[libi2ncommon] / src / pipestream.cpp

 /*
The software in this package is distributed under the GNU General
Public License version 2 (with a special exception described below).

A copy of GNU General Public License (GPL) is included in this distribution,
in the file COPYING.GPL.

As a special exception, if other files instantiate templates or use macros
or inline functions from this file, or you compile this file and link it
with other works to produce a work based on this file, this file
does not by itself cause the resulting work to be covered
by the GNU General Public License.

However the source code for this file must still be made available
in accordance with section (3) of the GNU General Public License.

This exception does not invalidate any other reasons why a work based
on this file might be covered by the GNU General Public License.
*/
/***************************************************************************
              inpipestream.cpp  -  C++ streambuffer wrapper 
                             -------------------
    begin                : Thu Dec 27 2001
    copyright            : (C) 2001 by Intra2net AG
 ***************************************************************************/

#include <errno.h>
#include <stdio.h>
#include <string.h>
#include <fcntl.h>
#include <sys/wait.h>
#include <unistd.h>

#include <streambuf>
#include <istream>
#include <ostream>
#include <cstdio>
#include <boost/foreach.hpp>
#include <boost/shared_array.hpp>

#include "exception.hxx"
#include "stringfunc.hxx"
#include "pipestream.hxx"

/** @brief runs command and returns it's output as string
 *  @param command the full command with all parameters
 *  @param rescode struct containing the return code, if the program exited normally and so on
 *  @param flags runtime control flags (stdio streams, environment, path lookup).
 *  @returns the output (stdout) of the called program
 */
template <typename CmdT>
std::string capture_exec(CmdT command, ExecResult &rescode,
                         const int flags)
{
    std::string output;

    bool exit_set = false;
    int exit_status_waitpid;

    // set the results to false until we are sure we have proper values
    rescode.normal_exit = false;
    rescode.terminated_by_signal = false;

    try
    {
        {
            inpipestream ips(command, flags);

            ips.store_exit_status(&exit_set, &exit_status_waitpid);

            char buffer[2048];
            while (ips.good())
            {
                ips.read(buffer, sizeof(buffer));
                output.append(buffer, ips.gcount());
            }
        }

        // exit_status_waitpid only valid after destruction of the inpipestream

        if (exit_set)
        {
            rescode.normal_exit = WIFEXITED(exit_status_waitpid);
            if (rescode.normal_exit)
                rescode.return_code = WEXITSTATUS(exit_status_waitpid);

            rescode.terminated_by_signal = WIFSIGNALED(exit_status_waitpid);
            if (rescode.terminated_by_signal)
                rescode.signal = WTERMSIG(exit_status_waitpid);
        }
    }
    catch (pipestream_error &e)
    {
        rescode.error_message = e.what();
    }

    return output;
}

/** @brief      Instantiation of \c capture_exec for STL string arguments.
 *              Caveat emptor: this will cause the backing stream to use \c
 *              popen(3). To avoid shelling out, please refer to one of the
 *              variants that allow passing an argument list.
 *
 *  @param command    String specifying the shell expression to be executed.
 *  @param res        (Out parameter) Store information about the termination
 *                    state in this struct.
 *
 *  @returns          Result of \c stdout. Note that due to the use of \c
 *                    popen, the correct way to collect stderr output as
 *                    well is to use shell redirection inside the expression
 *                    passed.
 */
std::string capture_exec (const std::string &command, ExecResult &res)
{ return capture_exec<const std::string &>(command, res, capture_flag::dflt); }

/** @brief      Instantiation of \c capture_exec for argument lists. The
 *              pipestream used to run the command will not shell out.
 *              One of \c out or \c err must be set.
 *
 *  @param command    List of \c char* specifying the \c argv array of the
 *                    command to run. Note that the binary to executed is
 *                    assumed to be present at index 0 and that the input
 *                    is properly \c NULL terminated.
 *  @param res        (Out parameter) Store information about the termination
 *                    state in this struct.
 *  @param flags      Runtime control flags (stdio streams, environment, path
 *                    lookup).
 *
 *  @returns          Captured output, combined into one string.
 */
std::string capture_exec (const char *const *command, ExecResult &res,
                          const int flags)
{ return capture_exec<const char *const *>(command, res, flags); }

/** @brief      Instantiation of \c capture_exec for argument lists. The
 *              pipestream used to run the command will not shell out.
 *              One of \c out or \c err must be set.
 *
 *  @param command    String vector specifying the \c argv array of the
 *                    command to run. Note that the binary to executed is
 *                    assumed to be present at index 0.
 *  @param res        (Out parameter) Store information about the termination
 *                    state in this struct.
 *  @param flags      Runtime control flags (stdio streams, environment, path
 *                    lookup).
 *
 *  @returns          Captured output, combined into one string.
 */
std::string capture_exec (const std::vector<std::string> &command, ExecResult &res,
                          const int flags)
{ return capture_exec<const std::vector<std::string> &> (command, res, flags); }

#define PIPE_CTOR_FAIL(where) \
    do { \
        throw EXCEPTION (pipestream_error, \
                         std::string (where) + ": error " \
                         + I2n::to_string (errno) \
                         + " (" + std::string (strerror (errno)) + ")"); \
    } while (0)

/** @brief      Convert a string vector to a refcounted \c char**
 *              that is \c NULL terminated for use with e. g. \c execve(2).
 *
 *  @param command    List of arguments including the binary at index 0.
 *
 *  @returns          A \c boost::shared_array of pointers to the
 *                    arguments plus a trailing \c NULL. Note that
 *                    while the array itself is refcounted, the
 *                    pointees are assumed owned by the caller and
 *                    *not copyied*. I. e. they lose validity if the
 *                    original strings are freed.
 */
static boost::shared_array <char *>
mk_argv (const std::vector<std::string> &command)
{
    char **ret = NULL;

    try {
        ret = new char *[command.size () * sizeof (ret[0]) + 1];
    } catch (std::bad_alloc &) {
        return boost::shared_array<char *> ();
    }

    size_t cur = 0;
    BOOST_FOREACH(const std::string &arg, command) {
        /*
         * Casting away constness is safe since the data is always
         * kept alive until after exec().
         */
        ret [cur++] = const_cast<char *> (arg.c_str ());
    }

    ret [cur] = NULL;

    return boost::shared_array<char *> (ret);
}

/** @brief      Helper for redirecting a file descriptor to \c /dev/null.
 *              This will only acquire an fd the first time it is called
 *              or if it is called after unsuccessfully attempting to
 *              acquire one.
 *
 *  @param fd         The open file descriptor to operate on.
 *  @param save_errno Out parameter: stores errno here after a syscall failure.
 *
 *  @returns          \c true on success, \c false otherwise (the call to
 *                    either \c open(2) or \c dup2(2) failed), with errno
 *                    communicated through saved_errno.
 */
static bool
redirect_devnull (const int fd, int &save_errno)
{
    static int nullfd = -1;
    
    errno = 0;
    if (nullfd == -1 && (nullfd = open ("/dev/null", O_RDWR)) == -1) {
        save_errno = errno;
        return false;
    }

    errno = 0;
    if (dup2 (nullfd, fd) == -1) {
        save_errno = errno;
        return false;
    }

    return true;
}

/** @brief      Helper aggregating common code for the shell-free ctors.
 *
 *  @param argv       Argument list prepared for \c execve(2).
 *  @param flags      Control the runtime behavior wrt. stdio streams, \c
 *                    *envp, and path search. One of \c collect_out or
 *                    \c collect_err is mandatory. All other flags are
 *                    optional. Pipebuf creation with fail with \c EINVAL
 *                    if that constraint is violated.
 *
 *  @returns          A \c FILE* handle for streaming if successful, \c NULL
 *                    otherwise.
 *
 * Error handling strategy:
 *
 *      - receive all errors from child as ints through a cloexec pipe;
 *      - in the child, write error conditions always to pipe first,
 *        then try to emit a more verbose log message;
 *      - in the parent, throw on error indicating the child errno.
 *
 * Note that the error-pipe approach is robust due to guarantees by both
 * standard (POSIX) and implementation (Linux) of pipes: The read(2) from
 * the error channel will block until the pipe is either closed or written to;
 * hence no need to check for EAGAIN. Those writes are guaranteed to be atomic
 * because sizeof(errno) is less than PIPE_BUF; hence we can disregard EINTR. A
 * pipe whose write end (i.e. in the child) has been closed (by the kernel
 * because execve(2) was successful) will always indicate EOF by returning
 * zero, hence we know precisely whether everything went well or not. Cf.
 * pipe(7), sections “I/O on pipes and FIFOs” and “PIPE_BUF”, as well as
 * Kerrisk (2010), section 44.10, p. 917f.
 */
std::pair <pid_t, FILE *>
inpipebuf::init_without_shell (const char *const *argv,
                               const int flags) const
{
    FILE *pipeobj = NULL;
    int pipefd [2]; /* for reading output from the child */
    int errfd  [2]; /* for determining a successful exec() */
    sigset_t oldmask, newmask;
    char *const *envp = flags & capture_flag::env_passthru ? environ : NULL;

    if (!(flags & capture_flag::collect_any))
    {
        errno = EINVAL;
        PIPE_CTOR_FAIL("ctor");
    }

    /*
     * The error pipe must be openend with *O_CLOEXEC* set. We also open
     * the data pipe with close-on-exec and remove that bit only in the child.
     * The rationale is preventing the read fd from passed on if the parent
     * later re-forks another child: we intend it to be read from this (master)
     * process alone.
     */
    errno = 0;
    if (   ::pipe2 (pipefd, O_CLOEXEC) == -1
        || ::pipe2 (errfd , O_CLOEXEC) == -1) {
        PIPE_CTOR_FAIL("pipe2");
    }

    sigfillset (&newmask);
    sigprocmask (SIG_SETMASK, &newmask, &oldmask);

    errno = 0;
    pid_t childpid = fork ();
    switch (childpid) {
        case -1: {
            sigprocmask (SIG_SETMASK, &oldmask, NULL);
            PIPE_CTOR_FAIL("fork");
            break;
        }
        case 0: {
            /*
             * Close read ends of error and data channels: the child is assumed
             * to write exclusively.
             */
            close (pipefd [0]);
            close (errfd  [0]);

            /*
             * Remove cloexec bit from the write end of the pipe (this is the
             * only flag with F_SETFD).
             */
            fcntl (pipefd [1], F_SETFD, 0);

            /*
             * Prevent the child from receiving more privileges than the
             * parent. This concerns mainly suid binaries.
             */
            errno = 0;
            if (   flags & capture_flag::no_new_privs
                && prctl (PR_SET_NO_NEW_PRIVS,  1, 0, 0, 0) == -1)
            {
                (void)write (errfd [1], (char *)&errno, sizeof(errno));
                exit (EXIT_FAILURE);
            }

            int save_errno = 0;

            /*
             * Assign /dev/null if asked to close one of the streams, else
             * dup() it onto the pipe.
             */
            if (!(flags & capture_flag::collect_out))
            {
                if (!redirect_devnull (STDOUT_FILENO, save_errno))
                {
                    (void)write (errfd [1], (char *)&save_errno, sizeof(save_errno));
                    exit (EXIT_FAILURE);
                }
            }
            else if (dup2 (pipefd[1], STDOUT_FILENO) == -1)
            {
                (void)write (errfd [1], (char *)&save_errno, sizeof(save_errno));
                exit (EXIT_FAILURE);
            }

            if (!(flags & capture_flag::collect_err))
            {
                if (!redirect_devnull (STDERR_FILENO, save_errno))
                {
                    (void)write (errfd [1], (char *)&save_errno, sizeof(save_errno));
                    exit (EXIT_FAILURE);
                }
            }
            else if (dup2 (pipefd[1], STDERR_FILENO) == -1)
            {
                (void)write (errfd [1], (char *)&save_errno, sizeof(save_errno));
                exit (EXIT_FAILURE);
            }

            /*
             * Close the write end of the pipe now that we have dup()’ed it
             * onto the stdio fds. The parent will now receive EOF on the pipe
             * when these fds are both closed.
             */
            close (pipefd [1]);

            /*
             * Stop blocking signals so the child starts out with a sane
             * environment.
             */
            sigprocmask (SIG_SETMASK, &oldmask, NULL);

            errno = 0;
            if (flags & capture_flag::search_path) {
                execvpe (argv [0], const_cast <char *const *>(argv), envp);
            } else {
                execve (argv [0], const_cast <char *const *>(argv), envp);
            }

            /*
             * At this point, the call to execv[p]e() failed. Thus the error
             * pipe is still opened and we forward the errno through it.
             */
            (void)write (errfd [1], (char *)&errno, sizeof(errno));
            exit (EXIT_FAILURE);
            break;
        }
        default: {
            break;
        }
    }

    /*
     * The parent is assumed to only consume data from either pipe, never
     * write.
     */
    close (pipefd [1]);
    close (errfd  [1]);

    /*
     * Check whether the child exec()’ed by reading from the error pipe.
     * The call to read(2) will block, uninterruptible due to signals being
     * blocked. If all went well, the read(2) will return zero bytes and we can
     * ditch the error channel.
     *
     * Otherwise either the read(2) failed or we actually received something
     * through the error pipe. Both cases are treated as errors and cause an
     * exit from the ctor.
     */
    char buf [sizeof (errno)];
    int ret;
    memset (buf, 0, sizeof (buf));
    errno = 0;
    if ((ret = read (errfd [0], buf, sizeof (buf))) != 0) {
        close (pipefd [0]);
        close (errfd  [0]);
        sigprocmask (SIG_SETMASK, &oldmask, NULL);
        if (ret == - 1) {
            /* read(2) failed */
            PIPE_CTOR_FAIL("read");
        } else {
            /*
             * We received data on the error channel indicating the child
             * process never successfully exec()’ed. We grab the error code
             * from the buffer and bail.
             */
            errno = *((int *)&buf[0]);
            PIPE_CTOR_FAIL("child failed to exec()");
        }
    }

    /*
     * read(2) yielded zero bytes; it’s safe to use the pipe so close our end
     * and continue.
     */
    close (errfd [0]);

    sigprocmask (SIG_SETMASK, &oldmask, NULL);

    errno = 0;
    if ((pipeobj = fdopen (pipefd [0], "r")) == NULL) {
        close (pipefd [0]);
        PIPE_CTOR_FAIL("fdopen");
    }

    return std::make_pair (childpid, pipeobj);
}

inpipebuf::inpipebuf(const char *const *command,
                     const int flags)
    : pipe (NULL) /* brr: shadowing global ident */
    , pid (-1)
    , status_set (NULL)
    , exit_status (NULL)
{
    if (command == NULL || command [0] == NULL) {
        PIPE_CTOR_FAIL("command");
    }

    std::pair <pid_t, FILE *> tmp = this->init_without_shell (command, flags);
    this->pid  = tmp.first; /* no std::tie :/ */
    this->pipe = tmp.second;

    setg (&buffer, &buffer, &buffer);
}

inpipebuf::inpipebuf(const std::vector<std::string> &command,
                     const int flags)
    : pipe (NULL) /* brr: shadowing global ident */
    , pid (-1)
    , status_set (NULL)
    , exit_status (NULL)
{
    if (command.empty ()) {
        PIPE_CTOR_FAIL("command");
    }

    const boost::shared_array <char *> argv = mk_argv (command);
    if (!argv) {
        PIPE_CTOR_FAIL("malloc");
    }

    std::pair <pid_t, FILE *> tmp =
        this->init_without_shell (argv.get (), flags);
    this->pid  = tmp.first;
    this->pipe = tmp.second;

    setg (&buffer, &buffer, &buffer);
}

inpipebuf::inpipebuf(const std::string& command,
                     const int _ignored_flags)
    : pid (-1)
    , status_set (NULL)
    , exit_status (NULL)
{
    pipe = popen (command.c_str(), "r");
    if (pipe == NULL)
        throw EXCEPTION (pipestream_error, "can't open program or permission denied");

    // force underflow
    setg (&buffer, &buffer, &buffer);
}

inpipebuf::~inpipebuf()
{
    if (pipe != NULL) {
        int status;

        if (this->pid == -1)
        {
            errno = 0;
            status = pclose (pipe);
            if (status != -1) {
                if (exit_status != NULL) {
                    *exit_status = status;
                    if (status_set != NULL) {
                        *status_set = true;
                    }
                }
            }
        }
        else
        {
            errno = 0;
            status = fclose (pipe);
            if (status != EOF) {
                if (exit_status != NULL) {
                    *exit_status = status; /* might be overwritten below */
                    if (status_set != NULL) {
                        *status_set = true;
                    }
                }
            }

            errno = 0;
            while (waitpid (this->pid, &status, 0) == -1) {
                if (errno != EINTR) {
                    status = -1;
                    break;
                }
            }
            if (status != 0 && exit_status != NULL) {
                *exit_status = status; /* might overwrite pipe status above */
                if (status_set != NULL) {
                    *status_set = true;
                }
            }
        }

        pipe = NULL;
    }
}

/** note: exit status only available after destruction */
void inpipebuf::store_exit_status(bool *_status_set, int *_exit_status)
{ 
    status_set = _status_set; 
    exit_status = _exit_status; 
}

inpipebuf::int_type inpipebuf::underflow()
{
    if (gptr() < egptr())
        return traits_type::to_int_type(*gptr());

    buffer = fgetc (pipe);
    if (feof (pipe))
    {
        // ERROR or EOF
        return EOF;
    }

    setg (&buffer, &buffer, &buffer+sizeof(char));

    return traits_type::to_int_type(*gptr());
}

outpipebuf::outpipebuf(const std::string& command)
{
    status_set = NULL;
    exit_status = NULL;

    pipe = popen (command.c_str(), "w");
    if (pipe == NULL)
        throw EXCEPTION (pipestream_error, "can't open program or permission denied");
}

outpipebuf::~outpipebuf()
{
    if (pipe != NULL) {
        int pclose_exit = pclose (pipe);

        if (exit_status && pclose_exit != -1)
        {
            if (status_set)
                *status_set = true;
            *exit_status = pclose_exit;
        }

        pipe = NULL;
    }
}

/** note: exit status only available after destruction */
void outpipebuf::store_exit_status(bool *_status_set, int *_exit_status)
{ 
    status_set = _status_set; 
    exit_status = _exit_status; 
}

outpipebuf::int_type outpipebuf::overflow(int_type c)
{
    if (c != EOF)
    {
        if (fputc(c,pipe)==EOF)
            return EOF;
    }
    return c;
}

std::streamsize outpipebuf::xsputn(const char* s, std::streamsize num)
{
    return fwrite(s,num,1,pipe);
}
Commit	Line	Data
7e606af5 GE	1	/*
	2	The software in this package is distributed under the GNU General
	3	Public License version 2 (with a special exception described below).
	4
	5	A copy of GNU General Public License (GPL) is included in this distribution,
	6	in the file COPYING.GPL.
	7
	8	As a special exception, if other files instantiate templates or use macros
	9	or inline functions from this file, or you compile this file and link it
	10	with other works to produce a work based on this file, this file
	11	does not by itself cause the resulting work to be covered
	12	by the GNU General Public License.
	13
	14	However the source code for this file must still be made available
	15	in accordance with section (3) of the GNU General Public License.
	16
	17	This exception does not invalidate any other reasons why a work based
	18	on this file might be covered by the GNU General Public License.
	19	*/
	20	/***************************************************************************
	21	inpipestream.cpp - C++ streambuffer wrapper
	22	-------------------
	23	begin : Thu Dec 27 2001
	24	copyright : (C) 2001 by Intra2net AG
	25	***************************************************************************/
	26
9e322fb7	27	#include <errno.h>
7e606af5	28	#include <stdio.h>
9e322fb7	29	#include <string.h>
ff5191e6	30	#include <fcntl.h>
f8f119bf	31	#include <sys/wait.h>
9e322fb7	32	#include <unistd.h>
7e606af5	33
7e606af5 GE	34	#include <streambuf>
	35	#include <istream>
	36	#include <ostream>
	37	#include <cstdio>
9e322fb7 PG	38	#include <boost/foreach.hpp>
9e322fb7 PG	39	#include <boost/shared_array.hpp>
7e606af5 GE	40
7e606af5 GE	41	#include "exception.hxx"
9e322fb7	42	#include "stringfunc.hxx"
7e606af5 GE	43	#include "pipestream.hxx"
7e606af5 GE	44
f8f119bf GE	45	/** @brief runs command and returns it's output as string
	46	* @param command the full command with all parameters
	47	* @param rescode struct containing the return code, if the program exited normally and so on
825c519f	48	* @param flags runtime control flags (stdio streams, environment, path lookup).
f8f119bf GE	49	* @returns the output (stdout) of the called program
f8f119bf GE	50	*/
9e322fb7	51	template <typename CmdT>
cc917897	52	std::string capture_exec(CmdT command, ExecResult &rescode,
825c519f	53	const int flags)
f8f119bf GE	54	{
	55	std::string output;
	56
1d7539d5	57	bool exit_set = false;
f8f119bf GE	58	int exit_status_waitpid;
	59
	60	// set the results to false until we are sure we have proper values
	61	rescode.normal_exit = false;
	62	rescode.terminated_by_signal = false;
	63
	64	try
	65	{
	66	{
825c519f	67	inpipestream ips(command, flags);
f8f119bf GE	68
	69	ips.store_exit_status(&exit_set, &exit_status_waitpid);
	70
	71	char buffer[2048];
	72	while (ips.good())
	73	{
	74	ips.read(buffer, sizeof(buffer));
	75	output.append(buffer, ips.gcount());
	76	}
	77	}
	78
	79	// exit_status_waitpid only valid after destruction of the inpipestream
	80
	81	if (exit_set)
	82	{
	83	rescode.normal_exit = WIFEXITED(exit_status_waitpid);
	84	if (rescode.normal_exit)
	85	rescode.return_code = WEXITSTATUS(exit_status_waitpid);
	86
	87	rescode.terminated_by_signal = WIFSIGNALED(exit_status_waitpid);
	88	if (rescode.terminated_by_signal)
	89	rescode.signal = WTERMSIG(exit_status_waitpid);
	90	}
	91	}
	92	catch (pipestream_error &e)
	93	{
	94	rescode.error_message = e.what();
	95	}
	96
	97	return output;
	98	}
	99
cc917897 PG	100	/** @brief Instantiation of \c capture_exec for STL string arguments.
	101	* Caveat emptor: this will cause the backing stream to use \c
	102	* popen(3). To avoid shelling out, please refer to one of the
	103	* variants that allow passing an argument list.
	104	*
	105	* @param command String specifying the shell expression to be executed.
	106	* @param res (Out parameter) Store information about the termination
	107	* state in this struct.
	108	*
	109	* @returns Result of \c stdout. Note that due to the use of \c
	110	* popen, the correct way to collect stderr output as
	111	* well is to use shell redirection inside the expression
	112	* passed.
	113	*/
9e322fb7	114	std::string capture_exec (const std::string &command, ExecResult &res)
825c519f	115	{ return capture_exec<const std::string &>(command, res, capture_flag::dflt); }
cc917897 PG	116
	117	/** @brief Instantiation of \c capture_exec for argument lists. The
	118	* pipestream used to run the command will not shell out.
	119	* One of \c out or \c err must be set.
	120	*
	121	* @param command List of \c char* specifying the \c argv array of the
	122	* command to run. Note that the binary to executed is
	123	* assumed to be present at index 0 and that the input
	124	* is properly \c NULL terminated.
	125	* @param res (Out parameter) Store information about the termination
	126	* state in this struct.
825c519f PG	127	* @param flags Runtime control flags (stdio streams, environment, path
825c519f PG	128	* lookup).
cc917897 PG	129	*
	130	* @returns Captured output, combined into one string.
	131	*/
	132	std::string capture_exec (const char const command, ExecResult &res,
825c519f PG	133	const int flags)
825c519f PG	134	{ return capture_exec<const char const >(command, res, flags); }
cc917897 PG	135
	136	/** @brief Instantiation of \c capture_exec for argument lists. The
	137	* pipestream used to run the command will not shell out.
	138	* One of \c out or \c err must be set.
	139	*
	140	* @param command String vector specifying the \c argv array of the
	141	* command to run. Note that the binary to executed is
	142	* assumed to be present at index 0.
	143	* @param res (Out parameter) Store information about the termination
	144	* state in this struct.
825c519f PG	145	* @param flags Runtime control flags (stdio streams, environment, path
825c519f PG	146	* lookup).
cc917897 PG	147	*
	148	* @returns Captured output, combined into one string.
	149	*/
	150	std::string capture_exec (const std::vector<std::string> &command, ExecResult &res,
825c519f PG	151	const int flags)
825c519f PG	152	{ return capture_exec<const std::vector<std::string> &> (command, res, flags); }
c2c29997	153
9e322fb7 PG	154	#define PIPE_CTOR_FAIL(where) \
	155	do { \
	156	throw EXCEPTION (pipestream_error, \
	157	std::string (where) + ": error " \
	158	+ I2n::to_string (errno) \
	159	+ " (" + std::string (strerror (errno)) + ")"); \
	160	} while (0)
	161
cc917897 PG	162	/ @brief Convert a string vector to a refcounted \c char
	163	* that is \c NULL terminated for use with e. g. \c execve(2).
	164	*
	165	* @param command List of arguments including the binary at index 0.
	166	*
	167	* @returns A \c boost::shared_array of pointers to the
	168	* arguments plus a trailing \c NULL. Note that
	169	* while the array itself is refcounted, the
	170	* pointees are assumed owned by the caller and
	171	* not copyied. I. e. they lose validity if the
	172	* original strings are freed.
	173	*/
9e322fb7 PG	174	static boost::shared_array <char *>
	175	mk_argv (const std::vector<std::string> &command)
	176	{
	177	char **ret = NULL;
	178
	179	try {
	180	ret = new char [command.size () sizeof (ret[0]) + 1];
	181	} catch (std::bad_alloc &) {
	182	return boost::shared_array<char *> ();
	183	}
	184
	185	size_t cur = 0;
	186	BOOST_FOREACH(const std::string &arg, command) {
	187	/*
	188	* Casting away constness is safe since the data is always
	189	* kept alive until after exec().
	190	*/
	191	ret [cur++] = const_cast<char *> (arg.c_str ());
	192	}
	193
	194	ret [cur] = NULL;
	195
	196	return boost::shared_array<char *> (ret);
	197	}
	198
ff5191e6 PG	199	/** @brief Helper for redirecting a file descriptor to \c /dev/null.
	200	* This will only acquire an fd the first time it is called
	201	* or if it is called after unsuccessfully attempting to
	202	* acquire one.
	203	*
	204	* @param fd The open file descriptor to operate on.
08199c66	205	* @param save_errno Out parameter: stores errno here after a syscall failure.
ff5191e6 PG	206	*
ff5191e6 PG	207	* @returns \c true on success, \c false otherwise (the call to
08199c66 PG	208	* either \c open(2) or \c dup2(2) failed), with errno
08199c66 PG	209	* communicated through saved_errno.
ff5191e6 PG	210	*/
ff5191e6 PG	211	static bool
08199c66	212	redirect_devnull (const int fd, int &save_errno)
ff5191e6 PG	213	{
	214	static int nullfd = -1;
	215
	216	errno = 0;
	217	if (nullfd == -1 && (nullfd = open ("/dev/null", O_RDWR)) == -1) {
08199c66	218	save_errno = errno;
ff5191e6 PG	219	return false;
	220	}
	221
	222	errno = 0;
	223	if (dup2 (nullfd, fd) == -1) {
08199c66	224	save_errno = errno;
ff5191e6 PG	225	return false;
	226	}
	227
	228	return true;
	229	}
	230
cc917897 PG	231	/** @brief Helper aggregating common code for the shell-free ctors.
	232	*
	233	* @param argv Argument list prepared for \c execve(2).
825c519f PG	234	* @param flags Control the runtime behavior wrt. stdio streams, \c
	235	* *envp, and path search. One of \c collect_out or
	236	* \c collect_err is mandatory. All other flags are
	237	* optional. Pipebuf creation with fail with \c EINVAL
	238	* if that constraint is violated.
cc917897 PG	239	*
	240	* @returns A \c FILE* handle for streaming if successful, \c NULL
	241	* otherwise.
825c519f PG	242	*
	243	* Error handling strategy:
	244	*
	245	* - receive all errors from child as ints through a cloexec pipe;
	246	* - in the child, write error conditions always to pipe first,
	247	* then try to emit a more verbose log message;
	248	* - in the parent, throw on error indicating the child errno.
	249	*
	250	* Note that the error-pipe approach is robust due to guarantees by both
	251	* standard (POSIX) and implementation (Linux) of pipes: The read(2) from
	252	* the error channel will block until the pipe is either closed or written to;
	253	* hence no need to check for EAGAIN. Those writes are guaranteed to be atomic
	254	* because sizeof(errno) is less than PIPE_BUF; hence we can disregard EINTR. A
	255	* pipe whose write end (i.e. in the child) has been closed (by the kernel
	256	* because execve(2) was successful) will always indicate EOF by returning
	257	* zero, hence we know precisely whether everything went well or not. Cf.
	258	* pipe(7), sections “I/O on pipes and FIFOs” and “PIPE_BUF”, as well as
	259	* Kerrisk (2010), section 44.10, p. 917f.
cc917897	260	*/
17b459b3	261	std::pair <pid_t, FILE *>
cc917897	262	inpipebuf::init_without_shell (const char const argv,
825c519f	263	const int flags) const
9e322fb7 PG	264	{
9e322fb7 PG	265	FILE *pipeobj = NULL;
08199c66 PG	266	int pipefd [2]; /* for reading output from the child */
08199c66 PG	267	int errfd [2]; /* for determining a successful exec() */
f2da42aa	268	sigset_t oldmask, newmask;
825c519f	269	char const envp = flags & capture_flag::env_passthru ? environ : NULL;
9e322fb7	270
825c519f PG	271	if (!(flags & capture_flag::collect_any))
825c519f PG	272	{
cc917897 PG	273	errno = EINVAL;
	274	PIPE_CTOR_FAIL("ctor");
	275	}
	276
825c519f PG	277	/*
	278	* The error pipe must be openend with O_CLOEXEC set. We also open
	279	* the data pipe with close-on-exec and remove that bit only in the child.
	280	* The rationale is preventing the read fd from passed on if the parent
	281	* later re-forks another child: we intend it to be read from this (master)
	282	* process alone.
	283	*/
9e322fb7	284	errno = 0;
08199c66 PG	285	if ( ::pipe2 (pipefd, O_CLOEXEC) == -1
08199c66 PG	286	\|\| ::pipe2 (errfd , O_CLOEXEC) == -1) {
a30f9a22	287	PIPE_CTOR_FAIL("pipe2");
9e322fb7 PG	288	}
9e322fb7 PG	289
f2da42aa PG	290	sigfillset (&newmask);
	291	sigprocmask (SIG_SETMASK, &newmask, &oldmask);
	292
9e322fb7 PG	293	errno = 0;
	294	pid_t childpid = fork ();
	295	switch (childpid) {
	296	case -1: {
f2da42aa	297	sigprocmask (SIG_SETMASK, &oldmask, NULL);
9e322fb7 PG	298	PIPE_CTOR_FAIL("fork");
	299	break;
	300	}
	301	case 0: {
825c519f PG	302	/*
	303	* Close read ends of error and data channels: the child is assumed
	304	* to write exclusively.
	305	*/
9e322fb7	306	close (pipefd [0]);
08199c66	307	close (errfd [0]);
9e322fb7	308
825c519f PG	309	/*
	310	* Remove cloexec bit from the write end of the pipe (this is the
	311	* only flag with F_SETFD).
	312	*/
a30f9a22 PG	313	fcntl (pipefd [1], F_SETFD, 0);
a30f9a22 PG	314
55a22930 PG	315	/*
	316	* Prevent the child from receiving more privileges than the
	317	* parent. This concerns mainly suid binaries.
	318	*/
	319	errno = 0;
	320	if ( flags & capture_flag::no_new_privs
	321	&& prctl (PR_SET_NO_NEW_PRIVS, 1, 0, 0, 0) == -1)
	322	{
	323	(void)write (errfd [1], (char *)&errno, sizeof(errno));
	324	exit (EXIT_FAILURE);
	325	}
	326
08199c66	327	int save_errno = 0;
825c519f PG	328
	329	/*
	330	* Assign /dev/null if asked to close one of the streams, else
	331	* dup() it onto the pipe.
	332	*/
	333	if (!(flags & capture_flag::collect_out))
	334	{
	335	if (!redirect_devnull (STDOUT_FILENO, save_errno))
	336	{
08199c66 PG	337	(void)write (errfd [1], (char *)&save_errno, sizeof(save_errno));
08199c66 PG	338	exit (EXIT_FAILURE);
ff5191e6	339	}
825c519f PG	340	}
	341	else if (dup2 (pipefd[1], STDOUT_FILENO) == -1)
	342	{
08199c66 PG	343	(void)write (errfd [1], (char *)&save_errno, sizeof(save_errno));
08199c66 PG	344	exit (EXIT_FAILURE);
9e322fb7 PG	345	}
9e322fb7 PG	346
825c519f PG	347	if (!(flags & capture_flag::collect_err))
	348	{
	349	if (!redirect_devnull (STDERR_FILENO, save_errno))
	350	{
08199c66 PG	351	(void)write (errfd [1], (char *)&save_errno, sizeof(save_errno));
08199c66 PG	352	exit (EXIT_FAILURE);
ff5191e6	353	}
825c519f PG	354	}
	355	else if (dup2 (pipefd[1], STDERR_FILENO) == -1)
	356	{
08199c66 PG	357	(void)write (errfd [1], (char *)&save_errno, sizeof(save_errno));
08199c66 PG	358	exit (EXIT_FAILURE);
9e322fb7 PG	359	}
9e322fb7 PG	360
825c519f PG	361	/*
	362	* Close the write end of the pipe now that we have dup()’ed it
	363	* onto the stdio fds. The parent will now receive EOF on the pipe
	364	* when these fds are both closed.
	365	*/
17b459b3 PG	366	close (pipefd [1]);
17b459b3 PG	367
825c519f PG	368	/*
	369	* Stop blocking signals so the child starts out with a sane
	370	* environment.
	371	*/
f2da42aa PG	372	sigprocmask (SIG_SETMASK, &oldmask, NULL);
f2da42aa PG	373
9e322fb7	374	errno = 0;
825c519f	375	if (flags & capture_flag::search_path) {
cdc166d2	376	execvpe (argv [0], const_cast <char const >(argv), envp);
ad4490f1	377	} else {
cdc166d2	378	execve (argv [0], const_cast <char const >(argv), envp);
9e322fb7	379	}
08199c66	380
825c519f PG	381	/*
	382	* At this point, the call to execv[p]e() failed. Thus the error
	383	* pipe is still opened and we forward the errno through it.
	384	*/
08199c66 PG	385	(void)write (errfd [1], (char *)&errno, sizeof(errno));
08199c66 PG	386	exit (EXIT_FAILURE);
9e322fb7 PG	387	break;
	388	}
	389	default: {
9e322fb7 PG	390	break;
	391	}
	392	}
	393
825c519f PG	394	/*
	395	* The parent is assumed to only consume data from either pipe, never
	396	* write.
	397	*/
08199c66 PG	398	close (pipefd [1]);
	399	close (errfd [1]);
	400
	401	/*
	402	* Check whether the child exec()’ed by reading from the error pipe.
	403	* The call to read(2) will block, uninterruptible due to signals being
	404	* blocked. If all went well, the read(2) will return zero bytes and we can
	405	* ditch the error channel.
	406	*
	407	* Otherwise either the read(2) failed or we actually received something
	408	* through the error pipe. Both cases are treated as errors and cause an
	409	* exit from the ctor.
	410	*/
	411	char buf [sizeof (errno)];
	412	int ret;
	413	memset (buf, 0, sizeof (buf));
	414	errno = 0;
	415	if ((ret = read (errfd [0], buf, sizeof (buf))) != 0) {
	416	close (pipefd [0]);
	417	close (errfd [0]);
	418	sigprocmask (SIG_SETMASK, &oldmask, NULL);
	419	if (ret == - 1) {
	420	/* read(2) failed */
	421	PIPE_CTOR_FAIL("read");
	422	} else {
	423	/*
	424	* We received data on the error channel indicating the child
	425	* process never successfully exec()’ed. We grab the error code
	426	* from the buffer and bail.
	427	*/
	428	errno = ((int )&buf[0]);
	429	PIPE_CTOR_FAIL("child failed to exec()");
	430	}
	431	}
	432
	433	/*
	434	* read(2) yielded zero bytes; it’s safe to use the pipe so close our end
	435	* and continue.
	436	*/
	437	close (errfd [0]);
	438
	439	sigprocmask (SIG_SETMASK, &oldmask, NULL);
	440
	441	errno = 0;
	442	if ((pipeobj = fdopen (pipefd [0], "r")) == NULL) {
	443	close (pipefd [0]);
	444	PIPE_CTOR_FAIL("fdopen");
	445	}
	446
17b459b3	447	return std::make_pair (childpid, pipeobj);
9e322fb7 PG	448	}
9e322fb7 PG	449
cc917897	450	inpipebuf::inpipebuf(const char const command,
825c519f	451	const int flags)
9e322fb7	452	: pipe (NULL) /* brr: shadowing global ident */
17b459b3	453	, pid (-1)
9e322fb7 PG	454	, status_set (NULL)
	455	, exit_status (NULL)
	456	{
	457	if (command == NULL \|\| command [0] == NULL) {
	458	PIPE_CTOR_FAIL("command");
	459	}
	460
825c519f	461	std::pair <pid_t, FILE *> tmp = this->init_without_shell (command, flags);
17b459b3 PG	462	this->pid = tmp.first; /* no std::tie :/ */
17b459b3 PG	463	this->pipe = tmp.second;
9e322fb7 PG	464
	465	setg (&buffer, &buffer, &buffer);
	466	}
	467
cc917897	468	inpipebuf::inpipebuf(const std::vector<std::string> &command,
825c519f	469	const int flags)
c2c29997	470	: pipe (NULL) /* brr: shadowing global ident */
17b459b3	471	, pid (-1)
c2c29997 PG	472	, status_set (NULL)
	473	, exit_status (NULL)
	474	{
	475	if (command.empty ()) {
	476	PIPE_CTOR_FAIL("command");
	477	}
	478
	479	const boost::shared_array <char *> argv = mk_argv (command);
	480	if (!argv) {
	481	PIPE_CTOR_FAIL("malloc");
	482	}
	483
ad4490f1	484	std::pair <pid_t, FILE *> tmp =
825c519f	485	this->init_without_shell (argv.get (), flags);
17b459b3 PG	486	this->pid = tmp.first;
17b459b3 PG	487	this->pipe = tmp.second;
c2c29997 PG	488
	489	setg (&buffer, &buffer, &buffer);
	490	}
	491
cc917897	492	inpipebuf::inpipebuf(const std::string& command,
825c519f	493	const int _ignored_flags)
17b459b3 PG	494	: pid (-1)
	495	, status_set (NULL)
	496	, exit_status (NULL)
7e606af5	497	{
7e606af5 GE	498	pipe = popen (command.c_str(), "r");
	499	if (pipe == NULL)
	500	throw EXCEPTION (pipestream_error, "can't open program or permission denied");
	501
	502	// force underflow
	503	setg (&buffer, &buffer, &buffer);
	504	}
	505
	506	inpipebuf::~inpipebuf()
	507	{
	508	if (pipe != NULL) {
17b459b3	509	int status;
7e606af5	510
17b459b3	511	if (this->pid == -1)
d00589a0	512	{
17b459b3 PG	513	errno = 0;
	514	status = pclose (pipe);
	515	if (status != -1) {
	516	if (exit_status != NULL) {
	517	*exit_status = status;
	518	if (status_set != NULL) {
	519	*status_set = true;
	520	}
	521	}
	522	}
	523	}
	524	else
	525	{
	526	errno = 0;
	527	status = fclose (pipe);
	528	if (status != EOF) {
	529	if (exit_status != NULL) {
	530	exit_status = status; / might be overwritten below */
	531	if (status_set != NULL) {
	532	*status_set = true;
	533	}
	534	}
	535	}
	536
	537	errno = 0;
	538	while (waitpid (this->pid, &status, 0) == -1) {
	539	if (errno != EINTR) {
	540	status = -1;
	541	break;
	542	}
	543	}
	544	if (status != 0 && exit_status != NULL) {
	545	exit_status = status; / might overwrite pipe status above */
	546	if (status_set != NULL) {
	547	*status_set = true;
	548	}
	549	}
7e606af5 GE	550	}
	551
	552	pipe = NULL;
	553	}
	554	}
	555
	556	/** note: exit status only available after destruction */
	557	void inpipebuf::store_exit_status(bool _status_set, int _exit_status)
	558	{
	559	status_set = _status_set;
	560	exit_status = _exit_status;
	561	}
	562
	563	inpipebuf::int_type inpipebuf::underflow()
	564	{
	565	if (gptr() < egptr())
	566	return traits_type::to_int_type(*gptr());
	567
	568	buffer = fgetc (pipe);
	569	if (feof (pipe))
	570	{
	571	// ERROR or EOF
	572	return EOF;
	573	}
	574
	575	setg (&buffer, &buffer, &buffer+sizeof(char));
	576
	577	return traits_type::to_int_type(*gptr());
	578	}
	579
7e606af5 GE	580	outpipebuf::outpipebuf(const std::string& command)
	581	{
	582	status_set = NULL;
	583	exit_status = NULL;
	584
	585	pipe = popen (command.c_str(), "w");
	586	if (pipe == NULL)
	587	throw EXCEPTION (pipestream_error, "can't open program or permission denied");
	588	}
	589
	590	outpipebuf::~outpipebuf()
	591	{
	592	if (pipe != NULL) {
	593	int pclose_exit = pclose (pipe);
	594
d00589a0 GE	595	if (exit_status && pclose_exit != -1)
	596	{
	597	if (status_set)
	598	*status_set = true;
7e606af5 GE	599	*exit_status = pclose_exit;
	600	}
	601
	602	pipe = NULL;
	603	}
	604	}
	605
	606	/** note: exit status only available after destruction */
	607	void outpipebuf::store_exit_status(bool _status_set, int _exit_status)
	608	{
	609	status_set = _status_set;
	610	exit_status = _exit_status;
	611	}
	612
	613	outpipebuf::int_type outpipebuf::overflow(int_type c)
	614	{
	615	if (c != EOF)
	616	{
	617	if (fputc(c,pipe)==EOF)
	618	return EOF;
	619	}
	620	return c;
	621	}
	622
	623	std::streamsize outpipebuf::xsputn(const char* s, std::streamsize num)
	624	{
	625	return fwrite(s,num,1,pipe);
	626	}