1 /*- 2 * Copyright (c) 1990, 1993, 1994 3 * The Regents of the University of California. All rights reserved. 4 * 5 * Redistribution and use in source and binary forms, with or without 6 * modification, are permitted provided that the following conditions 7 * are met: 8 * 1. Redistributions of source code must retain the above copyright 9 * notice, this list of conditions and the following disclaimer. 10 * 2. Redistributions in binary form must reproduce the above copyright 11 * notice, this list of conditions and the following disclaimer in the 12 * documentation and/or other materials provided with the distribution. 13 * 4. Neither the name of the University nor the names of its contributors 14 * may be used to endorse or promote products derived from this software 15 * without specific prior written permission. 16 * 17 * THIS SOFTWARE IS PROVIDED BY THE REGENTS AND CONTRIBUTORS ``AS IS'' AND 18 * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE 19 * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE 20 * ARE DISCLAIMED. IN NO EVENT SHALL THE REGENTS OR CONTRIBUTORS BE LIABLE 21 * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL 22 * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS 23 * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) 24 * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT 25 * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY 26 * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF 27 * SUCH DAMAGE. 28 */ 29 30 #if 0 31 #ifndef lint 32 static const char copyright[] = 33 "@(#) Copyright (c) 1990, 1993, 1994\n\ 34 The Regents of the University of California. All rights reserved.\n"; 35 #endif /* not lint */ 36 37 #ifndef lint 38 static char sccsid[] = "@(#)rm.c 8.5 (Berkeley) 4/18/94"; 39 #endif /* not lint */ 40 #endif 41 #include <sys/cdefs.h> 42 __FBSDID("$FreeBSD$"); 43 44 #include <sys/stat.h> 45 #include <sys/param.h> 46 #include <sys/mount.h> 47 48 #include <err.h> 49 #include <errno.h> 50 #include <fcntl.h> 51 #include <fts.h> 52 #include <grp.h> 53 #include <locale.h> 54 #include <pwd.h> 55 #include <stdint.h> 56 #include <stdio.h> 57 #include <stdlib.h> 58 #include <string.h> 59 #include <sysexits.h> 60 #include <unistd.h> 61 62 static int dflag, eval, fflag, iflag, Pflag, vflag, Wflag, stdin_ok; 63 static int rflag, Iflag, xflag; 64 static uid_t uid; 65 static volatile sig_atomic_t info; 66 67 static int check(const char *, const char *, struct stat *); 68 static int check2(char **); 69 static void checkdot(char **); 70 static void checkslash(char **); 71 static void rm_file(char **); 72 static int rm_overwrite(const char *, struct stat *); 73 static void rm_tree(char **); 74 static void siginfo(int __unused); 75 static void usage(void); 76 77 /* 78 * rm -- 79 * This rm is different from historic rm's, but is expected to match 80 * POSIX 1003.2 behavior. The most visible difference is that -f 81 * has two specific effects now, ignore non-existent files and force 82 * file removal. 83 */ 84 int 85 main(int argc, char *argv[]) 86 { 87 int ch; 88 char *p; 89 90 (void)setlocale(LC_ALL, ""); 91 92 /* 93 * Test for the special case where the utility is called as 94 * "unlink", for which the functionality provided is greatly 95 * simplified. 96 */ 97 if ((p = strrchr(argv[0], '/')) == NULL) 98 p = argv[0]; 99 else 100 ++p; 101 if (strcmp(p, "unlink") == 0) { 102 while (getopt(argc, argv, "") != -1) 103 usage(); 104 argc -= optind; 105 argv += optind; 106 if (argc != 1) 107 usage(); 108 rm_file(&argv[0]); 109 exit(eval); 110 } 111 112 Pflag = rflag = xflag = 0; 113 while ((ch = getopt(argc, argv, "dfiIPRrvWx")) != -1) 114 switch(ch) { 115 case 'd': 116 dflag = 1; 117 break; 118 case 'f': 119 fflag = 1; 120 iflag = 0; 121 break; 122 case 'i': 123 fflag = 0; 124 iflag = 1; 125 break; 126 case 'I': 127 Iflag = 1; 128 break; 129 case 'P': 130 Pflag = 1; 131 break; 132 case 'R': 133 case 'r': /* Compatibility. */ 134 rflag = 1; 135 break; 136 case 'v': 137 vflag = 1; 138 break; 139 case 'W': 140 Wflag = 1; 141 break; 142 case 'x': 143 xflag = 1; 144 break; 145 default: 146 usage(); 147 } 148 argc -= optind; 149 argv += optind; 150 151 if (argc < 1) { 152 if (fflag) 153 return (0); 154 usage(); 155 } 156 157 checkdot(argv); 158 if (getenv("POSIXLY_CORRECT") == NULL) 159 checkslash(argv); 160 uid = geteuid(); 161 162 (void)signal(SIGINFO, siginfo); 163 if (*argv) { 164 stdin_ok = isatty(STDIN_FILENO); 165 166 if (Iflag) { 167 if (check2(argv) == 0) 168 exit (1); 169 } 170 if (rflag) 171 rm_tree(argv); 172 else 173 rm_file(argv); 174 } 175 176 exit (eval); 177 } 178 179 static void 180 rm_tree(char **argv) 181 { 182 FTS *fts; 183 FTSENT *p; 184 int needstat; 185 int flags; 186 int rval; 187 188 /* 189 * Remove a file hierarchy. If forcing removal (-f), or interactive 190 * (-i) or can't ask anyway (stdin_ok), don't stat the file. 191 */ 192 needstat = !uid || (!fflag && !iflag && stdin_ok); 193 194 /* 195 * If the -i option is specified, the user can skip on the pre-order 196 * visit. The fts_number field flags skipped directories. 197 */ 198 #define SKIPPED 1 199 200 flags = FTS_PHYSICAL; 201 if (!needstat) 202 flags |= FTS_NOSTAT; 203 if (Wflag) 204 flags |= FTS_WHITEOUT; 205 if (xflag) 206 flags |= FTS_XDEV; 207 if (!(fts = fts_open(argv, flags, NULL))) { 208 if (fflag && errno == ENOENT) 209 return; 210 err(1, "fts_open"); 211 } 212 while ((p = fts_read(fts)) != NULL) { 213 switch (p->fts_info) { 214 case FTS_DNR: 215 if (!fflag || p->fts_errno != ENOENT) { 216 warnx("%s: %s", 217 p->fts_path, strerror(p->fts_errno)); 218 eval = 1; 219 } 220 continue; 221 case FTS_ERR: 222 errx(1, "%s: %s", p->fts_path, strerror(p->fts_errno)); 223 case FTS_NS: 224 /* 225 * Assume that since fts_read() couldn't stat the 226 * file, it can't be unlinked. 227 */ 228 if (!needstat) 229 break; 230 if (!fflag || p->fts_errno != ENOENT) { 231 warnx("%s: %s", 232 p->fts_path, strerror(p->fts_errno)); 233 eval = 1; 234 } 235 continue; 236 case FTS_D: 237 /* Pre-order: give user chance to skip. */ 238 if (!fflag && !check(p->fts_path, p->fts_accpath, 239 p->fts_statp)) { 240 (void)fts_set(fts, p, FTS_SKIP); 241 p->fts_number = SKIPPED; 242 } 243 else if (!uid && 244 (p->fts_statp->st_flags & (UF_APPEND|UF_IMMUTABLE)) && 245 !(p->fts_statp->st_flags & (SF_APPEND|SF_IMMUTABLE)) && 246 lchflags(p->fts_accpath, 247 p->fts_statp->st_flags &= ~(UF_APPEND|UF_IMMUTABLE)) < 0) 248 goto err; 249 continue; 250 case FTS_DP: 251 /* Post-order: see if user skipped. */ 252 if (p->fts_number == SKIPPED) 253 continue; 254 break; 255 default: 256 if (!fflag && 257 !check(p->fts_path, p->fts_accpath, p->fts_statp)) 258 continue; 259 } 260 261 rval = 0; 262 if (!uid && 263 (p->fts_statp->st_flags & (UF_APPEND|UF_IMMUTABLE)) && 264 !(p->fts_statp->st_flags & (SF_APPEND|SF_IMMUTABLE))) 265 rval = lchflags(p->fts_accpath, 266 p->fts_statp->st_flags &= ~(UF_APPEND|UF_IMMUTABLE)); 267 if (rval == 0) { 268 /* 269 * If we can't read or search the directory, may still be 270 * able to remove it. Don't print out the un{read,search}able 271 * message unless the remove fails. 272 */ 273 switch (p->fts_info) { 274 case FTS_DP: 275 case FTS_DNR: 276 rval = rmdir(p->fts_accpath); 277 if (rval == 0 || (fflag && errno == ENOENT)) { 278 if (rval == 0 && vflag) 279 (void)printf("%s\n", 280 p->fts_path); 281 if (rval == 0 && info) { 282 info = 0; 283 (void)printf("%s\n", 284 p->fts_path); 285 } 286 continue; 287 } 288 break; 289 290 case FTS_W: 291 rval = undelete(p->fts_accpath); 292 if (rval == 0 && (fflag && errno == ENOENT)) { 293 if (vflag) 294 (void)printf("%s\n", 295 p->fts_path); 296 if (info) { 297 info = 0; 298 (void)printf("%s\n", 299 p->fts_path); 300 } 301 continue; 302 } 303 break; 304 305 case FTS_NS: 306 /* 307 * Assume that since fts_read() couldn't stat 308 * the file, it can't be unlinked. 309 */ 310 if (fflag) 311 continue; 312 /* FALLTHROUGH */ 313 314 case FTS_F: 315 case FTS_NSOK: 316 if (Pflag) 317 if (!rm_overwrite(p->fts_accpath, p->fts_info == 318 FTS_NSOK ? NULL : p->fts_statp)) 319 continue; 320 /* FALLTHROUGH */ 321 322 default: 323 rval = unlink(p->fts_accpath); 324 if (rval == 0 || (fflag && errno == ENOENT)) { 325 if (rval == 0 && vflag) 326 (void)printf("%s\n", 327 p->fts_path); 328 if (rval == 0 && info) { 329 info = 0; 330 (void)printf("%s\n", 331 p->fts_path); 332 } 333 continue; 334 } 335 } 336 } 337 err: 338 warn("%s", p->fts_path); 339 eval = 1; 340 } 341 if (!fflag && errno) 342 err(1, "fts_read"); 343 fts_close(fts); 344 } 345 346 static void 347 rm_file(char **argv) 348 { 349 struct stat sb; 350 int rval; 351 char *f; 352 353 /* 354 * Remove a file. POSIX 1003.2 states that, by default, attempting 355 * to remove a directory is an error, so must always stat the file. 356 */ 357 while ((f = *argv++) != NULL) { 358 /* Assume if can't stat the file, can't unlink it. */ 359 if (lstat(f, &sb)) { 360 if (Wflag) { 361 sb.st_mode = S_IFWHT|S_IWUSR|S_IRUSR; 362 } else { 363 if (!fflag || errno != ENOENT) { 364 warn("%s", f); 365 eval = 1; 366 } 367 continue; 368 } 369 } else if (Wflag) { 370 warnx("%s: %s", f, strerror(EEXIST)); 371 eval = 1; 372 continue; 373 } 374 375 if (S_ISDIR(sb.st_mode) && !dflag) { 376 warnx("%s: is a directory", f); 377 eval = 1; 378 continue; 379 } 380 if (!fflag && !S_ISWHT(sb.st_mode) && !check(f, f, &sb)) 381 continue; 382 rval = 0; 383 if (!uid && !S_ISWHT(sb.st_mode) && 384 (sb.st_flags & (UF_APPEND|UF_IMMUTABLE)) && 385 !(sb.st_flags & (SF_APPEND|SF_IMMUTABLE))) 386 rval = lchflags(f, sb.st_flags & ~(UF_APPEND|UF_IMMUTABLE)); 387 if (rval == 0) { 388 if (S_ISWHT(sb.st_mode)) 389 rval = undelete(f); 390 else if (S_ISDIR(sb.st_mode)) 391 rval = rmdir(f); 392 else { 393 if (Pflag) 394 if (!rm_overwrite(f, &sb)) 395 continue; 396 rval = unlink(f); 397 } 398 } 399 if (rval && (!fflag || errno != ENOENT)) { 400 warn("%s", f); 401 eval = 1; 402 } 403 if (vflag && rval == 0) 404 (void)printf("%s\n", f); 405 if (info && rval == 0) { 406 info = 0; 407 (void)printf("%s\n", f); 408 } 409 } 410 } 411 412 /* 413 * rm_overwrite -- 414 * Overwrite the file 3 times with varying bit patterns. 415 * 416 * XXX 417 * This is a cheap way to *really* delete files. Note that only regular 418 * files are deleted, directories (and therefore names) will remain. 419 * Also, this assumes a fixed-block file system (like FFS, or a V7 or a 420 * System V file system). In a logging or COW file system, you'll have to 421 * have kernel support. 422 */ 423 static int 424 rm_overwrite(const char *file, struct stat *sbp) 425 { 426 struct stat sb, sb2; 427 struct statfs fsb; 428 off_t len; 429 int bsize, fd, wlen; 430 char *buf = NULL; 431 432 fd = -1; 433 if (sbp == NULL) { 434 if (lstat(file, &sb)) 435 goto err; 436 sbp = &sb; 437 } 438 if (!S_ISREG(sbp->st_mode)) 439 return (1); 440 if (sbp->st_nlink > 1 && !fflag) { 441 warnx("%s (inode %ju): not overwritten due to multiple links", 442 file, (uintmax_t)sbp->st_ino); 443 return (0); 444 } 445 if ((fd = open(file, O_WRONLY|O_NONBLOCK|O_NOFOLLOW, 0)) == -1) 446 goto err; 447 if (fstat(fd, &sb2)) 448 goto err; 449 if (sb2.st_dev != sbp->st_dev || sb2.st_ino != sbp->st_ino || 450 !S_ISREG(sb2.st_mode)) { 451 errno = EPERM; 452 goto err; 453 } 454 if (fstatfs(fd, &fsb) == -1) 455 goto err; 456 bsize = MAX(fsb.f_iosize, 1024); 457 if ((buf = malloc(bsize)) == NULL) 458 err(1, "%s: malloc", file); 459 460 #define PASS(byte) { \ 461 memset(buf, byte, bsize); \ 462 for (len = sbp->st_size; len > 0; len -= wlen) { \ 463 wlen = len < bsize ? len : bsize; \ 464 if (write(fd, buf, wlen) != wlen) \ 465 goto err; \ 466 } \ 467 } 468 PASS(0xff); 469 if (fsync(fd) || lseek(fd, (off_t)0, SEEK_SET)) 470 goto err; 471 PASS(0x00); 472 if (fsync(fd) || lseek(fd, (off_t)0, SEEK_SET)) 473 goto err; 474 PASS(0xff); 475 if (!fsync(fd) && !close(fd)) { 476 free(buf); 477 return (1); 478 } 479 480 err: eval = 1; 481 if (buf) 482 free(buf); 483 if (fd != -1) 484 close(fd); 485 warn("%s", file); 486 return (0); 487 } 488 489 490 static int 491 check(const char *path, const char *name, struct stat *sp) 492 { 493 int ch, first; 494 char modep[15], *flagsp; 495 496 /* Check -i first. */ 497 if (iflag) 498 (void)fprintf(stderr, "remove %s? ", path); 499 else { 500 /* 501 * If it's not a symbolic link and it's unwritable and we're 502 * talking to a terminal, ask. Symbolic links are excluded 503 * because their permissions are meaningless. Check stdin_ok 504 * first because we may not have stat'ed the file. 505 */ 506 if (!stdin_ok || S_ISLNK(sp->st_mode) || 507 (!access(name, W_OK) && 508 !(sp->st_flags & (SF_APPEND|SF_IMMUTABLE)) && 509 (!(sp->st_flags & (UF_APPEND|UF_IMMUTABLE)) || !uid))) 510 return (1); 511 strmode(sp->st_mode, modep); 512 if ((flagsp = fflagstostr(sp->st_flags)) == NULL) 513 err(1, "fflagstostr"); 514 if (Pflag) 515 errx(1, 516 "%s: -P was specified, but file is not writable", 517 path); 518 (void)fprintf(stderr, "override %s%s%s/%s %s%sfor %s? ", 519 modep + 1, modep[9] == ' ' ? "" : " ", 520 user_from_uid(sp->st_uid, 0), 521 group_from_gid(sp->st_gid, 0), 522 *flagsp ? flagsp : "", *flagsp ? " " : "", 523 path); 524 free(flagsp); 525 } 526 (void)fflush(stderr); 527 528 first = ch = getchar(); 529 while (ch != '\n' && ch != EOF) 530 ch = getchar(); 531 return (first == 'y' || first == 'Y'); 532 } 533 534 #define ISSLASH(a) ((a)[0] == '/' && (a)[1] == '\0') 535 static void 536 checkslash(char **argv) 537 { 538 char **t, **u; 539 int complained; 540 541 complained = 0; 542 for (t = argv; *t;) { 543 if (ISSLASH(*t)) { 544 if (!complained++) 545 warnx("\"/\" may not be removed"); 546 eval = 1; 547 for (u = t; u[0] != NULL; ++u) 548 u[0] = u[1]; 549 } else { 550 ++t; 551 } 552 } 553 } 554 555 static int 556 check2(char **argv) 557 { 558 struct stat st; 559 int first; 560 int ch; 561 int fcount = 0; 562 int dcount = 0; 563 int i; 564 const char *dname = NULL; 565 566 for (i = 0; argv[i]; ++i) { 567 if (lstat(argv[i], &st) == 0) { 568 if (S_ISDIR(st.st_mode)) { 569 ++dcount; 570 dname = argv[i]; /* only used if 1 dir */ 571 } else { 572 ++fcount; 573 } 574 } 575 } 576 first = 0; 577 while (first != 'n' && first != 'N' && first != 'y' && first != 'Y') { 578 if (dcount && rflag) { 579 fprintf(stderr, "recursively remove"); 580 if (dcount == 1) 581 fprintf(stderr, " %s", dname); 582 else 583 fprintf(stderr, " %d dirs", dcount); 584 if (fcount == 1) 585 fprintf(stderr, " and 1 file"); 586 else if (fcount > 1) 587 fprintf(stderr, " and %d files", fcount); 588 } else if (dcount + fcount > 3) { 589 fprintf(stderr, "remove %d files", dcount + fcount); 590 } else { 591 return(1); 592 } 593 fprintf(stderr, "? "); 594 fflush(stderr); 595 596 first = ch = getchar(); 597 while (ch != '\n' && ch != EOF) 598 ch = getchar(); 599 if (ch == EOF) 600 break; 601 } 602 return (first == 'y' || first == 'Y'); 603 } 604 605 #define ISDOT(a) ((a)[0] == '.' && (!(a)[1] || ((a)[1] == '.' && !(a)[2]))) 606 static void 607 checkdot(char **argv) 608 { 609 char *p, **save, **t; 610 int complained; 611 612 complained = 0; 613 for (t = argv; *t;) { 614 if ((p = strrchr(*t, '/')) != NULL) 615 ++p; 616 else 617 p = *t; 618 if (ISDOT(p)) { 619 if (!complained++) 620 warnx("\".\" and \"..\" may not be removed"); 621 eval = 1; 622 for (save = t; (t[0] = t[1]) != NULL; ++t) 623 continue; 624 t = save; 625 } else 626 ++t; 627 } 628 } 629 630 static void 631 usage(void) 632 { 633 634 (void)fprintf(stderr, "%s\n%s\n", 635 "usage: rm [-f | -i] [-dIPRrvWx] file ...", 636 " unlink file"); 637 exit(EX_USAGE); 638 } 639 640 static void 641 siginfo(int sig __unused) 642 { 643 644 info = 1; 645 } 646