search:
summary | log | graphiclog1 | graphiclog2 | commit | commitdiff | tree | refs | edit | fork
blame | history | raw | HEAD
Update MAINTAINER_TZ_OFFSET on release.
[rsync.git] / syscall.c
blob34a9bba08f19945937f6addde7633d96e9e642b0
1 /*
2 * Syscall wrappers to ensure that nothing gets done in dry_run mode
3 * and to handle system peculiarities.
4 *
5 * Copyright (C) 1998 Andrew Tridgell
6 * Copyright (C) 2002 Martin Pool
7 * Copyright (C) 2003-2022 Wayne Davison
8 *
9 * This program is free software; you can redistribute it and/or modify
10 * it under the terms of the GNU General Public License as published by
11 * the Free Software Foundation; either version 3 of the License, or
12 * (at your option) any later version.
13 *
14 * This program is distributed in the hope that it will be useful,
15 * but WITHOUT ANY WARRANTY; without even the implied warranty of
16 * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
17 * GNU General Public License for more details.
18 *
19 * You should have received a copy of the GNU General Public License along
20 * with this program; if not, visit the http://fsf.org website.
21 */
22
23 #include "rsync.h"
24
25 #if !defined MKNOD_CREATES_SOCKETS && defined HAVE_SYS_UN_H
26 #include <sys/un.h>
27 #endif
28 #ifdef HAVE_SYS_ATTR_H
29 #include <sys/attr.h>
30 #endif
31
32 #if defined HAVE_SYS_FALLOCATE && !defined HAVE_FALLOCATE
33 #include <sys/syscall.h>
34 #endif
35
36 #include "ifuncs.h"
37
38 extern int dry_run;
39 extern int am_root;
40 extern int am_sender;
41 extern int read_only;
42 extern int list_only;
43 extern int inplace;
44 extern int preallocate_files;
45 extern int preserve_perms;
46 extern int preserve_executability;
47 extern int open_noatime;
48 extern int copy_links;
49 extern int copy_unsafe_links;
50
51 #ifndef S_BLKSIZE
52 # if defined hpux || defined __hpux__ || defined __hpux
53 # define S_BLKSIZE 1024
54 # elif defined _AIX && defined _I386
55 # define S_BLKSIZE 4096
56 # else
57 # define S_BLKSIZE 512
58 # endif
59 #endif
60
61 #ifdef SUPPORT_CRTIMES
62 #ifdef HAVE_GETATTRLIST
63 #pragma pack(push, 4)
64 struct create_time {
65 uint32 length;
66 struct timespec crtime;
67 };
68 #pragma pack(pop)
69 #elif defined __CYGWIN__
70 #include <windows.h>
71 #endif
72 #endif
73
74 #define RETURN_ERROR_IF(x,e) \
75 do { \
76 if (x) { \
77 errno = (e); \
78 return -1; \
79 } \
80 } while (0)
81
82 #define RETURN_ERROR_IF_RO_OR_LO RETURN_ERROR_IF(read_only || list_only, EROFS)
83
84 int do_unlink(const char *path)
85 {
86 if (dry_run) return 0;
87 RETURN_ERROR_IF_RO_OR_LO;
88 return unlink(path);
89 }
90
91 #ifdef SUPPORT_LINKS
92 int do_symlink(const char *lnk, const char *path)
93 {
94 if (dry_run) return 0;
95 RETURN_ERROR_IF_RO_OR_LO;
96
97 #if defined NO_SYMLINK_XATTRS || defined NO_SYMLINK_USER_XATTRS
98 /* For --fake-super, we create a normal file with mode 0600
99 * and write the lnk into it. */
100 if (am_root < 0) {
101 int ok, len = strlen(lnk);
102 int fd = open(path, O_WRONLY|O_CREAT|O_TRUNC, S_IWUSR|S_IRUSR);
103 if (fd < 0)
104 return -1;
105 ok = write(fd, lnk, len) == len;
106 if (close(fd) < 0)
107 ok = 0;
108 return ok ? 0 : -1;
109 }
110 #endif
111
112 return symlink(lnk, path);
113 }
114
115 #if defined NO_SYMLINK_XATTRS || defined NO_SYMLINK_USER_XATTRS
116 ssize_t do_readlink(const char *path, char *buf, size_t bufsiz)
117 {
118 /* For --fake-super, we read the link from the file. */
119 if (am_root < 0) {
120 int fd = do_open_nofollow(path, O_RDONLY);
121 if (fd >= 0) {
122 int len = read(fd, buf, bufsiz);
123 close(fd);
124 return len;
125 }
126 if (errno != ELOOP)
127 return -1;
128 /* A real symlink needs to be turned into a fake one on the receiving
129 * side, so tell the generator that the link has no length. */
130 if (!am_sender)
131 return 0;
132 /* Otherwise fall through and let the sender report the real length. */
133 }
134
135 return readlink(path, buf, bufsiz);
136 }
137 #endif
138 #endif
139
140 #if defined HAVE_LINK || defined HAVE_LINKAT
141 int do_link(const char *old_path, const char *new_path)
142 {
143 if (dry_run) return 0;
144 RETURN_ERROR_IF_RO_OR_LO;
145 #ifdef HAVE_LINKAT
146 return linkat(AT_FDCWD, old_path, AT_FDCWD, new_path, 0);
147 #else
148 return link(old_path, new_path);
149 #endif
150 }
151 #endif
152
153 int do_lchown(const char *path, uid_t owner, gid_t group)
154 {
155 if (dry_run) return 0;
156 RETURN_ERROR_IF_RO_OR_LO;
157 #ifndef HAVE_LCHOWN
158 #define lchown chown
159 #endif
160 return lchown(path, owner, group);
161 }
162
163 int do_mknod(const char *pathname, mode_t mode, dev_t dev)
164 {
165 if (dry_run) return 0;
166 RETURN_ERROR_IF_RO_OR_LO;
167
168 /* For --fake-super, we create a normal file with mode 0600. */
169 if (am_root < 0) {
170 int fd = open(pathname, O_WRONLY|O_CREAT|O_TRUNC, S_IWUSR|S_IRUSR);
171 if (fd < 0 || close(fd) < 0)
172 return -1;
173 return 0;
174 }
175
176 #if !defined MKNOD_CREATES_FIFOS && defined HAVE_MKFIFO
177 if (S_ISFIFO(mode))
178 return mkfifo(pathname, mode);
179 #endif
180 #if !defined MKNOD_CREATES_SOCKETS && defined HAVE_SYS_UN_H
181 if (S_ISSOCK(mode)) {
182 int sock;
183 struct sockaddr_un saddr;
184 unsigned int len = strlcpy(saddr.sun_path, pathname, sizeof saddr.sun_path);
185 if (len >= sizeof saddr.sun_path) {
186 errno = ENAMETOOLONG;
187 return -1;
188 }
189 #ifdef HAVE_SOCKADDR_UN_LEN
190 saddr.sun_len = len + 1;
191 #endif
192 saddr.sun_family = AF_UNIX;
193
194 if ((sock = socket(PF_UNIX, SOCK_STREAM, 0)) < 0
195 || (unlink(pathname) < 0 && errno != ENOENT)
196 || (bind(sock, (struct sockaddr*)&saddr, sizeof saddr)) < 0)
197 return -1;
198 close(sock);
199 #ifdef HAVE_CHMOD
200 return do_chmod(pathname, mode);
201 #else
202 return 0;
203 #endif
204 }
205 #endif
206 #ifdef HAVE_MKNOD
207 return mknod(pathname, mode, dev);
208 #else
209 return -1;
210 #endif
211 }
212
213 int do_rmdir(const char *pathname)
214 {
215 if (dry_run) return 0;
216 RETURN_ERROR_IF_RO_OR_LO;
217 return rmdir(pathname);
218 }
219
220 int do_open(const char *pathname, int flags, mode_t mode)
221 {
222 if (flags != O_RDONLY) {
223 RETURN_ERROR_IF(dry_run, 0);
224 RETURN_ERROR_IF_RO_OR_LO;
225 }
226
227 #ifdef O_NOATIME
228 if (open_noatime)
229 flags |= O_NOATIME;
230 #endif
231
232 return open(pathname, flags | O_BINARY, mode);
233 }
234
235 #ifdef HAVE_CHMOD
236 int do_chmod(const char *path, mode_t mode)
237 {
238 static int switch_step = 0;
239 int code;
240
241 if (dry_run) return 0;
242 RETURN_ERROR_IF_RO_OR_LO;
243
244 switch (switch_step) {
245 #ifdef HAVE_LCHMOD
246 case 0:
247 if ((code = lchmod(path, mode & CHMOD_BITS)) == 0)
248 break;
249 if (errno == ENOSYS)
250 switch_step++;
251 else if (errno != ENOTSUP)
252 break;
253 #endif
254 /* FALLTHROUGH */
255 default:
256 if (S_ISLNK(mode)) {
257 # if defined HAVE_SETATTRLIST
258 struct attrlist attrList;
259 uint32_t m = mode & CHMOD_BITS; /* manpage is wrong: not mode_t! */
260
261 memset(&attrList, 0, sizeof attrList);
262 attrList.bitmapcount = ATTR_BIT_MAP_COUNT;
263 attrList.commonattr = ATTR_CMN_ACCESSMASK;
264 if ((code = setattrlist(path, &attrList, &m, sizeof m, FSOPT_NOFOLLOW)) == 0)
265 break;
266 if (errno == ENOTSUP)
267 code = 1;
268 # else
269 code = 1;
270 # endif
271 } else
272 code = chmod(path, mode & CHMOD_BITS); /* DISCOURAGED FUNCTION */
273 break;
274 }
275 if (code != 0 && (preserve_perms || preserve_executability))
276 return code;
277 return 0;
278 }
279 #endif
280
281 int do_rename(const char *old_path, const char *new_path)
282 {
283 if (dry_run) return 0;
284 RETURN_ERROR_IF_RO_OR_LO;
285 return rename(old_path, new_path);
286 }
287
288 #ifdef HAVE_FTRUNCATE
289 int do_ftruncate(int fd, OFF_T size)
290 {
291 int ret;
292
293 if (dry_run) return 0;
294 RETURN_ERROR_IF_RO_OR_LO;
295
296 do {
297 ret = ftruncate(fd, size);
298 } while (ret < 0 && errno == EINTR);
299
300 return ret;
301 }
302 #endif
303
304 void trim_trailing_slashes(char *name)
305 {
306 int l;
307 /* Some BSD systems cannot make a directory if the name
308 * contains a trailing slash.
309 * <http://www.opensource.apple.com/bugs/X/BSD%20Kernel/2734739.html> */
310
311 /* Don't change empty string; and also we can't improve on
312 * "/" */
313
314 l = strlen(name);
315 while (l > 1) {
316 if (name[--l] != '/')
317 break;
318 name[l] = '\0';
319 }
320 }
321
322 int do_mkdir(char *path, mode_t mode)
323 {
324 if (dry_run) return 0;
325 RETURN_ERROR_IF_RO_OR_LO;
326 trim_trailing_slashes(path);
327 return mkdir(path, mode);
328 }
329
330 /* like mkstemp but forces permissions */
331 int do_mkstemp(char *template, mode_t perms)
332 {
333 RETURN_ERROR_IF(dry_run, 0);
334 RETURN_ERROR_IF(read_only, EROFS);
335 perms |= S_IWUSR;
336
337 #if defined HAVE_SECURE_MKSTEMP && defined HAVE_FCHMOD && (!defined HAVE_OPEN64 || defined HAVE_MKSTEMP64)
338 {
339 int fd = mkstemp(template);
340 if (fd == -1)
341 return -1;
342 if (fchmod(fd, perms) != 0 && preserve_perms) {
343 int errno_save = errno;
344 close(fd);
345 unlink(template);
346 errno = errno_save;
347 return -1;
348 }
349 #if defined HAVE_SETMODE && O_BINARY
350 setmode(fd, O_BINARY);
351 #endif
352 return fd;
353 }
354 #else
355 if (!mktemp(template))
356 return -1;
357 return do_open(template, O_RDWR|O_EXCL|O_CREAT, perms);
358 #endif
359 }
360
361 int do_stat(const char *path, STRUCT_STAT *st)
362 {
363 #ifdef USE_STAT64_FUNCS
364 return stat64(path, st);
365 #else
366 return stat(path, st);
367 #endif
368 }
369
370 int do_lstat(const char *path, STRUCT_STAT *st)
371 {
372 #ifdef SUPPORT_LINKS
373 # ifdef USE_STAT64_FUNCS
374 return lstat64(path, st);
375 # else
376 return lstat(path, st);
377 # endif
378 #else
379 return do_stat(path, st);
380 #endif
381 }
382
383 int do_fstat(int fd, STRUCT_STAT *st)
384 {
385 #ifdef USE_STAT64_FUNCS
386 return fstat64(fd, st);
387 #else
388 return fstat(fd, st);
389 #endif
390 }
391
392 OFF_T do_lseek(int fd, OFF_T offset, int whence)
393 {
394 #ifdef HAVE_LSEEK64
395 return lseek64(fd, offset, whence);
396 #else
397 return lseek(fd, offset, whence);
398 #endif
399 }
400
401 #ifdef HAVE_SETATTRLIST
402 int do_setattrlist_times(const char *path, STRUCT_STAT *stp)
403 {
404 struct attrlist attrList;
405 struct timespec ts[2];
406
407 if (dry_run) return 0;
408 RETURN_ERROR_IF_RO_OR_LO;
409
410 /* Yes, this is in the opposite order of utime and similar. */
411 ts[0].tv_sec = stp->st_mtime;
412 ts[0].tv_nsec = stp->ST_MTIME_NSEC;
413
414 ts[1].tv_sec = stp->st_atime;
415 ts[1].tv_nsec = stp->ST_ATIME_NSEC;
416
417 memset(&attrList, 0, sizeof attrList);
418 attrList.bitmapcount = ATTR_BIT_MAP_COUNT;
419 attrList.commonattr = ATTR_CMN_MODTIME | ATTR_CMN_ACCTIME;
420 return setattrlist(path, &attrList, ts, sizeof ts, FSOPT_NOFOLLOW);
421 }
422
423 #ifdef SUPPORT_CRTIMES
424 int do_setattrlist_crtime(const char *path, time_t crtime)
425 {
426 struct attrlist attrList;
427 struct timespec ts;
428
429 if (dry_run) return 0;
430 RETURN_ERROR_IF_RO_OR_LO;
431
432 ts.tv_sec = crtime;
433 ts.tv_nsec = 0;
434
435 memset(&attrList, 0, sizeof attrList);
436 attrList.bitmapcount = ATTR_BIT_MAP_COUNT;
437 attrList.commonattr = ATTR_CMN_CRTIME;
438 return setattrlist(path, &attrList, &ts, sizeof ts, FSOPT_NOFOLLOW);
439 }
440 #endif
441 #endif /* HAVE_SETATTRLIST */
442
443 #ifdef SUPPORT_CRTIMES
444 time_t get_create_time(const char *path, STRUCT_STAT *stp)
445 {
446 #ifdef HAVE_GETATTRLIST
447 static struct create_time attrBuf;
448 struct attrlist attrList;
449
450 (void)stp;
451 memset(&attrList, 0, sizeof attrList);
452 attrList.bitmapcount = ATTR_BIT_MAP_COUNT;
453 attrList.commonattr = ATTR_CMN_CRTIME;
454 if (getattrlist(path, &attrList, &attrBuf, sizeof attrBuf, FSOPT_NOFOLLOW) < 0)
455 return 0;
456 return attrBuf.crtime.tv_sec;
457 #elif defined __CYGWIN__
458 (void)path;
459 return stp->st_birthtime;
460 #else
461 #error Unknown crtimes implementation
462 #endif
463 }
464
465 #if defined __CYGWIN__
466 int do_SetFileTime(const char *path, time_t crtime)
467 {
468 if (dry_run) return 0;
469 RETURN_ERROR_IF_RO_OR_LO;
470
471 int cnt = MultiByteToWideChar(CP_UTF8, 0, path, -1, NULL, 0);
472 if (cnt == 0)
473 return -1;
474 WCHAR *pathw = new_array(WCHAR, cnt);
475 if (!pathw)
476 return -1;
477 MultiByteToWideChar(CP_UTF8, 0, path, -1, pathw, cnt);
478 HANDLE handle = CreateFileW(pathw, FILE_WRITE_ATTRIBUTES, FILE_SHARE_READ | FILE_SHARE_WRITE | FILE_SHARE_DELETE,
479 NULL, OPEN_EXISTING, FILE_FLAG_BACKUP_SEMANTICS, NULL);
480 free(pathw);
481 if (handle == INVALID_HANDLE_VALUE)
482 return -1;
483 int64 temp_time = Int32x32To64(crtime, 10000000) + 116444736000000000LL;
484 FILETIME birth_time;
485 birth_time.dwLowDateTime = (DWORD)temp_time;
486 birth_time.dwHighDateTime = (DWORD)(temp_time >> 32);
487 int ok = SetFileTime(handle, &birth_time, NULL, NULL);
488 CloseHandle(handle);
489 return ok ? 0 : -1;
490 }
491 #endif
492 #endif /* SUPPORT_CRTIMES */
493
494 #ifdef HAVE_UTIMENSAT
495 int do_utimensat(const char *path, STRUCT_STAT *stp)
496 {
497 struct timespec t[2];
498
499 if (dry_run) return 0;
500 RETURN_ERROR_IF_RO_OR_LO;
501
502 t[0].tv_sec = stp->st_atime;
503 #ifdef ST_ATIME_NSEC
504 t[0].tv_nsec = stp->ST_ATIME_NSEC;
505 #else
506 t[0].tv_nsec = 0;
507 #endif
508 t[1].tv_sec = stp->st_mtime;
509 #ifdef ST_MTIME_NSEC
510 t[1].tv_nsec = stp->ST_MTIME_NSEC;
511 #else
512 t[1].tv_nsec = 0;
513 #endif
514 return utimensat(AT_FDCWD, path, t, AT_SYMLINK_NOFOLLOW);
515 }
516 #endif
517
518 #ifdef HAVE_LUTIMES
519 int do_lutimes(const char *path, STRUCT_STAT *stp)
520 {
521 struct timeval t[2];
522
523 if (dry_run) return 0;
524 RETURN_ERROR_IF_RO_OR_LO;
525
526 t[0].tv_sec = stp->st_atime;
527 #ifdef ST_ATIME_NSEC
528 t[0].tv_usec = stp->ST_ATIME_NSEC / 1000;
529 #else
530 t[0].tv_usec = 0;
531 #endif
532 t[1].tv_sec = stp->st_mtime;
533 #ifdef ST_MTIME_NSEC
534 t[1].tv_usec = stp->ST_MTIME_NSEC / 1000;
535 #else
536 t[1].tv_usec = 0;
537 #endif
538 return lutimes(path, t);
539 }
540 #endif
541
542 #ifdef HAVE_UTIMES
543 int do_utimes(const char *path, STRUCT_STAT *stp)
544 {
545 struct timeval t[2];
546
547 if (dry_run) return 0;
548 RETURN_ERROR_IF_RO_OR_LO;
549
550 t[0].tv_sec = stp->st_atime;
551 #ifdef ST_ATIME_NSEC
552 t[0].tv_usec = stp->ST_ATIME_NSEC / 1000;
553 #else
554 t[0].tv_usec = 0;
555 #endif
556 t[1].tv_sec = stp->st_mtime;
557 #ifdef ST_MTIME_NSEC
558 t[1].tv_usec = stp->ST_MTIME_NSEC / 1000;
559 #else
560 t[1].tv_usec = 0;
561 #endif
562 return utimes(path, t);
563 }
564
565 #elif defined HAVE_UTIME
566 int do_utime(const char *path, STRUCT_STAT *stp)
567 {
568 #ifdef HAVE_STRUCT_UTIMBUF
569 struct utimbuf tbuf;
570 #else
571 time_t t[2];
572 #endif
573
574 if (dry_run) return 0;
575 RETURN_ERROR_IF_RO_OR_LO;
576
577 # ifdef HAVE_STRUCT_UTIMBUF
578 tbuf.actime = stp->st_atime;
579 tbuf.modtime = stp->st_mtime;
580 return utime(path, &tbuf);
581 # else
582 t[0] = stp->st_atime;
583 t[1] = stp->st_mtime;
584 return utime(path, t);
585 # endif
586 }
587
588 #else
589 #error Need utimes or utime function.
590 #endif
591
592 #ifdef SUPPORT_PREALLOCATION
593 #ifdef FALLOC_FL_KEEP_SIZE
594 #define DO_FALLOC_OPTIONS FALLOC_FL_KEEP_SIZE
595 #else
596 #define DO_FALLOC_OPTIONS 0
597 #endif
598
599 OFF_T do_fallocate(int fd, OFF_T offset, OFF_T length)
600 {
601 int opts = inplace || preallocate_files ? DO_FALLOC_OPTIONS : 0;
602 int ret;
603 RETURN_ERROR_IF(dry_run, 0);
604 RETURN_ERROR_IF_RO_OR_LO;
605 if (length & 1) /* make the length not match the desired length */
606 length++;
607 else
608 length--;
609 #if defined HAVE_FALLOCATE
610 ret = fallocate(fd, opts, offset, length);
611 #elif defined HAVE_SYS_FALLOCATE
612 ret = syscall(SYS_fallocate, fd, opts, (loff_t)offset, (loff_t)length);
613 #elif defined HAVE_EFFICIENT_POSIX_FALLOCATE
614 ret = posix_fallocate(fd, offset, length);
615 #else
616 #error Coding error in SUPPORT_PREALLOCATION logic.
617 #endif
618 if (ret < 0)
619 return ret;
620 if (opts == 0) {
621 STRUCT_STAT st;
622 if (do_fstat(fd, &st) < 0)
623 return length;
624 return st.st_blocks * S_BLKSIZE;
625 }
626 return 0;
627 }
628 #endif
629
630 /* Punch a hole at pos for len bytes. The current file position must be at pos and will be
631 * changed to be at pos + len. */
632 int do_punch_hole(int fd, OFF_T pos, OFF_T len)
633 {
634 #ifdef HAVE_FALLOCATE
635 # ifdef HAVE_FALLOC_FL_PUNCH_HOLE
636 if (fallocate(fd, FALLOC_FL_PUNCH_HOLE | FALLOC_FL_KEEP_SIZE, pos, len) == 0) {
637 if (do_lseek(fd, len, SEEK_CUR) != pos + len)
638 return -1;
639 return 0;
640 }
641 # endif
642 # ifdef HAVE_FALLOC_FL_ZERO_RANGE
643 if (fallocate(fd, FALLOC_FL_ZERO_RANGE, pos, len) == 0) {
644 if (do_lseek(fd, len, SEEK_CUR) != pos + len)
645 return -1;
646 return 0;
647 }
648 # endif
649 #else
650 (void)pos;
651 #endif
652 {
653 char zeros[4096];
654 memset(zeros, 0, sizeof zeros);
655 while (len > 0) {
656 int chunk = len > (int)sizeof zeros ? (int)sizeof zeros : len;
657 int wrote = write(fd, zeros, chunk);
658 if (wrote <= 0) {
659 if (wrote < 0 && errno == EINTR)
660 continue;
661 return -1;
662 }
663 len -= wrote;
664 }
665 }
666 return 0;
667 }
668
669 int do_open_nofollow(const char *pathname, int flags)
670 {
671 #ifndef O_NOFOLLOW
672 STRUCT_STAT f_st, l_st;
673 #endif
674 int fd;
675
676 if (flags != O_RDONLY) {
677 RETURN_ERROR_IF(dry_run, 0);
678 RETURN_ERROR_IF_RO_OR_LO;
679 #ifndef O_NOFOLLOW
680 /* This function doesn't support write attempts w/o O_NOFOLLOW. */
681 errno = EINVAL;
682 return -1;
683 #endif
684 }
685
686 #ifdef O_NOFOLLOW
687 fd = open(pathname, flags|O_NOFOLLOW);
688 #else
689 if (do_lstat(pathname, &l_st) < 0)
690 return -1;
691 if (S_ISLNK(l_st.st_mode)) {
692 errno = ELOOP;
693 return -1;
694 }
695 if ((fd = open(pathname, flags)) < 0)
696 return fd;
697 if (do_fstat(fd, &f_st) < 0) {
698 close_and_return_error:
699 {
700 int save_errno = errno;
701 close(fd);
702 errno = save_errno;
703 }
704 return -1;
705 }
706 if (l_st.st_dev != f_st.st_dev || l_st.st_ino != f_st.st_ino) {
707 errno = EINVAL;
708 goto close_and_return_error;
709 }
710 #endif
711
712 return fd;
713 }
714
715 /*
716 open a file relative to a base directory. The basedir can be NULL,
717 in which case the current working directory is used. The relpath
718 must be a relative path, and the relpath must not contain any
719 elements in the path which follow symlinks (ie. like O_NOFOLLOW, but
720 applies to all path components, not just the last component)
721
722 The relpath must also not contain any ../ elements in the path
723 */
724 int secure_relative_open(const char *basedir, const char *relpath, int flags, mode_t mode)
725 {
726 if (!relpath || relpath[0] == '/') {
727 // must be a relative path
728 errno = EINVAL;
729 return -1;
730 }
731 if (strncmp(relpath, "../", 3) == 0 || strstr(relpath, "/../")) {
732 // no ../ elements allowed in the relpath
733 errno = EINVAL;
734 return -1;
735 }
736
737 #if !defined(O_NOFOLLOW) || !defined(O_DIRECTORY) || !defined(AT_FDCWD)
738 // really old system, all we can do is live with the risks
739 if (!basedir) {
740 return open(relpath, flags, mode);
741 }
742 char fullpath[MAXPATHLEN];
743 pathjoin(fullpath, sizeof fullpath, basedir, relpath);
744 return open(fullpath, flags, mode);
745 #else
746 int dirfd = AT_FDCWD;
747 if (basedir != NULL) {
748 dirfd = openat(AT_FDCWD, basedir, O_RDONLY | O_DIRECTORY);
749 if (dirfd == -1) {
750 return -1;
751 }
752 }
753 int retfd = -1;
754
755 char *path_copy = my_strdup(relpath, __FILE__, __LINE__);
756 if (!path_copy) {
757 return -1;
758 }
759
760 for (const char *part = strtok(path_copy, "/");
761 part != NULL;
762 part = strtok(NULL, "/"))
763 {
764 int next_fd = openat(dirfd, part, O_RDONLY | O_DIRECTORY | O_NOFOLLOW);
765 if (next_fd == -1 && errno == ENOTDIR) {
766 if (strtok(NULL, "/") != NULL) {
767 // this is not the last component of the path
768 errno = ELOOP;
769 goto cleanup;
770 }
771 // this could be the last component of the path, try as a file
772 retfd = openat(dirfd, part, flags | O_NOFOLLOW, mode);
773 goto cleanup;
774 }
775 if (next_fd == -1) {
776 goto cleanup;
777 }
778 if (dirfd != AT_FDCWD) close(dirfd);
779 dirfd = next_fd;
780 }
781
782 // the path must be a directory
783 errno = EINVAL;
784
785 cleanup:
786 free(path_copy);
787 if (dirfd != AT_FDCWD) {
788 close(dirfd);
789 }
790 return retfd;
791 #endif // O_NOFOLLOW, O_DIRECTORY
792 }
793
794 /*
795 varient of do_open/do_open_nofollow which does do_open() if the
796 copy_links or copy_unsafe_links options are set and does
797 do_open_nofollow() otherwise
798
799 This is used to prevent a race condition where an attacker could be
800 switching a file between being a symlink and being a normal file
801
802 The open is always done with O_RDONLY flags
803 */
804 int do_open_checklinks(const char *pathname)
805 {
806 if (copy_links || copy_unsafe_links) {
807 return do_open(pathname, O_RDONLY, 0);
808 }
809 return do_open_nofollow(pathname, O_RDONLY);
810 }
rsync: a fast, versatile, remote (and local) file-copying tool