/* Replacement for POSIX fdopendir.
First, try to simulate it via opendir ("/proc/self/fd/..."). Failing
that, simulate it by using fchdir metadata, or by doing
save_cwd/fchdir/opendir(".")/restore_cwd.
If either the save_cwd or the restore_cwd fails (relatively unlikely),
then give a diagnostic and exit nonzero.
If successful, the resulting stream is based on FD in
implementations where streams are based on file descriptors and in
applications where no other thread or signal handler allocates or
frees file descriptors. In other cases, consult dirfd on the result
to find out whether FD is still being used.
Otherwise, this function works just like POSIX fdopendir.
W A R N I N G:
Unlike other fd-related functions, this one places constraints on FD.
If this function returns successfully, FD is under control of the
dirent.h system, and the caller should not close or modify the state of
FD other than by the dirent.h functions. */
DIR *
fdopendir (int fd)
{
DIR *dir = fdopendir_with_dup (fd, -1, NULL);
if (! REPLACE_FCHDIR && ! dir)
{
int saved_errno = errno;
if (EXPECTED_ERRNO (saved_errno))
{
struct saved_cwd cwd;
if (save_cwd (&cwd) != 0)
openat_save_fail (errno);
dir = fdopendir_with_dup (fd, -1, &cwd);
saved_errno = errno;
free_cwd (&cwd);
errno = saved_errno;
}
}
return dir;
}
int
run_in_dir (int dir_fd, int (*callback)(void*), void *usercontext)
{
if (dir_fd == AT_FDCWD)
{
return (*callback)(usercontext);
}
else
{
struct saved_cwd saved_cwd;
int saved_errno;
int err;
if (save_cwd (&saved_cwd) != 0)
openat_save_fail (errno);
if (fchdir (dir_fd) != 0)
{
saved_errno = errno;
free_cwd (&saved_cwd);
errno = saved_errno;
return -1;
}
err = (*callback)(usercontext);
saved_errno = (err < 0 ? errno : 0);
if (restore_cwd (&saved_cwd) != 0)
openat_restore_fail (errno);
free_cwd (&saved_cwd);
if (saved_errno)
errno = saved_errno;
return err;
}
}
/* Like fdopendir, except that if OLDER_DUPFD is not -1, it is known
to be a dup of FD which is less than FD - 1 and which will be
closed by the caller and not otherwise used by the caller. This
function makes sure that FD is closed and all file descriptors less
than FD are open, and then calls fd_clone_opendir on a dup of FD.
That way, barring race conditions, fd_clone_opendir returns a
stream whose file descriptor is FD.
If REPLACE_CHDIR or CWD is null, use opendir ("/proc/self/fd/...",
falling back on fchdir metadata. Otherwise, CWD is a saved version
of the working directory; use fchdir/opendir(".")/restore_cwd(CWD). */
static DIR *
fdopendir_with_dup (int fd, int older_dupfd, struct saved_cwd const *cwd)
{
int dupfd = dup (fd);
if (dupfd < 0 && errno == EMFILE)
dupfd = older_dupfd;
if (dupfd < 0)
return NULL;
else
{
DIR *dir;
int saved_errno;
if (dupfd < fd - 1 && dupfd != older_dupfd)
{
dir = fdopendir_with_dup (fd, dupfd, cwd);
saved_errno = errno;
}
else
{
close (fd);
dir = fd_clone_opendir (dupfd, cwd);
saved_errno = errno;
if (! dir)
{
int fd1 = dup (dupfd);
if (fd1 != fd)
openat_save_fail (fd1 < 0 ? errno : EBADF);
}
}
if (dupfd != older_dupfd)
close (dupfd);
errno = saved_errno;
return dir;
}
}
int
openat_permissive (int fd, char const *file, int flags, mode_t mode,
int *cwd_errno)
{
struct saved_cwd saved_cwd;
int saved_errno;
int err;
bool save_ok;
if (fd == AT_FDCWD || IS_ABSOLUTE_FILE_NAME (file))
return open (file, flags, mode);
{
char buf[OPENAT_BUFFER_SIZE];
char *proc_file = openat_proc_name (buf, fd, file);
if (proc_file)
{
int open_result = open (proc_file, flags, mode);
int open_errno = errno;
if (proc_file != buf)
free (proc_file);
/* If the syscall succeeds, or if it fails with an unexpected
errno value, then return right away. Otherwise, fall through
and resort to using save_cwd/restore_cwd. */
if (0 <= open_result || ! EXPECTED_ERRNO (open_errno))
{
errno = open_errno;
return open_result;
}
}
}
save_ok = (save_cwd (&saved_cwd) == 0);
if (! save_ok)
{
if (! cwd_errno)
openat_save_fail (errno);
*cwd_errno = errno;
}
if (0 <= fd && fd == saved_cwd.desc)
{
/* If saving the working directory collides with the user's
requested fd, then the user's fd must have been closed to
begin with. */
free_cwd (&saved_cwd);
errno = EBADF;
return -1;
}
err = fchdir (fd);
saved_errno = errno;
if (! err)
{
err = open (file, flags, mode);
saved_errno = errno;
if (save_ok && restore_cwd (&saved_cwd) != 0)
{
if (! cwd_errno)
{
/* Don't write a message to just-created fd 2. */
saved_errno = errno;
if (err == STDERR_FILENO)
close (err);
openat_restore_fail (saved_errno);
}
*cwd_errno = errno;
}
}
free_cwd (&saved_cwd);
errno = saved_errno;
return err;
}
/* Call FUNC to operate on a pair of files, where FILE1 is relative to FD1,
and FILE2 is relative to FD2. If possible, do it without changing the
working directory. Otherwise, resort to using save_cwd/fchdir,
FUNC, restore_cwd (up to two times). If either the save_cwd or the
restore_cwd fails, then give a diagnostic and exit nonzero. */
int
at_func2 (int fd1, char const *file1,
int fd2, char const *file2,
int (*func) (char const *file1, char const *file2))
{
struct saved_cwd saved_cwd;
int saved_errno;
int err;
char *file1_alt;
char *file2_alt;
struct stat st1;
struct stat st2;
/* There are 16 possible scenarios, based on whether an fd is
AT_FDCWD or real, and whether a file is absolute or relative:
fd1 file1 fd2 file2 action
0 cwd abs cwd abs direct call
1 cwd abs cwd rel direct call
2 cwd abs fd abs direct call
3 cwd abs fd rel chdir to fd2
4 cwd rel cwd abs direct call
5 cwd rel cwd rel direct call
6 cwd rel fd abs direct call
7 cwd rel fd rel convert file1 to abs, then case 3
8 fd abs cwd abs direct call
9 fd abs cwd rel direct call
10 fd abs fd abs direct call
11 fd abs fd rel chdir to fd2
12 fd rel cwd abs chdir to fd1
13 fd rel cwd rel convert file2 to abs, then case 12
14 fd rel fd abs chdir to fd1
15a fd1 rel fd1 rel chdir to fd1
15b fd1 rel fd2 rel chdir to fd1, then case 7
Try some optimizations to reduce fd to AT_FDCWD, or to at least
avoid converting an absolute name or doing a double chdir. */
if ((fd1 == AT_FDCWD || IS_ABSOLUTE_FILE_NAME (file1))
&& (fd2 == AT_FDCWD || IS_ABSOLUTE_FILE_NAME (file2)))
return func (file1, file2); /* Case 0-2, 4-6, 8-10. */
/* If /proc/self/fd works, we don't need any stat or chdir. */
{
char proc_buf1[OPENAT_BUFFER_SIZE];
char *proc_file1 = ((fd1 == AT_FDCWD || IS_ABSOLUTE_FILE_NAME (file1))
? (char *) file1
: openat_proc_name (proc_buf1, fd1, file1));
if (proc_file1)
{
char proc_buf2[OPENAT_BUFFER_SIZE];
char *proc_file2 = ((fd2 == AT_FDCWD || IS_ABSOLUTE_FILE_NAME (file2))
? (char *) file2
: openat_proc_name (proc_buf2, fd2, file2));
if (proc_file2)
{
int proc_result = func (proc_file1, proc_file2);
int proc_errno = errno;
if (proc_file1 != proc_buf1 && proc_file1 != file1)
free (proc_file1);
if (proc_file2 != proc_buf2 && proc_file2 != file2)
free (proc_file2);
/* If the syscall succeeds, or if it fails with an unexpected
errno value, then return right away. Otherwise, fall through
and resort to using save_cwd/restore_cwd. */
if (0 <= proc_result)
return proc_result;
if (! EXPECTED_ERRNO (proc_errno))
{
errno = proc_errno;
return proc_result;
}
}
else if (proc_file1 != proc_buf1 && proc_file1 != file1)
free (proc_file1);
}
}
/* Cases 3, 7, 11-15 remain. Time to normalize directory fds, if
possible. */
if (IS_ABSOLUTE_FILE_NAME (file1))
fd1 = AT_FDCWD; /* Case 11 reduced to 3. */
else if (IS_ABSOLUTE_FILE_NAME (file2))
fd2 = AT_FDCWD; /* Case 14 reduced to 12. */
/* Cases 3, 7, 12, 13, 15 remain. */
if (fd1 == AT_FDCWD) /* Cases 3, 7. */
{
if (stat (".", &st1) == -1 || fstat (fd2, &st2) == -1)
return -1;
if (!S_ISDIR (st2.st_mode))
{
errno = ENOTDIR;
return -1;
}
if (SAME_INODE (st1, st2)) /* Reduced to cases 1, 5. */
return func (file1, file2);
}
else if (fd2 == AT_FDCWD) /* Cases 12, 13. */
{
if (stat (".", &st2) == -1 || fstat (fd1, &st1) == -1)
return -1;
if (!S_ISDIR (st1.st_mode))
{
errno = ENOTDIR;
return -1;
}
if (SAME_INODE (st1, st2)) /* Reduced to cases 4, 5. */
return func (file1, file2);
}
else if (fd1 != fd2) /* Case 15b. */
{
if (fstat (fd1, &st1) == -1 || fstat (fd2, &st2) == -1)
return -1;
if (!S_ISDIR (st1.st_mode) || !S_ISDIR (st2.st_mode))
{
errno = ENOTDIR;
return -1;
}
if (SAME_INODE (st1, st2)) /* Reduced to case 15a. */
{
fd2 = fd1;
if (stat (".", &st1) == 0 && SAME_INODE (st1, st2))
return func (file1, file2); /* Further reduced to case 5. */
}
}
else /* Case 15a. */
{
if (fstat (fd1, &st1) == -1)
return -1;
if (!S_ISDIR (st1.st_mode))
{
errno = ENOTDIR;
return -1;
}
if (stat (".", &st2) == 0 && SAME_INODE (st1, st2))
return func (file1, file2); /* Reduced to case 5. */
}
/* Cases 3, 7, 12, 13, 15a, 15b remain. With all reductions in
place, it is time to start changing directories. */
if (save_cwd (&saved_cwd) != 0)
openat_save_fail (errno);
if (fd1 != AT_FDCWD && fd2 != AT_FDCWD && fd1 != fd2) /* Case 15b. */
{
if (fchdir (fd1) != 0)
{
saved_errno = errno;
free_cwd (&saved_cwd);
errno = saved_errno;
return -1;
}
fd1 = AT_FDCWD; /* Reduced to case 7. */
}
/* Cases 3, 7, 12, 13, 15a remain. Convert one relative name to
absolute, if necessary. */
file1_alt = (char *) file1;
file2_alt = (char *) file2;
if (fd1 == AT_FDCWD && !IS_ABSOLUTE_FILE_NAME (file1)) /* Case 7. */
{
/* It would be nicer to use:
file1_alt = file_name_concat (xgetcwd (), file1, NULL);
but libraries should not call xalloc_die. */
char *cwd = getcwd (NULL, 0);
if (!cwd)
{
saved_errno = errno;
free_cwd (&saved_cwd);
errno = saved_errno;
return -1;
}
file1_alt = mfile_name_concat (cwd, file1, NULL);
if (!file1_alt)
{
saved_errno = errno;
free (cwd);
free_cwd (&saved_cwd);
errno = saved_errno;
return -1;
}
free (cwd); /* Reduced to case 3. */
}
else if (fd2 == AT_FDCWD && !IS_ABSOLUTE_FILE_NAME (file2)) /* Case 13. */
{
char *cwd = getcwd (NULL, 0);
if (!cwd)
{
saved_errno = errno;
free_cwd (&saved_cwd);
errno = saved_errno;
return -1;
}
file2_alt = mfile_name_concat (cwd, file2, NULL);
if (!file2_alt)
{
saved_errno = errno;
free (cwd);
free_cwd (&saved_cwd);
errno = saved_errno;
return -1;
}
free (cwd); /* Reduced to case 12. */
}
/* Cases 3, 12, 15a remain. Change to the correct directory. */
if (fchdir (fd1 == AT_FDCWD ? fd2 : fd1) != 0)
{
saved_errno = errno;
free_cwd (&saved_cwd);
if (file1 != file1_alt)
free (file1_alt);
else if (file2 != file2_alt)
free (file2_alt);
errno = saved_errno;
return -1;
}
/* Finally safe to perform the user's function, then clean up. */
err = func (file1_alt, file2_alt);
saved_errno = (err < 0 ? errno : 0);
if (file1 != file1_alt)
free (file1_alt);
else if (file2 != file2_alt)
free (file2_alt);
if (restore_cwd (&saved_cwd) != 0)
openat_restore_fail (errno);
free_cwd (&saved_cwd);
if (saved_errno)
errno = saved_errno;
return err;
}
