GCC Code Coverage Report
Directory: ./ Exec Total Coverage
File: bin/rm/rm.c Lines: 78 183 42.6 %
Date: 2017-11-13 Branches: 75 187 40.1 %

Line Branch Exec Source
1
/*	$OpenBSD: rm.c,v 1.42 2017/06/27 21:49:47 tedu Exp $	*/
2
/*	$NetBSD: rm.c,v 1.19 1995/09/07 06:48:50 jtc Exp $	*/
3
4
/*-
5
 * Copyright (c) 1990, 1993, 1994
6
 *	The Regents of the University of California.  All rights reserved.
7
 *
8
 * Redistribution and use in source and binary forms, with or without
9
 * modification, are permitted provided that the following conditions
10
 * are met:
11
 * 1. Redistributions of source code must retain the above copyright
12
 *    notice, this list of conditions and the following disclaimer.
13
 * 2. Redistributions in binary form must reproduce the above copyright
14
 *    notice, this list of conditions and the following disclaimer in the
15
 *    documentation and/or other materials provided with the distribution.
16
 * 3. Neither the name of the University nor the names of its contributors
17
 *    may be used to endorse or promote products derived from this software
18
 *    without specific prior written permission.
19
 *
20
 * THIS SOFTWARE IS PROVIDED BY THE REGENTS AND CONTRIBUTORS ``AS IS'' AND
21
 * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
22
 * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE
23
 * ARE DISCLAIMED.  IN NO EVENT SHALL THE REGENTS OR CONTRIBUTORS BE LIABLE
24
 * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL
25
 * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS
26
 * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
27
 * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT
28
 * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY
29
 * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
30
 * SUCH DAMAGE.
31
 */
32
33
#include <sys/types.h>
34
#include <sys/stat.h>
35
#include <sys/mount.h>
36
37
#include <err.h>
38
#include <errno.h>
39
#include <fcntl.h>
40
#include <fts.h>
41
#include <stdio.h>
42
#include <stdlib.h>
43
#include <string.h>
44
#include <unistd.h>
45
#include <limits.h>
46
#include <pwd.h>
47
#include <grp.h>
48
49
#define MAXIMUM(a, b)	(((a) > (b)) ? (a) : (b))
50
51
extern char *__progname;
52
53
int dflag, eval, fflag, iflag, Pflag, vflag, stdin_ok;
54
55
int	check(char *, char *, struct stat *);
56
void	checkdot(char **);
57
void	rm_file(char **);
58
int	rm_overwrite(char *, struct stat *);
59
int	pass(int, off_t, char *, size_t);
60
void	rm_tree(char **);
61
void	usage(void);
62
63
/*
64
 * rm --
65
 *	This rm is different from historic rm's, but is expected to match
66
 *	POSIX 1003.2 behavior.  The most visible difference is that -f
67
 *	has two specific effects now, ignore non-existent files and force
68
 * 	file removal.
69
 */
70
int
71
main(int argc, char *argv[])
72
{
73
	int ch, rflag;
74
75
34826
	Pflag = rflag = 0;
76
70446
	while ((ch = getopt(argc, argv, "dfiPRrv")) != -1)
77


17810
		switch(ch) {
78
		case 'd':
79
			dflag = 1;
80
			break;
81
		case 'f':
82
17268
			fflag = 1;
83
17268
			iflag = 0;
84
17268
			break;
85
		case 'i':
86
			fflag = 0;
87
			iflag = 1;
88
			break;
89
		case 'P':
90
			Pflag = 1;
91
			break;
92
		case 'R':
93
		case 'r':			/* Compatibility. */
94
			rflag = 1;
95
542
			break;
96
		case 'v':
97
			vflag = 1;
98
			break;
99
		default:
100
			usage();
101
		}
102
17413
	argc -= optind;
103
17413
	argv += optind;
104
105
17413
	if (Pflag) {
106
		if (pledge("stdio rpath wpath cpath getpw flock", NULL) == -1)
107
			err(1, "pledge");
108
	} else {
109
17413
		if (pledge("stdio rpath cpath getpw flock wpath", NULL) == -1)
110
			err(1, "pledge");
111
	}
112
113
17413
	if (argc < 1 && fflag == 0)
114
		usage();
115
116
17413
	checkdot(argv);
117
118
17413
	if (*argv) {
119
17413
		stdin_ok = isatty(STDIN_FILENO);
120
121
17413
		if (rflag)
122
542
			rm_tree(argv);
123
		else
124
16871
			rm_file(argv);
125
	}
126
127
17413
	return (eval);
128
}
129
130
void
131
rm_tree(char **argv)
132
{
133
	FTS *fts;
134
	FTSENT *p;
135
	int needstat;
136
	int flags;
137
138
	/*
139
	 * Remove a file hierarchy.  If forcing removal (-f), or interactive
140
	 * (-i) or can't ask anyway (stdin_ok), don't stat the file.
141
	 */
142
1637
	needstat = !fflag && !iflag && stdin_ok;
143
144
	/*
145
	 * If the -i option is specified, the user can skip on the pre-order
146
	 * visit.  The fts_number field flags skipped directories.
147
	 */
148
#define	SKIPPED	1
149
150
	flags = FTS_PHYSICAL;
151
542
	if (!needstat)
152
531
		flags |= FTS_NOSTAT;
153
542
	if (!(fts = fts_open(argv, flags, NULL)))
154
		err(1, NULL);
155
6151
	while ((p = fts_read(fts)) != NULL) {
156

5067
		switch (p->fts_info) {
157
		case FTS_DNR:
158
			if (!fflag || p->fts_errno != ENOENT) {
159
				warnx("%s: %s",
160
				    p->fts_path, strerror(p->fts_errno));
161
				eval = 1;
162
			}
163
			continue;
164
		case FTS_ERR:
165
			errc(1, p->fts_errno, "%s", p->fts_path);
166
		case FTS_NS:
167
			/*
168
			 * FTS_NS: assume that if can't stat the file, it
169
			 * can't be unlinked.
170
			 */
171
144
			if (!needstat)
172
				break;
173
			if (!fflag || p->fts_errno != ENOENT) {
174
				warnx("%s: %s",
175
				    p->fts_path, strerror(p->fts_errno));
176
				eval = 1;
177
			}
178
			continue;
179
		case FTS_D:
180
			/* Pre-order: give user chance to skip. */
181

720
			if (!fflag && !check(p->fts_path, p->fts_accpath,
182
11
			    p->fts_statp)) {
183
				(void)fts_set(fts, p, FTS_SKIP);
184
				p->fts_number = SKIPPED;
185
			}
186
698
			continue;
187
		case FTS_DP:
188
			/* Post-order: see if user skipped. */
189
698
			if (p->fts_number == SKIPPED)
190
				continue;
191
			break;
192
		default:
193

3574
			if (!fflag &&
194
47
			    !check(p->fts_path, p->fts_accpath, p->fts_statp))
195
				continue;
196
		}
197
198
		/*
199
		 * If we can't read or search the directory, may still be
200
		 * able to remove it.  Don't print out the un{read,search}able
201
		 * message unless the remove fails.
202
		 */
203

7896
		switch (p->fts_info) {
204
		case FTS_DP:
205
		case FTS_DNR:
206

698
			if (!rmdir(p->fts_accpath) ||
207
			    (fflag && errno == ENOENT)) {
208
698
				if (vflag)
209
					fprintf(stdout, "%s\n", p->fts_path);
210
698
				continue;
211
			}
212
			break;
213
214
		case FTS_F:
215
		case FTS_NSOK:
216
3527
			if (Pflag)
217
				rm_overwrite(p->fts_accpath, p->fts_info ==
218
				    FTS_NSOK ? NULL : p->fts_statp);
219
			/* FALLTHROUGH */
220
		default:
221

3815
			if (!unlink(p->fts_accpath) ||
222
288
			    (fflag && errno == ENOENT)) {
223
3671
				if (vflag)
224
					fprintf(stdout, "%s\n", p->fts_path);
225
3671
				continue;
226
			}
227
		}
228
		warn("%s", p->fts_path);
229
		eval = 1;
230
	}
231
542
	if (errno)
232
		err(1, "fts_read");
233
542
	fts_close(fts);
234
542
}
235
236
void
237
rm_file(char **argv)
238
{
239
33742
	struct stat sb;
240
	int rval;
241
	char *f;
242
243
	/*
244
	 * Remove a file.  POSIX 1003.2 states that, by default, attempting
245
	 * to remove a directory is an error, so must always stat the file.
246
	 */
247
144721
	while ((f = *argv++) != NULL) {
248
		/* Assume if can't stat the file, can't unlink it. */
249
70996
		if (lstat(f, &sb)) {
250

62009
			if (!fflag || errno != ENOENT) {
251
17
				warn("%s", f);
252
17
				eval = 1;
253
17
			}
254
31013
			continue;
255
		}
256
257
39983
		if (S_ISDIR(sb.st_mode) && !dflag) {
258
			warnx("%s: is a directory", f);
259
			eval = 1;
260
			continue;
261
		}
262

40123
		if (!fflag && !check(f, f, &sb))
263
			continue;
264
39983
		else if (S_ISDIR(sb.st_mode))
265
			rval = rmdir(f);
266
		else {
267
39983
			if (Pflag)
268
				rm_overwrite(f, &sb);
269
39983
			rval = unlink(f);
270
		}
271

39983
		if (rval && (!fflag || errno != ENOENT)) {
272
			warn("%s", f);
273
			eval = 1;
274
39983
		} else if (vflag)
275
			(void)fprintf(stdout, "%s\n", f);
276
	}
277
16871
}
278
279
/*
280
 * rm_overwrite --
281
 *	Overwrite the file with varying bit patterns.
282
 *
283
 * XXX
284
 * This is a cheap way to *really* delete files.  Note that only regular
285
 * files are deleted, directories (and therefore names) will remain.
286
 * Also, this assumes a fixed-block file system (like FFS, or a V7 or a
287
 * System V file system).  In a logging file system, you'll have to have
288
 * kernel support.
289
 * Returns 1 for success.
290
 */
291
int
292
rm_overwrite(char *file, struct stat *sbp)
293
{
294
	struct stat sb, sb2;
295
	struct statfs fsb;
296
	size_t bsize;
297
	int fd;
298
	char *buf = NULL;
299
300
	fd = -1;
301
	if (sbp == NULL) {
302
		if (lstat(file, &sb))
303
			goto err;
304
		sbp = &sb;
305
	}
306
	if (!S_ISREG(sbp->st_mode))
307
		return (1);
308
	if (sbp->st_nlink > 1) {
309
		warnx("%s (inode %llu): not overwritten due to multiple links",
310
		    file, (unsigned long long)sbp->st_ino);
311
		return (0);
312
	}
313
	if ((fd = open(file, O_WRONLY|O_NONBLOCK|O_NOFOLLOW, 0)) == -1)
314
		goto err;
315
	if (fstat(fd, &sb2))
316
		goto err;
317
	if (sb2.st_dev != sbp->st_dev || sb2.st_ino != sbp->st_ino ||
318
	    !S_ISREG(sb2.st_mode)) {
319
		errno = EPERM;
320
		goto err;
321
	}
322
	if (fstatfs(fd, &fsb) == -1)
323
		goto err;
324
	bsize = MAXIMUM(fsb.f_iosize, 1024U);
325
	if ((buf = malloc(bsize)) == NULL)
326
		err(1, "%s: malloc", file);
327
328
	if (!pass(fd, sbp->st_size, buf, bsize))
329
		goto err;
330
	if (fsync(fd))
331
		goto err;
332
	close(fd);
333
	free(buf);
334
	return (1);
335
336
err:
337
	warn("%s", file);
338
	close(fd);
339
	eval = 1;
340
	free(buf);
341
	return (0);
342
}
343
344
int
345
pass(int fd, off_t len, char *buf, size_t bsize)
346
{
347
	size_t wlen;
348
349
	for (; len > 0; len -= wlen) {
350
		wlen = len < bsize ? len : bsize;
351
		arc4random_buf(buf, wlen);
352
		if (write(fd, buf, wlen) != wlen)
353
			return (0);
354
	}
355
	return (1);
356
}
357
358
int
359
check(char *path, char *name, struct stat *sp)
360
{
361
	int ch, first;
362
396
	char modep[15];
363
364
	/* Check -i first. */
365
198
	if (iflag)
366
		(void)fprintf(stderr, "remove %s? ", path);
367
	else {
368
		/*
369
		 * If it's not a symbolic link and it's unwritable and we're
370
		 * talking to a terminal, ask.  Symbolic links are excluded
371
		 * because their permissions are meaningless.  Check stdin_ok
372
		 * first because we may not have stat'ed the file.
373
		 */
374


570
		if (!stdin_ok || S_ISLNK(sp->st_mode) || !access(name, W_OK) ||
375
		    errno != EACCES)
376
198
			return (1);
377
		strmode(sp->st_mode, modep);
378
		(void)fprintf(stderr, "override %s%s%s/%s for %s? ",
379
		    modep + 1, modep[9] == ' ' ? "" : " ",
380
		    user_from_uid(sp->st_uid, 0),
381
		    group_from_gid(sp->st_gid, 0), path);
382
	}
383
	(void)fflush(stderr);
384
385
	first = ch = getchar();
386
	while (ch != '\n' && ch != EOF)
387
		ch = getchar();
388
	return (first == 'y' || first == 'Y');
389
198
}
390
391
/*
392
 * POSIX.2 requires that if "." or ".." are specified as the basename
393
 * portion of an operand, a diagnostic message be written to standard
394
 * error and nothing more be done with such operands.
395
 *
396
 * Since POSIX.2 defines basename as the final portion of a path after
397
 * trailing slashes have been removed, we'll remove them here.
398
 */
399
#define ISDOT(a) ((a)[0] == '.' && (!(a)[1] || ((a)[1] == '.' && !(a)[2])))
400
void
401
checkdot(char **argv)
402
{
403
	char *p, **save, **t;
404
	int complained;
405
34826
	struct stat sb, root;
406
407
17413
	stat("/", &root);
408
	complained = 0;
409
178418
	for (t = argv; *t;) {
410

71796
		if (lstat(*t, &sb) == 0 &&
411
56944
		    root.st_ino == sb.st_ino && root.st_dev == sb.st_dev) {
412
			if (!complained++)
413
				warnx("\"/\" may not be removed");
414
			goto skip;
415
		}
416
		/* strip trailing slashes */
417
71796
		p = strrchr(*t, '\0');
418

215374
		while (--p > *t && *p == '/')
419
			*p = '\0';
420
421
		/* extract basename */
422
71796
		if ((p = strrchr(*t, '/')) != NULL)
423
785
			++p;
424
		else
425
71011
			p = *t;
426
427


71884
		if (ISDOT(p)) {
428
			if (!complained++)
429
				warnx("\".\" and \"..\" may not be removed");
430
skip:
431
			eval = 1;
432
			for (save = t; (t[0] = t[1]) != NULL; ++t)
433
				continue;
434
			t = save;
435
		} else
436
71796
			++t;
437
	}
438
17413
}
439
440
void
441
usage(void)
442
{
443
	(void)fprintf(stderr, "usage: %s [-dfiPRrv] file ...\n", __progname);
444
	exit(1);
445
}