Matt McCutchen's Web Site / rsync / rsync.git / blame_incremental
? search:
summary | shortlog | log | commit | commitdiff | tree
blob | blame (non-incremental) | history | HEAD
Use safe_fname() in full_fname().
[rsync/rsync.git] / util.c
... / ...
CommitLineData
1/* -*- c-file-style: "linux" -*-
2 *
3 * Copyright (C) 1996-2000 by Andrew Tridgell
4 * Copyright (C) Paul Mackerras 1996
5 * Copyright (C) 2001, 2002 by Martin Pool <mbp@samba.org>
6 *
7 * This program is free software; you can redistribute it and/or modify
8 * it under the terms of the GNU General Public License as published by
9 * the Free Software Foundation; either version 2 of the License, or
10 * (at your option) any later version.
11 *
12 * This program is distributed in the hope that it will be useful,
13 * but WITHOUT ANY WARRANTY; without even the implied warranty of
14 * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
15 * GNU General Public License for more details.
16 *
17 * You should have received a copy of the GNU General Public License
18 * along with this program; if not, write to the Free Software
19 * Foundation, Inc., 675 Mass Ave, Cambridge, MA 02139, USA.
20 */
21
22/**
23 * @file
24 *
25 * Utilities used in rsync
26 **/
27
28#include "rsync.h"
29
30extern int verbose;
31extern int dry_run;
32extern int module_id;
33extern int modify_window;
34extern struct exclude_list_struct server_exclude_list;
35
36int sanitize_paths = 0;
37
38
39
40/**
41 * Set a fd into nonblocking mode
42 **/
43void set_nonblocking(int fd)
44{
45 int val;
46
47 if ((val = fcntl(fd, F_GETFL, 0)) == -1)
48 return;
49 if (!(val & NONBLOCK_FLAG)) {
50 val |= NONBLOCK_FLAG;
51 fcntl(fd, F_SETFL, val);
52 }
53}
54
55/**
56 * Set a fd into blocking mode
57 **/
58void set_blocking(int fd)
59{
60 int val;
61
62 if ((val = fcntl(fd, F_GETFL, 0)) == -1)
63 return;
64 if (val & NONBLOCK_FLAG) {
65 val &= ~NONBLOCK_FLAG;
66 fcntl(fd, F_SETFL, val);
67 }
68}
69
70
71/**
72 * Create a file descriptor pair - like pipe() but use socketpair if
73 * possible (because of blocking issues on pipes).
74 *
75 * Always set non-blocking.
76 */
77int fd_pair(int fd[2])
78{
79 int ret;
80
81#if HAVE_SOCKETPAIR
82 ret = socketpair(AF_UNIX, SOCK_STREAM, 0, fd);
83#else
84 ret = pipe(fd);
85#endif
86
87 if (ret == 0) {
88 set_nonblocking(fd[0]);
89 set_nonblocking(fd[1]);
90 }
91
92 return ret;
93}
94
95
96void print_child_argv(char **cmd)
97{
98 rprintf(FINFO, "opening connection using ");
99 for (; *cmd; cmd++) {
100 /* Look for characters that ought to be quoted. This
101 * is not a great quoting algorithm, but it's
102 * sufficient for a log message. */
103 if (strspn(*cmd, "abcdefghijklmnopqrstuvwxyz"
104 "ABCDEFGHIJKLMNOPQRSTUVWXYZ"
105 "0123456789"
106 ",.-_=+@/") != strlen(*cmd)) {
107 rprintf(FINFO, "\"%s\" ", *cmd);
108 } else {
109 rprintf(FINFO, "%s ", *cmd);
110 }
111 }
112 rprintf(FINFO, "\n");
113}
114
115
116void out_of_memory(char *str)
117{
118 rprintf(FERROR, "ERROR: out of memory in %s\n", str);
119 exit_cleanup(RERR_MALLOC);
120}
121
122void overflow(char *str)
123{
124 rprintf(FERROR, "ERROR: buffer overflow in %s\n", str);
125 exit_cleanup(RERR_MALLOC);
126}
127
128
129
130int set_modtime(char *fname, time_t modtime)
131{
132 if (dry_run)
133 return 0;
134
135 if (verbose > 2) {
136 rprintf(FINFO, "set modtime of %s to (%ld) %s",
137 fname, (long)modtime,
138 asctime(localtime(&modtime)));
139 }
140
141 {
142#ifdef HAVE_UTIMBUF
143 struct utimbuf tbuf;
144 tbuf.actime = time(NULL);
145 tbuf.modtime = modtime;
146 return utime(fname,&tbuf);
147#elif defined(HAVE_UTIME)
148 time_t t[2];
149 t[0] = time(NULL);
150 t[1] = modtime;
151 return utime(fname,t);
152#else
153 struct timeval t[2];
154 t[0].tv_sec = time(NULL);
155 t[0].tv_usec = 0;
156 t[1].tv_sec = modtime;
157 t[1].tv_usec = 0;
158 return utimes(fname,t);
159#endif
160 }
161}
162
163
164/**
165 Create any necessary directories in fname. Unfortunately we don't know
166 what perms to give the directory when this is called so we need to rely
167 on the umask
168**/
169int create_directory_path(char *fname, int base_umask)
170{
171 char *p;
172
173 while (*fname == '/')
174 fname++;
175 while (strncmp(fname, "./", 2) == 0)
176 fname += 2;
177
178 p = fname;
179 while ((p = strchr(p,'/')) != NULL) {
180 *p = 0;
181 do_mkdir(fname, 0777 & ~base_umask);
182 *p = '/';
183 p++;
184 }
185 return 0;
186}
187
188
189/**
190 * Write @p len bytes at @p ptr to descriptor @p desc, retrying if
191 * interrupted.
192 *
193 * @retval len upon success
194 *
195 * @retval <0 write's (negative) error code
196 *
197 * Derived from GNU C's cccp.c.
198 */
199static int full_write(int desc, char *ptr, size_t len)
200{
201 int total_written;
202
203 total_written = 0;
204 while (len > 0) {
205 int written = write(desc, ptr, len);
206 if (written < 0) {
207 if (errno == EINTR)
208 continue;
209 return written;
210 }
211 total_written += written;
212 ptr += written;
213 len -= written;
214 }
215 return total_written;
216}
217
218
219/**
220 * Read @p len bytes at @p ptr from descriptor @p desc, retrying if
221 * interrupted.
222 *
223 * @retval >0 the actual number of bytes read
224 *
225 * @retval 0 for EOF
226 *
227 * @retval <0 for an error.
228 *
229 * Derived from GNU C's cccp.c. */
230static int safe_read(int desc, char *ptr, size_t len)
231{
232 int n_chars;
233
234 if (len == 0)
235 return len;
236
237 do {
238 n_chars = read(desc, ptr, len);
239 } while (n_chars < 0 && errno == EINTR);
240
241 return n_chars;
242}
243
244
245/** Copy a file.
246 *
247 * This is used in conjunction with the --temp-dir option */
248int copy_file(char *source, char *dest, mode_t mode)
249{
250 int ifd;
251 int ofd;
252 char buf[1024 * 8];
253 int len; /* Number of bytes read into `buf'. */
254
255 ifd = do_open(source, O_RDONLY, 0);
256 if (ifd == -1) {
257 rsyserr(FERROR, errno, "open %s", full_fname(source));
258 return -1;
259 }
260
261 if (robust_unlink(dest) && errno != ENOENT) {
262 rsyserr(FERROR, errno, "unlink %s", full_fname(dest));
263 return -1;
264 }
265
266 ofd = do_open(dest, O_WRONLY | O_CREAT | O_TRUNC | O_EXCL, mode);
267 if (ofd == -1) {
268 rsyserr(FERROR, errno, "open %s", full_fname(dest));
269 close(ifd);
270 return -1;
271 }
272
273 while ((len = safe_read(ifd, buf, sizeof buf)) > 0) {
274 if (full_write(ofd, buf, len) < 0) {
275 rsyserr(FERROR, errno, "write %s", full_fname(dest));
276 close(ifd);
277 close(ofd);
278 return -1;
279 }
280 }
281
282 if (len < 0) {
283 rsyserr(FERROR, errno, "read %s", full_fname(source));
284 close(ifd);
285 close(ofd);
286 return -1;
287 }
288
289 if (close(ifd) < 0) {
290 rsyserr(FINFO, errno, "close failed on %s",
291 full_fname(source));
292 }
293
294 if (close(ofd) < 0) {
295 rsyserr(FERROR, errno, "close failed on %s",
296 full_fname(dest));
297 return -1;
298 }
299
300 return 0;
301}
302
303/* MAX_RENAMES should be 10**MAX_RENAMES_DIGITS */
304#define MAX_RENAMES_DIGITS 3
305#define MAX_RENAMES 1000
306
307/**
308 * Robust unlink: some OS'es (HPUX) refuse to unlink busy files, so
309 * rename to <path>/.rsyncNNN instead.
310 *
311 * Note that successive rsync runs will shuffle the filenames around a
312 * bit as long as the file is still busy; this is because this function
313 * does not know if the unlink call is due to a new file coming in, or
314 * --delete trying to remove old .rsyncNNN files, hence it renames it
315 * each time.
316 **/
317int robust_unlink(char *fname)
318{
319#ifndef ETXTBSY
320 return do_unlink(fname);
321#else
322 static int counter = 1;
323 int rc, pos, start;
324 char path[MAXPATHLEN];
325
326 rc = do_unlink(fname);
327 if (rc == 0 || errno != ETXTBSY)
328 return rc;
329
330 if ((pos = strlcpy(path, fname, MAXPATHLEN)) >= MAXPATHLEN)
331 pos = MAXPATHLEN - 1;
332
333 while (pos > 0 && path[pos-1] != '/')
334 pos--;
335 pos += strlcpy(path+pos, ".rsync", MAXPATHLEN-pos);
336
337 if (pos > (MAXPATHLEN-MAX_RENAMES_DIGITS-1)) {
338 errno = ETXTBSY;
339 return -1;
340 }
341
342 /* start where the last one left off to reduce chance of clashes */
343 start = counter;
344 do {
345 sprintf(&path[pos], "%03d", counter);
346 if (++counter >= MAX_RENAMES)
347 counter = 1;
348 } while ((rc = access(path, 0)) == 0 && counter != start);
349
350 if (verbose > 0) {
351 rprintf(FINFO,"renaming %s to %s because of text busy\n",
352 fname, path);
353 }
354
355 /* maybe we should return rename()'s exit status? Nah. */
356 if (do_rename(fname, path) != 0) {
357 errno = ETXTBSY;
358 return -1;
359 }
360 return 0;
361#endif
362}
363
364/* Returns 0 on success, -1 on most errors, and -2 if we got an error
365 * trying to copy the file across file systems. */
366int robust_rename(char *from, char *to, int mode)
367{
368 int tries = 4;
369
370 while (tries--) {
371 if (do_rename(from, to) == 0)
372 return 0;
373
374 switch (errno) {
375#ifdef ETXTBSY
376 case ETXTBSY:
377 if (robust_unlink(to) != 0)
378 return -1;
379 break;
380#endif
381 case EXDEV:
382 if (copy_file(from, to, mode) != 0)
383 return -2;
384 do_unlink(from);
385 return 0;
386 default:
387 return -1;
388 }
389 }
390 return -1;
391}
392
393
394static pid_t all_pids[10];
395static int num_pids;
396
397/** Fork and record the pid of the child. **/
398pid_t do_fork(void)
399{
400 pid_t newpid = fork();
401
402 if (newpid != 0 && newpid != -1) {
403 all_pids[num_pids++] = newpid;
404 }
405 return newpid;
406}
407
408/**
409 * Kill all children.
410 *
411 * @todo It would be kind of nice to make sure that they are actually
412 * all our children before we kill them, because their pids may have
413 * been recycled by some other process. Perhaps when we wait for a
414 * child, we should remove it from this array. Alternatively we could
415 * perhaps use process groups, but I think that would not work on
416 * ancient Unix versions that don't support them.
417 **/
418void kill_all(int sig)
419{
420 int i;
421
422 for (i = 0; i < num_pids; i++) {
423 /* Let's just be a little careful where we
424 * point that gun, hey? See kill(2) for the
425 * magic caused by negative values. */
426 pid_t p = all_pids[i];
427
428 if (p == getpid())
429 continue;
430 if (p <= 0)
431 continue;
432
433 kill(p, sig);
434 }
435}
436
437
438/** Turn a user name into a uid */
439int name_to_uid(char *name, uid_t *uid)
440{
441 struct passwd *pass;
442 if (!name || !*name)
443 return 0;
444 pass = getpwnam(name);
445 if (pass) {
446 *uid = pass->pw_uid;
447 return 1;
448 }
449 return 0;
450}
451
452/** Turn a group name into a gid */
453int name_to_gid(char *name, gid_t *gid)
454{
455 struct group *grp;
456 if (!name || !*name)
457 return 0;
458 grp = getgrnam(name);
459 if (grp) {
460 *gid = grp->gr_gid;
461 return 1;
462 }
463 return 0;
464}
465
466
467/** Lock a byte range in a open file */
468int lock_range(int fd, int offset, int len)
469{
470 struct flock lock;
471
472 lock.l_type = F_WRLCK;
473 lock.l_whence = SEEK_SET;
474 lock.l_start = offset;
475 lock.l_len = len;
476 lock.l_pid = 0;
477
478 return fcntl(fd,F_SETLK,&lock) == 0;
479}
480
481static int exclude_server_path(char *arg)
482{
483 char *s;
484
485 if (server_exclude_list.head) {
486 for (s = arg; (s = strchr(s, '/')) != NULL; ) {
487 *s = '\0';
488 if (check_exclude(&server_exclude_list, arg, 1) < 0) {
489 /* We must leave arg truncated! */
490 return 1;
491 }
492 *s++ = '/';
493 }
494 }
495 return 0;
496}
497
498static void glob_expand_one(char *s, char ***argv_ptr, int *argc_ptr,
499 int *maxargs_ptr)
500{
501 char **argv = *argv_ptr;
502 int argc = *argc_ptr;
503 int maxargs = *maxargs_ptr;
504#if !(defined(HAVE_GLOB) && defined(HAVE_GLOB_H))
505 if (argc == maxargs) {
506 maxargs += MAX_ARGS;
507 if (!(argv = realloc_array(argv, char *, maxargs)))
508 out_of_memory("glob_expand_one");
509 *argv_ptr = argv;
510 *maxargs_ptr = maxargs;
511 }
512 if (!*s)
513 s = ".";
514 s = argv[argc++] = strdup(s);
515 exclude_server_path(s);
516#else
517 glob_t globbuf;
518 int i;
519
520 if (maxargs <= argc)
521 return;
522 if (!*s)
523 s = ".";
524
525 s = strdup(s);
526 if (sanitize_paths)
527 sanitize_path(s, NULL);
528
529 memset(&globbuf, 0, sizeof globbuf);
530 if (!exclude_server_path(s))
531 glob(s, 0, NULL, &globbuf);
532 if (MAX((int)globbuf.gl_pathc, 1) > maxargs - argc) {
533 maxargs += globbuf.gl_pathc + MAX_ARGS;
534 if (!(argv = realloc_array(argv, char *, maxargs)))
535 out_of_memory("glob_expand_one");
536 *argv_ptr = argv;
537 *maxargs_ptr = maxargs;
538 }
539 if (globbuf.gl_pathc == 0)
540 argv[argc++] = s;
541 else {
542 int j = globbuf.gl_pathc;
543 free(s);
544 for (i = 0; i < j; i++) {
545 if (!(argv[argc++] = strdup(globbuf.gl_pathv[i])))
546 out_of_memory("glob_expand_one");
547 }
548 }
549 globfree(&globbuf);
550#endif
551 *argc_ptr = argc;
552}
553
554/* This routine is only used in daemon mode. */
555void glob_expand(char *base1, char ***argv_ptr, int *argc_ptr, int *maxargs_ptr)
556{
557 char *s = (*argv_ptr)[*argc_ptr];
558 char *p, *q;
559 char *base = base1;
560 int base_len = strlen(base);
561
562 if (!s || !*s)
563 return;
564
565 if (strncmp(s, base, base_len) == 0)
566 s += base_len;
567
568 if (!(s = strdup(s)))
569 out_of_memory("glob_expand");
570
571 if (asprintf(&base," %s/", base1) <= 0)
572 out_of_memory("glob_expand");
573 base_len++;
574
575 for (q = s; *q; q = p + base_len) {
576 if ((p = strstr(q, base)) != NULL)
577 *p = '\0'; /* split it at this point */
578 glob_expand_one(q, argv_ptr, argc_ptr, maxargs_ptr);
579 if (!p)
580 break;
581 }
582
583 free(s);
584 free(base);
585}
586
587/**
588 * Convert a string to lower case
589 **/
590void strlower(char *s)
591{
592 while (*s) {
593 if (isupper(*(unsigned char *)s))
594 *s = tolower(*(unsigned char *)s);
595 s++;
596 }
597}
598
599/* Join strings p1 & p2 into "dest" with a guaranteed '/' between them. (If
600 * p1 ends with a '/', no extra '/' is inserted.) Returns the length of both
601 * strings + 1 (if '/' was inserted), regardless of whether the null-terminated
602 * string fits into destsize. */
603size_t pathjoin(char *dest, size_t destsize, const char *p1, const char *p2)
604{
605 size_t len = strlcpy(dest, p1, destsize);
606 if (len < destsize - 1) {
607 if (!len || dest[len-1] != '/')
608 dest[len++] = '/';
609 if (len < destsize - 1)
610 len += strlcpy(dest + len, p2, destsize - len);
611 else {
612 dest[len] = '\0';
613 len += strlen(p2);
614 }
615 }
616 else
617 len += strlen(p2) + 1; /* Assume we'd insert a '/'. */
618 return len;
619}
620
621/* Join any number of strings together, putting them in "dest". The return
622 * value is the length of all the strings, regardless of whether the null-
623 * terminated whole fits in destsize. Your list of string pointers must end
624 * with a NULL to indicate the end of the list. */
625size_t stringjoin(char *dest, size_t destsize, ...)
626{
627 va_list ap;
628 size_t len, ret = 0;
629 const char *src;
630
631 va_start(ap, destsize);
632 while (1) {
633 if (!(src = va_arg(ap, const char *)))
634 break;
635 len = strlen(src);
636 ret += len;
637 if (destsize > 1) {
638 if (len >= destsize)
639 len = destsize - 1;
640 memcpy(dest, src, len);
641 destsize -= len;
642 dest += len;
643 }
644 }
645 *dest = '\0';
646 va_end(ap);
647
648 return ret;
649}
650
651void clean_fname(char *name)
652{
653 char *p;
654 int l;
655 int modified = 1;
656
657 if (!name)
658 return;
659
660 while (modified) {
661 modified = 0;
662
663 if ((p = strstr(name,"/./")) != NULL) {
664 modified = 1;
665 while (*p) {
666 p[0] = p[2];
667 p++;
668 }
669 }
670
671 if ((p = strstr(name,"//")) != NULL) {
672 modified = 1;
673 while (*p) {
674 p[0] = p[1];
675 p++;
676 }
677 }
678
679 if (strncmp(p = name, "./", 2) == 0) {
680 modified = 1;
681 do {
682 p[0] = p[2];
683 } while (*p++);
684 }
685
686 l = strlen(p = name);
687 if (l > 1 && p[l-1] == '/') {
688 modified = 1;
689 p[l-1] = 0;
690 }
691 }
692}
693
694/**
695 * Make path appear as if a chroot had occurred:
696 *
697 * @li 1. remove leading "/" (or replace with "." if at end)
698 *
699 * @li 2. remove leading ".." components (except those allowed by @p reldir)
700 *
701 * @li 3. delete any other "<dir>/.." (recursively)
702 *
703 * Can only shrink paths, so sanitizes in place.
704 *
705 * While we're at it, remove double slashes and "." components like
706 * clean_fname() does, but DON'T remove a trailing slash because that
707 * is sometimes significant on command line arguments.
708 *
709 * If @p reldir is non-null, it is a sanitized directory that the path will be
710 * relative to, so allow as many ".." at the beginning of the path as
711 * there are components in reldir. This is used for symbolic link targets.
712 * If reldir is non-null and the path began with "/", to be completely like
713 * a chroot we should add in depth levels of ".." at the beginning of the
714 * path, but that would blow the assumption that the path doesn't grow and
715 * it is not likely to end up being a valid symlink anyway, so just do
716 * the normal removal of the leading "/" instead.
717 *
718 * Contributed by Dave Dykstra <dwd@bell-labs.com>
719 */
720void sanitize_path(char *p, char *reldir)
721{
722 char *start, *sanp;
723 int depth = 0;
724 int allowdotdot = 0;
725
726 if (reldir) {
727 int new_component = 1;
728 while (*reldir) {
729 if (*reldir++ == '/')
730 new_component = 1;
731 else if (new_component) {
732 new_component = 0;
733 depth++;
734 }
735 }
736 }
737 start = p;
738 sanp = p;
739 while (*p == '/') {
740 /* remove leading slashes */
741 p++;
742 }
743 while (*p != '\0') {
744 /* this loop iterates once per filename component in p.
745 * both p (and sanp if the original had a slash) should
746 * always be left pointing after a slash
747 */
748 if (*p == '.' && (p[1] == '/' || p[1] == '\0')) {
749 /* skip "." component */
750 while (*++p == '/') {
751 /* skip following slashes */
752 ;
753 }
754 continue;
755 }
756 allowdotdot = 0;
757 if (*p == '.' && p[1] == '.' && (p[2] == '/' || p[2] == '\0')) {
758 /* ".." component followed by slash or end */
759 if (depth > 0 && sanp == start) {
760 /* allow depth levels of .. at the beginning */
761 --depth;
762 allowdotdot = 1;
763 } else {
764 p += 2;
765 if (*p == '/')
766 p++;
767 if (sanp != start) {
768 /* back up sanp one level */
769 --sanp; /* now pointing at slash */
770 while (sanp > start && sanp[-1] != '/') {
771 /* skip back up to slash */
772 sanp--;
773 }
774 }
775 continue;
776 }
777 }
778 while (1) {
779 /* copy one component through next slash */
780 *sanp++ = *p++;
781 if (*p == '\0' || p[-1] == '/') {
782 while (*p == '/') {
783 /* skip multiple slashes */
784 p++;
785 }
786 break;
787 }
788 }
789 if (allowdotdot) {
790 /* move the virtual beginning to leave the .. alone */
791 start = sanp;
792 }
793 }
794 if (sanp == start && !allowdotdot) {
795 /* ended up with nothing, so put in "." component */
796 /*
797 * note that the !allowdotdot doesn't prevent this from
798 * happening in all allowed ".." situations, but I didn't
799 * think it was worth putting in an extra variable to ensure
800 * it since an extra "." won't hurt in those situations.
801 */
802 *sanp++ = '.';
803 }
804 *sanp = '\0';
805}
806
807/* Works much like sanitize_path(), with these differences: (1) a new buffer
808 * is allocated for the sanitized path rather than modifying it in-place; (2)
809 * a leading slash gets transformed into the rootdir value (which can be empty
810 * or NULL if you just want the slash to get dropped); (3) no "reldir" can be
811 * specified. */
812char *alloc_sanitize_path(const char *path, const char *rootdir)
813{
814 char *buf;
815 int rlen, plen = strlen(path);
816
817 if (*path == '/' && rootdir) {
818 rlen = strlen(rootdir);
819 if (rlen == 1)
820 path++;
821 } else
822 rlen = 0;
823 if (!(buf = new_array(char, rlen + plen + 1)))
824 out_of_memory("alloc_sanitize_path");
825 if (rlen)
826 memcpy(buf, rootdir, rlen);
827 memcpy(buf + rlen, path, plen + 1);
828
829 if (rlen > 1)
830 rlen++;
831 sanitize_path(buf + rlen, NULL);
832 if (rlen && buf[rlen] == '.' && buf[rlen+1] == '\0') {
833 if (rlen > 1)
834 rlen--;
835 buf[rlen] = '\0';
836 }
837
838 return buf;
839}
840
841char curr_dir[MAXPATHLEN];
842unsigned int curr_dir_len;
843
844/**
845 * Like chdir(), but it keeps track of the current directory (in the
846 * global "curr_dir"), and ensures that the path size doesn't overflow.
847 * Also cleans the path using the clean_fname() function.
848 **/
849int push_dir(char *dir)
850{
851 static int initialised;
852 unsigned int len;
853
854 if (!initialised) {
855 initialised = 1;
856 getcwd(curr_dir, sizeof curr_dir - 1);
857 curr_dir_len = strlen(curr_dir);
858 }
859
860 if (!dir) /* this call was probably just to initialize */
861 return 0;
862
863 len = strlen(dir);
864 if (len == 1 && *dir == '.')
865 return 1;
866
867 if ((*dir == '/' ? len : curr_dir_len + 1 + len) >= sizeof curr_dir)
868 return 0;
869
870 if (chdir(dir))
871 return 0;
872
873 if (*dir == '/') {
874 memcpy(curr_dir, dir, len + 1);
875 curr_dir_len = len;
876 } else {
877 curr_dir[curr_dir_len++] = '/';
878 memcpy(curr_dir + curr_dir_len, dir, len + 1);
879 curr_dir_len += len;
880 }
881
882 clean_fname(curr_dir);
883
884 return 1;
885}
886
887/**
888 * Reverse a push_dir() call. You must pass in an absolute path
889 * that was copied from a prior value of "curr_dir".
890 **/
891int pop_dir(char *dir)
892{
893 if (chdir(dir))
894 return 0;
895
896 curr_dir_len = strlcpy(curr_dir, dir, sizeof curr_dir);
897 if (curr_dir_len >= sizeof curr_dir)
898 curr_dir_len = sizeof curr_dir - 1;
899
900 return 1;
901}
902
903/**
904 * Return the filename, turning any newlines into '?'s. This ensures that
905 * outputting it on a line of its own cannot generate an empty line.
906 **/
907const char *safe_fname(const char *fname)
908{
909 static char fbuf[MAXPATHLEN];
910 char *nl = strchr(fname, '\n');
911
912 if (!nl)
913 return fname;
914
915 strlcpy(fbuf, fname, sizeof fbuf);
916 nl = fbuf + (nl - (char *)fname);
917 do {
918 *nl = '?';
919 } while ((nl = strchr(nl+1, '\n')) != NULL);
920
921 return fbuf;
922}
923
924/**
925 * Return a quoted string with the full pathname of the indicated filename.
926 * The string " (in MODNAME)" may also be appended. The returned pointer
927 * remains valid until the next time full_fname() is called.
928 **/
929char *full_fname(const char *fn)
930{
931 static char *result = NULL;
932 char *m1, *m2, *m3;
933 char *p1, *p2;
934
935 if (result)
936 free(result);
937
938 fn = safe_fname(fn);
939 if (*fn == '/')
940 p1 = p2 = "";
941 else {
942 p1 = curr_dir;
943 p2 = "/";
944 }
945 if (module_id >= 0) {
946 m1 = " (in ";
947 m2 = lp_name(module_id);
948 m3 = ")";
949 if (*p1) {
950 if (!lp_use_chroot(module_id)) {
951 char *p = lp_path(module_id);
952 if (*p != '/' || p[1])
953 p1 += strlen(p);
954 }
955 if (!*p1)
956 p2++;
957 else
958 p1++;
959 }
960 else
961 fn++;
962 } else
963 m1 = m2 = m3 = "";
964
965 asprintf(&result, "\"%s%s%s\"%s%s%s", p1, p2, fn, m1, m2, m3);
966
967 return result;
968}
969
970/** We need to supply our own strcmp function for file list comparisons
971 to ensure that signed/unsigned usage is consistent between machines. */
972int u_strcmp(const char *cs1, const char *cs2)
973{
974 const uchar *s1 = (const uchar *)cs1;
975 const uchar *s2 = (const uchar *)cs2;
976
977 while (*s1 && *s2 && (*s1 == *s2)) {
978 s1++; s2++;
979 }
980
981 return (int)*s1 - (int)*s2;
982}
983
984
985
986/**
987 * Determine if a symlink points outside the current directory tree.
988 * This is considered "unsafe" because e.g. when mirroring somebody
989 * else's machine it might allow them to establish a symlink to
990 * /etc/passwd, and then read it through a web server.
991 *
992 * Null symlinks and absolute symlinks are always unsafe.
993 *
994 * Basically here we are concerned with symlinks whose target contains
995 * "..", because this might cause us to walk back up out of the
996 * transferred directory. We are not allowed to go back up and
997 * reenter.
998 *
999 * @param dest Target of the symlink in question.
1000 *
1001 * @param src Top source directory currently applicable. Basically this
1002 * is the first parameter to rsync in a simple invocation, but it's
1003 * modified by flist.c in slightly complex ways.
1004 *
1005 * @retval True if unsafe
1006 * @retval False is unsafe
1007 *
1008 * @sa t_unsafe.c
1009 **/
1010int unsafe_symlink(const char *dest, const char *src)
1011{
1012 const char *name, *slash;
1013 int depth = 0;
1014
1015 /* all absolute and null symlinks are unsafe */
1016 if (!dest || !*dest || *dest == '/')
1017 return 1;
1018
1019 /* find out what our safety margin is */
1020 for (name = src; (slash = strchr(name, '/')) != 0; name = slash+1) {
1021 if (strncmp(name, "../", 3) == 0) {
1022 depth = 0;
1023 } else if (strncmp(name, "./", 2) == 0) {
1024 /* nothing */
1025 } else {
1026 depth++;
1027 }
1028 }
1029 if (strcmp(name, "..") == 0)
1030 depth = 0;
1031
1032 for (name = dest; (slash = strchr(name, '/')) != 0; name = slash+1) {
1033 if (strncmp(name, "../", 3) == 0) {
1034 /* if at any point we go outside the current directory
1035 then stop - it is unsafe */
1036 if (--depth < 0)
1037 return 1;
1038 } else if (strncmp(name, "./", 2) == 0) {
1039 /* nothing */
1040 } else {
1041 depth++;
1042 }
1043 }
1044 if (strcmp(name, "..") == 0)
1045 depth--;
1046
1047 return (depth < 0);
1048}
1049
1050
1051/**
1052 * Return the date and time as a string
1053 **/
1054char *timestring(time_t t)
1055{
1056 static char TimeBuf[200];
1057 struct tm *tm = localtime(&t);
1058
1059#ifdef HAVE_STRFTIME
1060 strftime(TimeBuf, sizeof TimeBuf - 1, "%Y/%m/%d %H:%M:%S", tm);
1061#else
1062 strlcpy(TimeBuf, asctime(tm), sizeof TimeBuf);
1063#endif
1064
1065 if (TimeBuf[strlen(TimeBuf)-1] == '\n') {
1066 TimeBuf[strlen(TimeBuf)-1] = 0;
1067 }
1068
1069 return(TimeBuf);
1070}
1071
1072
1073/**
1074 * Sleep for a specified number of milliseconds.
1075 *
1076 * Always returns TRUE. (In the future it might return FALSE if
1077 * interrupted.)
1078 **/
1079int msleep(int t)
1080{
1081 int tdiff = 0;
1082 struct timeval tval, t1, t2;
1083
1084 gettimeofday(&t1, NULL);
1085
1086 while (tdiff < t) {
1087 tval.tv_sec = (t-tdiff)/1000;
1088 tval.tv_usec = 1000*((t-tdiff)%1000);
1089
1090 errno = 0;
1091 select(0,NULL,NULL, NULL, &tval);
1092
1093 gettimeofday(&t2, NULL);
1094 tdiff = (t2.tv_sec - t1.tv_sec)*1000 +
1095 (t2.tv_usec - t1.tv_usec)/1000;
1096 }
1097
1098 return True;
1099}
1100
1101
1102/**
1103 * Determine if two file modification times are equivalent (either
1104 * exact or in the modification timestamp window established by
1105 * --modify-window).
1106 *
1107 * @retval 0 if the times should be treated as the same
1108 *
1109 * @retval +1 if the first is later
1110 *
1111 * @retval -1 if the 2nd is later
1112 **/
1113int cmp_modtime(time_t file1, time_t file2)
1114{
1115 if (file2 > file1) {
1116 if (file2 - file1 <= modify_window)
1117 return 0;
1118 return -1;
1119 }
1120 if (file1 - file2 <= modify_window)
1121 return 0;
1122 return 1;
1123}
1124
1125
1126#ifdef __INSURE__XX
1127#include <dlfcn.h>
1128
1129/**
1130 This routine is a trick to immediately catch errors when debugging
1131 with insure. A xterm with a gdb is popped up when insure catches
1132 a error. It is Linux specific.
1133**/
1134int _Insure_trap_error(int a1, int a2, int a3, int a4, int a5, int a6)
1135{
1136 static int (*fn)();
1137 int ret;
1138 char *cmd;
1139
1140 asprintf(&cmd, "/usr/X11R6/bin/xterm -display :0 -T Panic -n Panic -e /bin/sh -c 'cat /tmp/ierrs.*.%d ; gdb /proc/%d/exe %d'",
1141 getpid(), getpid(), getpid());
1142
1143 if (!fn) {
1144 static void *h;
1145 h = dlopen("/usr/local/parasoft/insure++lite/lib.linux2/libinsure.so", RTLD_LAZY);
1146 fn = dlsym(h, "_Insure_trap_error");
1147 }
1148
1149 ret = fn(a1, a2, a3, a4, a5, a6);
1150
1151 system(cmd);
1152
1153 free(cmd);
1154
1155 return ret;
1156}
1157#endif
1158
1159
1160#define MALLOC_MAX 0x40000000
1161
1162void *_new_array(unsigned int size, unsigned long num)
1163{
1164 if (num >= MALLOC_MAX/size)
1165 return NULL;
1166 return malloc(size * num);
1167}
1168
1169void *_realloc_array(void *ptr, unsigned int size, unsigned long num)
1170{
1171 if (num >= MALLOC_MAX/size)
1172 return NULL;
1173 /* No realloc should need this, but just in case... */
1174 if (!ptr)
1175 return malloc(size * num);
1176 return realloc(ptr, size * num);
1177}
Matt McCutchen's repository for rsync, the fast and versatile remote file copier