2 * Utility routines used in rsync.
4 * Copyright (C) 1996-2000 Andrew Tridgell
5 * Copyright (C) 1996 Paul Mackerras
6 * Copyright (C) 2001, 2002 Martin Pool <mbp@samba.org>
7 * Copyright (C) 2003-2020 Wayne Davison
9 * This program is free software; you can redistribute it and/or modify
10 * it under the terms of the GNU General Public License as published by
11 * the Free Software Foundation; either version 3 of the License, or
12 * (at your option) any later version.
14 * This program is distributed in the hope that it will be useful,
15 * but WITHOUT ANY WARRANTY; without even the implied warranty of
16 * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
17 * GNU General Public License for more details.
19 * You should have received a copy of the GNU General Public License along
20 * with this program; if not, visit the http://fsf.org website.
30 extern int protect_args
;
31 extern int modify_window
;
32 extern int relative_paths
;
33 extern int preserve_times
;
34 extern int preserve_xattrs
;
35 extern int preallocate_files
;
36 extern char *module_dir
;
37 extern unsigned int module_dirlen
;
38 extern char *partial_dir
;
39 extern filter_rule_list daemon_filter_list
;
41 int sanitize_paths
= 0;
43 char curr_dir
[MAXPATHLEN
];
44 unsigned int curr_dir_len
;
45 int curr_dir_depth
; /* This is only set for a sanitizing daemon. */
47 /* Set a fd into nonblocking mode. */
48 void set_nonblocking(int fd
)
52 if ((val
= fcntl(fd
, F_GETFL
)) == -1)
54 if (!(val
& NONBLOCK_FLAG
)) {
56 fcntl(fd
, F_SETFL
, val
);
60 /* Set a fd into blocking mode. */
61 void set_blocking(int fd
)
65 if ((val
= fcntl(fd
, F_GETFL
)) == -1)
67 if (val
& NONBLOCK_FLAG
) {
68 val
&= ~NONBLOCK_FLAG
;
69 fcntl(fd
, F_SETFL
, val
);
74 * Create a file descriptor pair - like pipe() but use socketpair if
75 * possible (because of blocking issues on pipes).
77 * Always set non-blocking.
79 int fd_pair(int fd
[2])
83 #ifdef HAVE_SOCKETPAIR
84 ret
= socketpair(AF_UNIX
, SOCK_STREAM
, 0, fd
);
90 set_nonblocking(fd
[0]);
91 set_nonblocking(fd
[1]);
97 void print_child_argv(const char *prefix
, char **cmd
)
100 rprintf(FCLIENT
, "%s ", prefix
);
101 for (; *cmd
; cmd
++) {
102 /* Look for characters that ought to be quoted. This
103 * is not a great quoting algorithm, but it's
104 * sufficient for a log message. */
105 if (strspn(*cmd
, "abcdefghijklmnopqrstuvwxyz"
106 "ABCDEFGHIJKLMNOPQRSTUVWXYZ"
108 ",.-_=+@/") != strlen(*cmd
)) {
109 rprintf(FCLIENT
, "\"%s\" ", *cmd
);
111 rprintf(FCLIENT
, "%s ", *cmd
);
115 rprintf(FCLIENT
, " (%d args)\n", cnt
);
118 /* This returns 0 for success, 1 for a symlink if symlink time-setting
119 * is not possible, or -1 for any other error. */
120 int set_times(const char *fname
, STRUCT_STAT
*stp
)
122 static int switch_step
= 0;
124 if (DEBUG_GTE(TIME
, 1)) {
126 "set modtime, atime of %s to (%ld) %s, (%ld) %s\n",
127 fname
, (long)stp
->st_mtime
,
128 timestring(stp
->st_mtime
), (long)stp
->st_atime
, timestring(stp
->st_atime
));
131 switch (switch_step
) {
132 #ifdef HAVE_SETATTRLIST
134 if (do_setattrlist_times(fname
, stp
) == 0)
141 #ifdef HAVE_UTIMENSAT
143 if (do_utimensat(fname
, stp
) == 0)
152 if (do_lutimes(fname
, stp
) == 0)
161 if (preserve_times
& PRESERVE_LINK_TIMES
) {
162 preserve_times
&= ~PRESERVE_LINK_TIMES
;
163 if (S_ISLNK(stp
->st_mode
))
169 if (do_utimes(fname
, stp
) == 0)
172 if (do_utime(fname
, stp
) == 0)
182 /* Create any necessary directories in fname. Any missing directories are
183 * created with default permissions. Returns < 0 on error, or the number
184 * of directories created. */
185 int make_path(char *fname
, int flags
)
190 if (flags
& MKP_SKIP_SLASH
) {
191 while (*fname
== '/')
195 while (*fname
== '.' && fname
[1] == '/')
198 if (flags
& MKP_DROP_NAME
) {
199 end
= strrchr(fname
, '/');
200 if (!end
|| end
== fname
)
204 end
= fname
+ strlen(fname
);
206 /* Try to find an existing dir, starting from the deepest dir. */
210 if (do_stat(fname
, &st
) == 0) {
211 if (S_ISDIR(st
.st_mode
))
216 } else if (do_mkdir(fname
, ACCESSPERMS
) == 0) {
221 if (errno
!= ENOENT
) {
223 if (errno
!= EEXIST
|| (do_stat(fname
, &st
) == 0 && !S_ISDIR(st
.st_mode
)))
229 /* We got a relative path that doesn't exist, so assume that '.'
230 * is there and just break out and create the whole thing. */
236 /* We reached the "/" dir, which we assume is there. */
246 /* Make all the dirs that we didn't find on the way here. */
253 if (ret
< 0) /* Skip mkdir on error, but keep restoring the path. */
255 if (do_mkdir(fname
, ACCESSPERMS
) < 0)
261 if (flags
& MKP_DROP_NAME
)
268 * Write @p len bytes at @p ptr to descriptor @p desc, retrying if
271 * @retval len upon success
273 * @retval <0 write's (negative) error code
275 * Derived from GNU C's cccp.c.
277 int full_write(int desc
, const char *ptr
, size_t len
)
283 int written
= write(desc
, ptr
, len
);
289 total_written
+= written
;
293 return total_written
;
297 * Read @p len bytes at @p ptr from descriptor @p desc, retrying if
300 * @retval >0 the actual number of bytes read
304 * @retval <0 for an error.
306 * Derived from GNU C's cccp.c. */
307 static int safe_read(int desc
, char *ptr
, size_t len
)
315 n_chars
= read(desc
, ptr
, len
);
316 } while (n_chars
< 0 && errno
== EINTR
);
321 /* Copy a file. If ofd < 0, copy_file unlinks and opens the "dest" file.
322 * Otherwise, it just writes to and closes the provided file descriptor.
323 * In either case, if --xattrs are being preserved, the dest file will
324 * have its xattrs set from the source file.
326 * This is used in conjunction with the --temp-dir, --backup, and
327 * --copy-dest options. */
328 int copy_file(const char *source
, const char *dest
, int ofd
, mode_t mode
)
332 int len
; /* Number of bytes read into `buf'. */
333 OFF_T prealloc_len
= 0, offset
= 0;
335 if ((ifd
= do_open(source
, O_RDONLY
, 0)) < 0) {
336 int save_errno
= errno
;
337 rsyserr(FERROR_XFER
, errno
, "open %s", full_fname(source
));
343 if (robust_unlink(dest
) && errno
!= ENOENT
) {
344 int save_errno
= errno
;
345 rsyserr(FERROR_XFER
, errno
, "unlink %s", full_fname(dest
));
351 #ifdef SUPPORT_XATTRS
355 mode
&= INITACCESSPERMS
;
356 if ((ofd
= do_open(dest
, O_WRONLY
| O_CREAT
| O_TRUNC
| O_EXCL
, mode
)) < 0) {
357 int save_errno
= errno
;
358 rsyserr(FERROR_XFER
, save_errno
, "open %s", full_fname(dest
));
365 #ifdef SUPPORT_PREALLOCATION
366 if (preallocate_files
) {
369 /* Try to preallocate enough space for file's eventual length. Can
370 * reduce fragmentation on filesystems like ext4, xfs, and NTFS. */
371 if (do_fstat(ifd
, &srcst
) < 0)
372 rsyserr(FWARNING
, errno
, "fstat %s", full_fname(source
));
373 else if (srcst
.st_size
> 0) {
374 prealloc_len
= do_fallocate(ofd
, 0, srcst
.st_size
);
375 if (prealloc_len
< 0)
376 rsyserr(FWARNING
, errno
, "do_fallocate %s", full_fname(dest
));
381 while ((len
= safe_read(ifd
, buf
, sizeof buf
)) > 0) {
382 if (full_write(ofd
, buf
, len
) < 0) {
383 int save_errno
= errno
;
384 rsyserr(FERROR_XFER
, errno
, "write %s", full_fname(dest
));
394 int save_errno
= errno
;
395 rsyserr(FERROR_XFER
, errno
, "read %s", full_fname(source
));
402 if (close(ifd
) < 0) {
403 rsyserr(FWARNING
, errno
, "close failed on %s",
407 /* Source file might have shrunk since we fstatted it.
408 * Cut off any extra preallocated zeros from dest file. */
409 if (offset
< prealloc_len
&& do_ftruncate(ofd
, offset
) < 0) {
410 /* If we fail to truncate, the dest file may be wrong, so we
411 * must trigger the "partial transfer" error. */
412 rsyserr(FERROR_XFER
, errno
, "ftruncate %s", full_fname(dest
));
415 if (close(ofd
) < 0) {
416 int save_errno
= errno
;
417 rsyserr(FERROR_XFER
, errno
, "close failed on %s",
423 #ifdef SUPPORT_XATTRS
425 copy_xattrs(source
, dest
);
431 /* MAX_RENAMES should be 10**MAX_RENAMES_DIGITS */
432 #define MAX_RENAMES_DIGITS 3
433 #define MAX_RENAMES 1000
436 * Robust unlink: some OS'es (HPUX) refuse to unlink busy files, so
437 * rename to <path>/.rsyncNNN instead.
439 * Note that successive rsync runs will shuffle the filenames around a
440 * bit as long as the file is still busy; this is because this function
441 * does not know if the unlink call is due to a new file coming in, or
442 * --delete trying to remove old .rsyncNNN files, hence it renames it
445 int robust_unlink(const char *fname
)
448 return do_unlink(fname
);
450 static int counter
= 1;
452 char path
[MAXPATHLEN
];
454 rc
= do_unlink(fname
);
455 if (rc
== 0 || errno
!= ETXTBSY
)
458 if ((pos
= strlcpy(path
, fname
, MAXPATHLEN
)) >= MAXPATHLEN
)
459 pos
= MAXPATHLEN
- 1;
461 while (pos
> 0 && path
[pos
-1] != '/')
463 pos
+= strlcpy(path
+pos
, ".rsync", MAXPATHLEN
-pos
);
465 if (pos
> (MAXPATHLEN
-MAX_RENAMES_DIGITS
-1)) {
470 /* start where the last one left off to reduce chance of clashes */
473 snprintf(&path
[pos
], MAX_RENAMES_DIGITS
+1, "%03d", counter
);
474 if (++counter
>= MAX_RENAMES
)
476 } while ((rc
= access(path
, 0)) == 0 && counter
!= start
);
478 if (INFO_GTE(MISC
, 1)) {
479 rprintf(FWARNING
, "renaming %s to %s because of text busy\n",
483 /* maybe we should return rename()'s exit status? Nah. */
484 if (do_rename(fname
, path
) != 0) {
492 /* Returns 0 on successful rename, 1 if we successfully copied the file
493 * across filesystems, -2 if copy_file() failed, and -1 on other errors.
494 * If partialptr is not NULL and we need to do a copy, copy the file into
495 * the active partial-dir instead of over the destination file. */
496 int robust_rename(const char *from
, const char *to
, const char *partialptr
,
501 /* A resumed in-place partial-dir transfer might call us with from and
502 * to pointing to the same buf if the transfer failed yet again. */
507 if (do_rename(from
, to
) == 0)
513 if (robust_unlink(to
) != 0) {
522 if (!handle_partial_dir(partialptr
,PDIR_CREATE
))
526 if (copy_file(from
, to
, -1, mode
) != 0)
537 static pid_t all_pids
[10];
540 /** Fork and record the pid of the child. **/
543 pid_t newpid
= fork();
545 if (newpid
!= 0 && newpid
!= -1) {
546 all_pids
[num_pids
++] = newpid
;
554 * @todo It would be kind of nice to make sure that they are actually
555 * all our children before we kill them, because their pids may have
556 * been recycled by some other process. Perhaps when we wait for a
557 * child, we should remove it from this array. Alternatively we could
558 * perhaps use process groups, but I think that would not work on
559 * ancient Unix versions that don't support them.
561 void kill_all(int sig
)
565 for (i
= 0; i
< num_pids
; i
++) {
566 /* Let's just be a little careful where we
567 * point that gun, hey? See kill(2) for the
568 * magic caused by negative values. */
569 pid_t p
= all_pids
[i
];
580 /** Lock a byte range in a open file */
581 int lock_range(int fd
, int offset
, int len
)
585 lock
.l_type
= F_WRLCK
;
586 lock
.l_whence
= SEEK_SET
;
587 lock
.l_start
= offset
;
591 return fcntl(fd
,F_SETLK
,&lock
) == 0;
594 #define ENSURE_MEMSPACE(buf, type, sz, req) \
595 do { if ((req) > sz) buf = realloc_array(buf, type, sz = MAX(sz * 2, req)); } while(0)
597 static inline void call_glob_match(const char *name
, int len
, int from_glob
,
598 char *arg
, int abpos
, int fbpos
);
600 static struct glob_data
{
601 char *arg_buf
, *filt_buf
, **argv
;
602 int absize
, fbsize
, maxargs
, argc
;
605 static void glob_match(char *arg
, int abpos
, int fbpos
)
610 while (*arg
== '.' && arg
[1] == '/') {
612 ENSURE_MEMSPACE(glob
.filt_buf
, char, glob
.fbsize
, glob
.absize
);
613 memcpy(glob
.filt_buf
, glob
.arg_buf
, abpos
+ 1);
616 ENSURE_MEMSPACE(glob
.arg_buf
, char, glob
.absize
, abpos
+ 3);
617 glob
.arg_buf
[abpos
++] = *arg
++;
618 glob
.arg_buf
[abpos
++] = *arg
++;
619 glob
.arg_buf
[abpos
] = '\0';
621 if ((slash
= strchr(arg
, '/')) != NULL
) {
626 if (strpbrk(arg
, "*?[")) {
630 if (!(d
= opendir(abpos
? glob
.arg_buf
: ".")))
632 while ((di
= readdir(d
)) != NULL
) {
633 char *dname
= d_name(di
);
634 if (dname
[0] == '.' && (dname
[1] == '\0'
635 || (dname
[1] == '.' && dname
[2] == '\0')))
637 if (!wildmatch(arg
, dname
))
639 call_glob_match(dname
, strlen(dname
), 1,
640 slash
? arg
+ len
+ 1 : NULL
,
645 call_glob_match(arg
, len
, 0,
646 slash
? arg
+ len
+ 1 : NULL
,
653 static inline void call_glob_match(const char *name
, int len
, int from_glob
,
654 char *arg
, int abpos
, int fbpos
)
658 ENSURE_MEMSPACE(glob
.arg_buf
, char, glob
.absize
, abpos
+ len
+ 2);
659 memcpy(glob
.arg_buf
+ abpos
, name
, len
);
661 glob
.arg_buf
[abpos
] = '\0';
664 ENSURE_MEMSPACE(glob
.filt_buf
, char, glob
.fbsize
, fbpos
+ len
+ 2);
665 memcpy(glob
.filt_buf
+ fbpos
, name
, len
);
667 glob
.filt_buf
[fbpos
] = '\0';
668 use_buf
= glob
.filt_buf
;
670 use_buf
= glob
.arg_buf
;
672 if (from_glob
|| (arg
&& len
)) {
676 if (do_stat(glob
.arg_buf
, &st
) != 0)
678 is_dir
= S_ISDIR(st
.st_mode
) != 0;
682 if (daemon_filter_list
.head
683 && check_filter(&daemon_filter_list
, FLOG
, use_buf
, is_dir
) < 0)
688 glob
.arg_buf
[abpos
++] = '/';
689 glob
.arg_buf
[abpos
] = '\0';
691 glob
.filt_buf
[fbpos
++] = '/';
692 glob
.filt_buf
[fbpos
] = '\0';
694 glob_match(arg
, abpos
, fbpos
);
696 ENSURE_MEMSPACE(glob
.argv
, char *, glob
.maxargs
, glob
.argc
+ 1);
697 glob
.argv
[glob
.argc
++] = strdup(glob
.arg_buf
);
701 /* This routine performs wild-card expansion of the pathname in "arg". Any
702 * daemon-excluded files/dirs will not be matched by the wildcards. Returns 0
703 * if a wild-card string is the only returned item (due to matching nothing). */
704 int glob_expand(const char *arg
, char ***argv_p
, int *argc_p
, int *maxargs_p
)
713 memset(&glob
, 0, sizeof glob
);
718 s
= sanitize_path(NULL
, arg
, "", 0, SP_KEEP_DOT_DIRS
);
721 clean_fname(s
, CFN_KEEP_DOT_DIRS
| CFN_KEEP_TRAILING_SLASH
| CFN_COLLAPSE_DOT_DOT_DIRS
);
724 ENSURE_MEMSPACE(glob
.arg_buf
, char, glob
.absize
, MAXPATHLEN
);
725 *glob
.arg_buf
= '\0';
727 glob
.argc
= save_argc
= *argc_p
;
729 glob
.maxargs
= *maxargs_p
;
731 ENSURE_MEMSPACE(glob
.argv
, char *, glob
.maxargs
, 100);
733 glob_match(s
, 0, -1);
735 /* The arg didn't match anything, so add the failed arg to the list. */
736 if (glob
.argc
== save_argc
) {
737 ENSURE_MEMSPACE(glob
.argv
, char *, glob
.maxargs
, glob
.argc
+ 1);
738 glob
.argv
[glob
.argc
++] = s
;
745 *maxargs_p
= glob
.maxargs
;
752 /* This routine is only used in daemon mode. */
753 void glob_expand_module(char *base1
, char *arg
, char ***argv_p
, int *argc_p
, int *maxargs_p
)
757 int base_len
= strlen(base
);
762 if (strncmp(arg
, base
, base_len
) == 0)
766 glob_expand(arg
, argv_p
, argc_p
, maxargs_p
);
772 if (asprintf(&base
," %s/", base1
) < 0)
773 out_of_memory("glob_expand_module");
776 for (s
= arg
; *s
; s
= p
+ base_len
) {
777 if ((p
= strstr(s
, base
)) != NULL
)
778 *p
= '\0'; /* split it at this point */
779 glob_expand(s
, argv_p
, argc_p
, maxargs_p
);
789 * Convert a string to lower case
791 void strlower(char *s
)
801 * Split a string into tokens based (usually) on whitespace & commas. If the
802 * string starts with a comma (after skipping any leading whitespace), then
803 * splitting is done only on commas. No empty tokens are ever returned. */
804 char *conf_strtok(char *str
)
806 static int commas_only
= 0;
809 while (isSpace(str
)) str
++;
817 while (commas_only
) {
818 char *end
, *tok
= strtok(str
, ",");
821 /* Trim just leading and trailing whitespace. */
824 end
= tok
+ strlen(tok
);
825 while (end
> tok
&& isSpace(end
-1))
832 return strtok(str
, " ,\t\r\n");
835 /* Join strings p1 & p2 into "dest" with a guaranteed '/' between them. (If
836 * p1 ends with a '/', no extra '/' is inserted.) Returns the length of both
837 * strings + 1 (if '/' was inserted), regardless of whether the null-terminated
838 * string fits into destsize. */
839 size_t pathjoin(char *dest
, size_t destsize
, const char *p1
, const char *p2
)
841 size_t len
= strlcpy(dest
, p1
, destsize
);
842 if (len
< destsize
- 1) {
843 if (!len
|| dest
[len
-1] != '/')
845 if (len
< destsize
- 1)
846 len
+= strlcpy(dest
+ len
, p2
, destsize
- len
);
853 len
+= strlen(p2
) + 1; /* Assume we'd insert a '/'. */
857 /* Join any number of strings together, putting them in "dest". The return
858 * value is the length of all the strings, regardless of whether the null-
859 * terminated whole fits in destsize. Your list of string pointers must end
860 * with a NULL to indicate the end of the list. */
861 size_t stringjoin(char *dest
, size_t destsize
, ...)
867 va_start(ap
, destsize
);
869 if (!(src
= va_arg(ap
, const char *)))
876 memcpy(dest
, src
, len
);
887 int count_dir_elements(const char *p
)
889 int cnt
= 0, new_component
= 1;
892 new_component
= (*p
!= '.' || (p
[1] != '/' && p
[1] != '\0'));
893 else if (new_component
) {
901 /* Turns multiple adjacent slashes into a single slash (possible exception:
902 * the preserving of two leading slashes at the start), drops all leading or
903 * interior "." elements unless CFN_KEEP_DOT_DIRS is flagged. Will also drop
904 * a trailing '.' after a '/' if CFN_DROP_TRAILING_DOT_DIR is flagged, removes
905 * a trailing slash (perhaps after removing the aforementioned dot) unless
906 * CFN_KEEP_TRAILING_SLASH is flagged, and will also collapse ".." elements
907 * (except at the start) if CFN_COLLAPSE_DOT_DOT_DIRS is flagged. If the
908 * resulting name would be empty, returns ".". */
909 int clean_fname(char *name
, int flags
)
911 char *limit
= name
- 1, *t
= name
, *f
= name
;
917 #define DOT_IS_DOT_DOT_DIR(bp) (bp[1] == '.' && (bp[2] == '/' || !bp[2]))
919 if ((anchored
= *f
== '/') != 0) {
922 /* If there are exactly 2 slashes at the start, preserve
923 * them. Would break daemon excludes unless the paths are
924 * really treated differently, so used this sparingly. */
925 if (*f
== '/' && f
[1] != '/')
928 } else if (flags
& CFN_KEEP_DOT_DIRS
&& *f
== '.' && f
[1] == '/') {
931 } else if (flags
& CFN_REFUSE_DOT_DOT_DIRS
&& *f
== '.' && DOT_IS_DOT_DOT_DIR(f
))
934 /* discard extra slashes */
940 /* discard interior "." dirs */
941 if (f
[1] == '/' && !(flags
& CFN_KEEP_DOT_DIRS
)) {
945 if (f
[1] == '\0' && flags
& CFN_DROP_TRAILING_DOT_DIR
)
947 /* collapse ".." dirs */
948 if (flags
& (CFN_COLLAPSE_DOT_DOT_DIRS
|CFN_REFUSE_DOT_DOT_DIRS
) && DOT_IS_DOT_DOT_DIR(f
)) {
950 if (flags
& CFN_REFUSE_DOT_DOT_DIRS
)
952 if (s
== name
&& anchored
) {
956 while (s
> limit
&& *--s
!= '/') {}
957 if (s
!= t
- 1 && (s
< name
|| *s
== '/')) {
965 while (*f
&& (*t
++ = *f
++) != '/') {}
968 if (t
> name
+anchored
&& t
[-1] == '/' && !(flags
& CFN_KEEP_TRAILING_SLASH
))
974 #undef DOT_IS_DOT_DOT_DIR
979 /* Make path appear as if a chroot had occurred. This handles a leading
980 * "/" (either removing it or expanding it) and any leading or embedded
981 * ".." components that attempt to escape past the module's top dir.
983 * If dest is NULL, a buffer is allocated to hold the result. It is legal
984 * to call with the dest and the path (p) pointing to the same buffer, but
985 * rootdir will be ignored to avoid expansion of the string.
987 * The rootdir string contains a value to use in place of a leading slash.
988 * Specify NULL to get the default of "module_dir".
990 * The depth var is a count of how many '..'s to allow at the start of the
993 * We also clean the path in a manner similar to clean_fname() but with a
996 * Turns multiple adjacent slashes into a single slash, gets rid of "." dir
997 * elements (INCLUDING a trailing dot dir), PRESERVES a trailing slash, and
998 * ALWAYS collapses ".." elements (except for those at the start of the
999 * string up to "depth" deep). If the resulting name would be empty,
1000 * change it into a ".". */
1001 char *sanitize_path(char *dest
, const char *p
, const char *rootdir
, int depth
, int flags
)
1004 int rlen
= 0, drop_dot_dirs
= !relative_paths
|| !(flags
& SP_KEEP_DOT_DIRS
);
1007 int plen
= strlen(p
); /* the path len INCLUDING any separating slash */
1010 rootdir
= module_dir
;
1011 rlen
= strlen(rootdir
);
1016 dest
= new_array(char, MAX(rlen
+ plen
+ 1, 2));
1017 else if (rlen
+ plen
+ 1 >= MAXPATHLEN
)
1019 if (rlen
) { /* only true if p previously started with a slash */
1020 memcpy(dest
, rootdir
, rlen
);
1021 if (rlen
> 1) /* a rootdir of len 1 is "/", so this avoids a 2nd slash */
1026 if (drop_dot_dirs
) {
1027 while (*p
== '.' && p
[1] == '/')
1031 start
= sanp
= dest
+ rlen
;
1032 /* This loop iterates once per filename component in p, pointing at
1033 * the start of the name (past any prior slash) for each iteration. */
1035 /* discard leading or extra slashes */
1040 if (drop_dot_dirs
) {
1041 if (*p
== '.' && (p
[1] == '/' || p
[1] == '\0')) {
1042 /* skip "." component */
1047 if (*p
== '.' && p
[1] == '.' && (p
[2] == '/' || p
[2] == '\0')) {
1048 /* ".." component followed by slash or end */
1049 if (depth
<= 0 || sanp
!= start
) {
1051 if (sanp
!= start
) {
1052 /* back up sanp one level */
1053 --sanp
; /* now pointing at slash */
1054 while (sanp
> start
&& sanp
[-1] != '/')
1059 /* allow depth levels of .. at the beginning */
1061 /* move the virtual beginning to leave the .. alone */
1064 /* copy one component through next slash */
1065 while (*p
&& (*sanp
++ = *p
++) != '/') {}
1068 /* ended up with nothing, so put in "." component */
1076 /* Like chdir(), but it keeps track of the current directory (in the
1077 * global "curr_dir"), and ensures that the path size doesn't overflow.
1078 * Also cleans the path using the clean_fname() function. */
1079 int change_dir(const char *dir
, int set_path_only
)
1081 static int initialised
, skipped_chdir
;
1086 if (getcwd(curr_dir
, sizeof curr_dir
- 1) == NULL
) {
1087 rsyserr(FERROR
, errno
, "getcwd()");
1088 exit_cleanup(RERR_FILESELECT
);
1090 curr_dir_len
= strlen(curr_dir
);
1093 if (!dir
) /* this call was probably just to initialize */
1097 if (len
== 1 && *dir
== '.' && (!skipped_chdir
|| set_path_only
))
1101 if (len
>= sizeof curr_dir
) {
1102 errno
= ENAMETOOLONG
;
1105 if (!set_path_only
&& chdir(dir
))
1107 skipped_chdir
= set_path_only
;
1108 memcpy(curr_dir
, dir
, len
+ 1);
1110 unsigned int save_dir_len
= curr_dir_len
;
1111 if (curr_dir_len
+ 1 + len
>= sizeof curr_dir
) {
1112 errno
= ENAMETOOLONG
;
1115 if (!(curr_dir_len
&& curr_dir
[curr_dir_len
-1] == '/'))
1116 curr_dir
[curr_dir_len
++] = '/';
1117 memcpy(curr_dir
+ curr_dir_len
, dir
, len
+ 1);
1119 if (!set_path_only
&& chdir(curr_dir
)) {
1120 curr_dir_len
= save_dir_len
;
1121 curr_dir
[curr_dir_len
] = '\0';
1124 skipped_chdir
= set_path_only
;
1127 curr_dir_len
= clean_fname(curr_dir
, CFN_COLLAPSE_DOT_DOT_DIRS
| CFN_DROP_TRAILING_DOT_DIR
);
1128 if (sanitize_paths
) {
1129 if (module_dirlen
> curr_dir_len
)
1130 module_dirlen
= curr_dir_len
;
1131 curr_dir_depth
= count_dir_elements(curr_dir
+ module_dirlen
);
1134 if (DEBUG_GTE(CHDIR
, 1) && !set_path_only
)
1135 rprintf(FINFO
, "[%s] change_dir(%s)\n", who_am_i(), curr_dir
);
1140 /* This will make a relative path absolute and clean it up via clean_fname().
1141 * Returns the string, which might be newly allocated, or NULL on error. */
1142 char *normalize_path(char *path
, BOOL force_newbuf
, unsigned int *len_ptr
)
1146 if (*path
!= '/') { /* Make path absolute. */
1147 int len
= strlen(path
);
1148 if (curr_dir_len
+ 1 + len
>= sizeof curr_dir
)
1150 curr_dir
[curr_dir_len
] = '/';
1151 memcpy(curr_dir
+ curr_dir_len
+ 1, path
, len
+ 1);
1152 path
= strdup(curr_dir
);
1153 curr_dir
[curr_dir_len
] = '\0';
1154 } else if (force_newbuf
)
1155 path
= strdup(path
);
1157 len
= clean_fname(path
, CFN_COLLAPSE_DOT_DOT_DIRS
| CFN_DROP_TRAILING_DOT_DIR
);
1166 * Return a quoted string with the full pathname of the indicated filename.
1167 * The string " (in MODNAME)" may also be appended. The returned pointer
1168 * remains valid until the next time full_fname() is called.
1170 char *full_fname(const char *fn
)
1172 static char *result
= NULL
;
1182 p1
= curr_dir
+ module_dirlen
;
1183 for (p2
= p1
; *p2
== '/'; p2
++) {}
1187 if (module_id
>= 0) {
1189 m2
= lp_name(module_id
);
1194 if (asprintf(&result
, "\"%s%s%s\"%s%s%s", p1
, p2
, fn
, m1
, m2
, m3
) < 0)
1195 out_of_memory("full_fname");
1200 static char partial_fname
[MAXPATHLEN
];
1202 char *partial_dir_fname(const char *fname
)
1204 char *t
= partial_fname
;
1205 int sz
= sizeof partial_fname
;
1208 if ((fn
= strrchr(fname
, '/')) != NULL
) {
1210 if (*partial_dir
!= '/') {
1211 int len
= fn
- fname
;
1212 strncpy(t
, fname
, len
); /* safe */
1218 if ((int)pathjoin(t
, sz
, partial_dir
, fn
) >= sz
)
1220 if (daemon_filter_list
.head
) {
1221 t
= strrchr(partial_fname
, '/');
1223 if (check_filter(&daemon_filter_list
, FLOG
, partial_fname
, 1) < 0)
1226 if (check_filter(&daemon_filter_list
, FLOG
, partial_fname
, 0) < 0)
1230 return partial_fname
;
1233 /* If no --partial-dir option was specified, we don't need to do anything
1234 * (the partial-dir is essentially '.'), so just return success. */
1235 int handle_partial_dir(const char *fname
, int create
)
1239 if (fname
!= partial_fname
)
1241 if (!create
&& *partial_dir
== '/')
1243 if (!(fn
= strrchr(partial_fname
, '/')))
1247 dir
= partial_fname
;
1250 int statret
= do_lstat(dir
, &st
);
1251 if (statret
== 0 && !S_ISDIR(st
.st_mode
)) {
1252 if (do_unlink(dir
) < 0) {
1258 if (statret
< 0 && do_mkdir(dir
, 0700) < 0) {
1269 /* Determine if a symlink points outside the current directory tree.
1270 * This is considered "unsafe" because e.g. when mirroring somebody
1271 * else's machine it might allow them to establish a symlink to
1272 * /etc/passwd, and then read it through a web server.
1274 * Returns 1 if unsafe, 0 if safe.
1276 * Null symlinks and absolute symlinks are always unsafe.
1278 * Basically here we are concerned with symlinks whose target contains
1279 * "..", because this might cause us to walk back up out of the
1280 * transferred directory. We are not allowed to go back up and
1283 * "dest" is the target of the symlink in question.
1285 * "src" is the top source directory currently applicable at the level
1286 * of the referenced symlink. This is usually the symlink's full path
1287 * (including its name), as referenced from the root of the transfer. */
1288 int unsafe_symlink(const char *dest
, const char *src
)
1290 const char *name
, *slash
;
1293 /* all absolute and null symlinks are unsafe */
1294 if (!dest
|| !*dest
|| *dest
== '/')
1297 /* find out what our safety margin is */
1298 for (name
= src
; (slash
= strchr(name
, '/')) != 0; name
= slash
+1) {
1299 /* ".." segment starts the count over. "." segment is ignored. */
1300 if (*name
== '.' && (name
[1] == '/' || (name
[1] == '.' && name
[2] == '/'))) {
1305 while (slash
[1] == '/') slash
++; /* just in case src isn't clean */
1307 if (*name
== '.' && name
[1] == '.' && name
[2] == '\0')
1310 for (name
= dest
; (slash
= strchr(name
, '/')) != 0; name
= slash
+1) {
1311 if (*name
== '.' && (name
[1] == '/' || (name
[1] == '.' && name
[2] == '/'))) {
1312 if (name
[1] == '.') {
1313 /* if at any point we go outside the current directory
1314 then stop - it is unsafe */
1320 while (slash
[1] == '/') slash
++;
1322 if (*name
== '.' && name
[1] == '.' && name
[2] == '\0')
1328 /* Return the date and time as a string. Some callers tweak returned buf. */
1329 char *timestring(time_t t
)
1332 static char buffers
[4][20]; /* We support 4 simultaneous timestring results. */
1333 char *TimeBuf
= buffers
[ndx
= (ndx
+ 1) % 4];
1334 struct tm
*tm
= localtime(&t
);
1335 int len
= snprintf(TimeBuf
, sizeof buffers
[0], "%4d/%02d/%02d %02d:%02d:%02d",
1336 (int)tm
->tm_year
+ 1900, (int)tm
->tm_mon
+ 1, (int)tm
->tm_mday
,
1337 (int)tm
->tm_hour
, (int)tm
->tm_min
, (int)tm
->tm_sec
);
1338 assert(len
> 0); /* Silence gcc warning */
1343 /* Determine if two time_t values are equivalent (either exact, or in
1344 * the modification timestamp window established by --modify-window).
1345 * Returns 1 if the times the "same", or 0 if they are different. */
1346 int same_time(time_t f1_sec
, unsigned long f1_nsec
, time_t f2_sec
, unsigned long f2_nsec
)
1348 if (modify_window
== 0)
1349 return f1_sec
== f2_sec
;
1350 if (modify_window
< 0)
1351 return f1_sec
== f2_sec
&& f1_nsec
== f2_nsec
;
1352 /* The nano seconds doesn't figure into these checks -- time windows don't care about that. */
1353 if (f2_sec
> f1_sec
)
1354 return f2_sec
- f1_sec
<= modify_window
;
1355 return f1_sec
- f2_sec
<= modify_window
;
1362 This routine is a trick to immediately catch errors when debugging
1363 with insure. A xterm with a gdb is popped up when insure catches
1364 a error. It is Linux specific.
1366 int _Insure_trap_error(int a1
, int a2
, int a3
, int a4
, int a5
, int a6
)
1369 int ret
, pid_int
= getpid();
1373 "/usr/X11R6/bin/xterm -display :0 -T Panic -n Panic -e /bin/sh -c 'cat /tmp/ierrs.*.%d ; "
1374 "gdb /proc/%d/exe %d'", pid_int
, pid_int
, pid_int
) < 0)
1379 h
= dlopen("/usr/local/parasoft/insure++lite/lib.linux2/libinsure.so", RTLD_LAZY
);
1380 fn
= dlsym(h
, "_Insure_trap_error");
1383 ret
= fn(a1
, a2
, a3
, a4
, a5
, a6
);
1393 /* Take a filename and filename length and return the most significant
1394 * filename suffix we can find. This ignores suffixes such as "~",
1395 * ".bak", ".orig", ".~1~", etc. */
1396 const char *find_filename_suffix(const char *fn
, int fn_len
, int *len_ptr
)
1398 const char *suf
, *s
;
1402 /* One or more dots at the start aren't a suffix. */
1403 while (fn_len
&& *fn
== '.') fn
++, fn_len
--;
1405 /* Ignore the ~ in a "foo~" filename. */
1406 if (fn_len
> 1 && fn
[fn_len
-1] == '~')
1407 fn_len
--, had_tilde
= True
;
1411 /* Assume we don't find an suffix. */
1415 /* Find the last significant suffix. */
1416 for (s
= fn
+ fn_len
; fn_len
> 1; ) {
1417 while (*--s
!= '.' && s
!= fn
) {}
1420 s_len
= fn_len
- (s
- fn
);
1423 if (strcmp(s
+1, "bak") == 0
1424 || strcmp(s
+1, "old") == 0)
1426 } else if (s_len
== 5) {
1427 if (strcmp(s
+1, "orig") == 0)
1429 } else if (s_len
> 2 && had_tilde
&& s
[1] == '~' && isDigit(s
+ 2))
1435 /* Determine if the suffix is all digits. */
1436 for (s
++, s_len
--; s_len
> 0; s
++, s_len
--) {
1440 /* An all-digit suffix may not be that significant. */
1447 /* This is an implementation of the Levenshtein distance algorithm. It
1448 * was implemented to avoid needing a two-dimensional matrix (to save
1449 * memory). It was also tweaked to try to factor in the ASCII distance
1450 * between changed characters as a minor distance quantity. The normal
1451 * Levenshtein units of distance (each signifying a single change between
1452 * the two strings) are defined as a "UNIT". */
1454 #define UNIT (1 << 16)
1456 uint32
fuzzy_distance(const char *s1
, unsigned len1
, const char *s2
, unsigned len2
)
1458 uint32 a
[MAXPATHLEN
], diag
, above
, left
, diag_inc
, above_inc
, left_inc
;
1462 if (!len1
|| !len2
) {
1467 for (i1
= 0, cost
= 0; i1
< len1
; i1
++)
1469 return (int32
)len1
* UNIT
+ cost
;
1472 for (i2
= 0; i2
< len2
; i2
++)
1473 a
[i2
] = (i2
+1) * UNIT
;
1475 for (i1
= 0; i1
< len1
; i1
++) {
1477 above
= (i1
+1) * UNIT
;
1478 for (i2
= 0; i2
< len2
; i2
++) {
1480 if ((cost
= *((uchar
*)s1
+i1
) - *((uchar
*)s2
+i2
)) != 0) {
1486 diag_inc
= diag
+ cost
;
1487 left_inc
= left
+ UNIT
+ *((uchar
*)s1
+i1
);
1488 above_inc
= above
+ UNIT
+ *((uchar
*)s2
+i2
);
1489 a
[i2
] = above
= left
< above
1490 ? (left_inc
< diag_inc
? left_inc
: diag_inc
)
1491 : (above_inc
< diag_inc
? above_inc
: diag_inc
);
1499 #define BB_SLOT_SIZE (16*1024) /* Desired size in bytes */
1500 #define BB_PER_SLOT_BITS (BB_SLOT_SIZE * 8) /* Number of bits per slot */
1501 #define BB_PER_SLOT_INTS (BB_SLOT_SIZE / 4) /* Number of int32s per slot */
1508 struct bitbag
*bitbag_create(int max_ndx
)
1510 struct bitbag
*bb
= new(struct bitbag
);
1511 bb
->slot_cnt
= (max_ndx
+ BB_PER_SLOT_BITS
- 1) / BB_PER_SLOT_BITS
;
1513 bb
->bits
= (uint32
**)calloc(bb
->slot_cnt
, sizeof (uint32
*));
1518 void bitbag_set_bit(struct bitbag
*bb
, int ndx
)
1520 int slot
= ndx
/ BB_PER_SLOT_BITS
;
1521 ndx
%= BB_PER_SLOT_BITS
;
1523 if (!bb
->bits
[slot
]) {
1524 if (!(bb
->bits
[slot
] = (uint32
*)calloc(BB_PER_SLOT_INTS
, 4)))
1525 out_of_memory("bitbag_set_bit");
1528 bb
->bits
[slot
][ndx
/32] |= 1u << (ndx
% 32);
1531 #if 0 /* not needed yet */
1532 void bitbag_clear_bit(struct bitbag
*bb
, int ndx
)
1534 int slot
= ndx
/ BB_PER_SLOT_BITS
;
1535 ndx
%= BB_PER_SLOT_BITS
;
1537 if (!bb
->bits
[slot
])
1540 bb
->bits
[slot
][ndx
/32] &= ~(1u << (ndx
% 32));
1543 int bitbag_check_bit(struct bitbag
*bb
, int ndx
)
1545 int slot
= ndx
/ BB_PER_SLOT_BITS
;
1546 ndx
%= BB_PER_SLOT_BITS
;
1548 if (!bb
->bits
[slot
])
1551 return bb
->bits
[slot
][ndx
/32] & (1u << (ndx
% 32)) ? 1 : 0;
1555 /* Call this with -1 to start checking from 0. Returns -1 at the end. */
1556 int bitbag_next_bit(struct bitbag
*bb
, int after
)
1559 int i
, ndx
= after
+ 1;
1560 int slot
= ndx
/ BB_PER_SLOT_BITS
;
1561 ndx
%= BB_PER_SLOT_BITS
;
1563 mask
= (1u << (ndx
% 32)) - 1;
1564 for (i
= ndx
/ 32; slot
< bb
->slot_cnt
; slot
++, i
= mask
= 0) {
1565 if (!bb
->bits
[slot
])
1567 for ( ; i
< BB_PER_SLOT_INTS
; i
++, mask
= 0) {
1568 if (!(bits
= bb
->bits
[slot
][i
] & ~mask
))
1570 /* The xor magic figures out the lowest enabled bit in
1571 * bits, and the switch quickly computes log2(bit). */
1572 switch (bits
^ (bits
& (bits
-1))) {
1573 #define LOG2(n) case 1u << n: return slot*BB_PER_SLOT_BITS + i*32 + n
1574 LOG2(0); LOG2(1); LOG2(2); LOG2(3);
1575 LOG2(4); LOG2(5); LOG2(6); LOG2(7);
1576 LOG2(8); LOG2(9); LOG2(10); LOG2(11);
1577 LOG2(12); LOG2(13); LOG2(14); LOG2(15);
1578 LOG2(16); LOG2(17); LOG2(18); LOG2(19);
1579 LOG2(20); LOG2(21); LOG2(22); LOG2(23);
1580 LOG2(24); LOG2(25); LOG2(26); LOG2(27);
1581 LOG2(28); LOG2(29); LOG2(30); LOG2(31);
1583 return -1; /* impossible... */
1590 void flist_ndx_push(flist_ndx_list
*lp
, int ndx
)
1592 struct flist_ndx_item
*item
;
1594 item
= new(struct flist_ndx_item
);
1598 lp
->tail
->next
= item
;
1604 int flist_ndx_pop(flist_ndx_list
*lp
)
1606 struct flist_ndx_item
*next
;
1612 ndx
= lp
->head
->ndx
;
1613 next
= lp
->head
->next
;
1622 /* Make sure there is room for one more item in the item list. If there
1623 * is not, expand the list as indicated by the value of "incr":
1624 * - if incr < 0 then increase the malloced size by -1 * incr
1625 * - if incr >= 0 then either make the malloced size equal to "incr"
1626 * or (if that's not large enough) double the malloced size
1627 * After the size check, the list's count is incremented by 1 and a pointer
1628 * to the "new" list item is returned.
1630 void *expand_item_list(item_list
*lp
, size_t item_size
, const char *desc
, int incr
)
1632 /* First time through, 0 <= 0, so list is expanded. */
1633 if (lp
->malloced
<= lp
->count
) {
1635 size_t new_size
= lp
->malloced
;
1637 new_size
+= -incr
; /* increase slowly */
1638 else if (new_size
< (size_t)incr
)
1644 if (new_size
<= lp
->malloced
)
1645 overflow_exit("expand_item_list");
1646 new_ptr
= realloc_buf(lp
->items
, new_size
* item_size
);
1647 if (DEBUG_GTE(FLIST
, 3)) {
1648 rprintf(FINFO
, "[%s] expand %s to %s bytes, did%s move\n",
1649 who_am_i(), desc
, big_num(new_size
* item_size
),
1650 new_ptr
== lp
->items
? " not" : "");
1653 out_of_memory("expand_item_list");
1655 lp
->items
= new_ptr
;
1656 lp
->malloced
= new_size
;
1658 return (char*)lp
->items
+ (lp
->count
++ * item_size
);
1661 /* This zeroing of memory won't be optimized away by the compiler. */
1662 void force_memzero(void *buf
, size_t len
)
1664 volatile uchar
*z
= buf
;