1 /* Temporary directories and temporary files with automatic cleanup.
2 Copyright (C) 2001, 2003, 2006-2007 Free Software Foundation, Inc.
3 Written by Bruno Haible <bruno@clisp.org>, 2006.
5 This program is free software; you can redistribute it and/or modify
6 it under the terms of the GNU General Public License as published by
7 the Free Software Foundation; either version 2, or (at your option)
10 This program is distributed in the hope that it will be useful,
11 but WITHOUT ANY WARRANTY; without even the implied warranty of
12 MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
13 GNU General Public License for more details.
15 You should have received a copy of the GNU General Public License
16 along with this program; if not, write to the Free Software Foundation,
17 Inc., 51 Franklin Street, Fifth Floor, Boston, MA 02110-1301, USA. */
23 #include "clean-temp.h"
33 #if (defined _WIN32 || defined __WIN32__) && ! defined __CYGWIN__
34 # define WIN32_LEAN_AND_MEAN /* avoid including junk */
39 #include "fatal-signal.h"
44 #include "gl_linkedhash_list.h"
46 #if GNULIB_FWRITEERROR
47 # include "fwriteerror.h"
49 #if GNULIB_CLOSE_STREAM
50 # include "close-stream.h"
52 #if GNULIB_FCNTL_SAFER
55 #if GNULIB_FOPEN_SAFER
59 #define _(str) gettext (str)
61 /* GNU Hurd doesn't have PATH_MAX. */
64 # define PATH_MAX MAXPATHLEN
66 # define PATH_MAX 1024
71 # define uintptr_t unsigned long
74 #if !GNULIB_FCNTL_SAFER
75 /* The results of open() in this file are not used with fchdir,
76 therefore save some unnecessary work in fchdir.c. */
82 /* The use of 'volatile' in the types below (and ISO C 99 section 5.1.2.3.(5))
83 ensure that while constructing or modifying the data structures, the field
84 values are written to memory in the order of the C statements. So the
85 signal handler can rely on these field values to be up to date. */
88 /* Registry for a single temporary directory.
89 'struct temp_dir' from the public header file overlaps with this. */
92 /* The absolute pathname of the directory. */
93 char * volatile dirname;
94 /* Whether errors during explicit cleanup are reported to standard error. */
96 /* Absolute pathnames of subdirectories. */
97 gl_list_t /* <char *> */ volatile subdirs;
98 /* Absolute pathnames of files. */
99 gl_list_t /* <char *> */ volatile files;
102 /* List of all temporary directories. */
105 struct tempdir * volatile * volatile tempdir_list;
106 size_t volatile tempdir_count;
107 size_t tempdir_allocated;
108 } cleanup_list /* = { NULL, 0, 0 } */;
110 /* List of all open file descriptors to temporary files. */
111 static gl_list_t /* <int> */ volatile descriptors;
114 /* For the subdirs and for the files, we use a gl_list_t of type LINKEDHASH.
115 Why? We need a data structure that
117 1) Can contain an arbitrary number of 'char *' values. The strings
118 are compared via strcmp, not pointer comparison.
119 2) Has insertion and deletion operations that are fast: ideally O(1),
120 or possibly O(log n). This is important for GNU sort, which may
121 create a large number of temporary files.
122 3) Allows iteration through all elements from within a signal handler.
123 4) May or may not allow duplicates. It doesn't matter here, since
124 any file or subdir can only be removed once.
126 Criterion 1) would allow any gl_list_t or gl_oset_t implementation.
128 Criterion 2) leaves only GL_LINKEDHASH_LIST, GL_TREEHASH_LIST, or
131 Criterion 3) puts at disadvantage GL_TREEHASH_LIST and GL_TREE_OSET.
132 Namely, iteration through the elements of a binary tree requires access
133 to many ->left, ->right, ->parent pointers. However, the rebalancing
134 code for insertion and deletion in an AVL or red-black tree is so
135 complicated that we cannot assume that >left, ->right, ->parent pointers
136 are in a consistent state throughout these operations. Therefore, to
137 avoid a crash in the signal handler, all destructive operations to the
138 lists would have to be protected by a
139 block_fatal_signals ();
141 unblock_fatal_signals ();
142 pair. Which causes extra system calls.
144 Criterion 3) would also discourage GL_ARRAY_LIST and GL_CARRAY_LIST,
145 if they were not already excluded. Namely, these implementations use
146 xrealloc(), leaving a time window in which in the list->elements pointer
147 points to already deallocated memory. To avoid a crash in the signal
148 handler at such a moment, all destructive operations would have to
149 protected by block/unblock_fatal_signals (), in this case too.
151 A list of type GL_LINKEDHASH_LIST without duplicates fulfills all
153 2) Insertion and deletion are O(1) on average.
154 3) The gl_list_iterator, gl_list_iterator_next implementations do
155 not trigger memory allocations, nor other system calls, and are
156 therefore safe to be called from a signal handler.
157 Furthermore, since SIGNAL_SAFE_LIST is defined, the implementation
158 of the destructive functions ensures that the list structure is
159 safe to be traversed at any moment, even when interrupted by an
163 /* String equality and hash code functions used by the lists. */
166 string_equals (const void *x1, const void *x2)
168 const char *s1 = (const char *) x1;
169 const char *s2 = (const char *) x2;
170 return strcmp (s1, s2) == 0;
173 #define SIZE_BITS (sizeof (size_t) * CHAR_BIT)
175 /* A hash function for NUL-terminated char* strings using
176 the method described by Bruno Haible.
177 See http://www.haible.de/bruno/hashfunc.html. */
179 string_hash (const void *x)
181 const char *s = (const char *) x;
185 h = *s + ((h << 9) | (h >> (SIZE_BITS - 9)));
191 /* The signal handler. It gets called asynchronously. */
197 /* First close all file descriptors to temporary files. */
199 gl_list_t fds = descriptors;
203 gl_list_iterator_t iter;
206 iter = gl_list_iterator (fds);
207 while (gl_list_iterator_next (&iter, &element, NULL))
209 int fd = (int) (uintptr_t) element;
212 gl_list_iterator_free (&iter);
216 for (i = 0; i < cleanup_list.tempdir_count; i++)
218 struct tempdir *dir = cleanup_list.tempdir_list[i];
222 gl_list_iterator_t iter;
225 /* First cleanup the files in the subdirectories. */
226 iter = gl_list_iterator (dir->files);
227 while (gl_list_iterator_next (&iter, &element, NULL))
229 const char *file = (const char *) element;
232 gl_list_iterator_free (&iter);
234 /* Then cleanup the subdirectories. */
235 iter = gl_list_iterator (dir->subdirs);
236 while (gl_list_iterator_next (&iter, &element, NULL))
238 const char *subdir = (const char *) element;
241 gl_list_iterator_free (&iter);
243 /* Then cleanup the temporary directory itself. */
244 rmdir (dir->dirname);
249 /* Create a temporary directory.
250 PREFIX is used as a prefix for the name of the temporary directory. It
251 should be short and still give an indication about the program.
252 PARENTDIR can be used to specify the parent directory; if NULL, a default
253 parent directory is used (either $TMPDIR or /tmp or similar).
254 CLEANUP_VERBOSE determines whether errors during explicit cleanup are
255 reported to standard error.
256 Return a fresh 'struct temp_dir' on success. Upon error, an error message
257 is shown and NULL is returned. */
259 create_temp_dir (const char *prefix, const char *parentdir,
260 bool cleanup_verbose)
262 struct tempdir * volatile *tmpdirp = NULL;
263 struct tempdir *tmpdir;
268 /* See whether it can take the slot of an earlier temporary directory
269 already cleaned up. */
270 for (i = 0; i < cleanup_list.tempdir_count; i++)
271 if (cleanup_list.tempdir_list[i] == NULL)
273 tmpdirp = &cleanup_list.tempdir_list[i];
278 /* See whether the array needs to be extended. */
279 if (cleanup_list.tempdir_count == cleanup_list.tempdir_allocated)
281 /* Note that we cannot use xrealloc(), because then the cleanup()
282 function could access an already deallocated array. */
283 struct tempdir * volatile *old_array = cleanup_list.tempdir_list;
284 size_t old_allocated = cleanup_list.tempdir_allocated;
285 size_t new_allocated = 2 * cleanup_list.tempdir_allocated + 1;
286 struct tempdir * volatile *new_array =
287 XNMALLOC (new_allocated, struct tempdir * volatile);
289 if (old_allocated == 0)
290 /* First use of this facility. Register the cleanup handler. */
291 at_fatal_signal (&cleanup);
294 /* Don't use memcpy() here, because memcpy takes non-volatile
295 arguments and is therefore not guaranteed to complete all
296 memory stores before the next statement. */
299 for (k = 0; k < old_allocated; k++)
300 new_array[k] = old_array[k];
303 cleanup_list.tempdir_list = new_array;
304 cleanup_list.tempdir_allocated = new_allocated;
306 /* Now we can free the old array. */
307 if (old_array != NULL)
308 free ((struct tempdir **) old_array);
311 tmpdirp = &cleanup_list.tempdir_list[cleanup_list.tempdir_count];
312 /* Initialize *tmpdirp before incrementing tempdir_count, so that
313 cleanup() will skip this entry before it is fully initialized. */
315 cleanup_list.tempdir_count++;
318 /* Initialize a 'struct tempdir'. */
319 tmpdir = XMALLOC (struct tempdir);
320 tmpdir->dirname = NULL;
321 tmpdir->cleanup_verbose = cleanup_verbose;
322 tmpdir->subdirs = gl_list_create_empty (GL_LINKEDHASH_LIST,
323 string_equals, string_hash, NULL,
325 tmpdir->files = gl_list_create_empty (GL_LINKEDHASH_LIST,
326 string_equals, string_hash, NULL,
329 /* Create the temporary directory. */
330 xtemplate = (char *) xallocsa (PATH_MAX);
331 if (path_search (xtemplate, PATH_MAX, parentdir, prefix, parentdir == NULL))
334 _("cannot find a temporary directory, try setting $TMPDIR"));
337 block_fatal_signals ();
338 tmpdirname = mkdtemp (xtemplate);
339 if (tmpdirname != NULL)
341 tmpdir->dirname = tmpdirname;
344 unblock_fatal_signals ();
345 if (tmpdirname == NULL)
348 _("cannot create a temporary directory using template \"%s\""),
352 /* Replace tmpdir->dirname with a copy that has indefinite extent.
353 We cannot do this inside the block_fatal_signals/unblock_fatal_signals
354 block because then the cleanup handler would not remove the directory
356 tmpdir->dirname = xstrdup (tmpdirname);
358 return (struct temp_dir *) tmpdir;
365 /* Register the given ABSOLUTE_FILE_NAME as being a file inside DIR, that
366 needs to be removed before DIR can be removed.
367 Should be called before the file ABSOLUTE_FILE_NAME is created. */
369 register_temp_file (struct temp_dir *dir,
370 const char *absolute_file_name)
372 struct tempdir *tmpdir = (struct tempdir *)dir;
374 /* Add absolute_file_name to tmpdir->files, without duplicates. */
375 if (gl_list_search (tmpdir->files, absolute_file_name) == NULL)
376 gl_list_add_first (tmpdir->files, xstrdup (absolute_file_name));
379 /* Unregister the given ABSOLUTE_FILE_NAME as being a file inside DIR, that
380 needs to be removed before DIR can be removed.
381 Should be called when the file ABSOLUTE_FILE_NAME could not be created. */
383 unregister_temp_file (struct temp_dir *dir,
384 const char *absolute_file_name)
386 struct tempdir *tmpdir = (struct tempdir *)dir;
387 gl_list_t list = tmpdir->files;
390 node = gl_list_search (list, absolute_file_name);
393 char *old_string = (char *) gl_list_node_value (list, node);
395 gl_list_remove_node (list, node);
400 /* Register the given ABSOLUTE_DIR_NAME as being a subdirectory inside DIR,
401 that needs to be removed before DIR can be removed.
402 Should be called before the subdirectory ABSOLUTE_DIR_NAME is created. */
404 register_temp_subdir (struct temp_dir *dir,
405 const char *absolute_dir_name)
407 struct tempdir *tmpdir = (struct tempdir *)dir;
409 /* Add absolute_dir_name to tmpdir->subdirs, without duplicates. */
410 if (gl_list_search (tmpdir->subdirs, absolute_dir_name) == NULL)
411 gl_list_add_first (tmpdir->subdirs, xstrdup (absolute_dir_name));
414 /* Unregister the given ABSOLUTE_DIR_NAME as being a subdirectory inside DIR,
415 that needs to be removed before DIR can be removed.
416 Should be called when the subdirectory ABSOLUTE_DIR_NAME could not be
419 unregister_temp_subdir (struct temp_dir *dir,
420 const char *absolute_dir_name)
422 struct tempdir *tmpdir = (struct tempdir *)dir;
423 gl_list_t list = tmpdir->subdirs;
426 node = gl_list_search (list, absolute_dir_name);
429 char *old_string = (char *) gl_list_node_value (list, node);
431 gl_list_remove_node (list, node);
436 /* Remove a file, with optional error message.
437 Return 0 upon success, or -1 if there was some problem. */
439 do_unlink (struct temp_dir *dir, const char *absolute_file_name)
441 if (unlink (absolute_file_name) < 0 && dir->cleanup_verbose
444 error (0, errno, _("cannot remove temporary file %s"), absolute_file_name);
450 /* Remove a directory, with optional error message.
451 Return 0 upon success, or -1 if there was some problem. */
453 do_rmdir (struct temp_dir *dir, const char *absolute_dir_name)
455 if (rmdir (absolute_dir_name) < 0 && dir->cleanup_verbose
459 _("cannot remove temporary directory %s"), absolute_dir_name);
465 /* Remove the given ABSOLUTE_FILE_NAME and unregister it.
466 Return 0 upon success, or -1 if there was some problem. */
468 cleanup_temp_file (struct temp_dir *dir,
469 const char *absolute_file_name)
473 err = do_unlink (dir, absolute_file_name);
474 unregister_temp_file (dir, absolute_file_name);
479 /* Remove the given ABSOLUTE_DIR_NAME and unregister it.
480 Return 0 upon success, or -1 if there was some problem. */
482 cleanup_temp_subdir (struct temp_dir *dir,
483 const char *absolute_dir_name)
487 err = do_rmdir (dir, absolute_dir_name);
488 unregister_temp_subdir (dir, absolute_dir_name);
493 /* Remove all registered files and subdirectories inside DIR.
494 Return 0 upon success, or -1 if there was some problem. */
496 cleanup_temp_dir_contents (struct temp_dir *dir)
498 struct tempdir *tmpdir = (struct tempdir *)dir;
501 gl_list_iterator_t iter;
505 /* First cleanup the files in the subdirectories. */
506 list = tmpdir->files;
507 iter = gl_list_iterator (list);
508 while (gl_list_iterator_next (&iter, &element, &node))
510 char *file = (char *) element;
512 err |= do_unlink (dir, file);
513 gl_list_remove_node (list, node);
514 /* Now only we can free file. */
517 gl_list_iterator_free (&iter);
519 /* Then cleanup the subdirectories. */
520 list = tmpdir->subdirs;
521 iter = gl_list_iterator (list);
522 while (gl_list_iterator_next (&iter, &element, &node))
524 char *subdir = (char *) element;
526 err |= do_rmdir (dir, subdir);
527 gl_list_remove_node (list, node);
528 /* Now only we can free subdir. */
531 gl_list_iterator_free (&iter);
536 /* Remove all registered files and subdirectories inside DIR and DIR itself.
537 DIR cannot be used any more after this call.
538 Return 0 upon success, or -1 if there was some problem. */
540 cleanup_temp_dir (struct temp_dir *dir)
542 struct tempdir *tmpdir = (struct tempdir *)dir;
546 err |= cleanup_temp_dir_contents (dir);
547 err |= do_rmdir (dir, tmpdir->dirname);
549 for (i = 0; i < cleanup_list.tempdir_count; i++)
550 if (cleanup_list.tempdir_list[i] == tmpdir)
552 /* Remove cleanup_list.tempdir_list[i]. */
553 if (i + 1 == cleanup_list.tempdir_count)
555 while (i > 0 && cleanup_list.tempdir_list[i - 1] == NULL)
557 cleanup_list.tempdir_count = i;
560 cleanup_list.tempdir_list[i] = NULL;
561 /* Now only we can free the tmpdir->dirname and tmpdir itself. */
562 free (tmpdir->dirname);
567 /* The user passed an invalid DIR argument. */
572 #if (defined _WIN32 || defined __WIN32__) && ! defined __CYGWIN__
574 /* On Windows, opening a file with _O_TEMPORARY has the effect of passing
575 the FILE_FLAG_DELETE_ON_CLOSE flag to CreateFile(), which has the effect
576 of deleting the file when it is closed - even when the program crashes.
577 But (according to the Cygwin sources) it works only on Windows NT or newer.
578 So we cache the info whether we are running on Windows NT or newer. */
581 supports_delete_on_close ()
583 static int known; /* 1 = yes, -1 = no, 0 = unknown */
588 if (GetVersionEx (&v))
589 known = (v.dwPlatformId == VER_PLATFORM_WIN32_NT ? 1 : -1);
599 /* Register a file descriptor to be closed. */
603 if (descriptors == NULL)
604 descriptors = gl_list_create_empty (GL_LINKEDHASH_LIST, NULL, NULL, NULL,
606 gl_list_add_first (descriptors, (void *) (uintptr_t) fd);
609 /* Unregister a file descriptor to be closed. */
611 unregister_fd (int fd)
613 gl_list_t fds = descriptors;
617 /* descriptors should already contain fd. */
619 node = gl_list_search (fds, (void *) (uintptr_t) fd);
621 /* descriptors should already contain fd. */
623 gl_list_remove_node (fds, node);
626 /* Open a temporary file in a temporary directory.
627 Registers the resulting file descriptor to be closed. */
629 open_temp (const char *file_name, int flags, mode_t mode)
634 block_fatal_signals ();
635 /* Note: 'open' here is actually open() or open_safer(). */
636 #if (defined _WIN32 || defined __WIN32__) && ! defined __CYGWIN__
637 /* Use _O_TEMPORARY when possible, to increase the chances that the
638 temporary file is removed when the process crashes. */
639 if (supports_delete_on_close ())
640 fd = open (file_name, flags | _O_TEMPORARY, mode);
643 fd = open (file_name, flags, mode);
647 unblock_fatal_signals ();
652 /* Open a temporary file in a temporary directory.
653 Registers the resulting file descriptor to be closed. */
655 fopen_temp (const char *file_name, const char *mode)
660 block_fatal_signals ();
661 /* Note: 'fopen' here is actually fopen() or fopen_safer(). */
662 #if (defined _WIN32 || defined __WIN32__) && ! defined __CYGWIN__
663 /* Use _O_TEMPORARY when possible, to increase the chances that the
664 temporary file is removed when the process crashes. */
665 if (supports_delete_on_close ())
667 size_t mode_len = strlen (mode);
668 char *augmented_mode = (char *) xallocsa (mode_len + 2);
669 memcpy (augmented_mode, mode, mode_len);
670 memcpy (augmented_mode + mode_len, "D", 2);
672 fp = fopen (file_name, augmented_mode);
675 freesa (augmented_mode);
680 fp = fopen (file_name, mode);
685 /* It is sufficient to register fileno (fp) instead of the entire fp,
686 because at cleanup time there is no need to do an fflush (fp); a
687 close (fileno (fp)) will be enough. */
688 int fd = fileno (fp);
693 unblock_fatal_signals ();
698 /* Close a temporary file in a temporary directory.
699 Unregisters the previously registered file descriptor. */
705 /* No blocking of signals is needed here, since a double close of a
706 file descriptor is harmless. */
707 int result = close (fd);
708 int saved_errno = errno;
710 /* No race condition here: we assume a single-threaded program, hence
711 fd cannot be re-opened here. */
722 /* Close a temporary file in a temporary directory.
723 Unregisters the previously registered file descriptor. */
725 fclose_temp (FILE *fp)
727 int fd = fileno (fp);
728 /* No blocking of signals is needed here, since a double close of a
729 file descriptor is harmless. */
730 int result = fclose (fp);
731 int saved_errno = errno;
733 /* No race condition here: we assume a single-threaded program, hence
734 fd cannot be re-opened here. */
742 #if GNULIB_FWRITEERROR
744 Unregisters the previously registered file descriptor. */
746 fwriteerror_temp (FILE *fp)
748 int fd = fileno (fp);
749 /* No blocking of signals is needed here, since a double close of a
750 file descriptor is harmless. */
751 int result = fwriteerror (fp);
752 int saved_errno = errno;
754 /* No race condition here: we assume a single-threaded program, hence
755 fd cannot be re-opened here. */
764 #if GNULIB_CLOSE_STREAM
765 /* Like close_stream.
766 Unregisters the previously registered file descriptor. */
768 close_stream_temp (FILE *fp)
770 int fd = fileno (fp);
771 /* No blocking of signals is needed here, since a double close of a
772 file descriptor is harmless. */
773 int result = close_stream (fp);
774 int saved_errno = errno;
776 /* No race condition here: we assume a single-threaded program, hence
777 fd cannot be re-opened here. */