fdo-mirrors/NetworkManager
1
0
Fork 0
mirror of https://gitlab.freedesktop.org/NetworkManager/NetworkManager.git synced 2025-12-20 05:50:06 +01:00
Code Issues Projects Releases Packages Wiki Activity Actions
NetworkManager/src/libnm-std-aux/nm-std-utils.c

Ignoring revisions in .git-blame-ignore-revs. Click here to bypass and see the normal blame view.

247 lines
7.2 KiB
C
Raw Normal View History

all: update deprecated SPDX license identifiers These SPDX license identifiers are deprecated ([1]). Update them. [1] https://spdx.org/licenses/ sed \ -e '1 s%^/\* SPDX-License-Identifier: \(GPL-2.0\|LGPL-2.1\)+ \*/$%/* SPDX-License-Identifier: \1-or-later */%' \ -e '1,2 s%^\(--\|#\|//\) SPDX-License-Identifier: \(GPL-2.0\|LGPL-2.1\)+$%\1 SPDX-License-Identifier: \2-or-later%' \ -i \ $(git grep -l SPDX-License-Identifier -- \ ':(exclude)shared/c-*/' \ ':(exclude)shared/n-*/' \ ':(exclude)shared/systemd/src' \ ':(exclude)src/systemd/src')
2020-12-23 22:21:36 +01:00
/* SPDX-License-Identifier: LGPL-2.1-or-later */
shared: add "nm-std-aux/nm-std-utils.[hc]" General purpose utilities for nm-std-aux. Contrary to "nm-std-aux.h", this is not header only.
2020-07-05 10:16:54 +02:00
all: add "nm-std-aux/nm-default-std.h" as replacement for "nm-default.h" autotools projects commonly should include "config.h" as first header. Also, commonly we need more headers, like glib.h or our nm_auto macros. Hence, almost all our sources should as first include "nm-default.h". However, as we build different parts, "nm-default.h" gets controlled by the NETWORKMANAGER_COMPILATION define which autotools/meson needs to specify in the build options. That is confusing. One advantage of that was, that theoretically the same sources can be built twice, with different behavior. However, we should avoid doing that altogether and build static libraries (once) that we link multiple times. Another advantage was that if NETWORKMANAGER_COMPILATION is for example set to build a DAEMON source, there is a check that we don't include private headers from libnm-core. However, that should be better solved by not having public, internal and private headers in the same directory. Instead, introduce different "nm-default-*.h" headers that don't require special defines and behave in a consistent way. This way, we require fewer CFLAGS and it's immediately clear by looking at the source alone which headers are included. Also, you will be easier see when a wrong nm-default-*.h header gets included. Introduce the first replacement. The others will follow.
2021-02-04 07:34:17 +01:00
#include "nm-default-std.h"
shared: add "nm-std-aux/nm-std-utils.[hc]" General purpose utilities for nm-std-aux. Contrary to "nm-std-aux.h", this is not header only.
2020-07-05 10:16:54 +02:00
#include "nm-std-utils.h"
shared: avoid compiler warning for nm_utils_get_next_realloc_size() returning huge sizes On s390x (gcc-8.3.1-5.1.el8.s390x) the compiler warns that we don't pass size larger than 2^63-1 to malloc. With LTO enabled, it is also quite adamant in detecting that with nm_utils_get_next_realloc_size(). Optimally, we would disable this useless warning with "-Wno-alloc-size-larger-than", but that seems not to work. So add a workaround in code :( It's hard to actually workaround the warning while handling all kinds of sizes. The only simple solution is to no handle such huge cases and only assert. In function 'nm_secret_mem_realloc', inlined from '_nm_str_buf_ensure_size' at shared/nm-glib-aux/nm-shared-utils.c:5316:31: shared/nm-glib-aux/nm-secret-utils.h:180:17: error: argument 1 value '18446744073709551615' exceeds maximum object size 9223372036854775807 [-Werror=alloc-size-larger-than=] m_new = g_malloc(new_len); ^ shared/nm-glib-aux/nm-secret-utils.h: In function '_nm_str_buf_ensure_size': /usr/include/glib-2.0/glib/gmem.h:78:10: note: in a call to allocation function 'g_malloc' declared here gpointer g_malloc (gsize n_bytes) G_GNUC_MALLOC G_GNUC_ALLOC_SIZE(1); ^ lto1: all warnings being treated as errors
2021-01-11 15:10:38 +01:00
#include <assert.h>
daemon-helper: add read-file-as-user Add a new command to read the content of a file after switching to the given user. This command can be used to enforce Unix filesystem permissions when accessing a file on behalf of a user.
2025-09-29 09:52:51 +02:00
#include <fcntl.h>
#include <grp.h>
shared: avoid compiler warning for nm_utils_get_next_realloc_size() returning huge sizes On s390x (gcc-8.3.1-5.1.el8.s390x) the compiler warns that we don't pass size larger than 2^63-1 to malloc. With LTO enabled, it is also quite adamant in detecting that with nm_utils_get_next_realloc_size(). Optimally, we would disable this useless warning with "-Wno-alloc-size-larger-than", but that seems not to work. So add a workaround in code :( It's hard to actually workaround the warning while handling all kinds of sizes. The only simple solution is to no handle such huge cases and only assert. In function 'nm_secret_mem_realloc', inlined from '_nm_str_buf_ensure_size' at shared/nm-glib-aux/nm-shared-utils.c:5316:31: shared/nm-glib-aux/nm-secret-utils.h:180:17: error: argument 1 value '18446744073709551615' exceeds maximum object size 9223372036854775807 [-Werror=alloc-size-larger-than=] m_new = g_malloc(new_len); ^ shared/nm-glib-aux/nm-secret-utils.h: In function '_nm_str_buf_ensure_size': /usr/include/glib-2.0/glib/gmem.h:78:10: note: in a call to allocation function 'g_malloc' declared here gpointer g_malloc (gsize n_bytes) G_GNUC_MALLOC G_GNUC_ALLOC_SIZE(1); ^ lto1: all warnings being treated as errors
2021-01-11 15:10:38 +01:00
#include <limits.h>
std-aux: add NM_IFNAMSIZE
2023-05-25 15:04:13 +02:00
#include <net/if.h>
daemon-helper: add read-file-as-user Add a new command to read the content of a file after switching to the given user. This command can be used to enforce Unix filesystem permissions when accessing a file on behalf of a user.
2025-09-29 09:52:51 +02:00
#include <pwd.h>
#include <stdint.h>
#include <sys/types.h>
shared: move nm_utils_get_next_realloc_size() to nm-std-aux
2020-07-05 10:19:52 +02:00
/*****************************************************************************/
std-aux: add NM_IFNAMSIZE
2023-05-25 15:04:13 +02:00
NM_STATIC_ASSERT(NM_IFNAMSIZ == IFNAMSIZ);
/*****************************************************************************/
shared: move nm_utils_get_next_realloc_size() to nm-std-aux
2020-07-05 10:19:52 +02:00
size_t
nm_utils_get_next_realloc_size(bool true_realloc, size_t requested)
{
size_t n, x;
/* https://doc.qt.io/qt-5/containers.html#growth-strategies */
if (requested <= 40) {
/* small allocations. Increase in small steps of 8 bytes.
*
* We get thus sizes of 8, 16, 32, 40. */
if (requested <= 8)
return 8;
if (requested <= 16)
return 16;
if (requested <= 32)
return 32;
/* The return values for < 104 are essentially hard-coded, and the choice here is
* made without very strong reasons.
*
* We want to stay 24 bytes below the power-of-two border 64. Hence, return 40 here.
* However, the next step then is already 104 (128 - 24). It's a larger gap than in
* the steps before.
*
* It's not clear whether some of the steps should be adjusted (or how exactly). */
return 40;
}
if (requested <= 0x2000u - 24u || NM_UNLIKELY(!true_realloc)) {
/* mid sized allocations. Return next power of two, minus 24 bytes extra space
* at the beginning.
* That means, we double the size as we grow.
*
* With !true_realloc, it means that the caller does not intend to call
* realloc() but instead clone the buffer. This is for example the case, when we
* want to nm_explicit_bzero() the old buffer. In that case we really want to grow
* the buffer exponentially every time and not increment in page sizes of 4K (below).
*
* We get thus sizes of 104, 232, 488, 1000, 2024, 4072, 8168... */
if (NM_UNLIKELY(requested > SIZE_MAX / 2u - 24u))
shared: avoid compiler warning for nm_utils_get_next_realloc_size() returning huge sizes On s390x (gcc-8.3.1-5.1.el8.s390x) the compiler warns that we don't pass size larger than 2^63-1 to malloc. With LTO enabled, it is also quite adamant in detecting that with nm_utils_get_next_realloc_size(). Optimally, we would disable this useless warning with "-Wno-alloc-size-larger-than", but that seems not to work. So add a workaround in code :( It's hard to actually workaround the warning while handling all kinds of sizes. The only simple solution is to no handle such huge cases and only assert. In function 'nm_secret_mem_realloc', inlined from '_nm_str_buf_ensure_size' at shared/nm-glib-aux/nm-shared-utils.c:5316:31: shared/nm-glib-aux/nm-secret-utils.h:180:17: error: argument 1 value '18446744073709551615' exceeds maximum object size 9223372036854775807 [-Werror=alloc-size-larger-than=] m_new = g_malloc(new_len); ^ shared/nm-glib-aux/nm-secret-utils.h: In function '_nm_str_buf_ensure_size': /usr/include/glib-2.0/glib/gmem.h:78:10: note: in a call to allocation function 'g_malloc' declared here gpointer g_malloc (gsize n_bytes) G_GNUC_MALLOC G_GNUC_ALLOC_SIZE(1); ^ lto1: all warnings being treated as errors
2021-01-11 15:10:38 +01:00
goto out_huge;
shared: move nm_utils_get_next_realloc_size() to nm-std-aux
2020-07-05 10:19:52 +02:00
x = requested + 24u;
n = 128u;
while (n < x) {
n <<= 1;
nm_assert(n > 128u);
}
nm_assert(n > 24u && n - 24u >= requested);
return n - 24u;
}
shared: fix unit tests for nm_utils_get_next_realloc_size() The change broke unit tests on 32 bit systems. Change the code again to make it more similar to what it was before. Now only on 64 bit systems there is any difference compared to before. That makes it easier about reasoning for how the unit test should be (in most cases, it is unchanged). Fixes: 040c86f15cbf ('shared: avoid compiler warning for nm_utils_get_next_realloc_size() returning huge sizes')
2021-01-12 09:49:57 +01:00
if (NM_UNLIKELY(requested > SIZE_MAX - 0x1000u - 24u)) {
shared: avoid compiler warning for nm_utils_get_next_realloc_size() returning huge sizes On s390x (gcc-8.3.1-5.1.el8.s390x) the compiler warns that we don't pass size larger than 2^63-1 to malloc. With LTO enabled, it is also quite adamant in detecting that with nm_utils_get_next_realloc_size(). Optimally, we would disable this useless warning with "-Wno-alloc-size-larger-than", but that seems not to work. So add a workaround in code :( It's hard to actually workaround the warning while handling all kinds of sizes. The only simple solution is to no handle such huge cases and only assert. In function 'nm_secret_mem_realloc', inlined from '_nm_str_buf_ensure_size' at shared/nm-glib-aux/nm-shared-utils.c:5316:31: shared/nm-glib-aux/nm-secret-utils.h:180:17: error: argument 1 value '18446744073709551615' exceeds maximum object size 9223372036854775807 [-Werror=alloc-size-larger-than=] m_new = g_malloc(new_len); ^ shared/nm-glib-aux/nm-secret-utils.h: In function '_nm_str_buf_ensure_size': /usr/include/glib-2.0/glib/gmem.h:78:10: note: in a call to allocation function 'g_malloc' declared here gpointer g_malloc (gsize n_bytes) G_GNUC_MALLOC G_GNUC_ALLOC_SIZE(1); ^ lto1: all warnings being treated as errors
2021-01-11 15:10:38 +01:00
/* overflow happened. */
goto out_huge;
}
shared: fix unit tests for nm_utils_get_next_realloc_size() The change broke unit tests on 32 bit systems. Change the code again to make it more similar to what it was before. Now only on 64 bit systems there is any difference compared to before. That makes it easier about reasoning for how the unit test should be (in most cases, it is unchanged). Fixes: 040c86f15cbf ('shared: avoid compiler warning for nm_utils_get_next_realloc_size() returning huge sizes')
2021-01-12 09:49:57 +01:00
/* For large allocations (with !true_realloc) we allocate memory in chunks of
* 4K (- 24 bytes extra), assuming that the memory gets mmapped and thus
* realloc() is efficient by just reordering pages. */
n = ((requested + (0x0FFFu + 24u)) & ~((size_t) 0x0FFFu)) - 24u;
nm_assert(n >= requested);
shared: move nm_utils_get_next_realloc_size() to nm-std-aux
2020-07-05 10:19:52 +02:00
return n;
shared: avoid compiler warning for nm_utils_get_next_realloc_size() returning huge sizes On s390x (gcc-8.3.1-5.1.el8.s390x) the compiler warns that we don't pass size larger than 2^63-1 to malloc. With LTO enabled, it is also quite adamant in detecting that with nm_utils_get_next_realloc_size(). Optimally, we would disable this useless warning with "-Wno-alloc-size-larger-than", but that seems not to work. So add a workaround in code :( It's hard to actually workaround the warning while handling all kinds of sizes. The only simple solution is to no handle such huge cases and only assert. In function 'nm_secret_mem_realloc', inlined from '_nm_str_buf_ensure_size' at shared/nm-glib-aux/nm-shared-utils.c:5316:31: shared/nm-glib-aux/nm-secret-utils.h:180:17: error: argument 1 value '18446744073709551615' exceeds maximum object size 9223372036854775807 [-Werror=alloc-size-larger-than=] m_new = g_malloc(new_len); ^ shared/nm-glib-aux/nm-secret-utils.h: In function '_nm_str_buf_ensure_size': /usr/include/glib-2.0/glib/gmem.h:78:10: note: in a call to allocation function 'g_malloc' declared here gpointer g_malloc (gsize n_bytes) G_GNUC_MALLOC G_GNUC_ALLOC_SIZE(1); ^ lto1: all warnings being treated as errors
2021-01-11 15:10:38 +01:00
out_huge:
if (sizeof(size_t) > 4u) {
/* on s390x (64 bit), gcc with LTO can complain that the size argument to
* malloc must not be larger than 9223372036854775807.
*
* Work around that by returning SSIZE_MAX. It should be plenty still! */
assert(requested <= (size_t) SSIZE_MAX);
return (size_t) SSIZE_MAX;
}
return SIZE_MAX;
shared: move nm_utils_get_next_realloc_size() to nm-std-aux
2020-07-05 10:19:52 +02:00
}
std-aux: extract and add _nm_strerror_r() helper We have nm_strerror_native_r(), which is the wrapper around strerror_r() that we want to use in glib components (it also will ensure that the string is valid UTF-8). However, it's not usable from non-glib components. Move the part that abstracts strerror_r() out to libnm-std-aux as _nm_strerror_r(). The purpose is that non-glib componenent can use the thread-safe wrapper around strerror_r().
2023-08-18 14:56:42 +02:00
/*****************************************************************************/
daemon-helper: add read-file-as-user Add a new command to read the content of a file after switching to the given user. This command can be used to enforce Unix filesystem permissions when accessing a file on behalf of a user.
2025-09-29 09:52:51 +02:00
bool
nm_utils_set_effective_user(const char *user, char *errbuf, size_t errbuf_len)
{
struct passwd *pwentry;
int errsv;
char error[1024];
errno = 0;
pwentry = getpwnam(user);
if (!pwentry) {
errsv = errno;
if (errsv == 0) {
snprintf(errbuf, errbuf_len, "user not found");
} else {
snprintf(errbuf,
errbuf_len,
"error getting user entry: %d (%s)\n",
errsv,
strerror_r(errsv, error, sizeof(error)));
}
return false;
}
if (setgid(pwentry->pw_gid) != 0) {
errsv = errno;
snprintf(errbuf,
errbuf_len,
"failed to change group to %u: %d (%s)\n",
pwentry->pw_gid,
errsv,
strerror_r(errsv, error, sizeof(error)));
return false;
}
if (initgroups(user, pwentry->pw_gid) != 0) {
errsv = errno;
snprintf(errbuf,
errbuf_len,
"failed to reset supplementary group list to %u: %d (%s)\n",
pwentry->pw_gid,
errsv,
strerror_r(errsv, error, sizeof(error)));
return false;
}
if (setuid(pwentry->pw_uid) != 0) {
errsv = errno;
snprintf(errbuf,
errbuf_len,
"failed to change user to %u: %d (%s)\n",
pwentry->pw_uid,
errsv,
strerror_r(errsv, error, sizeof(error)));
return false;
}
return true;
}
/*****************************************************************************/
bool
nm_utils_read_file_to_stdout(const char *filename, char *errbuf, size_t errbuf_len)
{
nm_auto_close int fd = -1;
char buffer[4096];
char error[1024];
ssize_t bytes_read;
int errsv;
fd = open(filename, O_RDONLY);
if (fd == -1) {
errsv = errno;
snprintf(errbuf,
errbuf_len,
"error opening the file: %d (%s)",
errsv,
strerror_r(errsv, error, sizeof(error)));
return false;
}
while ((bytes_read = read(fd, buffer, sizeof(buffer))) > 0) {
if (fwrite(buffer, 1, bytes_read, stdout) != (size_t) bytes_read) {
errsv = errno;
snprintf(errbuf,
errbuf_len,
"error writing to stdout: %d (%s)",
errsv,
strerror_r(errsv, error, sizeof(error)));
return false;
}
}
if (bytes_read < 0) {
errsv = errno;
snprintf(errbuf,
errbuf_len,
"error reading the file: %d (%s)",
errsv,
strerror_r(errsv, error, sizeof(error)));
return false;
}
return true;
}
/*****************************************************************************/
std-aux: extract and add _nm_strerror_r() helper We have nm_strerror_native_r(), which is the wrapper around strerror_r() that we want to use in glib components (it also will ensure that the string is valid UTF-8). However, it's not usable from non-glib components. Move the part that abstracts strerror_r() out to libnm-std-aux as _nm_strerror_r(). The purpose is that non-glib componenent can use the thread-safe wrapper around strerror_r().
2023-08-18 14:56:42 +02:00
/**
* _nm_strerror_r:
* @errsv: the errno passed to strerror_r()
* @buf: the string buffer, must be non-null
* @buf_size: the size of the buffer, must be positive.
*
* A wrapper around strerror_r(). Does little else, aside clearing up the
* confusion about the different versions of the function.
*
* errno is preserved.
*
* Returns: the error string. This is either a static strong or @buf. It
* is not guaranteed to be @buf.
*/
const char *
_nm_strerror_r(int errsv, char *buf, size_t buf_size)
{
NM_AUTO_PROTECT_ERRNO(errsv2);
char *buf2;
nm_assert(buf);
nm_assert(buf_size > 0);
#if (!defined(__GLIBC__) && !defined(__UCLIBC__)) || ((_POSIX_C_SOURCE >= 200112L) && !_GNU_SOURCE)
/* XSI-compliant */
if (strerror_r(errsv, buf, buf_size) != 0) {
snprintf(buf, buf_size, "Unspecified errno %d", errsv);
}
buf2 = buf;
#else
/* GNU-specific */
buf2 = strerror_r(errsv, buf, buf_size);
#endif
nm_assert(buf2);
return buf2;
}
Reference in a new issue Copy permalink