src/basic/tmpfile-util.c - systemd - Git at Google

 /* SPDX-License-Identifier: LGPL-2.1-or-later */

 #include <sys/mman.h>

 #include "alloc-util.h"
 #include "fd-util.h"
 #include "fileio.h"
 #include "fs-util.h"
 #include "hexdecoct.h"
 #include "macro.h"
 #include "memfd-util.h"
 #include "missing_fcntl.h"
 #include "missing_syscall.h"
 #include "path-util.h"
 #include "process-util.h"
 #include "random-util.h"
 #include "stdio-util.h"
 #include "string-util.h"
 #include "tmpfile-util.h"
 #include "umask-util.h"

 int fopen_temporary(const char *path, FILE **ret_f, char **ret_temp_path) {
         _cleanup_fclose_ FILE *f = NULL;
         _cleanup_free_ char *t = NULL;
         _cleanup_close_ int fd = -1;
         int r;

         if (path) {
                 r = tempfn_xxxxxx(path, NULL, &t);
                 if (r < 0)
                         return r;
         } else {
                 const char *d;

                 r = tmp_dir(&d);
                 if (r < 0)
                         return r;

                 t = path_join(d, "XXXXXX");
                 if (!t)
                         return -ENOMEM;
         }

         fd = mkostemp_safe(t);
         if (fd < 0)
                 return -errno;

         /* This assumes that returned FILE object is short-lived and used within the same single-threaded
          * context and never shared externally, hence locking is not necessary. */

         r = take_fdopen_unlocked(&fd, "w", &f);
         if (r < 0) {
                 (void) unlink(t);
                 return r;
         }

         if (ret_f)
                 *ret_f = TAKE_PTR(f);

         if (ret_temp_path)
                 *ret_temp_path = TAKE_PTR(t);

         return 0;
 }

 /* This is much like mkostemp() but is subject to umask(). */
 int mkostemp_safe(char *pattern) {
         int fd = -1;  /* avoid false maybe-uninitialized warning */

         assert(pattern);

         RUN_WITH_UMASK(0077)
                 fd = mkostemp(pattern, O_CLOEXEC);
         if (fd < 0)
                 return -errno;

         return fd;
 }

 int fmkostemp_safe(char *pattern, const char *mode, FILE **ret_f) {
         _cleanup_close_ int fd = -1;
         FILE *f;

         fd = mkostemp_safe(pattern);
         if (fd < 0)
                 return fd;

         f = take_fdopen(&fd, mode);
         if (!f)
                 return -errno;

         *ret_f = f;
         return 0;
 }

 int tempfn_xxxxxx(const char *p, const char *extra, char **ret) {
         _cleanup_free_ char *d = NULL, *fn = NULL, *nf = NULL;
         int r;

         assert(ret);

         /*
          * Turns this:
          *         /foo/bar/waldo
          *
          * Into this:
          *         /foo/bar/.#<extra>waldoXXXXXX
          */

         r = path_extract_directory(p, &d);
         if (r < 0 && r != -EDESTADDRREQ) /* EDESTADDRREQ → No directory specified, just a filename */
                 return r;

         r = path_extract_filename(p, &fn);
         if (r < 0)
                 return r;

         nf = strjoin(".#", strempty(extra), fn, "XXXXXX");
         if (!nf)
                 return -ENOMEM;

         if (!filename_is_valid(nf)) /* New name is not valid? (Maybe because too long?) Refuse. */
                 return -EINVAL;

         if (d)  {
                 if (!path_extend(&d, nf))
                         return -ENOMEM;

                 *ret = path_simplify(TAKE_PTR(d));
         } else
                 *ret = TAKE_PTR(nf);

         return 0;
 }

 int tempfn_random(const char *p, const char *extra, char **ret) {
         _cleanup_free_ char *d = NULL, *fn = NULL, *nf = NULL;
         int r;

         assert(ret);

         /*
          * Turns this:
          *         /foo/bar/waldo
          *
          * Into this:
          *         /foo/bar/.#<extra>waldobaa2a261115984a9
          */

         r = path_extract_directory(p, &d);
         if (r < 0 && r != -EDESTADDRREQ) /* EDESTADDRREQ → No directory specified, just a filename */
                 return r;

         r = path_extract_filename(p, &fn);
         if (r < 0)
                 return r;

         if (asprintf(&nf, ".#%s%s%016" PRIx64,
                      strempty(extra),
                      fn,
                      random_u64()) < 0)
                 return -ENOMEM;

         if (!filename_is_valid(nf)) /* Not valid? (maybe because too long now?) — refuse early */
                 return -EINVAL;

         if (d) {
                 if (!path_extend(&d, nf))
                         return -ENOMEM;

                 *ret = path_simplify(TAKE_PTR(d));
         } else
                 *ret = TAKE_PTR(nf);

         return 0;
 }

 int tempfn_random_child(const char *p, const char *extra, char **ret) {
         char *t, *x;
         uint64_t u;
         int r;

         assert(ret);

         /* Turns this:
          *         /foo/bar/waldo
          * Into this:
          *         /foo/bar/waldo/.#<extra>3c2b6219aa75d7d0
          */

         if (!p) {
                 r = tmp_dir(&p);
                 if (r < 0)
                         return r;
         }

         extra = strempty(extra);

         t = new(char, strlen(p) + 3 + strlen(extra) + 16 + 1);
         if (!t)
                 return -ENOMEM;

         if (isempty(p))
                 x = stpcpy(stpcpy(t, ".#"), extra);
         else
                 x = stpcpy(stpcpy(stpcpy(t, p), "/.#"), extra);

         u = random_u64();
         for (unsigned i = 0; i < 16; i++) {
                 *(x++) = hexchar(u & 0xF);
                 u >>= 4;
         }

         *x = 0;

         *ret = path_simplify(t);
         return 0;
 }

 int open_tmpfile_unlinkable(const char *directory, int flags) {
         char *p;
         int fd, r;

         if (!directory) {
                 r = tmp_dir(&directory);
                 if (r < 0)
                         return r;
         } else if (isempty(directory))
                 return -EINVAL;

         /* Returns an unlinked temporary file that cannot be linked into the file system anymore */

         /* Try O_TMPFILE first, if it is supported */
         fd = open(directory, flags|O_TMPFILE|O_EXCL, S_IRUSR|S_IWUSR);
         if (fd >= 0)
                 return fd;

         /* Fall back to unguessable name + unlinking */
         p = strjoina(directory, "/systemd-tmp-XXXXXX");

         fd = mkostemp_safe(p);
         if (fd < 0)
                 return fd;

         (void) unlink(p);

         return fd;
 }

 int open_tmpfile_linkable(const char *target, int flags, char **ret_path) {
         _cleanup_free_ char *tmp = NULL;
         int r, fd;

         assert(target);
         assert(ret_path);

         /* Don't allow O_EXCL, as that has a special meaning for O_TMPFILE */
         assert((flags & O_EXCL) == 0);

         /* Creates a temporary file, that shall be renamed to "target" later. If possible, this uses O_TMPFILE – in
          * which case "ret_path" will be returned as NULL. If not possible the temporary path name used is returned in
          * "ret_path". Use link_tmpfile() below to rename the result after writing the file in full. */

         fd = open_parent(target, O_TMPFILE|flags, 0640);
         if (fd >= 0) {
                 *ret_path = NULL;
                 return fd;
         }

         log_debug_errno(fd, "Failed to use O_TMPFILE for %s: %m", target);

         r = tempfn_random(target, NULL, &tmp);
         if (r < 0)
                 return r;

         fd = open(tmp, O_CREAT|O_EXCL|O_NOFOLLOW|O_NOCTTY|flags, 0640);
         if (fd < 0)
                 return -errno;

         *ret_path = TAKE_PTR(tmp);

         return fd;
 }

 int link_tmpfile(int fd, const char *path, const char *target) {
         int r;

         assert(fd >= 0);
         assert(target);

         /* Moves a temporary file created with open_tmpfile() above into its final place. if "path" is NULL an fd
          * created with O_TMPFILE is assumed, and linkat() is used. Otherwise it is assumed O_TMPFILE is not supported
          * on the directory, and renameat2() is used instead.
          *
          * Note that in both cases we will not replace existing files. This is because linkat() does not support this
          * operation currently (renameat2() does), and there is no nice way to emulate this. */

         if (path) {
                 r = rename_noreplace(AT_FDCWD, path, AT_FDCWD, target);
                 if (r < 0)
                         return r;
         } else {
                 char proc_fd_path[STRLEN("/proc/self/fd/") + DECIMAL_STR_MAX(fd) + 1];

                 xsprintf(proc_fd_path, "/proc/self/fd/%i", fd);

                 if (linkat(AT_FDCWD, proc_fd_path, AT_FDCWD, target, AT_SYMLINK_FOLLOW) < 0)
                         return -errno;
         }

         return 0;
 }

 int mkdtemp_malloc(const char *template, char **ret) {
         _cleanup_free_ char *p = NULL;
         int r;

         assert(ret);

         if (template)
                 p = strdup(template);
         else {
                 const char *tmp;

                 r = tmp_dir(&tmp);
                 if (r < 0)
                         return r;

                 p = path_join(tmp, "XXXXXX");
         }
         if (!p)
                 return -ENOMEM;

         if (!mkdtemp(p))
                 return -errno;

         *ret = TAKE_PTR(p);
         return 0;
 }
	/* SPDX-License-Identifier: LGPL-2.1-or-later */

	#include <sys/mman.h>

	#include "alloc-util.h"
	#include "fd-util.h"
	#include "fileio.h"
	#include "fs-util.h"
	#include "hexdecoct.h"
	#include "macro.h"
	#include "memfd-util.h"
	#include "missing_fcntl.h"
	#include "missing_syscall.h"
	#include "path-util.h"
	#include "process-util.h"
	#include "random-util.h"
	#include "stdio-util.h"
	#include "string-util.h"
	#include "tmpfile-util.h"
	#include "umask-util.h"

	int fopen_temporary(const char path, FILE ret_f, char *ret_temp_path) {
	_cleanup_fclose_ FILE *f = NULL;
	_cleanup_free_ char *t = NULL;
	_cleanup_close_ int fd = -1;
	int r;

	if (path) {
	r = tempfn_xxxxxx(path, NULL, &t);
	if (r < 0)
	return r;
	} else {
	const char *d;

	r = tmp_dir(&d);
	if (r < 0)
	return r;

	t = path_join(d, "XXXXXX");
	if (!t)
	return -ENOMEM;
	}

	fd = mkostemp_safe(t);
	if (fd < 0)
	return -errno;

	/* This assumes that returned FILE object is short-lived and used within the same single-threaded
	* context and never shared externally, hence locking is not necessary. */

	r = take_fdopen_unlocked(&fd, "w", &f);
	if (r < 0) {
	(void) unlink(t);
	return r;
	}

	if (ret_f)
	*ret_f = TAKE_PTR(f);

	if (ret_temp_path)
	*ret_temp_path = TAKE_PTR(t);

	return 0;
	}

	/* This is much like mkostemp() but is subject to umask(). */
	int mkostemp_safe(char *pattern) {
	int fd = -1; /* avoid false maybe-uninitialized warning */

	assert(pattern);

	RUN_WITH_UMASK(0077)
	fd = mkostemp(pattern, O_CLOEXEC);
	if (fd < 0)
	return -errno;

	return fd;
	}

	int fmkostemp_safe(char pattern, const char mode, FILE **ret_f) {
	_cleanup_close_ int fd = -1;
	FILE *f;

	fd = mkostemp_safe(pattern);
	if (fd < 0)
	return fd;

	f = take_fdopen(&fd, mode);
	if (!f)
	return -errno;

	*ret_f = f;
	return 0;
	}

	int tempfn_xxxxxx(const char p, const char extra, char **ret) {
	_cleanup_free_ char d = NULL, fn = NULL, *nf = NULL;
	int r;

	assert(ret);

	/*
	* Turns this:
	* /foo/bar/waldo
	*
	* Into this:
	* /foo/bar/.#<extra>waldoXXXXXX
	*/

	r = path_extract_directory(p, &d);
	if (r < 0 && r != -EDESTADDRREQ) /* EDESTADDRREQ → No directory specified, just a filename */
	return r;

	r = path_extract_filename(p, &fn);
	if (r < 0)
	return r;

	nf = strjoin(".#", strempty(extra), fn, "XXXXXX");
	if (!nf)
	return -ENOMEM;

	if (!filename_is_valid(nf)) /* New name is not valid? (Maybe because too long?) Refuse. */
	return -EINVAL;

	if (d) {
	if (!path_extend(&d, nf))
	return -ENOMEM;

	*ret = path_simplify(TAKE_PTR(d));
	} else
	*ret = TAKE_PTR(nf);

	return 0;
	}

	int tempfn_random(const char p, const char extra, char **ret) {
	_cleanup_free_ char d = NULL, fn = NULL, *nf = NULL;
	int r;

	assert(ret);

	/*
	* Turns this:
	* /foo/bar/waldo
	*
	* Into this:
	* /foo/bar/.#<extra>waldobaa2a261115984a9
	*/

	r = path_extract_directory(p, &d);
	if (r < 0 && r != -EDESTADDRREQ) /* EDESTADDRREQ → No directory specified, just a filename */
	return r;

	r = path_extract_filename(p, &fn);
	if (r < 0)
	return r;

	if (asprintf(&nf, ".#%s%s%016" PRIx64,
	strempty(extra),
	fn,
	random_u64()) < 0)
	return -ENOMEM;

	if (!filename_is_valid(nf)) /* Not valid? (maybe because too long now?) — refuse early */
	return -EINVAL;

	if (d) {
	if (!path_extend(&d, nf))
	return -ENOMEM;

	*ret = path_simplify(TAKE_PTR(d));
	} else
	*ret = TAKE_PTR(nf);

	return 0;
	}

	int tempfn_random_child(const char p, const char extra, char **ret) {
	char t, x;
	uint64_t u;
	int r;

	assert(ret);

	/* Turns this:
	* /foo/bar/waldo
	* Into this:
	* /foo/bar/waldo/.#<extra>3c2b6219aa75d7d0
	*/

	if (!p) {
	r = tmp_dir(&p);
	if (r < 0)
	return r;
	}

	extra = strempty(extra);

	t = new(char, strlen(p) + 3 + strlen(extra) + 16 + 1);
	if (!t)
	return -ENOMEM;

	if (isempty(p))
	x = stpcpy(stpcpy(t, ".#"), extra);
	else
	x = stpcpy(stpcpy(stpcpy(t, p), "/.#"), extra);

	u = random_u64();
	for (unsigned i = 0; i < 16; i++) {
	*(x++) = hexchar(u & 0xF);
	u >>= 4;
	}

	*x = 0;

	*ret = path_simplify(t);
	return 0;
	}

	int open_tmpfile_unlinkable(const char *directory, int flags) {
	char *p;
	int fd, r;

	if (!directory) {
	r = tmp_dir(&directory);
	if (r < 0)
	return r;
	} else if (isempty(directory))
	return -EINVAL;

	/* Returns an unlinked temporary file that cannot be linked into the file system anymore */

	/* Try O_TMPFILE first, if it is supported */
	fd = open(directory, flags\|O_TMPFILE\|O_EXCL, S_IRUSR\|S_IWUSR);
	if (fd >= 0)
	return fd;

	/* Fall back to unguessable name + unlinking */
	p = strjoina(directory, "/systemd-tmp-XXXXXX");

	fd = mkostemp_safe(p);
	if (fd < 0)
	return fd;

	(void) unlink(p);

	return fd;
	}

	int open_tmpfile_linkable(const char target, int flags, char *ret_path) {
	_cleanup_free_ char *tmp = NULL;
	int r, fd;

	assert(target);
	assert(ret_path);

	/* Don't allow O_EXCL, as that has a special meaning for O_TMPFILE */
	assert((flags & O_EXCL) == 0);

	/* Creates a temporary file, that shall be renamed to "target" later. If possible, this uses O_TMPFILE – in
	* which case "ret_path" will be returned as NULL. If not possible the temporary path name used is returned in
	* "ret_path". Use link_tmpfile() below to rename the result after writing the file in full. */

	fd = open_parent(target, O_TMPFILE\|flags, 0640);
	if (fd >= 0) {
	*ret_path = NULL;
	return fd;
	}

	log_debug_errno(fd, "Failed to use O_TMPFILE for %s: %m", target);

	r = tempfn_random(target, NULL, &tmp);
	if (r < 0)
	return r;

	fd = open(tmp, O_CREAT\|O_EXCL\|O_NOFOLLOW\|O_NOCTTY\|flags, 0640);
	if (fd < 0)
	return -errno;

	*ret_path = TAKE_PTR(tmp);

	return fd;
	}

	int link_tmpfile(int fd, const char path, const char target) {
	int r;

	assert(fd >= 0);
	assert(target);

	/* Moves a temporary file created with open_tmpfile() above into its final place. if "path" is NULL an fd
	* created with O_TMPFILE is assumed, and linkat() is used. Otherwise it is assumed O_TMPFILE is not supported
	* on the directory, and renameat2() is used instead.
	*
	* Note that in both cases we will not replace existing files. This is because linkat() does not support this
	* operation currently (renameat2() does), and there is no nice way to emulate this. */

	if (path) {
	r = rename_noreplace(AT_FDCWD, path, AT_FDCWD, target);
	if (r < 0)
	return r;
	} else {
	char proc_fd_path[STRLEN("/proc/self/fd/") + DECIMAL_STR_MAX(fd) + 1];

	xsprintf(proc_fd_path, "/proc/self/fd/%i", fd);

	if (linkat(AT_FDCWD, proc_fd_path, AT_FDCWD, target, AT_SYMLINK_FOLLOW) < 0)
	return -errno;
	}

	return 0;
	}

	int mkdtemp_malloc(const char template, char *ret) {
	_cleanup_free_ char *p = NULL;
	int r;

	assert(ret);

	if (template)
	p = strdup(template);
	else {
	const char *tmp;

	r = tmp_dir(&tmp);
	if (r < 0)
	return r;

	p = path_join(tmp, "XXXXXX");
	}
	if (!p)
	return -ENOMEM;

	if (!mkdtemp(p))
	return -errno;

	*ret = TAKE_PTR(p);
	return 0;
	}