/* pred.c -- execute the expression tree.
- Copyright (C) 1990, 1991, 1992, 1993, 1994, 2000, 2003,
- 2004, 2005, 2006, 2007, 2008, 2009,
- 2010 Free Software Foundation, Inc.
+ Copyright (C) 1990, 1991, 1992, 1993, 1994, 2000, 2003, 2004, 2005,
+ 2006, 2007, 2008, 2009, 2010, 2011 Free Software Foundation, Inc.
This program is free software: you can redistribute it and/or modify
it under the terms of the GNU General Public License as published by
along with this program. If not, see <http://www.gnu.org/licenses/>.
*/
+/* config.h always comes first. */
#include <config.h>
-#include "defs.h"
-#include <fnmatch.h>
-#include <signal.h>
-#include <math.h>
-#include <pwd.h>
-#include <grp.h>
-#include <sys/types.h>
-#include <sys/stat.h>
-#include <errno.h>
+/* system headers. */
#include <assert.h>
-#include <stdarg.h>
+#include <ctype.h>
+#include <dirent.h>
+#include <errno.h>
#include <fcntl.h>
+#include <grp.h>
#include <locale.h>
-#include <ctype.h>
+#include <math.h>
+#include <pwd.h>
+#include <selinux/selinux.h>
+#include <stdarg.h>
+#include <sys/stat.h>
+#include <sys/types.h>
+#include <sys/wait.h>
#include <unistd.h> /* for unlinkat() */
-#include "xalloc.h"
+
+/* gnulib headers. */
+#include "areadlink.h"
#include "dirname.h"
-#include "human.h"
-#include "filemode.h"
-#include "printquoted.h"
-#include "buildcmd.h"
-#include "yesno.h"
-#include "listfile.h"
+#include "error.h"
+#include "fnmatch.h"
+#include "gettext.h"
+#include "stat-size.h"
#include "stat-time.h"
+#include "yesno.h"
+
+/* find headers. */
+#include "defs.h"
#include "dircallback.h"
-#include "error.h"
-#include "verify.h"
-#include "fdleak.h"
-#include "areadlink.h"
-#include "cloexec.h"
-#include "save-cwd.h"
+#include "listfile.h"
+#include "printquoted.h"
+
-#include <selinux/selinux.h>
#if ENABLE_NLS
# include <libintl.h>
# define N_(String) String
#endif
-#if !defined(SIGCHLD) && defined(SIGCLD)
-#define SIGCHLD SIGCLD
-#endif
-
-
-#include <sys/wait.h>
-
-#if HAVE_DIRENT_H
-# include <dirent.h>
-# define NAMLEN(dirent) strlen((dirent)->d_name)
-#else
-# define dirent direct
-# define NAMLEN(dirent) (dirent)->d_namlen
-# if HAVE_SYS_NDIR_H
-# include <sys/ndir.h>
-# endif
-# if HAVE_SYS_DIR_H
-# include <sys/dir.h>
-# endif
-# if HAVE_NDIR_H
-# include <ndir.h>
-# endif
-#endif
-
#ifdef CLOSEDIR_VOID
/* Fake a return value. */
#define CLOSEDIR(d) (closedir (d), 0)
#define CLOSEDIR(d) closedir (d)
#endif
-
-
-
-/* Get or fake the disk device blocksize.
- Usually defined by sys/param.h (if at all). */
-#ifndef DEV_BSIZE
-# ifdef BSIZE
-# define DEV_BSIZE BSIZE
-# else /* !BSIZE */
-# define DEV_BSIZE 4096
-# endif /* !BSIZE */
-#endif /* !DEV_BSIZE */
-
-/* Extract or fake data from a `struct stat'.
- ST_BLKSIZE: Preferred I/O blocksize for the file, in bytes.
- ST_NBLOCKS: Number of blocks in the file, including indirect blocks.
- ST_NBLOCKSIZE: Size of blocks used when calculating ST_NBLOCKS. */
-#ifndef HAVE_STRUCT_STAT_ST_BLOCKS
-# define ST_BLKSIZE(statbuf) DEV_BSIZE
-# if defined _POSIX_SOURCE || !defined BSIZE /* fileblocks.c uses BSIZE. */
-# define ST_NBLOCKS(statbuf) \
- (S_ISREG ((statbuf).st_mode) \
- || S_ISDIR ((statbuf).st_mode) \
- ? (statbuf).st_size / ST_NBLOCKSIZE + ((statbuf).st_size % ST_NBLOCKSIZE != 0) : 0)
-# else /* !_POSIX_SOURCE && BSIZE */
-# define ST_NBLOCKS(statbuf) \
- (S_ISREG ((statbuf).st_mode) \
- || S_ISDIR ((statbuf).st_mode) \
- ? st_blocks ((statbuf).st_size) : 0)
-# endif /* !_POSIX_SOURCE && BSIZE */
-#else /* HAVE_STRUCT_STAT_ST_BLOCKS */
-/* Some systems, like Sequents, return st_blksize of 0 on pipes. */
-# define ST_BLKSIZE(statbuf) ((statbuf).st_blksize > 0 \
- ? (statbuf).st_blksize : DEV_BSIZE)
-# if defined hpux || defined __hpux__ || defined __hpux
-/* HP-UX counts st_blocks in 1024-byte units.
- This loses when mixing HP-UX and BSD file systems with NFS. */
-# define ST_NBLOCKSIZE 1024
-# else /* !hpux */
-# if defined _AIX && defined _I386
-/* AIX PS/2 counts st_blocks in 4K units. */
-# define ST_NBLOCKSIZE (4 * 1024)
-# else /* not AIX PS/2 */
-# if defined _CRAY
-# define ST_NBLOCKS(statbuf) \
- (S_ISREG ((statbuf).st_mode) \
- || S_ISDIR ((statbuf).st_mode) \
- ? (statbuf).st_blocks * ST_BLKSIZE(statbuf)/ST_NBLOCKSIZE : 0)
-# endif /* _CRAY */
-# endif /* not AIX PS/2 */
-# endif /* !hpux */
-#endif /* HAVE_STRUCT_STAT_ST_BLOCKS */
-
-#ifndef ST_NBLOCKS
-# define ST_NBLOCKS(statbuf) \
- (S_ISREG ((statbuf).st_mode) \
- || S_ISDIR ((statbuf).st_mode) \
- ? (statbuf).st_blocks : 0)
-#endif
-
-#ifndef ST_NBLOCKSIZE
-# define ST_NBLOCKSIZE 512
-#endif
-
-
-#undef MAX
-#define MAX(a, b) ((a) > (b) ? (a) : (b))
-
static bool match_lname (const char *pathname, struct stat *stat_buf, struct predicate *pred_ptr, bool ignore_case);
-static char *format_date (struct timespec ts, int kind);
-static char *ctime_format (struct timespec ts);
-
#ifdef DEBUG
struct pred_assoc
{
}
-/* Initialise exec->wd_for_exec.
-
- We save in exec->wd_for_exec the directory whose path relative to
- cwd_df is dir.
- */
-static bool
-initialise_wd_for_exec (struct exec_val *execp, int cwd_fd, const char *dir)
-{
- execp->wd_for_exec = xmalloc (sizeof (*execp->wd_for_exec));
- execp->wd_for_exec->name = NULL;
- execp->wd_for_exec->desc = openat (cwd_fd, dir, O_RDONLY);
- if (execp->wd_for_exec->desc < 0)
- return false;
- set_cloexec_flag (execp->wd_for_exec->desc, true);
- return true;
-}
-
-
-static bool
-record_exec_dir (struct exec_val *execp)
-{
- if (!execp->state.todo)
- {
- /* Record the WD. If we're using -L or fts chooses to do so for
- any other reason, state.cwd_dir_fd may in fact not be the
- directory containing the target file. When this happens,
- rel_path will contain directory components (since it is the
- path from state.cwd_dir_fd to the target file).
-
- We deal with this by extracting any directory part and using
- that to adjust what goes into execp->wd_for_exec.
- */
- if (strchr (state.rel_pathname, '/'))
- {
- char *dir = mdir_name (state.rel_pathname);
- bool result = initialise_wd_for_exec (execp, state.cwd_dir_fd, dir);
- free (dir);
- return result;
- }
- else
- {
- return initialise_wd_for_exec (execp, state.cwd_dir_fd, ".");
- }
- }
- return true;
-}
-
-
-static bool
-impl_pred_exec (const char *pathname,
- struct stat *stat_buf,
- struct predicate *pred_ptr)
-{
- struct exec_val *execp = &pred_ptr->args.exec_vec;
- char *target;
- bool result;
- const bool local = is_exec_in_local_dir (pred_ptr->pred_func);
- char *prefix;
- size_t pfxlen;
-
- (void) stat_buf;
- if (local)
- {
- /* For -execdir/-okdir predicates, the parser did not fill in
- the wd_for_exec member of sturct exec_val. So for those
- predicates, we do so now.
- */
- if (!record_exec_dir (execp))
- {
- error (EXIT_FAILURE, errno,
- _("Failed to save working directory in order to "
- "run a command on %s"),
- safely_quote_err_filename (0, pathname));
- /*NOTREACHED*/
- }
- target = base_name (state.rel_pathname);
- if ('/' == target[0])
- {
- /* find / execdir ls -d {} \; */
- prefix = NULL;
- pfxlen = 0;
- }
- else
- {
- prefix = "./";
- pfxlen = 2u;
- }
- }
- else
- {
- /* For the others (-exec, -ok), the parser should
- have set wd_for_exec to initial_wd, indicating
- that the exec should take place from find's initial
- working directory.
- */
- assert (execp->wd_for_exec == initial_wd);
- target = pathname;
- prefix = NULL;
- pfxlen = 0u;
- }
-
- if (execp->multiple)
- {
- /* Push the argument onto the current list.
- * The command may or may not be run at this point,
- * depending on the command line length limits.
- */
- bc_push_arg (&execp->ctl,
- &execp->state,
- target, strlen (target)+1,
- prefix, pfxlen,
- 0);
-
- /* remember that there are pending execdirs. */
- state.execdirs_outstanding = true;
-
- /* POSIX: If the primary expression is punctuated by a plus
- * sign, the primary shall always evaluate as true
- */
- result = true;
- }
- else
- {
- int i;
-
- for (i=0; i<execp->num_args; ++i)
- {
- bc_do_insert (&execp->ctl,
- &execp->state,
- execp->replace_vec[i],
- strlen (execp->replace_vec[i]),
- prefix, pfxlen,
- target, strlen (target),
- 0);
- }
-
- /* Actually invoke the command. */
- bc_do_exec (&execp->ctl, &execp->state);
- if (WIFEXITED(execp->last_child_status))
- {
- if (0 == WEXITSTATUS(execp->last_child_status))
- result = true; /* The child succeeded. */
- else
- result = false;
- }
- else
- {
- result = false;
- }
- }
- if (target != pathname)
- {
- assert (local);
- free (target);
- }
- return result;
-}
-
-
bool
pred_exec (const char *pathname, struct stat *stat_buf, struct predicate *pred_ptr)
{
-static char*
-mode_to_filetype (mode_t m)
-{
-#define HANDLE_TYPE(t,letter) if (m==t) { return letter; }
-#ifdef S_IFREG
- HANDLE_TYPE(S_IFREG, "f"); /* regular file */
-#endif
-#ifdef S_IFDIR
- HANDLE_TYPE(S_IFDIR, "d"); /* directory */
-#endif
-#ifdef S_IFLNK
- HANDLE_TYPE(S_IFLNK, "l"); /* symbolic link */
-#endif
-#ifdef S_IFSOCK
- HANDLE_TYPE(S_IFSOCK, "s"); /* Unix domain socket */
-#endif
-#ifdef S_IFBLK
- HANDLE_TYPE(S_IFBLK, "b"); /* block device */
-#endif
-#ifdef S_IFCHR
- HANDLE_TYPE(S_IFCHR, "c"); /* character device */
-#endif
-#ifdef S_IFIFO
- HANDLE_TYPE(S_IFIFO, "p"); /* FIFO */
-#endif
-#ifdef S_IFDOOR
- HANDLE_TYPE(S_IFDOOR, "D"); /* Door (e.g. on Solaris) */
-#endif
- return "U"; /* Unknown */
-}
-
-static double
-file_sparseness (const struct stat *p)
-{
-#if defined HAVE_STRUCT_STAT_ST_BLOCKS
- if (0 == p->st_size)
- {
- if (0 == p->st_blocks)
- return 1.0;
- else
- return p->st_blocks < 0 ? -HUGE_VAL : HUGE_VAL;
- }
- else
- {
- double blklen = file_blocksize (p) * (double)p->st_blocks;
- return blklen / p->st_size;
- }
-#else
- return 1.0;
-#endif
-}
-
-
-
-static void
-checked_fprintf (struct format_val *dest, const char *fmt, ...)
-{
- int rv;
- va_list ap;
-
- va_start (ap, fmt);
- rv = vfprintf (dest->stream, fmt, ap);
- if (rv < 0)
- nonfatal_nontarget_file_error (errno, dest->filename);
-}
-
-
-static void
-checked_print_quoted (struct format_val *dest,
- const char *format, const char *s)
-{
- int rv = print_quoted (dest->stream, dest->quote_opts, dest->dest_is_tty,
- format, s);
- if (rv < 0)
- nonfatal_nontarget_file_error (errno, dest->filename);
-}
-
-
-static void
-checked_fwrite (void *p, size_t siz, size_t nmemb, struct format_val *dest)
-{
- int items_written = fwrite (p, siz, nmemb, dest->stream);
- if (items_written < nmemb)
- nonfatal_nontarget_file_error (errno, dest->filename);
-}
-
-static void
-checked_fflush (struct format_val *dest)
-{
- if (0 != fflush (dest->stream))
- {
- nonfatal_nontarget_file_error (errno, dest->filename);
- }
-}
-
-static void
-do_fprintf (struct format_val *dest,
- struct segment *segment,
- const char *pathname,
- const struct stat *stat_buf)
-{
- char hbuf[LONGEST_HUMAN_READABLE + 1];
- const char *cp;
-
- switch (segment->segkind)
- {
- case KIND_PLAIN: /* Plain text string (no % conversion). */
- /* trusted */
- checked_fwrite(segment->text, 1, segment->text_len, dest);
- break;
-
- case KIND_STOP: /* Terminate argument and flush output. */
- /* trusted */
- checked_fwrite (segment->text, 1, segment->text_len, dest);
- checked_fflush (dest);
- break;
-
- case KIND_FORMAT:
- switch (segment->format_char[0])
- {
- case 'a': /* atime in `ctime' format. */
- /* UNTRUSTED, probably unexploitable */
- checked_fprintf (dest, segment->text, ctime_format (get_stat_atime (stat_buf)));
- break;
- case 'b': /* size in 512-byte blocks */
- /* UNTRUSTED, probably unexploitable */
- checked_fprintf (dest, segment->text,
- human_readable ((uintmax_t) ST_NBLOCKS (*stat_buf),
- hbuf, human_ceiling,
- ST_NBLOCKSIZE, 512));
- break;
- case 'c': /* ctime in `ctime' format */
- /* UNTRUSTED, probably unexploitable */
- checked_fprintf (dest, segment->text, ctime_format (get_stat_ctime (stat_buf)));
- break;
- case 'd': /* depth in search tree */
- /* UNTRUSTED, probably unexploitable */
- checked_fprintf (dest, segment->text, state.curdepth);
- break;
- case 'D': /* Device on which file exists (stat.st_dev) */
- /* trusted */
- checked_fprintf (dest, segment->text,
- human_readable ((uintmax_t) stat_buf->st_dev, hbuf,
- human_ceiling, 1, 1));
- break;
- case 'f': /* base name of path */
- /* sanitised */
- {
- char *base = base_name (pathname);
- checked_print_quoted (dest, segment->text, base);
- free (base);
- }
- break;
- case 'F': /* file system type */
- /* trusted */
- checked_print_quoted (dest, segment->text, filesystem_type (stat_buf, pathname));
- break;
- case 'g': /* group name */
- /* trusted */
- /* (well, the actual group is selected by the user but
- * its name was selected by the system administrator)
- */
- {
- struct group *g;
-
- g = getgrgid (stat_buf->st_gid);
- if (g)
- {
- segment->text[segment->text_len] = 's';
- checked_fprintf (dest, segment->text, g->gr_name);
- break;
- }
- else
- {
- /* Do nothing. */
- /*FALLTHROUGH*/
- }
- }
- /*FALLTHROUGH*/ /*...sometimes, so 'G' case.*/
-
- case 'G': /* GID number */
- /* UNTRUSTED, probably unexploitable */
- checked_fprintf (dest, segment->text,
- human_readable ((uintmax_t) stat_buf->st_gid, hbuf,
- human_ceiling, 1, 1));
- break;
- case 'h': /* leading directories part of path */
- /* sanitised */
- {
- cp = strrchr (pathname, '/');
- if (cp == NULL) /* No leading directories. */
- {
- /* If there is no slash in the pathname, we still
- * print the string because it contains characters
- * other than just '%s'. The %h expands to ".".
- */
- checked_print_quoted (dest, segment->text, ".");
- }
- else
- {
- char *s = strdup (pathname);
- s[cp - pathname] = 0;
- checked_print_quoted (dest, segment->text, s);
- free (s);
- }
- }
- break;
-
- case 'H': /* ARGV element file was found under */
- /* trusted */
- {
- char *s = xmalloc (state.starting_path_length+1);
- memcpy (s, pathname, state.starting_path_length);
- s[state.starting_path_length] = 0;
- checked_fprintf (dest, segment->text, s);
- free (s);
- }
- break;
-
- case 'i': /* inode number */
- /* UNTRUSTED, but not exploitable I think */
- checked_fprintf (dest, segment->text,
- human_readable ((uintmax_t) stat_buf->st_ino, hbuf,
- human_ceiling,
- 1, 1));
- break;
- case 'k': /* size in 1K blocks */
- /* UNTRUSTED, but not exploitable I think */
- checked_fprintf (dest, segment->text,
- human_readable ((uintmax_t) ST_NBLOCKS (*stat_buf),
- hbuf, human_ceiling,
- ST_NBLOCKSIZE, 1024));
- break;
- case 'l': /* object of symlink */
- /* sanitised */
-#ifdef S_ISLNK
- {
- char *linkname = 0;
-
- if (S_ISLNK (stat_buf->st_mode))
- {
- linkname = areadlinkat (state.cwd_dir_fd, state.rel_pathname);
- if (linkname == NULL)
- {
- nonfatal_target_file_error (errno, pathname);
- state.exit_status = 1;
- }
- }
- if (linkname)
- {
- checked_print_quoted (dest, segment->text, linkname);
- }
- else
- {
- /* We still need to honour the field width etc., so this is
- * not a no-op.
- */
- checked_print_quoted (dest, segment->text, "");
- }
- free (linkname);
- }
-#endif /* S_ISLNK */
- break;
-
- case 'M': /* mode as 10 chars (eg., "-rwxr-x--x" */
- /* UNTRUSTED, probably unexploitable */
- {
- char modestring[16] ;
- filemodestring (stat_buf, modestring);
- modestring[10] = '\0';
- checked_fprintf (dest, segment->text, modestring);
- }
- break;
-
- case 'm': /* mode as octal number (perms only) */
- /* UNTRUSTED, probably unexploitable */
- {
- /* Output the mode portably using the traditional numbers,
- even if the host unwisely uses some other numbering
- scheme. But help the compiler in the common case where
- the host uses the traditional numbering scheme. */
- mode_t m = stat_buf->st_mode;
- bool traditional_numbering_scheme =
- (S_ISUID == 04000 && S_ISGID == 02000 && S_ISVTX == 01000
- && S_IRUSR == 00400 && S_IWUSR == 00200 && S_IXUSR == 00100
- && S_IRGRP == 00040 && S_IWGRP == 00020 && S_IXGRP == 00010
- && S_IROTH == 00004 && S_IWOTH == 00002 && S_IXOTH == 00001);
- checked_fprintf (dest, segment->text,
- (traditional_numbering_scheme
- ? m & MODE_ALL
- : ((m & S_ISUID ? 04000 : 0)
- | (m & S_ISGID ? 02000 : 0)
- | (m & S_ISVTX ? 01000 : 0)
- | (m & S_IRUSR ? 00400 : 0)
- | (m & S_IWUSR ? 00200 : 0)
- | (m & S_IXUSR ? 00100 : 0)
- | (m & S_IRGRP ? 00040 : 0)
- | (m & S_IWGRP ? 00020 : 0)
- | (m & S_IXGRP ? 00010 : 0)
- | (m & S_IROTH ? 00004 : 0)
- | (m & S_IWOTH ? 00002 : 0)
- | (m & S_IXOTH ? 00001 : 0))));
- }
- break;
-
- case 'n': /* number of links */
- /* UNTRUSTED, probably unexploitable */
- checked_fprintf (dest, segment->text,
- human_readable ((uintmax_t) stat_buf->st_nlink,
- hbuf,
- human_ceiling,
- 1, 1));
- break;
-
- case 'p': /* pathname */
- /* sanitised */
- checked_print_quoted (dest, segment->text, pathname);
- break;
-
- case 'P': /* pathname with ARGV element stripped */
- /* sanitised */
- if (state.curdepth > 0)
- {
- cp = pathname + state.starting_path_length;
- if (*cp == '/')
- /* Move past the slash between the ARGV element
- and the rest of the pathname. But if the ARGV element
- ends in a slash, we didn't add another, so we've
- already skipped past it. */
- cp++;
- }
- else
- {
- cp = "";
- }
- checked_print_quoted (dest, segment->text, cp);
- break;
-
- case 's': /* size in bytes */
- /* UNTRUSTED, probably unexploitable */
- checked_fprintf (dest, segment->text,
- human_readable ((uintmax_t) stat_buf->st_size,
- hbuf, human_ceiling, 1, 1));
- break;
-
- case 'S': /* sparseness */
- /* UNTRUSTED, probably unexploitable */
- checked_fprintf (dest, segment->text, file_sparseness (stat_buf));;
- break;
-
- case 't': /* mtime in `ctime' format */
- /* UNTRUSTED, probably unexploitable */
- checked_fprintf (dest, segment->text,
- ctime_format (get_stat_mtime (stat_buf)));
- break;
-
- case 'u': /* user name */
- /* trusted */
- /* (well, the actual user is selected by the user on systems
- * where chown is not restricted, but the user name was
- * selected by the system administrator)
- */
- {
- struct passwd *p;
-
- p = getpwuid (stat_buf->st_uid);
- if (p)
- {
- segment->text[segment->text_len] = 's';
- checked_fprintf (dest, segment->text, p->pw_name);
- break;
- }
- /* else fallthru */
- }
- /* FALLTHROUGH*/ /* .. to case U */
-
- case 'U': /* UID number */
- /* UNTRUSTED, probably unexploitable */
- checked_fprintf (dest, segment->text,
- human_readable ((uintmax_t) stat_buf->st_uid, hbuf,
- human_ceiling, 1, 1));
- break;
-
- /* %Y: type of file system entry like `ls -l`:
- * (d,-,l,s,p,b,c,n) n=nonexistent (symlink)
- */
- case 'Y': /* in case of symlink */
- /* trusted */
- {
-#ifdef S_ISLNK
- if (S_ISLNK (stat_buf->st_mode))
- {
- struct stat sbuf;
- /* If we would normally follow links, do not do so.
- * If we would normally not follow links, do so.
- */
- if ((following_links () ? optionp_stat : optionl_stat)
- (state.rel_pathname, &sbuf) != 0)
- {
- if ( errno == ENOENT )
- {
- checked_fprintf (dest, segment->text, "N");
- break;
- }
- else if ( errno == ELOOP )
- {
- checked_fprintf (dest, segment->text, "L");
- break;
- }
- else
- {
- checked_fprintf (dest, segment->text, "?");
- error (0, errno, "%s",
- safely_quote_err_filename (0, pathname));
- /* exit_status = 1;
- return ; */
- break;
- }
- }
- checked_fprintf (dest, segment->text,
- mode_to_filetype (sbuf.st_mode & S_IFMT));
- }
-#endif /* S_ISLNK */
- else
- {
- checked_fprintf (dest, segment->text,
- mode_to_filetype (stat_buf->st_mode & S_IFMT));
- }
- }
- break;
-
- case 'y':
- /* trusted */
- {
- checked_fprintf (dest, segment->text,
- mode_to_filetype (stat_buf->st_mode & S_IFMT));
- }
- break;
-
- case 'Z': /* SELinux security context */
- {
- security_context_t scontext;
- int rv = (*options.x_getfilecon) (state.cwd_dir_fd, state.rel_pathname,
- &scontext);
- if (rv < 0)
- {
- /* If getfilecon fails, there will in the general case
- still be some text to print. We just make %Z expand
- to an empty string. */
- checked_fprintf (dest, segment->text, "");
-
- error (0, errno, _("getfilecon failed: %s"),
- safely_quote_err_filename (0, pathname));
- state.exit_status = 1;
- }
- else
- {
- checked_fprintf (dest, segment->text, scontext);
- freecon (scontext);
- }
- }
- break;
- }
- /* end of KIND_FORMAT case */
- break;
- }
-}
-
-bool
-pred_fprintf (const char *pathname, struct stat *stat_buf, struct predicate *pred_ptr)
-{
- struct format_val *dest = &pred_ptr->args.printf_vec;
- struct segment *segment;
-
- for (segment = dest->segment; segment; segment = segment->next)
- {
- if ( (KIND_FORMAT == segment->segkind) && segment->format_char[1]) /* Component of date. */
- {
- struct timespec ts;
- int valid = 0;
-
- switch (segment->format_char[0])
- {
- case 'A':
- ts = get_stat_atime (stat_buf);
- valid = 1;
- break;
- case 'B':
- ts = get_stat_birthtime (stat_buf);
- if ('@' == segment->format_char[1])
- valid = 1;
- else
- valid = (ts.tv_nsec >= 0);
- break;
- case 'C':
- ts = get_stat_ctime (stat_buf);
- valid = 1;
- break;
- case 'T':
- ts = get_stat_mtime (stat_buf);
- valid = 1;
- break;
- default:
- assert (0);
- abort ();
- }
- /* We trust the output of format_date not to contain
- * nasty characters, though the value of the date
- * is itself untrusted data.
- */
- if (valid)
- {
- /* trusted */
- checked_fprintf (dest, segment->text,
- format_date (ts, segment->format_char[1]));
- }
- else
- {
- /* The specified timestamp is not available, output
- * nothing for the timestamp, but use the rest (so that
- * for example find foo -printf '[%Bs] %p\n' can print
- * "[] foo").
- */
- /* trusted */
- checked_fprintf (dest, segment->text, "");
- }
- }
- else
- {
- /* Print a segment which is not a date. */
- do_fprintf (dest, segment, pathname, stat_buf);
- }
- }
- return true;
-}
-
bool
pred_fstype (const char *pathname, struct stat *stat_buf, struct predicate *pred_ptr)
{
case XVAL_BIRTHTIME:
ts = get_stat_birthtime (stat_buf);
collected = true;
- if (ts.tv_nsec < 0);
+ if (ts.tv_nsec < 0)
{
/* XXX: Cannot determine birth time. Warn once. */
error (0, 0, _("WARNING: cannot determine birth time of file %s"),
This standard does not have requirements for locales other than POSIX
*/
/* XXX: printing UNTRUSTED data here. */
- fprintf (stderr, _("< %s ... %s > ? "), program, arg);
+ if (fprintf (stderr, _("< %s ... %s > ? "), program, arg) < 0)
+ {
+ error (EXIT_FAILURE, errno, _("Failed to write prompt for -ok"));
+ }
fflush (stderr);
return yesno ();
}
security_context_t scontext;
int rv = (*options.x_getfilecon) (state.cwd_dir_fd, state.rel_pathname,
&scontext);
+ (void) stat_buf;
+
if (rv < 0)
{
error (0, errno, _("getfilecon failed: %s"),
return rv;
}
-
-/* 1) fork to get a child; parent remembers the child pid
- 2) child execs the command requested
- 3) parent waits for child; checks for proper pid of child
-
- Possible returns:
-
- ret errno status(h) status(l)
-
- pid x signal# 0177 stopped
- pid x exit arg 0 term by _exit
- pid x 0 signal # term by signal
- -1 EINTR parent got signal
- -1 other some other kind of error
-
- Return true only if the pid matches, status(l) is
- zero, and the exit arg (status high) is 0.
- Otherwise return false, possibly printing an error message. */
-
-
-static bool
-prep_child_for_exec (bool close_stdin, const struct saved_cwd *wd)
-{
- bool ok = true;
- if (close_stdin)
- {
- const char inputfile[] = "/dev/null";
-
- if (close (0) < 0)
- {
- error (0, errno, _("Cannot close standard input"));
- ok = false;
- }
- else
- {
- if (open (inputfile, O_RDONLY
-#if defined O_LARGEFILE
- |O_LARGEFILE
-#endif
- ) < 0)
- {
- /* This is not entirely fatal, since
- * executing the child with a closed
- * stdin is almost as good as executing it
- * with its stdin attached to /dev/null.
- */
- error (0, errno, "%s", safely_quote_err_filename (0, inputfile));
- /* do not set ok=false, it is OK to continue anyway. */
- }
- }
- }
-
- /* Even if DebugSearch is set, don't announce our change of
- * directory, since we're not going to emit a subsequent
- * announcement of a call to stat() anyway, as we're about to exec
- * something.
- */
- if (0 != restore_cwd (wd))
- {
- error (0, errno, _("Failed to change directory"));
- ok = false;
- }
- return ok;
-}
-
-
-
-
-
-
-int
-launch (struct buildcmd_control *ctl, void *usercontext, int argc, char **argv)
-{
- pid_t child_pid;
- static int first_time = 1;
- struct exec_val *execp = usercontext;
-
- /* Make sure output of command doesn't get mixed with find output. */
- fflush (stdout);
- fflush (stderr);
-
- /* Make sure to listen for the kids. */
- if (first_time)
- {
- first_time = 0;
- signal (SIGCHLD, SIG_DFL);
- }
-
- child_pid = fork ();
- if (child_pid == -1)
- error (EXIT_FAILURE, errno, _("cannot fork"));
- if (child_pid == 0)
- {
- /* We are the child. */
- assert (NULL != execp->wd_for_exec);
- if (!prep_child_for_exec (execp->close_stdin, execp->wd_for_exec))
- {
- _exit (1);
- }
- else
- {
- if (fd_leak_check_is_enabled ())
- {
- complain_about_leaky_fds ();
- }
- }
-
- if (bc_args_exceed_testing_limit (argv))
- errno = E2BIG;
- else
- execvp (argv[0], argv);
- /* TODO: use a pipe to pass back the errno value, like xargs does */
- error (0, errno, "%s",
- safely_quote_err_filename (0, argv[0]));
- _exit (1);
- }
-
- while (waitpid (child_pid, &(execp->last_child_status), 0) == (pid_t) -1)
- {
- if (errno != EINTR)
- {
- error (0, errno, _("error waiting for %s"),
- safely_quote_err_filename (0, argv[0]));
- state.exit_status = 1;
- return 0; /* FAIL */
- }
- }
-
- if (WIFSIGNALED (execp->last_child_status))
- {
- error (0, 0, _("%s terminated by signal %d"),
- quotearg_n_style (0, options.err_quoting_style, argv[0]),
- WTERMSIG (execp->last_child_status));
-
- if (execp->multiple)
- {
- /* -exec \; just returns false if the invoked command fails.
- * -exec {} + returns true if the invoked command fails, but
- * sets the program exit status.
- */
- state.exit_status = 1;
- }
-
- return 1; /* OK */
- }
-
- if (0 == WEXITSTATUS (execp->last_child_status))
- {
- return 1; /* OK */
- }
- else
- {
- if (execp->multiple)
- {
- /* -exec \; just returns false if the invoked command fails.
- * -exec {} + returns true if the invoked command fails, but
- * sets the program exit status.
- */
- state.exit_status = 1;
- }
- /* The child failed, but this is the exec callback. We
- * don't want to run the child again in this case anwyay.
- */
- return 1; /* FAIL (but don't try again) */
- }
-
-}
-
-
-static bool
-scan_for_digit_differences (const char *p, const char *q,
- size_t *first, size_t *n)
-{
- bool seen = false;
- size_t i;
-
- for (i=0; p[i] && q[i]; i++)
- {
- if (p[i] != q[i])
- {
- if (!isdigit ((unsigned char)q[i]) || !isdigit ((unsigned char)q[i]))
- return false;
-
- if (!seen)
- {
- *first = i;
- *n = 1;
- seen = 1;
- }
- else
- {
- if (i-*first == *n)
- {
- /* Still in the first sequence of differing digits. */
- ++*n;
- }
- else
- {
- /* More than one differing contiguous character sequence. */
- return false;
- }
- }
- }
- }
- if (p[i] || q[i])
- {
- /* strings are different lengths. */
- return false;
- }
- return true;
-}
-
-
-static char*
-do_time_format (const char *fmt, const struct tm *p, const char *ns, size_t ns_size)
-{
- static char *buf = NULL;
- static size_t buf_size;
- char *timefmt = NULL;
- struct tm altered_time;
-
-
- /* If the format expands to nothing (%p in some locales, for
- * example), strftime can return 0. We actually want to distinguish
- * the error case where the buffer is too short, so we just prepend
- * an otherwise uninteresting character to prevent the no-output
- * case.
- */
- timefmt = xmalloc (strlen (fmt) + 2u);
- sprintf (timefmt, "_%s", fmt);
-
- /* altered_time is a similar time, but in which both
- * digits of the seconds field are different.
- */
- altered_time = *p;
- if (altered_time.tm_sec >= 11)
- altered_time.tm_sec -= 11;
- else
- altered_time.tm_sec += 11;
-
- /* If we call strftime() with buf_size=0, the program will coredump
- * on Solaris, since it unconditionally writes the terminating null
- * character.
- */
- buf_size = 1u;
- buf = xmalloc (buf_size);
- while (true)
- {
- /* I'm not sure that Solaris will return 0 when the buffer is too small.
- * Therefore we do not check for (buf_used != 0) as the termination
- * condition.
- */
- size_t buf_used = strftime (buf, buf_size, timefmt, p);
- if (buf_used /* Conforming POSIX system */
- && (buf_used < buf_size)) /* Solaris workaround */
- {
- char *altbuf;
- size_t i = 0, n = 0;
- size_t final_len = (buf_used
- + 1u /* for \0 */
- + ns_size);
- buf = xrealloc (buf, final_len);
- altbuf = xmalloc (final_len);
- strftime (altbuf, buf_size, timefmt, &altered_time);
-
- /* Find the seconds digits; they should be the only changed part.
- * In theory the result of the two formatting operations could differ in
- * more than just one sequence of decimal digits (for example %X might
- * in theory return a spelled-out time like "thirty seconds past noon").
- * When that happens, we just avoid inserting the nanoseconds field.
- */
- if (scan_for_digit_differences (buf, altbuf, &i, &n)
- && (2==n) && !isdigit ((unsigned char)buf[i+n]))
- {
- const size_t end_of_seconds = i + n;
- const size_t suffix_len = buf_used-(end_of_seconds)+1;
-
- /* Move the tail (including the \0). Note that this
- * is a move of an overlapping memory block, so we
- * must use memmove instead of memcpy. Then insert
- * the nanoseconds (but not its trailing \0).
- */
- assert (end_of_seconds + ns_size + suffix_len == final_len);
- memmove (buf+end_of_seconds+ns_size,
- buf+end_of_seconds,
- suffix_len);
- memcpy (buf+i+n, ns, ns_size);
- }
- else
- {
- /* No seconds digits. No need to insert anything. */
- }
- /* The first character of buf is the underscore, which we actually
- * don't want.
- */
- free (timefmt);
- return buf+1;
- }
- else
- {
- buf = x2nrealloc (buf, &buf_size, 2u);
- }
- }
-}
-
-
-
-/* Return a static string formatting the time WHEN according to the
- * strftime format character KIND.
- *
- * This function contains a number of assertions. These look like
- * runtime checks of the results of computations, which would be a
- * problem since external events should not be tested for with
- * "assert" (instead you should use "if"). However, they are not
- * really runtime checks. The assertions actually exist to verify
- * that the various buffers are correctly sized.
- */
-static char *
-format_date (struct timespec ts, int kind)
-{
- /* In theory, we use an extra 10 characters for 9 digits of
- * nanoseconds and 1 for the decimal point. However, the real
- * world is more complex than that.
- *
- * For example, some systems return junk in the tv_nsec part of
- * st_birthtime. An example of this is the NetBSD-4.0-RELENG kernel
- * (at Sat Mar 24 18:46:46 2007) running a NetBSD-3.1-RELEASE
- * runtime and examining files on an msdos filesytem. So for that
- * reason we set NS_BUF_LEN to 32, which is simply "long enough" as
- * opposed to "exactly the right size". Note that the behaviour of
- * NetBSD appears to be a result of the use of uninitialised data,
- * as it's not 100% reproducible (more like 25%).
- */
- enum {
- NS_BUF_LEN = 32,
- DATE_LEN_PERCENT_APLUS=21 /* length of result of %A+ (it's longer than %c)*/
- };
- static char buf[128u+10u + MAX(DATE_LEN_PERCENT_APLUS,
- MAX (LONGEST_HUMAN_READABLE + 2, NS_BUF_LEN+64+200))];
- char ns_buf[NS_BUF_LEN]; /* -.9999999990 (- sign can happen!)*/
- int charsprinted, need_ns_suffix;
- struct tm *tm;
- char fmt[6];
-
- /* human_readable() assumes we pass a buffer which is at least as
- * long as LONGEST_HUMAN_READABLE. We use an assertion here to
- * ensure that no nasty unsigned overflow happend in our calculation
- * of the size of buf. Do the assertion here rather than in the
- * code for %@ so that we find the problem quickly if it exists. If
- * you want to submit a patch to move this into the if statement, go
- * ahead, I'll apply it. But include performance timings
- * demonstrating that the performance difference is actually
- * measurable.
- */
- verify (sizeof (buf) >= LONGEST_HUMAN_READABLE);
-
- charsprinted = 0;
- need_ns_suffix = 0;
-
- /* Format the main part of the time. */
- if (kind == '+')
- {
- strcpy (fmt, "%F+%T");
- need_ns_suffix = 1;
- }
- else
- {
- fmt[0] = '%';
- fmt[1] = kind;
- fmt[2] = '\0';
-
- /* %a, %c, and %t are handled in ctime_format() */
- switch (kind)
- {
- case 'S':
- case 'T':
- case 'X':
- case '@':
- need_ns_suffix = 1;
- break;
- default:
- need_ns_suffix = 0;
- break;
- }
- }
-
- if (need_ns_suffix)
- {
- /* Format the nanoseconds part. Leave a trailing zero to
- * discourage people from writing scripts which extract the
- * fractional part of the timestamp by using column offsets.
- * The reason for discouraging this is that in the future, the
- * granularity may not be nanoseconds.
- */
- charsprinted = snprintf (ns_buf, NS_BUF_LEN, ".%09ld0", (long int)ts.tv_nsec);
- assert (charsprinted < NS_BUF_LEN);
- }
- else
- {
- charsprinted = 0;
- ns_buf[0] = 0;
- }
-
- if (kind != '@')
- {
- tm = localtime (&ts.tv_sec);
- if (tm)
- {
- char *s = do_time_format (fmt, tm, ns_buf, charsprinted);
- if (s)
- return s;
- }
- }
-
- /* If we get to here, either the format was %@, or we have fallen back to it
- * because strftime failed.
- */
- if (1)
- {
- uintmax_t w = ts.tv_sec;
- size_t used, len, remaining;
-
- /* XXX: note that we are negating an unsigned type which is the
- * widest possible unsigned type.
- */
- char *p = human_readable (ts.tv_sec < 0 ? -w : w, buf + 1,
- human_ceiling, 1, 1);
- assert (p > buf);
- assert (p < (buf + (sizeof buf)));
- if (ts.tv_sec < 0)
- *--p = '-'; /* XXX: Ugh, relying on internal details of human_readable(). */
-
- /* Add the nanoseconds part. Because we cannot enforce a
- * particlar implementation of human_readable, we cannot assume
- * any particular value for (p-buf). So we need to be careful
- * that there is enough space remaining in the buffer.
- */
- if (need_ns_suffix)
- {
- len = strlen (p);
- used = (p-buf) + len; /* Offset into buf of current end */
- assert (sizeof buf > used); /* Ensure we can perform subtraction safely. */
- remaining = sizeof buf - used - 1u; /* allow space for NUL */
-
- if (strlen (ns_buf) >= remaining)
- {
- error (0, 0,
- "charsprinted=%ld but remaining=%lu: ns_buf=%s",
- (long)charsprinted, (unsigned long)remaining, ns_buf);
- }
- assert (strlen (ns_buf) < remaining);
- strcat (p, ns_buf);
- }
- return p;
- }
-}
-
-static const char *weekdays[] =
- {
- "Sun", "Mon", "Tue", "Wed", "Thu", "Fri", "Sat"
- };
-static char * months[] =
- {
- "Jan", "Feb", "Mar", "Apr", "May", "Jun",
- "Jul", "Aug", "Sep", "Oct", "Nov", "Dec"
- };
-
-
-static char *
-ctime_format (struct timespec ts)
-{
- const struct tm * ptm;
-#define TIME_BUF_LEN 1024u
- static char resultbuf[TIME_BUF_LEN];
- int nout;
-
- ptm = localtime (&ts.tv_sec);
- if (ptm)
- {
- assert (ptm->tm_wday >= 0);
- assert (ptm->tm_wday < 7);
- assert (ptm->tm_mon >= 0);
- assert (ptm->tm_mon < 12);
- assert (ptm->tm_hour >= 0);
- assert (ptm->tm_hour < 24);
- assert (ptm->tm_min < 60);
- assert (ptm->tm_sec <= 61); /* allows 2 leap seconds. */
-
- /* wkday mon mday hh:mm:ss.nnnnnnnnn yyyy */
- nout = snprintf (resultbuf, TIME_BUF_LEN,
- "%3s %3s %2d %02d:%02d:%02d.%010ld %04d",
- weekdays[ptm->tm_wday],
- months[ptm->tm_mon],
- ptm->tm_mday,
- ptm->tm_hour,
- ptm->tm_min,
- ptm->tm_sec,
- (long int)ts.tv_nsec,
- 1900 + ptm->tm_year);
-
- assert (nout < TIME_BUF_LEN);
- return resultbuf;
- }
- else
- {
- /* The time cannot be represented as a struct tm.
- Output it as an integer. */
- return format_date (ts, '@');
- }
-}
-
/* Copy STR into BUF and trim blanks from the end of BUF.
Return BUF. */
static char *
-blank_rtrim (str, buf)
- char *str;
- char *buf;
+blank_rtrim (const char *str, char *buf)
{
int i;
while ((i >= 0) && ((buf[i] == ' ') || buf[i] == '\t'))
i--;
buf[++i] = '\0';
- return (buf);
+ return buf;
}
/* Print out the predicate list starting at NODE. */