* add struct ul_timer as API abstraction to hide differences between
timer_create() and setitimer()
* add setitimer() detection to ./configure.ac
* add fallback code to use setitimer() if timer_create() not available
(for example on OSX)
Addresses: https://github.com/karelzak/util-linux/issues/584
Signed-off-by: Karel Zak <kzak@redhat.com>
Accessing FUSE mounts require suid/sgid (saved uid) to be equal to the
owner of the mount. If mount is running as a setuid process, swapping
creds by only setting the euid/egid isn't enough to change the
suid/sgid as well. We must do a full setuid()/setgid(), but that
removes our ability to re-assume the identity of the original
euid. The solution is swap creds in a child process, preserving the
creds of the parent.
[kzak@redhat.com: - use switch() rather than if() for fork
- use all-io.h
- close unused pipe[] ends
- be more strict about used types]
Addresses: https://github.com/karelzak/util-linux/pull/705
Co-Author: Karel Zak <kzak@redhat.com>
Signed-off-by: Karel Zak <kzak@redhat.com>
* don't cast from char to const char
* don't share endptr from strtoxxx() with rest of the code
as the end pointer is char, but code works with const chars
Signed-off-by: Karel Zak <kzak@redhat.com>
[util-linux-2.32.1/lib/strutils.c:122]: (style) Redundant condition: If 'EXPR == '0'', the comparison 'EXPR' is always true.
Reported-by: David Binderman <dcb314@hotmail.com>
Signed-off-by: Karel Zak <kzak@redhat.com>
lib/pager.c: In function ‘pager_preexec’:
lib/pager.c:148:12: warning: passing argument 2 to restrict-qualified parameter aliases with argument 4 [-Wrestrict]
Signed-off-by: Karel Zak <kzak@redhat.com>
* reuse ul_path_* API
* allow to use prefix for sysfs paths, so we can use snapshots from
sysfs for regression tests
Signed-off-by: Karel Zak <kzak@redhat.com>
The goal is to avoid duplicate code in path.c and sysfs.c and make it
possible to define prefix for paths for all sysfs and procfs based
utils. Now we have /proc snapshots (for tests) for lscpu only. It
would be nice to have the same (for sysfs) for lsblk and another tools.
* very simple API to read numbers, strings and symlinks
* based on openat()
pc = ul_new_path("/sys/block/sda");
ul_path_read_u64(pc, &size, "size");
ul_path_read_u64(pc, &lsz, "queue/logical_block_size");
* printf-like API to generate paths, for example:
ul_path_readf_u64(pc, &num, "sda%d/size", partno)
* allow to define prefix to redirect hardcoded paths to another
location, for example:
pc = ul_new_path("/sys/block/sda");
ul_path_set_prefix(pc, "/my/regression/dump");
ul_path_read_u64(pc, &num, "size");
to read /my/regression/dump/sys/block/sda/size
* allow to extend the API by "dialects", for example for sysfs:
pc = ul_new_path(NULL);
sysfs_blkdev_init_path(pc, devno, NULL);
and use ul_path_* functions to read from @pc initialized by
sysfs_blkdev_init_path()
* add test_path binary
Signed-off-by: Karel Zak <kzak@redhat.com>
This patch introduces [...] to store extra information about terminal
to the typescript header. For example:
Script started on 2018-05-14 12:52:32+02:00 [TERM="xterm-256color" TTY="/dev/pts/3" COLS="190" LINES="53"]
or
Script started on 2018-05-14 12:54:01+02:00 [<not executed on terminal>]
if stdout is not terminal.
Addresses: https://github.com/karelzak/util-linux/issues/583
Signed-off-by: Karel Zak <kzak@redhat.com>
lib/canonicalize.c: In function ‘canonicalize_dm_name’:
lib/canonicalize.c:42:45: warning: ‘%s’ directive output may be truncated
writing up to 255 bytes into a region of size 244 [-Wformat-truncation=]
snprintf(path, sizeof(path), "/dev/mapper/%s", name);
Notice that this warnign fix does not improve code enormously. The earlier
snprintf() truncation will not happen a bit earlier when fgets() is called.
In that sense this change merely makes one easy to silence warning to
disappear, and therefore improve change of noticing useful messaging as such
crops up.
[kzak@redhat.com: - use macro rather than hardcoded string for mapper path]
Signed-off-by: Sami Kerola <kerolasa@iki.fi>
Signed-off-by: Karel Zak <kzak@redhat.com>
The current code uses lose_counter to make more attempts to read
random numbers. It seems better to wait a moment between attempts to
avoid busy loop (we do the same in all-io.h).
The worst case is 1 second delay for all random_get_bytes() on systems
with uninitialized entropy pool -- for example you call sfdisk (MBR Id
or GPT UUIDs) on very first boot, etc. In this case it will use libc
rand() as a fallback solution.
Note that we do not use random numbers for security sensitive things
like keys or so. It's used for random based UUIDs etc.
Addresses: https://github.com/karelzak/util-linux/pull/603
Signed-off-by: Karel Zak <kzak@redhat.com>
In Endless we have hit a problem when using 'sfdisk' on the really first
boot to automatically expand the rootfs partition. On this platform
'sfdisk' is blocking on getrandom() because not enough random bytes are
available. This is an ARM platform without a hwrng.
We fix this passing GRND_NONBLOCK to getrandom(). 'sfdisk' will use the
best entropy it has available and fallback only as necessary.
Signed-off-by: Carlo Caione <carlo@endlessm.com>
Now sysfs_devname_to_devno() reads devno from /dev or
/sys/block/<name>/dev, but it seems that NVME uses
/sys/block/<name>/device/dev.
Reported-by: Potnuri Bharat Teja <bharat@chelsio.com>
Signed-off-by: Karel Zak <kzak@redhat.com>
Let's make it possible to use debug.h without environment variables.
Suggested-by: J William Piggott <elseifthen@gmx.com>
Signed-off-by: Karel Zak <kzak@redhat.com>
* 'mbsencode' of https://github.com/yontalcar/util-linux:
tests: mark mbsencode as KNOWN_FAIL
tests: mbsencode - test for HAVE_WIDECHAR
lib/mbsalign: Fix escaping nonprintable multibyte characters
tests: mbsencode - removed emoji, added control unicode character
tests: add tests for encode functions from lib/mbsalign.c
lib/mbsalign: escape "\x" when HAVE_WIDECHAR not defined
* introduce new flag __UL_DEBUG_FL_NOADDR to suppress pointer address printing
* use __UL_DEBUG_FL_NOADDR when SUID
* move ul_debugobj() to debugobj.h, and require UL_DEBUG_CURRENT_MASK
to provide access to the current mask from ul_debugobj(). It's better
than modify all ul_debugobj() calls and use the global mask as
argument.
* remove never used UL_DEBUG_DEFINE_FLAG
Reported-by: halfdog <me@halfdog.net>
Signed-off-by: Karel Zak <kzak@redhat.com>
The original code uses BYTE_ORDER, but we use WORDS_BIGENDIAN in
utl-linux.
Reported-by: Andreas Schwab <schwab@linux-m68k.org>
Signed-off-by: Karel Zak <kzak@redhat.com>
* 'gpt-part-name' of https://github.com/yontalcar/util-linux:
libfdisk: return bytes processed from gpt_entry_set_name(), process rc
libfdisk: allocate enough bytes for ucs2 to utf8 encoding
libfdisk: gpt: properly encode string on rename
lib/mbsalign: encode backslash to prevent ambiguity
Unfortunately, the symbols are visible in statically compiled libuuid
and the names are too generic.
Addresses: https://github.com/karelzak/util-linux/issues/548
Signed-off-by: Karel Zak <kzak@redhat.com>
Print a message when the format_iso_time() buffer is exceeded, because
there is more than one type of failure that returns -1.
Also remove the corresponding message from hwclock.c.
Signed-off-by: J William Piggott <elseifthen@gmx.com>
Year can wrap when adding the tm struct epoch during iso formatting:
hwclock --utc --noadjfile --predict --date '67768034678844900 seconds'
-2147481749-12-31 23:59:59.000000-05:00
Patched:
hwclock --utc --noadjfile --predict --date '67768034678844900 seconds'
2147485547-12-31 23:59:59.000000-05:00
Comparable to date(1):
date -Ins --date '67768034678844900 seconds'
2147485547-12-31T23:59:59,547886165-0500
Note: the 'seconds' argument is relative to the current time, so
reaching this max year output is a moving target. The values shown
above were invalid one second later. They then overflow tm_year
upon conversion with localtime(3) and friends, which causes them
to return NULL indicating that an error occurred.
Signed-off-by: J William Piggott <elseifthen@gmx.com>
Test for libc time conversion errors in ISO time format functions.
hwclock --utc --noadjfile --predict --date '67768034678846520 seconds'
Segmentation fault
Patched:
hwclock --utc --noadjfile --predict --date '67768034678846520 seconds'
hwclock: time 67768036191695381 is out of range.
Comparable to date(1):
date --date '67768034678846520 seconds'
date: time 67768036191695384 is out of range
Signed-off-by: J William Piggott <elseifthen@gmx.com>
Use reentrant time functions to avoid sending a NULL pointer to
format_iso_time() (and to be reentrant ;). Followup commits test for
errors and tm_year wrapping (illustrated below).
hwclock --utc --noadjfile --predict --date '67768034678849400 seconds'
Segmentation fault
Patched
hwclock --utc --noadjfile --predict --date '67768034678849400 seconds'
-2147481748-01-00 00:10:46.000000-05:00
Signed-off-by: J William Piggott <elseifthen@gmx.com>
Source: freebsd/sys/libkern/crc32.c
This code is an unmodified fragment from the source. Will fixup
comments / naming in next commit
Signed-off-by: Karel Zak <kzak@redhat.com>
* Start the ISO format flags at bit 0 instead of bit 1.
* Remove unnecessary _8601 from ISO format flag names to
avoid line wrapping and to ease readability.
* ISO timestamps have date-time-timzone in common, so move
the TIMEZONE flag to bit 2 causing all timestamp masks
to have the first three bits set and the last four bits
as timestamp 'options'.
* Change the 'SPACE' flag to a 'T' flag, because it makes
the code and comments more concise.
* Add common ISO timestamp masks.
* Implement the ISO timestamp masks in all applicable code
using the strxxx_iso() functions.
Signed-off-by: J William Piggott <elseifthen@gmx.com>
This new function returns the GMT offset relative to its
argument. It is used in this patch to fix two bugs:
1) On platforms that the tm struct excludes tm_gmtoff,
hwclock assumes a one hour DST offset. This can cause
an incorrect kernel timezone setting. For example:
Master branch tested with tm_gmtoff illustrates the correct offset:
$ TZ="Australia/Lord_Howe" hwclock --hctosys --test | grep settimeofday
Calling settimeofday(1507494204.192398, -660)
Master branch tested without tm_gmtoff has an incorrect offset:
$ TZ="Australia/Lord_Howe" hwclock --hctosys --test | grep settimeofday
Calling settimeofday(1507494249.193852, -690)
Patched tested without tm_gmtoff has the correct offset:
$ TZ="Australia/Lord_Howe" hwclock --hctosys --test | grep settimeofday
Calling settimeofday(1507494260.194208, -660)
2) ISO 8601 'extended' format requires all time elements
to use a colon (:).
Current invalid ISO 8601:
$ hwclock
2017-10-08 16:25:17.895462-0400
Patched:
$ hwclock
2017-10-08 16:25:34.141895-04:00
Also required by this change:
login-utils/last.c: increase ISO out_len and in_len by one to
accommodate the addition of the timezone colon.
Signed-off-by: J William Piggott <elseifthen@gmx.com>
byteReverse() is an internal function in md5.c, and is not exposed via
any header file, but it is not declared as static. This is a problem
with the md5.c file since it is copied more or less verbatim in other
programs (fontconfig and pjsip among others), causing a link error
when linking two of them together.
Fixes link failures such as:
http://autobuild.buildroot.net/results/419ab2c0e034cc68991281c51caa8271b0fadbab/build-end.log
Signed-off-by: Luca Ceresoli <luca@lucaceresoli.net>
Kernel since 4.14 supports setting of logical block size[1]. It allows to
create loop devices that report logical block size different from 512.
Add support for this feature to losetup.
References:
[1] https://git.kernel.org/pub/scm/linux/kernel/git/torvalds/linux.git/commit/drivers/block/loop.c?id=89e4fdecb51cf5535867026274bc97de9480ade5
[kzak@redhat.com: - fix loopcxt_get_blocksize()
- remove lo_blocksize from loop_info64]
Signed-off-by: Stanislav Brabec <sbrabec@suse.cz>
Cc: Ming Lei <ming.lei@redhat.com>
Cc: Hannes Reinecke <hare@suse.com>
Cc: Omar Sandoval <osandov@fb.com>
Cc: Jens Axboe <axboe@kernel.dk>
Signed-off-by: Karel Zak <kzak@redhat.com>
A program using setproctitle can trigger an out of boundary access
if an attacker was able to clear the environment before execution.
The check in setproctitle prevents overflows, but does not take into
account that the whole length of the arguments could be 1, which is
possible by supplying such a program name to execlp(3) or using a
symbolic link, e.g. argv[0] = "l", argv[1] = NULL.
Only login uses setproctitle, which is not affected by this
problem due to initializing the environment right before the call.
Adding V3 and V5 UUIDs per RFC-4122.
[kzak@redhat.com: - fix symbols file]
Signed-off-by: Philip Prindeville <philipp@redfish-solutions.com>
Signed-off-by: Karel Zak <kzak@redhat.com>
The getrandom() does not have to return all requested bytes (missing
entropy or when interrupted by signal). The current implementation in
util-linux stupidly asks for all random data again, rather than only
for missing bytes.
The current code also does not care if we repeat our requests for
ever; that's bad.
This patch uses the same way as we already use for reading from
/dev/urandom. It means:
* repeat getrandom() for only missing bytes
* limit number of unsuccessful request (16 times)
* fallback to /dev/urandom on ENOSYS (old kernel or so...)
Addresses: https://github.com/karelzak/util-linux/issues/496
Signed-off-by: Karel Zak <kzak@redhat.com>
If getrandom() is called with nbytes ≥ 256 then it can return with less than the requested
bytes filled.
In this case we *could* adjust the buffer by the number of bytes actually read, but it's
simpler to just redo the call.
The 3.16 kernel is supported until 2020, and various distros have kernels of the same
vintage. It's entirely possible for code built against newer headers to be run against
these kernels, so fall-back to the old “read /dev/{u,}random” method if the kernel doesn'
support getrandom()
warning on 32bit systems:
../lib/parse-date.y: In function 'parse_date':
../lib/parse-date.y:1509:7: warning: format '%ld' expects argument of type 'long int', but argument 4 has type 'intmax_t' [-Wformat=]
abs_time_zone_min);
^
Signed-off-by: Ruediger Meier <ruediger.meier@ga-group.nl>
For some reason kernel commit e980f62353c697cbf0c4325e43df6e44399aeb64
add extra warning when the ioctl is used for DM devices. It seems we
can avoid this ioctl when the device has dm/uuid.
Addresses: https://bugzilla.redhat.com/show_bug.cgi?id=1469532
Signed-off-by: Karel Zak <kzak@redhat.com>
Clang analyzer warnings:
Dead store, Dead initialization:
lib/mbsedit.c:154:8: warning: Value stored to 'in' during its initialization is never read
char *in = (char *) &c;
^~ ~~~~~~~~~~~
misc-utils/findmnt-verify.c:129:14: warning: Value stored to 'cn' during its initialization is never read
const char *cn = tgt;
^~ ~~~
Dead store, Dead increment:
sys-utils/hwclock.c:1461:2: warning: Value stored to 'argv' is never read
argv += optind;
^ ~~~~~~
Signed-off-by: Ruediger Meier <ruediger.meier@ga-group.nl>
Simply avoiding strdup(). Error handling improved.
This was the Clang Analyzer warning:
Memory Error, Use-after-free
sys-utils/lsmem.c:259:3: warning: Use of memory after it is freed
err(EXIT_FAILURE, _("Failed to open %s"), path);
^~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Signed-off-by: Ruediger Meier <ruediger.meier@ga-group.nl>
Do not operate on truncated/random paths. Note, path_strdup()
can now really return NULL, to be handled in next commit.
Signed-off-by: Ruediger Meier <ruediger.meier@ga-group.nl>
As discussed on the mailing list. We fix all places
where the non-working define STRTOXX_EXIT_CODE was used.
Regarding tunelp, also see 7e3c80a7.
Signed-off-by: Ruediger Meier <ruediger.meier@ga-group.nl>
* '170424' of github.com:jwpi/util-linux:
parse-date: time_zone_hhmm() bug fixes
parse-date: remove unused ordinal_day_seen
parse-date: remove unused year_seen
parse-date: refactor tm_diff()
parse-date: use to_uchar() instead of assignment.
parse-date: use uintmax_t where appropriate
parse-date: use int where appropriate
parse-date: use intmax_t where appropriate
parse-date: remove unused EPOCH_YEAR
parse-date: replace ISDIGIT with c_isdigit
There is no need for 'else' when 'if' will return. In same go move call of
tolower() to last possible moment in char_to_val(), a lot of time hex values
should hit 0-9 range, and it can be omitted.
Signed-off-by: Sami Kerola <kerolasa@iki.fi>
../lib/loopdev.c: In function 'loopcxt_next_from_sysfs':
../lib/loopdev.c:545:32: warning: '/loop/backing_file' directive output may be truncated writing 18 bytes into a region of size between 1 and 256 [-Wformat-truncation=]
snprintf(name, sizeof(name), "%s/loop/backing_file", d->d_name);
^~~~~~~~~~~~~~~~~~~~~~
../lib/loopdev.c:545:3: note: 'snprintf' output between 19 and 274 bytes into a destination of size 256
snprintf(name, sizeof(name), "%s/loop/backing_file", d->d_name);
^~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
../lib/sysfs.c: In function 'sysfs_is_partition_dirent':
../lib/sysfs.c:343:31: warning: '/start' directive output may be truncated writing 6 bytes into a region of size between 1 and 256 [-Wformat-truncation=]
snprintf(path, sizeof(path), "%s/start", d->d_name);
^~~~~~~~~~
../lib/sysfs.c:343:2: note: 'snprintf' output between 7 and 262 bytes into a destination of size 256
snprintf(path, sizeof(path), "%s/start", d->d_name);
^~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
../lib/sysfs.c: In function 'sysfs_partno_to_devno':
../lib/sysfs.c:372:32: warning: '/partition' directive output may be truncated writing 10 bytes into a region of size between 1 and 256 [-Wformat-truncation=]
snprintf(path, sizeof(path), "%s/partition", d->d_name);
^~~~~~~~~~~~~~
../lib/sysfs.c:372:3: note: 'snprintf' output between 11 and 266 bytes into a destination of size 256
snprintf(path, sizeof(path), "%s/partition", d->d_name);
^~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
../lib/sysfs.c:377:33: warning: '/dev' directive output may be truncated writing 4 bytes into a region of size between 1 and 256 [-Wformat-truncation=]
snprintf(path, sizeof(path), "%s/dev", d->d_name);
^~~~~~~~
../lib/sysfs.c:377:4: note: 'snprintf' output between 5 and 260 bytes into a destination of size 256
snprintf(path, sizeof(path), "%s/dev", d->d_name);
^~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Signed-off-by: Ruediger Meier <ruediger.meier@ga-group.nl>
for example:
# PAGER=foo dmesg -H
sh: foo: command not found
the same problem is we have with fdisk 'l' command:
# PAGER=foo fdisk /dev/sda
Welcome to fdisk (util-linux 2.30-rc2-33-41b71).
...
Command (m for help): l
sh: foo: command not found
It seems better to don't use pager at all if not available.
Signed-off-by: Karel Zak <kzak@redhat.com>
sys-utils/prlimit.c: In function 'do_prlimit':
sys-utils/prlimit.c:367:16: warning: format '%ju' expects argument of type 'uintmax_t', but argument 2 has type 'rlim_t {aka long long unsigned int}' [-Wformat=]
printf("<%ju", new->rlim_cur);
lib/plymouth-ctrl.c: In function 'open_un_socket_and_connect':
lib/plymouth-ctrl.c:88:20: warning: passing argument 2 of 'connect' from incompatible pointer type [-Wincompatible-pointer-types]
ret = connect(fd, &su, offsetof(struct sockaddr_un, sun_path) + 1 + strlen(su.sun_path+1));
^
In file included from lib/plymouth-ctrl.c:35:0:
/usr/include/sys/socket.h:314:5: note: expected 'const struct sockaddr *' but argument is of type 'struct sockaddr_un *'
int connect (int, const struct sockaddr *, socklen_t);
login-utils/last.c: In function 'list':
login-utils/last.c:506:54: warning: pointer targets in passing argument 4 of 'dns_lookup' differ in signedness [-Wpointer-sign]
r = dns_lookup(domain, sizeof(domain), ctl->useip, p->ut_addr_v6);
^
login-utils/last.c:291:12: note: expected 'int32_t * {aka int *}' but argument is of type 'unsigned int *'
static int dns_lookup(char *result, int size, int useip, int32_t *a)
^~~~~~~~~~
In file included from sys-utils/hwclock-cmos.c:92:0:
sys-utils/hwclock.h:67:32: warning: 'struct timeval' declared inside parameter list will not be visible outside of this definition or declaration
extern double time_diff(struct timeval subtrahend, struct timeval subtractor);
misc-utils/test_uuidd.c: In function 'create_nthreads':
misc-utils/test_uuidd.c:187:19: warning: cast from pointer to integer of different size [-Wpointer-to-int-cast]
proc->pid, (int) th->tid, th->index));
Signed-off-by: Ruediger Meier <ruediger.meier@ga-group.nl>
We got some errors on Alpine Linux where $LTLIBINTL is non-empty:
./.libs/libcommon.a(libcommon_la-blkdev.o): In function `open_blkdev_or_file':
lib/blkdev.c:282: undefined reference to `libintl_gettext
collect2: error: ld returned 1 exit status
Signed-off-by: Ruediger Meier <ruediger.meier@ga-group.nl>
* assume ncursesw headers in ncursesw/ directory only
* prefer long paths, <term.h> and <ncurses.h> should be last
possibility
* fix typos
Signed-off-by: Karel Zak <kzak@redhat.com>
* use proper paths to term.h
* keep ncurses support optional
* link with TINFO_LIBS (-ltinfo), or fallback to NCURSES_LIBS (-ltinfo -lncurses)
* don't include unnecessary ncurses.h (term.h is enough)
Signed-off-by: Karel Zak <kzak@redhat.com>
flock(1) uses the timer facility to interrupt a blocking flock(2)
call. However, in a pathological case (or with a sufficiently short
timeout), the timer may fire and the signal be delivered after the
timer is set up, but before we get around to doing the flock(2)
call. In that case, we'd block forever. Checking timeout_expired right
before calling flock(2) does not eliminate that race, so the only
option is to make the timer fire repeatedly. Having the timer fire
after we've returned from flock(2) is not a problem, since we only
check timeout_expired in case of EINTR (also, this firing after return
could also happen with the current code).
There is currently one other user of setup_timer (misc-utils/uuidd.c),
but in that case the signal handler simply exits. Future users of
setup_timer obviously need to ensure that they can tolerate multiple
signal deliveries.
Choosing 1% of the initial timeout as the repeating interval is
somewhat arbitrary. However, I put a lower bound of 0.01s, since
setting the interval much smaller than this may end up effectively
live-locking the process, handling a never-ending stream of signals.
Signed-off-by: Rasmus Villemoes <rasmus.villemoes@prevas.dk>
The only valid flag for timer_settime is TIMER_ABSTIME, which we
certainly don't want here. This seems to be harmless since
timer_settime doesn't validate the flags parameter, TIMER_ABSTIME is
universally 0x1, and no architecture has SA_SIGINFO == 1.
Signed-off-by: Rasmus Villemoes <rasmus.villemoes@prevas.dk>
* '2017wk13' of https://github.com/kerolasa/lelux-utiliteetit:
docs: improve agetty.8 manual page
agetty: make --remote to forward --nohostname as -H to login
lib/cpuset: stop changing variable that is not read
agetty: remove variable that is set but not read
The current agetty uses TIOCSTI ioctl to return already read chars
from login name back to the terminal (without read() before
tcsetattr() we will lost data already written by user). The ioctl
based solution is fragile due to race -- we can return chars when
terminal already contains another new chars. The result is reordered
chars in login name.
The solution is to use extra buffer for already read data.
Reported-by: Michael Tretter <m.tretter@pengutronix.de>
Signed-off-by: Karel Zak <kzak@redhat.com>
* '2017wk11' of git://github.com/kerolasa/lelux-utiliteetit:
blkid: add control struct
blkid: simplify version option handling
tests: add static keyword where needed [smatch scan]
tests: do not use plain 0 as NULL [smatch scan]
libsmartcols: fix test variable shadowing
lib/colors.c: In function 'colors_read_schemes':
lib/colors.c:412:7: warning: potential null pointer dereference [-Wnull-dereference]
Reported-by: Sami Kerola <kerolasa@iki.fi>
Signed-off-by: Karel Zak <kzak@redhat.com>
* add lib/parse-date.y to build system
* add necessary autotools stuff to generate .c on the fly
(autotools are smart enough to add generated file to tarball)
* check for bison version by ./autogen.sh
* add non-wanted junk to .gitignore
With some modification by J William Piggott with regard to
moving the parse-date API into timeutils.h
Signed-off-by: J William Piggott <elseifthen@gmx.com>
* include/timeutils.h
Add parse-date API
* lib/parse-date.y - new file
Lib function that parses a date string into a timespec struct.
Derived from gnulib-dd7a871 parse-datetime.y with these changes:
* reduced to a single function API renamed to parse_date()
* removed gnulib dependencies
* removed debugging
* converted to util-linux coding style
* include/cctype.h - new file
Like ctype.h only hard coded to the 'C' locale.
Used by lib/parse-date.y.
Derived from gnulib-dd7a871 c-ctype.h with these changes:
* removed gnulib dependencies
* converted to util-linux coding style
* add requisite util-linux constants
Signed-off-by: J William Piggott <elseifthen@gmx.com>
text-utils/tailf.c:69:21: warning: Using plain integer as NULL pointer
Since many 'struct option' has used zero as NULL make them more readable in
same go by reindenting, and using named argument requirements.
Reference: https://lwn.net/Articles/93577/
Signed-off-by: Sami Kerola <kerolasa@iki.fi>
Local timegm() is a replacement function in cases it is missing from libc
implementation. Hopefully the replacement is never, or very rarely, used.
CC: Ruediger Meier <ruediger.meier@ga-group.nl>
Reviewed-by: J William Piggott <elseifthen@gmx.com>
Signed-off-by: Sami Kerola <kerolasa@iki.fi>
System call getrandom(2) is relatively new, available since kernel 3.17 but
not supported by glibc 2.24. That in mind autotools is made to check
availability of this function and keep old code as fallback. It is
reasonable assume it will take years before the syscall(2) and fallback are
unproblematic to remove.
One might ask why bother using getrandom(2). Main reason is to avoid
unnecessary system calls to achieve exactly same end result. That
demonstrated with 'strace -c ./mcookie' showing 36 calls before, and 32
after this change. Secondly the getrandom(2) function got to kernel with
promise it can be used to avoid file descriptor run down, and since uuidd
uses random_get_bytes() it should fulfill it's promise here.
Reference: http://man7.org/linux/man-pages/man2/getrandom.2.html
Reference: https://lwn.net/Articles/606141/
Reviewed-by: Karel Zak <kzak@redhat.com>
Signed-off-by: Sami Kerola <kerolasa@iki.fi>
In the majority of pages, pathnames are formatted as Italic,
which is the norm. However, there are several cases where they
are formatted as bold. This patch fixes a number of those
exceptions.
Signed-off-by: Michael Kerrisk <mtk.man-pages@gmail.com>
Add helper functions which allow to parse hexadecimal numbers.
Based on a patch from Clemens von Mann.
Signed-off-by: Heiko Carstens <heiko.carstens@de.ibm.com>
Make the publicly-visible crc32 library functions prefixed by ul_, such
as crc32() -> ul_crc32().
This is because it clashes with the crc32() function from zlib.
For newer versions of glib (2.50+) zlib and libblkid are required
dependencies and otherwise results in build failure when building
statically.
Signed-off-by: Gustavo Zacarias <gustavo@zacarias.com.ar>
Now libsmartcols completely control when and how wrap long
lines/cells. This is sometimes user unfriendly and it would be nice to
support multi-line cells where wrap is based on \n (new line char).
This patch add new column flag SCOLS_FL_WRAPNL.
Signed-off-by: Karel Zak <kzak@redhat.com>
The function is_loopdev does not set errno if the supplied string does
not reference a valid loop device. Fix this to avoid an error message
like this one:
losetup: /: failed to use device: Success
I prefer this one:
losetup: /: failed to use device: No such device
Signed-off-by: Tobias Stoeckmann <tobias@stoeckmann.org>
* clean up function names
* add functions to temporary redirect to the pager and then restore
original terminal output
Signed-off-by: Karel Zak <kzak@redhat.com>
Implement stand-alone loopcxt_set_status(). It allows manipulation with some
loop device parameters even if it is initialized.
Its function is limited by the kernel implementation, and only a small subset of
changes is allowed.
For more see linux/drivers/block/loop.c:loop_set_status()
Signed-off-by: Stanislav Brabec <sbrabec@suse.cz>
This patch introduces overlap detections and loop devices
re-use for losetup(8). We already support this feature for mount(8)
where it's enabled by default (because we mount filesystems and it's
always mistake to share the same filesystem between more loop
devices).
Stanislav has suggested to enable this feature also for losetup by
default. I'm not sure about it, IMHO it's better to keep losetup(8)
simple and stupid by default, and inform users about possible problems
and solutions in the man page.
The feature forces losetup to scan all loop devices always when new
one is requested. This maybe disadvantage (especially when we use
control-loop to avoid /sys or /dev scans) on system with huge number
of loop devices.
Co-Author: Stanislav Brabec <sbrabec@suse.cz>
Signed-off-by: Karel Zak <kzak@redhat.com>
///aaa/bbb and /aaa/bbb/ are the same paths. This is important
especially with NFS where number of slashes are not the same in
the /proc/self/mountinfo and fstab or utab. The regular URI is
euler://tmp
but /proc contains
euler:/tmp
Reported-by: Ales Novak <alnovak@suse.cz>
Signed-off-by: Karel Zak <kzak@redhat.com>
The current code scans loopdevs to detect already used loop device and
another scan to detect overlap.
Let's use one scan only, for this purpose loopcxt_find_overlap() has
been modified to return info (rc==2) about full size and offset match.
Signed-off-by: Karel Zak <kzak@redhat.com>
Fully safe checks of loop device need to check sizelimit. To prevent need of two
nearly equal functions, introduce sizelimit parameter to several internal
functions:
loopdev_is_used()
loopdev_find_by_backing_file()
loopcxt_is_used()
loopcxt_find_by_backing_file()
If sizelimit is zero, fall back to the old behavior (ignoring of sizelimit).
Signed-off-by: Stanislav Brabec <sbrabec@suse.cz>
Try all standard terminal input/output file descriptors when finding tty
name in get_germinal_name(). This should make all invocations of the
function as robust as they can get.
Signed-off-by: Sami Kerola <kerolasa@iki.fi>
When timestamps are intented to be conversable back from string to binary it
is best to stick with UTC-0 timezone. This is needed in utmpdump(1).
Signed-off-by: Sami Kerola <kerolasa@iki.fi>
We use the function to be sure with *output* width. Note that the
current code (with STDIN) is broken because in some situations
libsmartcols is not able to detect terminal width and fall back to
default 80.
Signed-off-by: Karel Zak <kzak@redhat.com>
Fix various typos in error messages, warnings, debug strings,
comments and names of static functions.
Signed-off-by: Sebastian Rasmussen <sebras@gmail.com>
The plymouth support depends on Linux specific SOCK_* flags and all
the feature is probably unnecessary in some cases (non-plymouth
distros, etc.)
Signed-off-by: Karel Zak <kzak@redhat.com>
- use buffers rather than allocate memory
- support .usec and ,usec convention
- use strftime for timezone (we need to care about daylight
saving time)
Signed-off-by: Karel Zak <kzak@redhat.com>
for stopping plymouthd. That do not depend on the existence of
the plymouth binary if it e.g. becomes uninstalled or an other
service is providing plymouthd facilities.
[kzak@redhat.com: - fix compiler warnings [-Wpointer-sign]
- use sizeof() for write_all()
- cast to char* for read_all]
Signed-off-by: Werner Fink <werner@suse.de>
Signed-off-by: Karel Zak <kzak@redhat.com>
The path canonicalization is expensive and in many cases unwanted due
to problems with readlink() on unreachable NFS and automounters.
This patch add a possibility to search also by $(CWD)/<path> if the
<path> is relative to reduce number of situation when we convert the
path to the canonical absolute path.
The common use-case:
# cd /some/long/path
# umount ./mountpoint
old version:
15543: libmount: TAB: [0x560a99a54230]: lookup TARGET: './test'
15543: libmount: CACHE: [0x560a99a54290]: canonicalize path ./test
15543: libmount: CACHE: [0x560a99a54290]: add entry [ 1] (path): /mnt/test: ./test
15543: libmount: TAB: [0x560a99a54230]: lookup canonical TARGET: '/mnt/test'
15543: libmount: CXT: [0x560a99a54050]: umount fs: /mnt/test
new version:
15597: libmount: TAB: [0xabf230]: lookup TARGET: './test'
15597: libmount: TAB: [0xabf230]: lookup absolute TARGET: '/mnt/test'
15597: libmount: CXT: [0xabf050]: umount fs: /mnt/test
Signed-off-by: Karel Zak <kzak@redhat.com>
Later version of bcache add different checksum types, and allow for superblocks
greater than 4k - skipping the checksum check (as in most other probes) is the
easiest solution.
Signed-off-by: Kent Overstreet <kent.overstreet@gmail.com>
Currently the code supports /dev/name or PARTUUID= only. We also
need to support 'maj:min' and 'hexhex' notations.
Reported-by: George Spelvin <linux@horizon.com>
Signed-off-by: Karel Zak <kzak@redhat.com>
The file is no portable (#ifdef HAVE_SYS_SYSMACROS_H is necessary),
but needed on many places. It seems better to keep it in c.h.
Signed-off-by: Karel Zak <kzak@redhat.com>
BSD/Linux systems stick major/minor/makedev in sysmacros.h. Newer Linux
libraries have been moving away from including sysmacros.h implicitly via
sys/types.h, so include it directly.
Signed-off-by: Mike Frysinger <vapier@gentoo.org>
I have validated that we are still compatible at least back to
- openSUSE 11.4
- SLE 11
- RHEL/CentOS 6
- OSX 10.10.x, (Xcode 6.3)
- FreeBSD 10.2
Confirmed incompatibility:
- OSX 10.9.x, (Xcode 6.2)
Signed-off-by: Ruediger Meier <ruediger.meier@ga-group.nl>
We have that mempcpy fallback since 2013 (02887b73) but forgot to
include it.
This fixes a segfault of cal(1) on FreeBSD and OSX.
Compiler warning was:
lib/mbsalign.c:468:14: warning: implicit declaration of function 'mempcpy' is invalid in C99 [-Wimplicit-function-declaration]
dest = mempcpy (dest, str_to_print, min (n_used_bytes, space_left));
^
lib/mbsalign.c:468:12: warning: incompatible integer to pointer conversion assigning to 'char *' from 'int' [-Wint-conversion]
dest = mempcpy (dest, str_to_print, min (n_used_bytes, space_left));
CC: Daniel Trebbien <dtrebbien@gmail.com>
Signed-off-by: Ruediger Meier <ruediger.meier@ga-group.nl>
features.h: any glibc header includes this already
libgen.h: was unused there
sys/uio.h: for writev(3p)
sys/queue.h seems like it was never used
Signed-off-by: Ruediger Meier <ruediger.meier@ga-group.nl>
We were missing our nice compliler warnings for many programs
and libs. See next commits how many trivial and non-trival
warnings have to be fixed.
Signed-off-by: Ruediger Meier <ruediger.meier@ga-group.nl>
This was a major showstopper when building on a system where
LTLIBINTL libs are needed (e.g. OSX). Maybe there are a few test
programs which wouldn't need LDADD ... never mind.
Signed-off-by: Ruediger Meier <ruediger.meier@ga-group.nl>
Maybe strtosize_or_err() is the only function which uses
this errno (wrongly). But it doesnt hurt to maintain rc
as well as errno.
Signed-off-by: Ruediger Meier <ruediger.meier@ga-group.nl>
Don't use undefined errno:
$ ./logger --no-act -t "wtf" --id="" message
logger: failed to parse id: '': No such file or directory
Don't print useless EINVAL message but ERANGE only:
$ ./logger --no-act -t "wtf" --id="XX" message
logger: failed to parse id: 'XX': Invalid argument
Note the ERANGE-only improvement does not change anything on
Linux/c99 as strtoul(3) only set ERANGE there.
Signed-off-by: Ruediger Meier <ruediger.meier@ga-group.nl>
Fix the warnings below for OSX clang and add a few more
casts for timeval:
lib/at.c:131:27: warning: format specifies type 'intmax_t' (aka 'long') but the argument has type 'off_t' (aka 'long long') [-Wformat]
printf("%16jd bytes ", st.st_size);
~~~~~ ^~~~~~~~~~
lib/strutils.c:522:52: warning: format specifies type 'intmax_t' (aka 'long') but the argument has type 'uint64_t' (aka 'unsigned long long') [-Wformat]
snprintf(buf, sizeof(buf), "%d%s%jd%s", dec, dp, frac, suffix);
~~~ ^~~~
lib/sysfs.c:468:42: warning: format specifies type 'uintmax_t' (aka 'unsigned long') but the argument has type 'uint64_t' (aka 'unsigned long long') [-Wformat]
len = snprintf(buf, sizeof(buf), "%ju", num);
~~~ ^~~
libuuid/src/gen_uuid.c:316:34: warning: format specifies type 'unsigned long' but the argument has type '__darwin_suseconds_t' (aka 'int') [-Wformat]
clock_seq, last.tv_sec, last.tv_usec, adjustment);
^~~~~~~~~~~~
Signed-off-by: Ruediger Meier <ruediger.meier@ga-group.nl>
The initial implementation has been introduced by SCOLS_FL_WRAP columns,
but this patch clean ups all and makes things more elegant.
Note that use SCOLS_FL_TREE | SCOLS_FL_WRAP for a column is bad idea
and I don't think we need to fix it.
References: https://github.com/karelzak/util-linux/issues/269
Signed-off-by: Karel Zak <kzak@redhat.com>
- let's support multibyte table titles
- use lib/mbalign.c to align the title
- rename title_wrap to title_padding (we already use "wrap" on another
places for another things)
Signed-off-by: Karel Zak <kzak@redhat.com>
Almost any code calling get_terminal_width() checks returned width for
non-positive values and sets it to some default value (say, 80). So,
let's pass this default value directly to the function.
[kzak@redhat.com: - get_terminal_width() refactoring]
Signed-off-by: Karel Zak <kzak@redhat.com>
Purpose of this function is to open a path that is potentially pointing to a
block device or file without races. The function also proper open(3) flags
are used to check the device is not busy, and finally warning is been
printed if a block device happens to be misaligned.
Signed-off-by: Sami Kerola <kerolasa@iki.fi>
From v4.4, linux kernel starts to support direct I/O and
AIO to backing file for loop driver, so allow losetup to
enable the feature by using LOOP_SET_DIRECT_IO ioctl cmd.
Signed-off-by: Ming Lei <tom.leiming@gmail.com>
Now the function uses result buffer for internal stuff (readlink), so
it requires that the buffer is large enough. This is unexpected as
caller assumes that the buffer has to be large enough for devname only.
References: http://www.spinics.net/lists/util-linux-ng/msg12015.html
Reported-by: Tom Yan <tom.ty89@gmail.com>
Signed-off-by: Karel Zak <kzak@redhat.com>
This patch introduces smart crc32 function that is able to exclude
specified. The advantage is that we does not have to modify GPT header
(set the current in-header crc field to zero) when we count crc32.
This allows to keep GPT header in read-only buffers and simplify code.
Signed-off-by: Karel Zak <kzak@redhat.com>
The utils when compiled WITHOUT libuser then mkostemp()ing
"/etc/%s.XXXXXX" where the filename prefix is argv[0] basename.
An attacker could repeatedly execute the util with modified argv[0]
and after many many attempts mkostemp() may generate suffix which
makes sense. The result maybe temporary file with name like rc.status
ld.so.preload or krb5.keytab, etc.
Note that distros usually use libuser based ch{sh,fn} or stuff from
shadow-utils.
It's probably very minor security bug.
Addresses: CVE-2015-5224
Signed-off-by: Karel Zak <kzak@redhat.com>