#![unstable(feature = "process_internals", issue = "none")] #[cfg(test)] mod tests; use crate::borrow::Borrow; use crate::cmp; use crate::collections::BTreeMap; use crate::convert::{TryFrom, TryInto}; use crate::env; use crate::env::split_paths; use crate::ffi::{OsStr, OsString}; use crate::fmt; use crate::fs; use crate::io::{self, Error, ErrorKind}; use crate::mem; use crate::num::NonZeroI32; use crate::os::windows::ffi::OsStrExt; use crate::path::Path; use crate::ptr; use crate::sys::c; use crate::sys::c::NonZeroDWORD; use crate::sys::cvt; use crate::sys::fs::{File, OpenOptions}; use crate::sys::handle::Handle; use crate::sys::pipe::{self, AnonPipe}; use crate::sys::stdio; use crate::sys_common::mutex::StaticMutex; use crate::sys_common::process::{CommandEnv, CommandEnvs}; use crate::sys_common::AsInner; use libc::{c_void, EXIT_FAILURE, EXIT_SUCCESS}; //////////////////////////////////////////////////////////////////////////////// // Command //////////////////////////////////////////////////////////////////////////////// #[derive(Clone, Debug, Eq)] #[doc(hidden)] pub struct EnvKey { os_string: OsString, // This stores a UTF-16 encoded string to workaround the mismatch between // Rust's OsString (WTF-8) and the Windows API string type (UTF-16). // Normally converting on every API call is acceptable but here // `c::CompareStringOrdinal` will be called for every use of `==`. utf16: Vec, } // Comparing Windows environment variable keys[1] are behaviourally the // composition of two operations[2]: // // 1. Case-fold both strings. This is done using a language-independent // uppercase mapping that's unique to Windows (albeit based on data from an // older Unicode spec). It only operates on individual UTF-16 code units so // surrogates are left unchanged. This uppercase mapping can potentially change // between Windows versions. // // 2. Perform an ordinal comparison of the strings. A comparison using ordinal // is just a comparison based on the numerical value of each UTF-16 code unit[3]. // // Because the case-folding mapping is unique to Windows and not guaranteed to // be stable, we ask the OS to compare the strings for us. This is done by // calling `CompareStringOrdinal`[4] with `bIgnoreCase` set to `TRUE`. // // [1] https://docs.microsoft.com/en-us/dotnet/standard/base-types/best-practices-strings#choosing-a-stringcomparison-member-for-your-method-call // [2] https://docs.microsoft.com/en-us/dotnet/standard/base-types/best-practices-strings#stringtoupper-and-stringtolower // [3] https://docs.microsoft.com/en-us/dotnet/api/system.stringcomparison?view=net-5.0#System_StringComparison_Ordinal // [4] https://docs.microsoft.com/en-us/windows/win32/api/stringapiset/nf-stringapiset-comparestringordinal impl Ord for EnvKey { fn cmp(&self, other: &Self) -> cmp::Ordering { unsafe { let result = c::CompareStringOrdinal( self.utf16.as_ptr(), self.utf16.len() as _, other.utf16.as_ptr(), other.utf16.len() as _, c::TRUE, ); match result { c::CSTR_LESS_THAN => cmp::Ordering::Less, c::CSTR_EQUAL => cmp::Ordering::Equal, c::CSTR_GREATER_THAN => cmp::Ordering::Greater, // `CompareStringOrdinal` should never fail so long as the parameters are correct. _ => panic!("comparing environment keys failed: {}", Error::last_os_error()), } } } } impl PartialOrd for EnvKey { fn partial_cmp(&self, other: &Self) -> Option { Some(self.cmp(other)) } } impl PartialEq for EnvKey { fn eq(&self, other: &Self) -> bool { if self.utf16.len() != other.utf16.len() { false } else { self.cmp(other) == cmp::Ordering::Equal } } } // Environment variable keys should preserve their original case even though // they are compared using a caseless string mapping. impl From for EnvKey { fn from(k: OsString) -> Self { EnvKey { utf16: k.encode_wide().collect(), os_string: k } } } impl From for OsString { fn from(k: EnvKey) -> Self { k.os_string } } impl Borrow for EnvKey { fn borrow(&self) -> &OsStr { &self.os_string } } impl AsRef for EnvKey { fn as_ref(&self) -> &OsStr { &self.os_string } } fn ensure_no_nuls>(str: T) -> io::Result { if str.as_ref().encode_wide().any(|b| b == 0) { Err(io::Error::new_const(ErrorKind::InvalidInput, &"nul byte found in provided data")) } else { Ok(str) } } pub struct Command { program: OsString, args: Vec, env: CommandEnv, cwd: Option, flags: u32, detach: bool, // not currently exposed in std::process stdin: Option, stdout: Option, stderr: Option, force_quotes_enabled: bool, } pub enum Stdio { Inherit, Null, MakePipe, Handle(Handle), } pub struct StdioPipes { pub stdin: Option, pub stdout: Option, pub stderr: Option, } #[derive(Debug)] enum Arg { /// Add quotes (if needed) Regular(OsString), /// Append raw string without quoting Raw(OsString), } impl Command { pub fn new(program: &OsStr) -> Command { Command { program: program.to_os_string(), args: Vec::new(), env: Default::default(), cwd: None, flags: 0, detach: false, stdin: None, stdout: None, stderr: None, force_quotes_enabled: false, } } pub fn arg(&mut self, arg: &OsStr) { self.args.push(Arg::Regular(arg.to_os_string())) } pub fn env_mut(&mut self) -> &mut CommandEnv { &mut self.env } pub fn cwd(&mut self, dir: &OsStr) { self.cwd = Some(dir.to_os_string()) } pub fn stdin(&mut self, stdin: Stdio) { self.stdin = Some(stdin); } pub fn stdout(&mut self, stdout: Stdio) { self.stdout = Some(stdout); } pub fn stderr(&mut self, stderr: Stdio) { self.stderr = Some(stderr); } pub fn creation_flags(&mut self, flags: u32) { self.flags = flags; } pub fn force_quotes(&mut self, enabled: bool) { self.force_quotes_enabled = enabled; } pub fn raw_arg(&mut self, command_str_to_append: &OsStr) { self.args.push(Arg::Raw(command_str_to_append.to_os_string())) } pub fn get_program(&self) -> &OsStr { &self.program } pub fn get_args(&self) -> CommandArgs<'_> { let iter = self.args.iter(); CommandArgs { iter } } pub fn get_envs(&self) -> CommandEnvs<'_> { self.env.iter() } pub fn get_current_dir(&self) -> Option<&Path> { self.cwd.as_ref().map(|cwd| Path::new(cwd)) } pub fn spawn( &mut self, default: Stdio, needs_stdin: bool, ) -> io::Result<(Process, StdioPipes)> { let maybe_env = self.env.capture_if_changed(); // To have the spawning semantics of unix/windows stay the same, we need // to read the *child's* PATH if one is provided. See #15149 for more // details. let program = maybe_env.as_ref().and_then(|env| { if let Some(v) = env.get(OsStr::new("PATH")) { // Split the value and test each path to see if the // program exists. for path in split_paths(&v) { let path = path .join(self.program.to_str().unwrap()) .with_extension(env::consts::EXE_EXTENSION); if fs::metadata(&path).is_ok() { return Some(path.into_os_string()); } } } None }); let mut si = zeroed_startupinfo(); si.cb = mem::size_of::() as c::DWORD; si.dwFlags = c::STARTF_USESTDHANDLES; let program = program.as_ref().unwrap_or(&self.program); let mut cmd_str = make_command_line(program, &self.args, self.force_quotes_enabled)?; cmd_str.push(0); // add null terminator // stolen from the libuv code. let mut flags = self.flags | c::CREATE_UNICODE_ENVIRONMENT; if self.detach { flags |= c::DETACHED_PROCESS | c::CREATE_NEW_PROCESS_GROUP; } let (envp, _data) = make_envp(maybe_env)?; let (dirp, _data) = make_dirp(self.cwd.as_ref())?; let mut pi = zeroed_process_information(); // Prepare all stdio handles to be inherited by the child. This // currently involves duplicating any existing ones with the ability to // be inherited by child processes. Note, however, that once an // inheritable handle is created, *any* spawned child will inherit that // handle. We only want our own child to inherit this handle, so we wrap // the remaining portion of this spawn in a mutex. // // For more information, msdn also has an article about this race: // https://support.microsoft.com/kb/315939 static CREATE_PROCESS_LOCK: StaticMutex = StaticMutex::new(); let _guard = unsafe { CREATE_PROCESS_LOCK.lock() }; let mut pipes = StdioPipes { stdin: None, stdout: None, stderr: None }; let null = Stdio::Null; let default_stdin = if needs_stdin { &default } else { &null }; let stdin = self.stdin.as_ref().unwrap_or(default_stdin); let stdout = self.stdout.as_ref().unwrap_or(&default); let stderr = self.stderr.as_ref().unwrap_or(&default); let stdin = stdin.to_handle(c::STD_INPUT_HANDLE, &mut pipes.stdin)?; let stdout = stdout.to_handle(c::STD_OUTPUT_HANDLE, &mut pipes.stdout)?; let stderr = stderr.to_handle(c::STD_ERROR_HANDLE, &mut pipes.stderr)?; si.hStdInput = stdin.raw(); si.hStdOutput = stdout.raw(); si.hStdError = stderr.raw(); unsafe { cvt(c::CreateProcessW( ptr::null(), cmd_str.as_mut_ptr(), ptr::null_mut(), ptr::null_mut(), c::TRUE, flags, envp, dirp, &mut si, &mut pi, )) }?; // We close the thread handle because we don't care about keeping // the thread id valid, and we aren't keeping the thread handle // around to be able to close it later. drop(Handle::new(pi.hThread)); Ok((Process { handle: Handle::new(pi.hProcess) }, pipes)) } } impl fmt::Debug for Command { fn fmt(&self, f: &mut fmt::Formatter<'_>) -> fmt::Result { self.program.fmt(f)?; for arg in &self.args { f.write_str(" ")?; match arg { Arg::Regular(s) => s.fmt(f), Arg::Raw(s) => f.write_str(&s.to_string_lossy()), }?; } Ok(()) } } impl Stdio { fn to_handle(&self, stdio_id: c::DWORD, pipe: &mut Option) -> io::Result { match *self { // If no stdio handle is available, then inherit means that it // should still be unavailable so propagate the // INVALID_HANDLE_VALUE. Stdio::Inherit => match stdio::get_handle(stdio_id) { Ok(io) => { let io = Handle::new(io); let ret = io.duplicate(0, true, c::DUPLICATE_SAME_ACCESS); io.into_raw(); ret } Err(..) => Ok(Handle::new(c::INVALID_HANDLE_VALUE)), }, Stdio::MakePipe => { let ours_readable = stdio_id != c::STD_INPUT_HANDLE; let pipes = pipe::anon_pipe(ours_readable, true)?; *pipe = Some(pipes.ours); Ok(pipes.theirs.into_handle()) } Stdio::Handle(ref handle) => handle.duplicate(0, true, c::DUPLICATE_SAME_ACCESS), // Open up a reference to NUL with appropriate read/write // permissions as well as the ability to be inherited to child // processes (as this is about to be inherited). Stdio::Null => { let size = mem::size_of::(); let mut sa = c::SECURITY_ATTRIBUTES { nLength: size as c::DWORD, lpSecurityDescriptor: ptr::null_mut(), bInheritHandle: 1, }; let mut opts = OpenOptions::new(); opts.read(stdio_id == c::STD_INPUT_HANDLE); opts.write(stdio_id != c::STD_INPUT_HANDLE); opts.security_attributes(&mut sa); File::open(Path::new("NUL"), &opts).map(|file| file.into_handle()) } } } } impl From for Stdio { fn from(pipe: AnonPipe) -> Stdio { Stdio::Handle(pipe.into_handle()) } } impl From for Stdio { fn from(file: File) -> Stdio { Stdio::Handle(file.into_handle()) } } //////////////////////////////////////////////////////////////////////////////// // Processes //////////////////////////////////////////////////////////////////////////////// /// A value representing a child process. /// /// The lifetime of this value is linked to the lifetime of the actual /// process - the Process destructor calls self.finish() which waits /// for the process to terminate. pub struct Process { handle: Handle, } impl Process { pub fn kill(&mut self) -> io::Result<()> { cvt(unsafe { c::TerminateProcess(self.handle.raw(), 1) })?; Ok(()) } pub fn id(&self) -> u32 { unsafe { c::GetProcessId(self.handle.raw()) as u32 } } pub fn wait(&mut self) -> io::Result { unsafe { let res = c::WaitForSingleObject(self.handle.raw(), c::INFINITE); if res != c::WAIT_OBJECT_0 { return Err(Error::last_os_error()); } let mut status = 0; cvt(c::GetExitCodeProcess(self.handle.raw(), &mut status))?; Ok(ExitStatus(status)) } } pub fn try_wait(&mut self) -> io::Result> { unsafe { match c::WaitForSingleObject(self.handle.raw(), 0) { c::WAIT_OBJECT_0 => {} c::WAIT_TIMEOUT => { return Ok(None); } _ => return Err(io::Error::last_os_error()), } let mut status = 0; cvt(c::GetExitCodeProcess(self.handle.raw(), &mut status))?; Ok(Some(ExitStatus(status))) } } pub fn handle(&self) -> &Handle { &self.handle } pub fn into_handle(self) -> Handle { self.handle } } #[derive(PartialEq, Eq, Clone, Copy, Debug)] pub struct ExitStatus(c::DWORD); impl ExitStatus { pub fn exit_ok(&self) -> Result<(), ExitStatusError> { match NonZeroDWORD::try_from(self.0) { /* was nonzero */ Ok(failure) => Err(ExitStatusError(failure)), /* was zero, couldn't convert */ Err(_) => Ok(()), } } pub fn code(&self) -> Option { Some(self.0 as i32) } } /// Converts a raw `c::DWORD` to a type-safe `ExitStatus` by wrapping it without copying. impl From for ExitStatus { fn from(u: c::DWORD) -> ExitStatus { ExitStatus(u) } } impl fmt::Display for ExitStatus { fn fmt(&self, f: &mut fmt::Formatter<'_>) -> fmt::Result { // Windows exit codes with the high bit set typically mean some form of // unhandled exception or warning. In this scenario printing the exit // code in decimal doesn't always make sense because it's a very large // and somewhat gibberish number. The hex code is a bit more // recognizable and easier to search for, so print that. if self.0 & 0x80000000 != 0 { write!(f, "exit code: {:#x}", self.0) } else { write!(f, "exit code: {}", self.0) } } } #[derive(PartialEq, Eq, Clone, Copy, Debug)] pub struct ExitStatusError(c::NonZeroDWORD); impl Into for ExitStatusError { fn into(self) -> ExitStatus { ExitStatus(self.0.into()) } } impl ExitStatusError { pub fn code(self) -> Option { Some((u32::from(self.0) as i32).try_into().unwrap()) } } #[derive(PartialEq, Eq, Clone, Copy, Debug)] pub struct ExitCode(c::DWORD); impl ExitCode { pub const SUCCESS: ExitCode = ExitCode(EXIT_SUCCESS as _); pub const FAILURE: ExitCode = ExitCode(EXIT_FAILURE as _); #[inline] pub fn as_i32(&self) -> i32 { self.0 as i32 } } fn zeroed_startupinfo() -> c::STARTUPINFO { c::STARTUPINFO { cb: 0, lpReserved: ptr::null_mut(), lpDesktop: ptr::null_mut(), lpTitle: ptr::null_mut(), dwX: 0, dwY: 0, dwXSize: 0, dwYSize: 0, dwXCountChars: 0, dwYCountCharts: 0, dwFillAttribute: 0, dwFlags: 0, wShowWindow: 0, cbReserved2: 0, lpReserved2: ptr::null_mut(), hStdInput: c::INVALID_HANDLE_VALUE, hStdOutput: c::INVALID_HANDLE_VALUE, hStdError: c::INVALID_HANDLE_VALUE, } } fn zeroed_process_information() -> c::PROCESS_INFORMATION { c::PROCESS_INFORMATION { hProcess: ptr::null_mut(), hThread: ptr::null_mut(), dwProcessId: 0, dwThreadId: 0, } } enum Quote { // Every arg is quoted Always, // Whitespace and empty args are quoted Auto, // Arg appended without any changes (#29494) Never, } // Produces a wide string *without terminating null*; returns an error if // `prog` or any of the `args` contain a nul. fn make_command_line(prog: &OsStr, args: &[Arg], force_quotes: bool) -> io::Result> { // Encode the command and arguments in a command line string such // that the spawned process may recover them using CommandLineToArgvW. let mut cmd: Vec = Vec::new(); // Always quote the program name so CreateProcess doesn't interpret args as // part of the name if the binary wasn't found first time. append_arg(&mut cmd, prog, Quote::Always)?; for arg in args { cmd.push(' ' as u16); let (arg, quote) = match arg { Arg::Regular(arg) => (arg, if force_quotes { Quote::Always } else { Quote::Auto }), Arg::Raw(arg) => (arg, Quote::Never), }; append_arg(&mut cmd, arg, quote)?; } return Ok(cmd); fn append_arg(cmd: &mut Vec, arg: &OsStr, quote: Quote) -> io::Result<()> { // If an argument has 0 characters then we need to quote it to ensure // that it actually gets passed through on the command line or otherwise // it will be dropped entirely when parsed on the other end. ensure_no_nuls(arg)?; let arg_bytes = &arg.as_inner().inner.as_inner(); let (quote, escape) = match quote { Quote::Always => (true, true), Quote::Auto => { (arg_bytes.iter().any(|c| *c == b' ' || *c == b'\t') || arg_bytes.is_empty(), true) } Quote::Never => (false, false), }; if quote { cmd.push('"' as u16); } let mut backslashes: usize = 0; for x in arg.encode_wide() { if escape { if x == '\\' as u16 { backslashes += 1; } else { if x == '"' as u16 { // Add n+1 backslashes to total 2n+1 before internal '"'. cmd.extend((0..=backslashes).map(|_| '\\' as u16)); } backslashes = 0; } } cmd.push(x); } if quote { // Add n backslashes to total 2n before ending '"'. cmd.extend((0..backslashes).map(|_| '\\' as u16)); cmd.push('"' as u16); } Ok(()) } } fn make_envp(maybe_env: Option>) -> io::Result<(*mut c_void, Vec)> { // On Windows we pass an "environment block" which is not a char**, but // rather a concatenation of null-terminated k=v\0 sequences, with a final // \0 to terminate. if let Some(env) = maybe_env { let mut blk = Vec::new(); // If there are no environment variables to set then signal this by // pushing a null. if env.is_empty() { blk.push(0); } for (k, v) in env { ensure_no_nuls(k.os_string)?; blk.extend(k.utf16); blk.push('=' as u16); blk.extend(ensure_no_nuls(v)?.encode_wide()); blk.push(0); } blk.push(0); Ok((blk.as_mut_ptr() as *mut c_void, blk)) } else { Ok((ptr::null_mut(), Vec::new())) } } fn make_dirp(d: Option<&OsString>) -> io::Result<(*const u16, Vec)> { match d { Some(dir) => { let mut dir_str: Vec = ensure_no_nuls(dir)?.encode_wide().collect(); dir_str.push(0); Ok((dir_str.as_ptr(), dir_str)) } None => Ok((ptr::null(), Vec::new())), } } pub struct CommandArgs<'a> { iter: crate::slice::Iter<'a, Arg>, } impl<'a> Iterator for CommandArgs<'a> { type Item = &'a OsStr; fn next(&mut self) -> Option<&'a OsStr> { self.iter.next().map(|arg| match arg { Arg::Regular(s) | Arg::Raw(s) => s.as_ref(), }) } fn size_hint(&self) -> (usize, Option) { self.iter.size_hint() } } impl<'a> ExactSizeIterator for CommandArgs<'a> { fn len(&self) -> usize { self.iter.len() } fn is_empty(&self) -> bool { self.iter.is_empty() } } impl<'a> fmt::Debug for CommandArgs<'a> { fn fmt(&self, f: &mut fmt::Formatter<'_>) -> fmt::Result { f.debug_list().entries(self.iter.clone()).finish() } }