/* xwrap.c - wrappers around existing library functions. * * Functions with the x prefix are wrappers that either succeed or kill the * program with an error message, but never return failure. They usually have * the same arguments and return value as the function they wrap. * * Copyright 2006 Rob Landley */ #include "toys.h" // strcpy and strncat with size checking. Size is the total space in "dest", // including null terminator. Exit if there's not enough space for the string // (including space for the null terminator), because silently truncating is // still broken behavior. (And leaving the string unterminated is INSANE.) void xstrncpy(char *dest, char *src, size_t size) { if (strlen(src)+1 > size) error_exit("'%s' > %ld bytes", src, (long)size); strcpy(dest, src); } void xstrncat(char *dest, char *src, size_t size) { long len = strlen(dest); if (len+strlen(src)+1 > size) error_exit("'%s%s' > %ld bytes", dest, src, (long)size); strcpy(dest+len, src); } // We replaced exit(), _exit(), and atexit() with xexit(), _xexit(), and // sigatexit(). This gives _xexit() the option to siglongjmp(toys.rebound, 1) // instead of exiting, lets xexit() report stdout flush failures to stderr // and change the exit code to indicate error, lets our toys.exit function // change happen for signal exit paths and lets us remove the functions // after we've called them. void _xexit(void) { if (toys.rebound) siglongjmp(*toys.rebound, 1); _exit(toys.exitval); } void xexit(void) { // Call toys.xexit functions in reverse order added. while (toys.xexit) { struct arg_list *al = llist_pop(&toys.xexit); // typecast xexit->arg to a function pointer, then call it using invalid // signal 0 to let signal handlers tell actual signal from regular exit. ((void (*)(int))(al->arg))(0); free(al); } xflush(1); _xexit(); } void *xmmap(void *addr, size_t length, int prot, int flags, int fd, off_t off) { void *ret = mmap(addr, length, prot, flags, fd, off); if (ret == MAP_FAILED) perror_exit("mmap"); return ret; } // Die unless we can allocate memory. void *xmalloc(size_t size) { void *ret = malloc(size); if (!ret) error_exit("xmalloc(%ld)", (long)size); return ret; } // Die unless we can allocate prezeroed memory. void *xzalloc(size_t size) { void *ret = xmalloc(size); memset(ret, 0, size); return ret; } // Die unless we can change the size of an existing allocation, possibly // moving it. (Notice different arguments from libc function.) void *xrealloc(void *ptr, size_t size) { ptr = realloc(ptr, size); if (!ptr) error_exit("xrealloc"); return ptr; } // Die unless we can allocate a copy of this many bytes of string. char *xstrndup(char *s, size_t n) { char *ret = strndup(s, n); if (!ret) error_exit("xstrndup"); return ret; } // Die unless we can allocate a copy of this string. char *xstrdup(char *s) { return xstrndup(s, strlen(s)); } void *xmemdup(void *s, long len) { void *ret = xmalloc(len); memcpy(ret, s, len); return ret; } // Die unless we can allocate enough space to sprintf() into. char *xmprintf(char *format, ...) { va_list va, va2; int len; char *ret; va_start(va, format); va_copy(va2, va); // How long is it? len = vsnprintf(0, 0, format, va); len++; va_end(va); // Allocate and do the sprintf() ret = xmalloc(len); vsnprintf(ret, len, format, va2); va_end(va2); return ret; } // if !flush just check for error on stdout without flushing void xflush(int flush) { if ((flush && fflush(0)) || ferror(stdout)) if (!toys.exitval) perror_msg("write"); } void xprintf(char *format, ...) { va_list va; va_start(va, format); vprintf(format, va); va_end(va); xflush(0); } // Put string with length (does not append newline) void xputsl(char *s, int len) { int out; while (len != (out = fwrite(s, 1, len, stdout))) { if (out<1) perror_exit("write"); len -= out; s += out; } xflush(0); } // xputs with no newline void xputsn(char *s) { xputsl(s, strlen(s)); } // Write string to stdout with newline, flushing and checking for errors void xputs(char *s) { puts(s); xflush(0); } void xputc(char c) { if (EOF == fputc(c, stdout)) perror_exit("write"); xflush(0); } // This is called through the XVFORK macro because parent/child of vfork // share a stack, so child returning from a function would stomp the return // address parent would need. Solution: make vfork() an argument so processes // diverge before function gets called. pid_t __attribute__((returns_twice)) xvforkwrap(pid_t pid) { if (pid == -1) perror_exit("vfork"); // Signal to xexec() and friends that we vforked so can't recurse if (!pid) toys.stacktop = 0; return pid; } // Die unless we can exec argv[] (or run builtin command). Note that anything // with a path isn't a builtin, so /bin/sh won't match the builtin sh. void xexec(char **argv) { // Only recurse to builtin when we have multiplexer and !vfork context. if (CFG_TOYBOX && !CFG_TOYBOX_NORECURSE && toys.stacktop && **argv != '/') toy_exec(argv); execvp(argv[0], argv); toys.exitval = 126+(errno == ENOENT); perror_msg("exec %s", argv[0]); if (!toys.stacktop) _exit(toys.exitval); xexit(); } // Spawn child process, capturing stdin/stdout. // argv[]: command to exec. If null, child re-runs original program with // toys.stacktop zeroed. // pipes[2]: Filehandle to move to stdin/stdout of new process. // If -1, replace with pipe handle connected to stdin/stdout. // NULL treated as {0, 1}, I.E. leave stdin/stdout as is // return: pid of child process pid_t xpopen_both(char **argv, int *pipes) { int cestnepasun[4], pid; // Make the pipes? memset(cestnepasun, 0, sizeof(cestnepasun)); if (pipes) for (pid = 0; pid < 2; pid++) { if (pipes[pid] != -1) continue; if (pipe(cestnepasun+(2*pid))) perror_exit("pipe"); } if (!(pid = CFG_TOYBOX_FORK ? xfork() : XVFORK())) { // Child process: Dance of the stdin/stdout redirection. // cestnepasun[1]->cestnepasun[0] and cestnepasun[3]->cestnepasun[2] if (pipes) { // if we had no stdin/out, pipe handles could overlap, so test for it // and free up potentially overlapping pipe handles before reuse // in child, close read end of output pipe, use write end as new stdout if (cestnepasun[2]) { close(cestnepasun[2]); pipes[1] = cestnepasun[3]; } // in child, close write end of input pipe, use read end as new stdin if (cestnepasun[1]) { close(cestnepasun[1]); pipes[0] = cestnepasun[0]; } // If swapping stdin/stdout, dup a filehandle that gets closed before use if (!pipes[1]) pipes[1] = dup(0); // Are we redirecting stdin? if (pipes[0]) { dup2(pipes[0], 0); close(pipes[0]); } // Are we redirecting stdout? if (pipes[1] != 1) { dup2(pipes[1], 1); close(pipes[1]); } } if (argv) xexec(argv); // In fork() case, force recursion because we know it's us. if (CFG_TOYBOX_FORK) { toy_init(toys.which, toys.argv); toys.stacktop = 0; toys.which->toy_main(); xexit(); // In vfork() case, exec /proc/self/exe with high bit of first letter set // to tell main() we reentered. } else { char *s = "/proc/self/exe"; // We did a nommu-friendly vfork but must exec to continue. // setting high bit of argv[0][0] to let new process know **toys.argv |= 0x80; execv(s, toys.argv); perror_msg_raw(s); _exit(127); } } // Parent process: vfork had a shared environment, clean up. if (!CFG_TOYBOX_FORK) **toys.argv &= 0x7f; if (pipes) { if (cestnepasun[1]) { pipes[0] = cestnepasun[1]; close(cestnepasun[0]); } if (cestnepasun[2]) { pipes[1] = cestnepasun[2]; close(cestnepasun[3]); } } return pid; } // Wait for child process to exit, then return adjusted exit code. int xwaitpid(pid_t pid) { int status; while (-1 == waitpid(pid, &status, 0) && errno == EINTR); return WIFEXITED(status) ? WEXITSTATUS(status) : WTERMSIG(status)+128; } int xpclose_both(pid_t pid, int *pipes) { if (pipes) { close(pipes[0]); close(pipes[1]); } return xwaitpid(pid); } // Wrapper to xpopen with a pipe for just one of stdin/stdout pid_t xpopen(char **argv, int *pipe, int isstdout) { int pipes[2], pid; pipes[0] = isstdout ? 0 : -1; pipes[1] = isstdout ? -1 : 1; pid = xpopen_both(argv, pipes); *pipe = pid ? pipes[!!isstdout] : -1; return pid; } int xpclose(pid_t pid, int pipe) { close(pipe); return xpclose_both(pid, 0); } // Call xpopen and wait for it to finish, keeping existing stdin/stdout. int xrun(char **argv) { return xpclose_both(xpopen_both(argv, 0), 0); } void xaccess(char *path, int flags) { if (access(path, flags)) perror_exit("Can't access '%s'", path); } // Die unless we can delete a file. (File must exist to be deleted.) void xunlink(char *path) { if (unlink(path)) perror_exit("unlink '%s'", path); } // Die unless we can open/create a file, returning file descriptor. // The meaning of O_CLOEXEC is reversed (it defaults on, pass it to disable) // and WARN_ONLY tells us not to exit. int xcreate_stdio(char *path, int flags, int mode) { int fd = open(path, (flags^O_CLOEXEC)&~WARN_ONLY, mode); if (fd == -1) ((mode&WARN_ONLY) ? perror_msg_raw : perror_exit_raw)(path); return fd; } // Die unless we can open a file, returning file descriptor. int xopen_stdio(char *path, int flags) { return xcreate_stdio(path, flags, 0); } void xpipe(int *pp) { if (pipe(pp)) perror_exit("xpipe"); } void xclose(int fd) { if (fd != -1 && close(fd)) perror_exit("xclose"); } int xdup(int fd) { if (fd != -1) { fd = dup(fd); if (fd == -1) perror_exit("xdup"); } return fd; } // Move file descriptor above stdin/stdout/stderr, using /dev/null to consume // old one. (We should never be called with stdin/stdout/stderr closed, but...) int notstdio(int fd) { if (fd<0) return fd; while (fd<3) { int fd2 = xdup(fd); close(fd); xopen_stdio("/dev/null", O_RDWR); fd = fd2; } return fd; } void xrename(char *from, char *to) { if (rename(from, to)) perror_exit("rename %s -> %s", from, to); } int xtempfile(char *name, char **tempname) { int fd; *tempname = xmprintf("%s%s", name, "XXXXXX"); if(-1 == (fd = mkstemp(*tempname))) error_exit("no temp file"); return fd; } // Create a file but don't return stdin/stdout/stderr int xcreate(char *path, int flags, int mode) { return notstdio(xcreate_stdio(path, flags, mode)); } // Open a file descriptor NOT in stdin/stdout/stderr int xopen(char *path, int flags) { return notstdio(xopen_stdio(path, flags)); } // Open read only, treating "-" as a synonym for stdin, defaulting to warn only int openro(char *path, int flags) { if (!strcmp(path, "-")) return 0; return xopen(path, flags^WARN_ONLY); } // Open read only, treating "-" as a synonym for stdin. int xopenro(char *path) { return openro(path, O_RDONLY|WARN_ONLY); } FILE *xfdopen(int fd, char *mode) { FILE *f = fdopen(fd, mode); if (!f) perror_exit("xfdopen"); return f; } // Die unless we can open/create a file, returning FILE *. FILE *xfopen(char *path, char *mode) { FILE *f = fopen(path, mode); if (!f) perror_exit("No file %s", path); return f; } // Die if there's an error other than EOF. size_t xread(int fd, void *buf, size_t len) { ssize_t ret = read(fd, buf, len); if (ret < 0) perror_exit("xread"); return ret; } void xreadall(int fd, void *buf, size_t len) { if (len != readall(fd, buf, len)) perror_exit("xreadall"); } // There's no xwriteall(), just xwrite(). When we read, there may or may not // be more data waiting. When we write, there is data and it had better go // somewhere. void xwrite(int fd, void *buf, size_t len) { if (len != writeall(fd, buf, len)) perror_exit("xwrite"); } // Die if lseek fails, probably due to being called on a pipe. off_t xlseek(int fd, off_t offset, int whence) { offset = lseek(fd, offset, whence); if (offset<0) perror_exit("lseek"); return offset; } char *xgetcwd(void) { char *buf = getcwd(NULL, 0); if (!buf) perror_exit("xgetcwd"); return buf; } void xstat(char *path, struct stat *st) { if(stat(path, st)) perror_exit("Can't stat %s", path); } // Canonicalize path, even to file with one or more missing components at end. // Returns allocated string for pathname or NULL if doesn't exist // exact = 1 file must exist, 0 dir must exist, -1 show theoretical location char *xabspath(char *path, int exact) { struct string_list *todo, *done = 0; int try = 9999, dirfd = open("/", O_PATH), missing = 0; char *ret; // If this isn't an absolute path, start with cwd. if (*path != '/') { char *temp = xgetcwd(); splitpath(path, splitpath(temp, &todo)); free(temp); } else splitpath(path, &todo); // Iterate through path components in todo, prepend processed ones to done. while (todo) { struct string_list *new = llist_pop(&todo), **tail; ssize_t len; // Eventually break out of endless loops if (!try--) { errno = ELOOP; goto error; } // Removable path componenents. if (!strcmp(new->str, ".") || !strcmp(new->str, "..")) { int x = new->str[1]; free(new); if (!x) continue; if (done) free(llist_pop(&done)); len = 0; if (missing) missing--; else { if (-1 == (x = openat(dirfd, "..", O_PATH))) goto error; close(dirfd); dirfd = x; } continue; } // Is this a symlink? len = readlinkat(dirfd, new->str, libbuf, sizeof(libbuf)); if (len>4095) goto error; // Not a symlink: add to linked list, move dirfd, fail if error if (len<1) { int fd; new->next = done; done = new; if (errno == EINVAL && !todo) break; if (errno == ENOENT && exact<0) { missing++; continue; } if (errno != EINVAL && (exact || todo)) goto error; fd = openat(dirfd, new->str, O_PATH); if (fd == -1 && (exact || todo || errno != ENOENT)) goto error; close(dirfd); dirfd = fd; continue; } // If this symlink is to an absolute path, discard existing resolved path libbuf[len] = 0; if (*libbuf == '/') { llist_traverse(done, free); done=0; close(dirfd); dirfd = open("/", O_PATH); } free(new); // prepend components of new path. Note symlink to "/" will leave new NULL tail = splitpath(libbuf, &new); // symlink to "/" will return null and leave tail alone if (new) { *tail = todo; todo = new; } } close(dirfd); // At this point done has the path, in reverse order. Reverse list while // calculating buffer length. try = 2; while (done) { struct string_list *temp = llist_pop(&done); if (todo) try++; try += strlen(temp->str); temp->next = todo; todo = temp; } // Assemble return buffer ret = xmalloc(try); *ret = '/'; ret [try = 1] = 0; while (todo) { if (try>1) ret[try++] = '/'; try = stpcpy(ret+try, todo->str) - ret; free(llist_pop(&todo)); } return ret; error: close(dirfd); llist_traverse(todo, free); llist_traverse(done, free); return 0; } void xchdir(char *path) { if (chdir(path)) perror_exit("chdir '%s'", path); } void xchroot(char *path) { if (chroot(path)) error_exit("chroot '%s'", path); xchdir("/"); } struct passwd *xgetpwuid(uid_t uid) { struct passwd *pwd = getpwuid(uid); if (!pwd) error_exit("bad uid %ld", (long)uid); return pwd; } struct group *xgetgrgid(gid_t gid) { struct group *group = getgrgid(gid); if (!group) perror_exit("gid %ld", (long)gid); return group; } unsigned xgetuid(char *name) { struct passwd *up = getpwnam(name); char *s = 0; long uid; if (up) return up->pw_uid; uid = estrtol(name, &s, 10); if (!errno && s && !*s && uid>=0 && uid<=UINT_MAX) return uid; error_exit("bad user '%s'", name); } unsigned xgetgid(char *name) { struct group *gr = getgrnam(name); char *s = 0; long gid; if (gr) return gr->gr_gid; gid = estrtol(name, &s, 10); if (!errno && s && !*s && gid>=0 && gid<=UINT_MAX) return gid; error_exit("bad group '%s'", name); } struct passwd *xgetpwnam(char *name) { struct passwd *up = getpwnam(name); if (!up) perror_exit("user '%s'", name); return up; } struct group *xgetgrnam(char *name) { struct group *gr = getgrnam(name); if (!gr) perror_exit("group '%s'", name); return gr; } // setuid() can fail (for example, too many processes belonging to that user), // which opens a security hole if the process continues as the original user. void xsetuser(struct passwd *pwd) { if (initgroups(pwd->pw_name, pwd->pw_gid) || setgid(pwd->pw_uid) || setuid(pwd->pw_uid)) perror_exit("xsetuser '%s'", pwd->pw_name); } // This can return null (meaning file not found). It just won't return null // for memory allocation reasons. char *xreadlinkat(int dir, char *name) { int len, size = 0; char *buf = 0; // Grow by 64 byte chunks until it's big enough. for(;;) { size +=64; buf = xrealloc(buf, size); len = readlinkat(dir, name, buf, size); if (len<0) { free(buf); return 0; } if (lensizeof(libbuf) ? sizeof(libbuf) : len; xwrite(out, libbuf, i); len -= i; } } } // copy all of in to out long long xsendfile(int in, int out) { return xsendfile_len(in, out, -1); } double xstrtod(char *s) { char *end; double d; errno = 0; d = strtod(s, &end); if (!errno && *end) errno = E2BIG; if (errno) perror_exit("strtod %s", s); return d; } // parse fractional seconds with optional s/m/h/d suffix long xparsetime(char *arg, long zeroes, long *fraction) { long l, fr = 0, mask = 1; char *end; if (*arg != '.' && !isdigit(*arg)) error_exit("Not a number '%s'", arg); l = strtoul(arg, &end, 10); if (*end == '.') { end++; while (zeroes--) { fr *= 10; mask *= 10; if (isdigit(*end)) fr += *end++-'0'; } while (isdigit(*end)) end++; } // Parse suffix if (*end) { int ismhd[]={1,60,3600,86400}, i = stridx("smhd", *end); if (i == -1 || *(end+1)) error_exit("Unknown suffix '%s'", end); l *= ismhd[i]; fr *= ismhd[i]; l += fr/mask; fr %= mask; } if (fraction) *fraction = fr; return l; } long long xparsemillitime(char *arg) { long l, ll; l = xparsetime(arg, 3, &ll); return (l*1000LL)+ll; } void xparsetimespec(char *arg, struct timespec *ts) { ts->tv_sec = xparsetime(arg, 9, &ts->tv_nsec); } // Compile a regular expression into a regex_t void xregcomp(regex_t *preg, char *regex, int cflags) { int rc; // BSD regex implementations don't support the empty regex (which isn't // allowed in the POSIX grammar), but glibc does. Fake it for BSD. if (!*regex) { regex = "()"; cflags |= REG_EXTENDED; } if ((rc = regcomp(preg, regex, cflags))) { regerror(rc, preg, libbuf, sizeof(libbuf)); error_exit("bad regex: %s", libbuf); } } char *xtzset(char *new) { char *old = getenv("TZ"); if (old) old = xstrdup(old); if (new ? setenv("TZ", new, 1) : unsetenv("TZ")) perror_exit("setenv"); tzset(); return old; } // Set a signal handler void xsignal_flags(int signal, void *handler, int flags) { struct sigaction *sa = (void *)libbuf; memset(sa, 0, sizeof(struct sigaction)); sa->sa_handler = handler; sa->sa_flags = flags; if (sigaction(signal, sa, 0)) perror_exit("xsignal %d", signal); } void xsignal(int signal, void *handler) { xsignal_flags(signal, handler, 0); } time_t xvali_date(struct tm *tm, char *str) { time_t t; if (tm && (unsigned)tm->tm_sec<=60 && (unsigned)tm->tm_min<=59 && (unsigned)tm->tm_hour<=23 && tm->tm_mday && (unsigned)tm->tm_mday<=31 && (unsigned)tm->tm_mon<=11 && (t = mktime(tm)) != -1) return t; error_exit("bad date %s", str); } // Parse date string (relative to current *t). Sets time_t and nanoseconds. void xparsedate(char *str, time_t *t, unsigned *nano, int endian) { struct tm tm; time_t now = *t; int len = 0, i = 0; // Formats with seconds come first. Posix can't agree on whether 12 digits // has year before (touch -t) or year after (date), so support both. char *s = str, *p, *oldtz = 0, *formats[] = {"%Y-%m-%d %T", "%Y-%m-%dT%T", "%H:%M:%S", "%Y-%m-%d %H:%M", "%Y-%m-%d", "%H:%M", "%m%d%H%M", endian ? "%m%d%H%M%y" : "%y%m%d%H%M", endian ? "%m%d%H%M%C%y" : "%C%y%m%d%H%M"}; *nano = 0; // Parse @UNIXTIME[.FRACTION] if (*str == '@') { long long ll; // Collect seconds and nanoseconds. // &ll is not just t because we can't guarantee time_t is 64 bit (yet). sscanf(s, "@%lld%n", &ll, &len); if (s[len]=='.') { s += len+1; for (len = 0; len<9; len++) { *nano *= 10; if (isdigit(*s)) *nano += *s++-'0'; } } *t = ll; if (!s[len]) return; xvali_date(0, str); } // Trailing Z means UTC timezone, don't expect libc to know this. // (Trimming it off here means it won't show up in error messages.) if ((i = strlen(str)) && toupper(str[i-1])=='Z') { str[--i] = 0; oldtz = getenv("TZ"); if (oldtz) oldtz = xstrdup(oldtz); setenv("TZ", "UTC0", 1); } // Try each format for (i = 0; i2) { len = 0; sscanf(p, "%2u%n", &tm.tm_sec, &len); p += len; } // nanoseconds for (len = 0; len<9; len++) { *nano *= 10; if (isdigit(*p)) *nano += *p++-'0'; } } if (!*p) break; } } // Sanity check field ranges *t = xvali_date((i!=ARRAY_LEN(formats)) ? &tm : 0, str); if (oldtz) setenv("TZ", oldtz, 1); free(oldtz); } char *xgetline(FILE *fp, int *len) { char *new = 0; size_t linelen = 0; errno = 0; if (1>(linelen = getline(&new, &linelen, fp))) { if (errno) perror_msg("getline"); new = 0; } else if (new[linelen-1] == '\n') new[--linelen] = 0; if (len) *len = linelen; return new; }