1 /* vi: set sw=4 ts=4: */
2 /*
3 * Mini copy_file implementation for busybox
4 *
5 * Copyright (C) 2001 by Matt Kraai <kraai@alumni.carnegiemellon.edu>
6 * SELinux support by Yuichi Nakamura <ynakam@hitachisoft.jp>
7 *
8 * Licensed under GPLv2 or later, see file LICENSE in this source tree.
9 */
10 #include "libbb.h"
11
12 // FEATURE_NON_POSIX_CP:
13 //
14 // POSIX: if exists and -i, ask (w/o -i assume yes).
15 // Then open w/o EXCL (yes, not unlink!).
16 // If open still fails and -f, try unlink, then try open again.
17 // Result: a mess:
18 // If dest is a (sym)link, we overwrite link destination!
19 // (or fail, if it points to dir/nonexistent location/etc).
20 // This is strange, but POSIX-correct.
21 // coreutils cp has --remove-destination to override this...
22
23 /* Called if open of destination, link creation etc fails.
24 * errno must be set to relevant value ("why we cannot create dest?")
25 * to give reasonable error message */
ask_and_unlink(const char * dest,int flags)26 static int ask_and_unlink(const char *dest, int flags)
27 {
28 int e = errno;
29
30 #if !ENABLE_FEATURE_NON_POSIX_CP
31 if (!(flags & (FILEUTILS_FORCE|FILEUTILS_INTERACTIVE))) {
32 /* Either it exists, or the *path* doesnt exist */
33 bb_perror_msg("can't create '%s'", dest);
34 return -1;
35 }
36 #endif
37 // else: act as if -f is always in effect.
38 // We don't want "can't create" msg, we want unlink to be done
39 // (silently unless -i). Why? POSIX cp usually succeeds with
40 // O_TRUNC open of existing file, and user is left ignorantly happy.
41 // With above block unconditionally enabled, non-POSIX cp
42 // will complain a lot more than POSIX one.
43
44 /* TODO: maybe we should do it only if ctty is present? */
45 if (flags & FILEUTILS_INTERACTIVE) {
46 // We would not do POSIX insanity. -i asks,
47 // then _unlinks_ the offender. Presto.
48 // (No "opening without O_EXCL", no "unlink only if -f")
49 // Or else we will end up having 3 open()s!
50 fprintf(stderr, "%s: overwrite '%s'? ", applet_name, dest);
51 if (!bb_ask_y_confirmation())
52 return 0; /* not allowed to overwrite */
53 }
54 if (unlink(dest) < 0) {
55 #if ENABLE_FEATURE_VERBOSE_CP_MESSAGE
56 if (e == errno && e == ENOENT) {
57 /* e == ENOTDIR is similar: path has non-dir component,
58 * but in this case we don't even reach copy_file() */
59 bb_error_msg("can't create '%s': Path does not exist", dest);
60 return -1; /* error */
61 }
62 #endif
63 errno = e; /* do not use errno from unlink */
64 bb_perror_msg("can't create '%s'", dest);
65 return -1; /* error */
66 }
67 #if ENABLE_FEATURE_CP_LONG_OPTIONS
68 if (flags & FILEUTILS_RMDEST)
69 if (flags & FILEUTILS_VERBOSE)
70 printf("removed '%s'\n", dest);
71 #endif
72 return 1; /* ok (to try again) */
73 }
74
75 /* Return:
76 * -1 error, copy not made
77 * 0 copy is made or user answered "no" in interactive mode
78 * (failures to preserve mode/owner/times are not reported in exit code)
79 */
copy_file(const char * source,const char * dest,int flags)80 int FAST_FUNC copy_file(const char *source, const char *dest, int flags)
81 {
82 /* This is a recursive function, try to minimize stack usage */
83 /* NB: each struct stat is ~100 bytes */
84 struct stat source_stat;
85 struct stat dest_stat;
86 smallint retval = 0;
87 smallint dest_exists = 0;
88 smallint ovr;
89
90 /* Inverse of cp -d ("cp without -d") */
91 #define FLAGS_DEREF (flags & (FILEUTILS_DEREFERENCE + FILEUTILS_DEREFERENCE_L0))
92
93 if ((FLAGS_DEREF ? stat : lstat)(source, &source_stat) < 0) {
94 /* This may be a dangling symlink.
95 * Making [sym]links to dangling symlinks works, so... */
96 if (flags & (FILEUTILS_MAKE_SOFTLINK|FILEUTILS_MAKE_HARDLINK))
97 goto make_links;
98 bb_perror_msg("can't stat '%s'", source);
99 return -1;
100 }
101
102 if (lstat(dest, &dest_stat) < 0) {
103 if (errno != ENOENT) {
104 bb_perror_msg("can't stat '%s'", dest);
105 return -1;
106 }
107 } else {
108 if (source_stat.st_dev == dest_stat.st_dev
109 && source_stat.st_ino == dest_stat.st_ino
110 ) {
111 bb_error_msg("'%s' and '%s' are the same file", source, dest);
112 return -1;
113 }
114 if (flags & FILEUTILS_NO_OVERWRITE) /* cp -n */
115 return 0;
116 dest_exists = 1;
117 }
118
119 #if ENABLE_SELINUX
120 if ((flags & FILEUTILS_PRESERVE_SECURITY_CONTEXT) && is_selinux_enabled() > 0) {
121 security_context_t con;
122 if (lgetfilecon(source, &con) >= 0) {
123 if (setfscreatecon(con) < 0) {
124 bb_perror_msg("can't set setfscreatecon %s", con);
125 freecon(con);
126 return -1;
127 }
128 } else if (errno == ENOTSUP || errno == ENODATA) {
129 setfscreatecon_or_die(NULL);
130 } else {
131 bb_perror_msg("can't lgetfilecon %s", source);
132 return -1;
133 }
134 }
135 #endif
136
137 if (S_ISDIR(source_stat.st_mode)) {
138 DIR *dp;
139 const char *tp;
140 struct dirent *d;
141 mode_t saved_umask = 0;
142
143 if (!(flags & FILEUTILS_RECUR)) {
144 bb_error_msg("omitting directory '%s'", source);
145 return -1;
146 }
147
148 /* Did we ever create source ourself before? */
149 tp = is_in_ino_dev_hashtable(&source_stat);
150 if (tp) {
151 /* We did! it's a recursion! man the lifeboats... */
152 bb_error_msg("recursion detected, omitting directory '%s'",
153 source);
154 return -1;
155 }
156
157 if (dest_exists) {
158 if (!S_ISDIR(dest_stat.st_mode)) {
159 bb_error_msg("target '%s' is not a directory", dest);
160 return -1;
161 }
162 /* race here: user can substitute a symlink between
163 * this check and actual creation of files inside dest */
164 } else {
165 /* Create DEST */
166 mode_t mode;
167 saved_umask = umask(0);
168
169 mode = source_stat.st_mode;
170 if (!(flags & FILEUTILS_PRESERVE_STATUS))
171 mode = source_stat.st_mode & ~saved_umask;
172 /* Allow owner to access new dir (at least for now) */
173 mode |= S_IRWXU;
174 if (mkdir(dest, mode) < 0) {
175 umask(saved_umask);
176 bb_perror_msg("can't create directory '%s'", dest);
177 return -1;
178 }
179 umask(saved_umask);
180 /* need stat info for add_to_ino_dev_hashtable */
181 if (lstat(dest, &dest_stat) < 0) {
182 bb_perror_msg("can't stat '%s'", dest);
183 return -1;
184 }
185 }
186 /* remember (dev,inode) of each created dir.
187 * NULL: name is not remembered */
188 add_to_ino_dev_hashtable(&dest_stat, NULL);
189
190 /* Recursively copy files in SOURCE */
191 dp = opendir(source);
192 if (dp == NULL) {
193 retval = -1;
194 goto preserve_mode_ugid_time;
195 }
196
197 while ((d = readdir(dp)) != NULL) {
198 char *new_source, *new_dest;
199
200 new_source = concat_subpath_file(source, d->d_name);
201 if (new_source == NULL)
202 continue;
203 new_dest = concat_path_file(dest, d->d_name);
204 if (copy_file(new_source, new_dest, flags & ~FILEUTILS_DEREFERENCE_L0) < 0)
205 retval = -1;
206 free(new_source);
207 free(new_dest);
208 }
209 closedir(dp);
210
211 if (!dest_exists
212 && chmod(dest, source_stat.st_mode & ~saved_umask) < 0
213 ) {
214 bb_perror_msg("can't preserve %s of '%s'", "permissions", dest);
215 /* retval = -1; - WRONG! copy *WAS* made */
216 }
217 goto preserve_mode_ugid_time;
218 }
219
220 if (dest_exists) {
221 if (flags & FILEUTILS_UPDATE) {
222 if (source_stat.st_mtime <= dest_stat.st_mtime) {
223 return 0; /* source file must be newer */
224 }
225 }
226 #if ENABLE_FEATURE_CP_LONG_OPTIONS
227 if (flags & FILEUTILS_RMDEST) {
228 ovr = ask_and_unlink(dest, flags);
229 if (ovr <= 0)
230 return ovr;
231 dest_exists = 0;
232 }
233 #endif
234 }
235
236 if (flags & (FILEUTILS_MAKE_SOFTLINK|FILEUTILS_MAKE_HARDLINK)) {
237 int (*lf)(const char *oldpath, const char *newpath);
238 make_links:
239 /* Hmm... maybe
240 * if (DEREF && MAKE_SOFTLINK) source = realpath(source) ?
241 * (but realpath returns NULL on dangling symlinks...) */
242 lf = (flags & FILEUTILS_MAKE_SOFTLINK) ? symlink : link;
243 if (lf(source, dest) < 0) {
244 ovr = ask_and_unlink(dest, flags);
245 if (ovr <= 0)
246 return ovr;
247 if (lf(source, dest) < 0) {
248 bb_perror_msg("can't create link '%s'", dest);
249 return -1;
250 }
251 }
252 /* _Not_ jumping to preserve_mode_ugid_time:
253 * (sym)links don't have those */
254 return 0;
255 }
256
257 if (/* "cp thing1 thing2" without -R: just open and read() from thing1 */
258 !(flags & FILEUTILS_RECUR)
259 /* "cp [-opts] regular_file thing2" */
260 || S_ISREG(source_stat.st_mode)
261 /* DEREF uses stat, which never returns S_ISLNK() == true.
262 * So the below is never true: */
263 /* || (FLAGS_DEREF && S_ISLNK(source_stat.st_mode)) */
264 ) {
265 int src_fd;
266 int dst_fd;
267 mode_t new_mode;
268
269 if (!FLAGS_DEREF && S_ISLNK(source_stat.st_mode)) {
270 /* "cp -d symlink dst": create a link */
271 goto dont_cat;
272 }
273
274 if (ENABLE_FEATURE_PRESERVE_HARDLINKS && !FLAGS_DEREF) {
275 const char *link_target;
276 link_target = is_in_ino_dev_hashtable(&source_stat);
277 if (link_target) {
278 if (link(link_target, dest) < 0) {
279 ovr = ask_and_unlink(dest, flags);
280 if (ovr <= 0)
281 return ovr;
282 if (link(link_target, dest) < 0) {
283 bb_perror_msg("can't create link '%s'", dest);
284 return -1;
285 }
286 }
287 return 0;
288 }
289 add_to_ino_dev_hashtable(&source_stat, dest);
290 }
291
292 src_fd = open_or_warn(source, O_RDONLY);
293 if (src_fd < 0)
294 return -1;
295
296 /* Do not try to open with weird mode fields */
297 new_mode = source_stat.st_mode;
298 if (!S_ISREG(source_stat.st_mode))
299 new_mode = 0666;
300
301 if (ENABLE_FEATURE_NON_POSIX_CP || (flags & FILEUTILS_INTERACTIVE)) {
302 /*
303 * O_CREAT|O_EXCL: require that file did not exist before creation
304 */
305 dst_fd = open(dest, O_WRONLY|O_CREAT|O_EXCL, new_mode);
306 } else { /* POSIX, and not "cp -i" */
307 /*
308 * O_CREAT|O_TRUNC: create, or truncate (security problem versus (sym)link attacks)
309 */
310 dst_fd = open(dest, O_WRONLY|O_CREAT|O_TRUNC, new_mode);
311 }
312 if (dst_fd == -1) {
313 ovr = ask_and_unlink(dest, flags);
314 if (ovr <= 0) {
315 close(src_fd);
316 return ovr;
317 }
318 /* It shouldn't exist. If it exists, do not open (symlink attack?) */
319 dst_fd = open3_or_warn(dest, O_WRONLY|O_CREAT|O_EXCL, new_mode);
320 if (dst_fd < 0) {
321 close(src_fd);
322 return -1;
323 }
324 }
325
326 #if ENABLE_SELINUX
327 if ((flags & (FILEUTILS_PRESERVE_SECURITY_CONTEXT|FILEUTILS_SET_SECURITY_CONTEXT))
328 && is_selinux_enabled() > 0
329 ) {
330 security_context_t con;
331 if (getfscreatecon(&con) == -1) {
332 bb_simple_perror_msg("getfscreatecon");
333 return -1;
334 }
335 if (con) {
336 if (setfilecon(dest, con) == -1) {
337 bb_perror_msg("setfilecon:%s,%s", dest, con);
338 freecon(con);
339 return -1;
340 }
341 freecon(con);
342 }
343 }
344 #endif
345 #if ENABLE_FEATURE_CP_REFLINK
346 # undef BTRFS_IOCTL_MAGIC
347 # define BTRFS_IOCTL_MAGIC 0x94
348 # undef BTRFS_IOC_CLONE
349 # define BTRFS_IOC_CLONE _IOW (BTRFS_IOCTL_MAGIC, 9, int)
350 if (flags & FILEUTILS_REFLINK) {
351 retval = ioctl(dst_fd, BTRFS_IOC_CLONE, src_fd);
352 if (retval == 0)
353 goto do_close;
354 /* reflink did not work */
355 if (flags & FILEUTILS_REFLINK_ALWAYS) {
356 bb_perror_msg("failed to clone '%s' from '%s'", dest, source);
357 goto do_close;
358 }
359 /* fall through to standard copy */
360 retval = 0;
361 }
362 #endif
363 if (bb_copyfd_eof(src_fd, dst_fd) == -1)
364 retval = -1;
365 IF_FEATURE_CP_REFLINK(do_close:)
366 /* Careful with writing... */
367 if (close(dst_fd) < 0) {
368 bb_perror_msg("error writing to '%s'", dest);
369 retval = -1;
370 }
371 /* ...but read size is already checked by bb_copyfd_eof */
372 close(src_fd);
373 /* "cp /dev/something new_file" should not
374 * copy mode of /dev/something */
375 if (!S_ISREG(source_stat.st_mode))
376 return retval;
377 goto preserve_mode_ugid_time;
378 }
379 dont_cat:
380
381 /* Source is a symlink or a special file */
382 /* We are lazy here, a bit lax with races... */
383 if (dest_exists) {
384 errno = EEXIST;
385 ovr = ask_and_unlink(dest, flags);
386 if (ovr <= 0)
387 return ovr;
388 }
389 if (S_ISLNK(source_stat.st_mode)) {
390 char *lpath = xmalloc_readlink_or_warn(source);
391 if (lpath) {
392 int r = symlink(lpath, dest);
393 if (r < 0) {
394 /* shared message */
395 bb_perror_msg("can't create %slink '%s' to '%s'",
396 "sym", dest, lpath
397 );
398 free(lpath);
399 return -1;
400 }
401 free(lpath);
402 if (flags & FILEUTILS_PRESERVE_STATUS)
403 if (lchown(dest, source_stat.st_uid, source_stat.st_gid) < 0)
404 bb_perror_msg("can't preserve %s of '%s'", "ownership", dest);
405 }
406 /* _Not_ jumping to preserve_mode_ugid_time:
407 * symlinks don't have those */
408 goto verb_and_exit;
409 }
410 if (S_ISBLK(source_stat.st_mode) || S_ISCHR(source_stat.st_mode)
411 || S_ISSOCK(source_stat.st_mode) || S_ISFIFO(source_stat.st_mode)
412 ) {
413 if (mknod(dest, source_stat.st_mode, source_stat.st_rdev) < 0) {
414 bb_perror_msg("can't create '%s'", dest);
415 return -1;
416 }
417 } else {
418 bb_error_msg("unrecognized file '%s' with mode %x", source, source_stat.st_mode);
419 return -1;
420 }
421
422 preserve_mode_ugid_time:
423
424 if (flags & FILEUTILS_PRESERVE_STATUS
425 /* Cannot happen: */
426 /* && !(flags & (FILEUTILS_MAKE_SOFTLINK|FILEUTILS_MAKE_HARDLINK)) */
427 ) {
428 struct timeval times[2];
429
430 times[1].tv_sec = times[0].tv_sec = source_stat.st_mtime;
431 times[1].tv_usec = times[0].tv_usec = 0;
432 /* BTW, utimes sets usec-precision time - just FYI */
433 if (utimes(dest, times) < 0)
434 bb_perror_msg("can't preserve %s of '%s'", "times", dest);
435 if (chown(dest, source_stat.st_uid, source_stat.st_gid) < 0) {
436 source_stat.st_mode &= ~(S_ISUID | S_ISGID);
437 bb_perror_msg("can't preserve %s of '%s'", "ownership", dest);
438 }
439 if (chmod(dest, source_stat.st_mode) < 0)
440 bb_perror_msg("can't preserve %s of '%s'", "permissions", dest);
441 }
442
443 verb_and_exit:
444 if (flags & FILEUTILS_VERBOSE) {
445 printf("'%s' -> '%s'\n", source, dest);
446 }
447
448 return retval;
449 }
450