Matt McCutchen's Web Site / rsync / rsync.git / blame_incremental
? search:
summary | shortlog | log | commit | commitdiff | tree
blob | blame (non-incremental) | history | HEAD
Use the new sanitize_path() calling syntax.
[rsync/rsync.git] / util.c
... / ...
CommitLineData
1/* -*- c-file-style: "linux" -*-
2 *
3 * Copyright (C) 1996-2000 by Andrew Tridgell
4 * Copyright (C) Paul Mackerras 1996
5 * Copyright (C) 2001, 2002 by Martin Pool <mbp@samba.org>
6 *
7 * This program is free software; you can redistribute it and/or modify
8 * it under the terms of the GNU General Public License as published by
9 * the Free Software Foundation; either version 2 of the License, or
10 * (at your option) any later version.
11 *
12 * This program is distributed in the hope that it will be useful,
13 * but WITHOUT ANY WARRANTY; without even the implied warranty of
14 * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
15 * GNU General Public License for more details.
16 *
17 * You should have received a copy of the GNU General Public License
18 * along with this program; if not, write to the Free Software
19 * Foundation, Inc., 675 Mass Ave, Cambridge, MA 02139, USA.
20 */
21
22/**
23 * @file
24 *
25 * Utilities used in rsync
26 **/
27
28#include "rsync.h"
29
30extern int verbose;
31extern int dry_run;
32extern int module_id;
33extern int modify_window;
34extern char *partial_dir;
35extern struct exclude_list_struct server_exclude_list;
36
37int sanitize_paths = 0;
38
39
40
41/**
42 * Set a fd into nonblocking mode
43 **/
44void set_nonblocking(int fd)
45{
46 int val;
47
48 if ((val = fcntl(fd, F_GETFL, 0)) == -1)
49 return;
50 if (!(val & NONBLOCK_FLAG)) {
51 val |= NONBLOCK_FLAG;
52 fcntl(fd, F_SETFL, val);
53 }
54}
55
56/**
57 * Set a fd into blocking mode
58 **/
59void set_blocking(int fd)
60{
61 int val;
62
63 if ((val = fcntl(fd, F_GETFL, 0)) == -1)
64 return;
65 if (val & NONBLOCK_FLAG) {
66 val &= ~NONBLOCK_FLAG;
67 fcntl(fd, F_SETFL, val);
68 }
69}
70
71
72/**
73 * Create a file descriptor pair - like pipe() but use socketpair if
74 * possible (because of blocking issues on pipes).
75 *
76 * Always set non-blocking.
77 */
78int fd_pair(int fd[2])
79{
80 int ret;
81
82#if HAVE_SOCKETPAIR
83 ret = socketpair(AF_UNIX, SOCK_STREAM, 0, fd);
84#else
85 ret = pipe(fd);
86#endif
87
88 if (ret == 0) {
89 set_nonblocking(fd[0]);
90 set_nonblocking(fd[1]);
91 }
92
93 return ret;
94}
95
96
97void print_child_argv(char **cmd)
98{
99 rprintf(FINFO, "opening connection using ");
100 for (; *cmd; cmd++) {
101 /* Look for characters that ought to be quoted. This
102 * is not a great quoting algorithm, but it's
103 * sufficient for a log message. */
104 if (strspn(*cmd, "abcdefghijklmnopqrstuvwxyz"
105 "ABCDEFGHIJKLMNOPQRSTUVWXYZ"
106 "0123456789"
107 ",.-_=+@/") != strlen(*cmd)) {
108 rprintf(FINFO, "\"%s\" ", *cmd);
109 } else {
110 rprintf(FINFO, "%s ", *cmd);
111 }
112 }
113 rprintf(FINFO, "\n");
114}
115
116
117void out_of_memory(char *str)
118{
119 rprintf(FERROR, "ERROR: out of memory in %s\n", str);
120 exit_cleanup(RERR_MALLOC);
121}
122
123void overflow(char *str)
124{
125 rprintf(FERROR, "ERROR: buffer overflow in %s\n", str);
126 exit_cleanup(RERR_MALLOC);
127}
128
129
130
131int set_modtime(char *fname, time_t modtime)
132{
133 if (dry_run)
134 return 0;
135
136 if (verbose > 2) {
137 rprintf(FINFO, "set modtime of %s to (%ld) %s",
138 fname, (long)modtime,
139 asctime(localtime(&modtime)));
140 }
141
142 {
143#ifdef HAVE_UTIMBUF
144 struct utimbuf tbuf;
145 tbuf.actime = time(NULL);
146 tbuf.modtime = modtime;
147 return utime(fname,&tbuf);
148#elif defined(HAVE_UTIME)
149 time_t t[2];
150 t[0] = time(NULL);
151 t[1] = modtime;
152 return utime(fname,t);
153#else
154 struct timeval t[2];
155 t[0].tv_sec = time(NULL);
156 t[0].tv_usec = 0;
157 t[1].tv_sec = modtime;
158 t[1].tv_usec = 0;
159 return utimes(fname,t);
160#endif
161 }
162}
163
164
165/**
166 Create any necessary directories in fname. Unfortunately we don't know
167 what perms to give the directory when this is called so we need to rely
168 on the umask
169**/
170int create_directory_path(char *fname, int base_umask)
171{
172 char *p;
173
174 while (*fname == '/')
175 fname++;
176 while (strncmp(fname, "./", 2) == 0)
177 fname += 2;
178
179 p = fname;
180 while ((p = strchr(p,'/')) != NULL) {
181 *p = 0;
182 do_mkdir(fname, 0777 & ~base_umask);
183 *p = '/';
184 p++;
185 }
186 return 0;
187}
188
189
190/**
191 * Write @p len bytes at @p ptr to descriptor @p desc, retrying if
192 * interrupted.
193 *
194 * @retval len upon success
195 *
196 * @retval <0 write's (negative) error code
197 *
198 * Derived from GNU C's cccp.c.
199 */
200static int full_write(int desc, char *ptr, size_t len)
201{
202 int total_written;
203
204 total_written = 0;
205 while (len > 0) {
206 int written = write(desc, ptr, len);
207 if (written < 0) {
208 if (errno == EINTR)
209 continue;
210 return written;
211 }
212 total_written += written;
213 ptr += written;
214 len -= written;
215 }
216 return total_written;
217}
218
219
220/**
221 * Read @p len bytes at @p ptr from descriptor @p desc, retrying if
222 * interrupted.
223 *
224 * @retval >0 the actual number of bytes read
225 *
226 * @retval 0 for EOF
227 *
228 * @retval <0 for an error.
229 *
230 * Derived from GNU C's cccp.c. */
231static int safe_read(int desc, char *ptr, size_t len)
232{
233 int n_chars;
234
235 if (len == 0)
236 return len;
237
238 do {
239 n_chars = read(desc, ptr, len);
240 } while (n_chars < 0 && errno == EINTR);
241
242 return n_chars;
243}
244
245
246/** Copy a file.
247 *
248 * This is used in conjunction with the --temp-dir option */
249int copy_file(char *source, char *dest, mode_t mode)
250{
251 int ifd;
252 int ofd;
253 char buf[1024 * 8];
254 int len; /* Number of bytes read into `buf'. */
255
256 ifd = do_open(source, O_RDONLY, 0);
257 if (ifd == -1) {
258 rsyserr(FERROR, errno, "open %s", full_fname(source));
259 return -1;
260 }
261
262 if (robust_unlink(dest) && errno != ENOENT) {
263 rsyserr(FERROR, errno, "unlink %s", full_fname(dest));
264 return -1;
265 }
266
267 ofd = do_open(dest, O_WRONLY | O_CREAT | O_TRUNC | O_EXCL, mode);
268 if (ofd == -1) {
269 rsyserr(FERROR, errno, "open %s", full_fname(dest));
270 close(ifd);
271 return -1;
272 }
273
274 while ((len = safe_read(ifd, buf, sizeof buf)) > 0) {
275 if (full_write(ofd, buf, len) < 0) {
276 rsyserr(FERROR, errno, "write %s", full_fname(dest));
277 close(ifd);
278 close(ofd);
279 return -1;
280 }
281 }
282
283 if (len < 0) {
284 rsyserr(FERROR, errno, "read %s", full_fname(source));
285 close(ifd);
286 close(ofd);
287 return -1;
288 }
289
290 if (close(ifd) < 0) {
291 rsyserr(FINFO, errno, "close failed on %s",
292 full_fname(source));
293 }
294
295 if (close(ofd) < 0) {
296 rsyserr(FERROR, errno, "close failed on %s",
297 full_fname(dest));
298 return -1;
299 }
300
301 return 0;
302}
303
304/* MAX_RENAMES should be 10**MAX_RENAMES_DIGITS */
305#define MAX_RENAMES_DIGITS 3
306#define MAX_RENAMES 1000
307
308/**
309 * Robust unlink: some OS'es (HPUX) refuse to unlink busy files, so
310 * rename to <path>/.rsyncNNN instead.
311 *
312 * Note that successive rsync runs will shuffle the filenames around a
313 * bit as long as the file is still busy; this is because this function
314 * does not know if the unlink call is due to a new file coming in, or
315 * --delete trying to remove old .rsyncNNN files, hence it renames it
316 * each time.
317 **/
318int robust_unlink(char *fname)
319{
320#ifndef ETXTBSY
321 return do_unlink(fname);
322#else
323 static int counter = 1;
324 int rc, pos, start;
325 char path[MAXPATHLEN];
326
327 rc = do_unlink(fname);
328 if (rc == 0 || errno != ETXTBSY)
329 return rc;
330
331 if ((pos = strlcpy(path, fname, MAXPATHLEN)) >= MAXPATHLEN)
332 pos = MAXPATHLEN - 1;
333
334 while (pos > 0 && path[pos-1] != '/')
335 pos--;
336 pos += strlcpy(path+pos, ".rsync", MAXPATHLEN-pos);
337
338 if (pos > (MAXPATHLEN-MAX_RENAMES_DIGITS-1)) {
339 errno = ETXTBSY;
340 return -1;
341 }
342
343 /* start where the last one left off to reduce chance of clashes */
344 start = counter;
345 do {
346 sprintf(&path[pos], "%03d", counter);
347 if (++counter >= MAX_RENAMES)
348 counter = 1;
349 } while ((rc = access(path, 0)) == 0 && counter != start);
350
351 if (verbose > 0) {
352 rprintf(FINFO,"renaming %s to %s because of text busy\n",
353 fname, path);
354 }
355
356 /* maybe we should return rename()'s exit status? Nah. */
357 if (do_rename(fname, path) != 0) {
358 errno = ETXTBSY;
359 return -1;
360 }
361 return 0;
362#endif
363}
364
365/* Returns 0 on success, -1 on most errors, and -2 if we got an error
366 * trying to copy the file across file systems. */
367int robust_rename(char *from, char *to, int mode)
368{
369 int tries = 4;
370
371 while (tries--) {
372 if (do_rename(from, to) == 0)
373 return 0;
374
375 switch (errno) {
376#ifdef ETXTBSY
377 case ETXTBSY:
378 if (robust_unlink(to) != 0)
379 return -1;
380 break;
381#endif
382 case EXDEV:
383 if (copy_file(from, to, mode) != 0)
384 return -2;
385 do_unlink(from);
386 return 0;
387 default:
388 return -1;
389 }
390 }
391 return -1;
392}
393
394
395static pid_t all_pids[10];
396static int num_pids;
397
398/** Fork and record the pid of the child. **/
399pid_t do_fork(void)
400{
401 pid_t newpid = fork();
402
403 if (newpid != 0 && newpid != -1) {
404 all_pids[num_pids++] = newpid;
405 }
406 return newpid;
407}
408
409/**
410 * Kill all children.
411 *
412 * @todo It would be kind of nice to make sure that they are actually
413 * all our children before we kill them, because their pids may have
414 * been recycled by some other process. Perhaps when we wait for a
415 * child, we should remove it from this array. Alternatively we could
416 * perhaps use process groups, but I think that would not work on
417 * ancient Unix versions that don't support them.
418 **/
419void kill_all(int sig)
420{
421 int i;
422
423 for (i = 0; i < num_pids; i++) {
424 /* Let's just be a little careful where we
425 * point that gun, hey? See kill(2) for the
426 * magic caused by negative values. */
427 pid_t p = all_pids[i];
428
429 if (p == getpid())
430 continue;
431 if (p <= 0)
432 continue;
433
434 kill(p, sig);
435 }
436}
437
438
439/** Turn a user name into a uid */
440int name_to_uid(char *name, uid_t *uid)
441{
442 struct passwd *pass;
443 if (!name || !*name)
444 return 0;
445 pass = getpwnam(name);
446 if (pass) {
447 *uid = pass->pw_uid;
448 return 1;
449 }
450 return 0;
451}
452
453/** Turn a group name into a gid */
454int name_to_gid(char *name, gid_t *gid)
455{
456 struct group *grp;
457 if (!name || !*name)
458 return 0;
459 grp = getgrnam(name);
460 if (grp) {
461 *gid = grp->gr_gid;
462 return 1;
463 }
464 return 0;
465}
466
467
468/** Lock a byte range in a open file */
469int lock_range(int fd, int offset, int len)
470{
471 struct flock lock;
472
473 lock.l_type = F_WRLCK;
474 lock.l_whence = SEEK_SET;
475 lock.l_start = offset;
476 lock.l_len = len;
477 lock.l_pid = 0;
478
479 return fcntl(fd,F_SETLK,&lock) == 0;
480}
481
482static int exclude_server_path(char *arg)
483{
484 char *s;
485
486 if (server_exclude_list.head) {
487 for (s = arg; (s = strchr(s, '/')) != NULL; ) {
488 *s = '\0';
489 if (check_exclude(&server_exclude_list, arg, 1) < 0) {
490 /* We must leave arg truncated! */
491 return 1;
492 }
493 *s++ = '/';
494 }
495 }
496 return 0;
497}
498
499static void glob_expand_one(char *s, char ***argv_ptr, int *argc_ptr,
500 int *maxargs_ptr)
501{
502 char **argv = *argv_ptr;
503 int argc = *argc_ptr;
504 int maxargs = *maxargs_ptr;
505#if !(defined(HAVE_GLOB) && defined(HAVE_GLOB_H))
506 if (argc == maxargs) {
507 maxargs += MAX_ARGS;
508 if (!(argv = realloc_array(argv, char *, maxargs)))
509 out_of_memory("glob_expand_one");
510 *argv_ptr = argv;
511 *maxargs_ptr = maxargs;
512 }
513 if (!*s)
514 s = ".";
515 s = argv[argc++] = strdup(s);
516 exclude_server_path(s);
517#else
518 glob_t globbuf;
519 int i;
520
521 if (maxargs <= argc)
522 return;
523 if (!*s)
524 s = ".";
525
526 s = strdup(s);
527 if (sanitize_paths)
528 sanitize_path(s, NULL);
529
530 memset(&globbuf, 0, sizeof globbuf);
531 if (!exclude_server_path(s))
532 glob(s, 0, NULL, &globbuf);
533 if (MAX((int)globbuf.gl_pathc, 1) > maxargs - argc) {
534 maxargs += globbuf.gl_pathc + MAX_ARGS;
535 if (!(argv = realloc_array(argv, char *, maxargs)))
536 out_of_memory("glob_expand_one");
537 *argv_ptr = argv;
538 *maxargs_ptr = maxargs;
539 }
540 if (globbuf.gl_pathc == 0)
541 argv[argc++] = s;
542 else {
543 int j = globbuf.gl_pathc;
544 free(s);
545 for (i = 0; i < j; i++) {
546 if (!(argv[argc++] = strdup(globbuf.gl_pathv[i])))
547 out_of_memory("glob_expand_one");
548 }
549 }
550 globfree(&globbuf);
551#endif
552 *argc_ptr = argc;
553}
554
555/* This routine is only used in daemon mode. */
556void glob_expand(char *base1, char ***argv_ptr, int *argc_ptr, int *maxargs_ptr)
557{
558 char *s = (*argv_ptr)[*argc_ptr];
559 char *p, *q;
560 char *base = base1;
561 int base_len = strlen(base);
562
563 if (!s || !*s)
564 return;
565
566 if (strncmp(s, base, base_len) == 0)
567 s += base_len;
568
569 if (!(s = strdup(s)))
570 out_of_memory("glob_expand");
571
572 if (asprintf(&base," %s/", base1) <= 0)
573 out_of_memory("glob_expand");
574 base_len++;
575
576 for (q = s; *q; q = p + base_len) {
577 if ((p = strstr(q, base)) != NULL)
578 *p = '\0'; /* split it at this point */
579 glob_expand_one(q, argv_ptr, argc_ptr, maxargs_ptr);
580 if (!p)
581 break;
582 }
583
584 free(s);
585 free(base);
586}
587
588/**
589 * Convert a string to lower case
590 **/
591void strlower(char *s)
592{
593 while (*s) {
594 if (isupper(*(unsigned char *)s))
595 *s = tolower(*(unsigned char *)s);
596 s++;
597 }
598}
599
600/* Join strings p1 & p2 into "dest" with a guaranteed '/' between them. (If
601 * p1 ends with a '/', no extra '/' is inserted.) Returns the length of both
602 * strings + 1 (if '/' was inserted), regardless of whether the null-terminated
603 * string fits into destsize. */
604size_t pathjoin(char *dest, size_t destsize, const char *p1, const char *p2)
605{
606 size_t len = strlcpy(dest, p1, destsize);
607 if (len < destsize - 1) {
608 if (!len || dest[len-1] != '/')
609 dest[len++] = '/';
610 if (len < destsize - 1)
611 len += strlcpy(dest + len, p2, destsize - len);
612 else {
613 dest[len] = '\0';
614 len += strlen(p2);
615 }
616 }
617 else
618 len += strlen(p2) + 1; /* Assume we'd insert a '/'. */
619 return len;
620}
621
622/* Join any number of strings together, putting them in "dest". The return
623 * value is the length of all the strings, regardless of whether the null-
624 * terminated whole fits in destsize. Your list of string pointers must end
625 * with a NULL to indicate the end of the list. */
626size_t stringjoin(char *dest, size_t destsize, ...)
627{
628 va_list ap;
629 size_t len, ret = 0;
630 const char *src;
631
632 va_start(ap, destsize);
633 while (1) {
634 if (!(src = va_arg(ap, const char *)))
635 break;
636 len = strlen(src);
637 ret += len;
638 if (destsize > 1) {
639 if (len >= destsize)
640 len = destsize - 1;
641 memcpy(dest, src, len);
642 destsize -= len;
643 dest += len;
644 }
645 }
646 *dest = '\0';
647 va_end(ap);
648
649 return ret;
650}
651
652void clean_fname(char *name)
653{
654 char *p;
655 int l;
656 int modified = 1;
657
658 if (!name)
659 return;
660
661 while (modified) {
662 modified = 0;
663
664 if ((p = strstr(name,"/./")) != NULL) {
665 modified = 1;
666 while (*p) {
667 p[0] = p[2];
668 p++;
669 }
670 }
671
672 if ((p = strstr(name,"//")) != NULL) {
673 modified = 1;
674 while (*p) {
675 p[0] = p[1];
676 p++;
677 }
678 }
679
680 if (strncmp(p = name, "./", 2) == 0) {
681 modified = 1;
682 do {
683 p[0] = p[2];
684 } while (*p++);
685 }
686
687 l = strlen(p = name);
688 if (l > 1 && p[l-1] == '/') {
689 modified = 1;
690 p[l-1] = 0;
691 }
692 }
693}
694
695/**
696 * Make path appear as if a chroot had occurred:
697 *
698 * @li 1. remove leading "/" (or replace with "." if at end)
699 *
700 * @li 2. remove leading ".." components (except those allowed by @p reldir)
701 *
702 * @li 3. delete any other "<dir>/.." (recursively)
703 *
704 * Can only shrink paths, so sanitizes in place.
705 *
706 * While we're at it, remove double slashes and "." components like
707 * clean_fname() does, but DON'T remove a trailing slash because that
708 * is sometimes significant on command line arguments.
709 *
710 * If @p reldir is non-null, it is a sanitized directory that the path will be
711 * relative to, so allow as many ".." at the beginning of the path as
712 * there are components in reldir. This is used for symbolic link targets.
713 * If reldir is non-null and the path began with "/", to be completely like
714 * a chroot we should add in depth levels of ".." at the beginning of the
715 * path, but that would blow the assumption that the path doesn't grow and
716 * it is not likely to end up being a valid symlink anyway, so just do
717 * the normal removal of the leading "/" instead.
718 *
719 * Contributed by Dave Dykstra <dwd@bell-labs.com>
720 */
721void sanitize_path(char *p, char *reldir)
722{
723 char *start, *sanp;
724 int depth = 0;
725 int allowdotdot = 0;
726
727 if (reldir) {
728 int new_component = 1;
729 while (*reldir) {
730 if (*reldir++ == '/')
731 new_component = 1;
732 else if (new_component) {
733 new_component = 0;
734 depth++;
735 }
736 }
737 }
738 start = p;
739 sanp = p;
740 while (*p == '/') {
741 /* remove leading slashes */
742 p++;
743 }
744 while (*p != '\0') {
745 /* this loop iterates once per filename component in p.
746 * both p (and sanp if the original had a slash) should
747 * always be left pointing after a slash
748 */
749 if (*p == '.' && (p[1] == '/' || p[1] == '\0')) {
750 /* skip "." component */
751 while (*++p == '/') {
752 /* skip following slashes */
753 ;
754 }
755 continue;
756 }
757 allowdotdot = 0;
758 if (*p == '.' && p[1] == '.' && (p[2] == '/' || p[2] == '\0')) {
759 /* ".." component followed by slash or end */
760 if (depth > 0 && sanp == start) {
761 /* allow depth levels of .. at the beginning */
762 --depth;
763 allowdotdot = 1;
764 } else {
765 p += 2;
766 if (*p == '/')
767 p++;
768 if (sanp != start) {
769 /* back up sanp one level */
770 --sanp; /* now pointing at slash */
771 while (sanp > start && sanp[-1] != '/') {
772 /* skip back up to slash */
773 sanp--;
774 }
775 }
776 continue;
777 }
778 }
779 while (1) {
780 /* copy one component through next slash */
781 *sanp++ = *p++;
782 if (*p == '\0' || p[-1] == '/') {
783 while (*p == '/') {
784 /* skip multiple slashes */
785 p++;
786 }
787 break;
788 }
789 }
790 if (allowdotdot) {
791 /* move the virtual beginning to leave the .. alone */
792 start = sanp;
793 }
794 }
795 if (sanp == start && !allowdotdot) {
796 /* ended up with nothing, so put in "." component */
797 /*
798 * note that the !allowdotdot doesn't prevent this from
799 * happening in all allowed ".." situations, but I didn't
800 * think it was worth putting in an extra variable to ensure
801 * it since an extra "." won't hurt in those situations.
802 */
803 *sanp++ = '.';
804 }
805 *sanp = '\0';
806}
807
808/* Works much like sanitize_path(), with these differences: (1) a new buffer
809 * is allocated for the sanitized path rather than modifying it in-place; (2)
810 * a leading slash gets transformed into the rootdir value (which can be empty
811 * or NULL if you just want the slash to get dropped); (3) no "reldir" can be
812 * specified. */
813char *alloc_sanitize_path(const char *path, const char *rootdir)
814{
815 char *buf;
816 int rlen, plen = strlen(path);
817
818 if (*path == '/' && rootdir) {
819 rlen = strlen(rootdir);
820 if (rlen == 1)
821 path++;
822 } else
823 rlen = 0;
824 if (!(buf = new_array(char, rlen + plen + 1)))
825 out_of_memory("alloc_sanitize_path");
826 if (rlen)
827 memcpy(buf, rootdir, rlen);
828 memcpy(buf + rlen, path, plen + 1);
829
830 if (rlen > 1)
831 rlen++;
832 sanitize_path(buf + rlen, NULL);
833 if (rlen && buf[rlen] == '.' && buf[rlen+1] == '\0') {
834 if (rlen > 1)
835 rlen--;
836 buf[rlen] = '\0';
837 }
838
839 return buf;
840}
841
842char curr_dir[MAXPATHLEN];
843unsigned int curr_dir_len;
844
845/**
846 * Like chdir(), but it keeps track of the current directory (in the
847 * global "curr_dir"), and ensures that the path size doesn't overflow.
848 * Also cleans the path using the clean_fname() function.
849 **/
850int push_dir(char *dir)
851{
852 static int initialised;
853 unsigned int len;
854
855 if (!initialised) {
856 initialised = 1;
857 getcwd(curr_dir, sizeof curr_dir - 1);
858 curr_dir_len = strlen(curr_dir);
859 }
860
861 if (!dir) /* this call was probably just to initialize */
862 return 0;
863
864 len = strlen(dir);
865 if (len == 1 && *dir == '.')
866 return 1;
867
868 if ((*dir == '/' ? len : curr_dir_len + 1 + len) >= sizeof curr_dir)
869 return 0;
870
871 if (chdir(dir))
872 return 0;
873
874 if (*dir == '/') {
875 memcpy(curr_dir, dir, len + 1);
876 curr_dir_len = len;
877 } else {
878 curr_dir[curr_dir_len++] = '/';
879 memcpy(curr_dir + curr_dir_len, dir, len + 1);
880 curr_dir_len += len;
881 }
882
883 clean_fname(curr_dir);
884
885 return 1;
886}
887
888/**
889 * Reverse a push_dir() call. You must pass in an absolute path
890 * that was copied from a prior value of "curr_dir".
891 **/
892int pop_dir(char *dir)
893{
894 if (chdir(dir))
895 return 0;
896
897 curr_dir_len = strlcpy(curr_dir, dir, sizeof curr_dir);
898 if (curr_dir_len >= sizeof curr_dir)
899 curr_dir_len = sizeof curr_dir - 1;
900
901 return 1;
902}
903
904/**
905 * Return the filename, turning any newlines into '?'s. This ensures that
906 * outputting it on a line of its own cannot generate an empty line. This
907 * function can handle only 2 names at a time!
908 **/
909const char *safe_fname(const char *fname)
910{
911 static char fbuf1[MAXPATHLEN], fbuf2[MAXPATHLEN];
912 static char *fbuf = fbuf2;
913 char *nl = strchr(fname, '\n');
914
915 if (!nl)
916 return fname;
917
918 fbuf = fbuf == fbuf1 ? fbuf2 : fbuf1;
919 strlcpy(fbuf, fname, MAXPATHLEN);
920 nl = fbuf + (nl - (char *)fname);
921 do {
922 *nl = '?';
923 } while ((nl = strchr(nl+1, '\n')) != NULL);
924
925 return fbuf;
926}
927
928/**
929 * Return a quoted string with the full pathname of the indicated filename.
930 * The string " (in MODNAME)" may also be appended. The returned pointer
931 * remains valid until the next time full_fname() is called.
932 **/
933char *full_fname(const char *fn)
934{
935 static char *result = NULL;
936 char *m1, *m2, *m3;
937 char *p1, *p2;
938
939 if (result)
940 free(result);
941
942 fn = safe_fname(fn);
943 if (*fn == '/')
944 p1 = p2 = "";
945 else {
946 p1 = curr_dir;
947 p2 = "/";
948 }
949 if (module_id >= 0) {
950 m1 = " (in ";
951 m2 = lp_name(module_id);
952 m3 = ")";
953 if (*p1) {
954 if (!lp_use_chroot(module_id)) {
955 char *p = lp_path(module_id);
956 if (*p != '/' || p[1])
957 p1 += strlen(p);
958 }
959 if (!*p1)
960 p2++;
961 else
962 p1++;
963 }
964 else
965 fn++;
966 } else
967 m1 = m2 = m3 = "";
968
969 asprintf(&result, "\"%s%s%s\"%s%s%s", p1, p2, fn, m1, m2, m3);
970
971 return result;
972}
973
974static char partial_fname[MAXPATHLEN];
975
976char *partial_dir_fname(const char *fname)
977{
978 char *t = partial_fname;
979 int sz = sizeof partial_fname;
980 const char *fn;
981
982 if ((fn = strrchr(fname, '/')) != NULL) {
983 fn++;
984 if (*partial_dir != '/') {
985 int len = fn - fname;
986 strncpy(t, fname, len); /* safe */
987 t += len;
988 sz -= len;
989 }
990 } else
991 fn = fname;
992 if ((int)pathjoin(t, sz, partial_dir, fn) >= sz)
993 return NULL;
994 if (server_exclude_list.head
995 && check_exclude(&server_exclude_list, partial_fname, 0) < 0)
996 return NULL;
997
998 return partial_fname;
999}
1000
1001/* If no --partial-dir option was specified, we don't need to do anything
1002 * (the partial-dir is essentially '.'), so just return success. */
1003int handle_partial_dir(const char *fname, int create)
1004{
1005 char *fn, *dir;
1006
1007 if (fname != partial_fname)
1008 return 1;
1009 if (!create && *partial_dir == '/')
1010 return 1;
1011 if (!(fn = strrchr(partial_fname, '/')))
1012 return 1;
1013
1014 *fn = '\0';
1015 dir = partial_fname;
1016 if (create) {
1017 STRUCT_STAT st;
1018#if SUPPORT_LINKS
1019 int statret = do_lstat(dir, &st);
1020#else
1021 int statret = do_stat(dir, &st);
1022#endif
1023 if (statret == 0 && !S_ISDIR(st.st_mode)) {
1024 if (do_unlink(dir) < 0)
1025 return 0;
1026 statret = -1;
1027 }
1028 if (statret < 0 && do_mkdir(dir, 0700) < 0)
1029 return 0;
1030 } else
1031 do_rmdir(dir);
1032 *fn = '/';
1033
1034 return 1;
1035}
1036
1037/** We need to supply our own strcmp function for file list comparisons
1038 to ensure that signed/unsigned usage is consistent between machines. */
1039int u_strcmp(const char *cs1, const char *cs2)
1040{
1041 const uchar *s1 = (const uchar *)cs1;
1042 const uchar *s2 = (const uchar *)cs2;
1043
1044 while (*s1 && *s2 && (*s1 == *s2)) {
1045 s1++; s2++;
1046 }
1047
1048 return (int)*s1 - (int)*s2;
1049}
1050
1051
1052
1053/**
1054 * Determine if a symlink points outside the current directory tree.
1055 * This is considered "unsafe" because e.g. when mirroring somebody
1056 * else's machine it might allow them to establish a symlink to
1057 * /etc/passwd, and then read it through a web server.
1058 *
1059 * Null symlinks and absolute symlinks are always unsafe.
1060 *
1061 * Basically here we are concerned with symlinks whose target contains
1062 * "..", because this might cause us to walk back up out of the
1063 * transferred directory. We are not allowed to go back up and
1064 * reenter.
1065 *
1066 * @param dest Target of the symlink in question.
1067 *
1068 * @param src Top source directory currently applicable. Basically this
1069 * is the first parameter to rsync in a simple invocation, but it's
1070 * modified by flist.c in slightly complex ways.
1071 *
1072 * @retval True if unsafe
1073 * @retval False is unsafe
1074 *
1075 * @sa t_unsafe.c
1076 **/
1077int unsafe_symlink(const char *dest, const char *src)
1078{
1079 const char *name, *slash;
1080 int depth = 0;
1081
1082 /* all absolute and null symlinks are unsafe */
1083 if (!dest || !*dest || *dest == '/')
1084 return 1;
1085
1086 /* find out what our safety margin is */
1087 for (name = src; (slash = strchr(name, '/')) != 0; name = slash+1) {
1088 if (strncmp(name, "../", 3) == 0) {
1089 depth = 0;
1090 } else if (strncmp(name, "./", 2) == 0) {
1091 /* nothing */
1092 } else {
1093 depth++;
1094 }
1095 }
1096 if (strcmp(name, "..") == 0)
1097 depth = 0;
1098
1099 for (name = dest; (slash = strchr(name, '/')) != 0; name = slash+1) {
1100 if (strncmp(name, "../", 3) == 0) {
1101 /* if at any point we go outside the current directory
1102 then stop - it is unsafe */
1103 if (--depth < 0)
1104 return 1;
1105 } else if (strncmp(name, "./", 2) == 0) {
1106 /* nothing */
1107 } else {
1108 depth++;
1109 }
1110 }
1111 if (strcmp(name, "..") == 0)
1112 depth--;
1113
1114 return (depth < 0);
1115}
1116
1117
1118/**
1119 * Return the date and time as a string
1120 **/
1121char *timestring(time_t t)
1122{
1123 static char TimeBuf[200];
1124 struct tm *tm = localtime(&t);
1125
1126#ifdef HAVE_STRFTIME
1127 strftime(TimeBuf, sizeof TimeBuf - 1, "%Y/%m/%d %H:%M:%S", tm);
1128#else
1129 strlcpy(TimeBuf, asctime(tm), sizeof TimeBuf);
1130#endif
1131
1132 if (TimeBuf[strlen(TimeBuf)-1] == '\n') {
1133 TimeBuf[strlen(TimeBuf)-1] = 0;
1134 }
1135
1136 return(TimeBuf);
1137}
1138
1139
1140/**
1141 * Sleep for a specified number of milliseconds.
1142 *
1143 * Always returns TRUE. (In the future it might return FALSE if
1144 * interrupted.)
1145 **/
1146int msleep(int t)
1147{
1148 int tdiff = 0;
1149 struct timeval tval, t1, t2;
1150
1151 gettimeofday(&t1, NULL);
1152
1153 while (tdiff < t) {
1154 tval.tv_sec = (t-tdiff)/1000;
1155 tval.tv_usec = 1000*((t-tdiff)%1000);
1156
1157 errno = 0;
1158 select(0,NULL,NULL, NULL, &tval);
1159
1160 gettimeofday(&t2, NULL);
1161 tdiff = (t2.tv_sec - t1.tv_sec)*1000 +
1162 (t2.tv_usec - t1.tv_usec)/1000;
1163 }
1164
1165 return True;
1166}
1167
1168
1169/**
1170 * Determine if two file modification times are equivalent (either
1171 * exact or in the modification timestamp window established by
1172 * --modify-window).
1173 *
1174 * @retval 0 if the times should be treated as the same
1175 *
1176 * @retval +1 if the first is later
1177 *
1178 * @retval -1 if the 2nd is later
1179 **/
1180int cmp_modtime(time_t file1, time_t file2)
1181{
1182 if (file2 > file1) {
1183 if (file2 - file1 <= modify_window)
1184 return 0;
1185 return -1;
1186 }
1187 if (file1 - file2 <= modify_window)
1188 return 0;
1189 return 1;
1190}
1191
1192
1193#ifdef __INSURE__XX
1194#include <dlfcn.h>
1195
1196/**
1197 This routine is a trick to immediately catch errors when debugging
1198 with insure. A xterm with a gdb is popped up when insure catches
1199 a error. It is Linux specific.
1200**/
1201int _Insure_trap_error(int a1, int a2, int a3, int a4, int a5, int a6)
1202{
1203 static int (*fn)();
1204 int ret;
1205 char *cmd;
1206
1207 asprintf(&cmd, "/usr/X11R6/bin/xterm -display :0 -T Panic -n Panic -e /bin/sh -c 'cat /tmp/ierrs.*.%d ; gdb /proc/%d/exe %d'",
1208 getpid(), getpid(), getpid());
1209
1210 if (!fn) {
1211 static void *h;
1212 h = dlopen("/usr/local/parasoft/insure++lite/lib.linux2/libinsure.so", RTLD_LAZY);
1213 fn = dlsym(h, "_Insure_trap_error");
1214 }
1215
1216 ret = fn(a1, a2, a3, a4, a5, a6);
1217
1218 system(cmd);
1219
1220 free(cmd);
1221
1222 return ret;
1223}
1224#endif
1225
1226
1227#define MALLOC_MAX 0x40000000
1228
1229void *_new_array(unsigned int size, unsigned long num)
1230{
1231 if (num >= MALLOC_MAX/size)
1232 return NULL;
1233 return malloc(size * num);
1234}
1235
1236void *_realloc_array(void *ptr, unsigned int size, unsigned long num)
1237{
1238 if (num >= MALLOC_MAX/size)
1239 return NULL;
1240 /* No realloc should need this, but just in case... */
1241 if (!ptr)
1242 return malloc(size * num);
1243 return realloc(ptr, size * num);
1244}
Matt McCutchen's repository for rsync, the fast and versatile remote file copier