1 /* Temporary directories and temporary files with automatic cleanup.
2 Copyright (C) 2001, 2003, 2006-2007, 2009-2011 Free Software Foundation,
4 Written by Bruno Haible <bruno@clisp.org>, 2006.
6 This program is free software: you can redistribute it and/or modify
7 it under the terms of the GNU General Public License as published by
8 the Free Software Foundation; either version 3 of the License, or
9 (at your option) any later version.
11 This program is distributed in the hope that it will be useful,
12 but WITHOUT ANY WARRANTY; without even the implied warranty of
13 MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
14 GNU General Public License for more details.
16 You should have received a copy of the GNU General Public License
17 along with this program. If not, see <http://www.gnu.org/licenses/>. */
23 #include "clean-temp.h"
33 #if (defined _WIN32 || defined __WIN32__) && ! defined __CYGWIN__
34 # define WIN32_LEAN_AND_MEAN /* avoid including junk */
39 #include "fatal-signal.h"
45 #include "gl_linkedhash_list.h"
47 #if GNULIB_FWRITEERROR
48 # include "fwriteerror.h"
50 #if GNULIB_CLOSE_STREAM
51 # include "close-stream.h"
53 #if GNULIB_FCNTL_SAFER
56 #if GNULIB_FOPEN_SAFER
60 #define _(str) gettext (str)
62 /* GNU Hurd doesn't have PATH_MAX. */
65 # define PATH_MAX MAXPATHLEN
67 # define PATH_MAX 1024
72 # define uintptr_t unsigned long
75 #if !GNULIB_FCNTL_SAFER
76 /* The results of open() in this file are not used with fchdir,
77 therefore save some unnecessary work in fchdir.c. */
83 /* The use of 'volatile' in the types below (and ISO C 99 section 5.1.2.3.(5))
84 ensure that while constructing or modifying the data structures, the field
85 values are written to memory in the order of the C statements. So the
86 signal handler can rely on these field values to be up to date. */
89 /* Registry for a single temporary directory.
90 'struct temp_dir' from the public header file overlaps with this. */
93 /* The absolute pathname of the directory. */
94 char * volatile dirname;
95 /* Whether errors during explicit cleanup are reported to standard error. */
97 /* Absolute pathnames of subdirectories. */
98 gl_list_t /* <char *> */ volatile subdirs;
99 /* Absolute pathnames of files. */
100 gl_list_t /* <char *> */ volatile files;
103 /* List of all temporary directories. */
106 struct tempdir * volatile * volatile tempdir_list;
107 size_t volatile tempdir_count;
108 size_t tempdir_allocated;
109 } cleanup_list /* = { NULL, 0, 0 } */;
111 /* List of all open file descriptors to temporary files. */
112 static gl_list_t /* <int> */ volatile descriptors;
115 /* For the subdirs and for the files, we use a gl_list_t of type LINKEDHASH.
116 Why? We need a data structure that
118 1) Can contain an arbitrary number of 'char *' values. The strings
119 are compared via strcmp, not pointer comparison.
120 2) Has insertion and deletion operations that are fast: ideally O(1),
121 or possibly O(log n). This is important for GNU sort, which may
122 create a large number of temporary files.
123 3) Allows iteration through all elements from within a signal handler.
124 4) May or may not allow duplicates. It doesn't matter here, since
125 any file or subdir can only be removed once.
127 Criterion 1) would allow any gl_list_t or gl_oset_t implementation.
129 Criterion 2) leaves only GL_LINKEDHASH_LIST, GL_TREEHASH_LIST, or
132 Criterion 3) puts at disadvantage GL_TREEHASH_LIST and GL_TREE_OSET.
133 Namely, iteration through the elements of a binary tree requires access
134 to many ->left, ->right, ->parent pointers. However, the rebalancing
135 code for insertion and deletion in an AVL or red-black tree is so
136 complicated that we cannot assume that >left, ->right, ->parent pointers
137 are in a consistent state throughout these operations. Therefore, to
138 avoid a crash in the signal handler, all destructive operations to the
139 lists would have to be protected by a
140 block_fatal_signals ();
142 unblock_fatal_signals ();
143 pair. Which causes extra system calls.
145 Criterion 3) would also discourage GL_ARRAY_LIST and GL_CARRAY_LIST,
146 if they were not already excluded. Namely, these implementations use
147 xrealloc(), leaving a time window in which in the list->elements pointer
148 points to already deallocated memory. To avoid a crash in the signal
149 handler at such a moment, all destructive operations would have to
150 protected by block/unblock_fatal_signals (), in this case too.
152 A list of type GL_LINKEDHASH_LIST without duplicates fulfills all
154 2) Insertion and deletion are O(1) on average.
155 3) The gl_list_iterator, gl_list_iterator_next implementations do
156 not trigger memory allocations, nor other system calls, and are
157 therefore safe to be called from a signal handler.
158 Furthermore, since SIGNAL_SAFE_LIST is defined, the implementation
159 of the destructive functions ensures that the list structure is
160 safe to be traversed at any moment, even when interrupted by an
164 /* String equality and hash code functions used by the lists. */
167 string_equals (const void *x1, const void *x2)
169 const char *s1 = (const char *) x1;
170 const char *s2 = (const char *) x2;
171 return strcmp (s1, s2) == 0;
174 #define SIZE_BITS (sizeof (size_t) * CHAR_BIT)
176 /* A hash function for NUL-terminated char* strings using
177 the method described by Bruno Haible.
178 See http://www.haible.de/bruno/hashfunc.html. */
180 string_hash (const void *x)
182 const char *s = (const char *) x;
186 h = *s + ((h << 9) | (h >> (SIZE_BITS - 9)));
192 /* The signal handler. It gets called asynchronously. */
198 /* First close all file descriptors to temporary files. */
200 gl_list_t fds = descriptors;
204 gl_list_iterator_t iter;
207 iter = gl_list_iterator (fds);
208 while (gl_list_iterator_next (&iter, &element, NULL))
210 int fd = (int) (uintptr_t) element;
213 gl_list_iterator_free (&iter);
217 for (i = 0; i < cleanup_list.tempdir_count; i++)
219 struct tempdir *dir = cleanup_list.tempdir_list[i];
223 gl_list_iterator_t iter;
226 /* First cleanup the files in the subdirectories. */
227 iter = gl_list_iterator (dir->files);
228 while (gl_list_iterator_next (&iter, &element, NULL))
230 const char *file = (const char *) element;
233 gl_list_iterator_free (&iter);
235 /* Then cleanup the subdirectories. */
236 iter = gl_list_iterator (dir->subdirs);
237 while (gl_list_iterator_next (&iter, &element, NULL))
239 const char *subdir = (const char *) element;
242 gl_list_iterator_free (&iter);
244 /* Then cleanup the temporary directory itself. */
245 rmdir (dir->dirname);
250 /* Create a temporary directory.
251 PREFIX is used as a prefix for the name of the temporary directory. It
252 should be short and still give an indication about the program.
253 PARENTDIR can be used to specify the parent directory; if NULL, a default
254 parent directory is used (either $TMPDIR or /tmp or similar).
255 CLEANUP_VERBOSE determines whether errors during explicit cleanup are
256 reported to standard error.
257 Return a fresh 'struct temp_dir' on success. Upon error, an error message
258 is shown and NULL is returned. */
260 create_temp_dir (const char *prefix, const char *parentdir,
261 bool cleanup_verbose)
263 struct tempdir * volatile *tmpdirp = NULL;
264 struct tempdir *tmpdir;
269 /* See whether it can take the slot of an earlier temporary directory
270 already cleaned up. */
271 for (i = 0; i < cleanup_list.tempdir_count; i++)
272 if (cleanup_list.tempdir_list[i] == NULL)
274 tmpdirp = &cleanup_list.tempdir_list[i];
279 /* See whether the array needs to be extended. */
280 if (cleanup_list.tempdir_count == cleanup_list.tempdir_allocated)
282 /* Note that we cannot use xrealloc(), because then the cleanup()
283 function could access an already deallocated array. */
284 struct tempdir * volatile *old_array = cleanup_list.tempdir_list;
285 size_t old_allocated = cleanup_list.tempdir_allocated;
286 size_t new_allocated = 2 * cleanup_list.tempdir_allocated + 1;
287 struct tempdir * volatile *new_array =
288 XNMALLOC (new_allocated, struct tempdir * volatile);
290 if (old_allocated == 0)
291 /* First use of this facility. Register the cleanup handler. */
292 at_fatal_signal (&cleanup);
295 /* Don't use memcpy() here, because memcpy takes non-volatile
296 arguments and is therefore not guaranteed to complete all
297 memory stores before the next statement. */
300 for (k = 0; k < old_allocated; k++)
301 new_array[k] = old_array[k];
304 cleanup_list.tempdir_list = new_array;
305 cleanup_list.tempdir_allocated = new_allocated;
307 /* Now we can free the old array. */
308 if (old_array != NULL)
309 free ((struct tempdir **) old_array);
312 tmpdirp = &cleanup_list.tempdir_list[cleanup_list.tempdir_count];
313 /* Initialize *tmpdirp before incrementing tempdir_count, so that
314 cleanup() will skip this entry before it is fully initialized. */
316 cleanup_list.tempdir_count++;
319 /* Initialize a 'struct tempdir'. */
320 tmpdir = XMALLOC (struct tempdir);
321 tmpdir->dirname = NULL;
322 tmpdir->cleanup_verbose = cleanup_verbose;
323 tmpdir->subdirs = gl_list_create_empty (GL_LINKEDHASH_LIST,
324 string_equals, string_hash, NULL,
326 tmpdir->files = gl_list_create_empty (GL_LINKEDHASH_LIST,
327 string_equals, string_hash, NULL,
330 /* Create the temporary directory. */
331 xtemplate = (char *) xmalloca (PATH_MAX);
332 if (path_search (xtemplate, PATH_MAX, parentdir, prefix, parentdir == NULL))
335 _("cannot find a temporary directory, try setting $TMPDIR"));
338 block_fatal_signals ();
339 tmpdirname = mkdtemp (xtemplate);
340 if (tmpdirname != NULL)
342 tmpdir->dirname = tmpdirname;
345 unblock_fatal_signals ();
346 if (tmpdirname == NULL)
349 _("cannot create a temporary directory using template \"%s\""),
353 /* Replace tmpdir->dirname with a copy that has indefinite extent.
354 We cannot do this inside the block_fatal_signals/unblock_fatal_signals
355 block because then the cleanup handler would not remove the directory
357 tmpdir->dirname = xstrdup (tmpdirname);
359 return (struct temp_dir *) tmpdir;
366 /* Register the given ABSOLUTE_FILE_NAME as being a file inside DIR, that
367 needs to be removed before DIR can be removed.
368 Should be called before the file ABSOLUTE_FILE_NAME is created. */
370 register_temp_file (struct temp_dir *dir,
371 const char *absolute_file_name)
373 struct tempdir *tmpdir = (struct tempdir *)dir;
375 /* Add absolute_file_name to tmpdir->files, without duplicates. */
376 if (gl_list_search (tmpdir->files, absolute_file_name) == NULL)
377 gl_list_add_first (tmpdir->files, xstrdup (absolute_file_name));
380 /* Unregister the given ABSOLUTE_FILE_NAME as being a file inside DIR, that
381 needs to be removed before DIR can be removed.
382 Should be called when the file ABSOLUTE_FILE_NAME could not be created. */
384 unregister_temp_file (struct temp_dir *dir,
385 const char *absolute_file_name)
387 struct tempdir *tmpdir = (struct tempdir *)dir;
388 gl_list_t list = tmpdir->files;
391 node = gl_list_search (list, absolute_file_name);
394 char *old_string = (char *) gl_list_node_value (list, node);
396 gl_list_remove_node (list, node);
401 /* Register the given ABSOLUTE_DIR_NAME as being a subdirectory inside DIR,
402 that needs to be removed before DIR can be removed.
403 Should be called before the subdirectory ABSOLUTE_DIR_NAME is created. */
405 register_temp_subdir (struct temp_dir *dir,
406 const char *absolute_dir_name)
408 struct tempdir *tmpdir = (struct tempdir *)dir;
410 /* Add absolute_dir_name to tmpdir->subdirs, without duplicates. */
411 if (gl_list_search (tmpdir->subdirs, absolute_dir_name) == NULL)
412 gl_list_add_first (tmpdir->subdirs, xstrdup (absolute_dir_name));
415 /* Unregister the given ABSOLUTE_DIR_NAME as being a subdirectory inside DIR,
416 that needs to be removed before DIR can be removed.
417 Should be called when the subdirectory ABSOLUTE_DIR_NAME could not be
420 unregister_temp_subdir (struct temp_dir *dir,
421 const char *absolute_dir_name)
423 struct tempdir *tmpdir = (struct tempdir *)dir;
424 gl_list_t list = tmpdir->subdirs;
427 node = gl_list_search (list, absolute_dir_name);
430 char *old_string = (char *) gl_list_node_value (list, node);
432 gl_list_remove_node (list, node);
437 /* Remove a file, with optional error message.
438 Return 0 upon success, or -1 if there was some problem. */
440 do_unlink (struct temp_dir *dir, const char *absolute_file_name)
442 if (unlink (absolute_file_name) < 0 && dir->cleanup_verbose
445 error (0, errno, _("cannot remove temporary file %s"), absolute_file_name);
451 /* Remove a directory, with optional error message.
452 Return 0 upon success, or -1 if there was some problem. */
454 do_rmdir (struct temp_dir *dir, const char *absolute_dir_name)
456 if (rmdir (absolute_dir_name) < 0 && dir->cleanup_verbose
460 _("cannot remove temporary directory %s"), absolute_dir_name);
466 /* Remove the given ABSOLUTE_FILE_NAME and unregister it.
467 Return 0 upon success, or -1 if there was some problem. */
469 cleanup_temp_file (struct temp_dir *dir,
470 const char *absolute_file_name)
474 err = do_unlink (dir, absolute_file_name);
475 unregister_temp_file (dir, absolute_file_name);
480 /* Remove the given ABSOLUTE_DIR_NAME and unregister it.
481 Return 0 upon success, or -1 if there was some problem. */
483 cleanup_temp_subdir (struct temp_dir *dir,
484 const char *absolute_dir_name)
488 err = do_rmdir (dir, absolute_dir_name);
489 unregister_temp_subdir (dir, absolute_dir_name);
494 /* Remove all registered files and subdirectories inside DIR.
495 Return 0 upon success, or -1 if there was some problem. */
497 cleanup_temp_dir_contents (struct temp_dir *dir)
499 struct tempdir *tmpdir = (struct tempdir *)dir;
502 gl_list_iterator_t iter;
506 /* First cleanup the files in the subdirectories. */
507 list = tmpdir->files;
508 iter = gl_list_iterator (list);
509 while (gl_list_iterator_next (&iter, &element, &node))
511 char *file = (char *) element;
513 err |= do_unlink (dir, file);
514 gl_list_remove_node (list, node);
515 /* Now only we can free file. */
518 gl_list_iterator_free (&iter);
520 /* Then cleanup the subdirectories. */
521 list = tmpdir->subdirs;
522 iter = gl_list_iterator (list);
523 while (gl_list_iterator_next (&iter, &element, &node))
525 char *subdir = (char *) element;
527 err |= do_rmdir (dir, subdir);
528 gl_list_remove_node (list, node);
529 /* Now only we can free subdir. */
532 gl_list_iterator_free (&iter);
537 /* Remove all registered files and subdirectories inside DIR and DIR itself.
538 DIR cannot be used any more after this call.
539 Return 0 upon success, or -1 if there was some problem. */
541 cleanup_temp_dir (struct temp_dir *dir)
543 struct tempdir *tmpdir = (struct tempdir *)dir;
547 err |= cleanup_temp_dir_contents (dir);
548 err |= do_rmdir (dir, tmpdir->dirname);
550 for (i = 0; i < cleanup_list.tempdir_count; i++)
551 if (cleanup_list.tempdir_list[i] == tmpdir)
553 /* Remove cleanup_list.tempdir_list[i]. */
554 if (i + 1 == cleanup_list.tempdir_count)
556 while (i > 0 && cleanup_list.tempdir_list[i - 1] == NULL)
558 cleanup_list.tempdir_count = i;
561 cleanup_list.tempdir_list[i] = NULL;
562 /* Now only we can free the tmpdir->dirname and tmpdir itself. */
563 free (tmpdir->dirname);
568 /* The user passed an invalid DIR argument. */
573 #if (defined _WIN32 || defined __WIN32__) && ! defined __CYGWIN__
575 /* On Windows, opening a file with _O_TEMPORARY has the effect of passing
576 the FILE_FLAG_DELETE_ON_CLOSE flag to CreateFile(), which has the effect
577 of deleting the file when it is closed - even when the program crashes.
578 But (according to the Cygwin sources) it works only on Windows NT or newer.
579 So we cache the info whether we are running on Windows NT or newer. */
582 supports_delete_on_close ()
584 static int known; /* 1 = yes, -1 = no, 0 = unknown */
589 if (GetVersionEx (&v))
590 known = (v.dwPlatformId == VER_PLATFORM_WIN32_NT ? 1 : -1);
600 /* Register a file descriptor to be closed. */
604 if (descriptors == NULL)
605 descriptors = gl_list_create_empty (GL_LINKEDHASH_LIST, NULL, NULL, NULL,
607 gl_list_add_first (descriptors, (void *) (uintptr_t) fd);
610 /* Unregister a file descriptor to be closed. */
612 unregister_fd (int fd)
614 gl_list_t fds = descriptors;
618 /* descriptors should already contain fd. */
620 node = gl_list_search (fds, (void *) (uintptr_t) fd);
622 /* descriptors should already contain fd. */
624 gl_list_remove_node (fds, node);
627 /* Open a temporary file in a temporary directory.
628 Registers the resulting file descriptor to be closed. */
630 open_temp (const char *file_name, int flags, mode_t mode)
635 block_fatal_signals ();
636 /* Note: 'open' here is actually open() or open_safer(). */
637 #if (defined _WIN32 || defined __WIN32__) && ! defined __CYGWIN__
638 /* Use _O_TEMPORARY when possible, to increase the chances that the
639 temporary file is removed when the process crashes. */
640 if (supports_delete_on_close ())
641 fd = open (file_name, flags | _O_TEMPORARY, mode);
644 fd = open (file_name, flags, mode);
648 unblock_fatal_signals ();
653 /* Open a temporary file in a temporary directory.
654 Registers the resulting file descriptor to be closed. */
656 fopen_temp (const char *file_name, const char *mode)
661 block_fatal_signals ();
662 /* Note: 'fopen' here is actually fopen() or fopen_safer(). */
663 #if (defined _WIN32 || defined __WIN32__) && ! defined __CYGWIN__
664 /* Use _O_TEMPORARY when possible, to increase the chances that the
665 temporary file is removed when the process crashes. */
666 if (supports_delete_on_close ())
668 size_t mode_len = strlen (mode);
669 char *augmented_mode = (char *) xmalloca (mode_len + 2);
670 memcpy (augmented_mode, mode, mode_len);
671 memcpy (augmented_mode + mode_len, "D", 2);
673 fp = fopen (file_name, augmented_mode);
676 freea (augmented_mode);
681 fp = fopen (file_name, mode);
686 /* It is sufficient to register fileno (fp) instead of the entire fp,
687 because at cleanup time there is no need to do an fflush (fp); a
688 close (fileno (fp)) will be enough. */
689 int fd = fileno (fp);
694 unblock_fatal_signals ();
699 /* Close a temporary file in a temporary directory.
700 Unregisters the previously registered file descriptor. */
706 /* No blocking of signals is needed here, since a double close of a
707 file descriptor is harmless. */
708 int result = close (fd);
709 int saved_errno = errno;
711 /* No race condition here: we assume a single-threaded program, hence
712 fd cannot be re-opened here. */
723 /* Close a temporary file in a temporary directory.
724 Unregisters the previously registered file descriptor. */
726 fclose_temp (FILE *fp)
728 int fd = fileno (fp);
729 /* No blocking of signals is needed here, since a double close of a
730 file descriptor is harmless. */
731 int result = fclose (fp);
732 int saved_errno = errno;
734 /* No race condition here: we assume a single-threaded program, hence
735 fd cannot be re-opened here. */
743 #if GNULIB_FWRITEERROR
745 Unregisters the previously registered file descriptor. */
747 fwriteerror_temp (FILE *fp)
749 int fd = fileno (fp);
750 /* No blocking of signals is needed here, since a double close of a
751 file descriptor is harmless. */
752 int result = fwriteerror (fp);
753 int saved_errno = errno;
755 /* No race condition here: we assume a single-threaded program, hence
756 fd cannot be re-opened here. */
765 #if GNULIB_CLOSE_STREAM
766 /* Like close_stream.
767 Unregisters the previously registered file descriptor. */
769 close_stream_temp (FILE *fp)
771 int fd = fileno (fp);
772 /* No blocking of signals is needed here, since a double close of a
773 file descriptor is harmless. */
774 int result = close_stream (fp);
775 int saved_errno = errno;
777 /* No race condition here: we assume a single-threaded program, hence
778 fd cannot be re-opened here. */