X-Git-Url: http://www.chiark.greenend.org.uk/ucgi/~ianmdlvl/git?p=elogind.git;a=blobdiff_plain;f=src%2Fshared%2Futil.c;h=55246f5a4d769eeb98206a29deafb80affe24b9b;hp=f23dd92a6b97ecdde00b2509c77ea9d517c8a732;hb=97768fc5746ea97cb2d3ac6854b4fc7ce1c14f24;hpb=a6f0104a16350a4c2660837da6e0e5c2e50e2389 diff --git a/src/shared/util.c b/src/shared/util.c index f23dd92a6..1d67abe58 100644 --- a/src/shared/util.c +++ b/src/shared/util.c @@ -41,7 +41,6 @@ #include #include #include -#include #include #include #include @@ -55,11 +54,18 @@ #include #include #include +#include #include #include #include #include +#include #include +#undef basename + +#ifdef HAVE_SYS_AUXV_H +#include +#endif #include "macro.h" #include "util.h" @@ -68,11 +74,17 @@ #include "log.h" #include "strv.h" #include "label.h" +#include "mkdir.h" #include "path-util.h" #include "exit-status.h" #include "hashmap.h" #include "env-util.h" #include "fileio.h" +#include "device-nodes.h" +#include "utf8.h" +#include "gunicode.h" +#include "virt.h" +#include "def.h" int saved_argc = 0; char **saved_argv = NULL; @@ -81,7 +93,7 @@ static volatile unsigned cached_columns = 0; static volatile unsigned cached_lines = 0; size_t page_size(void) { - static __thread size_t pgsz = 0; + static thread_local size_t pgsz = 0; long r; if (_likely_(pgsz > 0)) @@ -128,91 +140,83 @@ char* endswith(const char *s, const char *postfix) { return (char*) s + sl - pl; } -char* startswith(const char *s, const char *prefix) { - const char *a, *b; - - assert(s); - assert(prefix); - - a = s, b = prefix; - for (;;) { - if (*b == 0) - return (char*) a; - if (*a != *b) - return NULL; - - a++, b++; - } -} - -char* startswith_no_case(const char *s, const char *prefix) { - const char *a, *b; - - assert(s); - assert(prefix); - - a = s, b = prefix; - for (;;) { - if (*b == 0) - return (char*) a; - if (tolower(*a) != tolower(*b)) - return NULL; - - a++, b++; - } -} - -bool first_word(const char *s, const char *word) { +char* first_word(const char *s, const char *word) { size_t sl, wl; + const char *p; assert(s); assert(word); + /* Checks if the string starts with the specified word, either + * followed by NUL or by whitespace. Returns a pointer to the + * NUL or the first character after the whitespace. */ + sl = strlen(s); wl = strlen(word); if (sl < wl) - return false; + return NULL; if (wl == 0) - return true; + return (char*) s; if (memcmp(s, word, wl) != 0) - return false; + return NULL; - return s[wl] == 0 || - strchr(WHITESPACE, s[wl]); + p = s + wl; + if (*p == 0) + return (char*) p; + + if (!strchr(WHITESPACE, *p)) + return NULL; + + p += strspn(p, WHITESPACE); + return (char*) p; } int close_nointr(int fd) { - int r; - assert(fd >= 0); - r = close(fd); - /* Just ignore EINTR; a retry loop is the wrong - * thing to do on Linux. + if (close(fd) >= 0) + return 0; + + /* + * Just ignore EINTR; a retry loop is the wrong thing to do on + * Linux. * * http://lkml.indiana.edu/hypermail/linux/kernel/0509.1/0877.html * https://bugzilla.gnome.org/show_bug.cgi?id=682819 * http://utcc.utoronto.ca/~cks/space/blog/unix/CloseEINTR * https://sites.google.com/site/michaelsafyan/software-engineering/checkforeintrwheninvokingclosethinkagain */ - if (_unlikely_(r < 0 && errno == EINTR)) + if (errno == EINTR) return 0; - else if (r >= 0) - return r; - else - return -errno; + + return -errno; } -void close_nointr_nofail(int fd) { - PROTECT_ERRNO; +int safe_close(int fd) { + + /* + * Like close_nointr() but cannot fail. Guarantees errno is + * unchanged. Is a NOP with negative fds passed, and returns + * -1, so that it can be used in this syntax: + * + * fd = safe_close(fd); + */ + + if (fd >= 0) { + PROTECT_ERRNO; - /* like close_nointr() but cannot fail, and guarantees errno - * is unchanged */ + /* The kernel might return pretty much any error code + * via close(), but the fd will be closed anyway. The + * only condition we want to check for here is whether + * the fd was invalid at all... */ + + assert_se(close_nointr(fd) != -EBADF); + } - assert_se(close_nointr(fd) == 0); + return -1; } void close_many(const int fds[], unsigned n_fd) { @@ -221,7 +225,7 @@ void close_many(const int fds[], unsigned n_fd) { assert(fds || n_fd <= 0); for (i = 0; i < n_fd; i++) - close_nointr_nofail(fds[i]); + safe_close(fds[i]); } int unlink_noerrno(const char *path) { @@ -238,9 +242,9 @@ int unlink_noerrno(const char *path) { int parse_boolean(const char *v) { assert(v); - if (streq(v, "1") || v[0] == 'y' || v[0] == 'Y' || v[0] == 't' || v[0] == 'T' || strcaseeq(v, "on")) + if (streq(v, "1") || strcaseeq(v, "yes") || strcaseeq(v, "y") || strcaseeq(v, "true") || strcaseeq(v, "t") || strcaseeq(v, "on")) return 1; - else if (streq(v, "0") || v[0] == 'n' || v[0] == 'N' || v[0] == 'f' || v[0] == 'F' || strcaseeq(v, "off")) + else if (streq(v, "0") || strcaseeq(v, "no") || strcaseeq(v, "n") || strcaseeq(v, "false") || strcaseeq(v, "f") || strcaseeq(v, "off")) return 0; return -EINVAL; @@ -287,6 +291,14 @@ int parse_uid(const char *s, uid_t* ret_uid) { if ((unsigned long) uid != ul) return -ERANGE; + /* Some libc APIs use (uid_t) -1 as special placeholder */ + if (uid == (uid_t) 0xFFFFFFFF) + return -ENXIO; + + /* A long time ago UIDs where 16bit, hence explicitly avoid the 16bit -1 too */ + if (uid == (uid_t) 0xFFFF) + return -ENXIO; + *ret_uid = uid; return 0; } @@ -331,6 +343,26 @@ int safe_atoi(const char *s, int *ret_i) { return 0; } +int safe_atou8(const char *s, uint8_t *ret) { + char *x = NULL; + unsigned long l; + + assert(s); + assert(ret); + + errno = 0; + l = strtoul(s, &x, 0); + + if (!x || x == s || *x || errno) + return errno > 0 ? -errno : -EINVAL; + + if ((unsigned long) (uint8_t) l != l) + return -ERANGE; + + *ret = (uint8_t) l; + return 0; +} + int safe_atollu(const char *s, long long unsigned *ret_llu) { char *x = NULL; unsigned long long l; @@ -384,83 +416,65 @@ int safe_atod(const char *s, double *ret_d) { return 0; } +static size_t strcspn_escaped(const char *s, const char *reject) { + bool escaped = false; + size_t n; + + for (n=0; s[n]; n++) { + if (escaped) + escaped = false; + else if (s[n] == '\\') + escaped = true; + else if (strchr(reject, s[n])) + break; + } + /* if s ends in \, return index of previous char */ + return n - escaped; +} + /* Split a string into words. */ -char *split(const char *c, size_t *l, const char *separator, char **state) { - char *current; +const char* split(const char **state, size_t *l, const char *separator, bool quoted) { + const char *current; - current = *state ? *state : (char*) c; + current = *state; - if (!*current || *c == 0) + if (!*current) { + assert(**state == '\0'); return NULL; + } current += strspn(current, separator); - *l = strcspn(current, separator); - *state = current+*l; - - return (char*) current; -} - -/* Split a string into words, but consider strings enclosed in '' and - * "" as words even if they include spaces. */ -char *split_quoted(const char *c, size_t *l, char **state) { - char *current, *e; - bool escaped = false; - - current = *state ? *state : (char*) c; - - if (!*current || *c == 0) + if (!*current) { + *state = current; return NULL; + } - current += strspn(current, WHITESPACE); - - if (*current == '\'') { - current ++; - - for (e = current; *e; e++) { - if (escaped) - escaped = false; - else if (*e == '\\') - escaped = true; - else if (*e == '\'') - break; - } + if (quoted && strchr("\'\"", *current)) { + char quotechars[2] = {*current, '\0'}; - *l = e-current; - *state = *e == 0 ? e : e+1; - } else if (*current == '\"') { - current ++; - - for (e = current; *e; e++) { - if (escaped) - escaped = false; - else if (*e == '\\') - escaped = true; - else if (*e == '\"') - break; + *l = strcspn_escaped(current + 1, quotechars); + if (current[*l + 1] == '\0' || + (current[*l + 2] && !strchr(separator, current[*l + 2]))) { + /* right quote missing or garbage at the end*/ + *state = current; + return NULL; } - - *l = e-current; - *state = *e == 0 ? e : e+1; + assert(current[*l + 1] == quotechars[0]); + *state = current++ + *l + 2; + } else if (quoted) { + *l = strcspn_escaped(current, separator); + *state = current + *l; } else { - for (e = current; *e; e++) { - if (escaped) - escaped = false; - else if (*e == '\\') - escaped = true; - else if (strchr(WHITESPACE, *e)) - break; - } - *l = e-current; - *state = e; + *l = strcspn(current, separator); + *state = current + *l; } - return (char*) current; + return current; } int get_parent_of_pid(pid_t pid, pid_t *_ppid) { int r; - _cleanup_fclose_ FILE *f = NULL; - char line[LINE_MAX]; + _cleanup_free_ char *line = NULL; long unsigned ppid; const char *p; @@ -473,14 +487,9 @@ int get_parent_of_pid(pid_t pid, pid_t *_ppid) { } p = procfs_file_alloca(pid, "stat"); - f = fopen(p, "re"); - if (!f) - return -errno; - - if (!fgets(line, sizeof(line), f)) { - r = feof(f) ? -EIO : -errno; + r = read_one_line_file(p, &line); + if (r < 0) return r; - } /* Let's skip the pid and comm fields. The latter is enclosed * in () but does not escape any () in its value, so let's @@ -507,28 +516,17 @@ int get_parent_of_pid(pid_t pid, pid_t *_ppid) { } int get_starttime_of_pid(pid_t pid, unsigned long long *st) { - _cleanup_fclose_ FILE *f = NULL; - char line[LINE_MAX]; + int r; + _cleanup_free_ char *line = NULL; const char *p; assert(pid >= 0); assert(st); - if (pid == 0) - p = "/proc/self/stat"; - else - p = procfs_file_alloca(pid, "stat"); - - f = fopen(p, "re"); - if (!f) - return -errno; - - if (!fgets(line, sizeof(line), f)) { - if (ferror(f)) - return -errno; - - return -EIO; - } + p = procfs_file_alloca(pid, "stat"); + r = read_one_line_file(p, &line); + if (r < 0) + return r; /* Let's skip the pid and comm fields. The latter is enclosed * in () but does not escape any () in its value, so let's @@ -585,18 +583,45 @@ char *truncate_nl(char *s) { return s; } +int get_process_state(pid_t pid) { + const char *p; + char state; + int r; + _cleanup_free_ char *line = NULL; + + assert(pid >= 0); + + p = procfs_file_alloca(pid, "stat"); + r = read_one_line_file(p, &line); + if (r < 0) + return r; + + p = strrchr(line, ')'); + if (!p) + return -EIO; + + p++; + + if (sscanf(p, " %c", &state) != 1) + return -EIO; + + return (unsigned char) state; +} + int get_process_comm(pid_t pid, char **name) { const char *p; + int r; assert(name); assert(pid >= 0); - if (pid == 0) - p = "/proc/self/comm"; - else - p = procfs_file_alloca(pid, "comm"); + p = procfs_file_alloca(pid, "comm"); + + r = read_one_line_file(p, name); + if (r == -ENOENT) + return -ESRCH; - return read_one_line_file(p, name); + return r; } int get_process_cmdline(pid_t pid, size_t max_length, bool comm_fallback, char **line) { @@ -608,10 +633,7 @@ int get_process_cmdline(pid_t pid, size_t max_length, bool comm_fallback, char * assert(line); assert(pid >= 0); - if (pid == 0) - p = "/proc/self/cmdline"; - else - p = procfs_file_alloca(pid, "cmdline"); + p = procfs_file_alloca(pid, "cmdline"); f = fopen(p, "re"); if (!f) @@ -674,7 +696,7 @@ int get_process_cmdline(pid_t pid, size_t max_length, bool comm_fallback, char * /* Kernel threads have no argv[] */ if (r == NULL || r[0] == 0) { - char *t; + _cleanup_free_ char *t = NULL; int h; free(r); @@ -687,8 +709,6 @@ int get_process_cmdline(pid_t pid, size_t max_length, bool comm_fallback, char * return h; r = strjoin("[", t, "]", NULL); - free(t); - if (!r) return -ENOMEM; } @@ -728,37 +748,13 @@ int is_kernel_thread(pid_t pid) { int get_process_capeff(pid_t pid, char **capeff) { const char *p; - _cleanup_free_ char *status = NULL; - char *t = NULL; - int r; assert(capeff); assert(pid >= 0); - if (pid == 0) - p = "/proc/self/status"; - else - p = procfs_file_alloca(pid, "status"); - - r = read_full_file(p, &status, NULL); - if (r < 0) - return r; - - t = strstr(status, "\nCapEff:\t"); - if (!t) - return -ENOENT; - - for (t += strlen("\nCapEff:\t"); t[0] == '0'; t++) - continue; - - if (t[0] == '\n') - t--; - - *capeff = strndup(t, strchr(t, '\n') - t); - if (!*capeff) - return -ENOMEM; + p = procfs_file_alloca(pid, "status"); - return 0; + return get_status_field(p, "\nCapEff:", capeff); } int get_process_exe(pid_t pid, char **name) { @@ -769,14 +765,11 @@ int get_process_exe(pid_t pid, char **name) { assert(pid >= 0); assert(name); - if (pid == 0) - p = "/proc/self/exe"; - else - p = procfs_file_alloca(pid, "exe"); + p = procfs_file_alloca(pid, "exe"); r = readlink_malloc(p, name); if (r < 0) - return r; + return r == -ENOENT ? -ESRCH : r; d = endswith(*name, " (deleted)"); if (d) @@ -863,28 +856,31 @@ char *strappend(const char *s, const char *suffix) { return strnappend(s, suffix, suffix ? strlen(suffix) : 0); } -int readlink_malloc(const char *p, char **r) { +int readlinkat_malloc(int fd, const char *p, char **ret) { size_t l = 100; + int r; assert(p); - assert(r); + assert(ret); for (;;) { char *c; ssize_t n; - if (!(c = new(char, l))) + c = new(char, l); + if (!c) return -ENOMEM; - if ((n = readlink(p, c, l-1)) < 0) { - int ret = -errno; + n = readlinkat(fd, p, c, l-1); + if (n < 0) { + r = -errno; free(c); - return ret; + return r; } if ((size_t) n < l-1) { c[n] = 0; - *r = c; + *ret = c; return 0; } @@ -893,6 +889,10 @@ int readlink_malloc(const char *p, char **r) { } } +int readlink_malloc(const char *p, char **ret) { + return readlinkat_malloc(AT_FDCWD, p, ret); +} + int readlink_and_make_absolute(const char *p, char **r) { _cleanup_free_ char *target = NULL; char *k; @@ -937,7 +937,7 @@ int readlink_and_canonicalize(const char *p, char **r) { } int reset_all_signal_handlers(void) { - int sig; + int sig, r = 0; for (sig = 1; sig < _NSIG; sig++) { struct sigaction sa = { @@ -945,16 +945,29 @@ int reset_all_signal_handlers(void) { .sa_flags = SA_RESTART, }; + /* These two cannot be caught... */ if (sig == SIGKILL || sig == SIGSTOP) continue; /* On Linux the first two RT signals are reserved by * glibc, and sigaction() will return EINVAL for them. */ if ((sigaction(sig, &sa, NULL) < 0)) - if (errno != EINVAL) - return -errno; + if (errno != EINVAL && r == 0) + r = -errno; } + return r; +} + +int reset_signal_mask(void) { + sigset_t ss; + + if (sigemptyset(&ss) < 0) + return -errno; + + if (sigprocmask(SIG_SETMASK, &ss, NULL) < 0) + return -errno; + return 0; } @@ -992,19 +1005,6 @@ char *delete_chars(char *s, const char *bad) { return s; } -bool in_charset(const char *s, const char* charset) { - const char *i; - - assert(s); - assert(charset); - - for (i = s; *i; i++) - if (!strchr(charset, *i)) - return false; - - return true; -} - char *file_in_same_dir(const char *path, const char *filename) { char *e, *r; size_t k; @@ -1095,7 +1095,7 @@ int unhexchar(char c) { if (c >= 'A' && c <= 'F') return c - 'A' + 10; - return -1; + return -EINVAL; } char *hexmem(const void *p, size_t l) { @@ -1150,7 +1150,7 @@ int unoctchar(char c) { if (c >= '0' && c <= '7') return c - '0'; - return -1; + return -EINVAL; } char decchar(int x) { @@ -1162,7 +1162,7 @@ int undecchar(char c) { if (c >= '0' && c <= '9') return c - '0'; - return -1; + return -EINVAL; } char *cescape(const char *s) { @@ -1254,7 +1254,7 @@ char *cunescape_length_with_prefix(const char *s, size_t length, const char *pre r = new(char, pl+length+1); if (!r) - return r; + return NULL; if (prefix) memcpy(r, prefix, pl); @@ -1313,7 +1313,7 @@ char *cunescape_length_with_prefix(const char *s, size_t length, const char *pre a = unhexchar(f[1]); b = unhexchar(f[2]); - if (a < 0 || b < 0) { + if (a < 0 || b < 0 || (a == 0 && b == 0)) { /* Invalid escape code, let's take it literal then */ *(t++) = '\\'; *(t++) = 'x'; @@ -1340,7 +1340,7 @@ char *cunescape_length_with_prefix(const char *s, size_t length, const char *pre b = unoctchar(f[1]); c = unoctchar(f[2]); - if (a < 0 || b < 0 || c < 0) { + if (a < 0 || b < 0 || c < 0 || (a == 0 && b == 0 && c == 0)) { /* Invalid escape code, let's take it literal then */ *(t++) = '\\'; *(t++) = f[0]; @@ -1409,78 +1409,6 @@ char *xescape(const char *s, const char *bad) { return r; } -char *bus_path_escape(const char *s) { - char *r, *t; - const char *f; - - assert(s); - - /* Escapes all chars that D-Bus' object path cannot deal - * with. Can be reverse with bus_path_unescape(). We special - * case the empty string. */ - - if (*s == 0) - return strdup("_"); - - r = new(char, strlen(s)*3 + 1); - if (!r) - return NULL; - - for (f = s, t = r; *f; f++) { - - /* Escape everything that is not a-zA-Z0-9. We also - * escape 0-9 if it's the first character */ - - if (!(*f >= 'A' && *f <= 'Z') && - !(*f >= 'a' && *f <= 'z') && - !(f > s && *f >= '0' && *f <= '9')) { - *(t++) = '_'; - *(t++) = hexchar(*f >> 4); - *(t++) = hexchar(*f); - } else - *(t++) = *f; - } - - *t = 0; - - return r; -} - -char *bus_path_unescape(const char *f) { - char *r, *t; - - assert(f); - - /* Special case for the empty string */ - if (streq(f, "_")) - return strdup(""); - - r = new(char, strlen(f) + 1); - if (!r) - return NULL; - - for (t = r; *f; f++) { - - if (*f == '_') { - int a, b; - - if ((a = unhexchar(f[1])) < 0 || - (b = unhexchar(f[2])) < 0) { - /* Invalid escape code, let's take it literal then */ - *(t++) = '_'; - } else { - *(t++) = (char) ((a << 4) | b); - f += 2; - } - } else - *(t++) = *f; - } - - *t = 0; - - return r; -} - char *ascii_strlower(char *t) { char *p; @@ -1506,6 +1434,7 @@ _pure_ static bool ignore_file_allow_backup(const char *filename) { endswith(filename, ".rpmorig") || endswith(filename, ".dpkg-old") || endswith(filename, ".dpkg-new") || + endswith(filename, ".dpkg-tmp") || endswith(filename, ".swp"); } @@ -1513,45 +1442,53 @@ bool ignore_file(const char *filename) { assert(filename); if (endswith(filename, "~")) - return false; + return true; return ignore_file_allow_backup(filename); } int fd_nonblock(int fd, bool nonblock) { - int flags; + int flags, nflags; assert(fd >= 0); - if ((flags = fcntl(fd, F_GETFL, 0)) < 0) + flags = fcntl(fd, F_GETFL, 0); + if (flags < 0) return -errno; if (nonblock) - flags |= O_NONBLOCK; + nflags = flags | O_NONBLOCK; else - flags &= ~O_NONBLOCK; + nflags = flags & ~O_NONBLOCK; + + if (nflags == flags) + return 0; - if (fcntl(fd, F_SETFL, flags) < 0) + if (fcntl(fd, F_SETFL, nflags) < 0) return -errno; return 0; } int fd_cloexec(int fd, bool cloexec) { - int flags; + int flags, nflags; assert(fd >= 0); - if ((flags = fcntl(fd, F_GETFD, 0)) < 0) + flags = fcntl(fd, F_GETFD, 0); + if (flags < 0) return -errno; if (cloexec) - flags |= FD_CLOEXEC; + nflags = flags | FD_CLOEXEC; else - flags &= ~FD_CLOEXEC; + nflags = flags & ~FD_CLOEXEC; - if (fcntl(fd, F_SETFD, flags) < 0) - return -errno; + if (nflags == flags) + return 0; + + if (fcntl(fd, F_SETFD, nflags) < 0) + return -errno; return 0; } @@ -1569,7 +1506,7 @@ _pure_ static bool fd_in_set(int fd, const int fdset[], unsigned n_fdset) { } int close_all_fds(const int except[], unsigned n_except) { - DIR *d; + _cleanup_closedir_ DIR *d = NULL; struct dirent *de; int r = 0; @@ -1624,7 +1561,6 @@ int close_all_fds(const int except[], unsigned n_except) { } } - closedir(d); return r; } @@ -1643,12 +1579,20 @@ bool fstype_is_network(const char *fstype) { static const char table[] = "cifs\0" "smbfs\0" + "sshfs\0" "ncpfs\0" "ncp\0" "nfs\0" "nfs4\0" "gfs\0" - "gfs2\0"; + "gfs2\0" + "glusterfs\0"; + + const char *x; + + x = startswith(fstype, "fuse."); + if (x) + fstype = x; return nulstr_contains(table, fstype); } @@ -1680,8 +1624,7 @@ int chvt(int vt) { int read_one_char(FILE *f, char *ret, usec_t t, bool *need_nl) { struct termios old_termios, new_termios; - char c; - char line[LINE_MAX]; + char c, line[LINE_MAX]; assert(f); assert(ret); @@ -1696,7 +1639,7 @@ int read_one_char(FILE *f, char *ret, usec_t t, bool *need_nl) { if (tcsetattr(fileno(f), TCSADRAIN, &new_termios) >= 0) { size_t k; - if (t != (usec_t) -1) { + if (t != USEC_INFINITY) { if (fd_wait_for_event(fileno(f), POLLIN, t) <= 0) { tcsetattr(fileno(f), TCSADRAIN, &old_termios); return -ETIMEDOUT; @@ -1718,12 +1661,14 @@ int read_one_char(FILE *f, char *ret, usec_t t, bool *need_nl) { } } - if (t != (usec_t) -1) + if (t != USEC_INFINITY) { if (fd_wait_for_event(fileno(f), POLLIN, t) <= 0) return -ETIMEDOUT; + } + errno = 0; if (!fgets(line, sizeof(line), f)) - return -EIO; + return errno ? -errno : -EIO; truncate_nl(line); @@ -1737,7 +1682,8 @@ int read_one_char(FILE *f, char *ret, usec_t t, bool *need_nl) { return 0; } -int ask(char *ret, const char *replies, const char *text, ...) { +int ask_char(char *ret, const char *replies, const char *text, ...) { + int r; assert(ret); assert(replies); @@ -1746,7 +1692,6 @@ int ask(char *ret, const char *replies, const char *text, ...) { for (;;) { va_list ap; char c; - int r; bool need_nl = true; if (on_tty()) @@ -1761,7 +1706,7 @@ int ask(char *ret, const char *replies, const char *text, ...) { fflush(stdout); - r = read_one_char(stdin, &c, (usec_t) -1, &need_nl); + r = read_one_char(stdin, &c, USEC_INFINITY, &need_nl); if (r < 0) { if (r == -EBADMSG) { @@ -1785,6 +1730,49 @@ int ask(char *ret, const char *replies, const char *text, ...) { } } +int ask_string(char **ret, const char *text, ...) { + assert(ret); + assert(text); + + for (;;) { + char line[LINE_MAX]; + va_list ap; + + if (on_tty()) + fputs(ANSI_HIGHLIGHT_ON, stdout); + + va_start(ap, text); + vprintf(text, ap); + va_end(ap); + + if (on_tty()) + fputs(ANSI_HIGHLIGHT_OFF, stdout); + + fflush(stdout); + + errno = 0; + if (!fgets(line, sizeof(line), stdin)) + return errno ? -errno : -EIO; + + if (!endswith(line, "\n")) + putchar('\n'); + else { + char *s; + + if (isempty(line)) + continue; + + truncate_nl(line); + s = strdup(line); + if (!s) + return -ENOMEM; + + *ret = s; + return 0; + } + } +} + int reset_terminal_fd(int fd, bool switch_to_text) { struct termios termios; int r = 0; @@ -1850,16 +1838,13 @@ finish: } int reset_terminal(const char *name) { - int fd, r; + _cleanup_close_ int fd = -1; fd = open_terminal(name, O_RDWR|O_NOCTTY|O_CLOEXEC); if (fd < 0) return fd; - r = reset_terminal_fd(fd, true); - close_nointr_nofail(fd); - - return r; + return reset_terminal_fd(fd, true); } int open_terminal(const char *name, int mode) { @@ -1893,17 +1878,14 @@ int open_terminal(const char *name, int mode) { c++; } - if (fd < 0) - return -errno; - r = isatty(fd); if (r < 0) { - close_nointr_nofail(fd); + safe_close(fd); return -errno; } if (!r) { - close_nointr_nofail(fd); + safe_close(fd); return -ENOTTY; } @@ -1971,11 +1953,11 @@ int acquire_terminal( * on the same tty as an untrusted user this should not be a * problem. (Which he probably should not do anyway.) */ - if (timeout != (usec_t) -1) + if (timeout != USEC_INFINITY) ts = now(CLOCK_MONOTONIC); if (!fail && !force) { - notify = inotify_init1(IN_CLOEXEC | (timeout != (usec_t) -1 ? IN_NONBLOCK : 0)); + notify = inotify_init1(IN_CLOEXEC | (timeout != USEC_INFINITY ? IN_NONBLOCK : 0)); if (notify < 0) { r = -errno; goto fail; @@ -2039,7 +2021,7 @@ int acquire_terminal( ssize_t l; struct inotify_event *e; - if (timeout != (usec_t) -1) { + if (timeout != USEC_INFINITY) { usec_t n; n = now(CLOCK_MONOTONIC); @@ -2092,11 +2074,10 @@ int acquire_terminal( * ended our handle will be dead. It's important that * we do this after sleeping, so that we don't enter * an endless loop. */ - close_nointr_nofail(fd); + fd = safe_close(fd); } - if (notify >= 0) - close_nointr_nofail(notify); + safe_close(notify); r = reset_terminal_fd(fd, true); if (r < 0) @@ -2105,22 +2086,21 @@ int acquire_terminal( return fd; fail: - if (fd >= 0) - close_nointr_nofail(fd); - - if (notify >= 0) - close_nointr_nofail(notify); + safe_close(fd); + safe_close(notify); return r; } int release_terminal(void) { - int r = 0; - struct sigaction sa_old, sa_new = { + static const struct sigaction sa_new = { .sa_handler = SIG_IGN, .sa_flags = SA_RESTART, }; - _cleanup_close_ int fd; + + _cleanup_close_ int fd = -1; + struct sigaction sa_old; + int r = 0; fd = open("/dev/tty", O_RDWR|O_NOCTTY|O_NDELAY|O_CLOEXEC); if (fd < 0) @@ -2159,7 +2139,6 @@ int ignore_signals(int sig, ...) { va_list ap; int r = 0; - if (sigaction(sig, &sa, NULL) < 0) r = -errno; @@ -2192,62 +2171,46 @@ int default_signals(int sig, ...) { return r; } -int close_pipe(int p[]) { - int a = 0, b = 0; - +void safe_close_pair(int p[]) { assert(p); - if (p[0] >= 0) { - a = close_nointr(p[0]); - p[0] = -1; - } - - if (p[1] >= 0) { - b = close_nointr(p[1]); - p[1] = -1; + if (p[0] == p[1]) { + /* Special case pairs which use the same fd in both + * directions... */ + p[0] = p[1] = safe_close(p[0]); + return; } - return a < 0 ? a : b; + p[0] = safe_close(p[0]); + p[1] = safe_close(p[1]); } ssize_t loop_read(int fd, void *buf, size_t nbytes, bool do_poll) { - uint8_t *p; + uint8_t *p = buf; ssize_t n = 0; assert(fd >= 0); assert(buf); - p = buf; - while (nbytes > 0) { ssize_t k; - if ((k = read(fd, p, nbytes)) <= 0) { - - if (k < 0 && errno == EINTR) - continue; - - if (k < 0 && errno == EAGAIN && do_poll) { - struct pollfd pollfd = { - .fd = fd, - .events = POLLIN, - }; - - if (poll(&pollfd, 1, -1) < 0) { - if (errno == EINTR) - continue; + k = read(fd, p, nbytes); + if (k < 0 && errno == EINTR) + continue; - return n > 0 ? n : -errno; - } + if (k < 0 && errno == EAGAIN && do_poll) { - if (pollfd.revents != POLLIN) - return n > 0 ? n : -EIO; + /* We knowingly ignore any return value here, + * and expect that any error/EOF is reported + * via read() */ - continue; - } + fd_wait_for_event(fd, POLLIN, USEC_INFINITY); + continue; + } + if (k <= 0) return n > 0 ? n : (k < 0 ? -errno : 0); - } p += k; nbytes -= k; @@ -2258,44 +2221,31 @@ ssize_t loop_read(int fd, void *buf, size_t nbytes, bool do_poll) { } ssize_t loop_write(int fd, const void *buf, size_t nbytes, bool do_poll) { - const uint8_t *p; + const uint8_t *p = buf; ssize_t n = 0; assert(fd >= 0); assert(buf); - p = buf; - while (nbytes > 0) { ssize_t k; k = write(fd, p, nbytes); - if (k <= 0) { - - if (k < 0 && errno == EINTR) - continue; - - if (k < 0 && errno == EAGAIN && do_poll) { - struct pollfd pollfd = { - .fd = fd, - .events = POLLOUT, - }; - - if (poll(&pollfd, 1, -1) < 0) { - if (errno == EINTR) - continue; + if (k < 0 && errno == EINTR) + continue; - return n > 0 ? n : -errno; - } + if (k < 0 && errno == EAGAIN && do_poll) { - if (pollfd.revents != POLLOUT) - return n > 0 ? n : -EIO; + /* We knowingly ignore any return value here, + * and expect that any error/EOF is reported + * via write() */ - continue; - } + fd_wait_for_event(fd, POLLOUT, USEC_INFINITY); + continue; + } + if (k <= 0) return n > 0 ? n : (k < 0 ? -errno : 0); - } p += k; nbytes -= k; @@ -2305,30 +2255,71 @@ ssize_t loop_write(int fd, const void *buf, size_t nbytes, bool do_poll) { return n; } -int parse_bytes(const char *t, off_t *bytes) { - static const struct { +int parse_size(const char *t, off_t base, off_t *size) { + + /* Soo, sometimes we want to parse IEC binary suffxies, and + * sometimes SI decimal suffixes. This function can parse + * both. Which one is the right way depends on the + * context. Wikipedia suggests that SI is customary for + * hardrware metrics and network speeds, while IEC is + * customary for most data sizes used by software and volatile + * (RAM) memory. Hence be careful which one you pick! + * + * In either case we use just K, M, G as suffix, and not Ki, + * Mi, Gi or so (as IEC would suggest). That's because that's + * frickin' ugly. But this means you really need to make sure + * to document which base you are parsing when you use this + * call. */ + + struct table { const char *suffix; unsigned long long factor; - } table[] = { - { "B", 1 }, - { "K", 1024ULL }, - { "M", 1024ULL*1024ULL }, - { "G", 1024ULL*1024ULL*1024ULL }, - { "T", 1024ULL*1024ULL*1024ULL*1024ULL }, - { "P", 1024ULL*1024ULL*1024ULL*1024ULL*1024ULL }, + }; + + static const struct table iec[] = { { "E", 1024ULL*1024ULL*1024ULL*1024ULL*1024ULL*1024ULL }, + { "P", 1024ULL*1024ULL*1024ULL*1024ULL*1024ULL }, + { "T", 1024ULL*1024ULL*1024ULL*1024ULL }, + { "G", 1024ULL*1024ULL*1024ULL }, + { "M", 1024ULL*1024ULL }, + { "K", 1024ULL }, + { "B", 1 }, + { "", 1 }, + }; + + static const struct table si[] = { + { "E", 1000ULL*1000ULL*1000ULL*1000ULL*1000ULL*1000ULL }, + { "P", 1000ULL*1000ULL*1000ULL*1000ULL*1000ULL }, + { "T", 1000ULL*1000ULL*1000ULL*1000ULL }, + { "G", 1000ULL*1000ULL*1000ULL }, + { "M", 1000ULL*1000ULL }, + { "K", 1000ULL }, + { "B", 1 }, { "", 1 }, }; + const struct table *table; const char *p; unsigned long long r = 0; + unsigned n_entries, start_pos = 0; assert(t); - assert(bytes); + assert(base == 1000 || base == 1024); + assert(size); + + if (base == 1000) { + table = si; + n_entries = ELEMENTSOF(si); + } else { + table = iec; + n_entries = ELEMENTSOF(iec); + } p = t; do { long long l; + unsigned long long l2; + double frac = 0; char *e; unsigned i; @@ -2344,14 +2335,32 @@ int parse_bytes(const char *t, off_t *bytes) { if (e == p) return -EINVAL; + if (*e == '.') { + e++; + if (*e >= '0' && *e <= '9') { + char *e2; + + /* strotoull itself would accept space/+/- */ + l2 = strtoull(e, &e2, 10); + + if (errno == ERANGE) + return -errno; + + /* Ignore failure. E.g. 10.M is valid */ + frac = l2; + for (; e < e2; e++) + frac /= 10; + } + } + e += strspn(e, WHITESPACE); - for (i = 0; i < ELEMENTSOF(table); i++) + for (i = start_pos; i < n_entries; i++) if (startswith(e, table[i].suffix)) { unsigned long long tmp; - if ((unsigned long long) l > ULLONG_MAX / table[i].factor) + if ((unsigned long long) l + (frac > 0) > ULLONG_MAX / table[i].factor) return -ERANGE; - tmp = l * table[i].factor; + tmp = l * table[i].factor + (unsigned long long) (frac * table[i].factor); if (tmp > ULLONG_MAX - r) return -ERANGE; @@ -2360,15 +2369,17 @@ int parse_bytes(const char *t, off_t *bytes) { return -ERANGE; p = e + strlen(table[i].suffix); + + start_pos = i + 1; break; } - if (i >= ELEMENTSOF(table)) + if (i >= n_entries) return -EINVAL; } while (*p); - *bytes = r; + *size = r; return 0; } @@ -2383,7 +2394,7 @@ int make_stdio(int fd) { t = dup3(fd, STDERR_FILENO, 0); if (fd >= 3) - close_nointr_nofail(fd); + safe_close(fd); if (r < 0 || s < 0 || t < 0) return -errno; @@ -2415,7 +2426,6 @@ bool is_device_path(const char *path) { int dir_is_empty(const char *path) { _cleanup_closedir_ DIR *d; - int r; d = opendir(path); if (!d) @@ -2423,11 +2433,11 @@ int dir_is_empty(const char *path) { for (;;) { struct dirent *de; - union dirent_storage buf; - r = readdir_r(d, &buf.de, &de); - if (r > 0) - return -r; + errno = 0; + de = readdir(d); + if (!de && errno != 0) + return -errno; if (!de) return 1; @@ -2455,23 +2465,99 @@ char* dirname_malloc(const char *path) { return dir; } -unsigned long long random_ull(void) { - _cleanup_close_ int fd; - uint64_t ull; - ssize_t r; +int dev_urandom(void *p, size_t n) { + static int have_syscall = -1; + int r, fd; + ssize_t k; + + /* Gathers some randomness from the kernel. This call will + * never block, and will always return some data from the + * kernel, regardless if the random pool is fully initialized + * or not. It thus makes no guarantee for the quality of the + * returned entropy, but is good enough for or usual usecases + * of seeding the hash functions for hashtable */ + + /* Use the getrandom() syscall unless we know we don't have + * it, or when the requested size is too large for it. */ + if (have_syscall != 0 || (size_t) (int) n != n) { + r = getrandom(p, n, GRND_NONBLOCK); + if (r == (int) n) { + have_syscall = true; + return 0; + } + + if (r < 0) { + if (errno == ENOSYS) + /* we lack the syscall, continue with + * reading from /dev/urandom */ + have_syscall = false; + else if (errno == EAGAIN) + /* not enough entropy for now. Let's + * remember to use the syscall the + * next time, again, but also read + * from /dev/urandom for now, which + * doesn't care about the current + * amount of entropy. */ + have_syscall = true; + else + return -errno; + } else + /* too short read? */ + return -EIO; + } fd = open("/dev/urandom", O_RDONLY|O_CLOEXEC|O_NOCTTY); if (fd < 0) - goto fallback; + return errno == ENOENT ? -ENOSYS : -errno; + + k = loop_read(fd, p, n, true); + safe_close(fd); + + if (k < 0) + return (int) k; + if ((size_t) k != n) + return -EIO; + + return 0; +} + +void random_bytes(void *p, size_t n) { + static bool srand_called = false; + uint8_t *q; + int r; + + r = dev_urandom(p, n); + if (r >= 0) + return; + + /* If some idiot made /dev/urandom unavailable to us, he'll + * get a PRNG instead. */ + + if (!srand_called) { + unsigned x = 0; - r = loop_read(fd, &ull, sizeof(ull), true); - if (r != sizeof(ull)) - goto fallback; +#ifdef HAVE_SYS_AUXV_H + /* The kernel provides us with a bit of entropy in + * auxv, so let's try to make use of that to seed the + * pseudo-random generator. It's better than + * nothing... */ - return ull; + void *auxv; -fallback: - return random() * RAND_MAX + random(); + auxv = (void*) getauxval(AT_RANDOM); + if (auxv) + x ^= *(unsigned*) auxv; +#endif + + x ^= (unsigned) now(CLOCK_REALTIME); + x ^= (unsigned) gettid(); + + srand(x); + srand_called = true; + } + + for (q = p; q < (uint8_t*) p + n; q ++) + *q = rand(); } void rename_process(const char name[8]) { @@ -2500,7 +2586,7 @@ void rename_process(const char name[8]) { if (!saved_argv[i]) break; - memset(saved_argv[i], 0, strlen(saved_argv[i])); + memzero(saved_argv[i], strlen(saved_argv[i])); } } } @@ -2517,6 +2603,24 @@ void sigset_add_many(sigset_t *ss, ...) { va_end(ap); } +int sigprocmask_many(int how, ...) { + va_list ap; + sigset_t ss; + int sig; + + assert_se(sigemptyset(&ss) == 0); + + va_start(ap, how); + while ((sig = va_arg(ap, int)) > 0) + assert_se(sigaddset(&ss, sig) == 0); + va_end(ap); + + if (sigprocmask(how, &ss, NULL) < 0) + return -errno; + + return 0; +} + char* gethostname_malloc(void) { struct utsname u; @@ -2536,7 +2640,7 @@ bool hostname_is_set(void) { return !isempty(u.nodename) && !streq(u.nodename, "(none)"); } -static char *lookup_uid(uid_t uid) { +char *lookup_uid(uid_t uid) { long bufsize; char *name; _cleanup_free_ char *buf = NULL; @@ -2557,7 +2661,7 @@ static char *lookup_uid(uid_t uid) { if (getpwuid_r(uid, &pwbuf, buf, bufsize, &pw) == 0 && pw) return strdup(pw->pw_name); - if (asprintf(&name, "%lu", (unsigned long) uid) < 0) + if (asprintf(&name, UID_FMT, uid) < 0) return NULL; return name; @@ -2592,7 +2696,7 @@ int getttyname_malloc(int fd, char **r) { assert(r); k = ttyname_r(fd, path, sizeof(path)); - if (k != 0) + if (k > 0) return -k; char_array_0(path); @@ -2623,28 +2727,17 @@ int getttyname_harder(int fd, char **r) { } int get_ctty_devnr(pid_t pid, dev_t *d) { - _cleanup_fclose_ FILE *f = NULL; - char line[LINE_MAX], *p; + int r; + _cleanup_free_ char *line = NULL; + const char *p; unsigned long ttynr; - const char *fn; - int k; assert(pid >= 0); - assert(d); - - if (pid == 0) - fn = "/proc/self/stat"; - else - fn = procfs_file_alloca(pid, "stat"); - - f = fopen(fn, "re"); - if (!f) - return -errno; - if (!fgets(line, sizeof(line), f)) { - k = feof(f) ? -EIO : -errno; - return k; - } + p = procfs_file_alloca(pid, "stat"); + r = read_one_line_file(p, &line); + if (r < 0) + return r; p = strrchr(line, ')'); if (!p) @@ -2664,14 +2757,18 @@ int get_ctty_devnr(pid_t pid, dev_t *d) { if (major(ttynr) == 0 && minor(ttynr) == 0) return -ENOENT; - *d = (dev_t) ttynr; + if (d) + *d = (dev_t) ttynr; + return 0; } int get_ctty(pid_t pid, dev_t *_devnr, char **r) { - int k; - char fn[sizeof("/dev/char/")-1 + 2*DECIMAL_STR_MAX(unsigned) + 1 + 1], *s, *b, *p; + char fn[sizeof("/dev/char/")-1 + 2*DECIMAL_STR_MAX(unsigned) + 1 + 1], *b = NULL; + _cleanup_free_ char *s = NULL; + const char *p; dev_t devnr; + int k; assert(r); @@ -2689,14 +2786,8 @@ int get_ctty(pid_t pid, dev_t *_devnr, char **r) { /* This is an ugly hack */ if (major(devnr) == 136) { - if (asprintf(&b, "pts/%lu", (unsigned long) minor(devnr)) < 0) - return -ENOMEM; - - *r = b; - if (_devnr) - *_devnr = devnr; - - return 0; + asprintf(&b, "pts/%u", minor(devnr)); + goto finish; } /* Probably something like the ptys which have no @@ -2704,14 +2795,7 @@ int get_ctty(pid_t pid, dev_t *_devnr, char **r) { * vaguely useful. */ b = strdup(fn + 5); - if (!b) - return -ENOMEM; - - *r = b; - if (_devnr) - *_devnr = devnr; - - return 0; + goto finish; } if (startswith(s, "/dev/")) @@ -2722,8 +2806,8 @@ int get_ctty(pid_t pid, dev_t *_devnr, char **r) { p = s; b = strdup(p); - free(s); +finish: if (!b) return -ENOMEM; @@ -2735,7 +2819,7 @@ int get_ctty(pid_t pid, dev_t *_devnr, char **r) { } int rm_rf_children_dangerous(int fd, bool only_dirs, bool honour_sticky, struct stat *root_dev) { - DIR *d; + _cleanup_closedir_ DIR *d = NULL; int ret = 0; assert(fd >= 0); @@ -2745,27 +2829,25 @@ int rm_rf_children_dangerous(int fd, bool only_dirs, bool honour_sticky, struct d = fdopendir(fd); if (!d) { - close_nointr_nofail(fd); + safe_close(fd); return errno == ENOENT ? 0 : -errno; } for (;;) { struct dirent *de; - union dirent_storage buf; bool is_dir, keep_around; struct stat st; int r; - r = readdir_r(d, &buf.de, &de); - if (r != 0 && ret == 0) { - ret = -r; - break; + errno = 0; + de = readdir(d); + if (!de) { + if (errno != 0 && ret == 0) + ret = -errno; + return ret; } - if (!de) - break; - if (streq(de->d_name, ".") || streq(de->d_name, "..")) continue; @@ -2821,17 +2903,13 @@ int rm_rf_children_dangerous(int fd, bool only_dirs, bool honour_sticky, struct } } } - - closedir(d); - - return ret; } _pure_ static int is_temporary_fs(struct statfs *s) { assert(s); - return - F_TYPE_CMP(s->f_type, TMPFS_MAGIC) || - F_TYPE_CMP(s->f_type, RAMFS_MAGIC); + + return F_TYPE_EQUAL(s->f_type, TMPFS_MAGIC) || + F_TYPE_EQUAL(s->f_type, RAMFS_MAGIC); } int rm_rf_children(int fd, bool only_dirs, bool honour_sticky, struct stat *root_dev) { @@ -2840,7 +2918,7 @@ int rm_rf_children(int fd, bool only_dirs, bool honour_sticky, struct stat *root assert(fd >= 0); if (fstatfs(fd, &s) < 0) { - close_nointr_nofail(fd); + safe_close(fd); return -errno; } @@ -2849,7 +2927,7 @@ int rm_rf_children(int fd, bool only_dirs, bool honour_sticky, struct stat *root * non-state data */ if (!is_temporary_fs(&s)) { log_error("Attempted to remove disk file system, and we can't allow that."); - close_nointr_nofail(fd); + safe_close(fd); return -EPERM; } @@ -2895,13 +2973,13 @@ static int rm_rf_internal(const char *path, bool only_dirs, bool delete_root, bo if (!dangerous) { if (fstatfs(fd, &s) < 0) { - close_nointr_nofail(fd); + safe_close(fd); return -errno; } if (!is_temporary_fs(&s)) { log_error("Attempted to remove disk file system, and we can't allow that."); - close_nointr_nofail(fd); + safe_close(fd); return -EPERM; } } @@ -2954,11 +3032,13 @@ int fchmod_and_fchown(int fd, mode_t mode, uid_t uid, gid_t gid) { * first change the access mode and only then hand out * ownership to avoid a window where access is too open. */ - if (fchmod(fd, mode) < 0) - return -errno; + if (mode != (mode_t) -1) + if (fchmod(fd, mode) < 0) + return -errno; - if (fchown(fd, uid, gid) < 0) - return -errno; + if (uid != (uid_t) -1 || gid != (gid_t) -1) + if (fchown(fd, uid, gid) < 0) + return -errno; return 0; } @@ -3026,7 +3106,7 @@ int status_vprintf(const char *status, bool ellipse, bool ephemeral, const char if (emax < 3) emax = 3; - e = ellipsize(s, emax, 75); + e = ellipsize(s, emax, 50); if (e) { free(s); s = e; @@ -3069,23 +3149,6 @@ int status_printf(const char *status, bool ellipse, bool ephemeral, const char * return r; } -int status_welcome(void) { - int r; - _cleanup_free_ char *pretty_name = NULL, *ansi_color = NULL; - - r = parse_env_file("/etc/os-release", NEWLINE, - "PRETTY_NAME", &pretty_name, - "ANSI_COLOR", &ansi_color, - NULL); - if (r < 0 && r != -ENOENT) - log_warning("Failed to read /etc/os-release: %s", strerror(-r)); - - return status_printf(NULL, false, false, - "\nWelcome to \x1B[%sm%s\x1B[0m!\n", - isempty(ansi_color) ? "1" : ansi_color, - isempty(pretty_name) ? "Linux" : pretty_name); -} - char *replace_env(const char *format, char **env) { enum { WORD, @@ -3163,12 +3226,13 @@ fail: } char **replace_env_argv(char **argv, char **env) { - char **r, **i; + char **ret, **i; unsigned k = 0, l = 0; l = strv_length(argv); - if (!(r = new(char*, l+1))) + ret = new(char*, l+1); + if (!ret) return NULL; STRV_FOREACH(i, argv) { @@ -3181,10 +3245,12 @@ char **replace_env_argv(char **argv, char **env) { e = strv_env_get(env, *i+1); if (e) { + int r; - if (!(m = strv_split_quoted(e))) { - r[k] = NULL; - strv_free(r); + r = strv_split_quoted(&m, e); + if (r < 0) { + ret[k] = NULL; + strv_free(ret); return NULL; } } else @@ -3193,16 +3259,17 @@ char **replace_env_argv(char **argv, char **env) { q = strv_length(m); l = l + q - 1; - if (!(w = realloc(r, sizeof(char*) * (l+1)))) { - r[k] = NULL; - strv_free(r); + w = realloc(ret, sizeof(char*) * (l+1)); + if (!w) { + ret[k] = NULL; + strv_free(ret); strv_free(m); return NULL; } - r = w; + ret = w; if (m) { - memcpy(r + k, m, q * sizeof(char*)); + memcpy(ret + k, m, q * sizeof(char*)); free(m); } @@ -3211,14 +3278,16 @@ char **replace_env_argv(char **argv, char **env) { } /* If ${FOO} appears as part of a word, replace it by the variable as-is */ - if (!(r[k++] = replace_env(*i, env))) { - strv_free(r); + ret[k] = replace_env(*i, env); + if (!ret[k]) { + strv_free(ret); return NULL; } + k++; } - r[k] = NULL; - return r; + ret[k] = NULL; + return ret; } int fd_columns(int fd) { @@ -3243,7 +3312,7 @@ unsigned columns(void) { c = 0; e = getenv("COLUMNS"); if (e) - safe_atoi(e, &c); + (void) safe_atoi(e, &c); if (c <= 0) c = fd_columns(STDOUT_FILENO); @@ -3277,7 +3346,7 @@ unsigned lines(void) { l = 0; e = getenv("LINES"); if (e) - safe_atou(e, &l); + (void) safe_atou(e, &l); if (l <= 0) l = fd_lines(STDOUT_FILENO); @@ -3304,22 +3373,30 @@ bool on_tty(void) { return cached_on_tty; } -int running_in_chroot(void) { - struct stat a = {}, b = {}; +int files_same(const char *filea, const char *fileb) { + struct stat a, b; - /* Only works as root */ - if (stat("/proc/1/root", &a) < 0) + if (stat(filea, &a) < 0) return -errno; - if (stat("/", &b) < 0) + if (stat(fileb, &b) < 0) return -errno; - return - a.st_dev != b.st_dev || - a.st_ino != b.st_ino; + return a.st_dev == b.st_dev && + a.st_ino == b.st_ino; } -char *ellipsize_mem(const char *s, size_t old_length, size_t new_length, unsigned percent) { +int running_in_chroot(void) { + int ret; + + ret = files_same("/proc/1/root", "/"); + if (ret < 0) + return ret; + + return ret == 0; +} + +static char *ascii_ellipsize_mem(const char *s, size_t old_length, size_t new_length, unsigned percent) { size_t x; char *r; @@ -3350,25 +3427,125 @@ char *ellipsize_mem(const char *s, size_t old_length, size_t new_length, unsigne return r; } -char *ellipsize(const char *s, size_t length, unsigned percent) { - return ellipsize_mem(s, strlen(s), length, percent); -} +char *ellipsize_mem(const char *s, size_t old_length, size_t new_length, unsigned percent) { + size_t x; + char *e; + const char *i, *j; + unsigned k, len, len2; -int touch(const char *path) { - int fd; + assert(s); + assert(percent <= 100); + assert(new_length >= 3); - assert(path); + /* if no multibyte characters use ascii_ellipsize_mem for speed */ + if (ascii_is_valid(s)) + return ascii_ellipsize_mem(s, old_length, new_length, percent); - /* This just opens the file for writing, ensuring it - * exists. It doesn't call utimensat() the way /usr/bin/touch - * does it. */ + if (old_length <= 3 || old_length <= new_length) + return strndup(s, old_length); - fd = open(path, O_WRONLY|O_CREAT|O_CLOEXEC|O_NOCTTY, 0644); - if (fd < 0) - return -errno; + x = (new_length * percent) / 100; - close_nointr_nofail(fd); - return 0; + if (x > new_length - 3) + x = new_length - 3; + + k = 0; + for (i = s; k < x && i < s + old_length; i = utf8_next_char(i)) { + int c; + + c = utf8_encoded_to_unichar(i); + if (c < 0) + return NULL; + k += unichar_iswide(c) ? 2 : 1; + } + + if (k > x) /* last character was wide and went over quota */ + x ++; + + for (j = s + old_length; k < new_length && j > i; ) { + int c; + + j = utf8_prev_char(j); + c = utf8_encoded_to_unichar(j); + if (c < 0) + return NULL; + k += unichar_iswide(c) ? 2 : 1; + } + assert(i <= j); + + /* we don't actually need to ellipsize */ + if (i == j) + return memdup(s, old_length + 1); + + /* make space for ellipsis */ + j = utf8_next_char(j); + + len = i - s; + len2 = s + old_length - j; + e = new(char, len + 3 + len2 + 1); + if (!e) + return NULL; + + /* + printf("old_length=%zu new_length=%zu x=%zu len=%u len2=%u k=%u\n", + old_length, new_length, x, len, len2, k); + */ + + memcpy(e, s, len); + e[len] = 0xe2; /* tri-dot ellipsis: … */ + e[len + 1] = 0x80; + e[len + 2] = 0xa6; + + memcpy(e + len + 3, j, len2 + 1); + + return e; +} + +char *ellipsize(const char *s, size_t length, unsigned percent) { + return ellipsize_mem(s, strlen(s), length, percent); +} + +int touch_file(const char *path, bool parents, usec_t stamp, uid_t uid, gid_t gid, mode_t mode) { + _cleanup_close_ int fd; + int r; + + assert(path); + + if (parents) + mkdir_parents(path, 0755); + + fd = open(path, O_WRONLY|O_CREAT|O_CLOEXEC|O_NOCTTY, mode > 0 ? mode : 0644); + if (fd < 0) + return -errno; + + if (mode > 0) { + r = fchmod(fd, mode); + if (r < 0) + return -errno; + } + + if (uid != (uid_t) -1 || gid != (gid_t) -1) { + r = fchown(fd, uid, gid); + if (r < 0) + return -errno; + } + + if (stamp != USEC_INFINITY) { + struct timespec ts[2]; + + timespec_store(&ts[0], stamp); + ts[1] = ts[0]; + r = futimens(fd, ts); + } else + r = futimens(fd, NULL); + if (r < 0) + return -errno; + + return 0; +} + +int touch(const char *path) { + return touch_file(path, false, USEC_INFINITY, (uid_t) -1, (gid_t) -1, 0); } char *unquote(const char *s, const char* quotes) { @@ -3451,6 +3628,17 @@ int wait_for_terminate(pid_t pid, siginfo_t *status) { } } +/* + * Return values: + * < 0 : wait_for_terminate() failed to get the state of the + * process, the process was terminated by a signal, or + * failed for an unknown reason. + * >=0 : The process terminated normally, and its exit code is + * returned. + * + * That is, success is indicated by a return value of zero, and an + * error is indicated by a non-zero value. + */ int wait_for_terminate_and_warn(const char *name, pid_t pid) { int r; siginfo_t status; @@ -3484,7 +3672,7 @@ int wait_for_terminate_and_warn(const char *name, pid_t pid) { return -EPROTO; } -_noreturn_ void freeze(void) { +noreturn void freeze(void) { /* Make sure nobody waits for us on a socket anymore */ close_all_fds(NULL, 0); @@ -3518,6 +3706,17 @@ int null_or_empty_path(const char *fn) { return null_or_empty(&st); } +int null_or_empty_fd(int fd) { + struct stat st; + + assert(fd >= 0); + + if (fstat(fd, &st) < 0) + return -errno; + + return null_or_empty(&st); +} + DIR *xopendirat(int fd, const char *name, int flags) { int nfd; DIR *d; @@ -3530,7 +3729,7 @@ DIR *xopendirat(int fd, const char *name, int flags) { d = fdopendir(nfd); if (!d) { - close_nointr_nofail(nfd); + safe_close(nfd); return NULL; } @@ -3550,29 +3749,22 @@ int signal_from_string_try_harder(const char *s) { } static char *tag_to_udev_node(const char *tagvalue, const char *by) { - char *dn, *t, *u; - int r; - - /* FIXME: to follow udev's logic 100% we need to leave valid - * UTF8 chars unescaped */ + _cleanup_free_ char *t = NULL, *u = NULL; + size_t enc_len; u = unquote(tagvalue, "\"\'"); - if (u == NULL) + if (!u) return NULL; - t = xescape(u, "/ "); - free(u); - - if (t == NULL) + enc_len = strlen(u) * 4 + 1; + t = new(char, enc_len); + if (!t) return NULL; - r = asprintf(&dn, "/dev/disk/by-%s/%s", by, t); - free(t); - - if (r < 0) + if (encode_devnode_name(u, t, enc_len) < 0) return NULL; - return dn; + return strjoin("/dev/disk/by-", by, "/", t, NULL); } char *fstab_node_to_udev_node(const char *p) { @@ -3596,9 +3788,6 @@ char *fstab_node_to_udev_node(const char *p) { bool tty_is_vc(const char *tty) { assert(tty); - if (startswith(tty, "/dev/")) - tty += 5; - return vtnr_from_tty(tty) >= 0; } @@ -3655,12 +3844,21 @@ char *resolve_dev_console(char **active) { else tty = *active; + if (streq(tty, "tty0")) { + char *tmp; + + /* Get the active VC (e.g. tty1) */ + if (read_one_line_file("/sys/class/tty/tty0/active", &tmp) >= 0) { + free(*active); + tty = *active = tmp; + } + } + return tty; } bool tty_is_vc_resolve(const char *tty) { - char *active = NULL; - bool b; + _cleanup_free_ char *active = NULL; assert(tty); @@ -3673,10 +3871,7 @@ bool tty_is_vc_resolve(const char *tty) { return false; } - b = tty_is_vc(tty); - free(active); - - return b; + return tty_is_vc(tty); } const char *default_term_for_tty(const char *tty) { @@ -3713,111 +3908,120 @@ bool dirent_is_file_with_suffix(const struct dirent *de, const char *suffix) { return endswith(de->d_name, suffix); } -void execute_directory(const char *directory, DIR *d, char *argv[]) { - DIR *_d = NULL; - struct dirent *de; - Hashmap *pids = NULL; +void execute_directory(const char *directory, DIR *d, usec_t timeout, char *argv[]) { + pid_t executor_pid; + int r; assert(directory); - /* Executes all binaries in a directory in parallel and - * waits for them to finish. */ + /* Executes all binaries in a directory in parallel and waits + * for them to finish. Optionally a timeout is applied. */ - if (!d) { - if (!(_d = opendir(directory))) { + executor_pid = fork(); + if (executor_pid < 0) { + log_error("Failed to fork: %m"); + return; - if (errno == ENOENT) - return; + } else if (executor_pid == 0) { + _cleanup_hashmap_free_free_ Hashmap *pids = NULL; + _cleanup_closedir_ DIR *_d = NULL; + struct dirent *de; - log_error("Failed to enumerate directory %s: %m", directory); - return; - } + /* We fork this all off from a child process so that + * we can somewhat cleanly make use of SIGALRM to set + * a time limit */ - d = _d; - } + reset_all_signal_handlers(); + reset_signal_mask(); - if (!(pids = hashmap_new(trivial_hash_func, trivial_compare_func))) { - log_error("Failed to allocate set."); - goto finish; - } + assert_se(prctl(PR_SET_PDEATHSIG, SIGTERM) == 0); - while ((de = readdir(d))) { - char *path; - pid_t pid; - int k; + if (!d) { + d = _d = opendir(directory); + if (!d) { + if (errno == ENOENT) + _exit(EXIT_SUCCESS); - if (!dirent_is_file(de)) - continue; + log_error("Failed to enumerate directory %s: %m", directory); + _exit(EXIT_FAILURE); + } + } - if (asprintf(&path, "%s/%s", directory, de->d_name) < 0) { + pids = hashmap_new(NULL); + if (!pids) { log_oom(); - continue; + _exit(EXIT_FAILURE); } - if ((pid = fork()) < 0) { - log_error("Failed to fork: %m"); - free(path); - continue; - } + FOREACH_DIRENT(de, d, break) { + _cleanup_free_ char *path = NULL; + pid_t pid; - if (pid == 0) { - char *_argv[2]; - /* Child */ + if (!dirent_is_file(de)) + continue; - if (!argv) { - _argv[0] = path; - _argv[1] = NULL; - argv = _argv; - } else - argv[0] = path; + path = strjoin(directory, "/", de->d_name, NULL); + if (!path) { + log_oom(); + _exit(EXIT_FAILURE); + } - execv(path, argv); + pid = fork(); + if (pid < 0) { + log_error("Failed to fork: %m"); + continue; + } else if (pid == 0) { + char *_argv[2]; - log_error("Failed to execute %s: %m", path); - _exit(EXIT_FAILURE); - } + assert_se(prctl(PR_SET_PDEATHSIG, SIGTERM) == 0); + + if (!argv) { + _argv[0] = path; + _argv[1] = NULL; + argv = _argv; + } else + argv[0] = path; - log_debug("Spawned %s as %lu", path, (unsigned long) pid); + execv(path, argv); + log_error("Failed to execute %s: %m", path); + _exit(EXIT_FAILURE); + } + + log_debug("Spawned %s as " PID_FMT ".", path, pid); + + r = hashmap_put(pids, UINT_TO_PTR(pid), path); + if (r < 0) { + log_oom(); + _exit(EXIT_FAILURE); + } - if ((k = hashmap_put(pids, UINT_TO_PTR(pid), path)) < 0) { - log_error("Failed to add PID to set: %s", strerror(-k)); - free(path); + path = NULL; } - } - while (!hashmap_isempty(pids)) { - pid_t pid = PTR_TO_UINT(hashmap_first_key(pids)); - siginfo_t si = {}; - char *path; + /* Abort execution of this process after the + * timout. We simply rely on SIGALRM as default action + * terminating the process, and turn on alarm(). */ - if (waitid(P_PID, pid, &si, WEXITED) < 0) { + if (timeout != USEC_INFINITY) + alarm((timeout + USEC_PER_SEC - 1) / USEC_PER_SEC); - if (errno == EINTR) - continue; + while (!hashmap_isempty(pids)) { + _cleanup_free_ char *path = NULL; + pid_t pid; - log_error("waitid() failed: %m"); - goto finish; - } + pid = PTR_TO_UINT(hashmap_first_key(pids)); + assert(pid > 0); - if ((path = hashmap_remove(pids, UINT_TO_PTR(si.si_pid)))) { - if (!is_clean_exit(si.si_code, si.si_status, NULL)) { - if (si.si_code == CLD_EXITED) - log_error("%s exited with exit status %i.", path, si.si_status); - else - log_error("%s terminated by signal %s.", path, signal_to_string(si.si_status)); - } else - log_debug("%s exited successfully.", path); + path = hashmap_remove(pids, UINT_TO_PTR(pid)); + assert(path); - free(path); + wait_for_terminate_and_warn(path, pid); } - } -finish: - if (_d) - closedir(_d); + _exit(EXIT_SUCCESS); + } - if (pids) - hashmap_free_free(pids); + wait_for_terminate_and_warn(directory, executor_pid); } int kill_and_sigcont(pid_t pid, int sig) { @@ -3925,13 +4129,29 @@ char* hostname_cleanup(char *s, bool lowercase) { return s; } +bool machine_name_is_valid(const char *s) { + + if (!hostname_is_valid(s)) + return false; + + /* Machine names should be useful hostnames, but also be + * useful in unit names, hence we enforce a stricter length + * limitation. */ + + if (strlen(s) > 64) + return false; + + return true; +} + int pipe_eof(int fd) { - int r; struct pollfd pollfd = { .fd = fd, .events = POLLIN|POLLHUP, }; + int r; + r = poll(&pollfd, 1, 0); if (r < 0) return -errno; @@ -3943,13 +4163,16 @@ int pipe_eof(int fd) { } int fd_wait_for_event(int fd, int event, usec_t t) { - int r; + struct pollfd pollfd = { .fd = fd, .events = event, }; - r = poll(&pollfd, 1, t == (usec_t) -1 ? -1 : (int) (t / USEC_PER_MSEC)); + struct timespec ts; + int r; + + r = ppoll(&pollfd, 1, t == USEC_INFINITY ? NULL : timespec_store(&ts, t), NULL); if (r < 0) return -errno; @@ -3962,25 +4185,17 @@ int fd_wait_for_event(int fd, int event, usec_t t) { int fopen_temporary(const char *path, FILE **_f, char **_temp_path) { FILE *f; char *t; - const char *fn; - size_t k; int fd; assert(path); assert(_f); assert(_temp_path); - t = new(char, strlen(path) + 1 + 6 + 1); + t = tempfn_xxxxxx(path); if (!t) return -ENOMEM; - fn = path_get_file_name(path); - k = fn-path; - memcpy(t, path, k); - t[k] = '.'; - stpcpy(stpcpy(t+k+1, fn), "XXXXXX"); - - fd = mkostemp(t, O_WRONLY|O_CLOEXEC); + fd = mkostemp_safe(t, O_WRONLY|O_CLOEXEC); if (fd < 0) { free(t); return -errno; @@ -4009,16 +4224,13 @@ int terminal_vhangup_fd(int fd) { } int terminal_vhangup(const char *name) { - int fd, r; + _cleanup_close_ int fd; fd = open_terminal(name, O_RDWR|O_NOCTTY|O_CLOEXEC); if (fd < 0) return fd; - r = terminal_vhangup_fd(fd); - close_nointr_nofail(fd); - - return r; + return terminal_vhangup_fd(fd); } int vt_disallocate(const char *name) { @@ -4045,7 +4257,7 @@ int vt_disallocate(const char *name) { "\033[H" /* move home */ "\033[2J", /* clear screen */ 10, false); - close_nointr_nofail(fd); + safe_close(fd); return 0; } @@ -4066,7 +4278,7 @@ int vt_disallocate(const char *name) { return fd; r = ioctl(fd, VT_DISALLOCATE, u); - close_nointr_nofail(fd); + safe_close(fd); if (r >= 0) return 0; @@ -4085,106 +4297,67 @@ int vt_disallocate(const char *name) { "\033[H" /* move home */ "\033[3J", /* clear screen including scrollback, requires Linux 2.6.40 */ 10, false); - close_nointr_nofail(fd); + safe_close(fd); return 0; } -int copy_file(const char *from, const char *to) { - int r, fdf, fdt; +int symlink_atomic(const char *from, const char *to) { + _cleanup_free_ char *t = NULL; assert(from); assert(to); - fdf = open(from, O_RDONLY|O_CLOEXEC|O_NOCTTY); - if (fdf < 0) + t = tempfn_random(to); + if (!t) + return -ENOMEM; + + if (symlink(from, t) < 0) return -errno; - fdt = open(to, O_WRONLY|O_CREAT|O_EXCL|O_CLOEXEC|O_NOCTTY, 0644); - if (fdt < 0) { - close_nointr_nofail(fdf); + if (rename(t, to) < 0) { + unlink_noerrno(t); return -errno; } - for (;;) { - char buf[PIPE_BUF]; - ssize_t n, k; - - n = read(fdf, buf, sizeof(buf)); - if (n < 0) { - r = -errno; - - close_nointr_nofail(fdf); - close_nointr(fdt); - unlink(to); - - return r; - } - - if (n == 0) - break; + return 0; +} - errno = 0; - k = loop_write(fdt, buf, n, false); - if (n != k) { - r = k < 0 ? k : (errno ? -errno : -EIO); +int mknod_atomic(const char *path, mode_t mode, dev_t dev) { + _cleanup_free_ char *t = NULL; - close_nointr_nofail(fdf); - close_nointr(fdt); + assert(path); - unlink(to); - return r; - } - } + t = tempfn_random(path); + if (!t) + return -ENOMEM; - close_nointr_nofail(fdf); - r = close_nointr(fdt); + if (mknod(t, mode, dev) < 0) + return -errno; - if (r < 0) { - unlink(to); - return r; + if (rename(t, path) < 0) { + unlink_noerrno(t); + return -errno; } return 0; } -int symlink_atomic(const char *from, const char *to) { - char *x; - _cleanup_free_ char *t; - const char *fn; - size_t k; - unsigned long long ull; - unsigned i; - int r; +int mkfifo_atomic(const char *path, mode_t mode) { + _cleanup_free_ char *t = NULL; - assert(from); - assert(to); + assert(path); - t = new(char, strlen(to) + 1 + 16 + 1); + t = tempfn_random(path); if (!t) return -ENOMEM; - fn = path_get_file_name(to); - k = fn-to; - memcpy(t, to, k); - t[k] = '.'; - x = stpcpy(t+k+1, fn); - - ull = random_ull(); - for (i = 0; i < 16; i++) { - *(x++) = hexchar(ull & 0xF); - ull >>= 4; - } - - *x = 0; - - if (symlink(from, t) < 0) + if (mkfifo(t, mode) < 0) return -errno; - if (rename(t, to) < 0) { - r = -errno; - unlink(t); - return r; + if (rename(t, path) < 0) { + unlink_noerrno(t); + return -errno; } return 0; @@ -4211,7 +4384,7 @@ int socket_from_display(const char *display, char **path) { k = strspn(display+1, "0123456789"); - f = new(char, sizeof("/tmp/.X11-unix/X") + k); + f = new(char, strlen("/tmp/.X11-unix/X") + k + 1); if (!f) return -ENOMEM; @@ -4302,7 +4475,7 @@ char* uid_to_name(uid_t uid) { if (p) return strdup(p->pw_name); - if (asprintf(&r, "%lu", (unsigned long) uid) < 0) + if (asprintf(&r, UID_FMT, uid) < 0) return NULL; return r; @@ -4319,7 +4492,7 @@ char* gid_to_name(gid_t gid) { if (p) return strdup(p->gr_name); - if (asprintf(&r, "%lu", (unsigned long) gid) < 0) + if (asprintf(&r, GID_FMT, gid) < 0) return NULL; return r; @@ -4425,7 +4598,7 @@ int glob_extend(char ***strv, const char *path) { char **p; errno = 0; - k = glob(optarg, GLOB_NOSORT|GLOB_BRACE, NULL, &g); + k = glob(path, GLOB_NOSORT|GLOB_BRACE, NULL, &g); if (k == GLOB_NOMATCH) return -ENOENT; @@ -4468,39 +4641,16 @@ int dirent_ensure_type(DIR *d, struct dirent *de) { return 0; } -int in_search_path(const char *path, char **search) { - char **i, *parent; - int r; - - r = path_get_parent(path, &parent); - if (r < 0) - return r; - - r = 0; - - STRV_FOREACH(i, search) { - if (path_equal(parent, *i)) { - r = 1; - break; - } - } - - free(parent); - - return r; -} - int get_files_in_directory(const char *path, char ***list) { - DIR *d; - int r = 0; - unsigned n = 0; - char **l = NULL; + _cleanup_closedir_ DIR *d = NULL; + size_t bufsize = 0, n = 0; + _cleanup_strv_free_ char **l = NULL; assert(path); /* Returns all files in a directory in *list, and the number * of files as return value. If list is NULL returns only the - * number */ + * number. */ d = opendir(path); if (!d) @@ -4508,15 +4658,11 @@ int get_files_in_directory(const char *path, char ***list) { for (;;) { struct dirent *de; - union dirent_storage buf; - int k; - - k = readdir_r(d, &buf.de, &de); - if (k != 0) { - r = -k; - goto finish; - } + errno = 0; + de = readdir(d); + if (!de && errno != 0) + return -errno; if (!de) break; @@ -4526,43 +4672,25 @@ int get_files_in_directory(const char *path, char ***list) { continue; if (list) { - if ((unsigned) r >= n) { - char **t; - - n = MAX(16, 2*r); - t = realloc(l, sizeof(char*) * n); - if (!t) { - r = -ENOMEM; - goto finish; - } - - l = t; - } - - assert((unsigned) r < n); + /* one extra slot is needed for the terminating NULL */ + if (!GREEDY_REALLOC(l, bufsize, n + 2)) + return -ENOMEM; - l[r] = strdup(de->d_name); - if (!l[r]) { - r = -ENOMEM; - goto finish; - } + l[n] = strdup(de->d_name); + if (!l[n]) + return -ENOMEM; - l[++r] = NULL; + l[++n] = NULL; } else - r++; + n++; } -finish: - if (d) - closedir(d); - - if (r >= 0) { - if (list) - *list = l; - } else - strv_free(l); + if (list) { + *list = l; + l = NULL; /* avoid freeing */ + } - return r; + return n; } char *strjoin(const char *x, ...) { @@ -4623,7 +4751,7 @@ char *strjoin(const char *x, ...) { } bool is_main_thread(void) { - static __thread int cached = 0; + static thread_local int cached = 0; if (_unlikely_(cached == 0)) cached = getpid() == gettid() ? 1 : -1; @@ -4772,7 +4900,7 @@ static const char* const sched_policy_table[] = { DEFINE_STRING_TABLE_LOOKUP_WITH_FALLBACK(sched_policy, int, INT_MAX); -static const char* const rlimit_table[] = { +static const char* const rlimit_table[_RLIMIT_MAX] = { [RLIMIT_CPU] = "LimitCPU", [RLIMIT_FSIZE] = "LimitFSIZE", [RLIMIT_DATA] = "LimitDATA", @@ -4841,7 +4969,7 @@ static const char *const __signal_table[] = { DEFINE_PRIVATE_STRING_TABLE_LOOKUP(__signal, int); const char *signal_to_string(int signo) { - static __thread char buf[sizeof("RTMIN+")-1 + DECIMAL_STR_MAX(int) + 1]; + static thread_local char buf[sizeof("RTMIN+")-1 + DECIMAL_STR_MAX(int) + 1]; const char *name; name = __signal_to_string(signo); @@ -4874,7 +5002,7 @@ int signal_from_string(const char *s) { if (signo > 0 && signo < _NSIG) return signo; } - return -1; + return -EINVAL; } bool kexec_loaded(void) { @@ -4889,24 +5017,6 @@ bool kexec_loaded(void) { return loaded; } -int strdup_or_null(const char *a, char **b) { - char *c; - - assert(b); - - if (!a) { - *b = NULL; - return 0; - } - - c = strdup(a); - if (!c) - return -ENOMEM; - - *b = c; - return 0; -} - int prot_from_flags(int flags) { switch (flags & O_ACCMODE) { @@ -4979,15 +5089,15 @@ int fd_inc_sndbuf(int fd, size_t n) { socklen_t l = sizeof(value); r = getsockopt(fd, SOL_SOCKET, SO_SNDBUF, &value, &l); - if (r >= 0 && - l == sizeof(value) && - (size_t) value >= n*2) + if (r >= 0 && l == sizeof(value) && (size_t) value >= n*2) return 0; + /* If we have the privileges we will ignore the kernel limit. */ + value = (int) n; - r = setsockopt(fd, SOL_SOCKET, SO_SNDBUF, &value, sizeof(value)); - if (r < 0) - return -errno; + if (setsockopt(fd, SOL_SOCKET, SO_SNDBUFFORCE, &value, sizeof(value)) < 0) + if (setsockopt(fd, SOL_SOCKET, SO_SNDBUF, &value, sizeof(value)) < 0) + return -errno; return 1; } @@ -4997,23 +5107,22 @@ int fd_inc_rcvbuf(int fd, size_t n) { socklen_t l = sizeof(value); r = getsockopt(fd, SOL_SOCKET, SO_RCVBUF, &value, &l); - if (r >= 0 && - l == sizeof(value) && - (size_t) value >= n*2) + if (r >= 0 && l == sizeof(value) && (size_t) value >= n*2) return 0; - value = (int) n; - r = setsockopt(fd, SOL_SOCKET, SO_RCVBUF, &value, sizeof(value)); - if (r < 0) - return -errno; + /* If we have the privileges we will ignore the kernel limit. */ + value = (int) n; + if (setsockopt(fd, SOL_SOCKET, SO_RCVBUFFORCE, &value, sizeof(value)) < 0) + if (setsockopt(fd, SOL_SOCKET, SO_RCVBUF, &value, sizeof(value)) < 0) + return -errno; return 1; } int fork_agent(pid_t *pid, const int except[], unsigned n_except, const char *path, ...) { - pid_t parent_pid, agent_pid; - int fd; bool stdout_is_tty, stderr_is_tty; + pid_t parent_pid, agent_pid; + sigset_t ss, saved_ss; unsigned n, i; va_list ap; char **l; @@ -5021,16 +5130,25 @@ int fork_agent(pid_t *pid, const int except[], unsigned n_except, const char *pa assert(pid); assert(path); - parent_pid = getpid(); - /* Spawns a temporary TTY agent, making sure it goes away when * we go away */ + parent_pid = getpid(); + + /* First we temporarily block all signals, so that the new + * child has them blocked initially. This way, we can be sure + * that SIGTERMs are not lost we might send to the agent. */ + assert_se(sigfillset(&ss) >= 0); + assert_se(sigprocmask(SIG_SETMASK, &ss, &saved_ss) >= 0); + agent_pid = fork(); - if (agent_pid < 0) + if (agent_pid < 0) { + assert_se(sigprocmask(SIG_SETMASK, &saved_ss, NULL) >= 0); return -errno; + } if (agent_pid != 0) { + assert_se(sigprocmask(SIG_SETMASK, &saved_ss, NULL) >= 0); *pid = agent_pid; return 0; } @@ -5041,8 +5159,14 @@ int fork_agent(pid_t *pid, const int except[], unsigned n_except, const char *pa if (prctl(PR_SET_PDEATHSIG, SIGTERM) < 0) _exit(EXIT_FAILURE); + /* Make sure we actually can kill the agent, if we need to, in + * case somebody invoked us from a shell script that trapped + * SIGTERM or so... */ + reset_all_signal_handlers(); + reset_signal_mask(); + /* Check whether our parent died before we were able - * to set the death signal */ + * to set the death signal and unblock the signals */ if (getppid() != parent_pid) _exit(EXIT_SUCCESS); @@ -5053,6 +5177,8 @@ int fork_agent(pid_t *pid, const int except[], unsigned n_except, const char *pa stderr_is_tty = isatty(STDERR_FILENO); if (!stdout_is_tty || !stderr_is_tty) { + int fd; + /* Detach from stdout/stderr. and reopen * /dev/tty for them. This is important to * ensure that when systemctl is started via @@ -5131,10 +5257,7 @@ int getenv_for_pid(pid_t pid, const char *field, char **_value) { assert(field); assert(_value); - if (pid == 0) - path = "/proc/self/environ"; - else - path = procfs_file_alloca(pid, "environ"); + path = procfs_file_alloca(pid, "environ"); f = fopen(path, "re"); if (!f) @@ -5198,7 +5321,7 @@ bool is_valid_documentation_url(const char *url) { } bool in_initrd(void) { - static __thread int saved = -1; + static int saved = -1; struct statfs s; if (saved >= 0) @@ -5247,7 +5370,7 @@ int make_console_stdio(void) { /* Make /dev/console the controlling terminal and stdin/stdout/stderr */ - fd = acquire_terminal("/dev/console", false, true, true, (usec_t) -1); + fd = acquire_terminal("/dev/console", false, true, true, USEC_INFINITY); if (fd < 0) { log_error("Failed to acquire terminal: %s", strerror(-fd)); return fd; @@ -5263,16 +5386,16 @@ int make_console_stdio(void) { } int get_home_dir(char **_h) { - char *h; + struct passwd *p; const char *e; + char *h; uid_t u; - struct passwd *p; assert(_h); /* Take the user specified one */ - e = getenv("HOME"); - if (e) { + e = secure_getenv("HOME"); + if (e && path_is_absolute(e)) { h = strdup(e); if (!h) return -ENOMEM; @@ -5309,6 +5432,53 @@ int get_home_dir(char **_h) { return 0; } +int get_shell(char **_s) { + struct passwd *p; + const char *e; + char *s; + uid_t u; + + assert(_s); + + /* Take the user specified one */ + e = getenv("SHELL"); + if (e) { + s = strdup(e); + if (!s) + return -ENOMEM; + + *_s = s; + return 0; + } + + /* Hardcode home directory for root to avoid NSS */ + u = getuid(); + if (u == 0) { + s = strdup("/bin/sh"); + if (!s) + return -ENOMEM; + + *_s = s; + return 0; + } + + /* Check the database... */ + errno = 0; + p = getpwuid(u); + if (!p) + return errno > 0 ? -errno : -ESRCH; + + if (!path_is_absolute(p->pw_shell)) + return -EINVAL; + + s = strdup(p->pw_shell); + if (!s) + return -ENOMEM; + + *_s = s; + return 0; +} + bool filename_is_safe(const char *p) { if (isempty(p)) @@ -5332,28 +5502,40 @@ bool filename_is_safe(const char *p) { bool string_is_safe(const char *p) { const char *t; - assert(p); + if (!p) + return false; for (t = p; *t; t++) { if (*t > 0 && *t < ' ') return false; - if (strchr("\\\"\'", *t)) + if (strchr("\\\"\'\0x7f", *t)) return false; } return true; } -bool string_has_cc(const char *p) { +/** + * Check if a string contains control characters. If 'ok' is non-NULL + * it may be a string containing additional CCs to be considered OK. + */ +bool string_has_cc(const char *p, const char *ok) { const char *t; assert(p); - for (t = p; *t; t++) + for (t = p; *t; t++) { + if (ok && strchr(ok, *t)) + continue; + if (*t > 0 && *t < ' ') return true; + if (*t == 127) + return true; + } + return false; } @@ -5419,7 +5601,7 @@ bool is_locale_utf8(void) { goto out; } - if(streq(set, "UTF-8")) { + if (streq(set, "UTF-8")) { cached_answer = true; goto out; } @@ -5446,19 +5628,27 @@ out: const char *draw_special_char(DrawSpecialChar ch) { static const char *draw_table[2][_DRAW_SPECIAL_CHAR_MAX] = { + /* UTF-8 */ { - [DRAW_TREE_VERT] = "\342\224\202 ", /* │ */ + [DRAW_TREE_VERTICAL] = "\342\224\202 ", /* │ */ [DRAW_TREE_BRANCH] = "\342\224\234\342\224\200", /* ├─ */ [DRAW_TREE_RIGHT] = "\342\224\224\342\224\200", /* └─ */ [DRAW_TREE_SPACE] = " ", /* */ - [DRAW_TRIANGULAR_BULLET] = "\342\200\243 ", /* ‣ */ + [DRAW_TRIANGULAR_BULLET] = "\342\200\243", /* ‣ */ + [DRAW_BLACK_CIRCLE] = "\342\227\217", /* ● */ + [DRAW_ARROW] = "\342\206\222", /* → */ + [DRAW_DASH] = "\342\200\223", /* – */ }, + /* ASCII fallback */ { - [DRAW_TREE_VERT] = "| ", + [DRAW_TREE_VERTICAL] = "| ", [DRAW_TREE_BRANCH] = "|-", [DRAW_TREE_RIGHT] = "`-", [DRAW_TREE_SPACE] = " ", - [DRAW_TRIANGULAR_BULLET] = "> ", + [DRAW_TRIANGULAR_BULLET] = ">", + [DRAW_BLACK_CIRCLE] = "*", + [DRAW_ARROW] = "->", + [DRAW_DASH] = "-", } }; @@ -5608,15 +5798,14 @@ int on_ac_power(void) { for (;;) { struct dirent *de; - union dirent_storage buf; _cleanup_close_ int fd = -1, device = -1; char contents[6]; ssize_t n; - int k; - k = readdir_r(d, &buf.de, &de); - if (k != 0) - return -k; + errno = 0; + de = readdir(d); + if (!de && errno != 0) + return -errno; if (!de) break; @@ -5647,7 +5836,7 @@ int on_ac_power(void) { if (n != 6 || memcmp(contents, "Mains\n", 6)) continue; - close_nointr_nofail(fd); + safe_close(fd); fd = openat(device, "online", O_RDONLY|O_CLOEXEC|O_NOCTTY); if (fd < 0) { if (errno == ENOENT) @@ -5675,21 +5864,24 @@ int on_ac_power(void) { return found_online || !found_offline; } -static int search_and_fopen_internal(const char *path, const char *mode, char **search, FILE **_f) { +static int search_and_fopen_internal(const char *path, const char *mode, const char *root, char **search, FILE **_f) { char **i; assert(path); assert(mode); assert(_f); - if (!path_strv_canonicalize_uniq(search)) + if (!path_strv_resolve_uniq(search, root)) return -ENOMEM; STRV_FOREACH(i, search) { _cleanup_free_ char *p = NULL; FILE *f; - p = strjoin(*i, "/", path, NULL); + if (root) + p = strjoin(root, *i, "/", path, NULL); + else + p = strjoin(*i, "/", path, NULL); if (!p) return -ENOMEM; @@ -5706,7 +5898,7 @@ static int search_and_fopen_internal(const char *path, const char *mode, char ** return -ENOENT; } -int search_and_fopen(const char *path, const char *mode, const char **search, FILE **_f) { +int search_and_fopen(const char *path, const char *mode, const char *root, const char **search, FILE **_f) { _cleanup_strv_free_ char **copy = NULL; assert(path); @@ -5729,10 +5921,10 @@ int search_and_fopen(const char *path, const char *mode, const char **search, FI if (!copy) return -ENOMEM; - return search_and_fopen_internal(path, mode, copy, _f); + return search_and_fopen_internal(path, mode, root, copy, _f); } -int search_and_fopen_nulstr(const char *path, const char *mode, const char *search, FILE **_f) { +int search_and_fopen_nulstr(const char *path, const char *mode, const char *root, const char *search, FILE **_f) { _cleanup_strv_free_ char **s = NULL; if (path_is_absolute(path)) { @@ -5751,57 +5943,7 @@ int search_and_fopen_nulstr(const char *path, const char *mode, const char *sear if (!s) return -ENOMEM; - return search_and_fopen_internal(path, mode, s, _f); -} - -int create_tmp_dir(char template[], char** dir_name) { - int r = 0; - char *d = NULL, *dt; - - assert(dir_name); - - RUN_WITH_UMASK(0077) { - d = mkdtemp(template); - } - if (!d) { - log_error("Can't create directory %s: %m", template); - return -errno; - } - - dt = strjoin(d, "/tmp", NULL); - if (!dt) { - r = log_oom(); - goto fail3; - } - - RUN_WITH_UMASK(0000) { - r = mkdir(dt, 0777); - } - if (r < 0) { - log_error("Can't create directory %s: %m", dt); - r = -errno; - goto fail2; - } - log_debug("Created temporary directory %s", dt); - - r = chmod(dt, 0777 | S_ISVTX); - if (r < 0) { - log_error("Failed to chmod %s: %m", dt); - r = -errno; - goto fail1; - } - log_debug("Set sticky bit on %s", dt); - - *dir_name = dt; - - return 0; -fail1: - rmdir(dt); -fail2: - free(dt); -fail3: - rmdir(template); - return r; + return search_and_fopen_internal(path, mode, root, s, _f); } char *strextend(char **x, ...) { @@ -5875,20 +6017,48 @@ char *strrep(const char *s, unsigned n) { return r; } -void* greedy_realloc(void **p, size_t *allocated, size_t need) { - size_t a; +void* greedy_realloc(void **p, size_t *allocated, size_t need, size_t size) { + size_t a, newalloc; void *q; + assert(p); + assert(allocated); + if (*allocated >= need) return *p; - a = MAX(64u, need * 2); + newalloc = MAX(need * 2, 64u / size); + a = newalloc * size; + + /* check for overflows */ + if (a < size * need) + return NULL; + q = realloc(*p, a); if (!q) return NULL; *p = q; - *allocated = a; + *allocated = newalloc; + return q; +} + +void* greedy_realloc0(void **p, size_t *allocated, size_t need, size_t size) { + size_t prev; + uint8_t *q; + + assert(p); + assert(allocated); + + prev = *allocated; + + q = greedy_realloc(p, allocated, need, size); + if (!q) + return NULL; + + if (*allocated > prev) + memzero(q + prev * size, (*allocated - prev) * size); + return q; } @@ -5933,20 +6103,6 @@ bool id128_is_valid(const char *s) { return true; } -void parse_user_at_host(char *arg, char **user, char **host) { - assert(arg); - assert(user); - assert(host); - - *host = strchr(arg, '@'); - if (*host == NULL) - *host = arg; - else { - *host[0]++ = '\0'; - *user = arg; - } -} - int split_pair(const char *s, const char *sep, char **l, char **r) { char *x, *a, *b; @@ -5977,3 +6133,1104 @@ int split_pair(const char *s, const char *sep, char **l, char **r) { return 0; } + +int shall_restore_state(void) { + _cleanup_free_ char *line = NULL; + const char *word, *state; + size_t l; + int r; + + r = proc_cmdline(&line); + if (r < 0) + return r; + if (r == 0) /* Container ... */ + return 1; + + r = 1; + + FOREACH_WORD_QUOTED(word, l, line, state) { + const char *e; + char n[l+1]; + int k; + + memcpy(n, word, l); + n[l] = 0; + + e = startswith(n, "systemd.restore_state="); + if (!e) + continue; + + k = parse_boolean(e); + if (k >= 0) + r = k; + } + + return r; +} + +int proc_cmdline(char **ret) { + int r; + + if (detect_container(NULL) > 0) { + char *buf = NULL, *p; + size_t sz = 0; + + r = read_full_file("/proc/1/cmdline", &buf, &sz); + if (r < 0) + return r; + + for (p = buf; p + 1 < buf + sz; p++) + if (*p == 0) + *p = ' '; + + *p = 0; + *ret = buf; + return 1; + } + + r = read_one_line_file("/proc/cmdline", ret); + if (r < 0) + return r; + + return 1; +} + +int parse_proc_cmdline(int (*parse_item)(const char *key, const char *value)) { + _cleanup_free_ char *line = NULL; + const char *w, *state; + size_t l; + int r; + + assert(parse_item); + + r = proc_cmdline(&line); + if (r < 0) + log_warning("Failed to read /proc/cmdline, ignoring: %s", strerror(-r)); + if (r <= 0) + return 0; + + FOREACH_WORD_QUOTED(w, l, line, state) { + char word[l+1], *value; + + memcpy(word, w, l); + word[l] = 0; + + /* Filter out arguments that are intended only for the + * initrd */ + if (!in_initrd() && startswith(word, "rd.")) + continue; + + value = strchr(word, '='); + if (value) + *(value++) = 0; + + r = parse_item(word, value); + if (r < 0) + return r; + } + + return 0; +} + +int container_get_leader(const char *machine, pid_t *pid) { + _cleanup_free_ char *s = NULL, *class = NULL; + const char *p; + pid_t leader; + int r; + + assert(machine); + assert(pid); + + p = strappenda("/run/systemd/machines/", machine); + r = parse_env_file(p, NEWLINE, "LEADER", &s, "CLASS", &class, NULL); + if (r == -ENOENT) + return -EHOSTDOWN; + if (r < 0) + return r; + if (!s) + return -EIO; + + if (!streq_ptr(class, "container")) + return -EIO; + + r = parse_pid(s, &leader); + if (r < 0) + return r; + if (leader <= 1) + return -EIO; + + *pid = leader; + return 0; +} + +int namespace_open(pid_t pid, int *pidns_fd, int *mntns_fd, int *netns_fd, int *root_fd) { + _cleanup_close_ int pidnsfd = -1, mntnsfd = -1, netnsfd = -1; + int rfd = -1; + + assert(pid >= 0); + + if (mntns_fd) { + const char *mntns; + + mntns = procfs_file_alloca(pid, "ns/mnt"); + mntnsfd = open(mntns, O_RDONLY|O_NOCTTY|O_CLOEXEC); + if (mntnsfd < 0) + return -errno; + } + + if (pidns_fd) { + const char *pidns; + + pidns = procfs_file_alloca(pid, "ns/pid"); + pidnsfd = open(pidns, O_RDONLY|O_NOCTTY|O_CLOEXEC); + if (pidnsfd < 0) + return -errno; + } + + if (netns_fd) { + const char *netns; + + netns = procfs_file_alloca(pid, "ns/net"); + netnsfd = open(netns, O_RDONLY|O_NOCTTY|O_CLOEXEC); + if (netnsfd < 0) + return -errno; + } + + if (root_fd) { + const char *root; + + root = procfs_file_alloca(pid, "root"); + rfd = open(root, O_RDONLY|O_NOCTTY|O_CLOEXEC|O_DIRECTORY); + if (rfd < 0) + return -errno; + } + + if (pidns_fd) + *pidns_fd = pidnsfd; + + if (mntns_fd) + *mntns_fd = mntnsfd; + + if (netns_fd) + *netns_fd = netnsfd; + + if (root_fd) + *root_fd = rfd; + + pidnsfd = mntnsfd = netnsfd = -1; + + return 0; +} + +int namespace_enter(int pidns_fd, int mntns_fd, int netns_fd, int root_fd) { + + if (pidns_fd >= 0) + if (setns(pidns_fd, CLONE_NEWPID) < 0) + return -errno; + + if (mntns_fd >= 0) + if (setns(mntns_fd, CLONE_NEWNS) < 0) + return -errno; + + if (netns_fd >= 0) + if (setns(netns_fd, CLONE_NEWNET) < 0) + return -errno; + + if (root_fd >= 0) { + if (fchdir(root_fd) < 0) + return -errno; + + if (chroot(".") < 0) + return -errno; + } + + if (setresgid(0, 0, 0) < 0) + return -errno; + + if (setgroups(0, NULL) < 0) + return -errno; + + if (setresuid(0, 0, 0) < 0) + return -errno; + + return 0; +} + +bool pid_is_unwaited(pid_t pid) { + /* Checks whether a PID is still valid at all, including a zombie */ + + if (pid <= 0) + return false; + + if (kill(pid, 0) >= 0) + return true; + + return errno != ESRCH; +} + +bool pid_is_alive(pid_t pid) { + int r; + + /* Checks whether a PID is still valid and not a zombie */ + + if (pid <= 0) + return false; + + r = get_process_state(pid); + if (r == -ENOENT || r == 'Z') + return false; + + return true; +} + +int getpeercred(int fd, struct ucred *ucred) { + socklen_t n = sizeof(struct ucred); + struct ucred u; + int r; + + assert(fd >= 0); + assert(ucred); + + r = getsockopt(fd, SOL_SOCKET, SO_PEERCRED, &u, &n); + if (r < 0) + return -errno; + + if (n != sizeof(struct ucred)) + return -EIO; + + /* Check if the data is actually useful and not suppressed due + * to namespacing issues */ + if (u.pid <= 0) + return -ENODATA; + + *ucred = u; + return 0; +} + +int getpeersec(int fd, char **ret) { + socklen_t n = 64; + char *s; + int r; + + assert(fd >= 0); + assert(ret); + + s = new0(char, n); + if (!s) + return -ENOMEM; + + r = getsockopt(fd, SOL_SOCKET, SO_PEERSEC, s, &n); + if (r < 0) { + free(s); + + if (errno != ERANGE) + return -errno; + + s = new0(char, n); + if (!s) + return -ENOMEM; + + r = getsockopt(fd, SOL_SOCKET, SO_PEERSEC, s, &n); + if (r < 0) { + free(s); + return -errno; + } + } + + if (isempty(s)) { + free(s); + return -ENOTSUP; + } + + *ret = s; + return 0; +} + +/* This is much like like mkostemp() but is subject to umask(). */ +int mkostemp_safe(char *pattern, int flags) { + _cleanup_umask_ mode_t u; + int fd; + + assert(pattern); + + u = umask(077); + + fd = mkostemp(pattern, flags); + if (fd < 0) + return -errno; + + return fd; +} + +int open_tmpfile(const char *path, int flags) { + char *p; + int fd; + + assert(path); + +#ifdef O_TMPFILE + /* Try O_TMPFILE first, if it is supported */ + fd = open(path, flags|O_TMPFILE, S_IRUSR|S_IWUSR); + if (fd >= 0) + return fd; +#endif + + /* Fall back to unguessable name + unlinking */ + p = strappenda(path, "/systemd-tmp-XXXXXX"); + + fd = mkostemp_safe(p, flags); + if (fd < 0) + return fd; + + unlink(p); + return fd; +} + +int fd_warn_permissions(const char *path, int fd) { + struct stat st; + + if (fstat(fd, &st) < 0) + return -errno; + + if (st.st_mode & 0111) + log_warning("Configuration file %s is marked executable. Please remove executable permission bits. Proceeding anyway.", path); + + if (st.st_mode & 0002) + log_warning("Configuration file %s is marked world-writable. Please remove world writability permission bits. Proceeding anyway.", path); + + if (getpid() == 1 && (st.st_mode & 0044) != 0044) + log_warning("Configuration file %s is marked world-inaccessible. This has no effect as configuration data is accessible via APIs without restrictions. Proceeding anyway.", path); + + return 0; +} + +unsigned long personality_from_string(const char *p) { + + /* Parse a personality specifier. We introduce our own + * identifiers that indicate specific ABIs, rather than just + * hints regarding the register size, since we want to keep + * things open for multiple locally supported ABIs for the + * same register size. We try to reuse the ABI identifiers + * used by libseccomp. */ + +#if defined(__x86_64__) + + if (streq(p, "x86")) + return PER_LINUX32; + + if (streq(p, "x86-64")) + return PER_LINUX; + +#elif defined(__i386__) + + if (streq(p, "x86")) + return PER_LINUX; +#endif + + /* personality(7) documents that 0xffffffffUL is used for + * querying the current personality, hence let's use that here + * as error indicator. */ + return 0xffffffffUL; +} + +const char* personality_to_string(unsigned long p) { + +#if defined(__x86_64__) + + if (p == PER_LINUX32) + return "x86"; + + if (p == PER_LINUX) + return "x86-64"; + +#elif defined(__i386__) + + if (p == PER_LINUX) + return "x86"; +#endif + + return NULL; +} + +uint64_t physical_memory(void) { + long mem; + + /* We return this as uint64_t in case we are running as 32bit + * process on a 64bit kernel with huge amounts of memory */ + + mem = sysconf(_SC_PHYS_PAGES); + assert(mem > 0); + + return (uint64_t) mem * (uint64_t) page_size(); +} + +char* mount_test_option(const char *haystack, const char *needle) { + + struct mntent me = { + .mnt_opts = (char*) haystack + }; + + assert(needle); + + /* Like glibc's hasmntopt(), but works on a string, not a + * struct mntent */ + + if (!haystack) + return NULL; + + return hasmntopt(&me, needle); +} + +void hexdump(FILE *f, const void *p, size_t s) { + const uint8_t *b = p; + unsigned n = 0; + + assert(s == 0 || b); + + while (s > 0) { + size_t i; + + fprintf(f, "%04x ", n); + + for (i = 0; i < 16; i++) { + + if (i >= s) + fputs(" ", f); + else + fprintf(f, "%02x ", b[i]); + + if (i == 7) + fputc(' ', f); + } + + fputc(' ', f); + + for (i = 0; i < 16; i++) { + + if (i >= s) + fputc(' ', f); + else + fputc(isprint(b[i]) ? (char) b[i] : '.', f); + } + + fputc('\n', f); + + if (s < 16) + break; + + n += 16; + b += 16; + s -= 16; + } +} + +int update_reboot_param_file(const char *param) { + int r = 0; + + if (param) { + + r = write_string_file(REBOOT_PARAM_FILE, param); + if (r < 0) + log_error("Failed to write reboot param to " + REBOOT_PARAM_FILE": %s", strerror(-r)); + } else + unlink(REBOOT_PARAM_FILE); + + return r; +} + +int umount_recursive(const char *prefix, int flags) { + bool again; + int n = 0, r; + + /* Try to umount everything recursively below a + * directory. Also, take care of stacked mounts, and keep + * unmounting them until they are gone. */ + + do { + _cleanup_fclose_ FILE *proc_self_mountinfo = NULL; + + again = false; + r = 0; + + proc_self_mountinfo = fopen("/proc/self/mountinfo", "re"); + if (!proc_self_mountinfo) + return -errno; + + for (;;) { + _cleanup_free_ char *path = NULL, *p = NULL; + int k; + + k = fscanf(proc_self_mountinfo, + "%*s " /* (1) mount id */ + "%*s " /* (2) parent id */ + "%*s " /* (3) major:minor */ + "%*s " /* (4) root */ + "%ms " /* (5) mount point */ + "%*s" /* (6) mount options */ + "%*[^-]" /* (7) optional fields */ + "- " /* (8) separator */ + "%*s " /* (9) file system type */ + "%*s" /* (10) mount source */ + "%*s" /* (11) mount options 2 */ + "%*[^\n]", /* some rubbish at the end */ + &path); + if (k != 1) { + if (k == EOF) + break; + + continue; + } + + p = cunescape(path); + if (!p) + return -ENOMEM; + + if (!path_startswith(p, prefix)) + continue; + + if (umount2(p, flags) < 0) { + r = -errno; + continue; + } + + again = true; + n++; + + break; + } + + } while (again); + + return r ? r : n; +} + +int bind_remount_recursive(const char *prefix, bool ro) { + _cleanup_set_free_free_ Set *done = NULL; + _cleanup_free_ char *cleaned = NULL; + int r; + + /* Recursively remount a directory (and all its submounts) + * read-only or read-write. If the directory is already + * mounted, we reuse the mount and simply mark it + * MS_BIND|MS_RDONLY (or remove the MS_RDONLY for read-write + * operation). If it isn't we first make it one. Afterwards we + * apply MS_BIND|MS_RDONLY (or remove MS_RDONLY) to all + * submounts we can access, too. When mounts are stacked on + * the same mount point we only care for each individual + * "top-level" mount on each point, as we cannot + * influence/access the underlying mounts anyway. We do not + * have any effect on future submounts that might get + * propagated, they migt be writable. This includes future + * submounts that have been triggered via autofs. */ + + cleaned = strdup(prefix); + if (!cleaned) + return -ENOMEM; + + path_kill_slashes(cleaned); + + done = set_new(&string_hash_ops); + if (!done) + return -ENOMEM; + + for (;;) { + _cleanup_fclose_ FILE *proc_self_mountinfo = NULL; + _cleanup_set_free_free_ Set *todo = NULL; + bool top_autofs = false; + char *x; + + todo = set_new(&string_hash_ops); + if (!todo) + return -ENOMEM; + + proc_self_mountinfo = fopen("/proc/self/mountinfo", "re"); + if (!proc_self_mountinfo) + return -errno; + + for (;;) { + _cleanup_free_ char *path = NULL, *p = NULL, *type = NULL; + int k; + + k = fscanf(proc_self_mountinfo, + "%*s " /* (1) mount id */ + "%*s " /* (2) parent id */ + "%*s " /* (3) major:minor */ + "%*s " /* (4) root */ + "%ms " /* (5) mount point */ + "%*s" /* (6) mount options (superblock) */ + "%*[^-]" /* (7) optional fields */ + "- " /* (8) separator */ + "%ms " /* (9) file system type */ + "%*s" /* (10) mount source */ + "%*s" /* (11) mount options (bind mount) */ + "%*[^\n]", /* some rubbish at the end */ + &path, + &type); + if (k != 2) { + if (k == EOF) + break; + + continue; + } + + p = cunescape(path); + if (!p) + return -ENOMEM; + + /* Let's ignore autofs mounts. If they aren't + * triggered yet, we want to avoid triggering + * them, as we don't make any guarantees for + * future submounts anyway. If they are + * already triggered, then we will find + * another entry for this. */ + if (streq(type, "autofs")) { + top_autofs = top_autofs || path_equal(cleaned, p); + continue; + } + + if (path_startswith(p, cleaned) && + !set_contains(done, p)) { + + r = set_consume(todo, p); + p = NULL; + + if (r == -EEXIST) + continue; + if (r < 0) + return r; + } + } + + /* If we have no submounts to process anymore and if + * the root is either already done, or an autofs, we + * are done */ + if (set_isempty(todo) && + (top_autofs || set_contains(done, cleaned))) + return 0; + + if (!set_contains(done, cleaned) && + !set_contains(todo, cleaned)) { + /* The prefix directory itself is not yet a + * mount, make it one. */ + if (mount(cleaned, cleaned, NULL, MS_BIND|MS_REC, NULL) < 0) + return -errno; + + if (mount(NULL, prefix, NULL, MS_BIND|MS_REMOUNT|(ro ? MS_RDONLY : 0), NULL) < 0) + return -errno; + + x = strdup(cleaned); + if (!x) + return -ENOMEM; + + r = set_consume(done, x); + if (r < 0) + return r; + } + + while ((x = set_steal_first(todo))) { + + r = set_consume(done, x); + if (r == -EEXIST) + continue; + if (r < 0) + return r; + + if (mount(NULL, x, NULL, MS_BIND|MS_REMOUNT|(ro ? MS_RDONLY : 0), NULL) < 0) { + + /* Deal with mount points that are + * obstructed by a later mount */ + + if (errno != ENOENT) + return -errno; + } + + } + } +} + +int fflush_and_check(FILE *f) { + assert(f); + + errno = 0; + fflush(f); + + if (ferror(f)) + return errno ? -errno : -EIO; + + return 0; +} + +char *tempfn_xxxxxx(const char *p) { + const char *fn; + char *t; + size_t k; + + assert(p); + + t = new(char, strlen(p) + 1 + 6 + 1); + if (!t) + return NULL; + + fn = basename(p); + k = fn - p; + + strcpy(stpcpy(stpcpy(mempcpy(t, p, k), "."), fn), "XXXXXX"); + + return t; +} + +char *tempfn_random(const char *p) { + const char *fn; + char *t, *x; + uint64_t u; + size_t k; + unsigned i; + + assert(p); + + t = new(char, strlen(p) + 1 + 16 + 1); + if (!t) + return NULL; + + fn = basename(p); + k = fn - p; + + x = stpcpy(stpcpy(mempcpy(t, p, k), "."), fn); + + u = random_u64(); + for (i = 0; i < 16; i++) { + *(x++) = hexchar(u & 0xF); + u >>= 4; + } + + *x = 0; + + return t; +} + +/* make sure the hostname is not "localhost" */ +bool is_localhost(const char *hostname) { + assert(hostname); + + /* This tries to identify local host and domain names + * described in RFC6761 plus the redhatism of .localdomain */ + + return streq(hostname, "localhost") || + streq(hostname, "localhost.") || + streq(hostname, "localdomain.") || + streq(hostname, "localdomain") || + endswith(hostname, ".localhost") || + endswith(hostname, ".localhost.") || + endswith(hostname, ".localdomain") || + endswith(hostname, ".localdomain."); +} + +int take_password_lock(const char *root) { + + struct flock flock = { + .l_type = F_WRLCK, + .l_whence = SEEK_SET, + .l_start = 0, + .l_len = 0, + }; + + const char *path; + int fd, r; + + /* This is roughly the same as lckpwdf(), but not as awful. We + * don't want to use alarm() and signals, hence we implement + * our own trivial version of this. + * + * Note that shadow-utils also takes per-database locks in + * addition to lckpwdf(). However, we don't given that they + * are redundant as they they invoke lckpwdf() first and keep + * it during everything they do. The per-database locks are + * awfully racy, and thus we just won't do them. */ + + if (root) + path = strappenda(root, "/etc/.pwd.lock"); + else + path = "/etc/.pwd.lock"; + + fd = open(path, O_WRONLY|O_CREAT|O_CLOEXEC|O_NOCTTY|O_NOFOLLOW, 0600); + if (fd < 0) + return -errno; + + r = fcntl(fd, F_SETLKW, &flock); + if (r < 0) { + safe_close(fd); + return -errno; + } + + return fd; +} + +int is_symlink(const char *path) { + struct stat info; + + if (lstat(path, &info) < 0) + return -errno; + + return !!S_ISLNK(info.st_mode); +} + +int is_dir(const char* path, bool follow) { + struct stat st; + + if (follow) { + if (stat(path, &st) < 0) + return -errno; + } else { + if (lstat(path, &st) < 0) + return -errno; + } + + return !!S_ISDIR(st.st_mode); +} + +int unquote_first_word(const char **p, char **ret) { + _cleanup_free_ char *s = NULL; + size_t allocated = 0, sz = 0; + + enum { + START, + VALUE, + VALUE_ESCAPE, + SINGLE_QUOTE, + SINGLE_QUOTE_ESCAPE, + DOUBLE_QUOTE, + DOUBLE_QUOTE_ESCAPE, + SPACE, + } state = START; + + assert(p); + assert(*p); + assert(ret); + + /* Parses the first word of a string, and returns it in + * *ret. Removes all quotes in the process. When parsing fails + * (because of an uneven number of quotes or similar), leaves + * the pointer *p at the first invalid character. */ + + for (;;) { + char c = **p; + + switch (state) { + + case START: + if (c == 0) + goto finish; + else if (strchr(WHITESPACE, c)) + break; + + state = VALUE; + /* fallthrough */ + + case VALUE: + if (c == 0) + goto finish; + else if (c == '\'') + state = SINGLE_QUOTE; + else if (c == '\\') + state = VALUE_ESCAPE; + else if (c == '\"') + state = DOUBLE_QUOTE; + else if (strchr(WHITESPACE, c)) + state = SPACE; + else { + if (!GREEDY_REALLOC(s, allocated, sz+2)) + return -ENOMEM; + + s[sz++] = c; + } + + break; + + case VALUE_ESCAPE: + if (c == 0) + return -EINVAL; + + if (!GREEDY_REALLOC(s, allocated, sz+2)) + return -ENOMEM; + + s[sz++] = c; + state = VALUE; + + break; + + case SINGLE_QUOTE: + if (c == 0) + return -EINVAL; + else if (c == '\'') + state = VALUE; + else if (c == '\\') + state = SINGLE_QUOTE_ESCAPE; + else { + if (!GREEDY_REALLOC(s, allocated, sz+2)) + return -ENOMEM; + + s[sz++] = c; + } + + break; + + case SINGLE_QUOTE_ESCAPE: + if (c == 0) + return -EINVAL; + + if (!GREEDY_REALLOC(s, allocated, sz+2)) + return -ENOMEM; + + s[sz++] = c; + state = SINGLE_QUOTE; + break; + + case DOUBLE_QUOTE: + if (c == 0) + return -EINVAL; + else if (c == '\"') + state = VALUE; + else if (c == '\\') + state = DOUBLE_QUOTE_ESCAPE; + else { + if (!GREEDY_REALLOC(s, allocated, sz+2)) + return -ENOMEM; + + s[sz++] = c; + } + + break; + + case DOUBLE_QUOTE_ESCAPE: + if (c == 0) + return -EINVAL; + + if (!GREEDY_REALLOC(s, allocated, sz+2)) + return -ENOMEM; + + s[sz++] = c; + state = DOUBLE_QUOTE; + break; + + case SPACE: + if (c == 0) + goto finish; + if (!strchr(WHITESPACE, c)) + goto finish; + + break; + } + + (*p) ++; + } + +finish: + if (!s) { + *ret = NULL; + return 0; + } + + s[sz] = 0; + *ret = s; + s = NULL; + + return 1; +} + +int unquote_many_words(const char **p, ...) { + va_list ap; + char **l; + int n = 0, i, c, r; + + /* Parses a number of words from a string, stripping any + * quotes if necessary. */ + + assert(p); + + /* Count how many words are expected */ + va_start(ap, p); + for (;;) { + if (!va_arg(ap, char **)) + break; + n++; + } + va_end(ap); + + if (n <= 0) + return 0; + + /* Read all words into a temporary array */ + l = newa0(char*, n); + for (c = 0; c < n; c++) { + + r = unquote_first_word(p, &l[c]); + if (r < 0) { + int j; + + for (j = 0; j < c; j++) + free(l[j]); + + return r; + } + + if (r == 0) + break; + } + + /* If we managed to parse all words, return them in the passed + * in parameters */ + va_start(ap, p); + for (i = 0; i < n; i++) { + char **v; + + v = va_arg(ap, char **); + assert(v); + + *v = l[i]; + } + va_end(ap); + + return c; +} + +int free_and_strdup(char **p, const char *s) { + char *t; + + assert(p); + + /* Replaces a string pointer with an strdup()ed new string, + * possibly freeing the old one. */ + + if (s) { + t = strdup(s); + if (!t) + return -ENOMEM; + } else + t = NULL; + + free(*p); + *p = t; + + return 0; +} + +int sethostname_idempotent(const char *s) { + int r; + char buf[HOST_NAME_MAX + 1] = {}; + + assert(s); + + r = gethostname(buf, sizeof(buf)); + if (r < 0) + return -errno; + + if (streq(buf, s)) + return 0; + + r = sethostname(s, strlen(s)); + if (r < 0) + return -errno; + + return 1; +}