Matt McCutchen's Web Site / rsync / rsync.git / blame_incremental
? search:
summary | shortlog | log | commit | commitdiff | tree
blob | blame (non-incremental) | history | HEAD
Call sanitize_path() with updated args.
[rsync/rsync.git] / util.c
... / ...
CommitLineData
1/* -*- c-file-style: "linux" -*-
2 *
3 * Copyright (C) 1996-2000 by Andrew Tridgell
4 * Copyright (C) Paul Mackerras 1996
5 * Copyright (C) 2001, 2002 by Martin Pool <mbp@samba.org>
6 *
7 * This program is free software; you can redistribute it and/or modify
8 * it under the terms of the GNU General Public License as published by
9 * the Free Software Foundation; either version 2 of the License, or
10 * (at your option) any later version.
11 *
12 * This program is distributed in the hope that it will be useful,
13 * but WITHOUT ANY WARRANTY; without even the implied warranty of
14 * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
15 * GNU General Public License for more details.
16 *
17 * You should have received a copy of the GNU General Public License
18 * along with this program; if not, write to the Free Software
19 * Foundation, Inc., 675 Mass Ave, Cambridge, MA 02139, USA.
20 */
21
22/**
23 * @file
24 *
25 * Utilities used in rsync
26 **/
27
28#include "rsync.h"
29
30extern int verbose;
31extern int dry_run;
32extern int module_id;
33extern int modify_window;
34extern char *partial_dir;
35extern struct exclude_list_struct server_exclude_list;
36
37int sanitize_paths = 0;
38
39
40
41/**
42 * Set a fd into nonblocking mode
43 **/
44void set_nonblocking(int fd)
45{
46 int val;
47
48 if ((val = fcntl(fd, F_GETFL, 0)) == -1)
49 return;
50 if (!(val & NONBLOCK_FLAG)) {
51 val |= NONBLOCK_FLAG;
52 fcntl(fd, F_SETFL, val);
53 }
54}
55
56/**
57 * Set a fd into blocking mode
58 **/
59void set_blocking(int fd)
60{
61 int val;
62
63 if ((val = fcntl(fd, F_GETFL, 0)) == -1)
64 return;
65 if (val & NONBLOCK_FLAG) {
66 val &= ~NONBLOCK_FLAG;
67 fcntl(fd, F_SETFL, val);
68 }
69}
70
71
72/**
73 * Create a file descriptor pair - like pipe() but use socketpair if
74 * possible (because of blocking issues on pipes).
75 *
76 * Always set non-blocking.
77 */
78int fd_pair(int fd[2])
79{
80 int ret;
81
82#if HAVE_SOCKETPAIR
83 ret = socketpair(AF_UNIX, SOCK_STREAM, 0, fd);
84#else
85 ret = pipe(fd);
86#endif
87
88 if (ret == 0) {
89 set_nonblocking(fd[0]);
90 set_nonblocking(fd[1]);
91 }
92
93 return ret;
94}
95
96
97void print_child_argv(char **cmd)
98{
99 rprintf(FINFO, "opening connection using ");
100 for (; *cmd; cmd++) {
101 /* Look for characters that ought to be quoted. This
102 * is not a great quoting algorithm, but it's
103 * sufficient for a log message. */
104 if (strspn(*cmd, "abcdefghijklmnopqrstuvwxyz"
105 "ABCDEFGHIJKLMNOPQRSTUVWXYZ"
106 "0123456789"
107 ",.-_=+@/") != strlen(*cmd)) {
108 rprintf(FINFO, "\"%s\" ", *cmd);
109 } else {
110 rprintf(FINFO, "%s ", *cmd);
111 }
112 }
113 rprintf(FINFO, "\n");
114}
115
116
117void out_of_memory(char *str)
118{
119 rprintf(FERROR, "ERROR: out of memory in %s\n", str);
120 exit_cleanup(RERR_MALLOC);
121}
122
123void overflow(char *str)
124{
125 rprintf(FERROR, "ERROR: buffer overflow in %s\n", str);
126 exit_cleanup(RERR_MALLOC);
127}
128
129
130
131int set_modtime(char *fname, time_t modtime)
132{
133 if (dry_run)
134 return 0;
135
136 if (verbose > 2) {
137 rprintf(FINFO, "set modtime of %s to (%ld) %s",
138 fname, (long)modtime,
139 asctime(localtime(&modtime)));
140 }
141
142 {
143#ifdef HAVE_UTIMBUF
144 struct utimbuf tbuf;
145 tbuf.actime = time(NULL);
146 tbuf.modtime = modtime;
147 return utime(fname,&tbuf);
148#elif defined(HAVE_UTIME)
149 time_t t[2];
150 t[0] = time(NULL);
151 t[1] = modtime;
152 return utime(fname,t);
153#else
154 struct timeval t[2];
155 t[0].tv_sec = time(NULL);
156 t[0].tv_usec = 0;
157 t[1].tv_sec = modtime;
158 t[1].tv_usec = 0;
159 return utimes(fname,t);
160#endif
161 }
162}
163
164
165/**
166 Create any necessary directories in fname. Unfortunately we don't know
167 what perms to give the directory when this is called so we need to rely
168 on the umask
169**/
170int create_directory_path(char *fname, int base_umask)
171{
172 char *p;
173
174 while (*fname == '/')
175 fname++;
176 while (strncmp(fname, "./", 2) == 0)
177 fname += 2;
178
179 p = fname;
180 while ((p = strchr(p,'/')) != NULL) {
181 *p = 0;
182 do_mkdir(fname, 0777 & ~base_umask);
183 *p = '/';
184 p++;
185 }
186 return 0;
187}
188
189
190/**
191 * Write @p len bytes at @p ptr to descriptor @p desc, retrying if
192 * interrupted.
193 *
194 * @retval len upon success
195 *
196 * @retval <0 write's (negative) error code
197 *
198 * Derived from GNU C's cccp.c.
199 */
200static int full_write(int desc, char *ptr, size_t len)
201{
202 int total_written;
203
204 total_written = 0;
205 while (len > 0) {
206 int written = write(desc, ptr, len);
207 if (written < 0) {
208 if (errno == EINTR)
209 continue;
210 return written;
211 }
212 total_written += written;
213 ptr += written;
214 len -= written;
215 }
216 return total_written;
217}
218
219
220/**
221 * Read @p len bytes at @p ptr from descriptor @p desc, retrying if
222 * interrupted.
223 *
224 * @retval >0 the actual number of bytes read
225 *
226 * @retval 0 for EOF
227 *
228 * @retval <0 for an error.
229 *
230 * Derived from GNU C's cccp.c. */
231static int safe_read(int desc, char *ptr, size_t len)
232{
233 int n_chars;
234
235 if (len == 0)
236 return len;
237
238 do {
239 n_chars = read(desc, ptr, len);
240 } while (n_chars < 0 && errno == EINTR);
241
242 return n_chars;
243}
244
245
246/** Copy a file.
247 *
248 * This is used in conjunction with the --temp-dir option */
249int copy_file(char *source, char *dest, mode_t mode)
250{
251 int ifd;
252 int ofd;
253 char buf[1024 * 8];
254 int len; /* Number of bytes read into `buf'. */
255
256 ifd = do_open(source, O_RDONLY, 0);
257 if (ifd == -1) {
258 rsyserr(FERROR, errno, "open %s", full_fname(source));
259 return -1;
260 }
261
262 if (robust_unlink(dest) && errno != ENOENT) {
263 rsyserr(FERROR, errno, "unlink %s", full_fname(dest));
264 return -1;
265 }
266
267 ofd = do_open(dest, O_WRONLY | O_CREAT | O_TRUNC | O_EXCL, mode);
268 if (ofd == -1) {
269 rsyserr(FERROR, errno, "open %s", full_fname(dest));
270 close(ifd);
271 return -1;
272 }
273
274 while ((len = safe_read(ifd, buf, sizeof buf)) > 0) {
275 if (full_write(ofd, buf, len) < 0) {
276 rsyserr(FERROR, errno, "write %s", full_fname(dest));
277 close(ifd);
278 close(ofd);
279 return -1;
280 }
281 }
282
283 if (len < 0) {
284 rsyserr(FERROR, errno, "read %s", full_fname(source));
285 close(ifd);
286 close(ofd);
287 return -1;
288 }
289
290 if (close(ifd) < 0) {
291 rsyserr(FINFO, errno, "close failed on %s",
292 full_fname(source));
293 }
294
295 if (close(ofd) < 0) {
296 rsyserr(FERROR, errno, "close failed on %s",
297 full_fname(dest));
298 return -1;
299 }
300
301 return 0;
302}
303
304/* MAX_RENAMES should be 10**MAX_RENAMES_DIGITS */
305#define MAX_RENAMES_DIGITS 3
306#define MAX_RENAMES 1000
307
308/**
309 * Robust unlink: some OS'es (HPUX) refuse to unlink busy files, so
310 * rename to <path>/.rsyncNNN instead.
311 *
312 * Note that successive rsync runs will shuffle the filenames around a
313 * bit as long as the file is still busy; this is because this function
314 * does not know if the unlink call is due to a new file coming in, or
315 * --delete trying to remove old .rsyncNNN files, hence it renames it
316 * each time.
317 **/
318int robust_unlink(char *fname)
319{
320#ifndef ETXTBSY
321 return do_unlink(fname);
322#else
323 static int counter = 1;
324 int rc, pos, start;
325 char path[MAXPATHLEN];
326
327 rc = do_unlink(fname);
328 if (rc == 0 || errno != ETXTBSY)
329 return rc;
330
331 if ((pos = strlcpy(path, fname, MAXPATHLEN)) >= MAXPATHLEN)
332 pos = MAXPATHLEN - 1;
333
334 while (pos > 0 && path[pos-1] != '/')
335 pos--;
336 pos += strlcpy(path+pos, ".rsync", MAXPATHLEN-pos);
337
338 if (pos > (MAXPATHLEN-MAX_RENAMES_DIGITS-1)) {
339 errno = ETXTBSY;
340 return -1;
341 }
342
343 /* start where the last one left off to reduce chance of clashes */
344 start = counter;
345 do {
346 sprintf(&path[pos], "%03d", counter);
347 if (++counter >= MAX_RENAMES)
348 counter = 1;
349 } while ((rc = access(path, 0)) == 0 && counter != start);
350
351 if (verbose > 0) {
352 rprintf(FINFO,"renaming %s to %s because of text busy\n",
353 fname, path);
354 }
355
356 /* maybe we should return rename()'s exit status? Nah. */
357 if (do_rename(fname, path) != 0) {
358 errno = ETXTBSY;
359 return -1;
360 }
361 return 0;
362#endif
363}
364
365/* Returns 0 on successful rename, 1 if we successfully copied the file
366 * across filesystems, -2 if copy_file() failed, and -1 on other errors. */
367int robust_rename(char *from, char *to, int mode)
368{
369 int tries = 4;
370
371 while (tries--) {
372 if (do_rename(from, to) == 0)
373 return 0;
374
375 switch (errno) {
376#ifdef ETXTBSY
377 case ETXTBSY:
378 if (robust_unlink(to) != 0)
379 return -1;
380 break;
381#endif
382 case EXDEV:
383 if (copy_file(from, to, mode) != 0)
384 return -2;
385 do_unlink(from);
386 return 1;
387 default:
388 return -1;
389 }
390 }
391 return -1;
392}
393
394
395static pid_t all_pids[10];
396static int num_pids;
397
398/** Fork and record the pid of the child. **/
399pid_t do_fork(void)
400{
401 pid_t newpid = fork();
402
403 if (newpid != 0 && newpid != -1) {
404 all_pids[num_pids++] = newpid;
405 }
406 return newpid;
407}
408
409/**
410 * Kill all children.
411 *
412 * @todo It would be kind of nice to make sure that they are actually
413 * all our children before we kill them, because their pids may have
414 * been recycled by some other process. Perhaps when we wait for a
415 * child, we should remove it from this array. Alternatively we could
416 * perhaps use process groups, but I think that would not work on
417 * ancient Unix versions that don't support them.
418 **/
419void kill_all(int sig)
420{
421 int i;
422
423 for (i = 0; i < num_pids; i++) {
424 /* Let's just be a little careful where we
425 * point that gun, hey? See kill(2) for the
426 * magic caused by negative values. */
427 pid_t p = all_pids[i];
428
429 if (p == getpid())
430 continue;
431 if (p <= 0)
432 continue;
433
434 kill(p, sig);
435 }
436}
437
438
439/** Turn a user name into a uid */
440int name_to_uid(char *name, uid_t *uid)
441{
442 struct passwd *pass;
443 if (!name || !*name)
444 return 0;
445 pass = getpwnam(name);
446 if (pass) {
447 *uid = pass->pw_uid;
448 return 1;
449 }
450 return 0;
451}
452
453/** Turn a group name into a gid */
454int name_to_gid(char *name, gid_t *gid)
455{
456 struct group *grp;
457 if (!name || !*name)
458 return 0;
459 grp = getgrnam(name);
460 if (grp) {
461 *gid = grp->gr_gid;
462 return 1;
463 }
464 return 0;
465}
466
467
468/** Lock a byte range in a open file */
469int lock_range(int fd, int offset, int len)
470{
471 struct flock lock;
472
473 lock.l_type = F_WRLCK;
474 lock.l_whence = SEEK_SET;
475 lock.l_start = offset;
476 lock.l_len = len;
477 lock.l_pid = 0;
478
479 return fcntl(fd,F_SETLK,&lock) == 0;
480}
481
482static int exclude_server_path(char *arg)
483{
484 char *s;
485
486 if (server_exclude_list.head) {
487 for (s = arg; (s = strchr(s, '/')) != NULL; ) {
488 *s = '\0';
489 if (check_exclude(&server_exclude_list, arg, 1) < 0) {
490 /* We must leave arg truncated! */
491 return 1;
492 }
493 *s++ = '/';
494 }
495 }
496 return 0;
497}
498
499static void glob_expand_one(char *s, char ***argv_ptr, int *argc_ptr,
500 int *maxargs_ptr)
501{
502 char **argv = *argv_ptr;
503 int argc = *argc_ptr;
504 int maxargs = *maxargs_ptr;
505#if !(defined(HAVE_GLOB) && defined(HAVE_GLOB_H))
506 if (argc == maxargs) {
507 maxargs += MAX_ARGS;
508 if (!(argv = realloc_array(argv, char *, maxargs)))
509 out_of_memory("glob_expand_one");
510 *argv_ptr = argv;
511 *maxargs_ptr = maxargs;
512 }
513 if (!*s)
514 s = ".";
515 s = argv[argc++] = strdup(s);
516 exclude_server_path(s);
517#else
518 glob_t globbuf;
519 int i;
520
521 if (maxargs <= argc)
522 return;
523 if (!*s)
524 s = ".";
525
526 if (sanitize_paths)
527 s = sanitize_path(NULL, s, NULL);
528 else
529 s = strdup(s);
530
531 memset(&globbuf, 0, sizeof globbuf);
532 if (!exclude_server_path(s))
533 glob(s, 0, NULL, &globbuf);
534 if (MAX((int)globbuf.gl_pathc, 1) > maxargs - argc) {
535 maxargs += globbuf.gl_pathc + MAX_ARGS;
536 if (!(argv = realloc_array(argv, char *, maxargs)))
537 out_of_memory("glob_expand_one");
538 *argv_ptr = argv;
539 *maxargs_ptr = maxargs;
540 }
541 if (globbuf.gl_pathc == 0)
542 argv[argc++] = s;
543 else {
544 int j = globbuf.gl_pathc;
545 free(s);
546 for (i = 0; i < j; i++) {
547 if (!(argv[argc++] = strdup(globbuf.gl_pathv[i])))
548 out_of_memory("glob_expand_one");
549 }
550 }
551 globfree(&globbuf);
552#endif
553 *argc_ptr = argc;
554}
555
556/* This routine is only used in daemon mode. */
557void glob_expand(char *base1, char ***argv_ptr, int *argc_ptr, int *maxargs_ptr)
558{
559 char *s = (*argv_ptr)[*argc_ptr];
560 char *p, *q;
561 char *base = base1;
562 int base_len = strlen(base);
563
564 if (!s || !*s)
565 return;
566
567 if (strncmp(s, base, base_len) == 0)
568 s += base_len;
569
570 if (!(s = strdup(s)))
571 out_of_memory("glob_expand");
572
573 if (asprintf(&base," %s/", base1) <= 0)
574 out_of_memory("glob_expand");
575 base_len++;
576
577 for (q = s; *q; q = p + base_len) {
578 if ((p = strstr(q, base)) != NULL)
579 *p = '\0'; /* split it at this point */
580 glob_expand_one(q, argv_ptr, argc_ptr, maxargs_ptr);
581 if (!p)
582 break;
583 }
584
585 free(s);
586 free(base);
587}
588
589/**
590 * Convert a string to lower case
591 **/
592void strlower(char *s)
593{
594 while (*s) {
595 if (isupper(*(unsigned char *)s))
596 *s = tolower(*(unsigned char *)s);
597 s++;
598 }
599}
600
601/* Join strings p1 & p2 into "dest" with a guaranteed '/' between them. (If
602 * p1 ends with a '/', no extra '/' is inserted.) Returns the length of both
603 * strings + 1 (if '/' was inserted), regardless of whether the null-terminated
604 * string fits into destsize. */
605size_t pathjoin(char *dest, size_t destsize, const char *p1, const char *p2)
606{
607 size_t len = strlcpy(dest, p1, destsize);
608 if (len < destsize - 1) {
609 if (!len || dest[len-1] != '/')
610 dest[len++] = '/';
611 if (len < destsize - 1)
612 len += strlcpy(dest + len, p2, destsize - len);
613 else {
614 dest[len] = '\0';
615 len += strlen(p2);
616 }
617 }
618 else
619 len += strlen(p2) + 1; /* Assume we'd insert a '/'. */
620 return len;
621}
622
623/* Join any number of strings together, putting them in "dest". The return
624 * value is the length of all the strings, regardless of whether the null-
625 * terminated whole fits in destsize. Your list of string pointers must end
626 * with a NULL to indicate the end of the list. */
627size_t stringjoin(char *dest, size_t destsize, ...)
628{
629 va_list ap;
630 size_t len, ret = 0;
631 const char *src;
632
633 va_start(ap, destsize);
634 while (1) {
635 if (!(src = va_arg(ap, const char *)))
636 break;
637 len = strlen(src);
638 ret += len;
639 if (destsize > 1) {
640 if (len >= destsize)
641 len = destsize - 1;
642 memcpy(dest, src, len);
643 destsize -= len;
644 dest += len;
645 }
646 }
647 *dest = '\0';
648 va_end(ap);
649
650 return ret;
651}
652
653unsigned int clean_fname(char *name)
654{
655 char *limit = name - 1, *t = name, *f = name;
656 int anchored;
657
658 if (!name)
659 return 0;
660
661 if ((anchored = *f == '/') != 0)
662 *t++ = *f++;
663 while (*f) {
664 /* discard extra slashes */
665 if (*f == '/') {
666 f++;
667 continue;
668 }
669 if (*f == '.') {
670 /* discard "." dirs (but NOT a trailing '.'!) */
671 if (f[1] == '/') {
672 f += 2;
673 continue;
674 }
675 /* collapse ".." dirs */
676 if (f[1] == '.' && (f[2] == '/' || !f[2])) {
677 char *s = t - 1;
678 if (s == name && anchored) {
679 f += 2;
680 continue;
681 }
682 while (s > limit && *--s != '/') {}
683 if (s != t - 1 && (s < name || *s == '/')) {
684 t = s + 1;
685 f += 2;
686 continue;
687 }
688 *t++ = *f++;
689 *t++ = *f++;
690 limit = t;
691 }
692 }
693 while (*f && (*t++ = *f++) != '/') {}
694 }
695
696 if (t > name+anchored && t[-1] == '/')
697 t--;
698 if (t == name)
699 *t++ = '.';
700 *t = '\0';
701
702 return t - name;
703}
704
705/* Make path appear as if a chroot had occurred. This handles a leading
706 * "/" (either removing it or expanding it) and any leading or embedded
707 * ".." components that attempt to escape past the module's top dir.
708 *
709 * If dest is NULL, a buffer is allocated to hold the result. If dest is
710 * the same buffer as p (the path) OR if reldir is NULL, a leading slash
711 * is dropped instead of being expanded to be the module's top dir.
712 *
713 * If reldir is non-NULL (and non-empty), it is a sanitized directory that
714 * the path will be relative to, so allow as many '..'s at the beginning of
715 * the path as there are components in reldir. This is used for symbolic
716 * link targets. If reldir is non-null and the path began with "/", to be
717 * completely like a chroot we should add in depth levels of ".." at the
718 * beginning of the path, but that would blow the assumption that the path
719 * doesn't grow and it is not likely to end up being a valid symlink
720 * anyway, so just do the normal removal of the leading "/" instead.
721 *
722 * While we're at it, remove double slashes and "." components like
723 * clean_fname() does, but DON'T remove a trailing slash because that is
724 * sometimes significant on command line arguments.
725 *
726 * If the resulting path would be empty, change it into ".".
727 */
728char *sanitize_path(char *dest, const char *p, const char *reldir)
729{
730 char *start, *sanp;
731 int depth = 0;
732 int allowdotdot = 0;
733 int rlen = 0;
734
735 if (dest != p) {
736 int plen = strlen(p);
737 if (*p == '/' && reldir) {
738 rlen = strlen(lp_path(module_id));
739 reldir = NULL;
740 p++;
741 }
742 if (dest) {
743 if (rlen + plen + 1 >= MAXPATHLEN)
744 return NULL;
745 } else if (!(dest = new_array(char, rlen + plen + 1)))
746 out_of_memory("sanitize_path");
747 if (rlen) {
748 memcpy(dest, lp_path(module_id), rlen);
749 if (rlen > 1)
750 dest[rlen++] = '/';
751 }
752 }
753
754 if (reldir) {
755 int new_component = 1;
756 while (*reldir) {
757 if (*reldir++ == '/')
758 new_component = 1;
759 else if (new_component) {
760 new_component = 0;
761 depth++;
762 }
763 }
764 }
765
766 start = sanp = dest + rlen;
767 while (*p == '/') {
768 /* remove leading slashes */
769 p++;
770 }
771 while (*p != '\0') {
772 /* this loop iterates once per filename component in p.
773 * both p (and sanp if the original had a slash) should
774 * always be left pointing after a slash
775 */
776 if (*p == '.' && (p[1] == '/' || p[1] == '\0')) {
777 /* skip "." component */
778 while (*++p == '/') {
779 /* skip following slashes */
780 ;
781 }
782 continue;
783 }
784 allowdotdot = 0;
785 if (*p == '.' && p[1] == '.' && (p[2] == '/' || p[2] == '\0')) {
786 /* ".." component followed by slash or end */
787 if (depth > 0 && sanp == start) {
788 /* allow depth levels of .. at the beginning */
789 --depth;
790 allowdotdot = 1;
791 } else {
792 p += 2;
793 if (*p == '/')
794 p++;
795 if (sanp != start) {
796 /* back up sanp one level */
797 --sanp; /* now pointing at slash */
798 while (sanp > start && sanp[-1] != '/') {
799 /* skip back up to slash */
800 sanp--;
801 }
802 }
803 continue;
804 }
805 }
806 while (1) {
807 /* copy one component through next slash */
808 *sanp++ = *p++;
809 if (*p == '\0' || p[-1] == '/') {
810 while (*p == '/') {
811 /* skip multiple slashes */
812 p++;
813 }
814 break;
815 }
816 }
817 if (allowdotdot) {
818 /* move the virtual beginning to leave the .. alone */
819 start = sanp;
820 }
821 }
822 if (sanp == dest) {
823 /* ended up with nothing, so put in "." component */
824 *sanp++ = '.';
825 }
826 *sanp = '\0';
827
828 return dest;
829}
830
831char curr_dir[MAXPATHLEN];
832unsigned int curr_dir_len;
833
834/**
835 * Like chdir(), but it keeps track of the current directory (in the
836 * global "curr_dir"), and ensures that the path size doesn't overflow.
837 * Also cleans the path using the clean_fname() function.
838 **/
839int push_dir(char *dir)
840{
841 static int initialised;
842 unsigned int len;
843
844 if (!initialised) {
845 initialised = 1;
846 getcwd(curr_dir, sizeof curr_dir - 1);
847 curr_dir_len = strlen(curr_dir);
848 }
849
850 if (!dir) /* this call was probably just to initialize */
851 return 0;
852
853 len = strlen(dir);
854 if (len == 1 && *dir == '.')
855 return 1;
856
857 if ((*dir == '/' ? len : curr_dir_len + 1 + len) >= sizeof curr_dir)
858 return 0;
859
860 if (chdir(dir))
861 return 0;
862
863 if (*dir == '/') {
864 memcpy(curr_dir, dir, len + 1);
865 curr_dir_len = len;
866 } else {
867 curr_dir[curr_dir_len++] = '/';
868 memcpy(curr_dir + curr_dir_len, dir, len + 1);
869 curr_dir_len += len;
870 }
871
872 curr_dir_len = clean_fname(curr_dir);
873
874 return 1;
875}
876
877/**
878 * Reverse a push_dir() call. You must pass in an absolute path
879 * that was copied from a prior value of "curr_dir".
880 **/
881int pop_dir(char *dir)
882{
883 if (chdir(dir))
884 return 0;
885
886 curr_dir_len = strlcpy(curr_dir, dir, sizeof curr_dir);
887 if (curr_dir_len >= sizeof curr_dir)
888 curr_dir_len = sizeof curr_dir - 1;
889
890 return 1;
891}
892
893/**
894 * Return the filename, turning any newlines into '?'s. This ensures that
895 * outputting it on a line of its own cannot generate an empty line. This
896 * function can handle only 2 names at a time!
897 **/
898const char *safe_fname(const char *fname)
899{
900 static char fbuf1[MAXPATHLEN], fbuf2[MAXPATHLEN];
901 static char *fbuf = fbuf2;
902 char *nl = strchr(fname, '\n');
903
904 if (!nl)
905 return fname;
906
907 fbuf = fbuf == fbuf1 ? fbuf2 : fbuf1;
908 strlcpy(fbuf, fname, MAXPATHLEN);
909 nl = fbuf + (nl - (char *)fname);
910 do {
911 *nl = '?';
912 } while ((nl = strchr(nl+1, '\n')) != NULL);
913
914 return fbuf;
915}
916
917/**
918 * Return a quoted string with the full pathname of the indicated filename.
919 * The string " (in MODNAME)" may also be appended. The returned pointer
920 * remains valid until the next time full_fname() is called.
921 **/
922char *full_fname(const char *fn)
923{
924 static char *result = NULL;
925 char *m1, *m2, *m3;
926 char *p1, *p2;
927
928 if (result)
929 free(result);
930
931 fn = safe_fname(fn);
932 if (*fn == '/')
933 p1 = p2 = "";
934 else {
935 p1 = curr_dir;
936 p2 = "/";
937 }
938 if (module_id >= 0) {
939 m1 = " (in ";
940 m2 = lp_name(module_id);
941 m3 = ")";
942 if (*p1) {
943 if (!lp_use_chroot(module_id)) {
944 char *p = lp_path(module_id);
945 if (*p != '/' || p[1])
946 p1 += strlen(p);
947 }
948 if (!*p1)
949 p2++;
950 else
951 p1++;
952 }
953 else
954 fn++;
955 } else
956 m1 = m2 = m3 = "";
957
958 asprintf(&result, "\"%s%s%s\"%s%s%s", p1, p2, fn, m1, m2, m3);
959
960 return result;
961}
962
963static char partial_fname[MAXPATHLEN];
964
965char *partial_dir_fname(const char *fname)
966{
967 char *t = partial_fname;
968 int sz = sizeof partial_fname;
969 const char *fn;
970
971 if ((fn = strrchr(fname, '/')) != NULL) {
972 fn++;
973 if (*partial_dir != '/') {
974 int len = fn - fname;
975 strncpy(t, fname, len); /* safe */
976 t += len;
977 sz -= len;
978 }
979 } else
980 fn = fname;
981 if ((int)pathjoin(t, sz, partial_dir, fn) >= sz)
982 return NULL;
983 if (server_exclude_list.head
984 && check_exclude(&server_exclude_list, partial_fname, 0) < 0)
985 return NULL;
986
987 return partial_fname;
988}
989
990/* If no --partial-dir option was specified, we don't need to do anything
991 * (the partial-dir is essentially '.'), so just return success. */
992int handle_partial_dir(const char *fname, int create)
993{
994 char *fn, *dir;
995
996 if (fname != partial_fname)
997 return 1;
998 if (!create && *partial_dir == '/')
999 return 1;
1000 if (!(fn = strrchr(partial_fname, '/')))
1001 return 1;
1002
1003 *fn = '\0';
1004 dir = partial_fname;
1005 if (create) {
1006 STRUCT_STAT st;
1007#if SUPPORT_LINKS
1008 int statret = do_lstat(dir, &st);
1009#else
1010 int statret = do_stat(dir, &st);
1011#endif
1012 if (statret == 0 && !S_ISDIR(st.st_mode)) {
1013 if (do_unlink(dir) < 0)
1014 return 0;
1015 statret = -1;
1016 }
1017 if (statret < 0 && do_mkdir(dir, 0700) < 0)
1018 return 0;
1019 } else
1020 do_rmdir(dir);
1021 *fn = '/';
1022
1023 return 1;
1024}
1025
1026/** We need to supply our own strcmp function for file list comparisons
1027 to ensure that signed/unsigned usage is consistent between machines. */
1028int u_strcmp(const char *cs1, const char *cs2)
1029{
1030 const uchar *s1 = (const uchar *)cs1;
1031 const uchar *s2 = (const uchar *)cs2;
1032
1033 while (*s1 && *s2 && (*s1 == *s2)) {
1034 s1++; s2++;
1035 }
1036
1037 return (int)*s1 - (int)*s2;
1038}
1039
1040
1041
1042/**
1043 * Determine if a symlink points outside the current directory tree.
1044 * This is considered "unsafe" because e.g. when mirroring somebody
1045 * else's machine it might allow them to establish a symlink to
1046 * /etc/passwd, and then read it through a web server.
1047 *
1048 * Null symlinks and absolute symlinks are always unsafe.
1049 *
1050 * Basically here we are concerned with symlinks whose target contains
1051 * "..", because this might cause us to walk back up out of the
1052 * transferred directory. We are not allowed to go back up and
1053 * reenter.
1054 *
1055 * @param dest Target of the symlink in question.
1056 *
1057 * @param src Top source directory currently applicable. Basically this
1058 * is the first parameter to rsync in a simple invocation, but it's
1059 * modified by flist.c in slightly complex ways.
1060 *
1061 * @retval True if unsafe
1062 * @retval False is unsafe
1063 *
1064 * @sa t_unsafe.c
1065 **/
1066int unsafe_symlink(const char *dest, const char *src)
1067{
1068 const char *name, *slash;
1069 int depth = 0;
1070
1071 /* all absolute and null symlinks are unsafe */
1072 if (!dest || !*dest || *dest == '/')
1073 return 1;
1074
1075 /* find out what our safety margin is */
1076 for (name = src; (slash = strchr(name, '/')) != 0; name = slash+1) {
1077 if (strncmp(name, "../", 3) == 0) {
1078 depth = 0;
1079 } else if (strncmp(name, "./", 2) == 0) {
1080 /* nothing */
1081 } else {
1082 depth++;
1083 }
1084 }
1085 if (strcmp(name, "..") == 0)
1086 depth = 0;
1087
1088 for (name = dest; (slash = strchr(name, '/')) != 0; name = slash+1) {
1089 if (strncmp(name, "../", 3) == 0) {
1090 /* if at any point we go outside the current directory
1091 then stop - it is unsafe */
1092 if (--depth < 0)
1093 return 1;
1094 } else if (strncmp(name, "./", 2) == 0) {
1095 /* nothing */
1096 } else {
1097 depth++;
1098 }
1099 }
1100 if (strcmp(name, "..") == 0)
1101 depth--;
1102
1103 return (depth < 0);
1104}
1105
1106
1107/**
1108 * Return the date and time as a string
1109 **/
1110char *timestring(time_t t)
1111{
1112 static char TimeBuf[200];
1113 struct tm *tm = localtime(&t);
1114
1115#ifdef HAVE_STRFTIME
1116 strftime(TimeBuf, sizeof TimeBuf - 1, "%Y/%m/%d %H:%M:%S", tm);
1117#else
1118 strlcpy(TimeBuf, asctime(tm), sizeof TimeBuf);
1119#endif
1120
1121 if (TimeBuf[strlen(TimeBuf)-1] == '\n') {
1122 TimeBuf[strlen(TimeBuf)-1] = 0;
1123 }
1124
1125 return(TimeBuf);
1126}
1127
1128
1129/**
1130 * Sleep for a specified number of milliseconds.
1131 *
1132 * Always returns TRUE. (In the future it might return FALSE if
1133 * interrupted.)
1134 **/
1135int msleep(int t)
1136{
1137 int tdiff = 0;
1138 struct timeval tval, t1, t2;
1139
1140 gettimeofday(&t1, NULL);
1141
1142 while (tdiff < t) {
1143 tval.tv_sec = (t-tdiff)/1000;
1144 tval.tv_usec = 1000*((t-tdiff)%1000);
1145
1146 errno = 0;
1147 select(0,NULL,NULL, NULL, &tval);
1148
1149 gettimeofday(&t2, NULL);
1150 tdiff = (t2.tv_sec - t1.tv_sec)*1000 +
1151 (t2.tv_usec - t1.tv_usec)/1000;
1152 }
1153
1154 return True;
1155}
1156
1157
1158/**
1159 * Determine if two file modification times are equivalent (either
1160 * exact or in the modification timestamp window established by
1161 * --modify-window).
1162 *
1163 * @retval 0 if the times should be treated as the same
1164 *
1165 * @retval +1 if the first is later
1166 *
1167 * @retval -1 if the 2nd is later
1168 **/
1169int cmp_modtime(time_t file1, time_t file2)
1170{
1171 if (file2 > file1) {
1172 if (file2 - file1 <= modify_window)
1173 return 0;
1174 return -1;
1175 }
1176 if (file1 - file2 <= modify_window)
1177 return 0;
1178 return 1;
1179}
1180
1181
1182#ifdef __INSURE__XX
1183#include <dlfcn.h>
1184
1185/**
1186 This routine is a trick to immediately catch errors when debugging
1187 with insure. A xterm with a gdb is popped up when insure catches
1188 a error. It is Linux specific.
1189**/
1190int _Insure_trap_error(int a1, int a2, int a3, int a4, int a5, int a6)
1191{
1192 static int (*fn)();
1193 int ret;
1194 char *cmd;
1195
1196 asprintf(&cmd, "/usr/X11R6/bin/xterm -display :0 -T Panic -n Panic -e /bin/sh -c 'cat /tmp/ierrs.*.%d ; gdb /proc/%d/exe %d'",
1197 getpid(), getpid(), getpid());
1198
1199 if (!fn) {
1200 static void *h;
1201 h = dlopen("/usr/local/parasoft/insure++lite/lib.linux2/libinsure.so", RTLD_LAZY);
1202 fn = dlsym(h, "_Insure_trap_error");
1203 }
1204
1205 ret = fn(a1, a2, a3, a4, a5, a6);
1206
1207 system(cmd);
1208
1209 free(cmd);
1210
1211 return ret;
1212}
1213#endif
1214
1215
1216#define MALLOC_MAX 0x40000000
1217
1218void *_new_array(unsigned int size, unsigned long num)
1219{
1220 if (num >= MALLOC_MAX/size)
1221 return NULL;
1222 return malloc(size * num);
1223}
1224
1225void *_realloc_array(void *ptr, unsigned int size, unsigned long num)
1226{
1227 if (num >= MALLOC_MAX/size)
1228 return NULL;
1229 /* No realloc should need this, but just in case... */
1230 if (!ptr)
1231 return malloc(size * num);
1232 return realloc(ptr, size * num);
1233}
Matt McCutchen's repository for rsync, the fast and versatile remote file copier