X-Git-Url: http://www.chiark.greenend.org.uk/ucgi/~ianmdlvl/git?p=elogind.git;a=blobdiff_plain;f=src%2Fshared%2Futil.c;h=72b1e2f3c89da92c302b10c6f80e3c5940d42f28;hp=54dbace193f236576edc73e0ad8ceb07e4162174;hb=9f5650aecb22a1d864b2c0b749910556795f1490;hpb=b47d419c25ecc735615a1088060c1ec8bef1e41f;ds=sidebyside diff --git a/src/shared/util.c b/src/shared/util.c index 54dbace19..72b1e2f3c 100644 --- a/src/shared/util.c +++ b/src/shared/util.c @@ -41,7 +41,6 @@ #include #include #include -#include #include #include #include @@ -60,6 +59,11 @@ #include #include #include +#undef basename + +#ifdef HAVE_SYS_AUXV_H +#include +#endif #include "macro.h" #include "util.h" @@ -76,6 +80,8 @@ #include "device-nodes.h" #include "utf8.h" #include "gunicode.h" +#include "virt.h" +#include "def.h" int saved_argc = 0; char **saved_argv = NULL; @@ -84,7 +90,7 @@ static volatile unsigned cached_columns = 0; static volatile unsigned cached_lines = 0; size_t page_size(void) { - static __thread size_t pgsz = 0; + static thread_local size_t pgsz = 0; long r; if (_likely_(pgsz > 0)) @@ -353,8 +359,23 @@ int safe_atod(const char *s, double *ret_d) { return 0; } +static size_t strcspn_escaped(const char *s, const char *reject) { + bool escaped = false; + size_t n; + + for (n=0; s[n]; n++) { + if (escaped) + escaped = false; + else if (s[n] == '\\') + escaped = true; + else if (strchr(reject, s[n])) + return n; + } + return n; +} + /* Split a string into words. */ -char *split(const char *c, size_t *l, const char *separator, char **state) { +char *split(const char *c, size_t *l, const char *separator, bool quoted, char **state) { char *current; current = *state ? *state : (char*) c; @@ -363,64 +384,19 @@ char *split(const char *c, size_t *l, const char *separator, char **state) { return NULL; current += strspn(current, separator); - *l = strcspn(current, separator); - *state = current+*l; - - return (char*) current; -} - -/* Split a string into words, but consider strings enclosed in '' and - * "" as words even if they include spaces. */ -char *split_quoted(const char *c, size_t *l, char **state) { - char *current, *e; - bool escaped = false; - - current = *state ? *state : (char*) c; - - if (!*current || *c == 0) + if (!*current) return NULL; - current += strspn(current, WHITESPACE); - - if (*current == '\'') { - current ++; - - for (e = current; *e; e++) { - if (escaped) - escaped = false; - else if (*e == '\\') - escaped = true; - else if (*e == '\'') - break; - } - - *l = e-current; - *state = *e == 0 ? e : e+1; - } else if (*current == '\"') { - current ++; - - for (e = current; *e; e++) { - if (escaped) - escaped = false; - else if (*e == '\\') - escaped = true; - else if (*e == '\"') - break; - } - - *l = e-current; - *state = *e == 0 ? e : e+1; + if (quoted && strchr("\'\"", *current)) { + char quotechar = *(current++); + *l = strcspn_escaped(current, (char[]){quotechar, '\0'}); + *state = current+*l+1; + } else if (quoted) { + *l = strcspn_escaped(current, separator); + *state = current+*l; } else { - for (e = current; *e; e++) { - if (escaped) - escaped = false; - else if (*e == '\\') - escaped = true; - else if (strchr(WHITESPACE, *e)) - break; - } - *l = e-current; - *state = e; + *l = strcspn(current, separator); + *state = current+*l; } return (char*) current; @@ -428,8 +404,7 @@ char *split_quoted(const char *c, size_t *l, char **state) { int get_parent_of_pid(pid_t pid, pid_t *_ppid) { int r; - _cleanup_fclose_ FILE *f = NULL; - char line[LINE_MAX]; + _cleanup_free_ char *line = NULL; long unsigned ppid; const char *p; @@ -442,14 +417,9 @@ int get_parent_of_pid(pid_t pid, pid_t *_ppid) { } p = procfs_file_alloca(pid, "stat"); - f = fopen(p, "re"); - if (!f) - return -errno; - - if (!fgets(line, sizeof(line), f)) { - r = feof(f) ? -EIO : -errno; + r = read_one_line_file(p, &line); + if (r < 0) return r; - } /* Let's skip the pid and comm fields. The latter is enclosed * in () but does not escape any () in its value, so let's @@ -476,28 +446,17 @@ int get_parent_of_pid(pid_t pid, pid_t *_ppid) { } int get_starttime_of_pid(pid_t pid, unsigned long long *st) { - _cleanup_fclose_ FILE *f = NULL; - char line[LINE_MAX]; + int r; + _cleanup_free_ char *line = NULL; const char *p; assert(pid >= 0); assert(st); - if (pid == 0) - p = "/proc/self/stat"; - else - p = procfs_file_alloca(pid, "stat"); - - f = fopen(p, "re"); - if (!f) - return -errno; - - if (!fgets(line, sizeof(line), f)) { - if (ferror(f)) - return -errno; - - return -EIO; - } + p = procfs_file_alloca(pid, "stat"); + r = read_one_line_file(p, &line); + if (r < 0) + return r; /* Let's skip the pid and comm fields. The latter is enclosed * in () but does not escape any () in its value, so let's @@ -554,18 +513,45 @@ char *truncate_nl(char *s) { return s; } +int get_process_state(pid_t pid) { + const char *p; + char state; + int r; + _cleanup_free_ char *line = NULL; + + assert(pid >= 0); + + p = procfs_file_alloca(pid, "stat"); + r = read_one_line_file(p, &line); + if (r < 0) + return r; + + p = strrchr(line, ')'); + if (!p) + return -EIO; + + p++; + + if (sscanf(p, " %c", &state) != 1) + return -EIO; + + return (unsigned char) state; +} + int get_process_comm(pid_t pid, char **name) { const char *p; + int r; assert(name); assert(pid >= 0); - if (pid == 0) - p = "/proc/self/comm"; - else - p = procfs_file_alloca(pid, "comm"); + p = procfs_file_alloca(pid, "comm"); - return read_one_line_file(p, name); + r = read_one_line_file(p, name); + if (r == -ENOENT) + return -ESRCH; + + return r; } int get_process_cmdline(pid_t pid, size_t max_length, bool comm_fallback, char **line) { @@ -577,10 +563,7 @@ int get_process_cmdline(pid_t pid, size_t max_length, bool comm_fallback, char * assert(line); assert(pid >= 0); - if (pid == 0) - p = "/proc/self/cmdline"; - else - p = procfs_file_alloca(pid, "cmdline"); + p = procfs_file_alloca(pid, "cmdline"); f = fopen(p, "re"); if (!f) @@ -699,10 +682,7 @@ int get_process_capeff(pid_t pid, char **capeff) { assert(capeff); assert(pid >= 0); - if (pid == 0) - p = "/proc/self/status"; - else - p = procfs_file_alloca(pid, "status"); + p = procfs_file_alloca(pid, "status"); return get_status_field(p, "\nCapEff:", capeff); } @@ -715,14 +695,11 @@ int get_process_exe(pid_t pid, char **name) { assert(pid >= 0); assert(name); - if (pid == 0) - p = "/proc/self/exe"; - else - p = procfs_file_alloca(pid, "exe"); + p = procfs_file_alloca(pid, "exe"); r = readlink_malloc(p, name); if (r < 0) - return r; + return r == -ENOENT ? -ESRCH : r; d = endswith(*name, " (deleted)"); if (d) @@ -809,28 +786,31 @@ char *strappend(const char *s, const char *suffix) { return strnappend(s, suffix, suffix ? strlen(suffix) : 0); } -int readlink_malloc(const char *p, char **r) { +int readlink_malloc(const char *p, char **ret) { size_t l = 100; + int r; assert(p); - assert(r); + assert(ret); for (;;) { char *c; ssize_t n; - if (!(c = new(char, l))) + c = new(char, l); + if (!c) return -ENOMEM; - if ((n = readlink(p, c, l-1)) < 0) { - int ret = -errno; + n = readlink(p, c, l-1); + if (n < 0) { + r = -errno; free(c); - return ret; + return r; } if ((size_t) n < l-1) { c[n] = 0; - *r = c; + *ret = c; return 0; } @@ -1355,78 +1335,6 @@ char *xescape(const char *s, const char *bad) { return r; } -char *bus_path_escape(const char *s) { - char *r, *t; - const char *f; - - assert(s); - - /* Escapes all chars that D-Bus' object path cannot deal - * with. Can be reverse with bus_path_unescape(). We special - * case the empty string. */ - - if (*s == 0) - return strdup("_"); - - r = new(char, strlen(s)*3 + 1); - if (!r) - return NULL; - - for (f = s, t = r; *f; f++) { - - /* Escape everything that is not a-zA-Z0-9. We also - * escape 0-9 if it's the first character */ - - if (!(*f >= 'A' && *f <= 'Z') && - !(*f >= 'a' && *f <= 'z') && - !(f > s && *f >= '0' && *f <= '9')) { - *(t++) = '_'; - *(t++) = hexchar(*f >> 4); - *(t++) = hexchar(*f); - } else - *(t++) = *f; - } - - *t = 0; - - return r; -} - -char *bus_path_unescape(const char *f) { - char *r, *t; - - assert(f); - - /* Special case for the empty string */ - if (streq(f, "_")) - return strdup(""); - - r = new(char, strlen(f) + 1); - if (!r) - return NULL; - - for (t = r; *f; f++) { - - if (*f == '_') { - int a, b; - - if ((a = unhexchar(f[1])) < 0 || - (b = unhexchar(f[2])) < 0) { - /* Invalid escape code, let's take it literal then */ - *(t++) = '_'; - } else { - *(t++) = (char) ((a << 4) | b); - f += 2; - } - } else - *(t++) = *f; - } - - *t = 0; - - return r; -} - char *ascii_strlower(char *t) { char *p; @@ -2157,45 +2065,31 @@ int close_pipe(int p[]) { } ssize_t loop_read(int fd, void *buf, size_t nbytes, bool do_poll) { - uint8_t *p; + uint8_t *p = buf; ssize_t n = 0; assert(fd >= 0); assert(buf); - p = buf; - while (nbytes > 0) { ssize_t k; - if ((k = read(fd, p, nbytes)) <= 0) { - - if (k < 0 && errno == EINTR) - continue; - - if (k < 0 && errno == EAGAIN && do_poll) { - struct pollfd pollfd = { - .fd = fd, - .events = POLLIN, - }; - - if (poll(&pollfd, 1, -1) < 0) { - if (errno == EINTR) - continue; + k = read(fd, p, nbytes); + if (k < 0 && errno == EINTR) + continue; - return n > 0 ? n : -errno; - } + if (k < 0 && errno == EAGAIN && do_poll) { - /* We knowingly ignore the revents value here, - * and expect that any error/EOF is reported - * via read()/write() - */ + /* We knowingly ignore any return value here, + * and expect that any error/EOF is reported + * via read() */ - continue; - } + fd_wait_for_event(fd, POLLIN, (usec_t) -1); + continue; + } + if (k <= 0) return n > 0 ? n : (k < 0 ? -errno : 0); - } p += k; nbytes -= k; @@ -2206,46 +2100,31 @@ ssize_t loop_read(int fd, void *buf, size_t nbytes, bool do_poll) { } ssize_t loop_write(int fd, const void *buf, size_t nbytes, bool do_poll) { - const uint8_t *p; + const uint8_t *p = buf; ssize_t n = 0; assert(fd >= 0); assert(buf); - p = buf; - while (nbytes > 0) { ssize_t k; k = write(fd, p, nbytes); - if (k <= 0) { - - if (k < 0 && errno == EINTR) - continue; - - if (k < 0 && errno == EAGAIN && do_poll) { - struct pollfd pollfd = { - .fd = fd, - .events = POLLOUT, - }; - - if (poll(&pollfd, 1, -1) < 0) { - if (errno == EINTR) - continue; + if (k < 0 && errno == EINTR) + continue; - return n > 0 ? n : -errno; - } + if (k < 0 && errno == EAGAIN && do_poll) { - /* We knowingly ignore the revents value here, - * and expect that any error/EOF is reported - * via read()/write() - */ + /* We knowingly ignore any return value here, + * and expect that any error/EOF is reported + * via write() */ - continue; - } + fd_wait_for_event(fd, POLLOUT, (usec_t) -1); + continue; + } + if (k <= 0) return n > 0 ? n : (k < 0 ? -errno : 0); - } p += k; nbytes -= k; @@ -2365,7 +2244,6 @@ bool is_device_path(const char *path) { int dir_is_empty(const char *path) { _cleanup_closedir_ DIR *d; - int r; d = opendir(path); if (!d) @@ -2373,11 +2251,11 @@ int dir_is_empty(const char *path) { for (;;) { struct dirent *de; - union dirent_storage buf; - r = readdir_r(d, &buf.de, &de); - if (r > 0) - return -r; + errno = 0; + de = readdir(d); + if (!de && errno != 0) + return -errno; if (!de) return 1; @@ -2405,42 +2283,60 @@ char* dirname_malloc(const char *path) { return dir; } -unsigned long long random_ull(void) { +int dev_urandom(void *p, size_t n) { _cleanup_close_ int fd; - uint64_t ull; - ssize_t r; + ssize_t k; fd = open("/dev/urandom", O_RDONLY|O_CLOEXEC|O_NOCTTY); if (fd < 0) - goto fallback; - - r = loop_read(fd, &ull, sizeof(ull), true); - if (r != sizeof(ull)) - goto fallback; + return errno == ENOENT ? -ENOSYS : -errno; - return ull; + k = loop_read(fd, p, n, true); + if (k < 0) + return (int) k; + if ((size_t) k != n) + return -EIO; -fallback: - return random() * RAND_MAX + random(); + return 0; } -unsigned random_u(void) { - _cleanup_close_ int fd; - unsigned u; - ssize_t r; +void random_bytes(void *p, size_t n) { + static bool srand_called = false; + uint8_t *q; + int r; - fd = open("/dev/urandom", O_RDONLY|O_CLOEXEC|O_NOCTTY); - if (fd < 0) - goto fallback; + r = dev_urandom(p, n); + if (r >= 0) + return; + + /* If some idiot made /dev/urandom unavailable to us, he'll + * get a PRNG instead. */ + + if (!srand_called) { + unsigned x = 0; + +#ifdef HAVE_SYS_AUXV_H + /* The kernel provides us with a bit of entropy in + * auxv, so let's try to make use of that to seed the + * pseudo-random generator. It's better than + * nothing... */ + + void *auxv; - r = loop_read(fd, &u, sizeof(u), true); - if (r != sizeof(u)) - goto fallback; + auxv = (void*) getauxval(AT_RANDOM); + if (auxv) + x ^= *(unsigned*) auxv; +#endif + + x ^= (unsigned) now(CLOCK_REALTIME); + x ^= (unsigned) gettid(); - return u; + srand(x); + srand_called = true; + } -fallback: - return random() * RAND_MAX + random(); + for (q = p; q < (uint8_t*) p + n; q ++) + *q = rand(); } void rename_process(const char name[8]) { @@ -2469,7 +2365,7 @@ void rename_process(const char name[8]) { if (!saved_argv[i]) break; - memset(saved_argv[i], 0, strlen(saved_argv[i])); + memzero(saved_argv[i], strlen(saved_argv[i])); } } } @@ -2561,7 +2457,7 @@ int getttyname_malloc(int fd, char **r) { assert(r); k = ttyname_r(fd, path, sizeof(path)); - if (k != 0) + if (k > 0) return -k; char_array_0(path); @@ -2592,28 +2488,17 @@ int getttyname_harder(int fd, char **r) { } int get_ctty_devnr(pid_t pid, dev_t *d) { - _cleanup_fclose_ FILE *f = NULL; - char line[LINE_MAX], *p; + int r; + _cleanup_free_ char *line = NULL; + const char *p; unsigned long ttynr; - const char *fn; - int k; assert(pid >= 0); - assert(d); - - if (pid == 0) - fn = "/proc/self/stat"; - else - fn = procfs_file_alloca(pid, "stat"); - f = fopen(fn, "re"); - if (!f) - return -errno; - - if (!fgets(line, sizeof(line), f)) { - k = feof(f) ? -EIO : -errno; - return k; - } + p = procfs_file_alloca(pid, "stat"); + r = read_one_line_file(p, &line); + if (r < 0) + return r; p = strrchr(line, ')'); if (!p) @@ -2633,7 +2518,9 @@ int get_ctty_devnr(pid_t pid, dev_t *d) { if (major(ttynr) == 0 && minor(ttynr) == 0) return -ENOENT; - *d = (dev_t) ttynr; + if (d) + *d = (dev_t) ttynr; + return 0; } @@ -2721,14 +2608,15 @@ int rm_rf_children_dangerous(int fd, bool only_dirs, bool honour_sticky, struct for (;;) { struct dirent *de; - union dirent_storage buf; bool is_dir, keep_around; struct stat st; int r; - r = readdir_r(d, &buf.de, &de); - if (r != 0 && ret == 0) { - ret = -r; + errno = 0; + de = readdir(d); + if (!de && errno != 0) { + if (ret == 0) + ret = -errno; break; } @@ -2798,9 +2686,9 @@ int rm_rf_children_dangerous(int fd, bool only_dirs, bool honour_sticky, struct _pure_ static int is_temporary_fs(struct statfs *s) { assert(s); - return - F_TYPE_EQUAL(s->f_type, TMPFS_MAGIC) || - F_TYPE_EQUAL(s->f_type, RAMFS_MAGIC); + + return F_TYPE_EQUAL(s->f_type, TMPFS_MAGIC) || + F_TYPE_EQUAL(s->f_type, RAMFS_MAGIC); } int rm_rf_children(int fd, bool only_dirs, bool honour_sticky, struct stat *root_dev) { @@ -2923,11 +2811,13 @@ int fchmod_and_fchown(int fd, mode_t mode, uid_t uid, gid_t gid) { * first change the access mode and only then hand out * ownership to avoid a window where access is too open. */ - if (fchmod(fd, mode) < 0) - return -errno; + if (mode != (mode_t) -1) + if (fchmod(fd, mode) < 0) + return -errno; - if (fchown(fd, uid, gid) < 0) - return -errno; + if (uid != (uid_t) -1 || gid != (gid_t) -1) + if (fchown(fd, uid, gid) < 0) + return -errno; return 0; } @@ -3038,23 +2928,6 @@ int status_printf(const char *status, bool ellipse, bool ephemeral, const char * return r; } -int status_welcome(void) { - int r; - _cleanup_free_ char *pretty_name = NULL, *ansi_color = NULL; - - r = parse_env_file("/etc/os-release", NEWLINE, - "PRETTY_NAME", &pretty_name, - "ANSI_COLOR", &ansi_color, - NULL); - if (r < 0 && r != -ENOENT) - log_warning("Failed to read /etc/os-release: %s", strerror(-r)); - - return status_printf(NULL, false, false, - "\nWelcome to \x1B[%sm%s\x1B[0m!\n", - isempty(ansi_color) ? "1" : ansi_color, - isempty(pretty_name) ? "Linux" : pretty_name); -} - char *replace_env(const char *format, char **env) { enum { WORD, @@ -3527,7 +3400,7 @@ int wait_for_terminate_and_warn(const char *name, pid_t pid) { return -EPROTO; } -_noreturn_ void freeze(void) { +noreturn void freeze(void) { /* Make sure nobody waits for us on a socket anymore */ close_all_fds(NULL, 0); @@ -3695,12 +3568,21 @@ char *resolve_dev_console(char **active) { else tty = *active; + if (streq(tty, "tty0")) { + char *tmp; + + /* Get the active VC (e.g. tty1) */ + if (read_one_line_file("/sys/class/tty/tty0/active", &tmp) >= 0) { + free(*active); + tty = *active = tmp; + } + } + return tty; } bool tty_is_vc_resolve(const char *tty) { - char *active = NULL; - bool b; + _cleanup_free_ char *active = NULL; assert(tty); @@ -3713,10 +3595,7 @@ bool tty_is_vc_resolve(const char *tty) { return false; } - b = tty_is_vc(tty); - free(active); - - return b; + return tty_is_vc(tty); } const char *default_term_for_tty(const char *tty) { @@ -3966,12 +3845,13 @@ char* hostname_cleanup(char *s, bool lowercase) { } int pipe_eof(int fd) { - int r; struct pollfd pollfd = { .fd = fd, .events = POLLIN|POLLHUP, }; + int r; + r = poll(&pollfd, 1, 0); if (r < 0) return -errno; @@ -3983,13 +3863,16 @@ int pipe_eof(int fd) { } int fd_wait_for_event(int fd, int event, usec_t t) { - int r; + struct pollfd pollfd = { .fd = fd, .events = event, }; - r = poll(&pollfd, 1, t == (usec_t) -1 ? -1 : (int) (t / USEC_PER_MSEC)); + struct timespec ts; + int r; + + r = ppoll(&pollfd, 1, t == (usec_t) -1 ? NULL : timespec_store(&ts, t), NULL); if (r < 0) return -errno; @@ -4014,13 +3897,13 @@ int fopen_temporary(const char *path, FILE **_f, char **_temp_path) { if (!t) return -ENOMEM; - fn = path_get_file_name(path); - k = fn-path; + fn = basename(path); + k = fn - path; memcpy(t, path, k); t[k] = '.'; stpcpy(stpcpy(t+k+1, fn), "XXXXXX"); - fd = mkostemp(t, O_WRONLY|O_CLOEXEC); + fd = mkostemp_safe(t, O_WRONLY|O_CLOEXEC); if (fd < 0) { free(t); return -errno; @@ -4189,7 +4072,7 @@ int symlink_atomic(const char *from, const char *to) { _cleanup_free_ char *t; const char *fn; size_t k; - unsigned long long ull; + uint64_t u; unsigned i; int r; @@ -4200,16 +4083,16 @@ int symlink_atomic(const char *from, const char *to) { if (!t) return -ENOMEM; - fn = path_get_file_name(to); + fn = basename(to); k = fn-to; memcpy(t, to, k); t[k] = '.'; x = stpcpy(t+k+1, fn); - ull = random_ull(); + u = random_u64(); for (i = 0; i < 16; i++) { - *(x++) = hexchar(ull & 0xF); - ull >>= 4; + *(x++) = hexchar(u & 0xF); + u >>= 4; } *x = 0; @@ -4461,7 +4344,7 @@ int glob_extend(char ***strv, const char *path) { char **p; errno = 0; - k = glob(optarg, GLOB_NOSORT|GLOB_BRACE, NULL, &g); + k = glob(path, GLOB_NOSORT|GLOB_BRACE, NULL, &g); if (k == GLOB_NOMATCH) return -ENOENT; @@ -4537,13 +4420,11 @@ int get_files_in_directory(const char *path, char ***list) { for (;;) { struct dirent *de; - union dirent_storage buf; - int k; - k = readdir_r(d, &buf.de, &de); - assert(k >= 0); - if (k > 0) - return -k; + errno = 0; + de = readdir(d); + if (!de && errno != 0) + return -errno; if (!de) break; @@ -4632,7 +4513,7 @@ char *strjoin(const char *x, ...) { } bool is_main_thread(void) { - static __thread int cached = 0; + static thread_local int cached = 0; if (_unlikely_(cached == 0)) cached = getpid() == gettid() ? 1 : -1; @@ -4850,7 +4731,7 @@ static const char *const __signal_table[] = { DEFINE_PRIVATE_STRING_TABLE_LOOKUP(__signal, int); const char *signal_to_string(int signo) { - static __thread char buf[sizeof("RTMIN+")-1 + DECIMAL_STR_MAX(int) + 1]; + static thread_local char buf[sizeof("RTMIN+")-1 + DECIMAL_STR_MAX(int) + 1]; const char *name; name = __signal_to_string(signo); @@ -4988,15 +4869,15 @@ int fd_inc_sndbuf(int fd, size_t n) { socklen_t l = sizeof(value); r = getsockopt(fd, SOL_SOCKET, SO_SNDBUF, &value, &l); - if (r >= 0 && - l == sizeof(value) && - (size_t) value >= n*2) + if (r >= 0 && l == sizeof(value) && (size_t) value >= n*2) return 0; + /* If we have the privileges we will ignore the kernel limit. */ + value = (int) n; - r = setsockopt(fd, SOL_SOCKET, SO_SNDBUF, &value, sizeof(value)); - if (r < 0) - return -errno; + if (setsockopt(fd, SOL_SOCKET, SO_SNDBUFFORCE, &value, sizeof(value)) < 0) + if (setsockopt(fd, SOL_SOCKET, SO_SNDBUF, &value, sizeof(value)) < 0) + return -errno; return 1; } @@ -5006,16 +4887,15 @@ int fd_inc_rcvbuf(int fd, size_t n) { socklen_t l = sizeof(value); r = getsockopt(fd, SOL_SOCKET, SO_RCVBUF, &value, &l); - if (r >= 0 && - l == sizeof(value) && - (size_t) value >= n*2) + if (r >= 0 && l == sizeof(value) && (size_t) value >= n*2) return 0; - value = (int) n; - r = setsockopt(fd, SOL_SOCKET, SO_RCVBUF, &value, sizeof(value)); - if (r < 0) - return -errno; + /* If we have the privileges we will ignore the kernel limit. */ + value = (int) n; + if (setsockopt(fd, SOL_SOCKET, SO_RCVBUFFORCE, &value, sizeof(value)) < 0) + if (setsockopt(fd, SOL_SOCKET, SO_RCVBUF, &value, sizeof(value)) < 0) + return -errno; return 1; } @@ -5140,10 +5020,7 @@ int getenv_for_pid(pid_t pid, const char *field, char **_value) { assert(field); assert(_value); - if (pid == 0) - path = "/proc/self/environ"; - else - path = procfs_file_alloca(pid, "environ"); + path = procfs_file_alloca(pid, "environ"); f = fopen(path, "re"); if (!f) @@ -5207,7 +5084,7 @@ bool is_valid_documentation_url(const char *url) { } bool in_initrd(void) { - static __thread int saved = -1; + static int saved = -1; struct statfs s; if (saved >= 0) @@ -5272,10 +5149,10 @@ int make_console_stdio(void) { } int get_home_dir(char **_h) { - char *h; + struct passwd *p; const char *e; + char *h; uid_t u; - struct passwd *p; assert(_h); @@ -5318,7 +5195,54 @@ int get_home_dir(char **_h) { return 0; } -bool filename_is_safe(const char *p) { +int get_shell(char **_s) { + struct passwd *p; + const char *e; + char *s; + uid_t u; + + assert(_s); + + /* Take the user specified one */ + e = getenv("SHELL"); + if (e) { + s = strdup(e); + if (!s) + return -ENOMEM; + + *_s = s; + return 0; + } + + /* Hardcode home directory for root to avoid NSS */ + u = getuid(); + if (u == 0) { + s = strdup("/bin/sh"); + if (!s) + return -ENOMEM; + + *_s = s; + return 0; + } + + /* Check the database... */ + errno = 0; + p = getpwuid(u); + if (!p) + return errno > 0 ? -errno : -ESRCH; + + if (!path_is_absolute(p->pw_shell)) + return -EINVAL; + + s = strdup(p->pw_shell); + if (!s) + return -ENOMEM; + + *_s = s; + return 0; +} + +bool filename_is_safe(const char *p) { if (isempty(p)) return false; @@ -5432,7 +5356,7 @@ bool is_locale_utf8(void) { goto out; } - if(streq(set, "UTF-8")) { + if (streq(set, "UTF-8")) { cached_answer = true; goto out; } @@ -5465,6 +5389,7 @@ const char *draw_special_char(DrawSpecialChar ch) { [DRAW_TREE_RIGHT] = "\342\224\224\342\224\200", /* └─ */ [DRAW_TREE_SPACE] = " ", /* */ [DRAW_TRIANGULAR_BULLET] = "\342\200\243 ", /* ‣ */ + [DRAW_BLACK_CIRCLE] = "\342\227\217 ", /* ● */ }, /* ASCII fallback */ { [DRAW_TREE_VERT] = "| ", @@ -5472,6 +5397,7 @@ const char *draw_special_char(DrawSpecialChar ch) { [DRAW_TREE_RIGHT] = "`-", [DRAW_TREE_SPACE] = " ", [DRAW_TRIANGULAR_BULLET] = "> ", + [DRAW_BLACK_CIRCLE] = "* ", } }; @@ -5621,15 +5547,14 @@ int on_ac_power(void) { for (;;) { struct dirent *de; - union dirent_storage buf; _cleanup_close_ int fd = -1, device = -1; char contents[6]; ssize_t n; - int k; - k = readdir_r(d, &buf.de, &de); - if (k != 0) - return -k; + errno = 0; + de = readdir(d); + if (!de && errno != 0) + return -errno; if (!de) break; @@ -5695,7 +5620,7 @@ static int search_and_fopen_internal(const char *path, const char *mode, char ** assert(mode); assert(_f); - if (!path_strv_canonicalize_uniq(search)) + if (!path_strv_canonicalize_absolute_uniq(search, NULL)) return -ENOMEM; STRV_FOREACH(i, search) { @@ -5767,56 +5692,6 @@ int search_and_fopen_nulstr(const char *path, const char *mode, const char *sear return search_and_fopen_internal(path, mode, s, _f); } -int create_tmp_dir(char template[], char** dir_name) { - int r = 0; - char *d = NULL, *dt; - - assert(dir_name); - - RUN_WITH_UMASK(0077) { - d = mkdtemp(template); - } - if (!d) { - log_error("Can't create directory %s: %m", template); - return -errno; - } - - dt = strjoin(d, "/tmp", NULL); - if (!dt) { - r = log_oom(); - goto fail3; - } - - RUN_WITH_UMASK(0000) { - r = mkdir(dt, 0777); - } - if (r < 0) { - log_error("Can't create directory %s: %m", dt); - r = -errno; - goto fail2; - } - log_debug("Created temporary directory %s", dt); - - r = chmod(dt, 0777 | S_ISVTX); - if (r < 0) { - log_error("Failed to chmod %s: %m", dt); - r = -errno; - goto fail1; - } - log_debug("Set sticky bit on %s", dt); - - *dir_name = dt; - - return 0; -fail1: - rmdir(dt); -fail2: - free(dt); -fail3: - rmdir(template); - return r; -} - char *strextend(char **x, ...) { va_list ap; size_t f, l; @@ -5892,10 +5767,18 @@ void* greedy_realloc(void **p, size_t *allocated, size_t need) { size_t a; void *q; + assert(p); + assert(allocated); + if (*allocated >= need) return *p; a = MAX(64u, need * 2); + + /* check for overflows */ + if (a < need) + return NULL; + q = realloc(*p, a); if (!q) return NULL; @@ -5905,6 +5788,25 @@ void* greedy_realloc(void **p, size_t *allocated, size_t need) { return q; } +void* greedy_realloc0(void **p, size_t *allocated, size_t need) { + size_t prev; + uint8_t *q; + + assert(p); + assert(allocated); + + prev = *allocated; + + q = greedy_realloc(p, allocated, need); + if (!q) + return NULL; + + if (*allocated > prev) + memzero(&q[prev], *allocated - prev); + + return q; +} + bool id128_is_valid(const char *s) { size_t i, l; @@ -5946,20 +5848,6 @@ bool id128_is_valid(const char *s) { return true; } -void parse_user_at_host(char *arg, char **user, char **host) { - assert(arg); - assert(user); - assert(host); - - *host = strchr(arg, '@'); - if (*host == NULL) - *host = arg; - else { - *host[0]++ = '\0'; - *user = arg; - } -} - int split_pair(const char *s, const char *sep, char **l, char **r) { char *x, *a, *b; @@ -5990,3 +5878,317 @@ int split_pair(const char *s, const char *sep, char **l, char **r) { return 0; } + +int shall_restore_state(void) { + _cleanup_free_ char *line; + char *w, *state; + size_t l; + int r; + + r = proc_cmdline(&line); + if (r < 0) + return r; + if (r == 0) /* Container ... */ + return 1; + + FOREACH_WORD_QUOTED(w, l, line, state) + if (l == 23 && strneq(w, "systemd.restore_state=0", 23)) + return 0; + + return 1; +} + +int proc_cmdline(char **ret) { + int r; + + if (detect_container(NULL) > 0) { + char *buf, *p; + size_t sz = 0; + + r = read_full_file("/proc/1/cmdline", &buf, &sz); + if (r < 0) + return r; + + for (p = buf; p + 1 < buf + sz; p++) + if (*p == 0) + *p = ' '; + + *p = 0; + *ret = buf; + return 1; + } + + r = read_one_line_file("/proc/cmdline", ret); + if (r < 0) + return r; + + return 1; +} + +int parse_proc_cmdline(int (*parse_word)(const char *word)) { + _cleanup_free_ char *line = NULL; + char *w, *state; + size_t l; + int r; + + r = proc_cmdline(&line); + if (r < 0) + log_warning("Failed to read /proc/cmdline, ignoring: %s", strerror(-r)); + if (r <= 0) + return 0; + + FOREACH_WORD_QUOTED(w, l, line, state) { + _cleanup_free_ char *word; + + word = strndup(w, l); + if (!word) + return log_oom(); + + r = parse_word(word); + if (r < 0) { + log_error("Failed on cmdline argument %s: %s", word, strerror(-r)); + return r; + } + } + + return 0; +} + +int container_get_leader(const char *machine, pid_t *pid) { + _cleanup_free_ char *s = NULL, *class = NULL; + const char *p; + pid_t leader; + int r; + + assert(machine); + assert(pid); + + p = strappenda("/run/systemd/machines/", machine); + r = parse_env_file(p, NEWLINE, "LEADER", &s, "CLASS", &class, NULL); + if (r == -ENOENT) + return -EHOSTDOWN; + if (r < 0) + return r; + if (!s) + return -EIO; + + if (!streq_ptr(class, "container")) + return -EIO; + + r = parse_pid(s, &leader); + if (r < 0) + return r; + if (leader <= 1) + return -EIO; + + *pid = leader; + return 0; +} + +int namespace_open(pid_t pid, int *pidns_fd, int *mntns_fd, int *root_fd) { + _cleanup_close_ int pidnsfd = -1, mntnsfd = -1; + const char *pidns, *mntns, *root; + int rfd; + + assert(pid >= 0); + assert(pidns_fd); + assert(mntns_fd); + assert(root_fd); + + mntns = procfs_file_alloca(pid, "ns/mnt"); + mntnsfd = open(mntns, O_RDONLY|O_NOCTTY|O_CLOEXEC); + if (mntnsfd < 0) + return -errno; + + pidns = procfs_file_alloca(pid, "ns/pid"); + pidnsfd = open(pidns, O_RDONLY|O_NOCTTY|O_CLOEXEC); + if (pidnsfd < 0) + return -errno; + + root = procfs_file_alloca(pid, "root"); + rfd = open(root, O_RDONLY|O_NOCTTY|O_CLOEXEC|O_DIRECTORY); + if (rfd < 0) + return -errno; + + *pidns_fd = pidnsfd; + *mntns_fd = mntnsfd; + *root_fd = rfd; + pidnsfd = -1; + mntnsfd = -1; + + return 0; +} + +int namespace_enter(int pidns_fd, int mntns_fd, int root_fd) { + assert(pidns_fd >= 0); + assert(mntns_fd >= 0); + assert(root_fd >= 0); + + if (setns(pidns_fd, CLONE_NEWPID) < 0) + return -errno; + + if (setns(mntns_fd, CLONE_NEWNS) < 0) + return -errno; + + if (fchdir(root_fd) < 0) + return -errno; + + if (chroot(".") < 0) + return -errno; + + if (setresgid(0, 0, 0) < 0) + return -errno; + + if (setresuid(0, 0, 0) < 0) + return -errno; + + return 0; +} + +bool pid_is_unwaited(pid_t pid) { + /* Checks whether a PID is still valid at all, including a zombie */ + + if (pid <= 0) + return false; + + if (kill(pid, 0) >= 0) + return true; + + return errno != ESRCH; +} + +bool pid_is_alive(pid_t pid) { + int r; + + /* Checks whether a PID is still valid and not a zombie */ + + if (pid <= 0) + return false; + + r = get_process_state(pid); + if (r == -ENOENT || r == 'Z') + return false; + + return true; +} + +int getpeercred(int fd, struct ucred *ucred) { + socklen_t n = sizeof(struct ucred); + struct ucred u; + int r; + + assert(fd >= 0); + assert(ucred); + + r = getsockopt(fd, SOL_SOCKET, SO_PEERCRED, &u, &n); + if (r < 0) + return -errno; + + if (n != sizeof(struct ucred)) + return -EIO; + + /* Check if the data is actually useful and not suppressed due + * to namespacing issues */ + if (u.pid <= 0) + return -ENODATA; + + *ucred = u; + return 0; +} + +int getpeersec(int fd, char **ret) { + socklen_t n = 64; + char *s; + int r; + + assert(fd >= 0); + assert(ret); + + s = new0(char, n); + if (!s) + return -ENOMEM; + + r = getsockopt(fd, SOL_SOCKET, SO_PEERSEC, s, &n); + if (r < 0) { + free(s); + + if (errno != ERANGE) + return -errno; + + s = new0(char, n); + if (!s) + return -ENOMEM; + + r = getsockopt(fd, SOL_SOCKET, SO_PEERSEC, s, &n); + if (r < 0) { + free(s); + return -errno; + } + } + + if (isempty(s)) { + free(s); + return -ENOTSUP; + } + + *ret = s; + return 0; +} + +/* This is much like like mkostemp() but is subject to umask(). */ +int mkostemp_safe(char *pattern, int flags) { + _cleanup_umask_ mode_t u; + int fd; + + assert(pattern); + + u = umask(077); + + fd = mkostemp(pattern, flags); + if (fd < 0) + return -errno; + + return fd; +} + +int open_tmpfile(const char *path, int flags) { + char *p; + int fd; + + assert(path); + +#ifdef O_TMPFILE + /* Try O_TMPFILE first, if it is supported */ + fd = open(path, flags|O_TMPFILE, S_IRUSR|S_IWUSR); + if (fd >= 0) + return fd; +#endif + + /* Fall back to unguessable name + unlinking */ + p = strappenda(path, "/systemd-tmp-XXXXXX"); + + fd = mkostemp_safe(p, flags); + if (fd < 0) + return fd; + + unlink(p); + return fd; +} + +int fd_warn_permissions(const char *path, int fd) { + struct stat st; + + if (fstat(fd, &st) < 0) + return -errno; + + if (st.st_mode & 0111) + log_warning("Configuration file %s is marked executable. Please remove executable permission bits. Proceeding anyway.", path); + + if (st.st_mode & 0002) + log_warning("Configuration file %s is marked world-writable. Please remove world writability permission bits. Proceeding anyway.", path); + + if (getpid() == 1 && (st.st_mode & 0044) != 0044) + log_warning("Configuration file %s is marked world-inaccessible. This has no effect as configuration data is accessible via APIs without restrictions. Proceeding anyway.", path); + + return 0; +}