| blob | 6d488d9963b6437fae5d75a25ed35a6e4938a860 |
1 /* Copyright (c) 2003, Roger Dingledine
2 * Copyright (c) 2004-2006, Roger Dingledine, Nick Mathewson.
3 * Copyright (c) 2007-2011, The Tor Project, Inc. */
4 /* See LICENSE for licensing information */
6 /**
7 * \file util.c
8 * \brief Common functions for strings, IO, network, data structures,
9 * process control.
10 **/
12 /* This is required on rh7 to make strptime not complain.
13 */
14 #define _GNU_SOURCE
17 #ifdef HAVE_FCNTL_H
18 #include <fcntl.h>
19 #endif
20 #define UTIL_PRIVATE
23 #undef log
29 #ifdef MS_WINDOWS
30 #include <io.h>
31 #include <direct.h>
32 #include <process.h>
33 #include <tchar.h>
34 #include <Winbase.h>
35 #else
36 #include <dirent.h>
37 #include <pwd.h>
38 #include <grp.h>
39 #endif
41 /* math.h needs this on Linux */
42 #ifndef __USE_ISOC99
43 #define __USE_ISOC99 1
44 #endif
45 #include <math.h>
46 #include <stdlib.h>
47 #include <stdio.h>
48 #include <string.h>
49 #include <assert.h>
50 #include <signal.h>
52 #ifdef HAVE_NETINET_IN_H
53 #include <netinet/in.h>
54 #endif
55 #ifdef HAVE_ARPA_INET_H
56 #include <arpa/inet.h>
57 #endif
58 #ifdef HAVE_ERRNO_H
59 #include <errno.h>
60 #endif
61 #ifdef HAVE_SYS_SOCKET_H
62 #include <sys/socket.h>
63 #endif
64 #ifdef HAVE_SYS_TIME_H
65 #include <sys/time.h>
66 #endif
67 #ifdef HAVE_UNISTD_H
68 #include <unistd.h>
69 #endif
70 #ifdef HAVE_SYS_STAT_H
71 #include <sys/stat.h>
72 #endif
73 #ifdef HAVE_SYS_FCNTL_H
74 #include <sys/fcntl.h>
75 #endif
76 #ifdef HAVE_TIME_H
77 #include <time.h>
78 #endif
79 #ifdef HAVE_MALLOC_MALLOC_H
80 #include <malloc/malloc.h>
81 #endif
82 #ifdef HAVE_MALLOC_H
83 #ifndef OPENBSD
84 /* OpenBSD has a malloc.h, but for our purposes, it only exists in order to
85 * scold us for being so stupid as to autodetect its presence. To be fair,
86 * they've done this since 1996, when autoconf was only 5 years old. */
87 #include <malloc.h>
88 #endif
89 #endif
90 #ifdef HAVE_MALLOC_NP_H
91 #include <malloc_np.h>
92 #endif
93 #ifdef HAVE_SYS_WAIT_H
94 #include <sys/wait.h>
95 #endif
97 /* =====
98 * Memory management
99 * ===== */
100 #ifdef USE_DMALLOC
101 #undef strndup
102 #include <dmalloc.h>
103 /* Macro to pass the extra dmalloc args to another function. */
104 #define DMALLOC_FN_ARGS , file, line
106 #if defined(HAVE_DMALLOC_STRDUP)
107 /* the dmalloc_strdup should be fine as defined */
108 #elif defined(HAVE_DMALLOC_STRNDUP)
109 #define dmalloc_strdup(file, line, string, xalloc_b) \
110 dmalloc_strndup(file, line, (string), -1, xalloc_b)
111 #else
113 #endif
117 #define DMALLOC_FN_ARGS
118 #endif
120 /** Allocate a chunk of <b>size</b> bytes of memory, and return a pointer to
121 * result. On error, log and terminate the process. (Same as malloc(size),
122 * but never returns NULL.)
123 *
124 * <b>file</b> and <b>line</b> are used if dmalloc is enabled, and
125 * ignored otherwise.
126 */
129 {
134 #ifndef MALLOC_ZERO_WORKS
135 /* Some libc mallocs don't work when size==0. Override them. */
138 }
139 #endif
141 #ifdef USE_DMALLOC
143 #else
145 #endif
149 /* If these functions die within a worker process, they won't call
150 * spawn_exit, but that's ok, since the parent will run out of memory soon
151 * anyway. */
153 }
155 }
157 /** Allocate a chunk of <b>size</b> bytes of memory, fill the memory with
158 * zero bytes, and return a pointer to the result. Log and terminate
159 * the process on error. (Same as calloc(size,1), but never returns NULL.)
160 */
163 {
164 /* You may ask yourself, "wouldn't it be smart to use calloc instead of
165 * malloc+memset? Perhaps libc's calloc knows some nifty optimization trick
166 * we don't!" Indeed it does, but its optimizations are only a big win when
167 * we're allocating something very big (it knows if it just got the memory
168 * from the OS in a pre-zeroed state). We don't want to use tor_malloc_zero
169 * for big stuff, so we don't bother with calloc. */
173 }
175 /** Change the size of the memory block pointed to by <b>ptr</b> to <b>size</b>
176 * bytes long; return the new memory block. On error, log and
177 * terminate. (Like realloc(ptr,size), but never returns NULL.)
178 */
181 {
186 #ifdef USE_DMALLOC
188 #else
190 #endif
195 }
197 }
199 /** Return a newly allocated copy of the NUL-terminated string s. On
200 * error, log and terminate. (Like strdup(s), but never returns
201 * NULL.)
202 */
205 {
209 #ifdef USE_DMALLOC
211 #else
213 #endif
217 }
219 }
221 /** Allocate and return a new string containing the first <b>n</b>
222 * characters of <b>s</b>. If <b>s</b> is longer than <b>n</b>
223 * characters, only the first <b>n</b> are copied. The result is
224 * always NUL-terminated. (Like strndup(s,n), but never returns
225 * NULL.)
226 */
229 {
234 /* Performance note: Ordinarily we prefer strlcpy to strncpy. But
235 * this function gets called a whole lot, and platform strncpy is
236 * much faster than strlcpy when strlen(s) is much longer than n.
237 */
241 }
243 /** Allocate a chunk of <b>len</b> bytes, with the same contents as the
244 * <b>len</b> bytes starting at <b>mem</b>. */
247 {
254 }
256 /** Helper for places that need to take a function pointer to the right
257 * spelling of "free()". */
258 void
260 {
262 }
264 #if defined(HAVE_MALLOC_GOOD_SIZE) && !defined(HAVE_MALLOC_GOOD_SIZE_PROTOTYPE)
265 /* Some version of Mac OSX have malloc_good_size in their libc, but not
266 * actually defined in malloc/malloc.h. We detect this and work around it by
267 * prototyping.
268 */
270 #endif
272 /** Allocate and return a chunk of memory of size at least *<b>size</b>, using
273 * the same resources we would use to malloc *<b>sizep</b>. Set *<b>sizep</b>
274 * to the number of usable bytes in the chunk of memory. */
277 {
278 #ifdef HAVE_MALLOC_GOOD_SIZE
282 #elif 0 && defined(HAVE_MALLOC_USABLE_SIZE) && !defined(USE_DMALLOC)
283 /* Never use malloc_usable_size(); it makes valgrind really unhappy,
284 * and doesn't win much in terms of usable space where it exists. */
290 #else
292 #endif
293 }
295 /** Call the platform malloc info function, and dump the results to the log at
296 * level <b>severity</b>. If no such function exists, do nothing. */
297 void
299 {
300 #ifdef HAVE_MALLINFO
305 "mallinfo() said: arena=%d, ordblks=%d, smblks=%d, hblks=%d, "
306 "hblkhd=%d, usmblks=%d, fsmblks=%d, uordblks=%d, fordblks=%d, "
311 #else
313 #endif
314 #ifdef USE_DMALLOC
319 );
320 #endif
321 }
323 /* =====
324 * Math
325 * ===== */
327 /**
328 * Returns the natural logarithm of d base 2. We define this wrapper here so
329 * as to make it easier not to conflict with Tor's log() macro.
330 */
331 double
333 {
335 }
337 /** Return the long integer closest to d. We define this wrapper here so
338 * that not all users of math.h need to use the right incancations to get
339 * the c99 functions. */
340 long
342 {
343 #if defined(HAVE_LROUND)
345 #elif defined(HAVE_RINT)
347 #else
349 #endif
350 }
352 /** Returns floor(log2(u64)). If u64 is 0, (incorrectly) returns 0. */
353 int
355 {
360 }
364 }
368 }
372 }
376 }
380 }
382 }
384 /** Return the power of 2 closest to <b>u64</b>. */
385 uint64_t
387 {
392 else
394 }
396 /** Return the lowest x such that x is at least <b>number</b>, and x modulo
397 * <b>divisor</b> == 0. */
398 unsigned
400 {
404 }
406 /** Return the lowest x such that x is at least <b>number</b>, and x modulo
407 * <b>divisor</b> == 0. */
408 uint32_t
410 {
414 }
416 /** Return the lowest x such that x is at least <b>number</b>, and x modulo
417 * <b>divisor</b> == 0. */
418 uint64_t
420 {
424 }
426 /** Return the number of bits set in <b>v</b>. */
427 int
429 {
447 };
450 }
452 /* =====
453 * String manipulation
454 * ===== */
456 /** Remove from the string <b>s</b> every character which appears in
457 * <b>strip</b>. */
458 void
460 {
467 }
468 }
470 }
472 /** Return a pointer to a NUL-terminated hexadecimal string encoding
473 * the first <b>fromlen</b> bytes of <b>from</b>. (fromlen must be \<= 32.) The
474 * result does not need to be deallocated, but repeated calls to
475 * hex_str will trash old results.
476 */
479 {
485 }
487 /** Convert all alphabetic characters in the nul-terminated string <b>s</b> to
488 * lowercase. */
489 void
491 {
495 }
496 }
498 /** Convert all alphabetic characters in the nul-terminated string <b>s</b> to
499 * lowercase. */
500 void
502 {
506 }
507 }
509 /** Return 1 if every character in <b>s</b> is printable, else return 0.
510 */
511 int
513 {
517 s++;
518 }
520 }
522 /** Return 1 if no character in <b>s</b> is uppercase, else return 0.
523 */
524 int
526 {
530 s++;
531 }
533 }
535 /** As strcmp, except that either string may be NULL. The NULL string is
536 * considered to be before any non-NULL string. */
537 int
539 {
543 else
549 }
550 }
552 /** Compares the first strlen(s2) characters of s1 with s2. Returns as for
553 * strcmp.
554 */
555 int
557 {
560 }
562 /** Compare the s1_len-byte string <b>s1</b> with <b>s2</b>,
563 * without depending on a terminating nul in s1. Sorting order is first by
564 * length, then lexically; return values are as for strcmp.
565 */
566 int
568 {
575 }
577 /** Compares the first strlen(s2) characters of s1 with s2. Returns as for
578 * strcasecmp.
579 */
580 int
582 {
585 }
587 /** Compares the last strlen(s2) characters of s1 with s2. Returns as for
588 * strcmp.
589 */
590 int
592 {
596 else
598 }
600 /** Compares the last strlen(s2) characters of s1 with s2. Returns as for
601 * strcasecmp.
602 */
603 int
605 {
609 else
611 }
613 /** Compare the value of the string <b>prefix</b> with the start of the
614 * <b>memlen</b>-byte memory chunk at <b>mem</b>. Return as for strcmp.
615 *
616 * [As fast_memcmp(mem, prefix, strlen(prefix)) but returns -1 if memlen is
617 * less than strlen(prefix).]
618 */
619 int
622 {
627 }
629 /** Return a pointer to the first char of s that is not whitespace and
630 * not a comment, or to the terminating NUL if no such character exists.
631 */
634 {
652 }
653 }
654 }
656 /** Return a pointer to the first char of s that is not whitespace and
657 * not a comment, or to the terminating NUL if no such character exists.
658 */
661 {
680 }
681 }
683 }
685 /** Return a pointer to the first char of s that is not a space or a tab
686 * or a \\r, or to the terminating NUL if no such character exists. */
689 {
693 }
695 /** As eat_whitespace_no_nl, but stop at <b>eos</b> whether we have
696 * found a non-whitespace character or not. */
699 {
703 }
705 /** Return a pointer to the first char of s that is whitespace or <b>#</b>,
706 * or to the terminating NUL if no such character exists.
707 */
710 {
711 /* tor_assert(s); */
714 {
724 }
725 }
726 }
728 /** As find_whitespace, but stop at <b>eos</b> whether we have found a
729 * whitespace or not. */
732 {
733 /* tor_assert(s); */
736 {
746 }
747 }
749 }
751 /** Return the first occurrence of <b>needle</b> in <b>haystack</b> that
752 * occurs at the start of a line (that is, at the beginning of <b>haystack</b>
753 * or immediately after a newline). Return NULL if no such string is found.
754 */
757 {
767 else
772 }
774 /** Returns true if <b>string</b> could be a C identifier.
775 A C identifier must begin with a letter or an underscore and the
776 rest of its characters can be letters, numbers or underscores. No
777 length limit is imposed. */
778 int
780 {
796 }
797 }
800 }
802 /** Return true iff the 'len' bytes at 'mem' are all zero. */
803 int
805 {
808 };
810 /* It's safe to use fast_memcmp here, since the very worst thing an
811 * attacker could learn is how many initial bytes of a secret were zero */
816 }
817 /* Deal with leftover bytes. */
822 }
824 /** Return true iff the DIGEST_LEN bytes in digest are all zero. */
825 int
827 {
830 };
832 }
834 /** Return true iff the DIGEST256_LEN bytes in digest are all zero. */
835 int
837 {
839 }
841 /* Helper: common code to check whether the result of a strtol or strtoul or
842 * strtoll is correct. */
843 #define CHECK_STRTOX_RESULT() \
845 if (endptr == s) \
846 goto err; \
848 if (!next && *endptr) \
849 goto err; \
851 if (r < min || r > max) \
852 goto err; \
853 if (ok) *ok = 1; \
854 if (next) *next = endptr; \
855 return r; \
856 err: \
857 if (ok) *ok = 0; \
858 if (next) *next = endptr; \
859 return 0
861 /** Extract a long from the start of <b>s</b>, in the given numeric
862 * <b>base</b>. If <b>base</b> is 0, <b>s</b> is parsed as a decimal,
863 * octal, or hex number in the syntax of a C integer literal. If
864 * there is unconverted data and <b>next</b> is provided, set
865 * *<b>next</b> to the first unconverted character. An error has
866 * occurred if no characters are converted; or if there are
867 * unconverted characters and <b>next</b> is NULL; or if the parsed
868 * value is not between <b>min</b> and <b>max</b>. When no error
869 * occurs, return the parsed value and set *<b>ok</b> (if provided) to
870 * 1. When an error occurs, return 0 and set *<b>ok</b> (if provided)
871 * to 0.
872 */
873 long
876 {
882 }
884 /** As tor_parse_long(), but return an unsigned long. */
885 unsigned long
888 {
894 }
896 /** As tor_parse_long(), but return a double. */
897 double
899 {
905 }
907 /** As tor_parse_long, but return a uint64_t. Only base 10 is guaranteed to
908 * work for now. */
909 uint64_t
912 {
916 #ifdef HAVE_STRTOULL
918 #elif defined(MS_WINDOWS)
919 #if defined(_MSC_VER) && _MSC_VER < 1300
925 #else
927 #endif
928 #elif SIZEOF_LONG == 8
930 #else
932 #endif
935 }
937 /** Encode the <b>srclen</b> bytes at <b>src</b> in a NUL-terminated,
938 * uppercase hexadecimal string; store it in the <b>destlen</b>-byte buffer
939 * <b>dest</b>.
940 */
941 void
943 {
956 }
958 }
960 /** Helper: given a hex digit, return its value, or -1 if it isn't hex. */
963 {
983 }
984 }
986 /** Helper: given a hex digit, return its value, or -1 if it isn't hex. */
987 int
989 {
991 }
993 /** Given a hexadecimal string of <b>srclen</b> bytes in <b>src</b>, decode it
994 * and store the result in the <b>destlen</b>-byte buffer at <b>dest</b>.
995 * Return 0 on success, -1 on failure. */
996 int
998 {
1015 }
1017 }
1019 /** Allocate and return a new string representing the contents of <b>s</b>,
1020 * surrounded by quotes and using standard C escapes.
1021 *
1022 * Generally, we use this for logging values that come in over the network to
1023 * keep them from tricking users, and for sending certain values to the
1024 * controller.
1025 *
1026 * We trust values from the resolver, OS, configuration file, and command line
1027 * to not be maliciously ill-formed. We validate incoming routerdescs and
1028 * SOCKS requests and addresses from BEGIN cells as they're parsed;
1029 * afterwards, we trust them as non-malicious.
1030 */
1033 {
1039 }
1054 else
1057 }
1058 }
1088 }
1090 }
1091 }
1097 }
1099 /** Allocate and return a new string representing the contents of <b>s</b>,
1100 * surrounded by quotes and using standard C escapes.
1101 *
1102 * THIS FUNCTION IS NOT REENTRANT. Don't call it from outside the main
1103 * thread. Also, each call invalidates the last-returned value, so don't
1104 * try log_warn(LD_GENERAL, "%s %s", escaped(a), escaped(b));
1105 */
1108 {
1114 else
1118 }
1120 /** Rudimentary string wrapping code: given a un-wrapped <b>string</b> (no
1121 * newlines!), break the string into newline-terminated lines of no more than
1122 * <b>width</b> characters long (not counting newline) and insert them into
1123 * <b>out</b> in order. Precede the first line with prefix0, and subsequent
1124 * lines with prefixRest.
1125 */
1126 /* This uses a stupid greedy wrapping algorithm right now:
1127 * - For each line:
1128 * - Try to fit as much stuff as possible, but break on a space.
1129 * - If the first "word" of the line will extend beyond the allowable
1130 * width, break the word at the end of the width.
1131 */
1132 void
1135 {
1158 /* eol is now the last space that can fit, or the start of the string. */
1177 }
1180 }
1190 }
1191 }
1193 /* =====
1194 * Time
1195 * ===== */
1197 /**
1198 * Converts struct timeval to a double value.
1199 * Preserves microsecond precision, but just barely.
1200 * Error is approx +/- 0.1 usec when dealing with epoch values.
1201 */
1202 double
1204 {
1208 }
1210 /**
1211 * Converts timeval to milliseconds.
1212 */
1213 int64_t
1215 {
1217 /* Round ghetto-style */
1220 }
1222 /**
1223 * Converts timeval to microseconds.
1224 */
1225 int64_t
1227 {
1231 }
1233 /** Return the number of microseconds elapsed between *start and *end.
1234 */
1235 long
1237 {
1245 }
1249 }
1251 /** Return the number of milliseconds elapsed between *start and *end.
1252 */
1253 long
1255 {
1263 }
1265 /* Subtract and round */
1269 }
1271 /** Yield true iff <b>y</b> is a leap-year. */
1272 #define IS_LEAPYEAR(y) (!(y % 4) && ((y % 100) || !(y % 400)))
1273 /** Helper: Return the number of leap-days between Jan 1, y1 and Jan 1, y2. */
1274 static int
1276 {
1280 }
1281 /** Number of days per month in non-leap year; used by tor_timegm. */
1285 /** Return a time_t given a struct tm. The result is given in GMT, and
1286 * does not account for leap seconds.
1287 */
1288 time_t
1290 {
1291 /* This is a pretty ironclad timegm implementation, snarfed from Python2.2.
1292 * It's way more brute-force than fiddling with tzset().
1293 */
1300 }
1313 }
1315 /* strftime is locale-specific, so we need to replace those parts */
1317 /** A c-locale array of 3-letter names of weekdays, starting with Sun. */
1320 /** A c-locale array of 3-letter names of months, starting with Jan. */
1325 /** Set <b>buf</b> to the RFC1123 encoding of the GMT value of <b>t</b>.
1326 * The buffer must be at least RFC1123_TIME_LEN+1 bytes long.
1327 *
1328 * (RFC1123 format is Fri, 29 Sep 2006 15:54:20 GMT)
1329 */
1330 void
1332 {
1344 }
1346 /** Parse the RFC1123 encoding of some time (in GMT) from <b>buf</b>,
1347 * and store the result in *<b>t</b>.
1348 *
1349 * Return 0 on success, -1 on failure.
1350 */
1351 int
1353 {
1370 }
1376 }
1388 }
1389 }
1395 }
1404 }
1409 }
1411 /** Set <b>buf</b> to the ISO8601 encoding of the local value of <b>t</b>.
1412 * The buffer must be at least ISO_TIME_LEN+1 bytes long.
1413 *
1414 * (ISO8601 format is 2006-10-29 10:57:20)
1415 */
1416 void
1418 {
1421 }
1423 /** Set <b>buf</b> to the ISO8601 encoding of the GMT value of <b>t</b>.
1424 * The buffer must be at least ISO_TIME_LEN+1 bytes long.
1425 */
1426 void
1428 {
1431 }
1433 /** Given an ISO-formatted UTC time value (after the epoch) in <b>cp</b>,
1434 * parse it and store its value in *<b>t</b>. Return 0 on success, -1 on
1435 * failure. Ignore extraneous stuff in <b>cp</b> separated by whitespace from
1436 * the end of the time string. */
1437 int
1439 {
1448 }
1455 }
1468 }
1471 }
1473 /** Given a <b>date</b> in one of the three formats allowed by HTTP (ugh),
1474 * parse it into <b>tm</b>. Return 0 on success, negative on failure. */
1475 int
1477 {
1487 /* First, try RFC1123 or RFC850 format: skip the weekday. */
1493 /* rfc1123-date */
1498 /* rfc850-date */
1501 }
1503 /* No comma; possibly asctime() format. */
1510 }
1511 }
1519 /* Okay, now decode the month. */
1523 }
1524 }
1535 }
1537 /** Given an <b>interval</b> in seconds, try to write it to the
1538 * <b>out_len</b>-byte buffer in <b>out</b> in a human-readable form.
1539 * Return 0 on success, -1 on failure.
1540 */
1541 int
1543 {
1544 /* We only report seconds if there's no hours. */
1552 }
1556 }
1560 }
1572 }
1573 }
1575 /* =====
1576 * Cached time
1577 * ===== */
1579 #ifndef TIME_IS_FAST
1580 /** Cached estimate of the current time. Updated around once per second;
1581 * may be a few seconds off if we are really busy. This is a hack to avoid
1582 * calling time(NULL) (which not everybody has optimized) on critical paths.
1583 */
1586 /** Return a cached estimate of the current time from when
1587 * update_approx_time() was last called. This is a hack to avoid calling
1588 * time(NULL) on critical paths: please do not even think of calling it
1589 * anywhere else. */
1590 time_t
1592 {
1594 }
1596 /** Update the cached estimate of the current time. This function SHOULD be
1597 * called once per second, and MUST be called before the first call to
1598 * get_approx_time. */
1599 void
1601 {
1603 }
1604 #endif
1606 /* =====
1607 * Rate limiting
1608 * ===== */
1610 /** If the rate-limiter <b>lim</b> is ready at <b>now</b>, return the number
1611 * of calls to rate_limit_is_ready (including this one!) since the last time
1612 * rate_limit_is_ready returned nonzero. Otherwise return 0. */
1613 static int
1615 {
1624 }
1625 }
1627 /** If the rate-limiter <b>lim</b> is ready at <b>now</b>, return a newly
1628 * allocated string indicating how many messages were suppressed, suitable to
1629 * append to a log message. Otherwise return NULL. */
1632 {
1643 }
1646 }
1647 }
1649 /* =====
1650 * File helpers
1651 * ===== */
1653 /** Write <b>count</b> bytes from <b>buf</b> to <b>fd</b>. <b>isSocket</b>
1654 * must be 1 if fd was returned by socket() or accept(), and 0 if fd
1655 * was returned by open(). Return the number of bytes written, or -1
1656 * on error. Only use if fd is a blocking fd. */
1657 ssize_t
1659 {
1661 ssize_t result;
1667 else
1672 }
1674 }
1676 /** Read from <b>fd</b> to <b>buf</b>, until we get <b>count</b> bytes
1677 * or reach the end of the file. <b>isSocket</b> must be 1 if fd
1678 * was returned by socket() or accept(), and 0 if fd was returned by
1679 * open(). Return the number of bytes read, or -1 on error. Only use
1680 * if fd is a blocking fd. */
1681 ssize_t
1683 {
1685 ssize_t result;
1693 else
1700 }
1702 }
1704 /*
1705 * Filesystem operations.
1706 */
1708 /** Clean up <b>name</b> so that we can use it in a call to "stat". On Unix,
1709 * we do nothing. On Windows, we remove a trailing slash, unless the path is
1710 * the root of a disk. */
1711 static void
1713 {
1714 #ifdef MS_WINDOWS
1722 }
1723 #else
1725 #endif
1726 }
1728 /** Return FN_ERROR if filename can't be read, FN_NOENT if it doesn't
1729 * exist, FN_FILE if it is a regular file, or FN_DIR if it's a
1730 * directory. On FN_ERROR, sets errno. */
1731 file_status_t
1733 {
1744 }
1746 }
1751 else
1753 }
1755 /** Check whether <b>dirname</b> exists and is private. If yes return 0. If
1756 * it does not exist, and <b>check</b>&CPD_CREATE is set, try to create it
1757 * and return 0 on success. If it does not exist, and
1758 * <b>check</b>&CPD_CHECK, and we think we can create it, return 0. Else
1759 * return -1. If CPD_GROUP_OK is set, then it's okay if the directory
1760 * is group-readable, but in all cases we create the directory mode 0700.
1761 * If CPD_CHECK_MODE_ONLY is set, then we don't alter the directory permissions
1762 * if they are too permissive: we just return -1.
1763 * When effective_user is not NULL, check permissions against the given user
1764 * and its primary group.
1765 */
1766 int
1769 {
1773 #ifndef MS_WINDOWS
1776 uid_t running_uid;
1777 gid_t running_gid;
1778 #else
1780 #endif
1792 }
1795 #if defined (MS_WINDOWS) && !defined (WINCE)
1797 #else
1799 #endif
1804 }
1808 }
1809 /* XXXX In the case where check==CPD_CHECK, we should look at the
1810 * parent directory a little harder. */
1812 }
1816 }
1817 #ifndef MS_WINDOWS
1819 /* Look up the user and group information.
1820 * If we have a problem, bail out. */
1824 effective_user);
1826 }
1832 }
1850 }
1865 }
1870 }
1875 dirname);
1877 }
1888 }
1889 }
1890 #endif
1892 }
1894 /** Create a file named <b>fname</b> with the contents <b>str</b>. Overwrite
1895 * the previous <b>fname</b> if possible. Return 0 on success, -1 on failure.
1896 *
1897 * This function replaces the old file atomically, if possible. This
1898 * function, and all other functions in util.c that create files, create them
1899 * with mode 0600.
1900 */
1901 int
1903 {
1904 #ifdef MS_WINDOWS
1908 }
1909 #endif
1911 }
1913 /** Represents a file that we're writing to, with support for atomic commit:
1914 * we can write into a temporary file, and either remove the file on
1915 * failure, or replace the original file on success. */
1923 };
1925 /** Try to start writing to the file in <b>fname</b>, passing the flags
1926 * <b>open_flags</b> to the open() syscall, creating the file (if needed) with
1927 * access value <b>mode</b>. If the O_APPEND flag is set, we append to the
1928 * original file. Otherwise, we open a new temporary file in the same
1929 * directory, and either replace the original or remove the temporary file
1930 * when we're done.
1931 *
1932 * Return the fd for the newly opened file, and store working data in
1933 * *<b>data_out</b>. The caller should not close the fd manually:
1934 * instead, call finish_writing_to_file() or abort_writing_to_file().
1935 * Returns -1 on failure.
1936 *
1937 * NOTE: When not appending, the flags O_CREAT and O_TRUNC are treated
1938 * as true and the flag O_EXCL is treated as false.
1939 *
1940 * NOTE: Ordinarily, O_APPEND means "seek to the end of the file before each
1941 * write()". We don't do that.
1942 */
1943 int
1946 {
1954 #if (O_BINARY != 0 && O_TEXT != 0)
1956 #endif
1970 }
1971 /* We always replace an existing temporary file if there is one. */
1975 }
1984 }
1990 }
1991 }
1997 err:
2005 }
2007 /** Given <b>file_data</b> from start_writing_to_file(), return a stdio FILE*
2008 * that can be used to write to the same file. The caller should not mix
2009 * stdio calls with non-stdio calls. */
2012 {
2021 }
2023 }
2025 /** Combines start_writing_to_file with fdopen_file(): arguments are as
2026 * for start_writing_to_file, but */
2030 {
2037 }
2039 }
2041 /** Helper function: close and free the underlying file and memory in
2042 * <b>file_data</b>. If we were writing into a temporary file, then delete
2043 * that file (if abort_write is true) or replaces the target file with
2044 * the temporary file (if abort_write is false). */
2045 static int
2047 {
2055 }
2060 }
2072 }
2073 }
2074 }
2081 }
2083 /** Finish writing to <b>file_data</b>: close the file handle, free memory as
2084 * needed, and if using a temporary file, replace the original file with
2085 * the temporary file. */
2086 int
2088 {
2090 }
2092 /** Finish writing to <b>file_data</b>: close the file handle, free memory as
2093 * needed, and if using a temporary file, delete it. */
2094 int
2096 {
2098 }
2100 /** Helper: given a set of flags as passed to open(2), open the file
2101 * <b>fname</b> and write all the sized_chunk_t structs in <b>chunks</b> to
2102 * the file. Do so as atomically as possible e.g. by opening temp files and
2103 * renaming. */
2104 static int
2107 {
2110 ssize_t result;
2115 {
2121 }
2123 });
2126 err:
2129 }
2131 /** Given a smartlist of sized_chunk_t, write them atomically to a file
2132 * <b>fname</b>, overwriting or creating the file as necessary. */
2133 int
2135 {
2138 }
2140 /** Write <b>len</b> bytes, starting at <b>str</b>, to <b>fname</b>
2141 using the open() flags passed in <b>flags</b>. */
2142 static int
2145 {
2153 }
2155 /** As write_str_to_file, but does not assume a NUL-terminated
2156 * string. Instead, we write <b>len</b> bytes, starting at <b>str</b>. */
2157 int
2160 {
2163 }
2165 /** As write_bytes_to_file, but if the file already exists, append the bytes
2166 * to the end of the file instead of overwriting it. */
2167 int
2170 {
2173 }
2175 /** Like write_str_to_file(), but also return -1 if there was a file
2176 already residing in <b>fname</b>. */
2177 int
2180 {
2182 OPEN_FLAGS_DONT_REPLACE|
2184 }
2186 /** Read the contents of <b>filename</b> into a newly allocated
2187 * string; return the string on success or NULL on failure.
2188 *
2189 * If <b>stat_out</b> is provided, store the result of stat()ing the
2190 * file into <b>stat_out</b>.
2191 *
2192 * If <b>flags</b> & RFTS_BIN, open the file in binary mode.
2193 * If <b>flags</b> & RFTS_IGNORE_MISSING, don't warn if the file
2194 * doesn't exist.
2195 */
2196 /*
2197 * This function <em>may</em> return an erroneous result if the file
2198 * is modified while it is running, but must not crash or overflow.
2199 * Right now, the error case occurs when the file length grows between
2200 * the call to stat and the call to read_all: the resulting string will
2201 * be truncated.
2202 */
2205 {
2209 ssize_t r;
2224 }
2232 }
2248 }
2251 #ifdef MS_WINDOWS
2255 filename);
2258 }
2262 #endif
2264 /* Unless we're using text mode on win32, we'd better have an exact
2265 * match for size. */
2273 }
2277 }
2280 }
2284 /** Given a c-style double-quoted escaped string in <b>s</b>, extract and
2285 * decode its contents into a newly allocated string. On success, assign this
2286 * string to *<b>result</b>, assign its length to <b>size_out</b> (if
2287 * provided), and return a pointer to the position in <b>s</b> immediately
2288 * after the string. On failure, return NULL.
2289 */
2292 {
2317 }
2322 }
2323 }
2324 end_of_loop:
2329 {
2340 {
2351 {
2358 }
2369 }
2373 }
2374 }
2375 }
2377 /** Given a string containing part of a configuration file or similar format,
2378 * advance past comments and whitespace and try to parse a single line. If we
2379 * parse a line successfully, set *<b>key_out</b> to a new string holding the
2380 * key portion and *<b>value_out</b> to a new string holding the value portion
2381 * of the line, and return a pointer to the start of the next line. If we run
2382 * out of data, return a pointer to the end of the string. If we encounter an
2383 * error, return NULL.
2384 */
2387 {
2388 /* I believe the file format here is supposed to be:
2389 FILE = (EMPTYLINE | LINE)* (EMPTYLASTLINE | LASTLINE)?
2391 EMPTYLASTLINE = SPACE* | COMMENT
2392 EMPTYLINE = EMPTYLASTLINE NL
2393 SPACE = ' ' | '\r' | '\t'
2394 COMMENT = '#' NOT-NL*
2395 NOT-NL = Any character except '\n'
2396 NL = '\n'
2398 LASTLINE = SPACE* KEY SPACE* VALUES
2399 LINE = LASTLINE NL
2400 KEY = KEYCHAR+
2401 KEYCHAR = Any character except ' ', '\r', '\n', '\t', '#', "\"
2403 VALUES = QUOTEDVALUE | NORMALVALUE
2404 QUOTEDVALUE = QUOTE QVITEM* QUOTE EOLSPACE?
2405 QUOTE = '"'
2406 QVCHAR = KEYCHAR | ESC ('n' | 't' | 'r' | '"' | ESC |'\'' | OCTAL | HEX)
2407 ESC = "\\"
2408 OCTAL = ODIGIT (ODIGIT ODIGIT?)?
2409 HEX = ('x' | 'X') HEXDIGIT HEXDIGIT
2410 ODIGIT = '0' .. '7'
2411 HEXDIGIT = '0'..'9' | 'a' .. 'f' | 'A' .. 'F'
2412 EOLSPACE = SPACE* COMMENT?
2414 NORMALVALUE = (VALCHAR | ESC ESC_IGNORE | CONTINUATION)* EOLSPACE?
2415 VALCHAR = Any character except ESC, '#', and '\n'
2416 ESC_IGNORE = Any character except '#' or '\n'
2417 CONTINUATION = ESC NL ( COMMENT NL )*
2418 */
2428 /* Skip until the first keyword. */
2437 }
2438 }
2443 }
2445 /* Skip until the next space or \ followed by newline. */
2452 /* Skip until the value. */
2458 /* Find the end of the line. */
2467 /* Look for the end of the line. */
2480 }
2481 }
2487 }
2488 /* Now back cp up to be the last nonspace character */
2494 /* Now copy out and decode the value. */
2510 }
2511 }
2513 }
2514 }
2520 }
2524 }
2526 /** Expand any homedir prefix on <b>filename</b>; return a newly allocated
2527 * string. */
2530 {
2532 #ifdef MS_WINDOWS
2534 #else
2547 }
2550 #ifdef HAVE_PWD_H
2555 else
2561 }
2564 #else
2567 #endif
2568 }
2570 /* Remove trailing slash. */
2573 }
2579 }
2580 #endif
2581 }
2583 #define MAX_SCANF_WIDTH 9999
2585 /** Helper: given an ASCII-encoded decimal digit, return its numeric value.
2586 * NOTE: requires that its input be in-bounds. */
2587 static int
2589 {
2593 }
2595 /** Helper: Read an unsigned int from *<b>bufp</b> of up to <b>width</b>
2596 * characters. (Handle arbitrary width if <b>width</b> is less than 0.) On
2597 * success, store the result in <b>out</b>, advance bufp to the next
2598 * character, and return 0. On failure, return -1. */
2599 static int
2601 {
2619 }
2626 }
2628 /** Helper: copy up to <b>width</b> non-space characters from <b>bufp</b> to
2629 * <b>out</b>. Make sure <b>out</b> is nul-terminated. Advance <b>bufp</b>
2630 * to the next non-space character or the EOS. */
2631 static int
2633 {
2640 }
2643 }
2645 /** Locale-independent, minimal, no-surprises scanf variant, accepting only a
2646 * restricted pattern format. For more info on what it supports, see
2647 * tor_sscanf() documentation. */
2648 int
2650 {
2661 }
2672 }
2675 }
2709 }
2710 }
2711 }
2714 }
2716 /** Minimal sscanf replacement: parse <b>buf</b> according to <b>pattern</b>
2717 * and store the results in the corresponding argument fields. Differs from
2718 * sscanf in that it: Only handles %u and %x and %Ns. Does not handle
2719 * arbitrarily long widths. %u and %x do not consume any space. Is
2720 * locale-independent. Returns -1 on malformed patterns.
2721 *
2722 * (As with other locale-independent functions, we need this to parse data that
2723 * is in ASCII without worrying that the C library's locale-handling will make
2724 * miscellaneous characters look like numbers, spaces, and so on.)
2725 */
2726 int
2728 {
2735 }
2737 /** Append the string produced by tor_asprintf(<b>pattern</b>, <b>...</b>)
2738 * to <b>sl</b>. */
2739 void
2741 {
2746 }
2748 /** va_list-based backend of smartlist_asprintf_add. */
2749 void
2752 {
2759 }
2761 /** Return a new list containing the filenames in the directory <b>dirname</b>.
2762 * Return NULL on error or if <b>dirname</b> is not a directory.
2763 */
2764 smartlist_t *
2766 {
2768 #ifdef MS_WINDOWS
2772 HANDLE handle;
2773 WIN32_FIND_DATA findData;
2777 #ifdef UNICODE
2779 #else
2781 #endif
2785 }
2788 #ifdef UNICODE
2790 #else
2792 #endif
2796 }
2798 DWORD err;
2803 }
2805 }
2806 }
2809 #else
2821 }
2823 #endif
2825 }
2827 /** Return true iff <b>filename</b> is a relative path. */
2828 int
2830 {
2833 #ifdef MS_WINDOWS
2839 #endif
2840 else
2842 }
2844 /* =====
2845 * Process helpers
2846 * ===== */
2848 #ifndef MS_WINDOWS
2849 /* Based on code contributed by christian grothoff */
2850 /** True iff we've called start_daemon(). */
2852 /** True iff we've called finish_daemon(). */
2854 /** Socketpair used to communicate between parent and child process while
2855 * daemonizing. */
2857 /** Start putting the process into daemon mode: fork and drop all resources
2858 * except standard fds. The parent process never returns, but stays around
2859 * until finish_daemon is called. (Note: it's safe to call this more
2860 * than once: calls after the first are ignored.)
2861 */
2862 void
2864 {
2865 pid_t pid;
2874 }
2879 }
2889 }
2893 else
2899 /*
2900 * Fork one more time, so the parent (the session group leader) can exit.
2901 * This means that we, as a non-session group leader, can never regain a
2902 * controlling terminal. This part is recommended by Stevens's
2903 * _Advanced Programming in the Unix Environment_.
2904 */
2907 }
2911 }
2912 }
2914 /** Finish putting the process into daemon mode: drop standard fds, and tell
2915 * the parent process to exit. (Note: it's safe to call this more than once:
2916 * calls after the first are ignored. Calls start_daemon first if it hasn't
2917 * been called already.)
2918 */
2919 void
2921 {
2932 /* Don't hold the wrong FS mounted */
2936 }
2942 }
2943 /* close fds linking to invoking terminal, but
2944 * close usual incoming fds, but redirect them somewhere
2945 * useful so the fds don't get reallocated elsewhere.
2946 */
2952 }
2955 /* signal success */
2958 }
2960 }
2961 #else
2962 /* defined(MS_WINDOWS) */
2963 void
2965 {
2966 }
2967 void
2969 {
2971 }
2972 #endif
2974 /** Write the current process ID, followed by NL, into <b>filename</b>.
2975 */
2976 void
2978 {
2985 #ifdef MS_WINDOWS
2987 #else
2989 #endif
2991 }
2992 }
2994 #ifdef MS_WINDOWS
2995 HANDLE
2997 {
3006 }
3007 #endif
3009 /** Format a single argument for being put on a Windows command line.
3010 * Returns a newly allocated string */
3013 {
3019 /* Backslash we can point to when one is inserted into the string */
3022 /* Smartlist of *char */
3026 /* Quote string if it contains whitespace or is empty */
3029 /* Build up smartlist of *chars */
3032 /* Double up backslashes preceding a quote */
3036 /* Escape the quote */
3040 /* Count backslashes until we know whether to double up */
3041 bs_counter++;
3043 /* Don't double up slashes preceding a non-quote */
3048 }
3049 }
3050 /* Don't double up trailing backslashes */
3054 /* Allocate space for argument, quotes (if needed), and terminator */
3058 /* Add leading quote */
3063 /* Add characters */
3065 {
3067 });
3069 /* Add trailing quote */
3076 }
3078 /** Format a command line for use on Windows, which takes the command as a
3079 * string rather than string array. Follows the rules from "Parsing C++
3080 * Command-Line Arguments" in MSDN. Algorithm based on list2cmdline in the
3081 * Python subprocess module. Returns a newly allocated string */
3084 {
3089 /* Format each argument and put the result in a smartlist */
3093 }
3095 /* Join the arguments with whitespace */
3098 /* Free the newly allocated arguments, and the smartlist */
3100 {
3102 });
3106 }
3108 /** Format <b>child_state</b> and <b>saved_errno</b> as a hex string placed in
3109 * <b>hex_errno</b>. Called between fork and _exit, so must be signal-handler
3110 * safe.
3111 *
3112 * <b>hex_errno</b> must have at least HEX_ERRNO_SIZE bytes available.
3113 *
3114 * The format of <b>hex_errno</b> is: "CHILD_STATE/ERRNO\n", left-padded
3115 * with spaces. Note that there is no trailing \0. CHILD_STATE indicates where
3116 * in the processs of starting the child process did the failure occur (see
3117 * CHILD_STATE_* macros for definition), and SAVED_ERRNO is the value of
3118 * errno when the failure occurred.
3119 */
3121 void
3124 {
3129 /* Fill hex_errno with spaces, and a trailing newline (memset may
3130 not be signal handler safe, so we can't use it) */
3135 /* Convert errno to be unsigned for hex conversion */
3140 }
3142 /* Convert errno to hex (start before \n) */
3145 /* Check for overflow on first iteration of the loop */
3154 /* Prepend the minus sign if errno was negative */
3158 /* Leave a gap */
3162 /* Check for overflow on first iteration of the loop */
3166 /* Convert child_state to hex */
3171 }
3173 /* Maximum number of file descriptors, if we cannot get it via sysconf() */
3174 #define DEFAULT_MAX_FD 256
3176 /** Terminate the process of <b>process_handle</b>.
3177 * Code borrowed from Python's os.kill. */
3178 int
3180 {
3181 #ifdef MS_WINDOWS
3183 HANDLE handle;
3184 /* If the signal is outside of what GenerateConsoleCtrlEvent can use,
3185 attempt to open and terminate the process. */
3193 else
3195 }
3198 #endif
3201 }
3203 /** Return the Process ID of <b>process_handle</b>. */
3204 int
3206 {
3207 #ifdef MS_WINDOWS
3209 #else
3211 #endif
3212 }
3214 #ifdef MS_WINDOWS
3215 HANDLE
3217 {
3219 }
3220 #else
3223 {
3225 }
3226 #endif
3230 {
3233 #ifndef MS_WINDOWS
3236 #endif
3239 }
3241 /*DOCDOC*/
3242 #define CHILD_STATE_INIT 0
3243 #define CHILD_STATE_PIPE 1
3244 #define CHILD_STATE_MAXFD 2
3245 #define CHILD_STATE_FORK 3
3246 #define CHILD_STATE_DUPOUT 4
3247 #define CHILD_STATE_DUPERR 5
3248 #define CHILD_STATE_REDIRECT 6
3249 #define CHILD_STATE_CLOSEFD 7
3250 #define CHILD_STATE_EXEC 8
3251 #define CHILD_STATE_FAILEXEC 9
3253 /** Start a program in the background. If <b>filename</b> contains a '/', then
3254 * it will be treated as an absolute or relative path. Otherwise, on
3255 * non-Windows systems, the system path will be searched for <b>filename</b>.
3256 * On Windows, only the current directory will be searched. Here, to search the
3257 * system path (as well as the application directory, current working
3258 * directory, and system directories), set filename to NULL.
3259 *
3260 * The strings in <b>argv</b> will be passed as the command line arguments of
3261 * the child program (following convention, argv[0] should normally be the
3262 * filename of the executable, and this must be the case if <b>filename</b> is
3263 * NULL). The last element of argv must be NULL. A handle to the child process
3264 * will be returned in process_handle (which must be non-NULL). Read
3265 * process_handle.status to find out if the process was successfully launched.
3266 * For convenience, process_handle.status is returned by this function.
3267 *
3268 * Some parts of this code are based on the POSIX subprocess module from
3269 * Python, and example code from
3270 * http://msdn.microsoft.com/en-us/library/ms682499%28v=vs.85%29.aspx.
3271 */
3272 int
3274 #ifdef MS_WINDOWS
3275 LPVOID envp,
3276 #else
3278 #endif
3280 {
3281 #ifdef MS_WINDOWS
3289 STARTUPINFO siStartInfo;
3292 SECURITY_ATTRIBUTES saAttr;
3299 /* TODO: should we set explicit security attributes? (#2046, comment 5) */
3302 /* Assume failure to start process */
3305 /* Set up pipe for stdout */
3311 }
3314 "Failed to configure pipe for stdout communication with child "
3317 }
3319 /* Set up pipe for stderr */
3325 }
3328 "Failed to configure pipe for stderr communication with child "
3331 }
3333 /* Create the child process */
3335 /* Windows expects argv to be a whitespace delimited string, so join argv up
3336 */
3350 /* Create the child process */
3354 /* TODO: should we set explicit security attributes? (#2046, comment 5) */
3358 /*(TODO: set CREATE_NEW CONSOLE/PROCESS_GROUP to make GetExitCodeProcess()
3359 * work?) */
3374 /* TODO: Close hProcess and hThread in process_handle->pid? */
3378 }
3380 /* TODO: Close pipes on exit */
3384 pid_t pid;
3388 ssize_t nbytes;
3395 /* Represents where in the process of spawning the program is;
3396 this is used for printing out the error message */
3405 /* We do the strlen here because strlen() is not signal handler safe,
3406 and we are not allowed to use unsafe functions between fork and exec */
3411 /* Set up pipe for redirecting stdout and stderr of child */
3418 }
3426 }
3430 #ifdef _SC_OPEN_MAX
3437 }
3438 #else
3440 #endif
3446 /* In child */
3450 /* Link child stdout to the write end of the pipe */
3457 /* Link child stderr to the write end of the pipe */
3464 /* Link stdin to /dev/null */
3468 else
3479 /* Close all other fds, including the read end of the pipe */
3480 /* XXX: We should now be doing enough FD_CLOEXEC setting to make
3481 * this needless. */
3484 }
3488 /* Call the requested program. We need the cast because
3489 execvp doesn't define argv as const, even though it
3490 does not modify the arguments */
3493 else
3496 /* If we got here, the exec or open(/dev/null) failed */
3500 error:
3501 /* XXX: are we leaking fds from the pipe? */
3505 /* Write the error message. GCC requires that we check the return
3506 value, but there is nothing we can do if it fails */
3507 /* TODO: Don't use STDOUT, use a pipe set up just for this purpose */
3514 /* Never reached, but avoids compiler warning */
3516 }
3518 /* In parent */
3527 }
3533 /* TODO: If the child process forked but failed to exec, waitpid it */
3535 /* Return read end of the pipes to caller, and close write end */
3543 }
3552 }
3555 /* Set stdout/stderr pipes to be non-blocking */
3558 /* Open the buffered IO streams */
3565 }
3567 /** Destroy all resources allocated by the process handle in
3568 * <b>process_handle</b>.
3569 * If <b>also_terminate_process</b> is true, also terminate the
3570 * process of the process handle. */
3571 void
3574 {
3585 }
3586 }
3590 #ifdef MS_WINDOWS
3596 #else
3602 #endif
3606 }
3608 /** Get the exit code of a process specified by <b>process_handle</b> and store
3609 * it in <b>exit_code</b>, if set to a non-NULL value. If <b>block</b> is set
3610 * to true, the call will block until the process has exited. Otherwise if
3611 * the process is still running, the function will return
3612 * PROCESS_EXIT_RUNNING, and exit_code will be left unchanged. Returns
3613 * PROCESS_EXIT_EXITED if the process did exit. If there is a failure,
3614 * PROCESS_EXIT_ERROR will be returned and the contents of exit_code (if
3615 * non-NULL) will be undefined. N.B. Under *nix operating systems, this will
3616 * probably not work in Tor, because waitpid() is called in main.c to reap any
3617 * terminated child processes.*/
3618 int
3621 {
3622 #ifdef MS_WINDOWS
3623 DWORD retval;
3624 BOOL success;
3627 /* Wait for the process to exit */
3633 }
3637 /* Process has not exited */
3643 }
3644 }
3653 }
3654 }
3655 #else
3661 /* Process has not exited */
3667 }
3673 }
3680 }
3682 #ifdef MS_WINDOWS
3683 /** Read from a handle <b>h</b> into <b>buf</b>, up to <b>count</b> bytes. If
3684 * <b>hProcess</b> is NULL, the function will return immediately if there is
3685 * nothing more to read. Otherwise <b>hProcess</b> should be set to the handle
3686 * to the process owning the <b>h</b>. In this case, the function will exit
3687 * only once the process has exited, or <b>count</b> bytes are read. Returns
3688 * the number of bytes read, or -1 on error. */
3689 ssize_t
3692 {
3694 BOOL retval;
3695 DWORD byte_count;
3702 /* Check if there is anything to read */
3710 /* Nothing available: process exited or it is busy */
3712 /* Exit if we don't know whether the process is running */
3716 /* The process exited and there's nothing left to read from it */
3720 /* If process is not running, check for output one more time in case
3721 it wrote something after the peek was performed. Otherwise keep on
3722 waiting for output */
3729 }
3731 /* There is data to read; read it */
3739 /* End of file */
3741 }
3743 }
3745 }
3746 #else
3747 /** Read from a handle <b>h</b> into <b>buf</b>, up to <b>count</b> bytes. If
3748 * <b>process</b> is NULL, the function will return immediately if there is
3749 * nothing more to read. Otherwise data will be read until end of file, or
3750 * <b>count</b> bytes are read. Returns the number of bytes read, or -1 on
3751 * error. Sets <b>eof</b> to true if <b>eof</b> is not NULL and the end of the
3752 * file has been reached. */
3753 ssize_t
3757 {
3768 /* Use fgets because that is what we use in log_from_pipe() */
3780 else
3786 }
3787 }
3788 }
3792 }
3796 }
3797 #endif
3799 /** Read from stdout of a process until the process exits. */
3800 ssize_t
3803 {
3804 #ifdef MS_WINDOWS
3806 process_handle);
3807 #else
3810 #endif
3811 }
3813 /** Read from stdout of a process until the process exits. */
3814 ssize_t
3817 {
3818 #ifdef MS_WINDOWS
3820 process_handle);
3821 #else
3824 #endif
3825 }
3827 /** Split buf into lines, and add to smartlist. The buffer <b>buf</b> will be
3828 * modified. The resulting smartlist will consist of pointers to buf, so there
3829 * is no need to free the contents of sl. <b>buf</b> must be a NUL-terminated
3830 * string. <b>len</b> should be set to the length of the buffer excluding the
3831 * NUL. Non-printable characters (including NUL) will be replaced with "." */
3832 int
3834 {
3835 /* Index in buf of the start of the current line */
3837 /* Index in buf of the current character being processed */
3839 /* Are we currently in a line */
3842 /* Loop over string */
3844 /* Loop until end of line or end of string */
3848 /* End of line */
3850 /* Point cur to the next line */
3851 cur++;
3852 /* Line starts at start and ends with a nul */
3857 }
3860 /* Skip leading vertical space */
3861 ;
3867 }
3868 }
3869 }
3870 /* We are at the end of the line or end of string. If in_line is true there
3871 * is a line which starts at buf+start and ends at a NUL. cur points to
3872 * the character after the NUL. */
3876 }
3878 }
3880 #ifdef MS_WINDOWS
3881 /** Read from stream, and send lines to log at the specified log level.
3882 * Returns -1 if there is a error reading, and 0 otherwise.
3883 * If the generated stream is flushed more often than on new lines, or
3884 * a read exceeds 256 bytes, lines will be truncated. This should be fixed,
3885 * along with the corresponding problem on *nix (see bug #2045).
3886 */
3887 static int
3889 {
3896 /* Error */
3899 }
3902 /* There's nothing to read (process is busy or has exited) */
3905 }
3907 /* End with a null even if there isn't a \r\n at the end */
3908 /* TODO: What if this is a partial line? */
3912 /* Split up the buffer */
3916 /* Log each line */
3918 {
3920 });
3924 }
3926 #else
3928 /** Read from stream, and send lines to log at the specified log level.
3929 * Returns 1 if stream is closed normally, -1 if there is a error reading, and
3930 * 0 otherwise. Handles lines from tor-fw-helper and
3931 * tor_spawn_background() specially.
3932 */
3933 static int
3936 {
3949 }
3953 /* Check if buf starts with SPAWN_ERROR_MESSAGE */
3955 /* Parse error message */
3966 /* Failed to parse message from child process, log it as a
3967 warning */
3971 }
3974 }
3975 }
3977 /* We should never get here */
3979 }
3980 #endif
3982 /** Reads from <b>stream</b> and stores input in <b>buf_out</b> making
3983 * sure it's below <b>count</b> bytes.
3984 * If the string has a trailing newline, we strip it off.
3985 *
3986 * This function is specifically created to handle input from managed
3987 * proxies, according to the pluggable transports spec. Make sure it
3988 * fits your needs before using it.
3989 *
3990 * Returns:
3991 * IO_STREAM_CLOSED: If the stream is closed.
3992 * IO_STREAM_EAGAIN: If there is nothing to read and we should check back
3993 * later.
3994 * IO_STREAM_TERM: If something is wrong with the stream.
3995 * IO_STREAM_OKAY: If everything went okay and we got a string
3996 * in <b>buf_out</b>. */
3997 enum stream_status
3999 {
4009 /* Program has closed stream (probably it exited) */
4010 /* TODO: check error */
4014 /* Nothing more to read, try again next time */
4017 /* There was a problem, abandon this child process */
4019 }
4020 }
4026 /* Remove the trailing newline */
4029 /* No newline; check whether we overflowed the buffer */
4033 /* TODO: What to do with this error? */
4034 }
4037 }
4039 /* We should never get here */
4041 }
4043 void
4046 {
4047 /* When fw-helper succeeds, how long do we wait until running it again */
4048 #define TIME_TO_EXEC_FWHELPER_SUCCESS 300
4049 /* When fw-helper failed to start, how long do we wait until running it again
4050 */
4051 #define TIME_TO_EXEC_FWHELPER_FAIL 60
4053 /* Static variables are initialized to zero, so child_handle.status=0
4054 * which corresponds to it not running on startup */
4064 /* Set up command line for tor-fw-helper */
4068 /* TODO: Allow different internal and external ports */
4080 /* Start the child, if it is not already running */
4085 /* Assume tor-fw-helper will succeed, start it later*/
4091 }
4093 #ifdef MS_WINDOWS
4094 /* Passing NULL as lpApplicationName makes Windows search for the .exe */
4096 #else
4098 #endif
4102 filename);
4105 }
4110 }
4112 /* If child is running, read from its stdout and stderr) */
4114 /* Read from stdout/stderr and log result */
4116 #ifdef MS_WINDOWS
4119 /* If we got this far (on Windows), the process started */
4121 #else
4126 #endif
4128 /* There was a problem in the child process */
4130 }
4132 /* Combine the two statuses in order of severity */
4134 /* There was a failure */
4136 #ifdef MS_WINDOWS
4138 PROCESS_EXIT_RUNNING) {
4139 /* process has exited or there was an error */
4140 /* TODO: Do something with the process return value */
4141 /* TODO: What if the process output something since
4142 * between log_from_handle and tor_get_exit_code? */
4144 }
4145 #else
4147 /* stdout or stderr was closed, the process probably
4148 * exited. It will be reaped by waitpid() in main.c */
4149 /* TODO: Do something with the process return value */
4151 #endif
4152 else
4153 /* Both are fine */
4156 /* If either pipe indicates a failure, act on it */
4164 }
4166 /* TODO: The child might not actually be finished (maybe it failed or
4167 closed stdout/stderr), so maybe we shouldn't start another? */
4168 }
4169 }
4170 }