rm.c revision 331722
1/*- 2 * Copyright (c) 1990, 1993, 1994 3 * The Regents of the University of California. All rights reserved. 4 * 5 * Redistribution and use in source and binary forms, with or without 6 * modification, are permitted provided that the following conditions 7 * are met: 8 * 1. Redistributions of source code must retain the above copyright 9 * notice, this list of conditions and the following disclaimer. 10 * 2. Redistributions in binary form must reproduce the above copyright 11 * notice, this list of conditions and the following disclaimer in the 12 * documentation and/or other materials provided with the distribution. 13 * 4. Neither the name of the University nor the names of its contributors 14 * may be used to endorse or promote products derived from this software 15 * without specific prior written permission. 16 * 17 * THIS SOFTWARE IS PROVIDED BY THE REGENTS AND CONTRIBUTORS ``AS IS'' AND 18 * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE 19 * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE 20 * ARE DISCLAIMED. IN NO EVENT SHALL THE REGENTS OR CONTRIBUTORS BE LIABLE 21 * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL 22 * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS 23 * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) 24 * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT 25 * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY 26 * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF 27 * SUCH DAMAGE. 28 */ 29 30#if 0 31#ifndef lint 32static const char copyright[] = 33"@(#) Copyright (c) 1990, 1993, 1994\n\ 34 The Regents of the University of California. All rights reserved.\n"; 35#endif /* not lint */ 36 37#ifndef lint 38static char sccsid[] = "@(#)rm.c 8.5 (Berkeley) 4/18/94"; 39#endif /* not lint */ 40#endif 41#include <sys/cdefs.h> 42__FBSDID("$FreeBSD: stable/11/bin/rm/rm.c 331722 2018-03-29 02:50:57Z eadler $"); 43 44#include <sys/stat.h> 45#include <sys/param.h> 46#include <sys/mount.h> 47 48#include <err.h> 49#include <errno.h> 50#include <fcntl.h> 51#include <fts.h> 52#include <grp.h> 53#include <locale.h> 54#include <pwd.h> 55#include <stdint.h> 56#include <stdio.h> 57#include <stdlib.h> 58#include <string.h> 59#include <sysexits.h> 60#include <unistd.h> 61 62static int dflag, eval, fflag, iflag, Pflag, vflag, Wflag, stdin_ok; 63static int rflag, Iflag, xflag; 64static uid_t uid; 65static volatile sig_atomic_t info; 66 67static int check(const char *, const char *, struct stat *); 68static int check2(char **); 69static void checkdot(char **); 70static void checkslash(char **); 71static void rm_file(char **); 72static int rm_overwrite(const char *, struct stat *); 73static void rm_tree(char **); 74static void siginfo(int __unused); 75static void usage(void); 76 77/* 78 * rm -- 79 * This rm is different from historic rm's, but is expected to match 80 * POSIX 1003.2 behavior. The most visible difference is that -f 81 * has two specific effects now, ignore non-existent files and force 82 * file removal. 83 */ 84int 85main(int argc, char *argv[]) 86{ 87 int ch; 88 char *p; 89 90 (void)setlocale(LC_ALL, ""); 91 92 /* 93 * Test for the special case where the utility is called as 94 * "unlink", for which the functionality provided is greatly 95 * simplified. 96 */ 97 if ((p = strrchr(argv[0], '/')) == NULL) 98 p = argv[0]; 99 else 100 ++p; 101 if (strcmp(p, "unlink") == 0) { 102 while (getopt(argc, argv, "") != -1) 103 usage(); 104 argc -= optind; 105 argv += optind; 106 if (argc != 1) 107 usage(); 108 rm_file(&argv[0]); 109 exit(eval); 110 } 111 112 Pflag = rflag = xflag = 0; 113 while ((ch = getopt(argc, argv, "dfiIPRrvWx")) != -1) 114 switch(ch) { 115 case 'd': 116 dflag = 1; 117 break; 118 case 'f': 119 fflag = 1; 120 iflag = 0; 121 break; 122 case 'i': 123 fflag = 0; 124 iflag = 1; 125 break; 126 case 'I': 127 Iflag = 1; 128 break; 129 case 'P': 130 Pflag = 1; 131 break; 132 case 'R': 133 case 'r': /* Compatibility. */ 134 rflag = 1; 135 break; 136 case 'v': 137 vflag = 1; 138 break; 139 case 'W': 140 Wflag = 1; 141 break; 142 case 'x': 143 xflag = 1; 144 break; 145 default: 146 usage(); 147 } 148 argc -= optind; 149 argv += optind; 150 151 if (argc < 1) { 152 if (fflag) 153 return (0); 154 usage(); 155 } 156 157 checkdot(argv); 158 checkslash(argv); 159 uid = geteuid(); 160 161 (void)signal(SIGINFO, siginfo); 162 if (*argv) { 163 stdin_ok = isatty(STDIN_FILENO); 164 165 if (Iflag) { 166 if (check2(argv) == 0) 167 exit (1); 168 } 169 if (rflag) 170 rm_tree(argv); 171 else 172 rm_file(argv); 173 } 174 175 exit (eval); 176} 177 178static void 179rm_tree(char **argv) 180{ 181 FTS *fts; 182 FTSENT *p; 183 int needstat; 184 int flags; 185 int rval; 186 187 /* 188 * Remove a file hierarchy. If forcing removal (-f), or interactive 189 * (-i) or can't ask anyway (stdin_ok), don't stat the file. 190 */ 191 needstat = !uid || (!fflag && !iflag && stdin_ok); 192 193 /* 194 * If the -i option is specified, the user can skip on the pre-order 195 * visit. The fts_number field flags skipped directories. 196 */ 197#define SKIPPED 1 198 199 flags = FTS_PHYSICAL; 200 if (!needstat) 201 flags |= FTS_NOSTAT; 202 if (Wflag) 203 flags |= FTS_WHITEOUT; 204 if (xflag) 205 flags |= FTS_XDEV; 206 if (!(fts = fts_open(argv, flags, NULL))) { 207 if (fflag && errno == ENOENT) 208 return; 209 err(1, "fts_open"); 210 } 211 while ((p = fts_read(fts)) != NULL) { 212 switch (p->fts_info) { 213 case FTS_DNR: 214 if (!fflag || p->fts_errno != ENOENT) { 215 warnx("%s: %s", 216 p->fts_path, strerror(p->fts_errno)); 217 eval = 1; 218 } 219 continue; 220 case FTS_ERR: 221 errx(1, "%s: %s", p->fts_path, strerror(p->fts_errno)); 222 case FTS_NS: 223 /* 224 * Assume that since fts_read() couldn't stat the 225 * file, it can't be unlinked. 226 */ 227 if (!needstat) 228 break; 229 if (!fflag || p->fts_errno != ENOENT) { 230 warnx("%s: %s", 231 p->fts_path, strerror(p->fts_errno)); 232 eval = 1; 233 } 234 continue; 235 case FTS_D: 236 /* Pre-order: give user chance to skip. */ 237 if (!fflag && !check(p->fts_path, p->fts_accpath, 238 p->fts_statp)) { 239 (void)fts_set(fts, p, FTS_SKIP); 240 p->fts_number = SKIPPED; 241 } 242 else if (!uid && 243 (p->fts_statp->st_flags & (UF_APPEND|UF_IMMUTABLE)) && 244 !(p->fts_statp->st_flags & (SF_APPEND|SF_IMMUTABLE)) && 245 lchflags(p->fts_accpath, 246 p->fts_statp->st_flags &= ~(UF_APPEND|UF_IMMUTABLE)) < 0) 247 goto err; 248 continue; 249 case FTS_DP: 250 /* Post-order: see if user skipped. */ 251 if (p->fts_number == SKIPPED) 252 continue; 253 break; 254 default: 255 if (!fflag && 256 !check(p->fts_path, p->fts_accpath, p->fts_statp)) 257 continue; 258 } 259 260 rval = 0; 261 if (!uid && 262 (p->fts_statp->st_flags & (UF_APPEND|UF_IMMUTABLE)) && 263 !(p->fts_statp->st_flags & (SF_APPEND|SF_IMMUTABLE))) 264 rval = lchflags(p->fts_accpath, 265 p->fts_statp->st_flags &= ~(UF_APPEND|UF_IMMUTABLE)); 266 if (rval == 0) { 267 /* 268 * If we can't read or search the directory, may still be 269 * able to remove it. Don't print out the un{read,search}able 270 * message unless the remove fails. 271 */ 272 switch (p->fts_info) { 273 case FTS_DP: 274 case FTS_DNR: 275 rval = rmdir(p->fts_accpath); 276 if (rval == 0 || (fflag && errno == ENOENT)) { 277 if (rval == 0 && vflag) 278 (void)printf("%s\n", 279 p->fts_path); 280 if (rval == 0 && info) { 281 info = 0; 282 (void)printf("%s\n", 283 p->fts_path); 284 } 285 continue; 286 } 287 break; 288 289 case FTS_W: 290 rval = undelete(p->fts_accpath); 291 if (rval == 0 && (fflag && errno == ENOENT)) { 292 if (vflag) 293 (void)printf("%s\n", 294 p->fts_path); 295 if (info) { 296 info = 0; 297 (void)printf("%s\n", 298 p->fts_path); 299 } 300 continue; 301 } 302 break; 303 304 case FTS_NS: 305 /* 306 * Assume that since fts_read() couldn't stat 307 * the file, it can't be unlinked. 308 */ 309 if (fflag) 310 continue; 311 /* FALLTHROUGH */ 312 313 case FTS_F: 314 case FTS_NSOK: 315 if (Pflag) 316 if (!rm_overwrite(p->fts_accpath, p->fts_info == 317 FTS_NSOK ? NULL : p->fts_statp)) 318 continue; 319 /* FALLTHROUGH */ 320 321 default: 322 rval = unlink(p->fts_accpath); 323 if (rval == 0 || (fflag && errno == ENOENT)) { 324 if (rval == 0 && vflag) 325 (void)printf("%s\n", 326 p->fts_path); 327 if (rval == 0 && info) { 328 info = 0; 329 (void)printf("%s\n", 330 p->fts_path); 331 } 332 continue; 333 } 334 } 335 } 336err: 337 warn("%s", p->fts_path); 338 eval = 1; 339 } 340 if (!fflag && errno) 341 err(1, "fts_read"); 342 fts_close(fts); 343} 344 345static void 346rm_file(char **argv) 347{ 348 struct stat sb; 349 int rval; 350 char *f; 351 352 /* 353 * Remove a file. POSIX 1003.2 states that, by default, attempting 354 * to remove a directory is an error, so must always stat the file. 355 */ 356 while ((f = *argv++) != NULL) { 357 /* Assume if can't stat the file, can't unlink it. */ 358 if (lstat(f, &sb)) { 359 if (Wflag) { 360 sb.st_mode = S_IFWHT|S_IWUSR|S_IRUSR; 361 } else { 362 if (!fflag || errno != ENOENT) { 363 warn("%s", f); 364 eval = 1; 365 } 366 continue; 367 } 368 } else if (Wflag) { 369 warnx("%s: %s", f, strerror(EEXIST)); 370 eval = 1; 371 continue; 372 } 373 374 if (S_ISDIR(sb.st_mode) && !dflag) { 375 warnx("%s: is a directory", f); 376 eval = 1; 377 continue; 378 } 379 if (!fflag && !S_ISWHT(sb.st_mode) && !check(f, f, &sb)) 380 continue; 381 rval = 0; 382 if (!uid && !S_ISWHT(sb.st_mode) && 383 (sb.st_flags & (UF_APPEND|UF_IMMUTABLE)) && 384 !(sb.st_flags & (SF_APPEND|SF_IMMUTABLE))) 385 rval = lchflags(f, sb.st_flags & ~(UF_APPEND|UF_IMMUTABLE)); 386 if (rval == 0) { 387 if (S_ISWHT(sb.st_mode)) 388 rval = undelete(f); 389 else if (S_ISDIR(sb.st_mode)) 390 rval = rmdir(f); 391 else { 392 if (Pflag) 393 if (!rm_overwrite(f, &sb)) 394 continue; 395 rval = unlink(f); 396 } 397 } 398 if (rval && (!fflag || errno != ENOENT)) { 399 warn("%s", f); 400 eval = 1; 401 } 402 if (vflag && rval == 0) 403 (void)printf("%s\n", f); 404 if (info && rval == 0) { 405 info = 0; 406 (void)printf("%s\n", f); 407 } 408 } 409} 410 411/* 412 * rm_overwrite -- 413 * Overwrite the file 3 times with varying bit patterns. 414 * 415 * XXX 416 * This is a cheap way to *really* delete files. Note that only regular 417 * files are deleted, directories (and therefore names) will remain. 418 * Also, this assumes a fixed-block file system (like FFS, or a V7 or a 419 * System V file system). In a logging or COW file system, you'll have to 420 * have kernel support. 421 */ 422static int 423rm_overwrite(const char *file, struct stat *sbp) 424{ 425 struct stat sb, sb2; 426 struct statfs fsb; 427 off_t len; 428 int bsize, fd, wlen; 429 char *buf = NULL; 430 431 fd = -1; 432 if (sbp == NULL) { 433 if (lstat(file, &sb)) 434 goto err; 435 sbp = &sb; 436 } 437 if (!S_ISREG(sbp->st_mode)) 438 return (1); 439 if (sbp->st_nlink > 1 && !fflag) { 440 warnx("%s (inode %ju): not overwritten due to multiple links", 441 file, (uintmax_t)sbp->st_ino); 442 return (0); 443 } 444 if ((fd = open(file, O_WRONLY|O_NONBLOCK|O_NOFOLLOW, 0)) == -1) 445 goto err; 446 if (fstat(fd, &sb2)) 447 goto err; 448 if (sb2.st_dev != sbp->st_dev || sb2.st_ino != sbp->st_ino || 449 !S_ISREG(sb2.st_mode)) { 450 errno = EPERM; 451 goto err; 452 } 453 if (fstatfs(fd, &fsb) == -1) 454 goto err; 455 bsize = MAX(fsb.f_iosize, 1024); 456 if ((buf = malloc(bsize)) == NULL) 457 err(1, "%s: malloc", file); 458 459#define PASS(byte) { \ 460 memset(buf, byte, bsize); \ 461 for (len = sbp->st_size; len > 0; len -= wlen) { \ 462 wlen = len < bsize ? len : bsize; \ 463 if (write(fd, buf, wlen) != wlen) \ 464 goto err; \ 465 } \ 466} 467 PASS(0xff); 468 if (fsync(fd) || lseek(fd, (off_t)0, SEEK_SET)) 469 goto err; 470 PASS(0x00); 471 if (fsync(fd) || lseek(fd, (off_t)0, SEEK_SET)) 472 goto err; 473 PASS(0xff); 474 if (!fsync(fd) && !close(fd)) { 475 free(buf); 476 return (1); 477 } 478 479err: eval = 1; 480 if (buf) 481 free(buf); 482 if (fd != -1) 483 close(fd); 484 warn("%s", file); 485 return (0); 486} 487 488 489static int 490check(const char *path, const char *name, struct stat *sp) 491{ 492 int ch, first; 493 char modep[15], *flagsp; 494 495 /* Check -i first. */ 496 if (iflag) 497 (void)fprintf(stderr, "remove %s? ", path); 498 else { 499 /* 500 * If it's not a symbolic link and it's unwritable and we're 501 * talking to a terminal, ask. Symbolic links are excluded 502 * because their permissions are meaningless. Check stdin_ok 503 * first because we may not have stat'ed the file. 504 */ 505 if (!stdin_ok || S_ISLNK(sp->st_mode) || 506 (!access(name, W_OK) && 507 !(sp->st_flags & (SF_APPEND|SF_IMMUTABLE)) && 508 (!(sp->st_flags & (UF_APPEND|UF_IMMUTABLE)) || !uid))) 509 return (1); 510 strmode(sp->st_mode, modep); 511 if ((flagsp = fflagstostr(sp->st_flags)) == NULL) 512 err(1, "fflagstostr"); 513 if (Pflag) 514 errx(1, 515 "%s: -P was specified, but file is not writable", 516 path); 517 (void)fprintf(stderr, "override %s%s%s/%s %s%sfor %s? ", 518 modep + 1, modep[10] == ' ' ? "" : " ", 519 user_from_uid(sp->st_uid, 0), 520 group_from_gid(sp->st_gid, 0), 521 *flagsp ? flagsp : "", *flagsp ? " " : "", 522 path); 523 free(flagsp); 524 } 525 (void)fflush(stderr); 526 527 first = ch = getchar(); 528 while (ch != '\n' && ch != EOF) 529 ch = getchar(); 530 return (first == 'y' || first == 'Y'); 531} 532 533#define ISSLASH(a) ((a)[0] == '/' && (a)[1] == '\0') 534static void 535checkslash(char **argv) 536{ 537 char **t, **u; 538 int complained; 539 540 complained = 0; 541 for (t = argv; *t;) { 542 if (ISSLASH(*t)) { 543 if (!complained++) 544 warnx("\"/\" may not be removed"); 545 eval = 1; 546 for (u = t; u[0] != NULL; ++u) 547 u[0] = u[1]; 548 } else { 549 ++t; 550 } 551 } 552} 553 554static int 555check2(char **argv) 556{ 557 struct stat st; 558 int first; 559 int ch; 560 int fcount = 0; 561 int dcount = 0; 562 int i; 563 const char *dname = NULL; 564 565 for (i = 0; argv[i]; ++i) { 566 if (lstat(argv[i], &st) == 0) { 567 if (S_ISDIR(st.st_mode)) { 568 ++dcount; 569 dname = argv[i]; /* only used if 1 dir */ 570 } else { 571 ++fcount; 572 } 573 } 574 } 575 first = 0; 576 while (first != 'n' && first != 'N' && first != 'y' && first != 'Y') { 577 if (dcount && rflag) { 578 fprintf(stderr, "recursively remove"); 579 if (dcount == 1) 580 fprintf(stderr, " %s", dname); 581 else 582 fprintf(stderr, " %d dirs", dcount); 583 if (fcount == 1) 584 fprintf(stderr, " and 1 file"); 585 else if (fcount > 1) 586 fprintf(stderr, " and %d files", fcount); 587 } else if (dcount + fcount > 3) { 588 fprintf(stderr, "remove %d files", dcount + fcount); 589 } else { 590 return(1); 591 } 592 fprintf(stderr, "? "); 593 fflush(stderr); 594 595 first = ch = getchar(); 596 while (ch != '\n' && ch != EOF) 597 ch = getchar(); 598 if (ch == EOF) 599 break; 600 } 601 return (first == 'y' || first == 'Y'); 602} 603 604#define ISDOT(a) ((a)[0] == '.' && (!(a)[1] || ((a)[1] == '.' && !(a)[2]))) 605static void 606checkdot(char **argv) 607{ 608 char *p, **save, **t; 609 int complained; 610 611 complained = 0; 612 for (t = argv; *t;) { 613 if ((p = strrchr(*t, '/')) != NULL) 614 ++p; 615 else 616 p = *t; 617 if (ISDOT(p)) { 618 if (!complained++) 619 warnx("\".\" and \"..\" may not be removed"); 620 eval = 1; 621 for (save = t; (t[0] = t[1]) != NULL; ++t) 622 continue; 623 t = save; 624 } else 625 ++t; 626 } 627} 628 629static void 630usage(void) 631{ 632 633 (void)fprintf(stderr, "%s\n%s\n", 634 "usage: rm [-f | -i] [-dIPRrvWx] file ...", 635 " unlink file"); 636 exit(EX_USAGE); 637} 638 639static void 640siginfo(int sig __unused) 641{ 642 643 info = 1; 644} 645