1 /* Temporary directories and temporary files with automatic cleanup.
2 Copyright (C) 2001, 2003, 2006 Free Software Foundation, Inc.
3 Written by Bruno Haible <bruno@clisp.org>, 2006.
5 This program is free software; you can redistribute it and/or modify
6 it under the terms of the GNU General Public License as published by
7 the Free Software Foundation; either version 2, or (at your option)
10 This program is distributed in the hope that it will be useful,
11 but WITHOUT ANY WARRANTY; without even the implied warranty of
12 MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
13 GNU General Public License for more details.
15 You should have received a copy of the GNU General Public License
16 along with this program; if not, write to the Free Software Foundation,
17 Inc., 51 Franklin Street, Fifth Floor, Boston, MA 02110-1301, USA. */
23 #include "clean-temp.h"
34 #include "fatal-signal.h"
40 #include "gl_linkedhash_list.h"
42 #if GNULIB_CLOSE_STREAM
43 # include "close-stream.h"
45 #if GNULIB_FCNTL_SAFER
48 #if GNULIB_FOPEN_SAFER
52 #define _(str) gettext (str)
54 /* GNU Hurd doesn't have PATH_MAX. */
57 # define PATH_MAX MAXPATHLEN
59 # define PATH_MAX 1024
64 # define uintptr_t unsigned long
68 /* The use of 'volatile' in the types below (and ISO C 99 section 5.1.2.3.(5))
69 ensure that while constructing or modifying the data structures, the field
70 values are written to memory in the order of the C statements. So the
71 signal handler can rely on these field values to be up to date. */
74 /* Registry for a single temporary directory.
75 'struct temp_dir' from the public header file overlaps with this. */
78 /* The absolute pathname of the directory. */
79 char * volatile dirname;
80 /* Whether errors during explicit cleanup are reported to standard error. */
82 /* Absolute pathnames of subdirectories. */
83 gl_list_t /* <char *> */ volatile subdirs;
84 /* Absolute pathnames of files. */
85 gl_list_t /* <char *> */ volatile files;
88 /* List of all temporary directories. */
91 struct tempdir * volatile * volatile tempdir_list;
92 size_t volatile tempdir_count;
93 size_t tempdir_allocated;
94 } cleanup_list /* = { NULL, 0, 0 } */;
96 /* List of all open file descriptors to temporary files. */
97 static gl_list_t /* <int> */ volatile descriptors;
100 /* For the subdirs and for the files, we use a gl_list_t of type LINKEDHASH.
101 Why? We need a data structure that
103 1) Can contain an arbitrary number of 'char *' values. The strings
104 are compared via strcmp, not pointer comparison.
105 2) Has insertion and deletion operations that are fast: ideally O(1),
106 or possibly O(log n). This is important for GNU sort, which may
107 create a large number of temporary files.
108 3) Allows iteration through all elements from within a signal handler.
109 4) May or may not allow duplicates. It doesn't matter here, since
110 any file or subdir can only be removed once.
112 Criterion 1) would allow any gl_list_t or gl_oset_t implementation.
114 Criterion 2) leaves only GL_LINKEDHASH_LIST, GL_TREEHASH_LIST, or
117 Criterion 3) puts at disadvantage GL_TREEHASH_LIST and GL_TREE_OSET.
118 Namely, iteration through the elements of a binary tree requires access
119 to many ->left, ->right, ->parent pointers. However, the rebalancing
120 code for insertion and deletion in an AVL or red-black tree is so
121 complicated that we cannot assume that >left, ->right, ->parent pointers
122 are in a consistent state throughout these operations. Therefore, to
123 avoid a crash in the signal handler, all destructive operations to the
124 lists would have to be protected by a
125 block_fatal_signals ();
127 unblock_fatal_signals ();
128 pair. Which causes extra system calls.
130 Criterion 3) would also discourage GL_ARRAY_LIST and GL_CARRAY_LIST,
131 if they were not already excluded. Namely, these implementations use
132 xrealloc(), leaving a time window in which in the list->elements pointer
133 points to already deallocated memory. To avoid a crash in the signal
134 handler at such a moment, all destructive operations would have to
135 protected by block/unblock_fatal_signals (), in this case too.
137 A list of type GL_LINKEDHASH_LIST without duplicates fulfills all
139 2) Insertion and deletion are O(1) on average.
140 3) The gl_list_iterator, gl_list_iterator_next implementations do
141 not trigger memory allocations, nor other system calls, and are
142 therefore safe to be called from a signal handler.
143 Furthermore, since SIGNAL_SAFE_LIST is defined, the implementation
144 of the destructive functions ensures that the list structure is
145 safe to be traversed at any moment, even when interrupted by an
149 /* String equality and hash code functions used by the lists. */
152 string_equals (const void *x1, const void *x2)
156 return strcmp (s1, s2) == 0;
159 #define SIZE_BITS (sizeof (size_t) * CHAR_BIT)
161 /* A hash function for NUL-terminated char* strings using
162 the method described by Bruno Haible.
163 See http://www.haible.de/bruno/hashfunc.html. */
165 string_hash (const void *x)
171 h = *s + ((h << 9) | (h >> (SIZE_BITS - 9)));
177 /* The signal handler. It gets called asynchronously. */
183 /* First close all file descriptors to temporary files. */
185 gl_list_t fds = descriptors;
189 gl_list_iterator_t iter;
192 iter = gl_list_iterator (fds);
193 while (gl_list_iterator_next (&iter, &element, NULL))
195 int fd = (int) (uintptr_t) element;
198 gl_list_iterator_free (&iter);
202 for (i = 0; i < cleanup_list.tempdir_count; i++)
204 struct tempdir *dir = cleanup_list.tempdir_list[i];
208 gl_list_iterator_t iter;
211 /* First cleanup the files in the subdirectories. */
212 iter = gl_list_iterator (dir->files);
213 while (gl_list_iterator_next (&iter, &element, NULL))
215 const char *file = (const char *) element;
218 gl_list_iterator_free (&iter);
220 /* Then cleanup the subdirectories. */
221 iter = gl_list_iterator (dir->subdirs);
222 while (gl_list_iterator_next (&iter, &element, NULL))
224 const char *subdir = (const char *) element;
227 gl_list_iterator_free (&iter);
229 /* Then cleanup the temporary directory itself. */
230 rmdir (dir->dirname);
235 /* Create a temporary directory.
236 PREFIX is used as a prefix for the name of the temporary directory. It
237 should be short and still give an indication about the program.
238 PARENTDIR can be used to specify the parent directory; if NULL, a default
239 parent directory is used (either $TMPDIR or /tmp or similar).
240 CLEANUP_VERBOSE determines whether errors during explicit cleanup are
241 reported to standard error.
242 Return a fresh 'struct temp_dir' on success. Upon error, an error message
243 is shown and NULL is returned. */
245 create_temp_dir (const char *prefix, const char *parentdir,
246 bool cleanup_verbose)
248 struct tempdir * volatile *tmpdirp = NULL;
249 struct tempdir *tmpdir;
254 /* See whether it can take the slot of an earlier temporary directory
255 already cleaned up. */
256 for (i = 0; i < cleanup_list.tempdir_count; i++)
257 if (cleanup_list.tempdir_list[i] == NULL)
259 tmpdirp = &cleanup_list.tempdir_list[i];
264 /* See whether the array needs to be extended. */
265 if (cleanup_list.tempdir_count == cleanup_list.tempdir_allocated)
267 /* Note that we cannot use xrealloc(), because then the cleanup()
268 function could access an already deallocated array. */
269 struct tempdir * volatile *old_array = cleanup_list.tempdir_list;
270 size_t old_allocated = cleanup_list.tempdir_allocated;
271 size_t new_allocated = 2 * cleanup_list.tempdir_allocated + 1;
272 struct tempdir * volatile *new_array =
273 (struct tempdir * volatile *)
274 xmalloc (new_allocated * sizeof (struct tempdir * volatile));
276 if (old_allocated == 0)
277 /* First use of this facility. Register the cleanup handler. */
278 at_fatal_signal (&cleanup);
281 /* Don't use memcpy() here, because memcpy takes non-volatile
282 arguments and is therefore not guaranteed to complete all
283 memory stores before the next statement. */
286 for (k = 0; k < old_allocated; k++)
287 new_array[k] = old_array[k];
290 cleanup_list.tempdir_list = new_array;
291 cleanup_list.tempdir_allocated = new_allocated;
293 /* Now we can free the old array. */
294 if (old_array != NULL)
295 free ((struct tempdir **) old_array);
298 tmpdirp = &cleanup_list.tempdir_list[cleanup_list.tempdir_count];
299 /* Initialize *tmpdirp before incrementing tempdir_count, so that
300 cleanup() will skip this entry before it is fully initialized. */
302 cleanup_list.tempdir_count++;
305 /* Initialize a 'struct tempdir'. */
306 tmpdir = (struct tempdir *) xmalloc (sizeof (struct tempdir));
307 tmpdir->dirname = NULL;
308 tmpdir->cleanup_verbose = cleanup_verbose;
309 tmpdir->subdirs = gl_list_create_empty (GL_LINKEDHASH_LIST,
310 string_equals, string_hash, false);
311 tmpdir->files = gl_list_create_empty (GL_LINKEDHASH_LIST,
312 string_equals, string_hash, false);
314 /* Create the temporary directory. */
315 template = (char *) xallocsa (PATH_MAX);
316 if (path_search (template, PATH_MAX, parentdir, prefix, parentdir == NULL))
319 _("cannot find a temporary directory, try setting $TMPDIR"));
322 block_fatal_signals ();
323 tmpdirname = mkdtemp (template);
324 if (tmpdirname != NULL)
326 tmpdir->dirname = tmpdirname;
329 unblock_fatal_signals ();
330 if (tmpdirname == NULL)
333 _("cannot create a temporary directory using template \"%s\""),
337 /* Replace tmpdir->dirname with a copy that has indefinite extent.
338 We cannot do this inside the block_fatal_signals/unblock_fatal_signals
339 block because then the cleanup handler would not remove the directory
341 tmpdir->dirname = xstrdup (tmpdirname);
343 return (struct temp_dir *) tmpdir;
350 /* Register the given ABSOLUTE_FILE_NAME as being a file inside DIR, that
351 needs to be removed before DIR can be removed.
352 Should be called before the file ABSOLUTE_FILE_NAME is created. */
354 register_temp_file (struct temp_dir *dir,
355 const char *absolute_file_name)
357 struct tempdir *tmpdir = (struct tempdir *)dir;
359 /* Add absolute_file_name to tmpdir->files, without duplicates. */
360 if (gl_list_search (tmpdir->files, absolute_file_name) == NULL)
361 gl_list_add_first (tmpdir->files, xstrdup (absolute_file_name));
364 /* Unregister the given ABSOLUTE_FILE_NAME as being a file inside DIR, that
365 needs to be removed before DIR can be removed.
366 Should be called when the file ABSOLUTE_FILE_NAME could not be created. */
368 unregister_temp_file (struct temp_dir *dir,
369 const char *absolute_file_name)
371 struct tempdir *tmpdir = (struct tempdir *)dir;
372 gl_list_t list = tmpdir->files;
375 node = gl_list_search (list, absolute_file_name);
378 char *old_string = (char *) gl_list_node_value (list, node);
380 gl_list_remove_node (list, node);
385 /* Register the given ABSOLUTE_DIR_NAME as being a subdirectory inside DIR,
386 that needs to be removed before DIR can be removed.
387 Should be called before the subdirectory ABSOLUTE_DIR_NAME is created. */
389 register_temp_subdir (struct temp_dir *dir,
390 const char *absolute_dir_name)
392 struct tempdir *tmpdir = (struct tempdir *)dir;
394 /* Add absolute_dir_name to tmpdir->subdirs, without duplicates. */
395 if (gl_list_search (tmpdir->subdirs, absolute_dir_name) == NULL)
396 gl_list_add_first (tmpdir->subdirs, xstrdup (absolute_dir_name));
399 /* Unregister the given ABSOLUTE_DIR_NAME as being a subdirectory inside DIR,
400 that needs to be removed before DIR can be removed.
401 Should be called when the subdirectory ABSOLUTE_DIR_NAME could not be
404 unregister_temp_subdir (struct temp_dir *dir,
405 const char *absolute_dir_name)
407 struct tempdir *tmpdir = (struct tempdir *)dir;
408 gl_list_t list = tmpdir->subdirs;
411 node = gl_list_search (list, absolute_dir_name);
414 char *old_string = (char *) gl_list_node_value (list, node);
416 gl_list_remove_node (list, node);
421 /* Remove a file, with optional error message.
422 Return 0 upon success, or -1 if there was some problem. */
424 do_unlink (struct temp_dir *dir, const char *absolute_file_name)
426 if (unlink (absolute_file_name) < 0 && dir->cleanup_verbose
429 error (0, errno, _("cannot remove temporary file %s"), absolute_file_name);
435 /* Remove a directory, with optional error message.
436 Return 0 upon success, or -1 if there was some problem. */
438 do_rmdir (struct temp_dir *dir, const char *absolute_dir_name)
440 if (rmdir (absolute_dir_name) < 0 && dir->cleanup_verbose
444 _("cannot remove temporary directory %s"), absolute_dir_name);
450 /* Remove the given ABSOLUTE_FILE_NAME and unregister it.
451 Return 0 upon success, or -1 if there was some problem. */
453 cleanup_temp_file (struct temp_dir *dir,
454 const char *absolute_file_name)
458 err = do_unlink (dir, absolute_file_name);
459 unregister_temp_file (dir, absolute_file_name);
464 /* Remove the given ABSOLUTE_DIR_NAME and unregister it.
465 Return 0 upon success, or -1 if there was some problem. */
467 cleanup_temp_subdir (struct temp_dir *dir,
468 const char *absolute_dir_name)
472 err = do_rmdir (dir, absolute_dir_name);
473 unregister_temp_subdir (dir, absolute_dir_name);
478 /* Remove all registered files and subdirectories inside DIR.
479 Return 0 upon success, or -1 if there was some problem. */
481 cleanup_temp_dir_contents (struct temp_dir *dir)
483 struct tempdir *tmpdir = (struct tempdir *)dir;
486 gl_list_iterator_t iter;
490 /* First cleanup the files in the subdirectories. */
491 list = tmpdir->files;
492 iter = gl_list_iterator (list);
493 while (gl_list_iterator_next (&iter, &element, &node))
495 char *file = (char *) element;
497 err |= do_unlink (dir, file);
498 gl_list_remove_node (list, node);
499 /* Now only we can free file. */
502 gl_list_iterator_free (&iter);
504 /* Then cleanup the subdirectories. */
505 list = tmpdir->subdirs;
506 iter = gl_list_iterator (list);
507 while (gl_list_iterator_next (&iter, &element, &node))
509 char *subdir = (char *) element;
511 err |= do_rmdir (dir, subdir);
512 gl_list_remove_node (list, node);
513 /* Now only we can free subdir. */
516 gl_list_iterator_free (&iter);
521 /* Remove all registered files and subdirectories inside DIR and DIR itself.
522 DIR cannot be used any more after this call.
523 Return 0 upon success, or -1 if there was some problem. */
525 cleanup_temp_dir (struct temp_dir *dir)
527 struct tempdir *tmpdir = (struct tempdir *)dir;
531 err |= cleanup_temp_dir_contents (dir);
532 err |= do_rmdir (dir, tmpdir->dirname);
534 for (i = 0; i < cleanup_list.tempdir_count; i++)
535 if (cleanup_list.tempdir_list[i] == tmpdir)
537 /* Remove cleanup_list.tempdir_list[i]. */
538 if (i + 1 == cleanup_list.tempdir_count)
540 while (i > 0 && cleanup_list.tempdir_list[i - 1] == NULL)
542 cleanup_list.tempdir_count = i;
545 cleanup_list.tempdir_list[i] = NULL;
546 /* Now only we can free the tmpdir->dirname and tmpdir itself. */
547 free (tmpdir->dirname);
552 /* The user passed an invalid DIR argument. */
557 /* Register a file descriptor to be closed. */
561 if (descriptors == NULL)
562 descriptors = gl_list_create_empty (GL_LINKEDHASH_LIST, NULL, NULL, false);
563 gl_list_add_first (descriptors, (void *) (uintptr_t) fd);
566 /* Unregister a file descriptor to be closed. */
568 unregister_fd (int fd)
570 gl_list_t fds = descriptors;
574 /* descriptors should already contain fd. */
576 node = gl_list_search (fds, (void *) (uintptr_t) fd);
578 /* descriptors should already contain fd. */
580 gl_list_remove_node (fds, node);
583 /* Open a temporary file in a temporary directory.
584 Registers the resulting file descriptor to be closed. */
586 open_temp (const char *file_name, int flags, mode_t mode)
591 block_fatal_signals ();
592 fd = open (file_name, flags, mode); /* actually open or open_safer */
596 unblock_fatal_signals ();
601 /* Open a temporary file in a temporary directory.
602 Registers the resulting file descriptor to be closed. */
604 fopen_temp (const char *file_name, const char *mode)
609 block_fatal_signals ();
610 fp = fopen (file_name, mode); /* actually fopen or fopen_safer */
614 /* It is sufficient to register fileno (fp) instead of the entire fp,
615 because at cleanup time there is no need to do an fflush (fp); a
616 close (fileno (fp)) will be enough. */
617 int fd = fileno (fp);
622 unblock_fatal_signals ();
627 /* Close a temporary file in a temporary directory.
628 Unregisters the previously registered file descriptor. */
634 /* No blocking of signals is needed here, since a double close of a
635 file descriptor is harmless. */
636 int result = close (fd);
637 int saved_errno = errno;
639 /* No race condition here: we assume a single-threaded program, hence
640 fd cannot be re-opened here. */
651 /* Close a temporary file in a temporary directory.
652 Unregisters the previously registered file descriptor. */
654 fclose_temp (FILE *fp)
656 int fd = fileno (fp);
657 /* No blocking of signals is needed here, since a double close of a
658 file descriptor is harmless. */
659 int result = fclose (fp);
660 int saved_errno = errno;
662 /* No race condition here: we assume a single-threaded program, hence
663 fd cannot be re-opened here. */
671 #if GNULIB_FWRITEERROR
673 Unregisters the previously registered file descriptor. */
675 fwriteerror_temp (FILE *fp)
677 int fd = fileno (fp);
678 /* No blocking of signals is needed here, since a double close of a
679 file descriptor is harmless. */
680 int result = fwriteerror (fp);
681 int saved_errno = errno;
683 /* No race condition here: we assume a single-threaded program, hence
684 fd cannot be re-opened here. */
693 #if GNULIB_CLOSE_STREAM
694 /* Like close_stream.
695 Unregisters the previously registered file descriptor. */
697 close_stream_temp (FILE *fp)
699 int fd = fileno (fp);
700 /* No blocking of signals is needed here, since a double close of a
701 file descriptor is harmless. */
702 int result = close_stream (fp);
703 int saved_errno = errno;
705 /* No race condition here: we assume a single-threaded program, hence
706 fd cannot be re-opened here. */