1 /* vi: set sw=4 ts=4: */
3 * Mini copy_file implementation for busybox
5 * Copyright (C) 2001 by Matt Kraai <kraai@alumni.carnegiemellon.edu>
6 * SELinux support by Yuichi Nakamura <ynakam@hitachisoft.jp>
8 * Licensed under GPLv2 or later, see file LICENSE in this tarball for details.
14 // POSIX: if exists and -i, ask (w/o -i assume yes).
15 // Then open w/o EXCL (yes, not unlink!).
16 // If open still fails and -f, try unlink, then try open again.
18 // If dest is a softlink, we overwrite softlink's destination!
19 // (or fail, if it points to dir/nonexistent location/etc).
20 // This is strange, but POSIX-correct.
21 // coreutils cp has --remove-destination to override this...
23 // NB: we have special code which still allows for "cp file /dev/node"
24 // to work POSIX-ly (the only realistic case where it makes sense)
26 #define DO_POSIX_CP 0 /* 1 - POSIX behavior, 0 - safe behavior */
28 // errno must be set to relevant value ("why we cannot create dest?")
29 // for POSIX mode to give reasonable error message
30 static int ask_and_unlink(const char *dest, int flags)
33 if (!(flags & (FILEUTILS_FORCE|FILEUTILS_INTERACTIVE))) {
34 // Either it exists, or the *path* doesnt exist
35 bb_perror_msg("cannot create '%s'", dest);
39 // If !DO_POSIX_CP, act as if -f is always in effect - we don't want
40 // "cannot create" msg, we want unlink to be done (silently unless -i).
42 // TODO: maybe we should do it only if ctty is present?
43 if (flags & FILEUTILS_INTERACTIVE) {
44 // We would not do POSIX insanity. -i asks,
45 // then _unlinks_ the offender. Presto.
46 // (No "opening without O_EXCL", no "unlink only if -f")
47 // Or else we will end up having 3 open()s!
48 fprintf(stderr, "%s: overwrite '%s'? ", applet_name, dest);
49 if (!bb_ask_confirmation())
50 return 0; // not allowed to overwrite
52 if (unlink(dest) < 0) {
53 bb_perror_msg("cannot remove '%s'", dest);
56 return 1; // ok (to try again)
60 * -1 error, copy not made
61 * 0 copy is made or user answered "no" in interactive mode
62 * (failures to preserve mode/owner/times are not reported in exit code)
64 int copy_file(const char *source, const char *dest, int flags)
66 /* This is a recursive function, try to minimize stack usage */
67 /* NB: each struct stat is ~100 bytes */
68 struct stat source_stat;
69 struct stat dest_stat;
70 signed char retval = 0;
71 signed char dest_exists = 0;
74 #define FLAGS_DEREF (flags & FILEUTILS_DEREFERENCE)
76 if ((FLAGS_DEREF ? stat : lstat)(source, &source_stat) < 0) {
77 // This may be a dangling symlink.
78 // Making [sym]links to dangling symlinks works, so...
79 if (flags & (FILEUTILS_MAKE_SOFTLINK|FILEUTILS_MAKE_HARDLINK))
81 bb_perror_msg("cannot stat '%s'", source);
85 if (lstat(dest, &dest_stat) < 0) {
86 if (errno != ENOENT) {
87 bb_perror_msg("cannot stat '%s'", dest);
91 if (source_stat.st_dev == dest_stat.st_dev
92 && source_stat.st_ino == dest_stat.st_ino
94 bb_error_msg("'%s' and '%s' are the same file", source, dest);
101 if ((flags & FILEUTILS_PRESERVE_SECURITY_CONTEXT) && is_selinux_enabled() > 0) {
102 security_context_t con;
103 if (lgetfilecon(source, &con) >= 0) {
104 if (setfscreatecon(con) < 0) {
105 bb_perror_msg("cannot set setfscreatecon %s", con);
109 } else if (errno == ENOTSUP || errno == ENODATA) {
110 setfscreatecon_or_die(NULL);
112 bb_perror_msg("cannot lgetfilecon %s", source);
118 if (S_ISDIR(source_stat.st_mode)) {
122 mode_t saved_umask = 0;
124 if (!(flags & FILEUTILS_RECUR)) {
125 bb_error_msg("omitting directory '%s'", source);
129 /* Did we ever create source ourself before? */
130 tp = is_in_ino_dev_hashtable(&source_stat);
132 /* We did! it's a recursion! man the lifeboats... */
133 bb_error_msg("recursion detected, omitting directory '%s'",
140 if (!S_ISDIR(dest_stat.st_mode)) {
141 bb_error_msg("target '%s' is not a directory", dest);
146 saved_umask = umask(0);
148 mode = source_stat.st_mode;
149 if (!(flags & FILEUTILS_PRESERVE_STATUS))
150 mode = source_stat.st_mode & ~saved_umask;
151 /* Allow owner to access new dir (at least for now) */
153 if (mkdir(dest, mode) < 0) {
155 bb_perror_msg("cannot create directory '%s'", dest);
159 /* need stat info for add_to_ino_dev_hashtable */
160 if (lstat(dest, &dest_stat) < 0) {
161 bb_perror_msg("cannot stat '%s'", dest);
165 /* remember (dev,inode) of each created dir.
166 * NULL: name is not remembered */
167 add_to_ino_dev_hashtable(&dest_stat, NULL);
169 /* Recursively copy files in SOURCE */
170 dp = opendir(source);
173 goto preserve_mode_ugid_time;
176 while ((d = readdir(dp)) != NULL) {
177 char *new_source, *new_dest;
179 new_source = concat_subpath_file(source, d->d_name);
180 if (new_source == NULL)
182 new_dest = concat_path_file(dest, d->d_name);
183 if (copy_file(new_source, new_dest, flags) < 0)
191 && chmod(dest, source_stat.st_mode & ~saved_umask) < 0
193 bb_perror_msg("cannot preserve %s of '%s'", "permissions", dest);
194 /* retval = -1; - WRONG! copy *WAS* made */
196 goto preserve_mode_ugid_time;
199 if (flags & (FILEUTILS_MAKE_SOFTLINK|FILEUTILS_MAKE_HARDLINK)) {
200 int (*lf)(const char *oldpath, const char *newpath);
203 // if (DEREF && MAKE_SOFTLINK) source = realpath(source) ?
204 // (but realpath returns NULL on dangling symlinks...)
205 lf = (flags & FILEUTILS_MAKE_SOFTLINK) ? symlink : link;
206 if (lf(source, dest) < 0) {
207 ovr = ask_and_unlink(dest, flags);
210 if (lf(source, dest) < 0) {
211 bb_perror_msg("cannot create link '%s'", dest);
215 /* _Not_ jumping to preserve_mode_ugid_time:
216 * hard/softlinks don't have those */
220 if (S_ISREG(source_stat.st_mode)
221 /* DEREF uses stat, which never returns S_ISLNK() == true. */
222 /* || (FLAGS_DEREF && S_ISLNK(source_stat.st_mode)) */
227 if (ENABLE_FEATURE_PRESERVE_HARDLINKS && !FLAGS_DEREF) {
228 const char *link_target;
229 link_target = is_in_ino_dev_hashtable(&source_stat);
231 if (link(link_target, dest) < 0) {
232 ovr = ask_and_unlink(dest, flags);
235 if (link(link_target, dest) < 0) {
236 bb_perror_msg("cannot create link '%s'", dest);
242 add_to_ino_dev_hashtable(&source_stat, dest);
245 src_fd = open_or_warn(source, O_RDONLY);
249 /* POSIX way is a security problem versus symlink attacks,
250 * we do it only for dest's which are device nodes,
251 * and only for non-recursive, non-interactive cp. NB: it is still racy
252 * for "cp file /home/bad_user/device_node" case
253 * (user can rm device_node and create link to /etc/passwd) */
255 || (dest_exists && !(flags & (FILEUTILS_RECUR|FILEUTILS_INTERACTIVE))
256 && (S_ISBLK(dest_stat.st_mode) || S_ISCHR(dest_stat.st_mode)))
258 dst_fd = open(dest, O_WRONLY|O_CREAT|O_TRUNC, source_stat.st_mode);
259 } else /* safe way: */
260 dst_fd = open(dest, O_WRONLY|O_CREAT|O_EXCL, source_stat.st_mode);
262 ovr = ask_and_unlink(dest, flags);
267 /* It shouldn't exist. If it exists, do not open (symlink attack?) */
268 dst_fd = open3_or_warn(dest, O_WRONLY|O_CREAT|O_EXCL, source_stat.st_mode);
276 if (((flags & FILEUTILS_PRESERVE_SECURITY_CONTEXT)
277 || (flags & FILEUTILS_SET_SECURITY_CONTEXT))
278 && is_selinux_enabled() > 0
280 security_context_t con;
281 if (getfscreatecon(&con) == -1) {
282 bb_perror_msg("getfscreatecon");
286 if (setfilecon(dest, con) == -1) {
287 bb_perror_msg("setfilecon:%s,%s", dest, con);
295 if (bb_copyfd_eof(src_fd, dst_fd) == -1)
297 /* Ok, writing side I can understand... */
298 if (close(dst_fd) < 0) {
299 bb_perror_msg("cannot close '%s'", dest);
302 /* ...but read size is already checked by bb_copyfd_eof */
304 goto preserve_mode_ugid_time;
307 /* Source is a symlink or a special file */
308 /* We are lazy here, a bit lax with races... */
311 ovr = ask_and_unlink(dest, flags);
315 if (S_ISLNK(source_stat.st_mode)) {
316 char *lpath = xmalloc_readlink_or_warn(source);
318 int r = symlink(lpath, dest);
321 bb_perror_msg("cannot create symlink '%s'", dest);
324 if (flags & FILEUTILS_PRESERVE_STATUS)
325 if (lchown(dest, source_stat.st_uid, source_stat.st_gid) < 0)
326 bb_perror_msg("cannot preserve %s of '%s'", "ownership", dest);
328 /* _Not_ jumping to preserve_mode_ugid_time:
329 * symlinks don't have those */
332 if (S_ISBLK(source_stat.st_mode) || S_ISCHR(source_stat.st_mode)
333 || S_ISSOCK(source_stat.st_mode) || S_ISFIFO(source_stat.st_mode)
335 if (mknod(dest, source_stat.st_mode, source_stat.st_rdev) < 0) {
336 bb_perror_msg("cannot create '%s'", dest);
340 bb_error_msg("unrecognized file '%s' with mode %x", source, source_stat.st_mode);
344 preserve_mode_ugid_time:
346 if (flags & FILEUTILS_PRESERVE_STATUS
348 /* && !(flags & (FILEUTILS_MAKE_SOFTLINK|FILEUTILS_MAKE_HARDLINK)) */
350 struct utimbuf times;
352 times.actime = source_stat.st_atime;
353 times.modtime = source_stat.st_mtime;
354 /* BTW, utimes sets usec-precision time - just FYI */
355 if (utime(dest, ×) < 0)
356 bb_perror_msg("cannot preserve %s of '%s'", "times", dest);
357 if (chown(dest, source_stat.st_uid, source_stat.st_gid) < 0) {
358 source_stat.st_mode &= ~(S_ISUID | S_ISGID);
359 bb_perror_msg("cannot preserve %s of '%s'", "ownership", dest);
361 if (chmod(dest, source_stat.st_mode) < 0)
362 bb_perror_msg("cannot preserve %s of '%s'", "permissions", dest);