In a few places we intentionally drop privileges to reduce the potential
security surface area of networked program, with the pattern of:
```
if (setgid(getgid()) || setuid(getuid()) {
return 1;
}
```
We can make this a bit nicer to use by creating a wrapper.
This MIME type can be associated with every file, text/plain only with
plaintext files.
This makes browsers (e.g Firefox) properly displaying download progress
when downloading files in WebServer :^)
This helps make the overall codebase consistent. `class_name()` in
`Kernel` is always `StringView`, but not elsewhere.
Additionally, this results in the `strlen` (which needs to be done
when printing or other operations) always being computed at
compile-time.
Day and month name constants are defined in numerous places. This
pulls them together into a single place and eliminates the
duplication. It also ensures they are `constexpr`.
This is not strictly required, as we are comparing hashes, not the
password it self. However given this is generic code that could be
used anywhere in the system, it seems prudent to be cautious and
make sure we don't inadvertently leak any information about the hash
via timing attacks in future usages of `LibCore::Account`.
Reported-by: Jessica Hamilton <jessica.l.hamilton@gmail.com>
Also use the daylight global to determine the current time zone name,
i.e. tzname[0] is standard time, tzname[1] is daylight savings time.
Note that altzone isn't required to be defined on all systems, so we
have to #ifdef to check if it exists in order for Lagom to build.
The local file header signature of a ZIP entry is normally 0x04034B50
and stored in little-endian byte order. Therefore, if the archive
starts with an entry we can identify a ZIP file by checking if the
first two bytes are 0x504B (PK).
Also checks for the .zip file extension, which is is also used by file
if no byte signature was detected.
I also added a common interface with StringView compatible parameters:
int serenity_setenv(const char*, ssize_t, const char*, ssize_t, int)
This function is called by both C and C++ API for setenv().
Currently this method always succeeds, but that won't be true once we
switch to the Core::Stream API. :^)
Some of these places would ideally show an error message to the user,
since failure to save a file is significant, but let's not get
distracted right now.
This moves the fallible action of opening the file, from the
constructor, into the factory methods which can propagate any errors.
The wrinkle here is that failure to open a ConfigFile in read-only mode
is allowed (and expected, since the file may not exist), and treated as
if an empty file was successfully opened.
I've attempted to handle the errors gracefully where it was clear how to
do so, and simple, but a lot of this was just adding
`release_value_but_fixme_should_propagate_errors()` in places.
If we find a timer that needs to be fired immediately, we can stop
looking through the remaining timers.
This significantly reduces time spent in get_next_timer_expiration()
on ACID3. Of course, with a better data structure, we could reduce
time spent further. I've left a FIXME about that.
This allows us to set a timeout during connection and during receive and
send operations. I didn't add this to the other connect calls as it's
not used anywhere else for the time being.
Because the wake pipe is thread-local, it was previously not possible
to wake an event loop across a thread. Therefore, this commit
rearchitects event loop waking by making the wake function a member of
the event loop itself and having it keep a pointer to its thread's wake
pipe. The global wake() function calls wake on the current thread's
event loop.
This also fixes a bug in BackgroundAction: it should wake the event loop
it was created on, instead of the current thread's event loop.
Previously, event loop stacks on non-main threads would always crash
because the condition for "am I the lowest-stacked loop" was still
"am I the main loop", which of course is no longer sensible. A simple
switch to `is_instantiated` fixes this.
This matches the likes of the adopt_{own, ref}_if_nonnull family and
also frees up the name to allow us to eventually add OOM-fallible
versions of these functions.
This wrapper is particularly helpful as we use a combination of similar
syscalls on Linux to simulate the behavior of the Serenity-exclusive
anon_create syscall. Users therefore won't have to worry about the
platform anymore :^)
The previous method could block multiple times, leading to a completely
stuck/deadlocked read() call, and it could also consume data without
telling the user about it, which is Not A Good Thing ™️.
This patch makes it block at most once, and fixes loading HTTP pages
with LibHTTP :^)
This commit introduces a couple of connected changes that are hard to
untangle, unfortunately:
- Parse GML into the AST instead of JSON
- Change the load_from_json API on Widget to load_from_gml_ast
- Remove this same API from Core::Object as it isn't used outside of
LibGUI and was a workaround for the object registration detection;
by verifying the objects we're getting and casting we can remove this
constraint.
- Format GML by calling the formating APIs on the AST itself; remove
GMLFormatter.cpp as it's not needed anymore.
After this change, GML formatting already respects comments :^)
This commit converts TLS::TLSv12 to a Core::Stream object, and in the
process allows TLS to now wrap other Core::Stream::Socket objects.
As a large part of LibHTTP and LibGemini depend on LibTLS's interface,
this also converts those to support Core::Stream, which leads to a
simplification of LibHTTP (as there's no need to care about the
underlying socket type anymore).
Note that RequestServer now controls the TLS socket options, which is a
better place anyway, as RS is the first receiver of the user-requested
options (though this is currently not particularly useful).
pending_bytes() and can_read_without_blocking() should also take
the buffered data into account, otherwise we'll end up pretending that
the socket cannot be read from while it has buffered data.
