xref: /freebsd/bin/rm/rm.c (revision 5c52a79884070364bfc920fb8e492cfac61ec72f)
1 /*-
2  * Copyright (c) 1990, 1993, 1994
3  *	The Regents of the University of California.  All rights reserved.
4  *
5  * Redistribution and use in source and binary forms, with or without
6  * modification, are permitted provided that the following conditions
7  * are met:
8  * 1. Redistributions of source code must retain the above copyright
9  *    notice, this list of conditions and the following disclaimer.
10  * 2. Redistributions in binary form must reproduce the above copyright
11  *    notice, this list of conditions and the following disclaimer in the
12  *    documentation and/or other materials provided with the distribution.
13  * 4. Neither the name of the University nor the names of its contributors
14  *    may be used to endorse or promote products derived from this software
15  *    without specific prior written permission.
16  *
17  * THIS SOFTWARE IS PROVIDED BY THE REGENTS AND CONTRIBUTORS ``AS IS'' AND
18  * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
19  * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE
20  * ARE DISCLAIMED.  IN NO EVENT SHALL THE REGENTS OR CONTRIBUTORS BE LIABLE
21  * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL
22  * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS
23  * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
24  * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT
25  * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY
26  * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
27  * SUCH DAMAGE.
28  */
29 
30 #if 0
31 #ifndef lint
32 static const char copyright[] =
33 "@(#) Copyright (c) 1990, 1993, 1994\n\
34 	The Regents of the University of California.  All rights reserved.\n";
35 #endif /* not lint */
36 
37 #ifndef lint
38 static char sccsid[] = "@(#)rm.c	8.5 (Berkeley) 4/18/94";
39 #endif /* not lint */
40 #endif
41 #include <sys/cdefs.h>
42 __FBSDID("$FreeBSD$");
43 
44 #include <sys/stat.h>
45 #include <sys/param.h>
46 #include <sys/mount.h>
47 
48 #include <err.h>
49 #include <errno.h>
50 #include <fcntl.h>
51 #include <fts.h>
52 #include <grp.h>
53 #include <pwd.h>
54 #include <stdio.h>
55 #include <stdlib.h>
56 #include <string.h>
57 #include <sysexits.h>
58 #include <unistd.h>
59 
60 int dflag, eval, fflag, iflag, Pflag, vflag, Wflag, stdin_ok;
61 int rflag, Iflag;
62 uid_t uid;
63 
64 int	check(char *, char *, struct stat *);
65 int	check2(char **);
66 void	checkdot(char **);
67 void	checkslash(char **);
68 void	rm_file(char **);
69 int	rm_overwrite(char *, struct stat *);
70 void	rm_tree(char **);
71 void	usage(void);
72 
73 /*
74  * rm --
75  *	This rm is different from historic rm's, but is expected to match
76  *	POSIX 1003.2 behavior.	The most visible difference is that -f
77  *	has two specific effects now, ignore non-existent files and force
78  *	file removal.
79  */
80 int
81 main(int argc, char *argv[])
82 {
83 	int ch;
84 	char *p;
85 
86 	/*
87 	 * Test for the special case where the utility is called as
88 	 * "unlink", for which the functionality provided is greatly
89 	 * simplified.
90 	 */
91 	if ((p = rindex(argv[0], '/')) == NULL)
92 		p = argv[0];
93 	else
94 		++p;
95 	if (strcmp(p, "unlink") == 0) {
96 		while (getopt(argc, argv, "") != -1)
97 			usage();
98 		argc -= optind;
99 		argv += optind;
100 		if (argc != 1)
101 			usage();
102 		rm_file(&argv[0]);
103 		exit(eval);
104 	}
105 
106 	Pflag = rflag = 0;
107 	while ((ch = getopt(argc, argv, "dfiIPRrvW")) != -1)
108 		switch(ch) {
109 		case 'd':
110 			dflag = 1;
111 			break;
112 		case 'f':
113 			fflag = 1;
114 			iflag = 0;
115 			break;
116 		case 'i':
117 			fflag = 0;
118 			iflag = 1;
119 			break;
120 		case 'I':
121 			Iflag = 1;
122 			break;
123 		case 'P':
124 			Pflag = 1;
125 			break;
126 		case 'R':
127 		case 'r':			/* Compatibility. */
128 			rflag = 1;
129 			break;
130 		case 'v':
131 			vflag = 1;
132 			break;
133 		case 'W':
134 			Wflag = 1;
135 			break;
136 		default:
137 			usage();
138 		}
139 	argc -= optind;
140 	argv += optind;
141 
142 	if (argc < 1) {
143 		if (fflag)
144 			return (0);
145 		usage();
146 	}
147 
148 	checkdot(argv);
149 	if (getenv("POSIXLY_CORRECT") == NULL)
150 		checkslash(argv);
151 	uid = geteuid();
152 
153 	if (*argv) {
154 		stdin_ok = isatty(STDIN_FILENO);
155 
156 		if (Iflag) {
157 			if (check2(argv) == 0)
158 				exit (1);
159 		}
160 		if (rflag)
161 			rm_tree(argv);
162 		else
163 			rm_file(argv);
164 	}
165 
166 	exit (eval);
167 }
168 
169 void
170 rm_tree(char **argv)
171 {
172 	FTS *fts;
173 	FTSENT *p;
174 	int needstat;
175 	int flags;
176 	int rval;
177 
178 	/*
179 	 * Remove a file hierarchy.  If forcing removal (-f), or interactive
180 	 * (-i) or can't ask anyway (stdin_ok), don't stat the file.
181 	 */
182 	needstat = !uid || (!fflag && !iflag && stdin_ok);
183 
184 	/*
185 	 * If the -i option is specified, the user can skip on the pre-order
186 	 * visit.  The fts_number field flags skipped directories.
187 	 */
188 #define	SKIPPED	1
189 
190 	flags = FTS_PHYSICAL;
191 	if (!needstat)
192 		flags |= FTS_NOSTAT;
193 	if (Wflag)
194 		flags |= FTS_WHITEOUT;
195 	if (!(fts = fts_open(argv, flags, NULL))) {
196 		if (fflag && errno == ENOENT)
197 			return;
198 		err(1, "fts_open");
199 	}
200 	while ((p = fts_read(fts)) != NULL) {
201 		switch (p->fts_info) {
202 		case FTS_DNR:
203 			if (!fflag || p->fts_errno != ENOENT) {
204 				warnx("%s: %s",
205 				    p->fts_path, strerror(p->fts_errno));
206 				eval = 1;
207 			}
208 			continue;
209 		case FTS_ERR:
210 			errx(1, "%s: %s", p->fts_path, strerror(p->fts_errno));
211 		case FTS_NS:
212 			/*
213 			 * Assume that since fts_read() couldn't stat the
214 			 * file, it can't be unlinked.
215 			 */
216 			if (!needstat)
217 				break;
218 			if (!fflag || p->fts_errno != ENOENT) {
219 				warnx("%s: %s",
220 				    p->fts_path, strerror(p->fts_errno));
221 				eval = 1;
222 			}
223 			continue;
224 		case FTS_D:
225 			/* Pre-order: give user chance to skip. */
226 			if (!fflag && !check(p->fts_path, p->fts_accpath,
227 			    p->fts_statp)) {
228 				(void)fts_set(fts, p, FTS_SKIP);
229 				p->fts_number = SKIPPED;
230 			}
231 			else if (!uid &&
232 				 (p->fts_statp->st_flags & (UF_APPEND|UF_IMMUTABLE)) &&
233 				 !(p->fts_statp->st_flags & (SF_APPEND|SF_IMMUTABLE)) &&
234 				 chflags(p->fts_accpath,
235 					 p->fts_statp->st_flags &= ~(UF_APPEND|UF_IMMUTABLE)) < 0)
236 				goto err;
237 			continue;
238 		case FTS_DP:
239 			/* Post-order: see if user skipped. */
240 			if (p->fts_number == SKIPPED)
241 				continue;
242 			break;
243 		default:
244 			if (!fflag &&
245 			    !check(p->fts_path, p->fts_accpath, p->fts_statp))
246 				continue;
247 		}
248 
249 		rval = 0;
250 		if (!uid &&
251 		    (p->fts_statp->st_flags & (UF_APPEND|UF_IMMUTABLE)) &&
252 		    !(p->fts_statp->st_flags & (SF_APPEND|SF_IMMUTABLE)))
253 			rval = chflags(p->fts_accpath,
254 				       p->fts_statp->st_flags &= ~(UF_APPEND|UF_IMMUTABLE));
255 		if (rval == 0) {
256 			/*
257 			 * If we can't read or search the directory, may still be
258 			 * able to remove it.  Don't print out the un{read,search}able
259 			 * message unless the remove fails.
260 			 */
261 			switch (p->fts_info) {
262 			case FTS_DP:
263 			case FTS_DNR:
264 				rval = rmdir(p->fts_accpath);
265 				if (rval == 0 || (fflag && errno == ENOENT)) {
266 					if (rval == 0 && vflag)
267 						(void)printf("%s\n",
268 						    p->fts_path);
269 					continue;
270 				}
271 				break;
272 
273 			case FTS_W:
274 				rval = undelete(p->fts_accpath);
275 				if (rval == 0 && (fflag && errno == ENOENT)) {
276 					if (vflag)
277 						(void)printf("%s\n",
278 						    p->fts_path);
279 					continue;
280 				}
281 				break;
282 
283 			case FTS_NS:
284 				/*
285 				 * Assume that since fts_read() couldn't stat
286 				 * the file, it can't be unlinked.
287 				 */
288 				if (fflag)
289 					continue;
290 				/* FALLTHROUGH */
291 			default:
292 				if (Pflag)
293 					if (!rm_overwrite(p->fts_accpath, NULL))
294 						continue;
295 				rval = unlink(p->fts_accpath);
296 				if (rval == 0 || (fflag && errno == ENOENT)) {
297 					if (rval == 0 && vflag)
298 						(void)printf("%s\n",
299 						    p->fts_path);
300 					continue;
301 				}
302 			}
303 		}
304 err:
305 		warn("%s", p->fts_path);
306 		eval = 1;
307 	}
308 	if (errno)
309 		err(1, "fts_read");
310 	fts_close(fts);
311 }
312 
313 void
314 rm_file(char **argv)
315 {
316 	struct stat sb;
317 	int rval;
318 	char *f;
319 
320 	/*
321 	 * Remove a file.  POSIX 1003.2 states that, by default, attempting
322 	 * to remove a directory is an error, so must always stat the file.
323 	 */
324 	while ((f = *argv++) != NULL) {
325 		/* Assume if can't stat the file, can't unlink it. */
326 		if (lstat(f, &sb)) {
327 			if (Wflag) {
328 				sb.st_mode = S_IFWHT|S_IWUSR|S_IRUSR;
329 			} else {
330 				if (!fflag || errno != ENOENT) {
331 					warn("%s", f);
332 					eval = 1;
333 				}
334 				continue;
335 			}
336 		} else if (Wflag) {
337 			warnx("%s: %s", f, strerror(EEXIST));
338 			eval = 1;
339 			continue;
340 		}
341 
342 		if (S_ISDIR(sb.st_mode) && !dflag) {
343 			warnx("%s: is a directory", f);
344 			eval = 1;
345 			continue;
346 		}
347 		if (!fflag && !S_ISWHT(sb.st_mode) && !check(f, f, &sb))
348 			continue;
349 		rval = 0;
350 		if (!uid && !S_ISWHT(sb.st_mode) &&
351 		    (sb.st_flags & (UF_APPEND|UF_IMMUTABLE)) &&
352 		    !(sb.st_flags & (SF_APPEND|SF_IMMUTABLE)))
353 			rval = chflags(f, sb.st_flags & ~(UF_APPEND|UF_IMMUTABLE));
354 		if (rval == 0) {
355 			if (S_ISWHT(sb.st_mode))
356 				rval = undelete(f);
357 			else if (S_ISDIR(sb.st_mode))
358 				rval = rmdir(f);
359 			else {
360 				if (Pflag)
361 					if (!rm_overwrite(f, &sb))
362 						continue;
363 				rval = unlink(f);
364 			}
365 		}
366 		if (rval && (!fflag || errno != ENOENT)) {
367 			warn("%s", f);
368 			eval = 1;
369 		}
370 		if (vflag && rval == 0)
371 			(void)printf("%s\n", f);
372 	}
373 }
374 
375 /*
376  * rm_overwrite --
377  *	Overwrite the file 3 times with varying bit patterns.
378  *
379  * XXX
380  * This is a cheap way to *really* delete files.  Note that only regular
381  * files are deleted, directories (and therefore names) will remain.
382  * Also, this assumes a fixed-block file system (like FFS, or a V7 or a
383  * System V file system).  In a logging file system, you'll have to have
384  * kernel support.
385  */
386 int
387 rm_overwrite(char *file, struct stat *sbp)
388 {
389 	struct stat sb;
390 	struct statfs fsb;
391 	off_t len;
392 	int bsize, fd, wlen;
393 	char *buf = NULL;
394 
395 	fd = -1;
396 	if (sbp == NULL) {
397 		if (lstat(file, &sb))
398 			goto err;
399 		sbp = &sb;
400 	}
401 	if (!S_ISREG(sbp->st_mode))
402 		return (1);
403 	if (sbp->st_nlink > 1 && !fflag) {
404 		warnx("%s (inode %u): not overwritten due to multiple links",
405 		    file, sbp->st_ino);
406 		return (0);
407 	}
408 	if ((fd = open(file, O_WRONLY, 0)) == -1)
409 		goto err;
410 	if (fstatfs(fd, &fsb) == -1)
411 		goto err;
412 	bsize = MAX(fsb.f_iosize, 1024);
413 	if ((buf = malloc(bsize)) == NULL)
414 		err(1, "%s: malloc", file);
415 
416 #define	PASS(byte) {							\
417 	memset(buf, byte, bsize);					\
418 	for (len = sbp->st_size; len > 0; len -= wlen) {		\
419 		wlen = len < bsize ? len : bsize;			\
420 		if (write(fd, buf, wlen) != wlen)			\
421 			goto err;					\
422 	}								\
423 }
424 	PASS(0xff);
425 	if (fsync(fd) || lseek(fd, (off_t)0, SEEK_SET))
426 		goto err;
427 	PASS(0x00);
428 	if (fsync(fd) || lseek(fd, (off_t)0, SEEK_SET))
429 		goto err;
430 	PASS(0xff);
431 	if (!fsync(fd) && !close(fd)) {
432 		free(buf);
433 		return (1);
434 	}
435 
436 err:	eval = 1;
437 	if (buf)
438 		free(buf);
439 	if (fd != -1)
440 		close(fd);
441 	warn("%s", file);
442 	return (0);
443 }
444 
445 
446 int
447 check(char *path, char *name, struct stat *sp)
448 {
449 	int ch, first;
450 	char modep[15], *flagsp;
451 
452 	/* Check -i first. */
453 	if (iflag)
454 		(void)fprintf(stderr, "remove %s? ", path);
455 	else {
456 		/*
457 		 * If it's not a symbolic link and it's unwritable and we're
458 		 * talking to a terminal, ask.	Symbolic links are excluded
459 		 * because their permissions are meaningless.  Check stdin_ok
460 		 * first because we may not have stat'ed the file.
461 		 */
462 		if (!stdin_ok || S_ISLNK(sp->st_mode) ||
463 		    (!access(name, W_OK) &&
464 		    !(sp->st_flags & (SF_APPEND|SF_IMMUTABLE)) &&
465 		    (!(sp->st_flags & (UF_APPEND|UF_IMMUTABLE)) || !uid)))
466 			return (1);
467 		strmode(sp->st_mode, modep);
468 		if ((flagsp = fflagstostr(sp->st_flags)) == NULL)
469 			err(1, "fflagstostr");
470 		if (Pflag)
471 			errx(1,
472 			    "%s: -P was specified, but file is not writable",
473 			    path);
474 		(void)fprintf(stderr, "override %s%s%s/%s %s%sfor %s? ",
475 		    modep + 1, modep[9] == ' ' ? "" : " ",
476 		    user_from_uid(sp->st_uid, 0),
477 		    group_from_gid(sp->st_gid, 0),
478 		    *flagsp ? flagsp : "", *flagsp ? " " : "",
479 		    path);
480 		free(flagsp);
481 	}
482 	(void)fflush(stderr);
483 
484 	first = ch = getchar();
485 	while (ch != '\n' && ch != EOF)
486 		ch = getchar();
487 	return (first == 'y' || first == 'Y');
488 }
489 
490 #define ISSLASH(a)	((a)[0] == '/' && (a)[1] == '\0')
491 void
492 checkslash(char **argv)
493 {
494 	char **t, **u;
495 	int complained;
496 
497 	complained = 0;
498 	for (t = argv; *t;) {
499 		if (ISSLASH(*t)) {
500 			if (!complained++)
501 				warnx("\"/\" may not be removed");
502 			eval = 1;
503 			for (u = t; u[0] != NULL; ++u)
504 				u[0] = u[1];
505 		} else {
506 			++t;
507 		}
508 	}
509 }
510 
511 int
512 check2(char **argv)
513 {
514 	struct stat st;
515 	int first;
516 	int ch;
517 	int fcount = 0;
518 	int dcount = 0;
519 	int i;
520 	const char *dname = NULL;
521 
522 	for (i = 0; argv[i]; ++i) {
523 		if (lstat(argv[i], &st) == 0) {
524 			if (S_ISDIR(st.st_mode)) {
525 				++dcount;
526 				dname = argv[i];    /* only used if 1 dir */
527 			} else {
528 				++fcount;
529 			}
530 		}
531 	}
532 	first = 0;
533 	while (first != 'n' && first != 'N' && first != 'y' && first != 'Y') {
534 		if (dcount && rflag) {
535 			fprintf(stderr, "recursively remove");
536 			if (dcount == 1)
537 				fprintf(stderr, " %s", dname);
538 			else
539 				fprintf(stderr, " %d dirs", dcount);
540 			if (fcount == 1)
541 				fprintf(stderr, " and 1 file");
542 			else if (fcount > 1)
543 				fprintf(stderr, " and %d files", fcount);
544 		} else if (dcount + fcount > 3) {
545 			fprintf(stderr, "remove %d files", dcount + fcount);
546 		} else {
547 			return(1);
548 		}
549 		fprintf(stderr, "? ");
550 		fflush(stderr);
551 
552 		first = ch = getchar();
553 		while (ch != '\n' && ch != EOF)
554 			ch = getchar();
555 		if (ch == EOF)
556 			break;
557 	}
558 	return (first == 'y' || first == 'Y');
559 }
560 
561 #define ISDOT(a)	((a)[0] == '.' && (!(a)[1] || ((a)[1] == '.' && !(a)[2])))
562 void
563 checkdot(char **argv)
564 {
565 	char *p, **save, **t;
566 	int complained;
567 
568 	complained = 0;
569 	for (t = argv; *t;) {
570 		if ((p = strrchr(*t, '/')) != NULL)
571 			++p;
572 		else
573 			p = *t;
574 		if (ISDOT(p)) {
575 			if (!complained++)
576 				warnx("\".\" and \"..\" may not be removed");
577 			eval = 1;
578 			for (save = t; (t[0] = t[1]) != NULL; ++t)
579 				continue;
580 			t = save;
581 		} else
582 			++t;
583 	}
584 }
585 
586 void
587 usage(void)
588 {
589 
590 	(void)fprintf(stderr, "%s\n%s\n",
591 	    "usage: rm [-f | -i] [-dIPRrvW] file ...",
592 	    "       unlink file");
593 	exit(EX_USAGE);
594 }
595