PTR(final_path);
|
|
|
|
|
return 0;
|
|
|
|
|
}
|
|
|
|
|
|
2015-10-26 18:05:03 +01:00
|
|
|
int fflush_and_check(FILE *f) {
|
|
|
|
|
assert(f);
|
|
|
|
|
|
|
|
|
|
errno = 0;
|
|
|
|
|
fflush(f);
|
|
|
|
|
|
|
|
|
|
if (ferror(f))
|
2019-07-11 15:42:14 +02:00
|
|
|
return errno_or_else(EIO);
|
2015-10-26 18:05:03 +01:00
|
|
|
|
|
|
|
|
return 0;
|
|
|
|
|
}
|
|
|
|
|
|
2017-08-17 18:09:44 +02:00
|
|
|
int fflush_sync_and_check(FILE *f) {
|
2020-04-13 10:09:44 +02:00
|
|
|
int r, fd;
|
2017-08-17 18:09:44 +02:00
|
|
|
|
|
|
|
|
assert(f);
|
|
|
|
|
|
|
|
|
|
r = fflush_and_check(f);
|
|
|
|
|
if (r < 0)
|
|
|
|
|
return r;
|
|
|
|
|
|
2020-04-13 10:09:44 +02:00
|
|
|
/* Not all file streams have an fd associated (think: fmemopen()), let's handle this gracefully and
|
|
|
|
|
* assume that in that case we need no explicit syncing */
|
|
|
|
|
fd = fileno(f);
|
|
|
|
|
if (fd < 0)
|
|
|
|
|
return 0;
|
|
|
|
|
|
|
|
|
|
if (fsync(fd) < 0)
|
2017-08-17 18:09:44 +02:00
|
|
|
return -errno;
|
|
|
|
|
|
2020-04-13 10:09:44 +02:00
|
|
|
r = fsync_directory_of_file(fd);
|
2018-02-19 18:24:36 +01:00
|
|
|
if (r < 0)
|
|
|
|
|
return r;
|
|
|
|
|
|
2017-08-17 18:09:44 +02:00
|
|
|
return 0;
|
|
|
|
|
}
|
|
|
|
|
|
2015-11-12 11:17:01 +01:00
|
|
|
int write_timestamp_file_atomic(const char *fn, usec_t n) {
|
|
|
|
|
char ln[DECIMAL_STR_MAX(n)+2];
|
|
|
|
|
|
|
|
|
|
/* Creates a "timestamp" file, that contains nothing but a
|
|
|
|
|
* usec_t timestamp, formatted in ASCII. */
|
|
|
|
|
|
|
|
|
|
if (n <= 0 || n >= USEC_INFINITY)
|
|
|
|
|
return -ERANGE;
|
|
|
|
|
|
|
|
|
|
xsprintf(ln, USEC_FMT "\n", n);
|
|
|
|
|
|
|
|
|
|
return write_string_file(fn, ln, WRITE_STRING_FILE_CREATE|WRITE_STRING_FILE_ATOMIC);
|
|
|
|
|
}
|
|
|
|
|
|
|
|
|
|
int read_timestamp_file(const char *fn, usec_t *ret) {
|
|
|
|
|
_cleanup_free_ char *ln = NULL;
|
|
|
|
|
uint64_t t;
|
|
|
|
|
int r;
|
|
|
|
|
|
|
|
|
|
r = read_one_line_file(fn, &ln);
|
|
|
|
|
if (r < 0)
|
|
|
|
|
return r;
|
|
|
|
|
|
|
|
|
|
r = safe_atou64(ln, &t);
|
|
|
|
|
if (r < 0)
|
|
|
|
|
return r;
|
|
|
|
|
|
|
|
|
|
if (t <= 0 || t >= (uint64_t) USEC_INFINITY)
|
|
|
|
|
return -ERANGE;
|
|
|
|
|
|
|
|
|
|
*ret = (usec_t) t;
|
|
|
|
|
return 0;
|
|
|
|
|
}
|
2016-01-25 22:42:36 +01:00
|
|
|
|
|
|
|
|
int fputs_with_space(FILE *f, const char *s, const char *separator, bool *space) {
|
|
|
|
|
int r;
|
|
|
|
|
|
|
|
|
|
assert(s);
|
|
|
|
|
|
|
|
|
|
/* Outputs the specified string with fputs(), but optionally prefixes it with a separator. The *space parameter
|
|
|
|
|
* when specified shall initially point to a boolean variable initialized to false. It is set to true after the
|
|
|
|
|
* first invocation. This call is supposed to be use in loops, where a separator shall be inserted between each
|
|
|
|
|
* element, but not before the first one. */
|
|
|
|
|
|
|
|
|
|
if (!f)
|
|
|
|
|
f = stdout;
|
|
|
|
|
|
|
|
|
|
if (space) {
|
|
|
|
|
if (!separator)
|
|
|
|
|
separator = " ";
|
|
|
|
|
|
|
|
|
|
if (*space) {
|
|
|
|
|
r = fputs(separator, f);
|
|
|
|
|
if (r < 0)
|
|
|
|
|
return r;
|
|
|
|
|
}
|
|
|
|
|
|
|
|
|
|
*space = true;
|
|
|
|
|
}
|
|
|
|
|
|
|
|
|
|
return fputs(s, f);
|
|
|
|
|
}
|
2016-04-20 19:27:32 +02:00
|
|
|
|
2018-12-12 13:41:25 +01:00
|
|
|
/* A bitmask of the EOL markers we know */
|
|
|
|
|
typedef enum EndOfLineMarker {
|
|
|
|
|
EOL_NONE = 0,
|
|
|
|
|
EOL_ZERO = 1 << 0, /* \0 (aka NUL) */
|
|
|
|
|
EOL_TEN = 1 << 1, /* \n (aka NL, aka LF) */
|
|
|
|
|
EOL_THIRTEEN = 1 << 2, /* \r (aka CR) */
|
|
|
|
|
} EndOfLineMarker;
|
|
|
|
|
|
2018-12-17 11:50:33 +01:00
|
|
|
static EndOfLineMarker categorize_eol(char c, ReadLineFlags flags) {
|
|
|
|
|
|
|
|
|
|
if (!IN_SET(flags, READ_LINE_ONLY_NUL)) {
|
|
|
|
|
if (c == '\n')
|
|
|
|
|
return EOL_TEN;
|
|
|
|
|
if (c == '\r')
|
|
|
|
|
return EOL_THIRTEEN;
|
|
|
|
|
}
|
|
|
|
|
|
2018-12-12 13:41:25 +01:00
|
|
|
if (c == '\0')
|
|
|
|
|
return EOL_ZERO;
|
|
|
|
|
|
|
|
|
|
return EOL_NONE;
|
|
|
|
|
}
|
|
|
|
|
|
2017-11-08 21:33:19 +01:00
|
|
|
DEFINE_TRIVIAL_CLEANUP_FUNC(FILE*, funlockfile);
|
2017-09-23 10:48:09 +02:00
|
|
|
|
2018-12-17 11:50:33 +01:00
|
|
|
int read_line_full(FILE *f, size_t limit, ReadLineFlags flags, char **ret) {
|
2017-09-22 17:55:53 +02:00
|
|
|
size_t n = 0, allocated = 0, count = 0;
|
2018-12-12 13:41:25 +01:00
|
|
|
_cleanup_free_ char *buffer = NULL;
|
2020-04-13 11:20:59 +02:00
|
|
|
int r;
|
2017-09-22 17:55:53 +02:00
|
|
|
|
|
|
|
|
assert(f);
|
|
|
|
|
|
|
|
|
|
/* Something like a bounded version of getline().
|
|
|
|
|
*
|
2018-12-12 13:41:25 +01:00
|
|
|
* Considers EOF, \n, \r and \0 end of line delimiters (or combinations of these), and does not include these
|
|
|
|
|
* delimiters in the string returned. Specifically, recognizes the following combinations of markers as line
|
|
|
|
|
* endings:
|
|
|
|
|
*
|
|
|
|
|
* • \n (UNIX)
|
|
|
|
|
* • \r (old MacOS)
|
|
|
|
|
* • \0 (C strings)
|
|
|
|
|
* • \n\0
|
|
|
|
|
* • \r\0
|
|
|
|
|
* • \r\n (Windows)
|
|
|
|
|
* • \n\r
|
|
|
|
|
* • \r\n\0
|
|
|
|
|
* • \n\r\0
|
2017-09-22 17:55:53 +02:00
|
|
|
*
|
|
|
|
|
* Returns the number of bytes read from the files (i.e. including delimiters — this hence usually differs from
|
|
|
|
|
* the number of characters in the returned string). When EOF is hit, 0 is returned.
|
|
|
|
|
*
|
|
|
|
|
* The input parameter limit is the maximum numbers of characters in the returned string, i.e. excluding
|
|
|
|
|
* delimiters. If the limit is hit we fail and return -ENOBUFS.
|
|
|
|
|
*
|
|
|
|
|
* If a line shall be skipped ret may be initialized as NULL. */
|
|
|
|
|
|
|
|
|
|
if (ret) {
|
|
|
|
|
if (!GREEDY_REALLOC(buffer, allocated, 1))
|
|
|
|
|
return -ENOMEM;
|
|
|
|
|
}
|
|
|
|
|
|
2017-09-23 10:48:09 +02:00
|
|
|
{
|
2017-11-01 23:01:24 +01:00
|
|
|
_unused_ _cleanup_(funlockfilep) FILE *flocked = f;
|
2018-12-12 13:41:25 +01:00
|
|
|
EndOfLineMarker previous_eol = EOL_NONE;
|
2017-09-23 10:48:09 +02:00
|
|
|
flockfile(f);
|
2017-09-22 17:55:53 +02:00
|
|
|
|
2017-09-23 10:48:09 +02:00
|
|
|
for (;;) {
|
2018-12-12 13:41:25 +01:00
|
|
|
EndOfLineMarker eol;
|
2018-12-17 11:22:38 +01:00
|
|
|
char c;
|
2017-09-22 17:55:53 +02:00
|
|
|
|
2017-09-23 10:48:09 +02:00
|
|
|
if (n >= limit)
|
|
|
|
|
return -ENOBUFS;
|
2017-09-22 17:55:53 +02:00
|
|
|
|
2018-12-14 12:56:12 +01:00
|
|
|
if (count >= INT_MAX) /* We couldn't return the counter anymore as "int", hence refuse this */
|
|
|
|
|
return -ENOBUFS;
|
|
|
|
|
|
2018-12-17 11:22:38 +01:00
|
|
|
r = safe_fgetc(f, &c);
|
|
|
|
|
if (r < 0)
|
|
|
|
|
return r;
|
2018-12-17 11:52:05 +01:00
|
|
|
if (r == 0) /* EOF is definitely EOL */
|
2017-09-23 10:48:09 +02:00
|
|
|
break;
|
2017-09-22 17:55:53 +02:00
|
|
|
|
2018-12-17 11:50:33 +01:00
|
|
|
eol = categorize_eol(c, flags);
|
2018-12-12 13:41:25 +01:00
|
|
|
|
|
|
|
|
if (FLAGS_SET(previous_eol, EOL_ZERO) ||
|
|
|
|
|
(eol == EOL_NONE && previous_eol != EOL_NONE) ||
|
|
|
|
|
(eol != EOL_NONE && (previous_eol & eol) != 0)) {
|
|
|
|
|
/* Previous char was a NUL? This is not an EOL, but the previous char was? This type of
|
2018-12-20 10:21:16 +01:00
|
|
|
* EOL marker has been seen right before? In either of these three cases we are
|
|
|
|
|
* done. But first, let's put this character back in the queue. (Note that we have to
|
|
|
|
|
* cast this to (unsigned char) here as ungetc() expects a positive 'int', and if we
|
|
|
|
|
* are on an architecture where 'char' equals 'signed char' we need to ensure we don't
|
|
|
|
|
* pass a negative value here. That said, to complicate things further ungetc() is
|
|
|
|
|
* actually happy with most negative characters and implicitly casts them back to
|
|
|
|
|
* positive ones as needed, except for \xff (aka -1, aka EOF), which it refuses. What a
|
|
|
|
|
* godawful API!) */
|
|
|
|
|
assert_se(ungetc((unsigned char) c, f) != EOF);
|
2017-09-23 10:48:09 +02:00
|
|
|
break;
|
2018-12-12 13:41:25 +01:00
|
|
|
}
|
|
|
|
|
|
2018-12-17 11:52:05 +01:00
|
|
|
count++;
|
|
|
|
|
|
2018-12-12 13:41:25 +01:00
|
|
|
if (eol != EOL_NONE) {
|
2020-04-13 11:25:43 +02:00
|
|
|
/* If we are on a tty, we can't shouldn't wait for more input, because that
|
|
|
|
|
* generally means waiting for the user, interactively. In the case of a TTY
|
|
|
|
|
* we expect only \n as the single EOL marker, so we are in the lucky
|
|
|
|
|
* position that there is no need to wait. We check this condition last, to
|
|
|
|
|
* avoid isatty() check if not necessary. */
|
2019-07-16 18:35:34 +02:00
|
|
|
|
2020-04-13 11:20:59 +02:00
|
|
|
if ((flags & (READ_LINE_IS_A_TTY|READ_LINE_NOT_A_TTY)) == 0) {
|
2020-04-13 10:09:44 +02:00
|
|
|
int fd;
|
|
|
|
|
|
|
|
|
|
fd = fileno(f);
|
|
|
|
|
if (fd < 0) /* Maybe an fmemopen() stream? Handle this gracefully,
|
|
|
|
|
* and don't call isatty() on an invalid fd */
|
2020-04-13 11:20:59 +02:00
|
|
|
flags |= READ_LINE_NOT_A_TTY;
|
2020-04-13 10:09:44 +02:00
|
|
|
else
|
2020-04-13 11:20:59 +02:00
|
|
|
flags |= isatty(fd) ? READ_LINE_IS_A_TTY : READ_LINE_NOT_A_TTY;
|
2020-04-13 10:09:44 +02:00
|
|
|
}
|
2020-04-13 11:20:59 +02:00
|
|
|
if (FLAGS_SET(flags, READ_LINE_IS_A_TTY))
|
2019-07-16 18:35:34 +02:00
|
|
|
break;
|
|
|
|
|
}
|
|
|
|
|
|
|
|
|
|
if (eol != EOL_NONE) {
|
2018-12-12 13:41:25 +01:00
|
|
|
previous_eol |= eol;
|
|
|
|
|
continue;
|
|
|
|
|
}
|
2017-09-22 17:55:53 +02:00
|
|
|
|
2017-09-23 10:48:09 +02:00
|
|
|
if (ret) {
|
|
|
|
|
if (!GREEDY_REALLOC(buffer, allocated, n + 2))
|
|
|
|
|
return -ENOMEM;
|
2017-09-22 17:55:53 +02:00
|
|
|
|
2018-12-17 11:22:38 +01:00
|
|
|
buffer[n] = c;
|
2017-09-22 17:55:53 +02:00
|
|
|
}
|
|
|
|
|
|
2017-09-23 10:48:09 +02:00
|
|
|
n++;
|
2017-09-22 17:55:53 +02:00
|
|
|
}
|
|
|
|
|
}
|
|
|
|
|
|
|
|
|
|
if (ret) {
|
|
|
|
|
buffer[n] = 0;
|
|
|
|
|
|
2018-04-05 07:26:26 +02:00
|
|
|
*ret = TAKE_PTR(buffer);
|
2017-09-22 17:55:53 +02:00
|
|
|
}
|
|
|
|
|
|
|
|
|
|
return (int) count;
|
|
|
|
|
}
|
2018-12-17 11:21:12 +01:00
|
|
|
|
|
|
|
|
int safe_fgetc(FILE *f, char *ret) {
|
|
|
|
|
int k;
|
|
|
|
|
|
|
|
|
|
assert(f);
|
|
|
|
|
|
|
|
|
|
/* A safer version of plain fgetc(): let's propagate the error that happened while reading as such, and
|
|
|
|
|
* separate the EOF condition from the byte read, to avoid those confusion signed/unsigned issues fgetc()
|
|
|
|
|
* has. */
|
|
|
|
|
|
|
|
|
|
errno = 0;
|
|
|
|
|
k = fgetc(f);
|
|
|
|
|
if (k == EOF) {
|
|
|
|
|
if (ferror(f))
|
2019-07-11 15:42:14 +02:00
|
|
|
return errno_or_else(EIO);
|
2018-12-17 11:21:12 +01:00
|
|
|
|
|
|
|
|
if (ret)
|
|
|
|
|
*ret = 0;
|
|
|
|
|
|
|
|
|
|
return 0;
|
|
|
|
|
}
|
|
|
|
|
|
|
|
|
|
if (ret)
|
|
|
|
|
*ret = k;
|
|
|
|
|
|
|
|
|
|
return 1;
|
|
|
|
|
}
|
2019-04-07 20:48:30 +02:00
|
|
|
|
|
|
|
|
int warn_file_is_world_accessible(const char *filename, struct stat *st, const char *unit, unsigned line) {
|
|
|
|
|
struct stat _st;
|
|
|
|
|
|
|
|
|
|
if (!filename)
|
|
|
|
|
return 0;
|
|
|
|
|
|
|
|
|
|
if (!st) {
|
|
|
|
|
if (stat(filename, &_st) < 0)
|
|
|
|
|
return -errno;
|
|
|
|
|
st = &_st;
|
|
|
|
|
}
|
|
|
|
|
|
|
|
|
|
if ((st->st_mode & S_IRWXO) == 0)
|
|
|
|
|
return 0;
|
|
|
|
|
|
|
|
|
|
if (unit)
|
|
|
|
|
log_syntax(unit, LOG_WARNING, filename, line, 0,
|
2019-09-11 11:11:19 +02:00
|
|
|
"%s has %04o mode that is too permissive, please adjust the ownership and access mode.",
|
2019-04-07 20:48:30 +02:00
|
|
|
filename, st->st_mode & 07777);
|
|
|
|
|
else
|
2019-09-11 11:11:19 +02:00
|
|
|
log_warning("%s has %04o mode that is too permissive, please adjust the ownership and access mode.",
|
2019-04-07 20:48:30 +02:00
|
|
|
filename, st->st_mode & 07777);
|
|
|
|
|
return 0;
|
|
|
|
|
}
|
2020-05-22 20:30:24 +02:00
|
|
|
|
2020-05-26 20:00:45 +02:00
|
|
|
int sync_rights(int from, int to) {
|
2020-05-22 20:30:24 +02:00
|
|
|
struct stat st;
|
|
|
|
|
|
2020-05-26 20:00:45 +02:00
|
|
|
if (fstat(from, &st) < 0)
|
2020-05-22 20:30:24 +02:00
|
|
|
return -errno;
|
|
|
|
|
|
2020-05-26 20:00:45 +02:00
|
|
|
return fchmod_and_chown(to, st.st_mode & 07777, st.st_uid, st.st_gid);
|
2020-05-22 20:30:24 +02:00
|
|
|
}
|
|
|
|
|
|
2020-05-26 19:49:26 +02:00
|
|
|
int rename_and_apply_smack_floor_label(const char *from, const char *to) {
|
2020-05-22 20:30:24 +02:00
|
|
|
int r = 0;
|
|
|
|
|
if (rename(from, to) < 0)
|
|
|
|
|
return -errno;
|
|
|
|
|
|
|
|
|
|
#ifdef SMACK_RUN_LABEL
|
|
|
|
|
r = mac_smack_apply(to, SMACK_ATTR_ACCESS, SMACK_FLOOR_LABEL);
|
|
|
|
|
if (r < 0)
|
|
|
|
|
return r;
|
|
|
|
|
#endif
|
|
|
|
|
return r;
|
|
|
|
|
}
|