NetBSD/lib/libc/gen/getcap.c

1213 lines
26 KiB
C

/* $NetBSD: getcap.c,v 1.56 2014/09/24 13:18:52 christos Exp $ */
/*-
* Copyright (c) 1992, 1993
* The Regents of the University of California. All rights reserved.
*
* This code is derived from software contributed to Berkeley by
* Casey Leedom of Lawrence Livermore National Laboratory.
*
* Redistribution and use in source and binary forms, with or without
* modification, are permitted provided that the following conditions
* are met:
* 1. Redistributions of source code must retain the above copyright
* notice, this list of conditions and the following disclaimer.
* 2. Redistributions in binary form must reproduce the above copyright
* notice, this list of conditions and the following disclaimer in the
* documentation and/or other materials provided with the distribution.
* 3. Neither the name of the University nor the names of its contributors
* may be used to endorse or promote products derived from this software
* without specific prior written permission.
*
* THIS SOFTWARE IS PROVIDED BY THE REGENTS AND CONTRIBUTORS ``AS IS'' AND
* ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
* IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE
* ARE DISCLAIMED. IN NO EVENT SHALL THE REGENTS OR CONTRIBUTORS BE LIABLE
* FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL
* DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS
* OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
* HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT
* LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY
* OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
* SUCH DAMAGE.
*/
#if HAVE_NBTOOL_CONFIG_H
#include "nbtool_config.h"
#endif
#include <sys/cdefs.h>
#if defined(LIBC_SCCS) && !defined(lint)
#if 0
static char sccsid[] = "@(#)getcap.c 8.3 (Berkeley) 3/25/94";
#else
__RCSID("$NetBSD: getcap.c,v 1.56 2014/09/24 13:18:52 christos Exp $");
#endif
#endif /* LIBC_SCCS and not lint */
#ifndef SMALL
#include "namespace.h"
#endif
#include <sys/types.h>
#include <sys/param.h>
#include <assert.h>
#include <stddef.h>
#include <ctype.h>
#ifndef SMALL
#include <db.h>
#endif
#include <errno.h>
#include <fcntl.h>
#include <limits.h>
#include <stdio.h>
#include <stdlib.h>
#include <string.h>
#include <unistd.h>
#if defined(__weak_alias) && !defined(SMALL)
__weak_alias(cgetcap,_cgetcap)
__weak_alias(cgetclose,_cgetclose)
__weak_alias(cgetent,_cgetent)
__weak_alias(cgetfirst,_cgetfirst)
__weak_alias(cgetmatch,_cgetmatch)
__weak_alias(cgetnext,_cgetnext)
__weak_alias(cgetnum,_cgetnum)
__weak_alias(cgetset,_cgetset)
__weak_alias(cgetstr,_cgetstr)
__weak_alias(cgetustr,_cgetustr)
__weak_alias(csetexpandtc,_csetexpandtc)
#endif
#define BFRAG 1024
#define BSIZE 1024
#define ESC ('[' & 037) /* ASCII ESC */
#define MAX_RECURSION 32 /* maximum getent recursion */
#define SFRAG 100 /* cgetstr mallocs in SFRAG chunks */
#define RECOK (char)0
#define TCERR (char)1
#define SHADOW (char)2
static size_t topreclen; /* toprec length */
static char *toprec; /* Additional record specified by cgetset() */
static int gottoprec; /* Flag indicating retrieval of toprecord */
static int expandtc = 1; /* flag to expand tc= or not */
#ifndef SMALL
static int cdbget(DB *, char **, const char *);
#endif
static int getent(char **, size_t *, const char * const *, int,
const char *, int, char *);
static int nfcmp(char *, char *);
/*
* Cgetset() allows the addition of a user specified buffer to be added
* to the database array, in effect "pushing" the buffer on top of the
* virtual database. 0 is returned on success, -1 on failure.
*/
int
cgetset(const char *ent)
{
const char *source, *check;
char *dest;
if (ent == NULL) {
if (toprec != NULL)
free(toprec);
toprec = NULL;
topreclen = 0;
return 0;
}
topreclen = strlen(ent);
if ((toprec = malloc(topreclen + 1)) == NULL) {
errno = ENOMEM;
return -1;
}
gottoprec = 0;
source = ent;
dest = toprec;
while (*source != '\0') { /* Strip whitespace */
*dest++ = *source++; /* Do not check first field */
while (*source == ':') {
check = source + 1;
while (*check && (isspace((unsigned char)*check) ||
(*check=='\\' && isspace((unsigned char)check[1]))))
++check;
if (*check == ':')
source = check;
else
break;
}
}
*dest = 0;
return 0;
}
/*
* Cgetcap searches the capability record buf for the capability cap with
* type `type'. A pointer to the value of cap is returned on success, NULL
* if the requested capability couldn't be found.
*
* Specifying a type of ':' means that nothing should follow cap (:cap:).
* In this case a pointer to the terminating ':' or NUL will be returned if
* cap is found.
*
* If (cap, '@') or (cap, terminator, '@') is found before (cap, terminator)
* return NULL.
*/
char *
cgetcap(char *buf, const char *cap, int type)
{
char *bp;
const char *cp;
_DIAGASSERT(buf != NULL);
_DIAGASSERT(cap != NULL);
bp = buf;
for (;;) {
/*
* Skip past the current capability field - it's either the
* name field if this is the first time through the loop, or
* the remainder of a field whose name failed to match cap.
*/
for (;;)
if (*bp == '\0')
return NULL;
else if (*bp++ == ':')
break;
/*
* Try to match (cap, type) in buf.
*/
for (cp = cap; *cp == *bp && *bp != '\0'; cp++, bp++)
continue;
if (*cp != '\0')
continue;
if (*bp == '@')
return NULL;
if (type == ':') {
if (*bp != '\0' && *bp != ':')
continue;
return bp;
}
if (*bp != type)
continue;
bp++;
return *bp == '@' ? NULL : bp;
}
/* NOTREACHED */
}
/*
* Cgetent extracts the capability record name from the NULL terminated file
* array db_array and returns a pointer to a malloc'd copy of it in buf.
* Buf must be retained through all subsequent calls to cgetcap, cgetnum,
* cgetflag, and cgetstr, but may then be free'd. 0 is returned on success,
* -1 if the requested record couldn't be found, -2 if a system error was
* encountered (couldn't open/read a file, etc.), and -3 if a potential
* reference loop is detected.
*/
/* coverity[+alloc : arg-*0] */
int
cgetent(char **buf, const char * const *db_array, const char *name)
{
size_t dummy;
_DIAGASSERT(buf != NULL);
_DIAGASSERT(db_array != NULL);
_DIAGASSERT(name != NULL);
return getent(buf, &dummy, db_array, -1, name, 0, NULL);
}
void
csetexpandtc(int etc)
{
expandtc = etc;
}
/*
* Getent implements the functions of cgetent. If fd is non-negative,
* *db_array has already been opened and fd is the open file descriptor. We
* do this to save time and avoid using up file descriptors for tc=
* recursions.
*
* Getent returns the same success/failure codes as cgetent. On success, a
* pointer to a malloc'ed capability record with all tc= capabilities fully
* expanded and its length (not including trailing ASCII NUL) are left in
* *cap and *len.
*
* Basic algorithm:
* + Allocate memory incrementally as needed in chunks of size BFRAG
* for capability buffer.
* + Recurse for each tc=name and interpolate result. Stop when all
* names interpolated, a name can't be found, or depth exceeds
* MAX_RECURSION.
*/
/* coverity[+alloc : arg-*0] */
static int
getent(char **cap, size_t *len, const char * const *db_array, int fd,
const char *name, int depth, char *nfield)
{
char *record, *newrecord;
char *r_end, *rp; /* pacify gcc */
const char * const *db_p;
int myfd, eof, foundit;
int tc_not_resolved;
_DIAGASSERT(cap != NULL);
_DIAGASSERT(len != NULL);
_DIAGASSERT(db_array != NULL);
/* fd may be -1 */
_DIAGASSERT(name != NULL);
/* nfield may be NULL */
myfd = 0;
rp = NULL;
/*
* Return with ``loop detected'' error if we've recursed more than
* MAX_RECURSION times.
*/
if (depth > MAX_RECURSION)
return -3;
/*
* Check if we have a top record from cgetset().
*/
if (depth == 0 && toprec != NULL && cgetmatch(toprec, name) == 0) {
if ((record = malloc(topreclen + BFRAG)) == NULL) {
errno = ENOMEM;
return -2;
}
(void)strcpy(record, toprec); /* XXX: strcpy is safe */
db_p = db_array;
rp = record + topreclen + 1;
r_end = rp + BFRAG;
goto tc_exp;
}
/*
* Allocate first chunk of memory.
*/
if ((record = malloc(BFRAG)) == NULL) {
errno = ENOMEM;
return -2;
}
r_end = record + BFRAG;
foundit = 0;
/*
* Loop through database array until finding the record.
*/
for (db_p = db_array; *db_p != NULL; db_p++) {
eof = 0;
/*
* Open database if not already open.
*/
if (fd >= 0) {
(void)lseek(fd, (off_t)0, SEEK_SET);
} else {
#ifndef SMALL
DB *capdbp;
char pbuf[MAXPATHLEN];
char *cbuf;
int retval;
size_t clen;
(void)snprintf(pbuf, sizeof(pbuf), "%s.db", *db_p);
if ((capdbp = dbopen(pbuf, O_RDONLY | O_CLOEXEC, 0,
DB_HASH, 0)) != NULL) {
free(record);
retval = cdbget(capdbp, &record, name);
if (retval < 0) {
/* no record available */
(void)capdbp->close(capdbp);
return retval;
}
/* save the data; close frees it */
clen = strlen(record);
if ((cbuf = malloc(clen + 1)) == NULL) {
(void)capdbp->close(capdbp);
errno = ENOMEM;
return -2;
}
memmove(cbuf, record, clen + 1);
if (capdbp->close(capdbp) < 0) {
int serrno = errno;
free(cbuf);
errno = serrno;
return -2;
}
*len = clen;
*cap = cbuf;
return retval;
} else
#endif
{
fd = open(*db_p, O_RDONLY | O_CLOEXEC, 0);
if (fd < 0) {
/* No error on unfound file. */
continue;
}
myfd = 1;
}
}
/*
* Find the requested capability record ...
*/
{
char buf[BUFSIZ];
char *b_end, *bp, *cp;
int c, slash;
/*
* Loop invariants:
* There is always room for one more character in record.
* R_end always points just past end of record.
* Rp always points just past last character in record.
* B_end always points just past last character in buf.
* Bp always points at next character in buf.
* Cp remembers where the last colon was.
*/
b_end = buf;
bp = buf;
cp = NULL;
slash = 0;
for (;;) {
/*
* Read in a line implementing (\, newline)
* line continuation.
*/
rp = record;
for (;;) {
if (bp >= b_end) {
ssize_t n;
n = read(fd, buf, sizeof(buf));
if (n <= 0) {
if (myfd)
(void)close(fd);
if (n < 0) {
int serrno = errno;
free(record);
errno = serrno;
return -2;
} else {
fd = -1;
eof = 1;
break;
}
}
b_end = buf+n;
bp = buf;
}
c = *bp++;
if (c == '\n') {
if (slash) {
slash = 0;
rp--;
continue;
} else
break;
}
if (slash) {
slash = 0;
cp = 0;
}
if (c == ':') {
/*
* If the field was `empty' (i.e.
* contained only white space), back up
* to the colon (eliminating the
* field).
*/
if (cp != NULL)
rp = cp;
else
cp = rp;
} else if (c == '\\') {
slash = 1;
} else if (c != ' ' && c != '\t') {
/*
* Forget where the colon was, as this
* is not an empty field.
*/
cp = 0;
}
*rp++ = c;
/*
* Enforce loop invariant: if no room
* left in record buffer, try to get
* some more.
*/
if (rp >= r_end) {
ptrdiff_t pos;
size_t newsize;
pos = rp - record;
newsize = r_end - record + BFRAG;
newrecord = realloc(record, newsize);
if (newrecord == NULL) {
free(record);
if (myfd)
(void)close(fd);
errno = ENOMEM;
return -2;
}
record = newrecord;
r_end = record + newsize;
rp = record + pos;
}
}
/* Eliminate any white space after the last colon. */
if (cp)
rp = cp + 1;
/* Loop invariant lets us do this. */
*rp++ = '\0';
/*
* If encountered eof check next file.
*/
if (eof)
break;
/*
* Toss blank lines and comments.
*/
if (*record == '\0' || *record == '#')
continue;
/*
* See if this is the record we want ...
*/
if (cgetmatch(record, name) == 0)
if (nfield == NULL || !nfcmp(nfield, record)) {
foundit = 1;
break; /* found it! */
}
}
}
if (foundit)
break;
}
if (!foundit)
return -1;
/*
* Got the capability record, but now we have to expand all tc=name
* references in it ...
*/
tc_exp:
tc_not_resolved = 0;
if (expandtc) {
char *newicap, *s;
size_t ilen, newilen;
int iret;
ptrdiff_t diff, tclen;
char *icap, *scan, *tc, *tcstart, *tcend;
/*
* Loop invariants:
* There is room for one more character in record.
* R_end points just past end of record.
* Rp points just past last character in record.
* Scan points at remainder of record that needs to be
* scanned for tc=name constructs.
*/
scan = record;
for (;;) {
if ((tc = cgetcap(scan, "tc", '=')) == NULL)
break;
/*
* Find end of tc=name and stomp on the trailing `:'
* (if present) so we can use it to call ourselves.
*/
s = tc;
for (;;)
if (*s == '\0')
break;
else
if (*s++ == ':') {
*(s - 1) = '\0';
break;
}
tcstart = tc - 3;
tclen = s - tcstart;
tcend = s;
iret = getent(&icap, &ilen, db_p, fd, tc, depth+1,
NULL);
newicap = icap; /* Put into a register. */
newilen = ilen;
if (iret != 0) {
/* an error */
if (iret < -1) {
if (myfd)
(void)close(fd);
free(record);
return iret;
}
if (iret == 1)
tc_not_resolved = 1;
/* couldn't resolve tc */
if (iret == -1) {
*(s - 1) = ':';
scan = s - 1;
tc_not_resolved = 1;
continue;
}
}
/* not interested in name field of tc'ed record */
s = newicap;
for (;;)
if (*s == '\0')
break;
else if (*s++ == ':')
break;
newilen -= s - newicap;
newicap = s;
/* make sure interpolated record is `:'-terminated */
s += newilen;
if (*(s - 1) != ':') {
*s = ':'; /* overwrite NUL with : */
newilen++;
}
/*
* Make sure there's enough room to insert the
* new record.
*/
diff = newilen - tclen;
if (diff >= r_end - rp) {
ptrdiff_t pos, tcpos, tcposend;
size_t newsize;
pos = rp - record;
newsize = r_end - record + diff + BFRAG;
tcpos = tcstart - record;
tcposend = tcend - record;
newrecord = realloc(record, newsize);
if (newrecord == NULL) {
free(record);
if (myfd)
(void)close(fd);
free(icap);
errno = ENOMEM;
return -2;
}
record = newrecord;
r_end = record + newsize;
rp = record + pos;
tcstart = record + tcpos;
tcend = record + tcposend;
}
/*
* Insert tc'ed record into our record.
*/
s = tcstart + newilen;
memmove(s, tcend, (size_t)(rp - tcend));
memmove(tcstart, newicap, newilen);
rp += diff;
free(icap);
/*
* Start scan on `:' so next cgetcap works properly
* (cgetcap always skips first field).
*/
scan = s - 1;
}
}
/*
* Close file (if we opened it), give back any extra memory, and
* return capability, length and success.
*/
if (myfd)
(void)close(fd);
*len = rp - record - 1; /* don't count NUL */
if (r_end > rp) {
if ((newrecord =
realloc(record, (size_t)(rp - record))) == NULL) {
free(record);
errno = ENOMEM;
return -2;
}
record = newrecord;
}
*cap = record;
if (tc_not_resolved)
return 1;
return 0;
}
#ifndef SMALL
static int
cdbget(DB *capdbp, char **bp, const char *name)
{
DBT key;
DBT data;
_DIAGASSERT(capdbp != NULL);
_DIAGASSERT(bp != NULL);
_DIAGASSERT(name != NULL);
key.data = __UNCONST(name);
key.size = strlen(name);
for (;;) {
/* Get the reference. */
switch(capdbp->get(capdbp, &key, &data, 0)) {
case -1:
return -2;
case 1:
return -1;
}
/* If not an index to another record, leave. */
if (((char *)data.data)[0] != SHADOW)
break;
key.data = (char *)data.data + 1;
key.size = data.size - 1;
}
*bp = (char *)data.data + 1;
return ((char *)(data.data))[0] == TCERR ? 1 : 0;
}
#endif
/*
* Cgetmatch will return 0 if name is one of the names of the capability
* record buf, -1 if not.
*/
int
cgetmatch(const char *buf, const char *name)
{
const char *np, *bp;
_DIAGASSERT(buf != NULL);
_DIAGASSERT(name != NULL);
/*
* Start search at beginning of record.
*/
bp = buf;
for (;;) {
/*
* Try to match a record name.
*/
np = name;
for (;;)
if (*np == '\0') {
if (*bp == '|' || *bp == ':' || *bp == '\0')
return 0;
else
break;
} else if (*bp++ != *np++)
break;
/*
* Match failed, skip to next name in record.
*/
if (bp > buf)
bp--; /* a '|' or ':' may have stopped the match */
else
return -1;
for (;;)
if (*bp == '\0' || *bp == ':')
return -1; /* match failed totally */
else if (*bp++ == '|')
break; /* found next name */
}
}
int
cgetfirst(char **buf, const char * const *db_array)
{
_DIAGASSERT(buf != NULL);
_DIAGASSERT(db_array != NULL);
(void)cgetclose();
return cgetnext(buf, db_array);
}
static FILE *pfp;
static int slash;
static const char * const *dbp;
int
cgetclose(void)
{
if (pfp != NULL) {
(void)fclose(pfp);
pfp = NULL;
}
dbp = NULL;
gottoprec = 0;
slash = 0;
return 0;
}
/*
* Cgetnext() gets either the first or next entry in the logical database
* specified by db_array. It returns 0 upon completion of the database, 1
* upon returning an entry with more remaining, and -1 if an error occurs.
*/
/* coverity[+alloc : arg-*0] */
int
cgetnext(char **bp, const char * const *db_array)
{
size_t len = 0;
int status, done;
char *cp, *line, *rp, *np, buf[BSIZE], nbuf[BSIZE];
size_t dummy;
_DIAGASSERT(bp != NULL);
_DIAGASSERT(db_array != NULL);
if (dbp == NULL)
dbp = db_array;
if (pfp == NULL && (pfp = fopen(*dbp, "re")) == NULL) {
(void)cgetclose();
return -1;
}
for (;;) {
if (toprec != NULL && !gottoprec) {
gottoprec = 1;
line = toprec;
} else {
line = fgetln(pfp, &len);
if (line == NULL) {
if (pfp == NULL)
return -1;
if (ferror(pfp)) {
(void)cgetclose();
return -1;
} else {
(void)fclose(pfp);
pfp = NULL;
if (*++dbp == NULL) {
(void)cgetclose();
return 0;
} else if ((pfp =
fopen(*dbp, "re")) == NULL) {
(void)cgetclose();
return -1;
} else
continue;
}
} else
line[len - 1] = '\0';
if (len == 1) {
slash = 0;
continue;
}
if (isspace((unsigned char)*line) ||
*line == ':' || *line == '#' || slash) {
if (line[len - 2] == '\\')
slash = 1;
else
slash = 0;
continue;
}
if (line[len - 2] == '\\')
slash = 1;
else
slash = 0;
}
/*
* Line points to a name line.
*/
if (len > sizeof(nbuf))
return -1;
done = 0;
np = nbuf;
for (;;) {
for (cp = line; *cp != '\0'; cp++) {
if (*cp == ':') {
*np++ = ':';
done = 1;
break;
}
if (*cp == '\\')
break;
*np++ = *cp;
}
if (done) {
*np = '\0';
break;
} else { /* name field extends beyond the line */
line = fgetln(pfp, &len);
if (line == NULL && pfp) {
if (ferror(pfp)) {
(void)cgetclose();
return -1;
}
(void)fclose(pfp);
pfp = NULL;
*np = '\0';
break;
} else
line[len - 1] = '\0';
}
}
if (len > sizeof(buf))
return -1;
rp = buf;
for (cp = nbuf; *cp != '\0'; cp++)
if (*cp == '|' || *cp == ':')
break;
else
*rp++ = *cp;
*rp = '\0';
/*
* XXX
* Last argument of getent here should be nbuf if we want true
* sequential access in the case of duplicates.
* With NULL, getent will return the first entry found
* rather than the duplicate entry record. This is a
* matter of semantics that should be resolved.
*/
status = getent(bp, &dummy, db_array, -1, buf, 0, NULL);
if (status == -2 || status == -3)
(void)cgetclose();
return status + 1;
}
/* NOTREACHED */
}
/*
* Cgetstr retrieves the value of the string capability cap from the
* capability record pointed to by buf. A pointer to a decoded, NUL
* terminated, malloc'd copy of the string is returned in the char *
* pointed to by str. The length of the string not including the trailing
* NUL is returned on success, -1 if the requested string capability
* couldn't be found, -2 if a system error was encountered (storage
* allocation failure).
*/
int
cgetstr(char *buf, const char *cap, char **str)
{
u_int m_room;
const char *bp;
char *mp;
ptrdiff_t len;
char *mem, *newmem;
_DIAGASSERT(buf != NULL);
_DIAGASSERT(cap != NULL);
_DIAGASSERT(str != NULL);
/*
* Find string capability cap
*/
bp = cgetcap(buf, cap, '=');
if (bp == NULL)
return -1;
/*
* Conversion / storage allocation loop ... Allocate memory in
* chunks SFRAG in size.
*/
if ((mem = malloc(SFRAG)) == NULL) {
errno = ENOMEM;
return -2; /* couldn't even allocate the first fragment */
}
m_room = SFRAG;
mp = mem;
while (*bp != ':' && *bp != '\0') {
/*
* Loop invariants:
* There is always room for one more character in mem.
* Mp always points just past last character in mem.
* Bp always points at next character in buf.
*/
if (*bp == '^') {
bp++;
if (*bp == ':' || *bp == '\0')
break; /* drop unfinished escape */
*mp++ = *bp++ & 037;
} else if (*bp == '\\') {
bp++;
if (*bp == ':' || *bp == '\0')
break; /* drop unfinished escape */
if ('0' <= *bp && *bp <= '7') {
int n, i;
n = 0;
i = 3; /* maximum of three octal digits */
do {
n = n * 8 + (*bp++ - '0');
} while (--i && '0' <= *bp && *bp <= '7');
*mp++ = n;
}
else switch (*bp++) {
case 'b': case 'B':
*mp++ = '\b';
break;
case 't': case 'T':
*mp++ = '\t';
break;
case 'n': case 'N':
*mp++ = '\n';
break;
case 'f': case 'F':
*mp++ = '\f';
break;
case 'r': case 'R':
*mp++ = '\r';
break;
case 'e': case 'E':
*mp++ = ESC;
break;
case 'c': case 'C':
*mp++ = ':';
break;
default:
/*
* Catches '\', '^', and
* everything else.
*/
*mp++ = *(bp-1);
break;
}
} else
*mp++ = *bp++;
m_room--;
/*
* Enforce loop invariant: if no room left in current
* buffer, try to get some more.
*/
if (m_room == 0) {
size_t size = mp - mem;
if ((newmem = realloc(mem, size + SFRAG)) == NULL) {
free(mem);
return -2;
}
mem = newmem;
m_room = SFRAG;
mp = mem + size;
}
}
*mp++ = '\0'; /* loop invariant let's us do this */
m_room--;
len = mp - mem - 1;
/*
* Give back any extra memory and return value and success.
*/
if (m_room != 0) {
if ((newmem = realloc(mem, (size_t)(mp - mem))) == NULL) {
free(mem);
return -2;
}
mem = newmem;
}
*str = mem;
_DIAGASSERT(__type_fit(int, len));
return (int)len;
}
/*
* Cgetustr retrieves the value of the string capability cap from the
* capability record pointed to by buf. The difference between cgetustr()
* and cgetstr() is that cgetustr does not decode escapes but rather treats
* all characters literally. A pointer to a NUL terminated malloc'd
* copy of the string is returned in the char pointed to by str. The
* length of the string not including the trailing NUL is returned on success,
* -1 if the requested string capability couldn't be found, -2 if a system
* error was encountered (storage allocation failure).
*/
int
cgetustr(char *buf, const char *cap, char **str)
{
u_int m_room;
const char *bp;
char *mp;
size_t len;
char *mem, *newmem;
_DIAGASSERT(buf != NULL);
_DIAGASSERT(cap != NULL);
_DIAGASSERT(str != NULL);
/*
* Find string capability cap
*/
if ((bp = cgetcap(buf, cap, '=')) == NULL)
return -1;
/*
* Conversion / storage allocation loop ... Allocate memory in
* chunks SFRAG in size.
*/
if ((mem = malloc(SFRAG)) == NULL) {
errno = ENOMEM;
return -2; /* couldn't even allocate the first fragment */
}
m_room = SFRAG;
mp = mem;
while (*bp != ':' && *bp != '\0') {
/*
* Loop invariants:
* There is always room for one more character in mem.
* Mp always points just past last character in mem.
* Bp always points at next character in buf.
*/
*mp++ = *bp++;
m_room--;
/*
* Enforce loop invariant: if no room left in current
* buffer, try to get some more.
*/
if (m_room == 0) {
size_t size = mp - mem;
if ((newmem = realloc(mem, size + SFRAG)) == NULL) {
free(mem);
return -2;
}
mem = newmem;
m_room = SFRAG;
mp = mem + size;
}
}
*mp++ = '\0'; /* loop invariant let's us do this */
m_room--;
len = mp - mem - 1;
/*
* Give back any extra memory and return value and success.
*/
if (m_room != 0) {
if ((newmem = realloc(mem, (size_t)(mp - mem))) == NULL) {
free(mem);
return -2;
}
mem = newmem;
}
*str = mem;
_DIAGASSERT(__type_fit(int, len));
return (int)len;
}
/*
* Cgetnum retrieves the value of the numeric capability cap from the
* capability record pointed to by buf. The numeric value is returned in
* the long pointed to by num. 0 is returned on success, -1 if the requested
* numeric capability couldn't be found.
*/
int
cgetnum(char *buf, const char *cap, long *num)
{
long n;
int base, digit;
const char *bp;
_DIAGASSERT(buf != NULL);
_DIAGASSERT(cap != NULL);
_DIAGASSERT(num != NULL);
/*
* Find numeric capability cap
*/
bp = cgetcap(buf, cap, '#');
if (bp == NULL)
return -1;
/*
* Look at value and determine numeric base:
* 0x... or 0X... hexadecimal,
* else 0... octal,
* else decimal.
*/
if (*bp == '0') {
bp++;
if (*bp == 'x' || *bp == 'X') {
bp++;
base = 16;
} else
base = 8;
} else
base = 10;
/*
* Conversion loop ...
*/
n = 0;
for (;;) {
if ('0' <= *bp && *bp <= '9')
digit = *bp - '0';
else if ('a' <= *bp && *bp <= 'f')
digit = 10 + *bp - 'a';
else if ('A' <= *bp && *bp <= 'F')
digit = 10 + *bp - 'A';
else
break;
if (digit >= base)
break;
n = n * base + digit;
bp++;
}
/*
* Return value and success.
*/
*num = n;
return 0;
}
/*
* Compare name field of record.
*/
static int
nfcmp(char *nf, char *rec)
{
char *cp, tmp;
int ret;
_DIAGASSERT(nf != NULL);
_DIAGASSERT(rec != NULL);
for (cp = rec; *cp != ':'; cp++)
continue;
tmp = *(cp + 1);
*(cp + 1) = '\0';
ret = strcmp(nf, rec);
*(cp + 1) = tmp;
return ret;
}