diff --git a/bin/cp/cp.c b/bin/cp/cp.c index 2b9c7531e4ca..62cc2abc3654 100644 --- a/bin/cp/cp.c +++ b/bin/cp/cp.c @@ -1,567 +1,604 @@ /*- * SPDX-License-Identifier: BSD-3-Clause * * Copyright (c) 1988, 1993, 1994 * The Regents of the University of California. All rights reserved. * * This code is derived from software contributed to Berkeley by * David Hitz of Auspex Systems Inc. * * Redistribution and use in source and binary forms, with or without * modification, are permitted provided that the following conditions * are met: * 1. Redistributions of source code must retain the above copyright * notice, this list of conditions and the following disclaimer. * 2. Redistributions in binary form must reproduce the above copyright * notice, this list of conditions and the following disclaimer in the * documentation and/or other materials provided with the distribution. * 3. Neither the name of the University nor the names of its contributors * may be used to endorse or promote products derived from this software * without specific prior written permission. * * THIS SOFTWARE IS PROVIDED BY THE REGENTS AND CONTRIBUTORS ``AS IS'' AND * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE * ARE DISCLAIMED. IN NO EVENT SHALL THE REGENTS OR CONTRIBUTORS BE LIABLE * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF * SUCH DAMAGE. */ /* * Cp copies source files to target files. * * The global PATH_T structure "to" always contains the path to the * current target file. Since fts(3) does not change directories, * this path can be either absolute or dot-relative. * * The basic algorithm is to initialize "to" and use fts(3) to traverse * the file hierarchy rooted in the argument list. A trivial case is the * case of 'cp file1 file2'. The more interesting case is the case of * 'cp file1 file2 ... fileN dir' where the hierarchy is traversed and the * path (relative to the root of the traversal) is appended to dir (stored * in "to") to form the final target path. */ #include #include #include #include #include +#include #include #include #include +#include #include #include #include #include #include "extern.h" -#define STRIP_TRAILING_SLASH(p) { \ - while ((p).p_end > (p).p_path + 1 && (p).p_end[-1] == '/') \ - *--(p).p_end = 0; \ -} - -static char emptystring[] = ""; - -PATH_T to = { to.p_path, emptystring, "" }; +static char dot[] = "."; +#define END(buf) (buf + sizeof(buf)) +PATH_T to = { .dir = -1, .end = to.path }; int Nflag, fflag, iflag, lflag, nflag, pflag, sflag, vflag; static int Hflag, Lflag, Pflag, Rflag, rflag; volatile sig_atomic_t info; enum op { FILE_TO_FILE, FILE_TO_DIR, DIR_TO_DNE }; static int copy(char *[], enum op, int, struct stat *); static void siginfo(int __unused); int main(int argc, char *argv[]) { struct stat to_stat, tmp_stat; enum op type; - int ch, fts_options, r, have_trailing_slash; - char *target; + int ch, fts_options, r; + char *sep, *target; + bool have_trailing_slash = false; fts_options = FTS_NOCHDIR | FTS_PHYSICAL; while ((ch = getopt(argc, argv, "HLPRafilNnprsvx")) != -1) switch (ch) { case 'H': Hflag = 1; Lflag = Pflag = 0; break; case 'L': Lflag = 1; Hflag = Pflag = 0; break; case 'P': Pflag = 1; Hflag = Lflag = 0; break; case 'R': Rflag = 1; break; case 'a': pflag = 1; Rflag = 1; Pflag = 1; Hflag = Lflag = 0; break; case 'f': fflag = 1; iflag = nflag = 0; break; case 'i': iflag = 1; fflag = nflag = 0; break; case 'l': lflag = 1; break; case 'N': Nflag = 1; break; case 'n': nflag = 1; fflag = iflag = 0; break; case 'p': pflag = 1; break; case 'r': rflag = Lflag = 1; Hflag = Pflag = 0; break; case 's': sflag = 1; break; case 'v': vflag = 1; break; case 'x': fts_options |= FTS_XDEV; break; default: usage(); } argc -= optind; argv += optind; if (argc < 2) usage(); if (Rflag && rflag) errx(1, "the -R and -r options may not be specified together"); if (lflag && sflag) errx(1, "the -l and -s options may not be specified together"); if (rflag) Rflag = 1; if (Rflag) { if (Hflag) fts_options |= FTS_COMFOLLOW; if (Lflag) { fts_options &= ~FTS_PHYSICAL; fts_options |= FTS_LOGICAL; } } else if (!Pflag) { fts_options &= ~FTS_PHYSICAL; fts_options |= FTS_LOGICAL | FTS_COMFOLLOW; } (void)signal(SIGINFO, siginfo); /* Save the target base in "to". */ target = argv[--argc]; - if (strlcpy(to.p_path, target, sizeof(to.p_path)) >= sizeof(to.p_path)) - errx(1, "%s: name too long", target); - to.p_end = to.p_path + strlen(to.p_path); - if (to.p_path == to.p_end) { - *to.p_end++ = '.'; - *to.p_end = 0; + if (*target == '\0') { + target = dot; + } else if ((sep = strrchr(target, '/')) != NULL && sep[1] == '\0') { + have_trailing_slash = true; + while (sep > target + 1 && *(sep - 1) == '/') + sep--; + *sep = '\0'; } - have_trailing_slash = (to.p_end[-1] == '/'); - if (have_trailing_slash) - STRIP_TRAILING_SLASH(to); - to.target_end = to.p_end; + if (strlcpy(to.base, target, sizeof(to.base)) >= sizeof(to.base)) + errc(1, ENAMETOOLONG, "%s", target); /* Set end of argument list for fts(3). */ argv[argc] = NULL; /* * Cp has two distinct cases: * * cp [-R] source target * cp [-R] source1 ... sourceN directory * * In both cases, source can be either a file or a directory. * * In (1), the target becomes a copy of the source. That is, if the * source is a file, the target will be a file, and likewise for * directories. * * In (2), the real target is not directory, but "directory/source". */ - r = stat(to.p_path, &to_stat); + r = stat(to.base, &to_stat); if (r == -1 && errno != ENOENT) - err(1, "%s", to.p_path); + err(1, "%s", target); if (r == -1 || !S_ISDIR(to_stat.st_mode)) { /* * Case (1). Target is not a directory. */ if (argc > 1) - errc(1, ENOTDIR, "%s", to.p_path); + errc(1, ENOTDIR, "%s", target); /* * Need to detect the case: * cp -R dir foo * Where dir is a directory and foo does not exist, where * we want pathname concatenations turned on but not for * the initial mkdir(). */ if (r == -1) { if (Rflag && (Lflag || Hflag)) stat(*argv, &tmp_stat); else lstat(*argv, &tmp_stat); if (S_ISDIR(tmp_stat.st_mode) && Rflag) type = DIR_TO_DNE; else type = FILE_TO_FILE; } else type = FILE_TO_FILE; if (have_trailing_slash && type == FILE_TO_FILE) { if (r == -1) - errc(1, ENOENT, "%s", to.p_path); + errc(1, ENOENT, "%s", target); else - errc(1, ENOTDIR, "%s", to.p_path); + errc(1, ENOTDIR, "%s", target); } } else { /* * Case (2). Target is a directory. */ type = FILE_TO_DIR; } /* * For DIR_TO_DNE, we could provide copy() with the to_stat we've * already allocated on the stack here that isn't being used for * anything. Not doing so, though, simplifies later logic a little bit * as we need to skip checking root_stat on the first iteration and * ensure that we set it with the first mkdir(). */ exit (copy(argv, type, fts_options, (type == DIR_TO_DNE ? NULL : &to_stat))); } static int copy(char *argv[], enum op type, int fts_options, struct stat *root_stat) { char rootname[NAME_MAX]; - struct stat created_root_stat, to_stat; + struct stat created_root_stat, to_stat, *curr_stat; FTS *ftsp; FTSENT *curr; - int base = 0, dne, badcp, rval; - size_t nlen; - char *p, *recurse_path, *target_mid; + char *recpath = NULL; + int atflags, dne, badcp, len, rval; mode_t mask, mode; + bool beneath = type != FILE_TO_FILE; + bool skipdp = false; /* * Keep an inverted copy of the umask, for use in correcting * permissions on created directories when not using -p. */ mask = ~umask(0777); umask(~mask); - recurse_path = NULL; + if (type == FILE_TO_FILE) { + to.dir = AT_FDCWD; + to.end = to.path + strlcpy(to.path, to.base, sizeof(to.path)); + strcpy(to.base, dot); + } else if (type == FILE_TO_DIR) { + to.dir = open(to.base, O_DIRECTORY | O_SEARCH); + if (to.dir < 0) + err(1, "%s", to.base); + } + if ((ftsp = fts_open(argv, fts_options, NULL)) == NULL) err(1, "fts_open"); - for (badcp = rval = 0; (curr = fts_read(ftsp)) != NULL; badcp = 0) { + for (badcp = rval = 0; + (curr = fts_read(ftsp)) != NULL; + badcp = 0, *to.end = '\0') { + curr_stat = curr->fts_statp; switch (curr->fts_info) { case FTS_NS: case FTS_DNR: case FTS_ERR: warnc(curr->fts_errno, "%s", curr->fts_path); badcp = rval = 1; continue; case FTS_DC: /* Warn, continue. */ warnx("%s: directory causes a cycle", curr->fts_path); badcp = rval = 1; continue; - default: - ; - } - - /* - * Stash the root basename off for detecting recursion later. - * - * This will be essential if the root is a symlink and we're - * rolling with -L or -H. The later bits will need this bit in - * particular. - */ - if (curr->fts_level == FTS_ROOTLEVEL) { - strlcpy(rootname, curr->fts_name, sizeof(rootname)); - } - - /* - * If we are in case (2) or (3) above, we need to append the - * source name to the target name. - */ - if (type != FILE_TO_FILE) { + case FTS_D: /* - * Need to remember the roots of traversals to create - * correct pathnames. If there's a directory being - * copied to a non-existent directory, e.g. - * cp -R a/dir noexist - * the resulting path name should be noexist/foo, not - * noexist/dir/foo (where foo is a file in dir), which - * is the case where the target exists. - * - * Also, check for "..". This is for correct path - * concatenation for paths ending in "..", e.g. - * cp -R .. /tmp - * Paths ending in ".." are changed to ".". This is - * tricky, but seems the easiest way to fix the problem. + * Stash the root basename off for detecting + * recursion later. * - * XXX - * Since the first level MUST be FTS_ROOTLEVEL, base - * is always initialized. + * This will be essential if the root is a symlink + * and we're rolling with -L or -H. The later + * bits will need this bit in particular. */ if (curr->fts_level == FTS_ROOTLEVEL) { - if (type != DIR_TO_DNE) { - p = strrchr(curr->fts_path, '/'); - base = (p == NULL) ? 0 : - (int)(p - curr->fts_path + 1); - - if (strcmp(curr->fts_path + base, "..") - == 0) - base += 1; - } else - base = curr->fts_pathlen; - } - - p = &curr->fts_path[base]; - nlen = curr->fts_pathlen - base; - target_mid = to.target_end; - if (*p != '/' && target_mid[-1] != '/') - *target_mid++ = '/'; - *target_mid = 0; - if (target_mid - to.p_path + nlen >= PATH_MAX) { - warnx("%s%s: name too long (not copied)", - to.p_path, p); - badcp = rval = 1; - continue; + strlcpy(rootname, curr->fts_name, + sizeof(rootname)); } - (void)strncat(target_mid, p, nlen); - to.p_end = target_mid + nlen; - *to.p_end = 0; - STRIP_TRAILING_SLASH(to); - /* - * We're on the verge of recursing on ourselves. Either - * we need to stop right here (we knowingly just created - * it), or we will in an immediate descendant. Record - * the path of the immediate descendant to make our - * lives a little less complicated looking. + * If we FTS_SKIP while handling FTS_D, we will + * immediately get FTS_DP for the same directory. + * If this happens before we've appended the name + * to to.path, we need to remember not to perform + * the reverse operation. */ - if (curr->fts_info == FTS_D && root_stat != NULL && - root_stat->st_dev == curr->fts_statp->st_dev && - root_stat->st_ino == curr->fts_statp->st_ino) { - assert(recurse_path == NULL); - - if (root_stat == &created_root_stat) { - /* - * This directory didn't exist when we - * started, we created it as part of - * traversal. Stop right here before we - * do something silly. - */ + skipdp = true; + /* we must have a destination! */ + if (type == DIR_TO_DNE && + curr->fts_level == FTS_ROOTLEVEL) { + assert(to.dir < 0); + assert(root_stat == NULL); + mode = curr_stat->st_mode | S_IRWXU; + if (mkdir(to.base, mode) != 0) { + warn("%s", to.base); + (void)fts_set(ftsp, curr, FTS_SKIP); + badcp = rval = 1; + continue; + } + to.dir = open(to.base, O_DIRECTORY | O_SEARCH); + if (to.dir < 0) { + warn("%s", to.base); + (void)rmdir(to.base); + (void)fts_set(ftsp, curr, FTS_SKIP); + badcp = rval = 1; + continue; + } + if (fstat(to.dir, &created_root_stat) != 0) { + warn("%s", to.base); + (void)close(to.dir); + (void)rmdir(to.base); + (void)fts_set(ftsp, curr, FTS_SKIP); + to.dir = -1; + badcp = rval = 1; + continue; + } + root_stat = &created_root_stat; + } else { + /* entering a directory; append its name to to.path */ + len = snprintf(to.end, END(to.path) - to.end, "%s%s", + to.end > to.path ? "/" : "", curr->fts_name); + if (to.end + len >= END(to.path)) { + *to.end = '\0'; + warnc(ENAMETOOLONG, "%s/%s%s%s", to.base, + to.path, to.end > to.path ? "/" : "", + curr->fts_name); fts_set(ftsp, curr, FTS_SKIP); + badcp = rval = 1; continue; } - - if (asprintf(&recurse_path, "%s/%s", to.p_path, - rootname) == -1) - err(1, "asprintf"); + to.end += len; } - - if (recurse_path != NULL && - strcmp(to.p_path, recurse_path) == 0) { + skipdp = false; + /* + * We're on the verge of recursing on ourselves. + * Either we need to stop right here (we knowingly + * just created it), or we will in an immediate + * descendant. Record the path of the immediate + * descendant to make our lives a little less + * complicated looking. + */ + if (type != FILE_TO_FILE && + root_stat->st_dev == curr_stat->st_dev && + root_stat->st_ino == curr_stat->st_ino) { + assert(recpath == NULL); + if (root_stat == &created_root_stat) { + /* + * This directory didn't exist + * when we started, we created it + * as part of traversal. Stop + * right here before we do + * something silly. + */ + (void)fts_set(ftsp, curr, FTS_SKIP); + continue; + } + if (asprintf(&recpath, "%s/%s", to.path, + rootname) < 0) { + warnc(ENOMEM, NULL); + (void)fts_set(ftsp, curr, FTS_SKIP); + badcp = rval = 1; + continue; + } + } + if (recpath != NULL && + strcmp(recpath, to.path) == 0) { fts_set(ftsp, curr, FTS_SKIP); continue; } - } - - if (curr->fts_info == FTS_DP) { + break; + case FTS_DP: /* * We are nearly finished with this directory. If we * didn't actually copy it, or otherwise don't need to * change its attributes, then we are done. - */ - if (!curr->fts_number) - continue; - /* + * * If -p is in effect, set all the attributes. * Otherwise, set the correct permissions, limited * by the umask. Optimise by avoiding a chmod() * if possible (which is usually the case if we * made the directory). Note that mkdir() does not * honour setuid, setgid and sticky bits, but we * normally want to preserve them on directories. */ - if (pflag) { - if (setfile(curr->fts_statp, -1)) + if (curr->fts_number && pflag) { + int fd = *to.path ? -1 : to.dir; + if (setfile(curr_stat, fd, true)) + rval = 1; + if (preserve_dir_acls(curr->fts_accpath, + to.path) != 0) rval = 1; - if (preserve_dir_acls(curr->fts_statp, - curr->fts_accpath, to.p_path) != 0) + } else if (curr->fts_number) { + const char *path = *to.path ? to.path : dot; + mode = curr_stat->st_mode; + if (((mode & (S_ISUID | S_ISGID | S_ISTXT)) || + ((mode | S_IRWXU) & mask) != (mode & mask)) && + fchmodat(to.dir, path, mode & mask, 0) != 0) { + warn("chmod: %s/%s", to.base, to.path); rval = 1; + } + } + /* are we leaving a directory we failed to enter? */ + if (skipdp) + continue; + /* leaving a directory; remove its name from to.path */ + if (type == DIR_TO_DNE && + curr->fts_level == FTS_ROOTLEVEL) { + /* this is actually our created root */ } else { - mode = curr->fts_statp->st_mode; - if ((mode & (S_ISUID | S_ISGID | S_ISTXT)) || - ((mode | S_IRWXU) & mask) != (mode & mask)) - if (chmod(to.p_path, mode & mask) != - 0) { - warn("chmod: %s", to.p_path); - rval = 1; - } + while (to.end > to.path && *to.end != '/') + to.end--; + assert(strcmp(to.end + (*to.end == '/'), curr->fts_name) == 0); + *to.end = '\0'; } continue; + default: + /* something else: append its name to to.path */ + if (type == FILE_TO_FILE) + break; + len = snprintf(to.end, END(to.path) - to.end, "%s%s", + to.end > to.path ? "/" : "", curr->fts_name); + if (to.end + len >= END(to.path)) { + *to.end = '\0'; + warnc(ENAMETOOLONG, "%s/%s%s%s", to.base, + to.path, to.end > to.path ? "/" : "", + curr->fts_name); + badcp = rval = 1; + continue; + } + /* intentionally do not update to.end */ + break; + } + + /* Not an error but need to remember it happened. */ + if (to.path[0] == '\0') { + /* + * This can happen in two cases: + * - DIR_TO_DNE; we created the directory and + * populated root_stat earlier. + * - FILE_TO_DIR if a source has a trailing slash; + * the caller populated root_stat. + */ + dne = false; + to_stat = *root_stat; + } else { + atflags = beneath ? AT_RESOLVE_BENEATH : 0; + if (curr->fts_info == FTS_D || curr->fts_info == FTS_SL) + atflags |= AT_SYMLINK_NOFOLLOW; + dne = fstatat(to.dir, to.path, &to_stat, atflags) != 0; } /* Check if source and destination are identical. */ - if (stat(to.p_path, &to_stat) == 0 && - to_stat.st_dev == curr->fts_statp->st_dev && - to_stat.st_ino == curr->fts_statp->st_ino) { - warnx("%s and %s are identical (not copied).", - to.p_path, curr->fts_path); + if (!dne && + to_stat.st_dev == curr_stat->st_dev && + to_stat.st_ino == curr_stat->st_ino) { + warnx("%s/%s and %s are identical (not copied).", + to.base, to.path, curr->fts_path); badcp = rval = 1; - if (S_ISDIR(curr->fts_statp->st_mode)) + if (S_ISDIR(curr_stat->st_mode)) (void)fts_set(ftsp, curr, FTS_SKIP); continue; } - /* Not an error but need to remember it happened. */ - dne = lstat(to.p_path, &to_stat) != 0; - - switch (curr->fts_statp->st_mode & S_IFMT) { + switch (curr_stat->st_mode & S_IFMT) { case S_IFLNK: if ((fts_options & FTS_LOGICAL) || ((fts_options & FTS_COMFOLLOW) && curr->fts_level == 0)) { /* * We asked FTS to follow links but got * here anyway, which means the target is * nonexistent or inaccessible. Let * copy_file() deal with the error. */ - if (copy_file(curr, dne)) + if (copy_file(curr, dne, beneath)) badcp = rval = 1; } else { /* Copy the link. */ - if (copy_link(curr, !dne)) + if (copy_link(curr, dne, beneath)) badcp = rval = 1; } break; case S_IFDIR: if (!Rflag) { warnx("%s is a directory (not copied).", curr->fts_path); (void)fts_set(ftsp, curr, FTS_SKIP); badcp = rval = 1; break; } /* * If the directory doesn't exist, create the new * one with the from file mode plus owner RWX bits, * modified by the umask. Trade-off between being * able to write the directory (if from directory is * 555) and not causing a permissions race. If the * umask blocks owner writes, we fail. */ if (dne) { - mode = curr->fts_statp->st_mode | S_IRWXU; - if (mkdir(to.p_path, mode) != 0) { - warn("%s", to.p_path); - (void)fts_set(ftsp, curr, FTS_SKIP); - badcp = rval = 1; - break; - } - /* - * First DNE with a NULL root_stat is the root - * path, so set root_stat. We can't really - * tell in all cases if the target path is - * within the src path, so we just stat() the - * first directory we created and use that. - */ - if (root_stat == NULL && - stat(to.p_path, &created_root_stat) != 0) { - warn("%s", to.p_path); + mode = curr_stat->st_mode | S_IRWXU; + if (mkdirat(to.dir, to.path, mode) != 0) { + warn("%s/%s", to.base, to.path); (void)fts_set(ftsp, curr, FTS_SKIP); badcp = rval = 1; break; } - if (root_stat == NULL) - root_stat = &created_root_stat; } else if (!S_ISDIR(to_stat.st_mode)) { - warnc(ENOTDIR, "%s", to.p_path); + warnc(ENOTDIR, "%s/%s", to.base, to.path); (void)fts_set(ftsp, curr, FTS_SKIP); badcp = rval = 1; break; } /* * Arrange to correct directory attributes later * (in the post-order phase) if this is a new * directory, or if the -p flag is in effect. */ curr->fts_number = pflag || dne; break; case S_IFBLK: case S_IFCHR: if (Rflag && !sflag) { - if (copy_special(curr->fts_statp, !dne)) + if (copy_special(curr_stat, dne, beneath)) badcp = rval = 1; } else { - if (copy_file(curr, dne)) + if (copy_file(curr, dne, beneath)) badcp = rval = 1; } break; case S_IFSOCK: warnx("%s is a socket (not copied).", curr->fts_path); break; case S_IFIFO: if (Rflag && !sflag) { - if (copy_fifo(curr->fts_statp, !dne)) + if (copy_fifo(curr_stat, dne, beneath)) badcp = rval = 1; } else { - if (copy_file(curr, dne)) + if (copy_file(curr, dne, beneath)) badcp = rval = 1; } break; default: - if (copy_file(curr, dne)) + if (copy_file(curr, dne, beneath)) badcp = rval = 1; break; } if (vflag && !badcp) - (void)printf("%s -> %s\n", curr->fts_path, to.p_path); + (void)printf("%s -> %s/%s\n", curr->fts_path, to.base, to.path); } if (errno) err(1, "fts_read"); fts_close(ftsp); - free(recurse_path); + close(to.dir); + free(recpath); return (rval); } static void siginfo(int sig __unused) { info = 1; } diff --git a/bin/cp/extern.h b/bin/cp/extern.h index 272454bb5871..5a18f91ef13c 100644 --- a/bin/cp/extern.h +++ b/bin/cp/extern.h @@ -1,51 +1,64 @@ /*- * SPDX-License-Identifier: BSD-3-Clause * * Copyright (c) 1991, 1993, 1994 * The Regents of the University of California. All rights reserved. * * Redistribution and use in source and binary forms, with or without * modification, are permitted provided that the following conditions * are met: * 1. Redistributions of source code must retain the above copyright * notice, this list of conditions and the following disclaimer. * 2. Redistributions in binary form must reproduce the above copyright * notice, this list of conditions and the following disclaimer in the * documentation and/or other materials provided with the distribution. * 3. Neither the name of the University nor the names of its contributors * may be used to endorse or promote products derived from this software * without specific prior written permission. * * THIS SOFTWARE IS PROVIDED BY THE REGENTS AND CONTRIBUTORS ``AS IS'' AND * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE * ARE DISCLAIMED. IN NO EVENT SHALL THE REGENTS OR CONTRIBUTORS BE LIABLE * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF * SUCH DAMAGE. */ typedef struct { - char *p_end; /* pointer to NULL at end of path */ - char *target_end; /* pointer to end of target base */ - char p_path[PATH_MAX]; /* pointer to the start of a path */ + int dir; /* base directory handle */ + char *end; /* pointer to NUL at end of path */ + char base[PATH_MAX]; /* base directory path */ + char path[PATH_MAX]; /* target path */ } PATH_T; extern PATH_T to; extern int Nflag, fflag, iflag, lflag, nflag, pflag, sflag, vflag; extern volatile sig_atomic_t info; __BEGIN_DECLS -int copy_fifo(struct stat *, int); -int copy_file(const FTSENT *, int); -int copy_link(const FTSENT *, int); -int copy_special(struct stat *, int); -int setfile(struct stat *, int); -int preserve_dir_acls(struct stat *, char *, char *); +int copy_fifo(struct stat *, bool, bool); +int copy_file(const FTSENT *, bool, bool); +int copy_link(const FTSENT *, bool, bool); +int copy_special(struct stat *, bool, bool); +int setfile(struct stat *, int, bool); +int preserve_dir_acls(const char *, const char *); int preserve_fd_acls(int, int); void usage(void) __dead2; __END_DECLS + +/* + * The FreeBSD and Darwin kernels return ENOTCAPABLE when a path lookup + * violates a RESOLVE_BENEATH constraint. This results in confusing error + * messages, so translate it to the more widely recognized EACCES. + */ +#ifdef ENOTCAPABLE +#define warn(...) \ + warnc(errno == ENOTCAPABLE ? EACCES : errno, __VA_ARGS__) +#define err(rv, ...) \ + errc(rv, errno == ENOTCAPABLE ? EACCES : errno, __VA_ARGS__) +#endif diff --git a/bin/cp/tests/cp_test.sh b/bin/cp/tests/cp_test.sh index 5c581e06ab8e..6644588f1ce8 100755 --- a/bin/cp/tests/cp_test.sh +++ b/bin/cp/tests/cp_test.sh @@ -1,422 +1,591 @@ # # SPDX-License-Identifier: BSD-2-Clause # # Copyright (c) 2020 Kyle Evans # # Redistribution and use in source and binary forms, with or without # modification, are permitted provided that the following conditions # are met: # 1. Redistributions of source code must retain the above copyright # notice, this list of conditions and the following disclaimer. # 2. Redistributions in binary form must reproduce the above copyright # notice, this list of conditions and the following disclaimer in the # documentation and/or other materials provided with the distribution. # # THIS SOFTWARE IS PROVIDED BY THE AUTHOR AND CONTRIBUTORS ``AS IS'' AND # ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE # IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE # ARE DISCLAIMED. IN NO EVENT SHALL THE AUTHOR OR CONTRIBUTORS BE LIABLE # FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL # DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS # OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) # HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT # LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY # OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF # SUCH DAMAGE. # check_size() { file=$1 sz=$2 atf_check -o inline:"$sz\n" stat -f '%z' $file } atf_test_case basic basic_body() { echo "foo" > bar atf_check cp bar baz check_size baz 4 } atf_test_case basic_symlink basic_symlink_body() { echo "foo" > bar ln -s bar baz atf_check cp baz foo atf_check test '!' -L foo atf_check cmp foo bar } atf_test_case chrdev chrdev_body() { echo "foo" > bar check_size bar 4 atf_check cp /dev/null trunc check_size trunc 0 atf_check cp bar trunc check_size trunc 4 atf_check cp /dev/null trunc check_size trunc 0 } atf_test_case hardlink hardlink_body() { echo "foo" >foo atf_check cp -l foo bar atf_check -o inline:"foo\n" cat bar atf_check_equal "$(stat -f%d,%i foo)" "$(stat -f%d,%i bar)" } atf_test_case hardlink_exists hardlink_exists_body() { echo "foo" >foo echo "bar" >bar atf_check -s not-exit:0 -e match:exists cp -l foo bar atf_check -o inline:"bar\n" cat bar atf_check_not_equal "$(stat -f%d,%i foo)" "$(stat -f%d,%i bar)" } atf_test_case hardlink_exists_force hardlink_exists_force_body() { echo "foo" >foo echo "bar" >bar atf_check cp -fl foo bar atf_check -o inline:"foo\n" cat bar atf_check_equal "$(stat -f%d,%i foo)" "$(stat -f%d,%i bar)" } atf_test_case matching_srctgt matching_srctgt_body() { # PR235438: `cp -R foo foo` would previously infinitely recurse and # eventually error out. mkdir foo echo "qux" > foo/bar cp foo/bar foo/zoo atf_check cp -R foo foo atf_check -o inline:"qux\n" cat foo/foo/bar atf_check -o inline:"qux\n" cat foo/foo/zoo atf_check -e not-empty -s not-exit:0 stat foo/foo/foo } atf_test_case matching_srctgt_contained matching_srctgt_contained_body() { # Let's do the same thing, except we'll try to recursively copy foo into # one of its subdirectories. mkdir foo ln -s foo coo echo "qux" > foo/bar mkdir foo/moo touch foo/moo/roo cp foo/bar foo/zoo atf_check cp -R foo foo/moo atf_check cp -RH coo foo/moo atf_check -o inline:"qux\n" cat foo/moo/foo/bar atf_check -o inline:"qux\n" cat foo/moo/coo/bar atf_check -o inline:"qux\n" cat foo/moo/foo/zoo atf_check -o inline:"qux\n" cat foo/moo/coo/zoo # We should have copied the contents of foo/moo before foo, coo started # getting copied in. atf_check -o not-empty stat foo/moo/foo/moo/roo atf_check -o not-empty stat foo/moo/coo/moo/roo atf_check -e not-empty -s not-exit:0 stat foo/moo/foo/moo/foo atf_check -e not-empty -s not-exit:0 stat foo/moo/coo/moo/coo } atf_test_case matching_srctgt_link matching_srctgt_link_body() { mkdir foo echo "qux" > foo/bar cp foo/bar foo/zoo atf_check ln -s foo roo atf_check cp -RH roo foo atf_check -o inline:"qux\n" cat foo/roo/bar atf_check -o inline:"qux\n" cat foo/roo/zoo } atf_test_case matching_srctgt_nonexistent matching_srctgt_nonexistent_body() { # We'll copy foo to a nonexistent subdirectory; ideally, we would # skip just the directory and end up with a layout like; # # foo/ # bar # dne/ # bar # zoo # zoo # mkdir foo echo "qux" > foo/bar cp foo/bar foo/zoo atf_check cp -R foo foo/dne atf_check -o inline:"qux\n" cat foo/dne/bar atf_check -o inline:"qux\n" cat foo/dne/zoo atf_check -e not-empty -s not-exit:0 stat foo/dne/foo } +atf_test_case pflag_acls +pflag_acls_body() +{ + mkdir dir + echo "hello" >dir/file + if ! setfacl -m g:staff:D::allow dir || + ! setfacl -m g:staff:d::allow dir/file ; then + atf_skip "file system does not support ACLs" + fi + atf_check cp -p dir/file dst + atf_check -o match:"group:staff:-+d-+" getfacl dst + rm dst + mkdir dst + atf_check cp -rp dir dst + atf_check -o not-match:"group:staff:-+D-+" getfacl dst + atf_check -o match:"group:staff:-+D-+" getfacl dst/dir + atf_check -o match:"group:staff:-+d-+" getfacl dst/dir/file + rm -rf dst + atf_check cp -rp dir dst + atf_check -o match:"group:staff:-+D-+" getfacl dst/ + atf_check -o match:"group:staff:-+d-+" getfacl dst/file +} + +atf_test_case pflag_flags +pflag_flags_body() +{ + mkdir dir + echo "hello" >dir/file + if ! chflags nodump dir || + ! chflags nodump dir/file ; then + atf_skip "file system does not support flags" + fi + atf_check cp -p dir/file dst + atf_check -o match:"nodump" stat -f%Sf dst + rm dst + mkdir dst + atf_check cp -rp dir dst + atf_check -o not-match:"nodump" stat -f%Sf dst + atf_check -o match:"nodump" stat -f%Sf dst/dir + atf_check -o match:"nodump" stat -f%Sf dst/dir/file + rm -rf dst + atf_check cp -rp dir dst + atf_check -o match:"nodump" stat -f%Sf dst + atf_check -o match:"nodump" stat -f%Sf dst/file +} + recursive_link_setup() { extra_cpflag=$1 mkdir -p foo/bar ln -s bar foo/baz mkdir foo-mirror eval "cp -R $extra_cpflag foo foo-mirror" } atf_test_case recursive_link_dflt recursive_link_dflt_body() { recursive_link_setup # -P is the default, so this should work and preserve the link. atf_check cp -R foo foo-mirror atf_check test -L foo-mirror/foo/baz } atf_test_case recursive_link_Hflag recursive_link_Hflag_body() { recursive_link_setup # -H will not follow either, so this should also work and preserve the # link. atf_check cp -RH foo foo-mirror atf_check test -L foo-mirror/foo/baz } atf_test_case recursive_link_Lflag recursive_link_Lflag_body() { recursive_link_setup -L # -L will work, but foo/baz ends up expanded to a directory. atf_check test -d foo-mirror/foo/baz -a \ '(' ! -L foo-mirror/foo/baz ')' atf_check cp -RL foo foo-mirror atf_check test -d foo-mirror/foo/baz -a \ '(' ! -L foo-mirror/foo/baz ')' } atf_test_case samefile samefile_body() { echo "foo" >foo ln foo bar ln -s bar baz atf_check -e match:"baz and baz are identical" \ -s exit:1 cp baz baz atf_check -e match:"bar and baz are identical" \ -s exit:1 cp baz bar atf_check -e match:"foo and baz are identical" \ -s exit:1 cp baz foo atf_check -e match:"bar and foo are identical" \ -s exit:1 cp foo bar } file_is_sparse() { atf_check ${0%/*}/sparse "$1" } files_are_equal() { atf_check_not_equal "$(stat -f%d,%i "$1")" "$(stat -f%d,%i "$2")" atf_check cmp "$1" "$2" } atf_test_case sparse_leading_hole sparse_leading_hole_body() { # A 16-megabyte hole followed by one megabyte of data truncate -s 16M foo seq -f%015g 65536 >>foo file_is_sparse foo atf_check cp foo bar files_are_equal foo bar file_is_sparse bar } atf_test_case sparse_multiple_holes sparse_multiple_holes_body() { # Three one-megabyte blocks of data preceded, separated, and # followed by 16-megabyte holes truncate -s 16M foo seq -f%015g 65536 >>foo truncate -s 33M foo seq -f%015g 65536 >>foo truncate -s 50M foo seq -f%015g 65536 >>foo truncate -s 67M foo file_is_sparse foo atf_check cp foo bar files_are_equal foo bar file_is_sparse bar } atf_test_case sparse_only_hole sparse_only_hole_body() { # A 16-megabyte hole truncate -s 16M foo file_is_sparse foo atf_check cp foo bar files_are_equal foo bar file_is_sparse bar } atf_test_case sparse_to_dev sparse_to_dev_body() { # Three one-megabyte blocks of data preceded, separated, and # followed by 16-megabyte holes truncate -s 16M foo seq -f%015g 65536 >>foo truncate -s 33M foo seq -f%015g 65536 >>foo truncate -s 50M foo seq -f%015g 65536 >>foo truncate -s 67M foo file_is_sparse foo atf_check -o file:foo cp foo /dev/stdout } atf_test_case sparse_trailing_hole sparse_trailing_hole_body() { # One megabyte of data followed by a 16-megabyte hole seq -f%015g 65536 >foo truncate -s 17M foo file_is_sparse foo atf_check cp foo bar files_are_equal foo bar file_is_sparse bar } atf_test_case standalone_Pflag standalone_Pflag_body() { echo "foo" > bar ln -s bar foo atf_check cp -P foo baz atf_check -o inline:'Symbolic Link\n' stat -f %SHT baz } atf_test_case symlink symlink_body() { echo "foo" >foo atf_check cp -s foo bar atf_check -o inline:"foo\n" cat bar atf_check -o inline:"foo\n" readlink bar } atf_test_case symlink_exists symlink_exists_body() { echo "foo" >foo echo "bar" >bar atf_check -s not-exit:0 -e match:exists cp -s foo bar atf_check -o inline:"bar\n" cat bar } atf_test_case symlink_exists_force symlink_exists_force_body() { echo "foo" >foo echo "bar" >bar atf_check cp -fs foo bar atf_check -o inline:"foo\n" cat bar atf_check -o inline:"foo\n" readlink bar } atf_test_case directory_to_symlink directory_to_symlink_body() { mkdir -p foo ln -s .. foo/bar mkdir bar touch bar/baz atf_check -s not-exit:0 -e match:"Not a directory" \ cp -R bar foo atf_check -s not-exit:0 -e match:"Not a directory" \ cp -r bar foo } atf_test_case overwrite_directory overwrite_directory_body() { mkdir -p foo/bar/baz touch bar atf_check -s not-exit:0 -e match:"Is a directory" \ cp bar foo rm bar mkdir bar touch bar/baz atf_check -s not-exit:0 -e match:"Is a directory" \ cp -R bar foo atf_check -s not-exit:0 -e match:"Is a directory" \ cp -r bar foo } +atf_test_case to_dir_dne +to_dir_dne_body() +{ + mkdir dir + echo "foo" >dir/foo + atf_check cp -r dir dne + atf_check test -d dne + atf_check test -f dne/foo + atf_check cmp dir/foo dne/foo +} + +atf_test_case to_nondir +to_nondir_body() +{ + echo "foo" >foo + echo "bar" >bar + echo "baz" >baz + # This is described as “case 1” in source code comments + atf_check cp foo bar + atf_check cmp -s foo bar + # This is “case 2”, the target must be a directory + atf_check -s not-exit:0 -e match:"Not a directory" \ + cp foo bar baz +} + +atf_test_case to_deadlink +to_deadlink_body() +{ + echo "foo" >foo + ln -s bar baz + atf_check cp foo baz + atf_check cmp -s foo bar +} + +atf_test_case to_deadlink_append +to_deadlink_append_body() +{ + echo "foo" >foo + mkdir bar + ln -s baz bar/foo + atf_check cp foo bar + atf_check cmp -s foo bar/foo + rm -f bar/foo + atf_check cp foo bar/ + atf_check cmp -s foo bar/foo +} + +atf_test_case to_dirlink +to_dirlink_body() +{ + mkdir src dir + echo "foo" >src/file + ln -s dir dst + atf_check cp -r src dst + atf_check cmp -s src/file dir/src/file + rm -r dir/* + atf_check cp -r src dst/ + atf_check cmp -s src/file dir/src/file + rm -r dir/* + # If the source is a directory and ends in a slash, our cp has + # traditionally copied the contents of the source rather than + # the source itself. It is unclear whether this is intended + # or simply a consequence of how FTS handles the situation. + # Notably, GNU cp does not behave in this manner. + atf_check cp -r src/ dst + atf_check cmp -s src/file dir/file + rm -r dir/* + atf_check cp -r src/ dst/ + atf_check cmp -s src/file dir/file + rm -r dir/* +} + +atf_test_case to_deaddirlink +to_deaddirlink_body() +{ + mkdir src + echo "foo" >src/file + ln -s dir dst + # It is unclear which error we should expect in these cases. + # Our current implementation always reports ENOTDIR, but one + # might be equally justified in expecting EEXIST or ENOENT. + # GNU cp reports EEXIST when the destination is given with a + # trailing slash and “cannot overwrite non-directory with + # directory” otherwise. + atf_check -s not-exit:0 -e ignore \ + cp -r src dst + atf_check -s not-exit:0 -e ignore \ + cp -r src dst/ + atf_check -s not-exit:0 -e ignore \ + cp -r src/ dst + atf_check -s not-exit:0 -e ignore \ + cp -r src/ dst/ + atf_check -s not-exit:0 -e ignore \ + cp -R src dst + atf_check -s not-exit:0 -e ignore \ + cp -R src dst/ + atf_check -s not-exit:0 -e ignore \ + cp -R src/ dst + atf_check -s not-exit:0 -e ignore \ + cp -R src/ dst/ +} + +atf_test_case to_link_outside +to_link_outside_body() +{ + mkdir dir dst dst/dir + echo "foo" >dir/file + ln -s ../../file dst/dir/file + atf_check \ + -s exit:1 \ + -e match:"dst/dir/file: Permission denied" \ + cp -r dir dst +} + atf_init_test_cases() { atf_add_test_case basic atf_add_test_case basic_symlink atf_add_test_case chrdev atf_add_test_case hardlink atf_add_test_case hardlink_exists atf_add_test_case hardlink_exists_force atf_add_test_case matching_srctgt atf_add_test_case matching_srctgt_contained atf_add_test_case matching_srctgt_link atf_add_test_case matching_srctgt_nonexistent + atf_add_test_case pflag_acls + atf_add_test_case pflag_flags atf_add_test_case recursive_link_dflt atf_add_test_case recursive_link_Hflag atf_add_test_case recursive_link_Lflag atf_add_test_case samefile atf_add_test_case sparse_leading_hole atf_add_test_case sparse_multiple_holes atf_add_test_case sparse_only_hole atf_add_test_case sparse_to_dev atf_add_test_case sparse_trailing_hole atf_add_test_case standalone_Pflag atf_add_test_case symlink atf_add_test_case symlink_exists atf_add_test_case symlink_exists_force atf_add_test_case directory_to_symlink atf_add_test_case overwrite_directory + atf_add_test_case to_dir_dne + atf_add_test_case to_nondir + atf_add_test_case to_deadlink + atf_add_test_case to_deadlink_append + atf_add_test_case to_dirlink + atf_add_test_case to_deaddirlink + atf_add_test_case to_link_outside } diff --git a/bin/cp/utils.c b/bin/cp/utils.c index cfbb2022caaf..a849899af7ee 100644 --- a/bin/cp/utils.c +++ b/bin/cp/utils.c @@ -1,539 +1,493 @@ /*- * SPDX-License-Identifier: BSD-3-Clause * * Copyright (c) 1991, 1993, 1994 * The Regents of the University of California. All rights reserved. * * Redistribution and use in source and binary forms, with or without * modification, are permitted provided that the following conditions * are met: * 1. Redistributions of source code must retain the above copyright * notice, this list of conditions and the following disclaimer. * 2. Redistributions in binary form must reproduce the above copyright * notice, this list of conditions and the following disclaimer in the * documentation and/or other materials provided with the distribution. * 3. Neither the name of the University nor the names of its contributors * may be used to endorse or promote products derived from this software * without specific prior written permission. * * THIS SOFTWARE IS PROVIDED BY THE REGENTS AND CONTRIBUTORS ``AS IS'' AND * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE * ARE DISCLAIMED. IN NO EVENT SHALL THE REGENTS OR CONTRIBUTORS BE LIABLE * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF * SUCH DAMAGE. */ #include #include #include #include #include #include #include #include +#include #include #include #include #include #include "extern.h" #define cp_pct(x, y) ((y == 0) ? 0 : (int)(100.0 * (x) / (y))) /* * Memory strategy threshold, in pages: if physmem is larger then this, use a * large buffer. */ #define PHYSPAGES_THRESHOLD (32*1024) /* Maximum buffer size in bytes - do not allow it to grow larger than this. */ #define BUFSIZE_MAX (2*1024*1024) /* * Small (default) buffer size in bytes. It's inefficient for this to be * smaller than MAXPHYS. */ #define BUFSIZE_SMALL (MAXPHYS) /* * Prompt used in -i case. */ #define YESNO "(y/n [n]) " static ssize_t copy_fallback(int from_fd, int to_fd) { static char *buf = NULL; static size_t bufsize; ssize_t rcount, wresid, wcount = 0; char *bufp; if (buf == NULL) { if (sysconf(_SC_PHYS_PAGES) > PHYSPAGES_THRESHOLD) bufsize = MIN(BUFSIZE_MAX, MAXPHYS * 8); else bufsize = BUFSIZE_SMALL; buf = malloc(bufsize); if (buf == NULL) err(1, "Not enough memory"); } rcount = read(from_fd, buf, bufsize); if (rcount <= 0) return (rcount); for (bufp = buf, wresid = rcount; ; bufp += wcount, wresid -= wcount) { wcount = write(to_fd, bufp, wresid); if (wcount <= 0) break; if (wcount >= wresid) break; } return (wcount < 0 ? wcount : rcount); } int -copy_file(const FTSENT *entp, int dne) +copy_file(const FTSENT *entp, bool dne, bool beneath) { struct stat sb, *fs; ssize_t wcount; off_t wtotal; int ch, checkch, from_fd, rval, to_fd; int use_copy_file_range = 1; fs = entp->fts_statp; from_fd = to_fd = -1; if (!lflag && !sflag) { if ((from_fd = open(entp->fts_path, O_RDONLY, 0)) < 0 || fstat(from_fd, &sb) != 0) { warn("%s", entp->fts_path); if (from_fd >= 0) (void)close(from_fd); return (1); } /* * Check that the file hasn't been replaced with one of a * different type. This can happen if we've been asked to * copy something which is actively being modified and * lost the race, or if we've been asked to copy something * like /proc/X/fd/Y which stat(2) reports as S_IFREG but * is actually something else once you open it. */ if ((sb.st_mode & S_IFMT) != (fs->st_mode & S_IFMT)) { warnx("%s: File changed", entp->fts_path); (void)close(from_fd); return (1); } } /* * If the file exists and we're interactive, verify with the user. * If the file DNE, set the mode to be the from file, minus setuid * bits, modified by the umask; arguably wrong, but it makes copying * executables work right and it's been that way forever. (The * other choice is 666 or'ed with the execute bits on the from file * modified by the umask.) */ if (!dne) { if (nflag) { if (vflag) - printf("%s not overwritten\n", to.p_path); + printf("%s/%s not overwritten\n", + to.base, to.path); rval = 1; goto done; } else if (iflag) { - (void)fprintf(stderr, "overwrite %s? %s", - to.p_path, YESNO); + (void)fprintf(stderr, "overwrite %s/%s? %s", + to.base, to.path, YESNO); checkch = ch = getchar(); while (ch != '\n' && ch != EOF) ch = getchar(); if (checkch != 'y' && checkch != 'Y') { (void)fprintf(stderr, "not overwritten\n"); rval = 1; goto done; } } if (fflag) { /* remove existing destination file */ - (void)unlink(to.p_path); + (void)unlinkat(to.dir, to.path, + beneath ? AT_RESOLVE_BENEATH : 0); dne = 1; } } rval = 0; if (lflag) { - if (link(entp->fts_path, to.p_path) != 0) { - warn("%s", to.p_path); + if (linkat(AT_FDCWD, entp->fts_path, to.dir, to.path, 0) != 0) { + warn("%s/%s", to.base, to.path); rval = 1; } goto done; } if (sflag) { - if (symlink(entp->fts_path, to.p_path) != 0) { - warn("%s", to.p_path); + if (symlinkat(entp->fts_path, to.dir, to.path) != 0) { + warn("%s/%s", to.base, to.path); rval = 1; } goto done; } if (!dne) { /* overwrite existing destination file */ - to_fd = open(to.p_path, O_WRONLY | O_TRUNC, 0); + to_fd = openat(to.dir, to.path, + O_WRONLY | O_TRUNC | (beneath ? O_RESOLVE_BENEATH : 0), 0); } else { /* create new destination file */ - to_fd = open(to.p_path, O_WRONLY | O_TRUNC | O_CREAT, + to_fd = openat(to.dir, to.path, + O_WRONLY | O_TRUNC | O_CREAT | + (beneath ? O_RESOLVE_BENEATH : 0), fs->st_mode & ~(S_ISUID | S_ISGID)); } if (to_fd == -1) { - warn("%s", to.p_path); + warn("%s/%s", to.base, to.path); rval = 1; goto done; } wtotal = 0; do { if (use_copy_file_range) { wcount = copy_file_range(from_fd, NULL, to_fd, NULL, SSIZE_MAX, 0); if (wcount < 0 && errno == EINVAL) { /* probably a non-seekable descriptor */ use_copy_file_range = 0; } } if (!use_copy_file_range) { wcount = copy_fallback(from_fd, to_fd); } wtotal += wcount; if (info) { info = 0; (void)fprintf(stderr, - "%s -> %s %3d%%\n", - entp->fts_path, to.p_path, + "%s -> %s/%s %3d%%\n", + entp->fts_path, to.base, to.path, cp_pct(wtotal, fs->st_size)); } } while (wcount > 0); if (wcount < 0) { warn("%s", entp->fts_path); rval = 1; } /* * Don't remove the target even after an error. The target might * not be a regular file, or its attributes might be important, * or its contents might be irreplaceable. It would only be safe * to remove it if we created it and its length is 0. */ - if (pflag && setfile(fs, to_fd)) + if (pflag && setfile(fs, to_fd, beneath)) rval = 1; if (pflag && preserve_fd_acls(from_fd, to_fd) != 0) rval = 1; if (close(to_fd)) { - warn("%s", to.p_path); + warn("%s/%s", to.base, to.path); rval = 1; } done: if (from_fd != -1) (void)close(from_fd); return (rval); } int -copy_link(const FTSENT *p, int exists) +copy_link(const FTSENT *p, bool dne, bool beneath) { ssize_t len; + int atflags = beneath ? AT_RESOLVE_BENEATH : 0; char llink[PATH_MAX]; - if (exists && nflag) { + if (!dne && nflag) { if (vflag) - printf("%s not overwritten\n", to.p_path); + printf("%s/%s not overwritten\n", to.base, to.path); return (1); } if ((len = readlink(p->fts_path, llink, sizeof(llink) - 1)) == -1) { warn("readlink: %s", p->fts_path); return (1); } llink[len] = '\0'; - if (exists && unlink(to.p_path)) { - warn("unlink: %s", to.p_path); + if (!dne && unlinkat(to.dir, to.path, atflags) != 0) { + warn("unlink: %s/%s", to.base, to.path); return (1); } - if (symlink(llink, to.p_path)) { + if (symlinkat(llink, to.dir, to.path) != 0) { warn("symlink: %s", llink); return (1); } - return (pflag ? setfile(p->fts_statp, -1) : 0); + return (pflag ? setfile(p->fts_statp, -1, beneath) : 0); } int -copy_fifo(struct stat *from_stat, int exists) +copy_fifo(struct stat *from_stat, bool dne, bool beneath) { + int atflags = beneath ? AT_RESOLVE_BENEATH : 0; - if (exists && nflag) { + if (!dne && nflag) { if (vflag) - printf("%s not overwritten\n", to.p_path); + printf("%s/%s not overwritten\n", to.base, to.path); return (1); } - if (exists && unlink(to.p_path)) { - warn("unlink: %s", to.p_path); + if (!dne && unlinkat(to.dir, to.path, atflags) != 0) { + warn("unlink: %s/%s", to.base, to.path); return (1); } - if (mkfifo(to.p_path, from_stat->st_mode)) { - warn("mkfifo: %s", to.p_path); + if (mkfifoat(to.dir, to.path, from_stat->st_mode) != 0) { + warn("mkfifo: %s/%s", to.base, to.path); return (1); } - return (pflag ? setfile(from_stat, -1) : 0); + return (pflag ? setfile(from_stat, -1, beneath) : 0); } int -copy_special(struct stat *from_stat, int exists) +copy_special(struct stat *from_stat, bool dne, bool beneath) { + int atflags = beneath ? AT_RESOLVE_BENEATH : 0; - if (exists && nflag) { + if (!dne && nflag) { if (vflag) - printf("%s not overwritten\n", to.p_path); + printf("%s/%s not overwritten\n", to.base, to.path); return (1); } - if (exists && unlink(to.p_path)) { - warn("unlink: %s", to.p_path); + if (!dne && unlinkat(to.dir, to.path, atflags) != 0) { + warn("unlink: %s/%s", to.base, to.path); return (1); } - if (mknod(to.p_path, from_stat->st_mode, from_stat->st_rdev)) { - warn("mknod: %s", to.p_path); + if (mknodat(to.dir, to.path, from_stat->st_mode, from_stat->st_rdev) != 0) { + warn("mknod: %s/%s", to.base, to.path); return (1); } - return (pflag ? setfile(from_stat, -1) : 0); + return (pflag ? setfile(from_stat, -1, beneath) : 0); } int -setfile(struct stat *fs, int fd) +setfile(struct stat *fs, int fd, bool beneath) { static struct timespec tspec[2]; struct stat ts; + int atflags = beneath ? AT_RESOLVE_BENEATH : 0; int rval, gotstat, islink, fdval; rval = 0; fdval = fd != -1; islink = !fdval && S_ISLNK(fs->st_mode); + if (islink) + atflags |= AT_SYMLINK_NOFOLLOW; fs->st_mode &= S_ISUID | S_ISGID | S_ISVTX | S_IRWXU | S_IRWXG | S_IRWXO; tspec[0] = fs->st_atim; tspec[1] = fs->st_mtim; - if (fdval ? futimens(fd, tspec) : utimensat(AT_FDCWD, to.p_path, tspec, - islink ? AT_SYMLINK_NOFOLLOW : 0)) { - warn("utimensat: %s", to.p_path); + if (fdval ? futimens(fd, tspec) : + utimensat(to.dir, to.path, tspec, atflags)) { + warn("utimensat: %s/%s", to.base, to.path); rval = 1; } if (fdval ? fstat(fd, &ts) : - (islink ? lstat(to.p_path, &ts) : stat(to.p_path, &ts))) + fstatat(to.dir, to.path, &ts, atflags)) { gotstat = 0; - else { + } else { gotstat = 1; ts.st_mode &= S_ISUID | S_ISGID | S_ISVTX | S_IRWXU | S_IRWXG | S_IRWXO; } /* * Changing the ownership probably won't succeed, unless we're root * or POSIX_CHOWN_RESTRICTED is not set. Set uid/gid before setting * the mode; current BSD behavior is to remove all setuid bits on * chown. If chown fails, lose setuid/setgid bits. */ - if (!gotstat || fs->st_uid != ts.st_uid || fs->st_gid != ts.st_gid) + if (!gotstat || fs->st_uid != ts.st_uid || fs->st_gid != ts.st_gid) { if (fdval ? fchown(fd, fs->st_uid, fs->st_gid) : - (islink ? lchown(to.p_path, fs->st_uid, fs->st_gid) : - chown(to.p_path, fs->st_uid, fs->st_gid))) { + fchownat(to.dir, to.path, fs->st_uid, fs->st_gid, atflags)) { if (errno != EPERM) { - warn("chown: %s", to.p_path); + warn("chown: %s/%s", to.base, to.path); rval = 1; } fs->st_mode &= ~(S_ISUID | S_ISGID); } + } - if (!gotstat || fs->st_mode != ts.st_mode) + if (!gotstat || fs->st_mode != ts.st_mode) { if (fdval ? fchmod(fd, fs->st_mode) : - (islink ? lchmod(to.p_path, fs->st_mode) : - chmod(to.p_path, fs->st_mode))) { - warn("chmod: %s", to.p_path); + fchmodat(to.dir, to.path, fs->st_mode, atflags)) { + warn("chmod: %s/%s", to.base, to.path); rval = 1; } + } - if (!Nflag && (!gotstat || fs->st_flags != ts.st_flags)) - if (fdval ? - fchflags(fd, fs->st_flags) : - (islink ? lchflags(to.p_path, fs->st_flags) : - chflags(to.p_path, fs->st_flags))) { + if (!Nflag && (!gotstat || fs->st_flags != ts.st_flags)) { + if (fdval ? fchflags(fd, fs->st_flags) : + chflagsat(to.dir, to.path, fs->st_flags, atflags)) { /* * NFS doesn't support chflags; ignore errors unless * there's reason to believe we're losing bits. (Note, * this still won't be right if the server supports * flags and we were trying to *remove* flags on a file * that we copied, i.e., that we didn't create.) */ if (errno != EOPNOTSUPP || fs->st_flags != 0) { - warn("chflags: %s", to.p_path); + warn("chflags: %s/%s", to.base, to.path); rval = 1; } } + } return (rval); } int preserve_fd_acls(int source_fd, int dest_fd) { acl_t acl; acl_type_t acl_type; int acl_supported = 0, ret, trivial; ret = fpathconf(source_fd, _PC_ACL_NFS4); if (ret > 0 ) { acl_supported = 1; acl_type = ACL_TYPE_NFS4; } else if (ret < 0 && errno != EINVAL) { - warn("fpathconf(..., _PC_ACL_NFS4) failed for %s", to.p_path); - return (1); + warn("fpathconf(..., _PC_ACL_NFS4) failed for %s/%s", + to.base, to.path); + return (-1); } if (acl_supported == 0) { ret = fpathconf(source_fd, _PC_ACL_EXTENDED); if (ret > 0 ) { acl_supported = 1; acl_type = ACL_TYPE_ACCESS; } else if (ret < 0 && errno != EINVAL) { - warn("fpathconf(..., _PC_ACL_EXTENDED) failed for %s", - to.p_path); - return (1); + warn("fpathconf(..., _PC_ACL_EXTENDED) failed for %s/%s", + to.base, to.path); + return (-1); } } if (acl_supported == 0) return (0); acl = acl_get_fd_np(source_fd, acl_type); if (acl == NULL) { - warn("failed to get acl entries while setting %s", to.p_path); - return (1); + warn("failed to get acl entries while setting %s/%s", + to.base, to.path); + return (-1); } if (acl_is_trivial_np(acl, &trivial)) { - warn("acl_is_trivial() failed for %s", to.p_path); + warn("acl_is_trivial() failed for %s/%s", + to.base, to.path); acl_free(acl); - return (1); + return (-1); } if (trivial) { acl_free(acl); return (0); } if (acl_set_fd_np(dest_fd, acl, acl_type) < 0) { - warn("failed to set acl entries for %s", to.p_path); + warn("failed to set acl entries for %s/%s", + to.base, to.path); acl_free(acl); - return (1); + return (-1); } acl_free(acl); return (0); } int -preserve_dir_acls(struct stat *fs, char *source_dir, char *dest_dir) +preserve_dir_acls(const char *source_dir, const char *dest_dir) { - acl_t (*aclgetf)(const char *, acl_type_t); - int (*aclsetf)(const char *, acl_type_t, acl_t); - struct acl *aclp; - acl_t acl; - acl_type_t acl_type; - int acl_supported = 0, ret, trivial; - - ret = pathconf(source_dir, _PC_ACL_NFS4); - if (ret > 0) { - acl_supported = 1; - acl_type = ACL_TYPE_NFS4; - } else if (ret < 0 && errno != EINVAL) { - warn("fpathconf(..., _PC_ACL_NFS4) failed for %s", source_dir); - return (1); - } - if (acl_supported == 0) { - ret = pathconf(source_dir, _PC_ACL_EXTENDED); - if (ret > 0) { - acl_supported = 1; - acl_type = ACL_TYPE_ACCESS; - } else if (ret < 0 && errno != EINVAL) { - warn("fpathconf(..., _PC_ACL_EXTENDED) failed for %s", - source_dir); - return (1); - } - } - if (acl_supported == 0) - return (0); - - /* - * If the file is a link we will not follow it. - */ - if (S_ISLNK(fs->st_mode)) { - aclgetf = acl_get_link_np; - aclsetf = acl_set_link_np; - } else { - aclgetf = acl_get_file; - aclsetf = acl_set_file; - } - if (acl_type == ACL_TYPE_ACCESS) { - /* - * Even if there is no ACL_TYPE_DEFAULT entry here, a zero - * size ACL will be returned. So it is not safe to simply - * check the pointer to see if the default ACL is present. - */ - acl = aclgetf(source_dir, ACL_TYPE_DEFAULT); - if (acl == NULL) { - warn("failed to get default acl entries on %s", - source_dir); - return (1); - } - aclp = &acl->ats_acl; - if (aclp->acl_cnt != 0 && aclsetf(dest_dir, - ACL_TYPE_DEFAULT, acl) < 0) { - warn("failed to set default acl entries on %s", - dest_dir); - acl_free(acl); - return (1); - } - acl_free(acl); - } - acl = aclgetf(source_dir, acl_type); - if (acl == NULL) { - warn("failed to get acl entries on %s", source_dir); - return (1); - } - if (acl_is_trivial_np(acl, &trivial)) { - warn("acl_is_trivial() failed on %s", source_dir); - acl_free(acl); - return (1); - } - if (trivial) { - acl_free(acl); - return (0); - } - if (aclsetf(dest_dir, acl_type, acl) < 0) { - warn("failed to set acl entries on %s", dest_dir); - acl_free(acl); - return (1); - } - acl_free(acl); - return (0); + int source_fd = -1, dest_fd = -1, ret; + + if ((source_fd = open(source_dir, O_PATH)) < 0) { + warn("%s: failed to copy ACLs", source_dir); + return (-1); + } + dest_fd = (*dest_dir == '\0') ? to.dir : + openat(to.dir, dest_dir, O_DIRECTORY, AT_RESOLVE_BENEATH); + if (dest_fd < 0) { + warn("%s: failed to copy ACLs to %s/%s", source_dir, + to.base, dest_dir); + close(source_fd); + return (-1); + } + if ((ret = preserve_fd_acls(source_fd, dest_fd)) != 0) { + /* preserve_fd_acls() already printed a message */ + } + if (dest_fd != to.dir) + close(dest_fd); + close(source_fd); + return (ret); } void usage(void) { (void)fprintf(stderr, "%s\n%s\n", "usage: cp [-R [-H | -L | -P]] [-f | -i | -n] [-alpsvx] " "source_file target_file", " cp [-R [-H | -L | -P]] [-f | -i | -n] [-alpsvx] " "source_file ... " "target_directory"); exit(EX_USAGE); }