1/*- 2 * Copyright (c) 1990, 1993, 1994 3 * The Regents of the University of California. All rights reserved. 4 * 5 * Redistribution and use in source and binary forms, with or without 6 * modification, are permitted provided that the following conditions 7 * are met: 8 * 1. Redistributions of source code must retain the above copyright 9 * notice, this list of conditions and the following disclaimer. 10 * 2. Redistributions in binary form must reproduce the above copyright 11 * notice, this list of conditions and the following disclaimer in the 12 * documentation and/or other materials provided with the distribution. 13 * 4. Neither the name of the University nor the names of its contributors 14 * may be used to endorse or promote products derived from this software 15 * without specific prior written permission. 16 * 17 * THIS SOFTWARE IS PROVIDED BY THE REGENTS AND CONTRIBUTORS ``AS IS'' AND 18 * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE 19 * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE 20 * ARE DISCLAIMED. IN NO EVENT SHALL THE REGENTS OR CONTRIBUTORS BE LIABLE 21 * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL 22 * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS 23 * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) 24 * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT 25 * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY 26 * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF 27 * SUCH DAMAGE. 28 */ 29 30#if 0 31#ifndef lint 32static const char copyright[] = 33"@(#) Copyright (c) 1990, 1993, 1994\n\ 34 The Regents of the University of California. All rights reserved.\n"; 35#endif /* not lint */ 36 37#ifndef lint 38static char sccsid[] = "@(#)rm.c 8.5 (Berkeley) 4/18/94"; 39#endif /* not lint */ 40#endif 41#include <sys/cdefs.h> 42__FBSDID("$FreeBSD$"); 43 44#include <sys/stat.h> 45#include <sys/param.h> 46#include <sys/mount.h> 47 48#include <err.h> 49#include <errno.h> 50#include <fcntl.h> 51#include <fts.h> 52#include <grp.h> 53#include <pwd.h> 54#include <stdio.h> 55#include <stdlib.h> 56#include <string.h> 57#include <sysexits.h> 58#include <unistd.h> 59 60int dflag, eval, fflag, iflag, Pflag, vflag, Wflag, stdin_ok; 61int rflag, Iflag; 62uid_t uid; 63volatile sig_atomic_t info; 64 65static int check(const char *, const char *, struct stat *); 66static int check2(char **); 67static void checkdot(char **); 68static void checkslash(char **); 69static void rm_file(char **); 70static int rm_overwrite(const char *, struct stat *); 71static void rm_tree(char **); 72static void siginfo(int __unused); 73static void usage(void); 74 75/* 76 * rm -- 77 * This rm is different from historic rm's, but is expected to match 78 * POSIX 1003.2 behavior. The most visible difference is that -f 79 * has two specific effects now, ignore non-existent files and force 80 * file removal. 81 */ 82int 83main(int argc, char *argv[]) 84{ 85 int ch; 86 char *p; 87 88 /* 89 * Test for the special case where the utility is called as 90 * "unlink", for which the functionality provided is greatly 91 * simplified. 92 */ 93 if ((p = strrchr(argv[0], '/')) == NULL) 94 p = argv[0]; 95 else 96 ++p; 97 if (strcmp(p, "unlink") == 0) { 98 while (getopt(argc, argv, "") != -1) 99 usage(); 100 argc -= optind; 101 argv += optind; 102 if (argc != 1) 103 usage(); 104 rm_file(&argv[0]); 105 exit(eval); 106 } 107 108 Pflag = rflag = 0; 109 while ((ch = getopt(argc, argv, "dfiIPRrvW")) != -1) 110 switch(ch) { 111 case 'd': 112 dflag = 1; 113 break; 114 case 'f': 115 fflag = 1; 116 iflag = 0; 117 break; 118 case 'i': 119 fflag = 0; 120 iflag = 1; 121 break; 122 case 'I': 123 Iflag = 1; 124 break; 125 case 'P': 126 Pflag = 1; 127 break; 128 case 'R': 129 case 'r': /* Compatibility. */ 130 rflag = 1; 131 break; 132 case 'v': 133 vflag = 1; 134 break; 135 case 'W': 136 Wflag = 1; 137 break; 138 default: 139 usage(); 140 } 141 argc -= optind; 142 argv += optind; 143 144 if (argc < 1) { 145 if (fflag) 146 return (0); 147 usage(); 148 } 149 150 checkdot(argv); 151 if (getenv("POSIXLY_CORRECT") == NULL) 152 checkslash(argv); 153 uid = geteuid(); 154 155 (void)signal(SIGINFO, siginfo); 156 if (*argv) { 157 stdin_ok = isatty(STDIN_FILENO); 158 159 if (Iflag) { 160 if (check2(argv) == 0) 161 exit (1); 162 } 163 if (rflag) 164 rm_tree(argv); 165 else 166 rm_file(argv); 167 } 168 169 exit (eval); 170} 171 172static void 173rm_tree(char **argv) 174{ 175 FTS *fts; 176 FTSENT *p; 177 int needstat; 178 int flags; 179 int rval; 180 181 /* 182 * Remove a file hierarchy. If forcing removal (-f), or interactive 183 * (-i) or can't ask anyway (stdin_ok), don't stat the file. 184 */ 185 needstat = !uid || (!fflag && !iflag && stdin_ok); 186 187 /* 188 * If the -i option is specified, the user can skip on the pre-order 189 * visit. The fts_number field flags skipped directories. 190 */ 191#define SKIPPED 1 192 193 flags = FTS_PHYSICAL; 194 if (!needstat) 195 flags |= FTS_NOSTAT; 196 if (Wflag) 197 flags |= FTS_WHITEOUT; 198 if (!(fts = fts_open(argv, flags, NULL))) { 199 if (fflag && errno == ENOENT) 200 return; 201 err(1, "fts_open"); 202 } 203 while ((p = fts_read(fts)) != NULL) { 204 switch (p->fts_info) { 205 case FTS_DNR: 206 if (!fflag || p->fts_errno != ENOENT) { 207 warnx("%s: %s", 208 p->fts_path, strerror(p->fts_errno)); 209 eval = 1; 210 } 211 continue; 212 case FTS_ERR: 213 errx(1, "%s: %s", p->fts_path, strerror(p->fts_errno)); 214 case FTS_NS: 215 /* 216 * Assume that since fts_read() couldn't stat the 217 * file, it can't be unlinked. 218 */ 219 if (!needstat) 220 break; 221 if (!fflag || p->fts_errno != ENOENT) { 222 warnx("%s: %s", 223 p->fts_path, strerror(p->fts_errno)); 224 eval = 1; 225 } 226 continue; 227 case FTS_D: 228 /* Pre-order: give user chance to skip. */ 229 if (!fflag && !check(p->fts_path, p->fts_accpath, 230 p->fts_statp)) { 231 (void)fts_set(fts, p, FTS_SKIP); 232 p->fts_number = SKIPPED; 233 } 234 else if (!uid && 235 (p->fts_statp->st_flags & (UF_APPEND|UF_IMMUTABLE)) && 236 !(p->fts_statp->st_flags & (SF_APPEND|SF_IMMUTABLE)) && 237 lchflags(p->fts_accpath, 238 p->fts_statp->st_flags &= ~(UF_APPEND|UF_IMMUTABLE)) < 0) 239 goto err; 240 continue; 241 case FTS_DP: 242 /* Post-order: see if user skipped. */ 243 if (p->fts_number == SKIPPED) 244 continue; 245 break; 246 default: 247 if (!fflag && 248 !check(p->fts_path, p->fts_accpath, p->fts_statp)) 249 continue; 250 } 251 252 rval = 0; 253 if (!uid && 254 (p->fts_statp->st_flags & (UF_APPEND|UF_IMMUTABLE)) && 255 !(p->fts_statp->st_flags & (SF_APPEND|SF_IMMUTABLE))) 256 rval = lchflags(p->fts_accpath, 257 p->fts_statp->st_flags &= ~(UF_APPEND|UF_IMMUTABLE)); 258 if (rval == 0) { 259 /* 260 * If we can't read or search the directory, may still be 261 * able to remove it. Don't print out the un{read,search}able 262 * message unless the remove fails. 263 */ 264 switch (p->fts_info) { 265 case FTS_DP: 266 case FTS_DNR: 267 rval = rmdir(p->fts_accpath); 268 if (rval == 0 || (fflag && errno == ENOENT)) { 269 if (rval == 0 && vflag) 270 (void)printf("%s\n", 271 p->fts_path); 272 if (rval == 0 && info) { 273 info = 0; 274 (void)printf("%s\n", 275 p->fts_path); 276 } 277 continue; 278 } 279 break; 280 281 case FTS_W: 282 rval = undelete(p->fts_accpath); 283 if (rval == 0 && (fflag && errno == ENOENT)) { 284 if (vflag) 285 (void)printf("%s\n", 286 p->fts_path); 287 if (info) { 288 info = 0; 289 (void)printf("%s\n", 290 p->fts_path); 291 } 292 continue; 293 } 294 break; 295 296 case FTS_NS: 297 /* 298 * Assume that since fts_read() couldn't stat 299 * the file, it can't be unlinked. 300 */ 301 if (fflag) 302 continue; 303 /* FALLTHROUGH */ 304 305 case FTS_F: 306 case FTS_NSOK: 307 if (Pflag) 308 if (!rm_overwrite(p->fts_accpath, p->fts_info == 309 FTS_NSOK ? NULL : p->fts_statp)) 310 continue; 311 /* FALLTHROUGH */ 312 313 default: 314 rval = unlink(p->fts_accpath); 315 if (rval == 0 || (fflag && errno == ENOENT)) { 316 if (rval == 0 && vflag) 317 (void)printf("%s\n", 318 p->fts_path); 319 if (rval == 0 && info) { 320 info = 0; 321 (void)printf("%s\n", 322 p->fts_path); 323 } 324 continue; 325 } 326 } 327 } 328err: 329 warn("%s", p->fts_path); 330 eval = 1; 331 } 332 if (errno) 333 err(1, "fts_read"); 334 fts_close(fts); 335} 336 337void 338rm_file(char **argv) 339{ 340 struct stat sb; 341 int rval; 342 char *f; 343 344 /* 345 * Remove a file. POSIX 1003.2 states that, by default, attempting 346 * to remove a directory is an error, so must always stat the file. 347 */ 348 while ((f = *argv++) != NULL) { 349 /* Assume if can't stat the file, can't unlink it. */ 350 if (lstat(f, &sb)) { 351 if (Wflag) { 352 sb.st_mode = S_IFWHT|S_IWUSR|S_IRUSR; 353 } else { 354 if (!fflag || errno != ENOENT) { 355 warn("%s", f); 356 eval = 1; 357 } 358 continue; 359 } 360 } else if (Wflag) { 361 warnx("%s: %s", f, strerror(EEXIST)); 362 eval = 1; 363 continue; 364 } 365 366 if (S_ISDIR(sb.st_mode) && !dflag) { 367 warnx("%s: is a directory", f); 368 eval = 1; 369 continue; 370 } 371 if (!fflag && !S_ISWHT(sb.st_mode) && !check(f, f, &sb)) 372 continue; 373 rval = 0; 374 if (!uid && !S_ISWHT(sb.st_mode) && 375 (sb.st_flags & (UF_APPEND|UF_IMMUTABLE)) && 376 !(sb.st_flags & (SF_APPEND|SF_IMMUTABLE))) 377 rval = lchflags(f, sb.st_flags & ~(UF_APPEND|UF_IMMUTABLE)); 378 if (rval == 0) { 379 if (S_ISWHT(sb.st_mode)) 380 rval = undelete(f); 381 else if (S_ISDIR(sb.st_mode)) 382 rval = rmdir(f); 383 else { 384 if (Pflag) 385 if (!rm_overwrite(f, &sb)) 386 continue; 387 rval = unlink(f); 388 } 389 } 390 if (rval && (!fflag || errno != ENOENT)) { 391 warn("%s", f); 392 eval = 1; 393 } 394 if (vflag && rval == 0) 395 (void)printf("%s\n", f); 396 if (info && rval == 0) { 397 info = 0; 398 (void)printf("%s\n", f); 399 } 400 } 401} 402 403/* 404 * rm_overwrite -- 405 * Overwrite the file 3 times with varying bit patterns. 406 * 407 * XXX 408 * This is a cheap way to *really* delete files. Note that only regular 409 * files are deleted, directories (and therefore names) will remain. 410 * Also, this assumes a fixed-block file system (like FFS, or a V7 or a 411 * System V file system). In a logging or COW file system, you'll have to 412 * have kernel support. 413 */ 414int 415rm_overwrite(const char *file, struct stat *sbp) 416{ 417 struct stat sb, sb2; 418 struct statfs fsb; 419 off_t len; 420 int bsize, fd, wlen; 421 char *buf = NULL; 422 423 fd = -1; 424 if (sbp == NULL) { 425 if (lstat(file, &sb)) 426 goto err; 427 sbp = &sb; 428 } 429 if (!S_ISREG(sbp->st_mode)) 430 return (1); 431 if (sbp->st_nlink > 1 && !fflag) { 432 warnx("%s (inode %u): not overwritten due to multiple links", 433 file, sbp->st_ino); 434 return (0); 435 } 436 if ((fd = open(file, O_WRONLY|O_NONBLOCK|O_NOFOLLOW, 0)) == -1) 437 goto err; 438 if (fstat(fd, &sb2)) 439 goto err; 440 if (sb2.st_dev != sbp->st_dev || sb2.st_ino != sbp->st_ino || 441 !S_ISREG(sb2.st_mode)) { 442 errno = EPERM; 443 goto err; 444 } 445 if (fstatfs(fd, &fsb) == -1) 446 goto err; 447 bsize = MAX(fsb.f_iosize, 1024); 448 if ((buf = malloc(bsize)) == NULL) 449 err(1, "%s: malloc", file); 450 451#define PASS(byte) { \ 452 memset(buf, byte, bsize); \ 453 for (len = sbp->st_size; len > 0; len -= wlen) { \ 454 wlen = len < bsize ? len : bsize; \ 455 if (write(fd, buf, wlen) != wlen) \ 456 goto err; \ 457 } \ 458} 459 PASS(0xff); 460 if (fsync(fd) || lseek(fd, (off_t)0, SEEK_SET)) 461 goto err; 462 PASS(0x00); 463 if (fsync(fd) || lseek(fd, (off_t)0, SEEK_SET)) 464 goto err; 465 PASS(0xff); 466 if (!fsync(fd) && !close(fd)) { 467 free(buf); 468 return (1); 469 } 470 471err: eval = 1; 472 if (buf) 473 free(buf); 474 if (fd != -1) 475 close(fd); 476 warn("%s", file); 477 return (0); 478} 479 480 481static int 482check(const char *path, const char *name, struct stat *sp) 483{ 484 int ch, first; 485 char modep[15], *flagsp; 486 487 /* Check -i first. */ 488 if (iflag) 489 (void)fprintf(stderr, "remove %s? ", path); 490 else { 491 /* 492 * If it's not a symbolic link and it's unwritable and we're 493 * talking to a terminal, ask. Symbolic links are excluded 494 * because their permissions are meaningless. Check stdin_ok 495 * first because we may not have stat'ed the file. 496 */ 497 if (!stdin_ok || S_ISLNK(sp->st_mode) || 498 (!access(name, W_OK) && 499 !(sp->st_flags & (SF_APPEND|SF_IMMUTABLE)) && 500 (!(sp->st_flags & (UF_APPEND|UF_IMMUTABLE)) || !uid))) 501 return (1); 502 strmode(sp->st_mode, modep); 503 if ((flagsp = fflagstostr(sp->st_flags)) == NULL) 504 err(1, "fflagstostr"); 505 if (Pflag) 506 errx(1, 507 "%s: -P was specified, but file is not writable", 508 path); 509 (void)fprintf(stderr, "override %s%s%s/%s %s%sfor %s? ", 510 modep + 1, modep[9] == ' ' ? "" : " ", 511 user_from_uid(sp->st_uid, 0), 512 group_from_gid(sp->st_gid, 0), 513 *flagsp ? flagsp : "", *flagsp ? " " : "", 514 path); 515 free(flagsp); 516 } 517 (void)fflush(stderr); 518 519 first = ch = getchar(); 520 while (ch != '\n' && ch != EOF) 521 ch = getchar(); 522 return (first == 'y' || first == 'Y'); 523} 524 525#define ISSLASH(a) ((a)[0] == '/' && (a)[1] == '\0') 526static void 527checkslash(char **argv) 528{ 529 char **t, **u; 530 int complained; 531 532 complained = 0; 533 for (t = argv; *t;) { 534 if (ISSLASH(*t)) { 535 if (!complained++) 536 warnx("\"/\" may not be removed"); 537 eval = 1; 538 for (u = t; u[0] != NULL; ++u) 539 u[0] = u[1]; 540 } else { 541 ++t; 542 } 543 } 544} 545 546static int 547check2(char **argv) 548{ 549 struct stat st; 550 int first; 551 int ch; 552 int fcount = 0; 553 int dcount = 0; 554 int i; 555 const char *dname = NULL; 556 557 for (i = 0; argv[i]; ++i) { 558 if (lstat(argv[i], &st) == 0) { 559 if (S_ISDIR(st.st_mode)) { 560 ++dcount; 561 dname = argv[i]; /* only used if 1 dir */ 562 } else { 563 ++fcount; 564 } 565 } 566 } 567 first = 0; 568 while (first != 'n' && first != 'N' && first != 'y' && first != 'Y') { 569 if (dcount && rflag) { 570 fprintf(stderr, "recursively remove"); 571 if (dcount == 1) 572 fprintf(stderr, " %s", dname); 573 else 574 fprintf(stderr, " %d dirs", dcount); 575 if (fcount == 1) 576 fprintf(stderr, " and 1 file"); 577 else if (fcount > 1) 578 fprintf(stderr, " and %d files", fcount); 579 } else if (dcount + fcount > 3) { 580 fprintf(stderr, "remove %d files", dcount + fcount); 581 } else { 582 return(1); 583 } 584 fprintf(stderr, "? "); 585 fflush(stderr); 586 587 first = ch = getchar(); 588 while (ch != '\n' && ch != EOF) 589 ch = getchar(); 590 if (ch == EOF) 591 break; 592 } 593 return (first == 'y' || first == 'Y'); 594} 595 596#define ISDOT(a) ((a)[0] == '.' && (!(a)[1] || ((a)[1] == '.' && !(a)[2]))) 597static void 598checkdot(char **argv) 599{ 600 char *p, **save, **t; 601 int complained; 602 603 complained = 0; 604 for (t = argv; *t;) { 605 if ((p = strrchr(*t, '/')) != NULL) 606 ++p; 607 else 608 p = *t; 609 if (ISDOT(p)) { 610 if (!complained++) 611 warnx("\".\" and \"..\" may not be removed"); 612 eval = 1; 613 for (save = t; (t[0] = t[1]) != NULL; ++t) 614 continue; 615 t = save; 616 } else 617 ++t; 618 } 619} 620 621static void 622usage(void) 623{ 624 625 (void)fprintf(stderr, "%s\n%s\n", 626 "usage: rm [-f | -i] [-dIPRrvW] file ...", 627 " unlink file"); 628 exit(EX_USAGE); 629} 630 631static void 632siginfo(int sig __unused) 633{ 634 635 info = 1; 636} 637