1 /*- 2 * Copyright (c) 1990, 1993, 1994 3 * The Regents of the University of California. All rights reserved. 4 * 5 * Redistribution and use in source and binary forms, with or without 6 * modification, are permitted provided that the following conditions 7 * are met: 8 * 1. Redistributions of source code must retain the above copyright 9 * notice, this list of conditions and the following disclaimer. 10 * 2. Redistributions in binary form must reproduce the above copyright 11 * notice, this list of conditions and the following disclaimer in the 12 * documentation and/or other materials provided with the distribution. 13 * 3. All advertising materials mentioning features or use of this software 14 * must display the following acknowledgement: 15 * This product includes software developed by the University of 16 * California, Berkeley and its contributors. 17 * 4. Neither the name of the University nor the names of its contributors 18 * may be used to endorse or promote products derived from this software 19 * without specific prior written permission. 20 * 21 * THIS SOFTWARE IS PROVIDED BY THE REGENTS AND CONTRIBUTORS ``AS IS'' AND 22 * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE 23 * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE 24 * ARE DISCLAIMED. IN NO EVENT SHALL THE REGENTS OR CONTRIBUTORS BE LIABLE 25 * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL 26 * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS 27 * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) 28 * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT 29 * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY 30 * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF 31 * SUCH DAMAGE. 32 * 33 * @(#) Copyright (c) 1990, 1993, 1994 The Regents of the University of California. All rights reserved. 34 * @(#)rm.c 8.5 (Berkeley) 4/18/94 35 * $FreeBSD: src/bin/rm/rm.c,v 1.29.2.5 2002/07/12 07:25:48 tjr Exp $ 36 * $DragonFly: src/bin/rm/rm.c,v 1.19 2006/11/12 00:51:47 swildner Exp $ 37 */ 38 39 #include <sys/stat.h> 40 #include <sys/param.h> 41 #include <sys/mount.h> 42 #include <sys/ioctl.h> 43 44 #include <err.h> 45 #include <errno.h> 46 #include <fcntl.h> 47 #include <fts.h> 48 #include <signal.h> 49 #include <stdio.h> 50 #include <stdlib.h> 51 #include <string.h> 52 #include <sysexits.h> 53 #include <unistd.h> 54 55 static int dflag, eval, fflag, iflag, Pflag, vflag, Wflag, stdin_ok; 56 static int rflag, Iflag; 57 static uid_t uid; 58 volatile sig_atomic_t info; 59 60 static int check(const char *, const char *, struct stat *); 61 static int check2(char **); 62 static void checkdot(char **); 63 static void rm_file(char **); 64 static int rm_overwrite(const char *, struct stat *); 65 static void rm_tree(char **); 66 static void siginfo(int); 67 static void usage(void); 68 69 /* 70 * rm -- 71 * This rm is different from historic rm's, but is expected to match 72 * POSIX 1003.2 behavior. The most visible difference is that -f 73 * has two specific effects now, ignore non-existent files and force 74 * file removal. 75 */ 76 int 77 main(int argc, char *argv[]) 78 { 79 int ch; 80 const char *p; 81 pid_t tty_pgrp; 82 83 /* 84 * Test for the special case where the utility is called as 85 * "unlink", for which the functionality provided is greatly 86 * simplified. 87 */ 88 if ((p = strrchr(argv[0], '/')) == NULL) 89 p = argv[0]; 90 else 91 ++p; 92 if (strcmp(p, "unlink") == 0) { 93 while (getopt(argc, argv, "") != -1) 94 usage(); 95 argc -= optind; 96 argv += optind; 97 if (argc != 1) 98 usage(); 99 rm_file(&argv[0]); 100 exit(eval); 101 } 102 103 Pflag = rflag = 0; 104 while ((ch = getopt(argc, argv, "dfiIPRrvW")) != -1) { 105 switch(ch) { 106 case 'd': 107 dflag = 1; 108 break; 109 case 'f': 110 fflag = 1; 111 iflag = 0; 112 break; 113 case 'i': 114 fflag = 0; 115 iflag = 1; 116 break; 117 case 'I': 118 /* 119 * The -I flag is intended to be generally aliasable 120 * in /etc/csh.cshrc. We apply it only to foreground 121 * processes. 122 */ 123 if (ioctl(0, TIOCGPGRP, &tty_pgrp) == 0) { 124 if (tty_pgrp == getpgrp()) 125 Iflag = 1; 126 } 127 break; 128 case 'P': 129 Pflag = 1; 130 break; 131 case 'R': 132 case 'r': /* Compatibility. */ 133 rflag = 1; 134 break; 135 case 'v': 136 vflag = 1; 137 break; 138 case 'W': 139 Wflag = 1; 140 break; 141 default: 142 usage(); 143 } 144 } 145 argc -= optind; 146 argv += optind; 147 148 if (argc < 1) { 149 if (fflag) 150 return 0; 151 usage(); 152 } 153 154 checkdot(argv); 155 uid = geteuid(); 156 157 signal(SIGINFO, siginfo); 158 159 if (*argv) { 160 stdin_ok = isatty(STDIN_FILENO); 161 162 if (Iflag && !iflag) { 163 if (check2(argv) == 0) 164 exit (1); 165 } 166 if (rflag) 167 rm_tree(argv); 168 else 169 rm_file(argv); 170 } 171 172 exit (eval); 173 } 174 175 static void 176 rm_tree(char **argv) 177 { 178 FTS *fts; 179 FTSENT *p; 180 int needstat; 181 int flags; 182 int rval; 183 184 /* 185 * Remove a file hierarchy. If forcing removal (-f), or interactive 186 * (-i) or can't ask anyway (stdin_ok), don't stat the file. 187 */ 188 needstat = !uid || (!fflag && !iflag && stdin_ok); 189 190 /* 191 * If the -i option is specified, the user can skip on the pre-order 192 * visit. The fts_number field flags skipped directories. 193 */ 194 #define SKIPPED 1 195 196 flags = FTS_PHYSICAL; 197 if (!needstat) 198 flags |= FTS_NOSTAT; 199 if (Wflag) 200 flags |= FTS_WHITEOUT; 201 if ((fts = fts_open(argv, flags, NULL)) == NULL) { 202 if (fflag && errno == ENOENT) 203 return; 204 err(1, NULL); 205 } 206 while ((p = fts_read(fts)) != NULL) { 207 switch (p->fts_info) { 208 case FTS_DNR: 209 if (!fflag || p->fts_errno != ENOENT) { 210 warnx("%s: %s", 211 p->fts_path, strerror(p->fts_errno)); 212 eval = 1; 213 } 214 continue; 215 case FTS_ERR: 216 errx(1, "%s: %s", p->fts_path, strerror(p->fts_errno)); 217 case FTS_NS: 218 /* 219 * Assume that since fts_read() couldn't stat 220 * the file, it can't be unlinked. 221 */ 222 if (!needstat) 223 break; 224 if (!fflag || p->fts_errno != ENOENT) { 225 warnx("%s: %s", 226 p->fts_path, strerror(p->fts_errno)); 227 eval = 1; 228 } 229 continue; 230 case FTS_D: 231 /* Pre-order: give user chance to skip. */ 232 if (!fflag && !check(p->fts_path, p->fts_accpath, 233 p->fts_statp)) { 234 fts_set(fts, p, FTS_SKIP); 235 p->fts_number = SKIPPED; 236 } 237 else if (!uid && 238 (p->fts_statp->st_flags & (UF_APPEND|UF_IMMUTABLE)) && 239 !(p->fts_statp->st_flags & (SF_APPEND|SF_IMMUTABLE)) && 240 chflags(p->fts_accpath, 241 p->fts_statp->st_flags &= ~(UF_APPEND|UF_IMMUTABLE)) < 0) 242 goto err; 243 continue; 244 case FTS_DP: 245 /* Post-order: see if user skipped. */ 246 if (p->fts_number == SKIPPED) 247 continue; 248 break; 249 default: 250 if (!fflag && 251 !check(p->fts_path, p->fts_accpath, p->fts_statp)) 252 continue; 253 } 254 255 if (info) { 256 info = 0; 257 fprintf(stderr, "Currently removing: %s\n", p->fts_path); 258 } 259 260 rval = 0; 261 if (!uid && 262 (p->fts_statp->st_flags & (UF_APPEND|UF_IMMUTABLE)) && 263 !(p->fts_statp->st_flags & (SF_APPEND|SF_IMMUTABLE))) 264 rval = chflags(p->fts_accpath, 265 p->fts_statp->st_flags &= ~(UF_APPEND|UF_IMMUTABLE)); 266 267 if (rval == 0) { 268 /* 269 * If we can't read or search the directory, may still be 270 * able to remove it. Don't print out the un{read,search}able 271 * message unless the remove fails. 272 */ 273 switch (p->fts_info) { 274 case FTS_DP: 275 case FTS_DNR: 276 rval = rmdir(p->fts_accpath); 277 if (rval == 0 || (fflag && errno == ENOENT)) { 278 if (rval == 0 && vflag) 279 printf("%s\n", 280 p->fts_path); 281 continue; 282 } 283 break; 284 285 case FTS_W: 286 rval = undelete(p->fts_accpath); 287 if (rval == 0 && (fflag && errno == ENOENT)) { 288 if (vflag) 289 printf("%s\n", 290 p->fts_path); 291 continue; 292 } 293 break; 294 295 case FTS_NS: 296 /* 297 * Assume that since fts_read() couldn't stat 298 * the file, it can't be unlinked. 299 */ 300 if (fflag) 301 continue; 302 /* FALLTHROUGH */ 303 default: 304 if (Pflag) 305 if (!rm_overwrite(p->fts_accpath, NULL)) 306 continue; 307 rval = unlink(p->fts_accpath); 308 if (rval == 0 || (fflag && errno == ENOENT)) { 309 if (rval == 0 && vflag) 310 printf("%s\n", 311 p->fts_path); 312 continue; 313 } 314 } 315 } 316 err: 317 warn("%s", p->fts_path); 318 eval = 1; 319 } 320 if (errno) 321 err(1, "fts_read"); 322 fts_close(fts); 323 } 324 325 static void 326 rm_file(char **argv) 327 { 328 struct stat sb; 329 int rval; 330 const char *f; 331 332 /* 333 * Remove a file. POSIX 1003.2 states that, by default, attempting 334 * to remove a directory is an error, so must always stat the file. 335 */ 336 while ((f = *argv++) != NULL) { 337 if (info) { 338 info = 0; 339 fprintf(stderr, "Currently removing: %s\n", f); 340 } 341 342 /* Assume if can't stat the file, can't unlink it. */ 343 if (lstat(f, &sb)) { 344 if (Wflag) { 345 sb.st_mode = S_IFWHT|S_IWUSR|S_IRUSR; 346 } else { 347 if (!fflag || errno != ENOENT) { 348 warn("%s", f); 349 eval = 1; 350 } 351 continue; 352 } 353 } else if (Wflag) { 354 warnx("%s: %s", f, strerror(EEXIST)); 355 eval = 1; 356 continue; 357 } 358 359 if (S_ISDIR(sb.st_mode) && !dflag) { 360 warnx("%s: is a directory", f); 361 eval = 1; 362 continue; 363 } 364 if (!fflag && !S_ISWHT(sb.st_mode) && !check(f, f, &sb)) 365 continue; 366 rval = 0; 367 if (!uid && 368 (sb.st_flags & (UF_APPEND|UF_IMMUTABLE)) && 369 !(sb.st_flags & (SF_APPEND|SF_IMMUTABLE))) 370 rval = chflags(f, sb.st_flags & ~(UF_APPEND|UF_IMMUTABLE)); 371 if (rval == 0) { 372 if (S_ISWHT(sb.st_mode)) 373 rval = undelete(f); 374 else if (S_ISDIR(sb.st_mode)) 375 rval = rmdir(f); 376 else { 377 if (Pflag) 378 if (!rm_overwrite(f, &sb)) 379 continue; 380 rval = unlink(f); 381 } 382 } 383 if (rval && (!fflag || errno != ENOENT)) { 384 warn("%s", f); 385 eval = 1; 386 } 387 if (vflag && rval == 0) 388 printf("%s\n", f); 389 } 390 } 391 392 /* 393 * rm_overwrite -- 394 * Overwrite the file 3 times with varying bit patterns. 395 * 396 * XXX 397 * This is a cheap way to *really* delete files. Note that only regular 398 * files are deleted, directories (and therefore names) will remain. 399 * Also, this assumes a fixed-block filesystem (like FFS, or a V7 or a 400 * System V filesystem). In a logging filesystem, you'll have to have 401 * kernel support. 402 */ 403 static int 404 rm_overwrite(const char *file, struct stat *sbp) 405 { 406 struct stat sb; 407 struct statfs fsb; 408 off_t len; 409 int bsize, fd, wlen; 410 char *buf = NULL; 411 412 fd = -1; 413 if (sbp == NULL) { 414 if (lstat(file, &sb)) 415 goto err; 416 sbp = &sb; 417 } 418 if (!S_ISREG(sbp->st_mode)) { 419 warnx("%s: cannot overwrite a non-regular file", file); 420 return (1); 421 } 422 if (sbp->st_nlink > 1) { 423 warnx("%s (inode %ju): not overwritten due to multiple links", 424 file, (uintmax_t)sbp->st_ino); 425 return (0); 426 } 427 if ((fd = open(file, O_WRONLY, 0)) == -1) 428 goto err; 429 if (fstatfs(fd, &fsb) == -1) 430 goto err; 431 bsize = MAX(fsb.f_iosize, 1024); 432 if ((buf = malloc(bsize)) == NULL) 433 err(1, "%s malloc failed", file); 434 435 #define PASS(byte) { \ 436 memset(buf, byte, bsize); \ 437 for (len = sbp->st_size; len > 0; len -= wlen) { \ 438 wlen = len < bsize ? len : bsize; \ 439 if (write(fd, buf, wlen) != wlen) \ 440 goto err; \ 441 } \ 442 } 443 PASS(0xff); 444 if (fsync(fd) || lseek(fd, (off_t)0, SEEK_SET)) 445 goto err; 446 PASS(0x00); 447 if (fsync(fd) || lseek(fd, (off_t)0, SEEK_SET)) 448 goto err; 449 PASS(0xff); 450 if (!fsync(fd) && !close(fd)) { 451 free(buf); 452 return (1); 453 } 454 455 err: eval = 1; 456 if (buf) 457 free(buf); 458 if (fd != -1) 459 close(fd); 460 warn("%s", file); 461 return (0); 462 } 463 464 465 static int 466 check(const char *path, const char *name, struct stat *sp) 467 { 468 static int perm_answer = -1; 469 struct choice { 470 int ch; 471 const char *str; 472 int res; 473 int perm; 474 } *choice, choices[] = { 475 { 'y', "yes" , 1, 0 }, 476 { 'n', "no" , 0, 0 }, 477 { 'a', "always", 1, 1 }, 478 { 'v', "never" , 0, 1 }, 479 { 0, NULL, 0, 0 } 480 }; 481 char modep[15], *flagsp; 482 483 if (perm_answer != -1) 484 return (perm_answer); 485 486 /* Check -i first. */ 487 if (iflag) 488 fprintf(stderr, "remove %s? ", path); 489 else { 490 /* 491 * If it's not a symbolic link and it's unwritable and we're 492 * talking to a terminal, ask. Symbolic links are excluded 493 * because their permissions are meaningless. Check stdin_ok 494 * first because we may not have stat'ed the file. 495 * Also skip this check if the -P option was specified because 496 * we will not be able to overwrite file contents and will 497 * barf later. 498 */ 499 if (!stdin_ok || S_ISLNK(sp->st_mode) || Pflag || 500 (!access(name, W_OK) && 501 !(sp->st_flags & (SF_APPEND|SF_IMMUTABLE)) && 502 (!(sp->st_flags & (UF_APPEND|UF_IMMUTABLE)) || !uid))) 503 return (1); 504 strmode(sp->st_mode, modep); 505 if ((flagsp = fflagstostr(sp->st_flags)) == NULL) 506 err(1, NULL); 507 fprintf(stderr, "override %s%s%s/%s %s%sfor %s? ", 508 modep + 1, modep[9] == ' ' ? "" : " ", 509 user_from_uid(sp->st_uid, 0), 510 group_from_gid(sp->st_gid, 0), 511 *flagsp ? flagsp : "", *flagsp ? " " : "", 512 path); 513 free(flagsp); 514 } 515 fflush(stderr); 516 517 for (;;) { 518 size_t len; 519 char *answer; 520 521 answer = fgetln(stdin, &len); 522 /* clearerr(stdin); */ 523 if (answer == NULL) 524 return (0); 525 if (answer[len - 1] == '\n') 526 len--; 527 if (len == 0) 528 continue; 529 530 for (choice = choices; choice->str != NULL; choice++) { 531 if (len == 1 && choice->ch == answer[0]) 532 goto valid_choice; 533 if (strncasecmp(answer, choice->str, len) == 0) 534 goto valid_choice; 535 } 536 537 fprintf(stderr, "invalid answer, try again (y/n/a/v): "); 538 } 539 540 valid_choice: 541 if (choice->perm) 542 perm_answer = choice->res; 543 return (choice->res); 544 } 545 546 static int 547 check2(char **argv) 548 { 549 struct stat st; 550 int first; 551 int ch; 552 int fcount = 0; 553 int dcount = 0; 554 int i; 555 const char *dname = NULL; 556 557 for (i = 0; argv[i]; ++i) { 558 if (lstat(argv[i], &st) == 0) { 559 if (S_ISDIR(st.st_mode)) { 560 ++dcount; 561 dname = argv[i]; /* only used if 1 dir */ 562 } else { 563 ++fcount; 564 } 565 } 566 } 567 first = 0; 568 while (first != 'n' && first != 'N' && first != 'y' && first != 'Y') { 569 if (dcount && rflag) { 570 fprintf(stderr, "recursively remove"); 571 if (dcount == 1) 572 fprintf(stderr, " %s", dname); 573 else 574 fprintf(stderr, " %d dirs", dcount); 575 if (fcount == 1) 576 fprintf(stderr, " and 1 file"); 577 else if (fcount > 1) 578 fprintf(stderr, " and %d files", fcount); 579 } else if (dcount + fcount > 3) { 580 fprintf(stderr, "remove %d files", dcount + fcount); 581 } else { 582 return(1); 583 } 584 fprintf(stderr, "? "); 585 fflush(stderr); 586 587 first = ch = getchar(); 588 while (ch != '\n' && ch != EOF) 589 ch = getchar(); 590 if (ch == EOF) 591 break; 592 } 593 return (first == 'y' || first == 'Y'); 594 } 595 596 #define ISDOT(a) ((a)[0] == '.' && (!(a)[1] || ((a)[1] == '.' && !(a)[2]))) 597 static void 598 checkdot(char **argv) 599 { 600 char *p, **save, **t; 601 int complained; 602 603 complained = 0; 604 for (t = argv; *t;) { 605 if ((p = strrchr(*t, '/')) != NULL) 606 ++p; 607 else 608 p = *t; 609 if (ISDOT(p)) { 610 if (!complained++) 611 warnx("\".\" and \"..\" may not be removed"); 612 eval = 1; 613 for (save = t; (t[0] = t[1]) != NULL; ++t) 614 continue; 615 t = save; 616 } else 617 ++t; 618 } 619 } 620 621 static void 622 usage(void) 623 { 624 625 fprintf(stderr, "%s\n%s\n", 626 "usage: rm [-f | -i] [-dIPRrvW] file ...", 627 " unlink file"); 628 exit(EX_USAGE); 629 } 630 631 static void 632 siginfo(int notused __unused) 633 { 634 info = 1; 635 } 636