[PATCH v5 2/2] notmuch-config: replace config reading function

Tomi Ollila tomi.ollila at iki.fi
Sat Dec 10 11:13:10 PST 2016 

On Thu, Dec 08 2016, Ioan-Adrian Ratiu <adi at adirat.com> wrote:

> Config files are currently read using glib's g_key_file_load_from_file
> function which is very inconvenient because it's limited by design to read
> only from "regular data files" in a filesystem. Because of this limitation
> notmuch can't read configs from pipes, fifos, sockets, stdin, etc. Not even
> "notmuch --config=/dev/stdin" works:
>
> Error reading configuration file /dev/stdin: Not a regular file
>
> So replace g_key_file_load_from_file with g_key_file_load_from_data which
> gives us much more freedom to read configs from multiple sources.
>
> This also helps the more security sensitive users: If someone has private
> information in the config file, it can be encrypted on disk, then decrypted
> in RAM and passed through a pipe directly to notmuch without the use of
> intermediate plain text files.
>
> Signed-off-by: Ioan-Adrian Ratiu <adi at adirat.com>
> ---
>  notmuch-config.c | 62 +++++++++++++++++++++++++++++++++++++++++++++++---------
>  1 file changed, 52 insertions(+), 10 deletions(-)
>
> diff --git a/notmuch-config.c b/notmuch-config.c
> index bd52790..30823cb 100644
> --- a/notmuch-config.c
> +++ b/notmuch-config.c
> @@ -205,32 +205,74 @@ get_username_from_passwd_file (void *ctx)
>  static notmuch_bool_t
>  get_config_from_file (notmuch_config_t *config, notmuch_bool_t create_new)
>  {
> +    #define BUF_SIZE 4096
> +    char *config_str = NULL;
> +    int config_len = 0;
> +    int config_bufsize = BUF_SIZE;
> +    size_t len;
>      GError *error = NULL;
>      notmuch_bool_t ret = FALSE;
>  
> -    if (g_key_file_load_from_file (config->key_file, config->filename,
> -				   G_KEY_FILE_KEEP_COMMENTS, &error))
> -	return TRUE;
> -
> -    if (error->domain == G_FILE_ERROR && error->code == G_FILE_ERROR_NOENT) {
> +    FILE *fp = fopen(config->filename, "r");
> +    if (fp == NULL) {
>  	/* If create_new is true, then the caller is prepared for a
>  	 * default configuration file in the case of FILE NOT FOUND.
>  	 */
>  	if (create_new) {
>  	    config->is_new = TRUE;
>  	    ret = TRUE;
> +	    goto out;
>  	} else {
> -	    fprintf (stderr, "Configuration file %s not found.\n"
> +	    fprintf (stderr, "Error opening config file '%s': %s\n"

Ok, the series now looked good so I ran tests -- and since the above line
changed, T040-setup.1 failed. I started to do extra commit to fix that...
... but there is more on that. It used *not* be error if configuration file
was not found, and now it is. I'd suggest that errno == ENOENT is checked
separately: in that case those 2 original lines are printed: otherwise
only the new line above (and not the one below). In that case there is
also no need to modify that particular test.

>  		     "Try running 'notmuch setup' to create a configuration.\n",
> -		     config->filename);
> +		     config->filename, strerror(errno));
> +	    goto out;
> +	}
> +    }
> +
> +    config_str = talloc_zero_array (config, char, config_bufsize);
> +    if (config_str == NULL) {
> +	fprintf (stderr, "Error reading '%s': Out of memory\n", config->filename);
> +	goto out;
> +    }
> +
> +    while ((len = fread (config_str + config_len, 1,
> +			 config_bufsize - config_len, fp)) > 0) {
> +	config_len += len;
> +	if (config_len == config_bufsize) {
> +	    config_bufsize += BUF_SIZE;
> +	    config_str = talloc_realloc (config, config_str, char, config_bufsize);
> +	    if (config_str == NULL) {
> +		fprintf (stderr, "Error reading '%s': Failed to reallocate memory\n",
> +			 config->filename);
> +		goto out;
> +	    }
>  	}
> -    } else {
> -	fprintf (stderr, "Error reading configuration file %s: %s\n",
> -		 config->filename, error->message);
>      }
>  
> +    if (ferror (fp)) {
> +	fprintf (stderr, "Error reading '%s': I/O error\n", config->filename);
> +	goto out;
> +    }
> +
> +    if (g_key_file_load_from_data (config->key_file, config_str, config_len,
> +				   G_KEY_FILE_KEEP_COMMENTS, &error)) {
> +	ret = TRUE;
> +	goto out;
> +    }
> +
> +    fprintf (stderr, "Error parsing config file '%s': %s\n",
> +	     config->filename, error->message);
> +
>      g_error_free (error);
>  
> +out:
> +    if (fp)
> +	fclose(fp);
> +
> +    if (config_str)
> +	talloc_free(config_str);
> +
>      return ret;
>  }
>  
> -- 
> 2.10.2

More information about the notmuch mailing list