1 /* Temporary directories and temporary files with automatic cleanup.
2 Copyright (C) 2001, 2003, 2006 Free Software Foundation, Inc.
3 Written by Bruno Haible <bruno@clisp.org>, 2006.
5 This program is free software; you can redistribute it and/or modify
6 it under the terms of the GNU General Public License as published by
7 the Free Software Foundation; either version 2, or (at your option)
10 This program is distributed in the hope that it will be useful,
11 but WITHOUT ANY WARRANTY; without even the implied warranty of
12 MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
13 GNU General Public License for more details.
15 You should have received a copy of the GNU General Public License
16 along with this program; if not, write to the Free Software Foundation,
17 Inc., 51 Franklin Street, Fifth Floor, Boston, MA 02110-1301, USA. */
23 #include "clean-temp.h"
34 #include "fatal-signal.h"
40 #include "gl_linkedhash_list.h"
42 #if GNULIB_FWRITEERROR
43 # include "fwriteerror.h"
45 #if GNULIB_CLOSE_STREAM
46 # include "close-stream.h"
48 #if GNULIB_FCNTL_SAFER
51 #if GNULIB_FOPEN_SAFER
55 #define _(str) gettext (str)
57 /* GNU Hurd doesn't have PATH_MAX. */
60 # define PATH_MAX MAXPATHLEN
62 # define PATH_MAX 1024
67 # define uintptr_t unsigned long
71 /* The use of 'volatile' in the types below (and ISO C 99 section 5.1.2.3.(5))
72 ensure that while constructing or modifying the data structures, the field
73 values are written to memory in the order of the C statements. So the
74 signal handler can rely on these field values to be up to date. */
77 /* Registry for a single temporary directory.
78 'struct temp_dir' from the public header file overlaps with this. */
81 /* The absolute pathname of the directory. */
82 char * volatile dirname;
83 /* Whether errors during explicit cleanup are reported to standard error. */
85 /* Absolute pathnames of subdirectories. */
86 gl_list_t /* <char *> */ volatile subdirs;
87 /* Absolute pathnames of files. */
88 gl_list_t /* <char *> */ volatile files;
91 /* List of all temporary directories. */
94 struct tempdir * volatile * volatile tempdir_list;
95 size_t volatile tempdir_count;
96 size_t tempdir_allocated;
97 } cleanup_list /* = { NULL, 0, 0 } */;
99 /* List of all open file descriptors to temporary files. */
100 static gl_list_t /* <int> */ volatile descriptors;
103 /* For the subdirs and for the files, we use a gl_list_t of type LINKEDHASH.
104 Why? We need a data structure that
106 1) Can contain an arbitrary number of 'char *' values. The strings
107 are compared via strcmp, not pointer comparison.
108 2) Has insertion and deletion operations that are fast: ideally O(1),
109 or possibly O(log n). This is important for GNU sort, which may
110 create a large number of temporary files.
111 3) Allows iteration through all elements from within a signal handler.
112 4) May or may not allow duplicates. It doesn't matter here, since
113 any file or subdir can only be removed once.
115 Criterion 1) would allow any gl_list_t or gl_oset_t implementation.
117 Criterion 2) leaves only GL_LINKEDHASH_LIST, GL_TREEHASH_LIST, or
120 Criterion 3) puts at disadvantage GL_TREEHASH_LIST and GL_TREE_OSET.
121 Namely, iteration through the elements of a binary tree requires access
122 to many ->left, ->right, ->parent pointers. However, the rebalancing
123 code for insertion and deletion in an AVL or red-black tree is so
124 complicated that we cannot assume that >left, ->right, ->parent pointers
125 are in a consistent state throughout these operations. Therefore, to
126 avoid a crash in the signal handler, all destructive operations to the
127 lists would have to be protected by a
128 block_fatal_signals ();
130 unblock_fatal_signals ();
131 pair. Which causes extra system calls.
133 Criterion 3) would also discourage GL_ARRAY_LIST and GL_CARRAY_LIST,
134 if they were not already excluded. Namely, these implementations use
135 xrealloc(), leaving a time window in which in the list->elements pointer
136 points to already deallocated memory. To avoid a crash in the signal
137 handler at such a moment, all destructive operations would have to
138 protected by block/unblock_fatal_signals (), in this case too.
140 A list of type GL_LINKEDHASH_LIST without duplicates fulfills all
142 2) Insertion and deletion are O(1) on average.
143 3) The gl_list_iterator, gl_list_iterator_next implementations do
144 not trigger memory allocations, nor other system calls, and are
145 therefore safe to be called from a signal handler.
146 Furthermore, since SIGNAL_SAFE_LIST is defined, the implementation
147 of the destructive functions ensures that the list structure is
148 safe to be traversed at any moment, even when interrupted by an
152 /* String equality and hash code functions used by the lists. */
155 string_equals (const void *x1, const void *x2)
157 const char *s1 = (const char *) x1;
158 const char *s2 = (const char *) x2;
159 return strcmp (s1, s2) == 0;
162 #define SIZE_BITS (sizeof (size_t) * CHAR_BIT)
164 /* A hash function for NUL-terminated char* strings using
165 the method described by Bruno Haible.
166 See http://www.haible.de/bruno/hashfunc.html. */
168 string_hash (const void *x)
170 const char *s = (const char *) x;
174 h = *s + ((h << 9) | (h >> (SIZE_BITS - 9)));
180 /* The signal handler. It gets called asynchronously. */
186 /* First close all file descriptors to temporary files. */
188 gl_list_t fds = descriptors;
192 gl_list_iterator_t iter;
195 iter = gl_list_iterator (fds);
196 while (gl_list_iterator_next (&iter, &element, NULL))
198 int fd = (int) (uintptr_t) element;
201 gl_list_iterator_free (&iter);
205 for (i = 0; i < cleanup_list.tempdir_count; i++)
207 struct tempdir *dir = cleanup_list.tempdir_list[i];
211 gl_list_iterator_t iter;
214 /* First cleanup the files in the subdirectories. */
215 iter = gl_list_iterator (dir->files);
216 while (gl_list_iterator_next (&iter, &element, NULL))
218 const char *file = (const char *) element;
221 gl_list_iterator_free (&iter);
223 /* Then cleanup the subdirectories. */
224 iter = gl_list_iterator (dir->subdirs);
225 while (gl_list_iterator_next (&iter, &element, NULL))
227 const char *subdir = (const char *) element;
230 gl_list_iterator_free (&iter);
232 /* Then cleanup the temporary directory itself. */
233 rmdir (dir->dirname);
238 /* Create a temporary directory.
239 PREFIX is used as a prefix for the name of the temporary directory. It
240 should be short and still give an indication about the program.
241 PARENTDIR can be used to specify the parent directory; if NULL, a default
242 parent directory is used (either $TMPDIR or /tmp or similar).
243 CLEANUP_VERBOSE determines whether errors during explicit cleanup are
244 reported to standard error.
245 Return a fresh 'struct temp_dir' on success. Upon error, an error message
246 is shown and NULL is returned. */
248 create_temp_dir (const char *prefix, const char *parentdir,
249 bool cleanup_verbose)
251 struct tempdir * volatile *tmpdirp = NULL;
252 struct tempdir *tmpdir;
257 /* See whether it can take the slot of an earlier temporary directory
258 already cleaned up. */
259 for (i = 0; i < cleanup_list.tempdir_count; i++)
260 if (cleanup_list.tempdir_list[i] == NULL)
262 tmpdirp = &cleanup_list.tempdir_list[i];
267 /* See whether the array needs to be extended. */
268 if (cleanup_list.tempdir_count == cleanup_list.tempdir_allocated)
270 /* Note that we cannot use xrealloc(), because then the cleanup()
271 function could access an already deallocated array. */
272 struct tempdir * volatile *old_array = cleanup_list.tempdir_list;
273 size_t old_allocated = cleanup_list.tempdir_allocated;
274 size_t new_allocated = 2 * cleanup_list.tempdir_allocated + 1;
275 struct tempdir * volatile *new_array =
276 XNMALLOC (new_allocated, struct tempdir * volatile);
278 if (old_allocated == 0)
279 /* First use of this facility. Register the cleanup handler. */
280 at_fatal_signal (&cleanup);
283 /* Don't use memcpy() here, because memcpy takes non-volatile
284 arguments and is therefore not guaranteed to complete all
285 memory stores before the next statement. */
288 for (k = 0; k < old_allocated; k++)
289 new_array[k] = old_array[k];
292 cleanup_list.tempdir_list = new_array;
293 cleanup_list.tempdir_allocated = new_allocated;
295 /* Now we can free the old array. */
296 if (old_array != NULL)
297 free ((struct tempdir **) old_array);
300 tmpdirp = &cleanup_list.tempdir_list[cleanup_list.tempdir_count];
301 /* Initialize *tmpdirp before incrementing tempdir_count, so that
302 cleanup() will skip this entry before it is fully initialized. */
304 cleanup_list.tempdir_count++;
307 /* Initialize a 'struct tempdir'. */
308 tmpdir = XMALLOC (struct tempdir);
309 tmpdir->dirname = NULL;
310 tmpdir->cleanup_verbose = cleanup_verbose;
311 tmpdir->subdirs = gl_list_create_empty (GL_LINKEDHASH_LIST,
312 string_equals, string_hash, false);
313 tmpdir->files = gl_list_create_empty (GL_LINKEDHASH_LIST,
314 string_equals, string_hash, false);
316 /* Create the temporary directory. */
317 xtemplate = (char *) xallocsa (PATH_MAX);
318 if (path_search (xtemplate, PATH_MAX, parentdir, prefix, parentdir == NULL))
321 _("cannot find a temporary directory, try setting $TMPDIR"));
324 block_fatal_signals ();
325 tmpdirname = mkdtemp (xtemplate);
326 if (tmpdirname != NULL)
328 tmpdir->dirname = tmpdirname;
331 unblock_fatal_signals ();
332 if (tmpdirname == NULL)
335 _("cannot create a temporary directory using template \"%s\""),
339 /* Replace tmpdir->dirname with a copy that has indefinite extent.
340 We cannot do this inside the block_fatal_signals/unblock_fatal_signals
341 block because then the cleanup handler would not remove the directory
343 tmpdir->dirname = xstrdup (tmpdirname);
345 return (struct temp_dir *) tmpdir;
352 /* Register the given ABSOLUTE_FILE_NAME as being a file inside DIR, that
353 needs to be removed before DIR can be removed.
354 Should be called before the file ABSOLUTE_FILE_NAME is created. */
356 register_temp_file (struct temp_dir *dir,
357 const char *absolute_file_name)
359 struct tempdir *tmpdir = (struct tempdir *)dir;
361 /* Add absolute_file_name to tmpdir->files, without duplicates. */
362 if (gl_list_search (tmpdir->files, absolute_file_name) == NULL)
363 gl_list_add_first (tmpdir->files, xstrdup (absolute_file_name));
366 /* Unregister the given ABSOLUTE_FILE_NAME as being a file inside DIR, that
367 needs to be removed before DIR can be removed.
368 Should be called when the file ABSOLUTE_FILE_NAME could not be created. */
370 unregister_temp_file (struct temp_dir *dir,
371 const char *absolute_file_name)
373 struct tempdir *tmpdir = (struct tempdir *)dir;
374 gl_list_t list = tmpdir->files;
377 node = gl_list_search (list, absolute_file_name);
380 char *old_string = (char *) gl_list_node_value (list, node);
382 gl_list_remove_node (list, node);
387 /* Register the given ABSOLUTE_DIR_NAME as being a subdirectory inside DIR,
388 that needs to be removed before DIR can be removed.
389 Should be called before the subdirectory ABSOLUTE_DIR_NAME is created. */
391 register_temp_subdir (struct temp_dir *dir,
392 const char *absolute_dir_name)
394 struct tempdir *tmpdir = (struct tempdir *)dir;
396 /* Add absolute_dir_name to tmpdir->subdirs, without duplicates. */
397 if (gl_list_search (tmpdir->subdirs, absolute_dir_name) == NULL)
398 gl_list_add_first (tmpdir->subdirs, xstrdup (absolute_dir_name));
401 /* Unregister the given ABSOLUTE_DIR_NAME as being a subdirectory inside DIR,
402 that needs to be removed before DIR can be removed.
403 Should be called when the subdirectory ABSOLUTE_DIR_NAME could not be
406 unregister_temp_subdir (struct temp_dir *dir,
407 const char *absolute_dir_name)
409 struct tempdir *tmpdir = (struct tempdir *)dir;
410 gl_list_t list = tmpdir->subdirs;
413 node = gl_list_search (list, absolute_dir_name);
416 char *old_string = (char *) gl_list_node_value (list, node);
418 gl_list_remove_node (list, node);
423 /* Remove a file, with optional error message.
424 Return 0 upon success, or -1 if there was some problem. */
426 do_unlink (struct temp_dir *dir, const char *absolute_file_name)
428 if (unlink (absolute_file_name) < 0 && dir->cleanup_verbose
431 error (0, errno, _("cannot remove temporary file %s"), absolute_file_name);
437 /* Remove a directory, with optional error message.
438 Return 0 upon success, or -1 if there was some problem. */
440 do_rmdir (struct temp_dir *dir, const char *absolute_dir_name)
442 if (rmdir (absolute_dir_name) < 0 && dir->cleanup_verbose
446 _("cannot remove temporary directory %s"), absolute_dir_name);
452 /* Remove the given ABSOLUTE_FILE_NAME and unregister it.
453 Return 0 upon success, or -1 if there was some problem. */
455 cleanup_temp_file (struct temp_dir *dir,
456 const char *absolute_file_name)
460 err = do_unlink (dir, absolute_file_name);
461 unregister_temp_file (dir, absolute_file_name);
466 /* Remove the given ABSOLUTE_DIR_NAME and unregister it.
467 Return 0 upon success, or -1 if there was some problem. */
469 cleanup_temp_subdir (struct temp_dir *dir,
470 const char *absolute_dir_name)
474 err = do_rmdir (dir, absolute_dir_name);
475 unregister_temp_subdir (dir, absolute_dir_name);
480 /* Remove all registered files and subdirectories inside DIR.
481 Return 0 upon success, or -1 if there was some problem. */
483 cleanup_temp_dir_contents (struct temp_dir *dir)
485 struct tempdir *tmpdir = (struct tempdir *)dir;
488 gl_list_iterator_t iter;
492 /* First cleanup the files in the subdirectories. */
493 list = tmpdir->files;
494 iter = gl_list_iterator (list);
495 while (gl_list_iterator_next (&iter, &element, &node))
497 char *file = (char *) element;
499 err |= do_unlink (dir, file);
500 gl_list_remove_node (list, node);
501 /* Now only we can free file. */
504 gl_list_iterator_free (&iter);
506 /* Then cleanup the subdirectories. */
507 list = tmpdir->subdirs;
508 iter = gl_list_iterator (list);
509 while (gl_list_iterator_next (&iter, &element, &node))
511 char *subdir = (char *) element;
513 err |= do_rmdir (dir, subdir);
514 gl_list_remove_node (list, node);
515 /* Now only we can free subdir. */
518 gl_list_iterator_free (&iter);
523 /* Remove all registered files and subdirectories inside DIR and DIR itself.
524 DIR cannot be used any more after this call.
525 Return 0 upon success, or -1 if there was some problem. */
527 cleanup_temp_dir (struct temp_dir *dir)
529 struct tempdir *tmpdir = (struct tempdir *)dir;
533 err |= cleanup_temp_dir_contents (dir);
534 err |= do_rmdir (dir, tmpdir->dirname);
536 for (i = 0; i < cleanup_list.tempdir_count; i++)
537 if (cleanup_list.tempdir_list[i] == tmpdir)
539 /* Remove cleanup_list.tempdir_list[i]. */
540 if (i + 1 == cleanup_list.tempdir_count)
542 while (i > 0 && cleanup_list.tempdir_list[i - 1] == NULL)
544 cleanup_list.tempdir_count = i;
547 cleanup_list.tempdir_list[i] = NULL;
548 /* Now only we can free the tmpdir->dirname and tmpdir itself. */
549 free (tmpdir->dirname);
554 /* The user passed an invalid DIR argument. */
559 /* Register a file descriptor to be closed. */
563 if (descriptors == NULL)
564 descriptors = gl_list_create_empty (GL_LINKEDHASH_LIST, NULL, NULL, false);
565 gl_list_add_first (descriptors, (void *) (uintptr_t) fd);
568 /* Unregister a file descriptor to be closed. */
570 unregister_fd (int fd)
572 gl_list_t fds = descriptors;
576 /* descriptors should already contain fd. */
578 node = gl_list_search (fds, (void *) (uintptr_t) fd);
580 /* descriptors should already contain fd. */
582 gl_list_remove_node (fds, node);
585 /* Open a temporary file in a temporary directory.
586 Registers the resulting file descriptor to be closed. */
588 open_temp (const char *file_name, int flags, mode_t mode)
593 block_fatal_signals ();
594 fd = open (file_name, flags, mode); /* actually open or open_safer */
598 unblock_fatal_signals ();
603 /* Open a temporary file in a temporary directory.
604 Registers the resulting file descriptor to be closed. */
606 fopen_temp (const char *file_name, const char *mode)
611 block_fatal_signals ();
612 fp = fopen (file_name, mode); /* actually fopen or fopen_safer */
616 /* It is sufficient to register fileno (fp) instead of the entire fp,
617 because at cleanup time there is no need to do an fflush (fp); a
618 close (fileno (fp)) will be enough. */
619 int fd = fileno (fp);
624 unblock_fatal_signals ();
629 /* Close a temporary file in a temporary directory.
630 Unregisters the previously registered file descriptor. */
636 /* No blocking of signals is needed here, since a double close of a
637 file descriptor is harmless. */
638 int result = close (fd);
639 int saved_errno = errno;
641 /* No race condition here: we assume a single-threaded program, hence
642 fd cannot be re-opened here. */
653 /* Close a temporary file in a temporary directory.
654 Unregisters the previously registered file descriptor. */
656 fclose_temp (FILE *fp)
658 int fd = fileno (fp);
659 /* No blocking of signals is needed here, since a double close of a
660 file descriptor is harmless. */
661 int result = fclose (fp);
662 int saved_errno = errno;
664 /* No race condition here: we assume a single-threaded program, hence
665 fd cannot be re-opened here. */
673 #if GNULIB_FWRITEERROR
675 Unregisters the previously registered file descriptor. */
677 fwriteerror_temp (FILE *fp)
679 int fd = fileno (fp);
680 /* No blocking of signals is needed here, since a double close of a
681 file descriptor is harmless. */
682 int result = fwriteerror (fp);
683 int saved_errno = errno;
685 /* No race condition here: we assume a single-threaded program, hence
686 fd cannot be re-opened here. */
695 #if GNULIB_CLOSE_STREAM
696 /* Like close_stream.
697 Unregisters the previously registered file descriptor. */
699 close_stream_temp (FILE *fp)
701 int fd = fileno (fp);
702 /* No blocking of signals is needed here, since a double close of a
703 file descriptor is harmless. */
704 int result = close_stream (fp);
705 int saved_errno = errno;
707 /* No race condition here: we assume a single-threaded program, hence
708 fd cannot be re-opened here. */