1 /* provide a replacement openat function
2 Copyright (C) 2004-2023 Free Software Foundation, Inc.
3
4 This program is free software: you can redistribute it and/or modify
5 it under the terms of the GNU General Public License as published by
6 the Free Software Foundation, either version 3 of the License, or
7 (at your option) any later version.
8
9 This program is distributed in the hope that it will be useful,
10 but WITHOUT ANY WARRANTY; without even the implied warranty of
11 MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
12 GNU General Public License for more details.
13
14 You should have received a copy of the GNU General Public License
15 along with this program. If not, see <https://www.gnu.org/licenses/>. */
16
17 /* written by Jim Meyering */
18
19 /* If the user's config.h happens to include <fcntl.h>, let it include only
20 the system's <fcntl.h> here, so that orig_openat doesn't recurse to
21 rpl_openat. */
22 #define __need_system_fcntl_h
23 #include <config.h>
24
25 /* Get the original definition of open. It might be defined as a macro. */
26 #include <fcntl.h>
27 #include <sys/types.h>
28 #undef __need_system_fcntl_h
29
30 #if HAVE_OPENAT
31 static int
32 orig_openat (int fd, char const *filename, int flags, mode_t mode)
33 {
34 return openat (fd, filename, flags, mode);
35 }
36 #endif
37
38 /* Write "fcntl.h" here, not <fcntl.h>, otherwise OSF/1 5.1 DTK cc eliminates
39 this include because of the preliminary #include <fcntl.h> above. */
40 #include "fcntl.h"
41
42 #include "openat.h"
43
44 #include "cloexec.h"
45
46 #include <stdarg.h>
47 #include <stddef.h>
48 #include <stdlib.h>
49 #include <string.h>
50 #include <sys/stat.h>
51 #include <errno.h>
52
53 #if HAVE_OPENAT
54
55 /* Like openat, but support O_CLOEXEC and work around Solaris 9 bugs
56 with trailing slash. */
57 int
58 rpl_openat (int dfd, char const *filename, int flags, ...)
59 {
60 /* 0 = unknown, 1 = yes, -1 = no. */
61 #if GNULIB_defined_O_CLOEXEC
62 int have_cloexec = -1;
63 #else
64 static int have_cloexec;
65 #endif
66
67 mode_t mode;
68 int fd;
69
70 mode = 0;
71 if (flags & O_CREAT)
72 {
73 va_list arg;
74 va_start (arg, flags);
75
76 /* We have to use PROMOTED_MODE_T instead of mode_t, otherwise GCC 4
77 creates crashing code when 'mode_t' is smaller than 'int'. */
78 mode = va_arg (arg, PROMOTED_MODE_T);
79
80 va_end (arg);
81 }
82
83 # if OPEN_TRAILING_SLASH_BUG
84 /* Fail if one of O_CREAT, O_WRONLY, O_RDWR is specified and the filename
85 ends in a slash, as POSIX says such a filename must name a directory
86 <https://pubs.opengroup.org/onlinepubs/9699919799/basedefs/V1_chap04.html#tag_04_13>:
87 "A pathname that contains at least one non-<slash> character and that
88 ends with one or more trailing <slash> characters shall not be resolved
89 successfully unless the last pathname component before the trailing
90 <slash> characters names an existing directory"
91 If the named file already exists as a directory, then
92 - if O_CREAT is specified, open() must fail because of the semantics
93 of O_CREAT,
94 - if O_WRONLY or O_RDWR is specified, open() must fail because POSIX
95 <https://pubs.opengroup.org/onlinepubs/9699919799/functions/openat.html>
96 says that it fails with errno = EISDIR in this case.
97 If the named file does not exist or does not name a directory, then
98 - if O_CREAT is specified, open() must fail since open() cannot create
99 directories,
100 - if O_WRONLY or O_RDWR is specified, open() must fail because the
101 file does not contain a '.' directory. */
102 if ((flags & O_CREAT)
103 || (flags & O_ACCMODE) == O_RDWR
104 || (flags & O_ACCMODE) == O_WRONLY)
105 {
106 size_t len = strlen (filename);
107 if (len > 0 && filename[len - 1] == '/')
108 {
109 errno = EISDIR;
110 return -1;
111 }
112 }
113 # endif
114
115 fd = orig_openat (dfd, filename,
116 flags & ~(have_cloexec < 0 ? O_CLOEXEC : 0), mode);
117
118 if (flags & O_CLOEXEC)
119 {
120 if (! have_cloexec)
121 {
122 if (0 <= fd)
123 have_cloexec = 1;
124 else if (errno == EINVAL)
125 {
126 fd = orig_openat (dfd, filename, flags & ~O_CLOEXEC, mode);
127 have_cloexec = -1;
128 }
129 }
130 if (have_cloexec < 0 && 0 <= fd)
131 set_cloexec_flag (fd, true);
132 }
133
134
135 # if OPEN_TRAILING_SLASH_BUG
136 /* If the filename ends in a slash and fd does not refer to a directory,
137 then fail.
138 Rationale: POSIX says such a filename must name a directory
139 <https://pubs.opengroup.org/onlinepubs/9699919799/basedefs/V1_chap04.html#tag_04_13>:
140 "A pathname that contains at least one non-<slash> character and that
141 ends with one or more trailing <slash> characters shall not be resolved
142 successfully unless the last pathname component before the trailing
143 <slash> characters names an existing directory"
144 If the named file without the slash is not a directory, open() must fail
145 with ENOTDIR. */
146 if (fd >= 0)
147 {
148 /* We know len is positive, since open did not fail with ENOENT. */
149 size_t len = strlen (filename);
150 if (filename[len - 1] == '/')
151 {
152 struct stat statbuf;
153
154 if (fstat (fd, &statbuf) >= 0 && !S_ISDIR (statbuf.st_mode))
155 {
156 close (fd);
157 errno = ENOTDIR;
158 return -1;
159 }
160 }
161 }
162 # endif
163
164 return fd;
165 }
166
167 #else /* !HAVE_OPENAT */
168
169 # include "filename.h" /* solely for definition of IS_ABSOLUTE_FILE_NAME */
170 # include "openat-priv.h"
171 # include "save-cwd.h"
172
173 /* Replacement for Solaris' openat function.
174 <https://www.google.com/search?q=openat+site:docs.oracle.com>
175 First, try to simulate it via open ("/proc/self/fd/FD/FILE").
176 Failing that, simulate it by doing save_cwd/fchdir/open/restore_cwd.
177 If either the save_cwd or the restore_cwd fails (relatively unlikely),
178 then give a diagnostic and exit nonzero.
179 Otherwise, upon failure, set errno and return -1, as openat does.
180 Upon successful completion, return a file descriptor. */
181 int
182 openat (int fd, char const *file, int flags, ...)
183 {
184 mode_t mode = 0;
185
186 if (flags & O_CREAT)
187 {
188 va_list arg;
189 va_start (arg, flags);
190
191 /* We have to use PROMOTED_MODE_T instead of mode_t, otherwise GCC 4
192 creates crashing code when 'mode_t' is smaller than 'int'. */
193 mode = va_arg (arg, PROMOTED_MODE_T);
194
195 va_end (arg);
196 }
197
198 return openat_permissive (fd, file, flags, mode, NULL);
199 }
200
201 /* Like openat (FD, FILE, FLAGS, MODE), but if CWD_ERRNO is
202 nonnull, set *CWD_ERRNO to an errno value if unable to save
203 or restore the initial working directory. This is needed only
204 the first time remove.c's remove_dir opens a command-line
205 directory argument.
206
207 If a previous attempt to restore the current working directory
208 failed, then we must not even try to access a '.'-relative name.
209 It is the caller's responsibility not to call this function
210 in that case. */
211
212 int
213 openat_permissive (int fd, char const *file, int flags, mode_t mode,
214 int *cwd_errno)
215 {
216 struct saved_cwd saved_cwd;
217 int saved_errno;
218 int err;
219 bool save_ok;
220
221 if (fd == AT_FDCWD || IS_ABSOLUTE_FILE_NAME (file))
222 return open (file, flags, mode);
223
224 {
225 char buf[OPENAT_BUFFER_SIZE];
226 char *proc_file = openat_proc_name (buf, fd, file);
227 if (proc_file)
228 {
229 int open_result = open (proc_file, flags, mode);
230 int open_errno = errno;
231 if (proc_file != buf)
232 free (proc_file);
233 /* If the syscall succeeds, or if it fails with an unexpected
234 errno value, then return right away. Otherwise, fall through
235 and resort to using save_cwd/restore_cwd. */
236 if (0 <= open_result || ! EXPECTED_ERRNO (open_errno))
237 {
238 errno = open_errno;
239 return open_result;
240 }
241 }
242 }
243
244 save_ok = (save_cwd (&saved_cwd) == 0);
245 if (! save_ok)
246 {
247 if (! cwd_errno)
248 openat_save_fail (errno);
249 *cwd_errno = errno;
250 }
251 if (0 <= fd && fd == saved_cwd.desc)
252 {
253 /* If saving the working directory collides with the user's
254 requested fd, then the user's fd must have been closed to
255 begin with. */
256 free_cwd (&saved_cwd);
257 errno = EBADF;
258 return -1;
259 }
260
261 err = fchdir (fd);
262 saved_errno = errno;
263
264 if (! err)
265 {
266 err = open (file, flags, mode);
267 saved_errno = errno;
268 if (save_ok && restore_cwd (&saved_cwd) != 0)
269 {
270 if (! cwd_errno)
271 {
272 /* Don't write a message to just-created fd 2. */
273 saved_errno = errno;
274 if (err == STDERR_FILENO)
275 close (err);
276 openat_restore_fail (saved_errno);
277 }
278 *cwd_errno = errno;
279 }
280 }
281
282 free_cwd (&saved_cwd);
283 errno = saved_errno;
284 return err;
285 }
286
287 /* Return true if our openat implementation must resort to
288 using save_cwd and restore_cwd. */
289 bool
290 openat_needs_fchdir (void)
291 {
292 bool needs_fchdir = true;
293 int fd = open ("/", O_SEARCH | O_CLOEXEC);
294
295 if (0 <= fd)
296 {
297 char buf[OPENAT_BUFFER_SIZE];
298 char *proc_file = openat_proc_name (buf, fd, ".");
299 if (proc_file)
300 {
301 needs_fchdir = false;
302 if (proc_file != buf)
303 free (proc_file);
304 }
305 close (fd);
306 }
307
308 return needs_fchdir;
309 }
310
311 #endif /* !HAVE_OPENAT */