| blob | c067f4c46788fd79fcd334464adf9a485f57fc9d |
1 /* Lock files for editing.
3 Copyright (C) 1985-1987, 1993-1994, 1996, 1998-2017 Free Software
4 Foundation, Inc.
6 Author: Richard King
7 (according to authors.el)
9 This file is part of GNU Emacs.
11 GNU Emacs is free software: you can redistribute it and/or modify
12 it under the terms of the GNU General Public License as published by
13 the Free Software Foundation, either version 3 of the License, or (at
14 your option) any later version.
16 GNU Emacs is distributed in the hope that it will be useful,
17 but WITHOUT ANY WARRANTY; without even the implied warranty of
18 MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
19 GNU General Public License for more details.
21 You should have received a copy of the GNU General Public License
22 along with GNU Emacs. If not, see <http://www.gnu.org/licenses/>. */
25 #include <config.h>
26 #include <sys/types.h>
27 #include <sys/stat.h>
28 #include <signal.h>
29 #include <stdio.h>
31 #ifdef HAVE_PWD_H
32 #include <pwd.h>
33 #endif
35 #include <sys/file.h>
36 #include <fcntl.h>
37 #include <unistd.h>
39 #ifdef __FreeBSD__
40 #include <sys/sysctl.h>
43 #include <errno.h>
45 #include <c-ctype.h>
50 #ifdef WINDOWSNT
51 #include <share.h>
54 #endif
56 #ifndef MSDOS
58 #ifdef HAVE_UTMP_H
59 #include <utmp.h>
60 #endif
62 /* A file whose last-modified time is just after the most recent boot.
63 Define this to be NULL to disable checking for this file. */
64 #ifndef BOOT_TIME_FILE
66 #endif
68 #ifndef WTMP_FILE
70 #endif
72 /* Normally use a symbolic link to represent a lock.
73 The strategy: to lock a file FN, create a symlink .#FN in FN's
74 directory, with link data USER@HOST.PID:BOOT. This avoids a single
75 mount (== failure) point for lock files. The :BOOT is omitted if
76 the boot time is not available.
78 When the host in the lock data is the current host, we can check if
79 the pid is valid with kill.
81 Otherwise, we could look at a separate file that maps hostnames to
82 reboot times to see if the remote pid can possibly be valid, since we
83 don't want Emacs to have to communicate via pipes or sockets or
84 whatever to other processes, either locally or remotely; rms says
85 that's too unreliable. Hence the separate file, which could
86 theoretically be updated by daemons running separately -- but this
87 whole idea is unimplemented; in practice, at least in our
88 environment, it seems such stale locks arise fairly infrequently, and
89 Emacs' standard methods of dealing with clashes suffice.
91 We use symlinks instead of normal files because (1) they can be
92 stored more efficiently on the filesystem, since the kernel knows
93 they will be small, and (2) all the info about the lock can be read
94 in a single system call (readlink). Although we could use regular
95 files to be useful on old systems lacking symlinks, nowadays
96 virtually all such systems are probably single-user anyway, so it
97 didn't seem worth the complication.
99 Similarly, we don't worry about a possible 14-character limit on
100 file names, because those are all the same systems that don't have
101 symlinks.
103 This is compatible with the locking scheme used by Interleaf (which
104 has contributed this implementation for Emacs), and was designed by
105 Karl Berry, Ethan Jacobson, Kimbo Mundy, and others.
107 On some file systems, notably those of MS-Windows, symbolic links
108 do not work well, so instead of a symlink .#FN -> USER@HOST.PID:BOOT,
109 the lock is a regular file .#FN with contents USER@HOST.PID:BOOT. To
110 establish a lock, a nonce file is created and then renamed to .#FN.
111 On MS-Windows this renaming is atomic unless the lock is forcibly
112 acquired. On other systems the renaming is atomic if the lock is
113 forcibly acquired; if not, the renaming is done via hard links,
114 which is good enough for lock-file purposes.
116 To summarize, race conditions can occur with either:
118 * Forced locks on MS-Windows systems.
120 * Non-forced locks on non-MS-Windows systems that support neither
121 hard nor symbolic links. */
123 \f
124 /* Return the time of the last system boot. */
129 #ifdef BOOT_TIME
131 #endif
133 static time_t
135 {
136 #if defined (BOOT_TIME)
138 #endif
144 #if defined (CTL_KERN) && defined (KERN_BOOTTIME)
145 {
155 {
158 }
159 }
163 {
166 {
169 }
170 }
172 #if defined (BOOT_TIME)
173 #ifndef CANNOT_DUMP
174 /* The utmp routines maintain static state.
175 Don't touch that state unless we are initialized,
176 since it might not survive dumping. */
181 /* Try to get boot time from utmp before wtmp,
182 since utmp is typically much smaller than wtmp.
183 Passing a null pointer causes get_boot_time_1
184 to inspect the default file, namely utmp. */
189 /* Try to get boot time from the current wtmp file. */
192 /* If we did not find a boot time in wtmp, look at wtmp, and so on. */
194 {
201 tempname = make_formatted_string
205 else
206 {
210 {
211 /* The utmp functions on mescaline.gnu.org accept only
212 file names up to 8 characters long. Choose a 2
213 character long prefix, and call make_temp_file with
214 second arg non-zero, so that it will add not more
215 than 6 characters to the prefix. */
217 Vtemporary_file_directory);
223 }
224 }
227 {
231 }
232 }
235 #else
237 #endif
238 }
240 #ifdef BOOT_TIME
241 /* Try to get the boot time from wtmp file FILENAME.
242 This succeeds if that file contains a reboot record.
244 If FILENAME is zero, use the same file as before;
245 if no FILENAME has ever been specified, this is the utmp file.
246 Use the newest reboot record if NEWEST,
247 the first reboot record otherwise.
248 Ignore all reboot records on or before BOOT_TIME.
249 Success is indicated by setting BOOT_TIME to a larger value. */
251 void
253 {
257 {
258 /* On some versions of IRIX, opening a nonexistent file name
259 is likely to crash in the utmp routines. */
264 }
269 {
270 /* Find the next reboot record. */
275 /* Compare reboot times and use the newest one. */
277 {
281 }
282 /* Advance on element in the file
283 so that getutid won't repeat the same one. */
287 }
289 }
291 \f
292 /* An arbitrary limit on lock contents length. 8 K should be plenty
293 big enough in practice. */
296 /* Here is the structure that stores information about a lock. */
299 {
300 /* Location of '@', '.', and ':' (or equivalent) in USER. If there's
301 no colon or equivalent, COLON points to the end of USER. */
304 /* Lock file contents USER@HOST.PID with an optional :BOOT_TIME
305 appended. This memory is used as a lock file contents buffer, so
306 it needs room for MAX_LFINFO + 1 bytes. A string " (pid NNNN)"
307 may be appended to the USER@HOST while generating a diagnostic,
308 so make room for its extra bytes (as opposed to ".NNNN") too. */
312 /* Write the name of the lock file for FNAME into LOCKNAME. Length
313 will be that of FNAME plus two more for the leading ".#", plus one
314 for the null. */
315 #define MAKE_LOCK_NAME(lockname, fname) \
316 (lockname = SAFE_ALLOCA (SBYTES (fname) + 2 + 1), \
317 fill_in_lock_file_name (lockname, fname))
319 static void
321 {
329 }
331 /* For some reason Linux kernels return EPERM on file systems that do
332 not support hard or symbolic links. This symbol documents the quirk.
333 There is no way to tell whether a symlink call fails due to
334 permissions issues or because links are not supported, but luckily
335 the lock file code should work either way. */
338 /* Rename OLD to NEW. If FORCE, replace any existing NEW.
339 It is OK if there are temporarily two hard links to OLD.
340 Return 0 if successful, -1 (setting errno) otherwise. */
341 static int
343 {
344 #ifdef WINDOWSNT
346 #else
348 {
356 /* 'link' does not work on this file system. This can occur on
357 a GNU/Linux host mounting a FAT32 file system. Fall back on
358 'rename' after checking that NEW does not exist. There is a
359 potential race condition since some other process may create
360 NEW immediately after the existence check, but it's the best
361 we can portably do here. */
363 {
366 }
369 }
372 #endif
373 }
375 /* Create the lock file LFNAME with contents LOCK_INFO_STR. Return 0 if
376 successful, an errno value on failure. If FORCE, remove any
377 existing LFNAME if necessary. */
379 static int
381 {
382 #ifdef WINDOWSNT
383 /* Symlinks are supported only by later versions of Windows, and
384 creating them is a privileged operation that often triggers
385 User Account Control elevation prompts. Avoid the problem by
386 pretending that 'symlink' does not work. */
388 #else
390 #endif
393 {
396 }
399 {
403 USE_SAFE_ALLOCA;
412 else
413 {
419 /* Use 'write', not 'emacs_write', as garbage collection
420 might signal an error, which would leak FD. */
424 /* There is no need to call fsync here, as the contents of
425 the lock file need not survive system crashes. */
432 }
435 }
438 }
440 /* Lock the lock file named LFNAME.
441 If FORCE, do so even if it is already locked.
442 Return 0 if successful, an error number on failure. */
444 static int
446 {
447 /* Call this first because it can GC. */
458 {
464 }
472 }
474 /* Return true if times A and B are no more than one second apart. */
476 static bool
478 {
480 }
481 \f
482 /* On systems lacking ELOOP, test for an errno value that shouldn't occur. */
483 #ifndef ELOOP
484 # define ELOOP (-1)
485 #endif
487 /* Read the data for the lock file LFNAME into LFINFO. Read at most
488 MAX_LFINFO + 1 bytes. Return the number of bytes read, or -1
489 (setting errno) on error. */
491 static ptrdiff_t
493 {
498 {
501 {
502 /* Use read, not emacs_read, since FD isn't unwind-protected. */
509 }
514 /* readlinkat saw a non-symlink, but emacs_open saw a symlink.
515 The former must have been removed and replaced by the latter.
516 Try again. */
517 QUIT;
518 }
521 }
523 /* Return 0 if nobody owns the lock file LFNAME or the lock is obsolete,
524 1 if another process owns it (and set OWNER (if non-null) to info),
525 2 if the current process owns it,
526 or -1 if something is wrong with the locking mechanism. */
528 static int
530 {
532 lock_info_type local_owner;
537 /* Even if the caller doesn't want the owner info, we still have to
538 read it to determine return value. */
542 /* If nonexistent lock file, all is well; otherwise, got strange error. */
550 /* Parse USER@HOST.PID:BOOT_TIME. If can't parse, return -1. */
551 /* The USER is everything before the last @. */
559 /* The PID is everything from the last '.' to the ':' or equivalent. */
567 /* After the ':' or equivalent, if there is one, comes the boot time. */
570 {
577 /* Treat "\357\200\242" (U+F022 in UTF-8) as if it were ":" (Bug#24656).
578 This works around a bug in the Linux CIFS kernel client, which can
579 mistakenly transliterate ':' to U+F022 in symlink contents.
580 See <https://bugzilla.redhat.com/show_bug.cgi?id=1384153>. */
584 /* Fall through. */
593 }
597 /* On current host? */
602 {
611 /* The owner process is dead or has a strange pid, so try to
612 zap the lockfile. */
613 else
615 }
616 else
618 here's where we'd do it. */
620 }
623 }
625 \f
626 /* Lock the lock named LFNAME if possible.
627 Return 0 in that case.
628 Return positive if some other process owns the lock, and info about
629 that process in CLASHER.
630 Return -1 if cannot lock for any other reason. */
632 static int
634 {
637 {
639 {
646 }
648 /* We deleted a stale lock; try again to lock the file. */
649 }
652 }
654 /* lock_file locks file FN,
655 meaning it serves notice on the world that you intend to edit that file.
656 This should be done only when about to modify a file-visiting
657 buffer previously unmodified.
658 Do not (normally) call this for a buffer already modified,
659 as either the file is already locked, or the user has already
660 decided to go ahead without locking.
662 When this returns, either the lock is locked for us,
663 or lock creation failed,
664 or the user has said to go ahead without locking.
666 If the file is locked by someone else, this calls
667 ask-user-about-lock (a Lisp function) with two arguments,
668 the file name and info about the user who did the locking.
669 This function can signal an error, or return t meaning
670 take away the lock, or return nil meaning ignore the lock. */
672 void
674 {
677 lock_info_type lock_info;
678 USE_SAFE_ALLOCA;
680 /* Don't do locking while dumping Emacs.
681 Uncompressing wtmp files uses call-process, which does not work
682 in an uninitialized Emacs. */
688 #ifdef WINDOWSNT
689 /* Ensure we have only '/' separators, to avoid problems with
690 looking (inside fill_in_lock_file_name) for backslashes in file
691 names encoded by some DBCS codepage. */
693 #endif
696 /* See if this file is visited and has changed on disk since it was
697 visited. */
698 {
708 }
710 /* Don't do locking if the user has opted out. */
712 {
714 /* Create the name of the lock-file for file fn */
717 /* Try to lock the lock. */
719 {
720 /* Someone else has the lock. Consider breaking it. */
721 Lisp_Object attack;
731 /* Take the lock if the user said so. */
734 }
736 }
737 }
739 void
741 {
743 USE_SAFE_ALLOCA;
754 }
757 void
759 {
760 }
762 void
764 {
765 }
769 void
771 {
776 {
781 }
782 }
783 \f
787 FILE defaults to current buffer's visited file,
788 or else nothing is done if current buffer isn't visiting a file.
792 {
795 else
801 }
806 If the buffer is not modified, this does nothing because the file
809 {
814 }
816 /* Unlock the file visited in buffer BUFFER. */
818 void
820 {
824 }
828 The value is nil if the FILENAME is not locked,
831 {
832 #ifdef MSDOS
834 #else
835 Lisp_Object ret;
838 lock_info_type locker;
839 USE_SAFE_ALLOCA;
850 else
855 #endif
856 }
858 void
860 {
872 }