| blob | c44a4aa3b1080828eb696338db94ef49a836a20f |
1 /* Copyright (c) 2003, Roger Dingledine
2 * Copyright (c) 2004-2006, Roger Dingledine, Nick Mathewson.
3 * Copyright (c) 2007-2011, The Tor Project, Inc. */
4 /* See LICENSE for licensing information */
6 /**
7 * \file util.c
8 * \brief Common functions for strings, IO, network, data structures,
9 * process control.
10 **/
12 /* This is required on rh7 to make strptime not complain.
13 */
14 #define _GNU_SOURCE
17 #ifdef HAVE_FCNTL_H
18 #include <fcntl.h>
19 #endif
20 #define UTIL_PRIVATE
23 #undef log
29 #ifdef MS_WINDOWS
30 #include <io.h>
31 #include <direct.h>
32 #include <process.h>
33 #include <tchar.h>
34 #include <Winbase.h>
35 #else
36 #include <dirent.h>
37 #include <pwd.h>
38 #include <grp.h>
39 #endif
41 /* math.h needs this on Linux */
42 #ifndef __USE_ISOC99
43 #define __USE_ISOC99 1
44 #endif
45 #include <math.h>
46 #include <stdlib.h>
47 #include <stdio.h>
48 #include <string.h>
49 #include <assert.h>
50 #include <signal.h>
52 #ifdef HAVE_NETINET_IN_H
53 #include <netinet/in.h>
54 #endif
55 #ifdef HAVE_ARPA_INET_H
56 #include <arpa/inet.h>
57 #endif
58 #ifdef HAVE_ERRNO_H
59 #include <errno.h>
60 #endif
61 #ifdef HAVE_SYS_SOCKET_H
62 #include <sys/socket.h>
63 #endif
64 #ifdef HAVE_SYS_TIME_H
65 #include <sys/time.h>
66 #endif
67 #ifdef HAVE_UNISTD_H
68 #include <unistd.h>
69 #endif
70 #ifdef HAVE_SYS_STAT_H
71 #include <sys/stat.h>
72 #endif
73 #ifdef HAVE_SYS_FCNTL_H
74 #include <sys/fcntl.h>
75 #endif
76 #ifdef HAVE_TIME_H
77 #include <time.h>
78 #endif
79 #ifdef HAVE_MALLOC_MALLOC_H
80 #include <malloc/malloc.h>
81 #endif
82 #ifdef HAVE_MALLOC_H
83 #ifndef OPENBSD
84 /* OpenBSD has a malloc.h, but for our purposes, it only exists in order to
85 * scold us for being so stupid as to autodetect its presence. To be fair,
86 * they've done this since 1996, when autoconf was only 5 years old. */
87 #include <malloc.h>
88 #endif
89 #endif
90 #ifdef HAVE_MALLOC_NP_H
91 #include <malloc_np.h>
92 #endif
93 #ifdef HAVE_SYS_WAIT_H
94 #include <sys/wait.h>
95 #endif
97 /* =====
98 * Memory management
99 * ===== */
100 #ifdef USE_DMALLOC
101 #undef strndup
102 #include <dmalloc.h>
103 /* Macro to pass the extra dmalloc args to another function. */
104 #define DMALLOC_FN_ARGS , file, line
106 #if defined(HAVE_DMALLOC_STRDUP)
107 /* the dmalloc_strdup should be fine as defined */
108 #elif defined(HAVE_DMALLOC_STRNDUP)
109 #define dmalloc_strdup(file, line, string, xalloc_b) \
110 dmalloc_strndup(file, line, (string), -1, xalloc_b)
111 #else
113 #endif
117 #define DMALLOC_FN_ARGS
118 #endif
120 /** Allocate a chunk of <b>size</b> bytes of memory, and return a pointer to
121 * result. On error, log and terminate the process. (Same as malloc(size),
122 * but never returns NULL.)
123 *
124 * <b>file</b> and <b>line</b> are used if dmalloc is enabled, and
125 * ignored otherwise.
126 */
129 {
134 #ifndef MALLOC_ZERO_WORKS
135 /* Some libc mallocs don't work when size==0. Override them. */
138 }
139 #endif
141 #ifdef USE_DMALLOC
143 #else
145 #endif
149 /* If these functions die within a worker process, they won't call
150 * spawn_exit, but that's ok, since the parent will run out of memory soon
151 * anyway. */
153 }
155 }
157 /** Allocate a chunk of <b>size</b> bytes of memory, fill the memory with
158 * zero bytes, and return a pointer to the result. Log and terminate
159 * the process on error. (Same as calloc(size,1), but never returns NULL.)
160 */
163 {
164 /* You may ask yourself, "wouldn't it be smart to use calloc instead of
165 * malloc+memset? Perhaps libc's calloc knows some nifty optimization trick
166 * we don't!" Indeed it does, but its optimizations are only a big win when
167 * we're allocating something very big (it knows if it just got the memory
168 * from the OS in a pre-zeroed state). We don't want to use tor_malloc_zero
169 * for big stuff, so we don't bother with calloc. */
173 }
175 /** Change the size of the memory block pointed to by <b>ptr</b> to <b>size</b>
176 * bytes long; return the new memory block. On error, log and
177 * terminate. (Like realloc(ptr,size), but never returns NULL.)
178 */
181 {
186 #ifdef USE_DMALLOC
188 #else
190 #endif
195 }
197 }
199 /** Return a newly allocated copy of the NUL-terminated string s. On
200 * error, log and terminate. (Like strdup(s), but never returns
201 * NULL.)
202 */
205 {
209 #ifdef USE_DMALLOC
211 #else
213 #endif
217 }
219 }
221 /** Allocate and return a new string containing the first <b>n</b>
222 * characters of <b>s</b>. If <b>s</b> is longer than <b>n</b>
223 * characters, only the first <b>n</b> are copied. The result is
224 * always NUL-terminated. (Like strndup(s,n), but never returns
225 * NULL.)
226 */
229 {
234 /* Performance note: Ordinarily we prefer strlcpy to strncpy. But
235 * this function gets called a whole lot, and platform strncpy is
236 * much faster than strlcpy when strlen(s) is much longer than n.
237 */
241 }
243 /** Allocate a chunk of <b>len</b> bytes, with the same contents as the
244 * <b>len</b> bytes starting at <b>mem</b>. */
247 {
254 }
256 /** Helper for places that need to take a function pointer to the right
257 * spelling of "free()". */
258 void
260 {
262 }
264 #if defined(HAVE_MALLOC_GOOD_SIZE) && !defined(HAVE_MALLOC_GOOD_SIZE_PROTOTYPE)
265 /* Some version of Mac OSX have malloc_good_size in their libc, but not
266 * actually defined in malloc/malloc.h. We detect this and work around it by
267 * prototyping.
268 */
270 #endif
272 /** Allocate and return a chunk of memory of size at least *<b>size</b>, using
273 * the same resources we would use to malloc *<b>sizep</b>. Set *<b>sizep</b>
274 * to the number of usable bytes in the chunk of memory. */
277 {
278 #ifdef HAVE_MALLOC_GOOD_SIZE
282 #elif 0 && defined(HAVE_MALLOC_USABLE_SIZE) && !defined(USE_DMALLOC)
283 /* Never use malloc_usable_size(); it makes valgrind really unhappy,
284 * and doesn't win much in terms of usable space where it exists. */
290 #else
292 #endif
293 }
295 /** Call the platform malloc info function, and dump the results to the log at
296 * level <b>severity</b>. If no such function exists, do nothing. */
297 void
299 {
300 #ifdef HAVE_MALLINFO
305 "mallinfo() said: arena=%d, ordblks=%d, smblks=%d, hblks=%d, "
306 "hblkhd=%d, usmblks=%d, fsmblks=%d, uordblks=%d, fordblks=%d, "
311 #else
313 #endif
314 #ifdef USE_DMALLOC
319 );
320 #endif
321 }
323 /* =====
324 * Math
325 * ===== */
327 /**
328 * Returns the natural logarithm of d base 2. We define this wrapper here so
329 * as to make it easier not to conflict with Tor's log() macro.
330 */
331 double
333 {
335 }
337 /** Return the long integer closest to d. We define this wrapper here so
338 * that not all users of math.h need to use the right incancations to get
339 * the c99 functions. */
340 long
342 {
343 #if defined(HAVE_LROUND)
345 #elif defined(HAVE_RINT)
347 #else
349 #endif
350 }
352 /** Returns floor(log2(u64)). If u64 is 0, (incorrectly) returns 0. */
353 int
355 {
360 }
364 }
368 }
372 }
376 }
380 }
382 }
384 /** Return the power of 2 closest to <b>u64</b>. */
385 uint64_t
387 {
392 else
394 }
396 /** Return the lowest x such that x is at least <b>number</b>, and x modulo
397 * <b>divisor</b> == 0. */
398 unsigned
400 {
404 }
406 /** Return the lowest x such that x is at least <b>number</b>, and x modulo
407 * <b>divisor</b> == 0. */
408 uint32_t
410 {
414 }
416 /** Return the lowest x such that x is at least <b>number</b>, and x modulo
417 * <b>divisor</b> == 0. */
418 uint64_t
420 {
424 }
426 /** Return the number of bits set in <b>v</b>. */
427 int
429 {
447 };
450 }
452 /* =====
453 * String manipulation
454 * ===== */
456 /** Remove from the string <b>s</b> every character which appears in
457 * <b>strip</b>. */
458 void
460 {
467 }
468 }
470 }
472 /** Return a pointer to a NUL-terminated hexadecimal string encoding
473 * the first <b>fromlen</b> bytes of <b>from</b>. (fromlen must be \<= 32.) The
474 * result does not need to be deallocated, but repeated calls to
475 * hex_str will trash old results.
476 */
479 {
485 }
487 /** Convert all alphabetic characters in the nul-terminated string <b>s</b> to
488 * lowercase. */
489 void
491 {
495 }
496 }
498 /** Convert all alphabetic characters in the nul-terminated string <b>s</b> to
499 * lowercase. */
500 void
502 {
506 }
507 }
509 /** Return 1 if every character in <b>s</b> is printable, else return 0.
510 */
511 int
513 {
517 s++;
518 }
520 }
522 /** Return 1 if no character in <b>s</b> is uppercase, else return 0.
523 */
524 int
526 {
530 s++;
531 }
533 }
535 /** As strcmp, except that either string may be NULL. The NULL string is
536 * considered to be before any non-NULL string. */
537 int
539 {
543 else
549 }
550 }
552 /** Compares the first strlen(s2) characters of s1 with s2. Returns as for
553 * strcmp.
554 */
555 int
557 {
560 }
562 /** Compare the s1_len-byte string <b>s1</b> with <b>s2</b>,
563 * without depending on a terminating nul in s1. Sorting order is first by
564 * length, then lexically; return values are as for strcmp.
565 */
566 int
568 {
575 }
577 /** Compares the first strlen(s2) characters of s1 with s2. Returns as for
578 * strcasecmp.
579 */
580 int
582 {
585 }
587 /** Compares the last strlen(s2) characters of s1 with s2. Returns as for
588 * strcmp.
589 */
590 int
592 {
596 else
598 }
600 /** Compares the last strlen(s2) characters of s1 with s2. Returns as for
601 * strcasecmp.
602 */
603 int
605 {
609 else
611 }
613 /** Compare the value of the string <b>prefix</b> with the start of the
614 * <b>memlen</b>-byte memory chunk at <b>mem</b>. Return as for strcmp.
615 *
616 * [As fast_memcmp(mem, prefix, strlen(prefix)) but returns -1 if memlen is
617 * less than strlen(prefix).]
618 */
619 int
622 {
627 }
629 /** Return a pointer to the first char of s that is not whitespace and
630 * not a comment, or to the terminating NUL if no such character exists.
631 */
634 {
652 }
653 }
654 }
656 /** Return a pointer to the first char of s that is not whitespace and
657 * not a comment, or to the terminating NUL if no such character exists.
658 */
661 {
680 }
681 }
683 }
685 /** Return a pointer to the first char of s that is not a space or a tab
686 * or a \\r, or to the terminating NUL if no such character exists. */
689 {
693 }
695 /** As eat_whitespace_no_nl, but stop at <b>eos</b> whether we have
696 * found a non-whitespace character or not. */
699 {
703 }
705 /** Return a pointer to the first char of s that is whitespace or <b>#</b>,
706 * or to the terminating NUL if no such character exists.
707 */
710 {
711 /* tor_assert(s); */
714 {
724 }
725 }
726 }
728 /** As find_whitespace, but stop at <b>eos</b> whether we have found a
729 * whitespace or not. */
732 {
733 /* tor_assert(s); */
736 {
746 }
747 }
749 }
751 /** Return the first occurrence of <b>needle</b> in <b>haystack</b> that
752 * occurs at the start of a line (that is, at the beginning of <b>haystack</b>
753 * or immediately after a newline). Return NULL if no such string is found.
754 */
757 {
767 else
772 }
774 /** Returns true if <b>string</b> could be a C identifier.
775 A C identifier must begin with a letter or an underscore and the
776 rest of its characters can be letters, numbers or underscores. No
777 length limit is imposed. */
778 int
780 {
796 }
797 }
800 }
802 /** Return true iff the 'len' bytes at 'mem' are all zero. */
803 int
805 {
808 };
810 /* It's safe to use fast_memcmp here, since the very worst thing an
811 * attacker could learn is how many initial bytes of a secret were zero */
816 }
817 /* Deal with leftover bytes. */
822 }
824 /** Return true iff the DIGEST_LEN bytes in digest are all zero. */
825 int
827 {
830 };
832 }
834 /** Return true iff the DIGEST256_LEN bytes in digest are all zero. */
835 int
837 {
839 }
841 /* Helper: common code to check whether the result of a strtol or strtoul or
842 * strtoll is correct. */
843 #define CHECK_STRTOX_RESULT() \
845 if (endptr == s) \
846 goto err; \
848 if (!next && *endptr) \
849 goto err; \
851 if (r < min || r > max) \
852 goto err; \
853 if (ok) *ok = 1; \
854 if (next) *next = endptr; \
855 return r; \
856 err: \
857 if (ok) *ok = 0; \
858 if (next) *next = endptr; \
859 return 0
861 /** Extract a long from the start of <b>s</b>, in the given numeric
862 * <b>base</b>. If <b>base</b> is 0, <b>s</b> is parsed as a decimal,
863 * octal, or hex number in the syntax of a C integer literal. If
864 * there is unconverted data and <b>next</b> is provided, set
865 * *<b>next</b> to the first unconverted character. An error has
866 * occurred if no characters are converted; or if there are
867 * unconverted characters and <b>next</b> is NULL; or if the parsed
868 * value is not between <b>min</b> and <b>max</b>. When no error
869 * occurs, return the parsed value and set *<b>ok</b> (if provided) to
870 * 1. When an error occurs, return 0 and set *<b>ok</b> (if provided)
871 * to 0.
872 */
873 long
876 {
882 }
884 /** As tor_parse_long(), but return an unsigned long. */
885 unsigned long
888 {
894 }
896 /** As tor_parse_long(), but return a double. */
897 double
899 {
905 }
907 /** As tor_parse_long, but return a uint64_t. Only base 10 is guaranteed to
908 * work for now. */
909 uint64_t
912 {
916 #ifdef HAVE_STRTOULL
918 #elif defined(MS_WINDOWS)
919 #if defined(_MSC_VER) && _MSC_VER < 1300
925 #else
927 #endif
928 #elif SIZEOF_LONG == 8
930 #else
932 #endif
935 }
937 /** Encode the <b>srclen</b> bytes at <b>src</b> in a NUL-terminated,
938 * uppercase hexadecimal string; store it in the <b>destlen</b>-byte buffer
939 * <b>dest</b>.
940 */
941 void
943 {
956 }
958 }
960 /** Helper: given a hex digit, return its value, or -1 if it isn't hex. */
963 {
983 }
984 }
986 /** Helper: given a hex digit, return its value, or -1 if it isn't hex. */
987 int
989 {
991 }
993 /** Given a hexadecimal string of <b>srclen</b> bytes in <b>src</b>, decode it
994 * and store the result in the <b>destlen</b>-byte buffer at <b>dest</b>.
995 * Return 0 on success, -1 on failure. */
996 int
998 {
1015 }
1017 }
1019 /** Allocate and return a new string representing the contents of <b>s</b>,
1020 * surrounded by quotes and using standard C escapes.
1021 *
1022 * Generally, we use this for logging values that come in over the network to
1023 * keep them from tricking users, and for sending certain values to the
1024 * controller.
1025 *
1026 * We trust values from the resolver, OS, configuration file, and command line
1027 * to not be maliciously ill-formed. We validate incoming routerdescs and
1028 * SOCKS requests and addresses from BEGIN cells as they're parsed;
1029 * afterwards, we trust them as non-malicious.
1030 */
1033 {
1039 }
1054 else
1057 }
1058 }
1088 }
1090 }
1091 }
1097 }
1099 /** Allocate and return a new string representing the contents of <b>s</b>,
1100 * surrounded by quotes and using standard C escapes.
1101 *
1102 * THIS FUNCTION IS NOT REENTRANT. Don't call it from outside the main
1103 * thread. Also, each call invalidates the last-returned value, so don't
1104 * try log_warn(LD_GENERAL, "%s %s", escaped(a), escaped(b));
1105 */
1108 {
1114 else
1118 }
1120 /** Rudimentary string wrapping code: given a un-wrapped <b>string</b> (no
1121 * newlines!), break the string into newline-terminated lines of no more than
1122 * <b>width</b> characters long (not counting newline) and insert them into
1123 * <b>out</b> in order. Precede the first line with prefix0, and subsequent
1124 * lines with prefixRest.
1125 */
1126 /* This uses a stupid greedy wrapping algorithm right now:
1127 * - For each line:
1128 * - Try to fit as much stuff as possible, but break on a space.
1129 * - If the first "word" of the line will extend beyond the allowable
1130 * width, break the word at the end of the width.
1131 */
1132 void
1135 {
1158 /* eol is now the last space that can fit, or the start of the string. */
1177 }
1180 }
1190 }
1191 }
1193 /* =====
1194 * Time
1195 * ===== */
1197 /**
1198 * Converts struct timeval to a double value.
1199 * Preserves microsecond precision, but just barely.
1200 * Error is approx +/- 0.1 usec when dealing with epoch values.
1201 */
1202 double
1204 {
1208 }
1210 /**
1211 * Converts timeval to milliseconds.
1212 */
1213 int64_t
1215 {
1217 /* Round ghetto-style */
1220 }
1222 /**
1223 * Converts timeval to microseconds.
1224 */
1225 int64_t
1227 {
1231 }
1233 /** Return the number of microseconds elapsed between *start and *end.
1234 */
1235 long
1237 {
1245 }
1249 }
1251 /** Return the number of milliseconds elapsed between *start and *end.
1252 */
1253 long
1255 {
1263 }
1265 /* Subtract and round */
1269 }
1271 /** Yield true iff <b>y</b> is a leap-year. */
1272 #define IS_LEAPYEAR(y) (!(y % 4) && ((y % 100) || !(y % 400)))
1273 /** Helper: Return the number of leap-days between Jan 1, y1 and Jan 1, y2. */
1274 static int
1276 {
1280 }
1281 /** Number of days per month in non-leap year; used by tor_timegm. */
1285 /** Return a time_t given a struct tm. The result is given in GMT, and
1286 * does not account for leap seconds.
1287 */
1288 time_t
1290 {
1291 /* This is a pretty ironclad timegm implementation, snarfed from Python2.2.
1292 * It's way more brute-force than fiddling with tzset().
1293 */
1300 }
1313 }
1315 /* strftime is locale-specific, so we need to replace those parts */
1317 /** A c-locale array of 3-letter names of weekdays, starting with Sun. */
1320 /** A c-locale array of 3-letter names of months, starting with Jan. */
1325 /** Set <b>buf</b> to the RFC1123 encoding of the GMT value of <b>t</b>.
1326 * The buffer must be at least RFC1123_TIME_LEN+1 bytes long.
1327 *
1328 * (RFC1123 format is Fri, 29 Sep 2006 15:54:20 GMT)
1329 */
1330 void
1332 {
1344 }
1346 /** Parse the RFC1123 encoding of some time (in GMT) from <b>buf</b>,
1347 * and store the result in *<b>t</b>.
1348 *
1349 * Return 0 on success, -1 on failure.
1350 */
1351 int
1353 {
1370 }
1376 }
1388 }
1389 }
1395 }
1404 }
1409 }
1411 /** Set <b>buf</b> to the ISO8601 encoding of the local value of <b>t</b>.
1412 * The buffer must be at least ISO_TIME_LEN+1 bytes long.
1413 *
1414 * (ISO8601 format is 2006-10-29 10:57:20)
1415 */
1416 void
1418 {
1421 }
1423 /** Set <b>buf</b> to the ISO8601 encoding of the GMT value of <b>t</b>.
1424 * The buffer must be at least ISO_TIME_LEN+1 bytes long.
1425 */
1426 void
1428 {
1431 }
1433 /** Given an ISO-formatted UTC time value (after the epoch) in <b>cp</b>,
1434 * parse it and store its value in *<b>t</b>. Return 0 on success, -1 on
1435 * failure. Ignore extraneous stuff in <b>cp</b> separated by whitespace from
1436 * the end of the time string. */
1437 int
1439 {
1448 }
1455 }
1468 }
1471 }
1473 /** Given a <b>date</b> in one of the three formats allowed by HTTP (ugh),
1474 * parse it into <b>tm</b>. Return 0 on success, negative on failure. */
1475 int
1477 {
1487 /* First, try RFC1123 or RFC850 format: skip the weekday. */
1493 /* rfc1123-date */
1498 /* rfc850-date */
1501 }
1503 /* No comma; possibly asctime() format. */
1510 }
1511 }
1519 /* Okay, now decode the month. */
1523 }
1524 }
1535 }
1537 /** Given an <b>interval</b> in seconds, try to write it to the
1538 * <b>out_len</b>-byte buffer in <b>out</b> in a human-readable form.
1539 * Return 0 on success, -1 on failure.
1540 */
1541 int
1543 {
1544 /* We only report seconds if there's no hours. */
1552 }
1556 }
1560 }
1572 }
1573 }
1575 /* =====
1576 * Cached time
1577 * ===== */
1579 #ifndef TIME_IS_FAST
1580 /** Cached estimate of the current time. Updated around once per second;
1581 * may be a few seconds off if we are really busy. This is a hack to avoid
1582 * calling time(NULL) (which not everybody has optimized) on critical paths.
1583 */
1586 /** Return a cached estimate of the current time from when
1587 * update_approx_time() was last called. This is a hack to avoid calling
1588 * time(NULL) on critical paths: please do not even think of calling it
1589 * anywhere else. */
1590 time_t
1592 {
1594 }
1596 /** Update the cached estimate of the current time. This function SHOULD be
1597 * called once per second, and MUST be called before the first call to
1598 * get_approx_time. */
1599 void
1601 {
1603 }
1604 #endif
1606 /* =====
1607 * Rate limiting
1608 * ===== */
1610 /** If the rate-limiter <b>lim</b> is ready at <b>now</b>, return the number
1611 * of calls to rate_limit_is_ready (including this one!) since the last time
1612 * rate_limit_is_ready returned nonzero. Otherwise return 0. */
1613 static int
1615 {
1624 }
1625 }
1627 /** If the rate-limiter <b>lim</b> is ready at <b>now</b>, return a newly
1628 * allocated string indicating how many messages were suppressed, suitable to
1629 * append to a log message. Otherwise return NULL. */
1632 {
1643 }
1646 }
1647 }
1649 /* =====
1650 * File helpers
1651 * ===== */
1653 /** Write <b>count</b> bytes from <b>buf</b> to <b>fd</b>. <b>isSocket</b>
1654 * must be 1 if fd was returned by socket() or accept(), and 0 if fd
1655 * was returned by open(). Return the number of bytes written, or -1
1656 * on error. Only use if fd is a blocking fd. */
1657 ssize_t
1659 {
1661 ssize_t result;
1667 else
1672 }
1674 }
1676 /** Read from <b>fd</b> to <b>buf</b>, until we get <b>count</b> bytes
1677 * or reach the end of the file. <b>isSocket</b> must be 1 if fd
1678 * was returned by socket() or accept(), and 0 if fd was returned by
1679 * open(). Return the number of bytes read, or -1 on error. Only use
1680 * if fd is a blocking fd. */
1681 ssize_t
1683 {
1685 ssize_t result;
1693 else
1700 }
1702 }
1704 /*
1705 * Filesystem operations.
1706 */
1708 /** Clean up <b>name</b> so that we can use it in a call to "stat". On Unix,
1709 * we do nothing. On Windows, we remove a trailing slash, unless the path is
1710 * the root of a disk. */
1711 static void
1713 {
1714 #ifdef MS_WINDOWS
1722 }
1723 #else
1725 #endif
1726 }
1728 /** Return FN_ERROR if filename can't be read, FN_NOENT if it doesn't
1729 * exist, FN_FILE if it is a regular file, or FN_DIR if it's a
1730 * directory. On FN_ERROR, sets errno. */
1731 file_status_t
1733 {
1744 }
1746 }
1751 else
1753 }
1755 /** Check whether <b>dirname</b> exists and is private. If yes return 0. If
1756 * it does not exist, and <b>check</b>&CPD_CREATE is set, try to create it
1757 * and return 0 on success. If it does not exist, and
1758 * <b>check</b>&CPD_CHECK, and we think we can create it, return 0. Else
1759 * return -1. If CPD_GROUP_OK is set, then it's okay if the directory
1760 * is group-readable, but in all cases we create the directory mode 0700.
1761 * If CPD_CHECK_MODE_ONLY is set, then we don't alter the directory permissions
1762 * if they are too permissive: we just return -1.
1763 * When effective_user is not NULL, check permissions against the given user
1764 * and its primary group.
1765 */
1766 int
1769 {
1773 #ifndef MS_WINDOWS
1776 uid_t running_uid;
1777 gid_t running_gid;
1778 #else
1780 #endif
1792 }
1795 #if defined (MS_WINDOWS) && !defined (WINCE)
1797 #else
1799 #endif
1804 }
1808 }
1809 /* XXXX In the case where check==CPD_CHECK, we should look at the
1810 * parent directory a little harder. */
1812 }
1816 }
1817 #ifndef MS_WINDOWS
1819 /* Look up the user and group information.
1820 * If we have a problem, bail out. */
1824 effective_user);
1826 }
1832 }
1850 }
1865 }
1870 }
1875 dirname);
1877 }
1888 }
1889 }
1890 #endif
1892 }
1894 /** Create a file named <b>fname</b> with the contents <b>str</b>. Overwrite
1895 * the previous <b>fname</b> if possible. Return 0 on success, -1 on failure.
1896 *
1897 * This function replaces the old file atomically, if possible. This
1898 * function, and all other functions in util.c that create files, create them
1899 * with mode 0600.
1900 */
1901 int
1903 {
1904 #ifdef MS_WINDOWS
1908 }
1909 #endif
1911 }
1913 /** Represents a file that we're writing to, with support for atomic commit:
1914 * we can write into a temporary file, and either remove the file on
1915 * failure, or replace the original file on success. */
1923 };
1925 /** Try to start writing to the file in <b>fname</b>, passing the flags
1926 * <b>open_flags</b> to the open() syscall, creating the file (if needed) with
1927 * access value <b>mode</b>. If the O_APPEND flag is set, we append to the
1928 * original file. Otherwise, we open a new temporary file in the same
1929 * directory, and either replace the original or remove the temporary file
1930 * when we're done.
1931 *
1932 * Return the fd for the newly opened file, and store working data in
1933 * *<b>data_out</b>. The caller should not close the fd manually:
1934 * instead, call finish_writing_to_file() or abort_writing_to_file().
1935 * Returns -1 on failure.
1936 *
1937 * NOTE: When not appending, the flags O_CREAT and O_TRUNC are treated
1938 * as true and the flag O_EXCL is treated as false.
1939 *
1940 * NOTE: Ordinarily, O_APPEND means "seek to the end of the file before each
1941 * write()". We don't do that.
1942 */
1943 int
1946 {
1954 #if (O_BINARY != 0 && O_TEXT != 0)
1956 #endif
1970 }
1971 /* We always replace an existing temporary file if there is one. */
1975 }
1984 }
1990 }
1991 }
1997 err:
2005 }
2007 /** Given <b>file_data</b> from start_writing_to_file(), return a stdio FILE*
2008 * that can be used to write to the same file. The caller should not mix
2009 * stdio calls with non-stdio calls. */
2012 {
2021 }
2023 }
2025 /** Combines start_writing_to_file with fdopen_file(): arguments are as
2026 * for start_writing_to_file, but */
2030 {
2037 }
2039 }
2041 /** Helper function: close and free the underlying file and memory in
2042 * <b>file_data</b>. If we were writing into a temporary file, then delete
2043 * that file (if abort_write is true) or replaces the target file with
2044 * the temporary file (if abort_write is false). */
2045 static int
2047 {
2055 }
2060 }
2072 }
2073 }
2074 }
2081 }
2083 /** Finish writing to <b>file_data</b>: close the file handle, free memory as
2084 * needed, and if using a temporary file, replace the original file with
2085 * the temporary file. */
2086 int
2088 {
2090 }
2092 /** Finish writing to <b>file_data</b>: close the file handle, free memory as
2093 * needed, and if using a temporary file, delete it. */
2094 int
2096 {
2098 }
2100 /** Helper: given a set of flags as passed to open(2), open the file
2101 * <b>fname</b> and write all the sized_chunk_t structs in <b>chunks</b> to
2102 * the file. Do so as atomically as possible e.g. by opening temp files and
2103 * renaming. */
2104 static int
2107 {
2110 ssize_t result;
2115 {
2121 }
2123 });
2126 err:
2129 }
2131 /** Given a smartlist of sized_chunk_t, write them atomically to a file
2132 * <b>fname</b>, overwriting or creating the file as necessary. */
2133 int
2135 {
2138 }
2140 /** As write_str_to_file, but does not assume a NUL-terminated
2141 * string. Instead, we write <b>len</b> bytes, starting at <b>str</b>. */
2142 int
2145 {
2154 }
2156 /** As write_bytes_to_file, but if the file already exists, append the bytes
2157 * to the end of the file instead of overwriting it. */
2158 int
2161 {
2170 }
2172 /** Read the contents of <b>filename</b> into a newly allocated
2173 * string; return the string on success or NULL on failure.
2174 *
2175 * If <b>stat_out</b> is provided, store the result of stat()ing the
2176 * file into <b>stat_out</b>.
2177 *
2178 * If <b>flags</b> & RFTS_BIN, open the file in binary mode.
2179 * If <b>flags</b> & RFTS_IGNORE_MISSING, don't warn if the file
2180 * doesn't exist.
2181 */
2182 /*
2183 * This function <em>may</em> return an erroneous result if the file
2184 * is modified while it is running, but must not crash or overflow.
2185 * Right now, the error case occurs when the file length grows between
2186 * the call to stat and the call to read_all: the resulting string will
2187 * be truncated.
2188 */
2191 {
2195 ssize_t r;
2210 }
2218 }
2234 }
2237 #ifdef MS_WINDOWS
2241 filename);
2244 }
2248 #endif
2250 /* Unless we're using text mode on win32, we'd better have an exact
2251 * match for size. */
2259 }
2263 }
2266 }
2270 /** Given a c-style double-quoted escaped string in <b>s</b>, extract and
2271 * decode its contents into a newly allocated string. On success, assign this
2272 * string to *<b>result</b>, assign its length to <b>size_out</b> (if
2273 * provided), and return a pointer to the position in <b>s</b> immediately
2274 * after the string. On failure, return NULL.
2275 */
2278 {
2303 }
2308 }
2309 }
2310 end_of_loop:
2315 {
2326 {
2337 {
2344 }
2355 }
2359 }
2360 }
2361 }
2363 /** Given a string containing part of a configuration file or similar format,
2364 * advance past comments and whitespace and try to parse a single line. If we
2365 * parse a line successfully, set *<b>key_out</b> to a new string holding the
2366 * key portion and *<b>value_out</b> to a new string holding the value portion
2367 * of the line, and return a pointer to the start of the next line. If we run
2368 * out of data, return a pointer to the end of the string. If we encounter an
2369 * error, return NULL.
2370 */
2373 {
2374 /* I believe the file format here is supposed to be:
2375 FILE = (EMPTYLINE | LINE)* (EMPTYLASTLINE | LASTLINE)?
2377 EMPTYLASTLINE = SPACE* | COMMENT
2378 EMPTYLINE = EMPTYLASTLINE NL
2379 SPACE = ' ' | '\r' | '\t'
2380 COMMENT = '#' NOT-NL*
2381 NOT-NL = Any character except '\n'
2382 NL = '\n'
2384 LASTLINE = SPACE* KEY SPACE* VALUES
2385 LINE = LASTLINE NL
2386 KEY = KEYCHAR+
2387 KEYCHAR = Any character except ' ', '\r', '\n', '\t', '#', "\"
2389 VALUES = QUOTEDVALUE | NORMALVALUE
2390 QUOTEDVALUE = QUOTE QVITEM* QUOTE EOLSPACE?
2391 QUOTE = '"'
2392 QVCHAR = KEYCHAR | ESC ('n' | 't' | 'r' | '"' | ESC |'\'' | OCTAL | HEX)
2393 ESC = "\\"
2394 OCTAL = ODIGIT (ODIGIT ODIGIT?)?
2395 HEX = ('x' | 'X') HEXDIGIT HEXDIGIT
2396 ODIGIT = '0' .. '7'
2397 HEXDIGIT = '0'..'9' | 'a' .. 'f' | 'A' .. 'F'
2398 EOLSPACE = SPACE* COMMENT?
2400 NORMALVALUE = (VALCHAR | ESC ESC_IGNORE | CONTINUATION)* EOLSPACE?
2401 VALCHAR = Any character except ESC, '#', and '\n'
2402 ESC_IGNORE = Any character except '#' or '\n'
2403 CONTINUATION = ESC NL ( COMMENT NL )*
2404 */
2414 /* Skip until the first keyword. */
2423 }
2424 }
2429 }
2431 /* Skip until the next space or \ followed by newline. */
2438 /* Skip until the value. */
2444 /* Find the end of the line. */
2453 /* Look for the end of the line. */
2466 }
2467 }
2473 }
2474 /* Now back cp up to be the last nonspace character */
2480 /* Now copy out and decode the value. */
2496 }
2497 }
2499 }
2500 }
2506 }
2510 }
2512 /** Expand any homedir prefix on <b>filename</b>; return a newly allocated
2513 * string. */
2516 {
2518 #ifdef MS_WINDOWS
2520 #else
2533 }
2536 #ifdef HAVE_PWD_H
2541 else
2547 }
2550 #else
2553 #endif
2554 }
2556 /* Remove trailing slash. */
2559 }
2565 }
2566 #endif
2567 }
2569 #define MAX_SCANF_WIDTH 9999
2571 /** Helper: given an ASCII-encoded decimal digit, return its numeric value.
2572 * NOTE: requires that its input be in-bounds. */
2573 static int
2575 {
2579 }
2581 /** Helper: Read an unsigned int from *<b>bufp</b> of up to <b>width</b>
2582 * characters. (Handle arbitrary width if <b>width</b> is less than 0.) On
2583 * success, store the result in <b>out</b>, advance bufp to the next
2584 * character, and return 0. On failure, return -1. */
2585 static int
2587 {
2605 }
2612 }
2614 /** Helper: copy up to <b>width</b> non-space characters from <b>bufp</b> to
2615 * <b>out</b>. Make sure <b>out</b> is nul-terminated. Advance <b>bufp</b>
2616 * to the next non-space character or the EOS. */
2617 static int
2619 {
2626 }
2629 }
2631 /** Locale-independent, minimal, no-surprises scanf variant, accepting only a
2632 * restricted pattern format. For more info on what it supports, see
2633 * tor_sscanf() documentation. */
2634 int
2636 {
2647 }
2658 }
2661 }
2695 }
2696 }
2697 }
2700 }
2702 /** Minimal sscanf replacement: parse <b>buf</b> according to <b>pattern</b>
2703 * and store the results in the corresponding argument fields. Differs from
2704 * sscanf in that it: Only handles %u and %x and %Ns. Does not handle
2705 * arbitrarily long widths. %u and %x do not consume any space. Is
2706 * locale-independent. Returns -1 on malformed patterns.
2707 *
2708 * (As with other locale-independent functions, we need this to parse data that
2709 * is in ASCII without worrying that the C library's locale-handling will make
2710 * miscellaneous characters look like numbers, spaces, and so on.)
2711 */
2712 int
2714 {
2721 }
2723 /** Append the string produced by tor_asprintf(<b>pattern</b>, <b>...</b>)
2724 * to <b>sl</b>. */
2725 void
2727 {
2732 }
2734 /** va_list-based backend of smartlist_asprintf_add. */
2735 void
2738 {
2745 }
2747 /** Return a new list containing the filenames in the directory <b>dirname</b>.
2748 * Return NULL on error or if <b>dirname</b> is not a directory.
2749 */
2750 smartlist_t *
2752 {
2754 #ifdef MS_WINDOWS
2758 HANDLE handle;
2759 WIN32_FIND_DATA findData;
2763 #ifdef UNICODE
2765 #else
2767 #endif
2771 }
2774 #ifdef UNICODE
2776 #else
2778 #endif
2782 }
2784 DWORD err;
2789 }
2791 }
2792 }
2795 #else
2807 }
2809 #endif
2811 }
2813 /** Return true iff <b>filename</b> is a relative path. */
2814 int
2816 {
2819 #ifdef MS_WINDOWS
2825 #endif
2826 else
2828 }
2830 /* =====
2831 * Process helpers
2832 * ===== */
2834 #ifndef MS_WINDOWS
2835 /* Based on code contributed by christian grothoff */
2836 /** True iff we've called start_daemon(). */
2838 /** True iff we've called finish_daemon(). */
2840 /** Socketpair used to communicate between parent and child process while
2841 * daemonizing. */
2843 /** Start putting the process into daemon mode: fork and drop all resources
2844 * except standard fds. The parent process never returns, but stays around
2845 * until finish_daemon is called. (Note: it's safe to call this more
2846 * than once: calls after the first are ignored.)
2847 */
2848 void
2850 {
2851 pid_t pid;
2860 }
2865 }
2875 }
2879 else
2885 /*
2886 * Fork one more time, so the parent (the session group leader) can exit.
2887 * This means that we, as a non-session group leader, can never regain a
2888 * controlling terminal. This part is recommended by Stevens's
2889 * _Advanced Programming in the Unix Environment_.
2890 */
2893 }
2897 }
2898 }
2900 /** Finish putting the process into daemon mode: drop standard fds, and tell
2901 * the parent process to exit. (Note: it's safe to call this more than once:
2902 * calls after the first are ignored. Calls start_daemon first if it hasn't
2903 * been called already.)
2904 */
2905 void
2907 {
2918 /* Don't hold the wrong FS mounted */
2922 }
2928 }
2929 /* close fds linking to invoking terminal, but
2930 * close usual incoming fds, but redirect them somewhere
2931 * useful so the fds don't get reallocated elsewhere.
2932 */
2938 }
2941 /* signal success */
2944 }
2946 }
2947 #else
2948 /* defined(MS_WINDOWS) */
2949 void
2951 {
2952 }
2953 void
2955 {
2957 }
2958 #endif
2960 /** Write the current process ID, followed by NL, into <b>filename</b>.
2961 */
2962 void
2964 {
2971 #ifdef MS_WINDOWS
2973 #else
2975 #endif
2977 }
2978 }
2980 #ifdef MS_WINDOWS
2981 HANDLE
2983 {
2992 }
2993 #endif
2995 /** Format a single argument for being put on a Windows command line.
2996 * Returns a newly allocated string */
2999 {
3005 /* Backslash we can point to when one is inserted into the string */
3008 /* Smartlist of *char */
3012 /* Quote string if it contains whitespace or is empty */
3015 /* Build up smartlist of *chars */
3018 /* Double up backslashes preceding a quote */
3022 /* Escape the quote */
3026 /* Count backslashes until we know whether to double up */
3027 bs_counter++;
3029 /* Don't double up slashes preceding a non-quote */
3034 }
3035 }
3036 /* Don't double up trailing backslashes */
3040 /* Allocate space for argument, quotes (if needed), and terminator */
3044 /* Add leading quote */
3049 /* Add characters */
3051 {
3053 });
3055 /* Add trailing quote */
3062 }
3064 /** Format a command line for use on Windows, which takes the command as a
3065 * string rather than string array. Follows the rules from "Parsing C++
3066 * Command-Line Arguments" in MSDN. Algorithm based on list2cmdline in the
3067 * Python subprocess module. Returns a newly allocated string */
3070 {
3075 /* Format each argument and put the result in a smartlist */
3079 }
3081 /* Join the arguments with whitespace */
3084 /* Free the newly allocated arguments, and the smartlist */
3086 {
3088 });
3092 }
3094 /** Format <b>child_state</b> and <b>saved_errno</b> as a hex string placed in
3095 * <b>hex_errno</b>. Called between fork and _exit, so must be signal-handler
3096 * safe.
3097 *
3098 * <b>hex_errno</b> must have at least HEX_ERRNO_SIZE bytes available.
3099 *
3100 * The format of <b>hex_errno</b> is: "CHILD_STATE/ERRNO\n", left-padded
3101 * with spaces. Note that there is no trailing \0. CHILD_STATE indicates where
3102 * in the processs of starting the child process did the failure occur (see
3103 * CHILD_STATE_* macros for definition), and SAVED_ERRNO is the value of
3104 * errno when the failure occurred.
3105 */
3107 void
3110 {
3115 /* Fill hex_errno with spaces, and a trailing newline (memset may
3116 not be signal handler safe, so we can't use it) */
3121 /* Convert errno to be unsigned for hex conversion */
3126 }
3128 /* Convert errno to hex (start before \n) */
3131 /* Check for overflow on first iteration of the loop */
3140 /* Prepend the minus sign if errno was negative */
3144 /* Leave a gap */
3148 /* Check for overflow on first iteration of the loop */
3152 /* Convert child_state to hex */
3157 }
3159 /* Maximum number of file descriptors, if we cannot get it via sysconf() */
3160 #define DEFAULT_MAX_FD 256
3162 /** Terminate process running at PID <b>pid</b>.
3163 * Code borrowed from Python's os.kill. */
3164 int
3166 {
3167 #ifdef MS_WINDOWS
3168 HANDLE handle;
3169 /* If the signal is outside of what GenerateConsoleCtrlEvent can use,
3170 attempt to open and terminate the process. */
3177 else
3181 #endif
3182 }
3184 #define CHILD_STATE_INIT 0
3185 #define CHILD_STATE_PIPE 1
3186 #define CHILD_STATE_MAXFD 2
3187 #define CHILD_STATE_FORK 3
3188 #define CHILD_STATE_DUPOUT 4
3189 #define CHILD_STATE_DUPERR 5
3190 #define CHILD_STATE_REDIRECT 6
3191 #define CHILD_STATE_CLOSEFD 7
3192 #define CHILD_STATE_EXEC 8
3193 #define CHILD_STATE_FAILEXEC 9
3195 /** Start a program in the background. If <b>filename</b> contains a '/', then
3196 * it will be treated as an absolute or relative path. Otherwise, on
3197 * non-Windows systems, the system path will be searched for <b>filename</b>.
3198 * On Windows, only the current directory will be searched. Here, to search the
3199 * system path (as well as the application directory, current working
3200 * directory, and system directories), set filename to NULL.
3201 *
3202 * The strings in <b>argv</b> will be passed as the command line arguments of
3203 * the child program (following convention, argv[0] should normally be the
3204 * filename of the executable, and this must be the case if <b>filename</b> is
3205 * NULL). The last element of argv must be NULL. A handle to the child process
3206 * will be returned in process_handle (which must be non-NULL). Read
3207 * process_handle.status to find out if the process was successfully launched.
3208 * For convenience, process_handle.status is returned by this function.
3209 *
3210 * Some parts of this code are based on the POSIX subprocess module from
3211 * Python, and example code from
3212 * http://msdn.microsoft.com/en-us/library/ms682499%28v=vs.85%29.aspx.
3213 */
3214 int
3218 {
3219 #ifdef MS_WINDOWS
3225 STARTUPINFO siStartInfo;
3228 SECURITY_ATTRIBUTES saAttr;
3233 /* process_handle must not be NULL */
3238 /* TODO: should we set explicit security attributes? (#2046, comment 5) */
3241 /* Assume failure to start process */
3245 /* Set up pipe for stdout */
3251 }
3254 "Failed to configure pipe for stdout communication with child "
3257 }
3259 /* Set up pipe for stderr */
3265 }
3268 "Failed to configure pipe for stderr communication with child "
3271 }
3273 /* Create the child process */
3275 /* Windows expects argv to be a whitespace delimited string, so join argv up
3276 */
3287 /* Create the child process */
3291 /* TODO: should we set explicit security attributes? (#2046, comment 5) */
3295 /*(TODO: set CREATE_NEW CONSOLE/PROCESS_GROUP to make GetExitCodeProcess()
3296 * work?) */
3310 /* TODO: Close hProcess and hThread in process_handle->pid? */
3314 }
3316 /* TODO: Close pipes on exit */
3320 pid_t pid;
3324 ssize_t nbytes;
3329 /* Represents where in the process of spawning the program is;
3330 this is used for printing out the error message */
3337 /* Assume failure to start */
3341 /* We do the strlen here because strlen() is not signal handler safe,
3342 and we are not allowed to use unsafe functions between fork and exec */
3347 /* Set up pipe for redirecting stdout and stderr of child */
3354 }
3362 }
3366 #ifdef _SC_OPEN_MAX
3373 }
3374 #else
3376 #endif
3382 /* In child */
3386 /* Link child stdout to the write end of the pipe */
3393 /* Link child stderr to the write end of the pipe */
3400 /* Link stdin to /dev/null */
3404 else
3415 /* Close all other fds, including the read end of the pipe */
3416 /* XXX: We should now be doing enough FD_CLOEXEC setting to make
3417 * this needless. */
3420 }
3424 /* Call the requested program. We need the cast because
3425 execvp doesn't define argv as const, even though it
3426 does not modify the arguments */
3429 else
3432 /* If we got here, the exec or open(/dev/null) failed */
3436 error:
3437 /* XXX: are we leaking fds from the pipe? */
3441 /* Write the error message. GCC requires that we check the return
3442 value, but there is nothing we can do if it fails */
3443 /* TODO: Don't use STDOUT, use a pipe set up just for this purpose */
3450 /* Never reached, but avoids compiler warning */
3452 }
3454 /* In parent */
3463 }
3467 /* TODO: If the child process forked but failed to exec, waitpid it */
3469 /* Return read end of the pipes to caller, and close write end */
3477 }
3486 }
3489 /* Set stdout/stderr pipes to be non-blocking */
3492 /* Open the buffered IO streams */
3498 }
3500 /** Get the exit code of a process specified by <b>process_handle</b> and store
3501 * it in <b>exit_code</b>, if set to a non-NULL value. If <b>block</b> is set
3502 * to true, the call will block until the process has exited. Otherwise if
3503 * the process is still running, the function will return
3504 * PROCESS_EXIT_RUNNING, and exit_code will be left unchanged. Returns
3505 * PROCESS_EXIT_EXITED if the process did exit. If there is a failure,
3506 * PROCESS_EXIT_ERROR will be returned and the contents of exit_code (if
3507 * non-NULL) will be undefined. N.B. Under *nix operating systems, this will
3508 * probably not work in Tor, because waitpid() is called in main.c to reap any
3509 * terminated child processes.*/
3510 int
3513 {
3514 #ifdef MS_WINDOWS
3515 DWORD retval;
3516 BOOL success;
3519 /* Wait for the process to exit */
3525 }
3529 /* Process has not exited */
3535 }
3536 }
3545 }
3546 }
3547 #else
3553 /* Process has not exited */
3559 }
3565 }
3572 }
3574 #ifdef MS_WINDOWS
3575 /** Read from a handle <b>h</b> into <b>buf</b>, up to <b>count</b> bytes. If
3576 * <b>hProcess</b> is NULL, the function will return immediately if there is
3577 * nothing more to read. Otherwise <b>hProcess</b> should be set to the handle
3578 * to the process owning the <b>h</b>. In this case, the function will exit
3579 * only once the process has exited, or <b>count</b> bytes are read. Returns
3580 * the number of bytes read, or -1 on error. */
3581 ssize_t
3584 {
3586 BOOL retval;
3587 DWORD byte_count;
3594 /* Check if there is anything to read */
3602 /* Nothing available: process exited or it is busy */
3604 /* Exit if we don't know whether the process is running */
3608 /* The process exited and there's nothing left to read from it */
3612 /* If process is not running, check for output one more time in case
3613 it wrote something after the peek was performed. Otherwise keep on
3614 waiting for output */
3621 }
3623 /* There is data to read; read it */
3631 /* End of file */
3633 }
3635 }
3637 }
3638 #else
3639 /** Read from a handle <b>h</b> into <b>buf</b>, up to <b>count</b> bytes. If
3640 * <b>process</b> is NULL, the function will return immediately if there is
3641 * nothing more to read. Otherwise data will be read until end of file, or
3642 * <b>count</b> bytes are read. Returns the number of bytes read, or -1 on
3643 * error. Sets <b>eof</b> to true if <b>eof</b> is not NULL and the end of the
3644 * file has been reached. */
3645 ssize_t
3649 {
3660 /* Use fgets because that is what we use in log_from_pipe() */
3673 else
3680 }
3681 }
3682 }
3686 }
3690 }
3691 #endif
3693 /** Read from stdout of a process until the process exits. */
3694 ssize_t
3697 {
3698 #ifdef MS_WINDOWS
3700 process_handle);
3701 #else
3704 #endif
3705 }
3707 /** Read from stdout of a process until the process exits. */
3708 ssize_t
3711 {
3712 #ifdef MS_WINDOWS
3714 process_handle);
3715 #else
3718 #endif
3719 }
3721 /** Split buf into lines, and add to smartlist. The buffer <b>buf</b> will be
3722 * modified. The resulting smartlist will consist of pointers to buf, so there
3723 * is no need to free the contents of sl. <b>buf</b> must be a NUL-terminated
3724 * string. <b>len</b> should be set to the length of the buffer excluding the
3725 * NUL. Non-printable characters (including NUL) will be replaced with "." */
3726 int
3728 {
3729 /* Index in buf of the start of the current line */
3731 /* Index in buf of the current character being processed */
3733 /* Are we currently in a line */
3736 /* Loop over string */
3738 /* Loop until end of line or end of string */
3742 /* End of line */
3744 /* Point cur to the next line */
3745 cur++;
3746 /* Line starts at start and ends with a nul */
3751 }
3754 /* Skip leading vertical space */
3755 ;
3761 }
3762 }
3763 }
3764 /* We are at the end of the line or end of string. If in_line is true there
3765 * is a line which starts at buf+start and ends at a NUL. cur points to
3766 * the character after the NUL. */
3770 }
3772 }
3774 #ifdef MS_WINDOWS
3775 /** Read from stream, and send lines to log at the specified log level.
3776 * Returns -1 if there is a error reading, and 0 otherwise.
3777 * If the generated stream is flushed more often than on new lines, or
3778 * a read exceeds 256 bytes, lines will be truncated. This should be fixed,
3779 * along with the corresponding problem on *nix (see bug #2045).
3780 */
3781 static int
3783 {
3790 /* Error */
3793 }
3796 /* There's nothing to read (process is busy or has exited) */
3799 }
3801 /* End with a null even if there isn't a \r\n at the end */
3802 /* TODO: What if this is a partial line? */
3806 /* Split up the buffer */
3810 /* Log each line */
3812 {
3814 });
3818 }
3820 #else
3822 /** Read from stream, and send lines to log at the specified log level.
3823 * Returns 1 if stream is closed normally, -1 if there is a error reading, and
3824 * 0 otherwise. Handles lines from tor-fw-helper and
3825 * tor_spawn_background() specially.
3826 */
3827 static int
3830 {
3845 }
3849 /* Check if buf starts with SPAWN_ERROR_MESSAGE */
3851 /* Parse error message */
3862 /* Failed to parse message from child process, log it as a
3863 warning */
3867 }
3870 }
3871 }
3873 /* We should never get here */
3875 }
3876 #endif
3878 /** Reads from <b>stream</b> and stores input in <b>buf_out</b> making
3879 * sure it's below <b>count</b> bytes.
3880 * If the string has a trailing newline, we strip it off.
3881 *
3882 * This function is specifically created to handle input from managed
3883 * proxies, according to the pluggable transports spec. Make sure it
3884 * fits your needs before using it.
3885 *
3886 * Returns:
3887 * IO_STREAM_CLOSED: If the stream is closed.
3888 * IO_STREAM_EAGAIN: If there is nothing to read and we should check back
3889 * later.
3890 * IO_STREAM_TERM: If something is wrong with the stream.
3891 * IO_STREAM_OKAY: If everything went okay and we got a string
3892 * in <b>buf_out</b>. */
3893 enum stream_status
3895 {
3905 /* Program has closed stream (probably it exited) */
3906 /* TODO: check error */
3910 /* Nothing more to read, try again next time */
3913 /* There was a problem, abandon this child process */
3915 }
3916 }
3922 /* Remove the trailing newline */
3925 /* No newline; check whether we overflowed the buffer */
3929 /* TODO: What to do with this error? */
3930 }
3933 }
3935 /* We should never get here */
3937 }
3939 void
3942 {
3943 /* When fw-helper succeeds, how long do we wait until running it again */
3944 #define TIME_TO_EXEC_FWHELPER_SUCCESS 300
3945 /* When fw-helper failed to start, how long do we wait until running it again
3946 */
3947 #define TIME_TO_EXEC_FWHELPER_FAIL 60
3949 /* Static variables are initialized to zero, so child_handle.status=0
3950 * which corresponds to it not running on startup */
3960 /* Set up command line for tor-fw-helper */
3964 /* TODO: Allow different internal and external ports */
3976 /* Start the child, if it is not already running */
3979 /* Assume tor-fw-helper will succeed, start it later*/
3982 #ifdef MS_WINDOWS
3983 /* Passing NULL as lpApplicationName makes Windows search for the .exe */
3985 #else
3987 #endif
3990 filename);
3993 }
3994 #ifdef MS_WINDOWS
3997 #else
4001 #endif
4002 }
4004 /* If child is running, read from its stdout and stderr) */
4006 /* Read from stdout/stderr and log result */
4008 #ifdef MS_WINDOWS
4011 /* If we got this far (on Windows), the process started */
4013 #else
4018 #endif
4020 /* There was a problem in the child process */
4022 }
4024 /* Combine the two statuses in order of severity */
4026 /* There was a failure */
4028 #ifdef MS_WINDOWS
4030 PROCESS_EXIT_RUNNING) {
4031 /* process has exited or there was an error */
4032 /* TODO: Do something with the process return value */
4033 /* TODO: What if the process output something since
4034 * between log_from_handle and tor_get_exit_code? */
4036 }
4037 #else
4039 /* stdout or stderr was closed, the process probably
4040 * exited. It will be reaped by waitpid() in main.c */
4041 /* TODO: Do something with the process return value */
4043 #endif
4044 else
4045 /* Both are fine */
4048 /* If either pipe indicates a failure, act on it */
4056 }
4058 /* TODO: The child might not actually be finished (maybe it failed or
4059 closed stdout/stderr), so maybe we shouldn't start another? */
4060 }
4061 }
4062 }