xref: /freebsd/bin/rm/rm.c (revision 7661de35d15f582ab33e3bd6b8d909601557e436)
1 /*-
2  * Copyright (c) 1990, 1993, 1994
3  *	The Regents of the University of California.  All rights reserved.
4  *
5  * Redistribution and use in source and binary forms, with or without
6  * modification, are permitted provided that the following conditions
7  * are met:
8  * 1. Redistributions of source code must retain the above copyright
9  *    notice, this list of conditions and the following disclaimer.
10  * 2. Redistributions in binary form must reproduce the above copyright
11  *    notice, this list of conditions and the following disclaimer in the
12  *    documentation and/or other materials provided with the distribution.
13  * 4. Neither the name of the University nor the names of its contributors
14  *    may be used to endorse or promote products derived from this software
15  *    without specific prior written permission.
16  *
17  * THIS SOFTWARE IS PROVIDED BY THE REGENTS AND CONTRIBUTORS ``AS IS'' AND
18  * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
19  * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE
20  * ARE DISCLAIMED.  IN NO EVENT SHALL THE REGENTS OR CONTRIBUTORS BE LIABLE
21  * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL
22  * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS
23  * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
24  * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT
25  * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY
26  * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
27  * SUCH DAMAGE.
28  */
29 
30 #if 0
31 #ifndef lint
32 static const char copyright[] =
33 "@(#) Copyright (c) 1990, 1993, 1994\n\
34 	The Regents of the University of California.  All rights reserved.\n";
35 #endif /* not lint */
36 
37 #ifndef lint
38 static char sccsid[] = "@(#)rm.c	8.5 (Berkeley) 4/18/94";
39 #endif /* not lint */
40 #endif
41 #include <sys/cdefs.h>
42 __FBSDID("$FreeBSD$");
43 
44 #include <sys/stat.h>
45 #include <sys/param.h>
46 #include <sys/mount.h>
47 
48 #include <err.h>
49 #include <errno.h>
50 #include <fcntl.h>
51 #include <fts.h>
52 #include <grp.h>
53 #include <pwd.h>
54 #include <stdint.h>
55 #include <stdio.h>
56 #include <stdlib.h>
57 #include <string.h>
58 #include <sysexits.h>
59 #include <unistd.h>
60 
61 static int dflag, eval, fflag, iflag, Pflag, vflag, Wflag, stdin_ok;
62 static int rflag, Iflag, xflag;
63 static uid_t uid;
64 static volatile sig_atomic_t info;
65 
66 static int	check(const char *, const char *, struct stat *);
67 static int	check2(char **);
68 static void	checkdot(char **);
69 static void	checkslash(char **);
70 static void	rm_file(char **);
71 static int	rm_overwrite(const char *, struct stat *);
72 static void	rm_tree(char **);
73 static void siginfo(int __unused);
74 static void	usage(void);
75 
76 /*
77  * rm --
78  *	This rm is different from historic rm's, but is expected to match
79  *	POSIX 1003.2 behavior.	The most visible difference is that -f
80  *	has two specific effects now, ignore non-existent files and force
81  *	file removal.
82  */
83 int
84 main(int argc, char *argv[])
85 {
86 	int ch;
87 	char *p;
88 
89 	/*
90 	 * Test for the special case where the utility is called as
91 	 * "unlink", for which the functionality provided is greatly
92 	 * simplified.
93 	 */
94 	if ((p = strrchr(argv[0], '/')) == NULL)
95 		p = argv[0];
96 	else
97 		++p;
98 	if (strcmp(p, "unlink") == 0) {
99 		while (getopt(argc, argv, "") != -1)
100 			usage();
101 		argc -= optind;
102 		argv += optind;
103 		if (argc != 1)
104 			usage();
105 		rm_file(&argv[0]);
106 		exit(eval);
107 	}
108 
109 	Pflag = rflag = xflag = 0;
110 	while ((ch = getopt(argc, argv, "dfiIPRrvWx")) != -1)
111 		switch(ch) {
112 		case 'd':
113 			dflag = 1;
114 			break;
115 		case 'f':
116 			fflag = 1;
117 			iflag = 0;
118 			break;
119 		case 'i':
120 			fflag = 0;
121 			iflag = 1;
122 			break;
123 		case 'I':
124 			Iflag = 1;
125 			break;
126 		case 'P':
127 			Pflag = 1;
128 			break;
129 		case 'R':
130 		case 'r':			/* Compatibility. */
131 			rflag = 1;
132 			break;
133 		case 'v':
134 			vflag = 1;
135 			break;
136 		case 'W':
137 			Wflag = 1;
138 			break;
139 		case 'x':
140 			xflag = 1;
141 			break;
142 		default:
143 			usage();
144 		}
145 	argc -= optind;
146 	argv += optind;
147 
148 	if (argc < 1) {
149 		if (fflag)
150 			return (0);
151 		usage();
152 	}
153 
154 	checkdot(argv);
155 	if (getenv("POSIXLY_CORRECT") == NULL)
156 		checkslash(argv);
157 	uid = geteuid();
158 
159 	(void)signal(SIGINFO, siginfo);
160 	if (*argv) {
161 		stdin_ok = isatty(STDIN_FILENO);
162 
163 		if (Iflag) {
164 			if (check2(argv) == 0)
165 				exit (1);
166 		}
167 		if (rflag)
168 			rm_tree(argv);
169 		else
170 			rm_file(argv);
171 	}
172 
173 	exit (eval);
174 }
175 
176 static void
177 rm_tree(char **argv)
178 {
179 	FTS *fts;
180 	FTSENT *p;
181 	int needstat;
182 	int flags;
183 	int rval;
184 
185 	/*
186 	 * Remove a file hierarchy.  If forcing removal (-f), or interactive
187 	 * (-i) or can't ask anyway (stdin_ok), don't stat the file.
188 	 */
189 	needstat = !uid || (!fflag && !iflag && stdin_ok);
190 
191 	/*
192 	 * If the -i option is specified, the user can skip on the pre-order
193 	 * visit.  The fts_number field flags skipped directories.
194 	 */
195 #define	SKIPPED	1
196 
197 	flags = FTS_PHYSICAL;
198 	if (!needstat)
199 		flags |= FTS_NOSTAT;
200 	if (Wflag)
201 		flags |= FTS_WHITEOUT;
202 	if (xflag)
203 		flags |= FTS_XDEV;
204 	if (!(fts = fts_open(argv, flags, NULL))) {
205 		if (fflag && errno == ENOENT)
206 			return;
207 		err(1, "fts_open");
208 	}
209 	while ((p = fts_read(fts)) != NULL) {
210 		switch (p->fts_info) {
211 		case FTS_DNR:
212 			if (!fflag || p->fts_errno != ENOENT) {
213 				warnx("%s: %s",
214 				    p->fts_path, strerror(p->fts_errno));
215 				eval = 1;
216 			}
217 			continue;
218 		case FTS_ERR:
219 			errx(1, "%s: %s", p->fts_path, strerror(p->fts_errno));
220 		case FTS_NS:
221 			/*
222 			 * Assume that since fts_read() couldn't stat the
223 			 * file, it can't be unlinked.
224 			 */
225 			if (!needstat)
226 				break;
227 			if (!fflag || p->fts_errno != ENOENT) {
228 				warnx("%s: %s",
229 				    p->fts_path, strerror(p->fts_errno));
230 				eval = 1;
231 			}
232 			continue;
233 		case FTS_D:
234 			/* Pre-order: give user chance to skip. */
235 			if (!fflag && !check(p->fts_path, p->fts_accpath,
236 			    p->fts_statp)) {
237 				(void)fts_set(fts, p, FTS_SKIP);
238 				p->fts_number = SKIPPED;
239 			}
240 			else if (!uid &&
241 				 (p->fts_statp->st_flags & (UF_APPEND|UF_IMMUTABLE)) &&
242 				 !(p->fts_statp->st_flags & (SF_APPEND|SF_IMMUTABLE)) &&
243 				 lchflags(p->fts_accpath,
244 					 p->fts_statp->st_flags &= ~(UF_APPEND|UF_IMMUTABLE)) < 0)
245 				goto err;
246 			continue;
247 		case FTS_DP:
248 			/* Post-order: see if user skipped. */
249 			if (p->fts_number == SKIPPED)
250 				continue;
251 			break;
252 		default:
253 			if (!fflag &&
254 			    !check(p->fts_path, p->fts_accpath, p->fts_statp))
255 				continue;
256 		}
257 
258 		rval = 0;
259 		if (!uid &&
260 		    (p->fts_statp->st_flags & (UF_APPEND|UF_IMMUTABLE)) &&
261 		    !(p->fts_statp->st_flags & (SF_APPEND|SF_IMMUTABLE)))
262 			rval = lchflags(p->fts_accpath,
263 				       p->fts_statp->st_flags &= ~(UF_APPEND|UF_IMMUTABLE));
264 		if (rval == 0) {
265 			/*
266 			 * If we can't read or search the directory, may still be
267 			 * able to remove it.  Don't print out the un{read,search}able
268 			 * message unless the remove fails.
269 			 */
270 			switch (p->fts_info) {
271 			case FTS_DP:
272 			case FTS_DNR:
273 				rval = rmdir(p->fts_accpath);
274 				if (rval == 0 || (fflag && errno == ENOENT)) {
275 					if (rval == 0 && vflag)
276 						(void)printf("%s\n",
277 						    p->fts_path);
278 					if (rval == 0 && info) {
279 						info = 0;
280 						(void)printf("%s\n",
281 						    p->fts_path);
282 					}
283 					continue;
284 				}
285 				break;
286 
287 			case FTS_W:
288 				rval = undelete(p->fts_accpath);
289 				if (rval == 0 && (fflag && errno == ENOENT)) {
290 					if (vflag)
291 						(void)printf("%s\n",
292 						    p->fts_path);
293 					if (info) {
294 						info = 0;
295 						(void)printf("%s\n",
296 						    p->fts_path);
297 					}
298 					continue;
299 				}
300 				break;
301 
302 			case FTS_NS:
303 				/*
304 				 * Assume that since fts_read() couldn't stat
305 				 * the file, it can't be unlinked.
306 				 */
307 				if (fflag)
308 					continue;
309 				/* FALLTHROUGH */
310 
311 			case FTS_F:
312 			case FTS_NSOK:
313 				if (Pflag)
314 					if (!rm_overwrite(p->fts_accpath, p->fts_info ==
315 					    FTS_NSOK ? NULL : p->fts_statp))
316 						continue;
317 				/* FALLTHROUGH */
318 
319 			default:
320 				rval = unlink(p->fts_accpath);
321 				if (rval == 0 || (fflag && errno == ENOENT)) {
322 					if (rval == 0 && vflag)
323 						(void)printf("%s\n",
324 						    p->fts_path);
325 					if (rval == 0 && info) {
326 						info = 0;
327 						(void)printf("%s\n",
328 						    p->fts_path);
329 					}
330 					continue;
331 				}
332 			}
333 		}
334 err:
335 		warn("%s", p->fts_path);
336 		eval = 1;
337 	}
338 	if (errno)
339 		err(1, "fts_read");
340 	fts_close(fts);
341 }
342 
343 static void
344 rm_file(char **argv)
345 {
346 	struct stat sb;
347 	int rval;
348 	char *f;
349 
350 	/*
351 	 * Remove a file.  POSIX 1003.2 states that, by default, attempting
352 	 * to remove a directory is an error, so must always stat the file.
353 	 */
354 	while ((f = *argv++) != NULL) {
355 		/* Assume if can't stat the file, can't unlink it. */
356 		if (lstat(f, &sb)) {
357 			if (Wflag) {
358 				sb.st_mode = S_IFWHT|S_IWUSR|S_IRUSR;
359 			} else {
360 				if (!fflag || errno != ENOENT) {
361 					warn("%s", f);
362 					eval = 1;
363 				}
364 				continue;
365 			}
366 		} else if (Wflag) {
367 			warnx("%s: %s", f, strerror(EEXIST));
368 			eval = 1;
369 			continue;
370 		}
371 
372 		if (S_ISDIR(sb.st_mode) && !dflag) {
373 			warnx("%s: is a directory", f);
374 			eval = 1;
375 			continue;
376 		}
377 		if (!fflag && !S_ISWHT(sb.st_mode) && !check(f, f, &sb))
378 			continue;
379 		rval = 0;
380 		if (!uid && !S_ISWHT(sb.st_mode) &&
381 		    (sb.st_flags & (UF_APPEND|UF_IMMUTABLE)) &&
382 		    !(sb.st_flags & (SF_APPEND|SF_IMMUTABLE)))
383 			rval = lchflags(f, sb.st_flags & ~(UF_APPEND|UF_IMMUTABLE));
384 		if (rval == 0) {
385 			if (S_ISWHT(sb.st_mode))
386 				rval = undelete(f);
387 			else if (S_ISDIR(sb.st_mode))
388 				rval = rmdir(f);
389 			else {
390 				if (Pflag)
391 					if (!rm_overwrite(f, &sb))
392 						continue;
393 				rval = unlink(f);
394 			}
395 		}
396 		if (rval && (!fflag || errno != ENOENT)) {
397 			warn("%s", f);
398 			eval = 1;
399 		}
400 		if (vflag && rval == 0)
401 			(void)printf("%s\n", f);
402 		if (info && rval == 0) {
403 			info = 0;
404 			(void)printf("%s\n", f);
405 		}
406 	}
407 }
408 
409 /*
410  * rm_overwrite --
411  *	Overwrite the file 3 times with varying bit patterns.
412  *
413  * XXX
414  * This is a cheap way to *really* delete files.  Note that only regular
415  * files are deleted, directories (and therefore names) will remain.
416  * Also, this assumes a fixed-block file system (like FFS, or a V7 or a
417  * System V file system).  In a logging or COW file system, you'll have to
418  * have kernel support.
419  */
420 static int
421 rm_overwrite(const char *file, struct stat *sbp)
422 {
423 	struct stat sb, sb2;
424 	struct statfs fsb;
425 	off_t len;
426 	int bsize, fd, wlen;
427 	char *buf = NULL;
428 
429 	fd = -1;
430 	if (sbp == NULL) {
431 		if (lstat(file, &sb))
432 			goto err;
433 		sbp = &sb;
434 	}
435 	if (!S_ISREG(sbp->st_mode))
436 		return (1);
437 	if (sbp->st_nlink > 1 && !fflag) {
438 		warnx("%s (inode %ju): not overwritten due to multiple links",
439 		    file, (uintmax_t)sbp->st_ino);
440 		return (0);
441 	}
442 	if ((fd = open(file, O_WRONLY|O_NONBLOCK|O_NOFOLLOW, 0)) == -1)
443 		goto err;
444 	if (fstat(fd, &sb2))
445 		goto err;
446 	if (sb2.st_dev != sbp->st_dev || sb2.st_ino != sbp->st_ino ||
447 	    !S_ISREG(sb2.st_mode)) {
448 		errno = EPERM;
449 		goto err;
450 	}
451 	if (fstatfs(fd, &fsb) == -1)
452 		goto err;
453 	bsize = MAX(fsb.f_iosize, 1024);
454 	if ((buf = malloc(bsize)) == NULL)
455 		err(1, "%s: malloc", file);
456 
457 #define	PASS(byte) {							\
458 	memset(buf, byte, bsize);					\
459 	for (len = sbp->st_size; len > 0; len -= wlen) {		\
460 		wlen = len < bsize ? len : bsize;			\
461 		if (write(fd, buf, wlen) != wlen)			\
462 			goto err;					\
463 	}								\
464 }
465 	PASS(0xff);
466 	if (fsync(fd) || lseek(fd, (off_t)0, SEEK_SET))
467 		goto err;
468 	PASS(0x00);
469 	if (fsync(fd) || lseek(fd, (off_t)0, SEEK_SET))
470 		goto err;
471 	PASS(0xff);
472 	if (!fsync(fd) && !close(fd)) {
473 		free(buf);
474 		return (1);
475 	}
476 
477 err:	eval = 1;
478 	if (buf)
479 		free(buf);
480 	if (fd != -1)
481 		close(fd);
482 	warn("%s", file);
483 	return (0);
484 }
485 
486 
487 static int
488 check(const char *path, const char *name, struct stat *sp)
489 {
490 	int ch, first;
491 	char modep[15], *flagsp;
492 
493 	/* Check -i first. */
494 	if (iflag)
495 		(void)fprintf(stderr, "remove %s? ", path);
496 	else {
497 		/*
498 		 * If it's not a symbolic link and it's unwritable and we're
499 		 * talking to a terminal, ask.  Symbolic links are excluded
500 		 * because their permissions are meaningless.  Check stdin_ok
501 		 * first because we may not have stat'ed the file.
502 		 */
503 		if (!stdin_ok || S_ISLNK(sp->st_mode) ||
504 		    (!access(name, W_OK) &&
505 		    !(sp->st_flags & (SF_APPEND|SF_IMMUTABLE)) &&
506 		    (!(sp->st_flags & (UF_APPEND|UF_IMMUTABLE)) || !uid)))
507 			return (1);
508 		strmode(sp->st_mode, modep);
509 		if ((flagsp = fflagstostr(sp->st_flags)) == NULL)
510 			err(1, "fflagstostr");
511 		if (Pflag)
512 			errx(1,
513 			    "%s: -P was specified, but file is not writable",
514 			    path);
515 		(void)fprintf(stderr, "override %s%s%s/%s %s%sfor %s? ",
516 		    modep + 1, modep[9] == ' ' ? "" : " ",
517 		    user_from_uid(sp->st_uid, 0),
518 		    group_from_gid(sp->st_gid, 0),
519 		    *flagsp ? flagsp : "", *flagsp ? " " : "",
520 		    path);
521 		free(flagsp);
522 	}
523 	(void)fflush(stderr);
524 
525 	first = ch = getchar();
526 	while (ch != '\n' && ch != EOF)
527 		ch = getchar();
528 	return (first == 'y' || first == 'Y');
529 }
530 
531 #define ISSLASH(a)	((a)[0] == '/' && (a)[1] == '\0')
532 static void
533 checkslash(char **argv)
534 {
535 	char **t, **u;
536 	int complained;
537 
538 	complained = 0;
539 	for (t = argv; *t;) {
540 		if (ISSLASH(*t)) {
541 			if (!complained++)
542 				warnx("\"/\" may not be removed");
543 			eval = 1;
544 			for (u = t; u[0] != NULL; ++u)
545 				u[0] = u[1];
546 		} else {
547 			++t;
548 		}
549 	}
550 }
551 
552 static int
553 check2(char **argv)
554 {
555 	struct stat st;
556 	int first;
557 	int ch;
558 	int fcount = 0;
559 	int dcount = 0;
560 	int i;
561 	const char *dname = NULL;
562 
563 	for (i = 0; argv[i]; ++i) {
564 		if (lstat(argv[i], &st) == 0) {
565 			if (S_ISDIR(st.st_mode)) {
566 				++dcount;
567 				dname = argv[i];    /* only used if 1 dir */
568 			} else {
569 				++fcount;
570 			}
571 		}
572 	}
573 	first = 0;
574 	while (first != 'n' && first != 'N' && first != 'y' && first != 'Y') {
575 		if (dcount && rflag) {
576 			fprintf(stderr, "recursively remove");
577 			if (dcount == 1)
578 				fprintf(stderr, " %s", dname);
579 			else
580 				fprintf(stderr, " %d dirs", dcount);
581 			if (fcount == 1)
582 				fprintf(stderr, " and 1 file");
583 			else if (fcount > 1)
584 				fprintf(stderr, " and %d files", fcount);
585 		} else if (dcount + fcount > 3) {
586 			fprintf(stderr, "remove %d files", dcount + fcount);
587 		} else {
588 			return(1);
589 		}
590 		fprintf(stderr, "? ");
591 		fflush(stderr);
592 
593 		first = ch = getchar();
594 		while (ch != '\n' && ch != EOF)
595 			ch = getchar();
596 		if (ch == EOF)
597 			break;
598 	}
599 	return (first == 'y' || first == 'Y');
600 }
601 
602 #define ISDOT(a)	((a)[0] == '.' && (!(a)[1] || ((a)[1] == '.' && !(a)[2])))
603 static void
604 checkdot(char **argv)
605 {
606 	char *p, **save, **t;
607 	int complained;
608 
609 	complained = 0;
610 	for (t = argv; *t;) {
611 		if ((p = strrchr(*t, '/')) != NULL)
612 			++p;
613 		else
614 			p = *t;
615 		if (ISDOT(p)) {
616 			if (!complained++)
617 				warnx("\".\" and \"..\" may not be removed");
618 			eval = 1;
619 			for (save = t; (t[0] = t[1]) != NULL; ++t)
620 				continue;
621 			t = save;
622 		} else
623 			++t;
624 	}
625 }
626 
627 static void
628 usage(void)
629 {
630 
631 	(void)fprintf(stderr, "%s\n%s\n",
632 	    "usage: rm [-f | -i] [-dIPRrvWx] file ...",
633 	    "       unlink file");
634 	exit(EX_USAGE);
635 }
636 
637 static void
638 siginfo(int sig __unused)
639 {
640 
641 	info = 1;
642 }
643