-/* -*- c-file-style: "linux" -*-
+/*
+ * Utility routines used in rsync.
*
- * Copyright (C) 1996-2000 by Andrew Tridgell
- * Copyright (C) Paul Mackerras 1996
- * Copyright (C) 2001, 2002 by Martin Pool <mbp@samba.org>
+ * Copyright (C) 1996-2000 Andrew Tridgell
+ * Copyright (C) 1996 Paul Mackerras
+ * Copyright (C) 2001, 2002 Martin Pool <mbp@samba.org>
+ * Copyright (C) 2003, 2004, 2005, 2006 Wayne Davison
*
* This program is free software; you can redistribute it and/or modify
* it under the terms of the GNU General Public License as published by
* MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
* GNU General Public License for more details.
*
- * You should have received a copy of the GNU General Public License
- * along with this program; if not, write to the Free Software
- * Foundation, Inc., 675 Mass Ave, Cambridge, MA 02139, USA.
+ * You should have received a copy of the GNU General Public License along
+ * with this program; if not, write to the Free Software Foundation, Inc.,
+ * 51 Franklin Street - Fifth Floor, Boston, MA 02110-1301, USA.
*/
-/**
- * @file
- *
- * Utilities used in rsync
- **/
-
#include "rsync.h"
extern int verbose;
extern int modify_window;
extern int relative_paths;
extern int human_readable;
+extern unsigned int module_dirlen;
+extern mode_t orig_umask;
extern char *partial_dir;
extern struct filter_list_struct server_filter_list;
int sanitize_paths = 0;
+char curr_dir[MAXPATHLEN];
+unsigned int curr_dir_len;
+int curr_dir_depth; /* This is only set for a sanitizing daemon. */
-
-/**
- * Set a fd into nonblocking mode
- **/
+/* Set a fd into nonblocking mode. */
void set_nonblocking(int fd)
{
int val;
}
}
-/**
- * Set a fd into blocking mode
- **/
+/* Set a fd into blocking mode. */
void set_blocking(int fd)
{
int val;
}
}
-
/**
* Create a file descriptor pair - like pipe() but use socketpair if
* possible (because of blocking issues on pipes).
return ret;
}
-
void print_child_argv(char **cmd)
{
rprintf(FINFO, "opening connection using ");
"ABCDEFGHIJKLMNOPQRSTUVWXYZ"
"0123456789"
",.-_=+@/") != strlen(*cmd)) {
- rprintf(FINFO, "\"%s\" ", safe_fname(*cmd));
+ rprintf(FINFO, "\"%s\" ", *cmd);
} else {
- rprintf(FINFO, "%s ", safe_fname(*cmd));
+ rprintf(FINFO, "%s ", *cmd);
}
}
rprintf(FINFO, "\n");
}
-
void out_of_memory(char *str)
{
rprintf(FERROR, "ERROR: out of memory in %s\n", str);
exit_cleanup(RERR_MALLOC);
}
-
-
int set_modtime(char *fname, time_t modtime, mode_t mode)
{
#if !defined HAVE_LUTIMES || !defined HAVE_UTIMES
if (verbose > 2) {
rprintf(FINFO, "set modtime of %s to (%ld) %s",
- safe_fname(fname), (long)modtime,
+ fname, (long)modtime,
asctime(localtime(&modtime)));
}
}
}
+/* This creates a new directory with default permissions. Since there
+ * might be some directory-default permissions affecting this, we can't
+ * force the permissions directly using the original umask and mkdir(). */
+int mkdir_defmode(char *fname)
+{
+ int ret;
-/**
- Create any necessary directories in fname. Unfortunately we don't know
- what perms to give the directory when this is called so we need to rely
- on the umask
-**/
-int create_directory_path(char *fname, int base_umask)
+ umask(orig_umask);
+ ret = do_mkdir(fname, ACCESSPERMS);
+ umask(0);
+
+ return ret;
+}
+
+/* Create any necessary directories in fname. Any missing directories are
+ * created with default permissions. */
+int create_directory_path(char *fname)
{
char *p;
+ int ret = 0;
while (*fname == '/')
fname++;
while (strncmp(fname, "./", 2) == 0)
fname += 2;
+ umask(orig_umask);
p = fname;
while ((p = strchr(p,'/')) != NULL) {
- *p = 0;
- do_mkdir(fname, 0777 & ~base_umask);
- *p = '/';
- p++;
+ *p = '\0';
+ if (do_mkdir(fname, ACCESSPERMS) < 0 && errno != EEXIST)
+ ret = -1;
+ *p++ = '/';
}
- return 0;
-}
+ umask(0);
+ return ret;
+}
/**
* Write @p len bytes at @p ptr to descriptor @p desc, retrying if
return total_written;
}
-
/**
* Read @p len bytes at @p ptr from descriptor @p desc, retrying if
* interrupted.
return n_chars;
}
-
/** Copy a file.
*
* This is used in conjunction with the --temp-dir, --backup, and
* --copy-dest options. */
-int copy_file(char *source, char *dest, mode_t mode)
+int copy_file(const char *source, const char *dest, mode_t mode)
{
int ifd;
int ofd;
* --delete trying to remove old .rsyncNNN files, hence it renames it
* each time.
**/
-int robust_unlink(char *fname)
+int robust_unlink(const char *fname)
{
#ifndef ETXTBSY
return do_unlink(fname);
if (verbose > 0) {
rprintf(FINFO,"renaming %s to %s because of text busy\n",
- safe_fname(fname), safe_fname(path));
+ fname, path);
}
/* maybe we should return rename()'s exit status? Nah. */
}
/* Returns 0 on successful rename, 1 if we successfully copied the file
- * across filesystems, -2 if copy_file() failed, and -1 on other errors. */
-int robust_rename(char *from, char *to, int mode)
+ * across filesystems, -2 if copy_file() failed, and -1 on other errors.
+ * If partialptr is not NULL and we need to do a copy, copy the file into
+ * the active partial-dir instead of over the destination file. */
+int robust_rename(char *from, char *to, char *partialptr,
+ int mode)
{
int tries = 4;
break;
#endif
case EXDEV:
+ if (partialptr) {
+ if (!handle_partial_dir(partialptr,PDIR_CREATE))
+ return -1;
+ to = partialptr;
+ }
if (copy_file(from, to, mode) != 0)
return -2;
do_unlink(from);
return -1;
}
-
static pid_t all_pids[10];
static int num_pids;
}
}
-
/** Turn a user name into a uid */
int name_to_uid(char *name, uid_t *uid)
{
return 0;
}
-
/** Lock a byte range in a open file */
int lock_range(int fd, int offset, int len)
{
s = ".";
if (sanitize_paths)
- s = sanitize_path(NULL, s, "", 0);
+ s = sanitize_path(NULL, s, "", 0, NULL);
else
s = strdup(s);
int cnt = 0, new_component = 1;
while (*p) {
if (*p++ == '/')
- new_component = 1;
+ new_component = (*p != '.' || (p[1] != '/' && p[1] != '\0'));
else if (new_component) {
new_component = 0;
cnt++;
* The rootdir string contains a value to use in place of a leading slash.
* Specify NULL to get the default of lp_path(module_id).
*
- * If depth is >= 0, it is a count of how many '..'s to allow at the start
- * of the path. Use -1 to allow unlimited depth.
+ * The depth var is a count of how many '..'s to allow at the start of the
+ * path. If symlink is set, combine its value with the "p" value to get
+ * the target path, and **return NULL if any '..'s try to escape**.
*
* We also clean the path in a manner similar to clean_fname() but with a
- * few differences:
+ * few differences:
*
* Turns multiple adjacent slashes into a single slash, gets rid of "." dir
* elements (INCLUDING a trailing dot dir), PRESERVES a trailing slash, and
* ALWAYS collapses ".." elements (except for those at the start of the
* string up to "depth" deep). If the resulting name would be empty,
* change it into a ".". */
-char *sanitize_path(char *dest, const char *p, const char *rootdir, int depth)
+char *sanitize_path(char *dest, const char *p, const char *rootdir, int depth,
+ const char *symlink)
{
- char *start, *sanp;
+ char *start, *sanp, *save_dest = dest;
int rlen = 0, leave_one_dotdir = relative_paths;
+ if (symlink && *symlink == '/') {
+ p = symlink;
+ symlink = "";
+ }
+
if (dest != p) {
int plen = strlen(p);
if (*p == '/') {
}
start = sanp = dest + rlen;
- while (*p != '\0') {
+ while (1) {
+ if (*p == '\0') {
+ if (!symlink || !*symlink)
+ break;
+ while (sanp != start && sanp[-1] != '/') {
+ /* strip last element */
+ sanp--;
+ }
+ /* Append a relative symlink */
+ p = symlink;
+ symlink = "";
+ }
/* discard leading or extra slashes */
if (*p == '/') {
p++;
if (*p == '.' && p[1] == '.' && (p[2] == '/' || p[2] == '\0')) {
/* ".." component followed by slash or end */
if (depth <= 0 || sanp != start) {
+ if (symlink && sanp == start) {
+ if (!save_dest)
+ free(dest);
+ return NULL;
+ }
p += 2;
if (sanp != start) {
/* back up sanp one level */
return dest;
}
-char curr_dir[MAXPATHLEN];
-unsigned int curr_dir_len;
+/* If sanitize_paths is not set, this works exactly the same as do_stat().
+ * Otherwise, we verify that no symlink takes us outside the module path.
+ * If we encounter an escape attempt, we return a symlink's stat info! */
+int safe_stat(const char *fname, STRUCT_STAT *stp)
+{
+#ifdef SUPPORT_LINKS
+ char tmpbuf[MAXPATHLEN], linkbuf[MAXPATHLEN], *mod_path;
+ int i, llen, mod_path_len;
-/**
- * Like chdir(), but it keeps track of the current directory (in the
+ if (!sanitize_paths)
+ return do_stat(fname, stp);
+
+ mod_path = lp_path(module_id);
+ mod_path_len = strlen(mod_path);
+
+ for (i = 0; i < 16; i++) {
+#ifdef DEBUG
+ if (*fname == '/')
+ assert(strncmp(fname, mod_path, mod_path_len) == 0 && fname[mod_path_len] == '/');
+#endif
+ if (do_lstat(fname, stp) < 0)
+ return -1;
+ if (!S_ISLNK(stp->st_mode))
+ return 0;
+ if ((llen = readlink(fname, linkbuf, sizeof linkbuf - 1)) < 0)
+ return -1;
+ linkbuf[llen] = '\0';
+ if (*fname == '/')
+ fname += mod_path_len;
+ if (!(fname = sanitize_path(tmpbuf, fname, mod_path, curr_dir_depth, linkbuf)))
+ break;
+ }
+
+ return 0; /* Leave *stp set to the last symlink. */
+#else
+ return do_stat(fname, stp);
+#endif
+}
+
+void die_on_unsafe_path(char *path, int strip_filename)
+{
+#ifdef SUPPORT_LINKS
+ char *final_slash, *p;
+ STRUCT_STAT st;
+
+ if (!path)
+ return;
+ if (strip_filename) {
+ if (!(final_slash = strrchr(path, '/')))
+ return;
+ *final_slash = '\0';
+ } else
+ final_slash = NULL;
+
+ p = path;
+ if (*p == '/')
+ p += module_dirlen + 1;
+ while (*p) {
+ if ((p = strchr(p, '/')) != NULL)
+ *p = '\0';
+ if (safe_stat(path, &st) < 0) {
+ *p++ = '/';
+ goto done;
+ }
+ if (S_ISLNK(st.st_mode)) {
+ rprintf(FERROR, "Unsafe path: %s\n", path);
+ exit_cleanup(RERR_SYNTAX);
+ }
+ if (!p)
+ break;
+ *p++ = '/';
+ }
+
+ done:
+ if (final_slash)
+ *final_slash = '/';
+#endif
+}
+
+/* Like chdir(), but it keeps track of the current directory (in the
* global "curr_dir"), and ensures that the path size doesn't overflow.
- * Also cleans the path using the clean_fname() function.
- **/
+ * Also cleans the path using the clean_fname() function. */
int push_dir(char *dir)
{
static int initialised;
}
curr_dir_len = clean_fname(curr_dir, 1);
+ if (sanitize_paths) {
+ if (module_dirlen > curr_dir_len)
+ module_dirlen = curr_dir_len;
+ curr_dir_depth = count_dir_elements(curr_dir + module_dirlen);
+ }
return 1;
}
curr_dir_len = strlcpy(curr_dir, dir, sizeof curr_dir);
if (curr_dir_len >= sizeof curr_dir)
curr_dir_len = sizeof curr_dir - 1;
+ if (sanitize_paths)
+ curr_dir_depth = count_dir_elements(curr_dir + module_dirlen);
return 1;
}
-/* Return the filename, turning any non-printable characters into escaped
- * characters (e.g. \n -> \012, \ -> \\). This ensures that outputting it
- * cannot generate an empty line nor corrupt the screen. This function can
- * return only MAX_SAFE_NAMES values at a time! The returned value can be
- * longer than MAXPATHLEN (because we may be trying to output an error about
- * a too-long filename)! */
-char *safe_fname(const char *fname)
-{
-#define MAX_SAFE_NAMES 4
- static char fbuf[MAX_SAFE_NAMES][MAXPATHLEN*2];
- static int ndx = 0;
- int limit = sizeof fbuf / MAX_SAFE_NAMES - 1;
- char *t;
-
- ndx = (ndx + 1) % MAX_SAFE_NAMES;
- for (t = fbuf[ndx]; *fname; fname++) {
- if (*fname == '\\') {
- if ((limit -= 2) < 0)
- break;
- *t++ = '\\';
- *t++ = '\\';
- } else if (!isprint(*(uchar*)fname)) {
- if ((limit -= 4) < 0)
- break;
- sprintf(t, "\\%03o", *(uchar*)fname);
- t += 4;
- } else {
- if (--limit < 0)
- break;
- *t++ = *fname;
- }
- }
- *t = '\0';
-
- return fbuf[ndx];
-}
-
/**
* Return a quoted string with the full pathname of the indicated filename.
* The string " (in MODNAME)" may also be appended. The returned pointer
if (result)
free(result);
- fn = safe_fname(fn);
if (*fn == '/')
p1 = p2 = "";
else {
if ((int)pathjoin(t, sz, partial_dir, fn) >= sz)
return NULL;
if (server_filter_list.head) {
- static int len;
- if (!len)
- len = strlen(partial_dir);
- t[len] = '\0';
+ t = strrchr(partial_fname, '/');
+ *t = '\0';
if (check_filter(&server_filter_list, partial_fname, 1) < 0)
return NULL;
- t[len] = '/';
+ *t = '/';
if (check_filter(&server_filter_list, partial_fname, 0) < 0)
return NULL;
}
if (create) {
STRUCT_STAT st;
int statret = do_lstat(dir, &st);
+ if (sanitize_paths && *partial_dir != '/')
+ die_on_unsafe_path(dir, 1); /* lstat handles last element */
if (statret == 0 && !S_ISDIR(st.st_mode)) {
if (do_unlink(dir) < 0)
return 0;
return 1;
}
-/** We need to supply our own strcmp function for file list comparisons
- to ensure that signed/unsigned usage is consistent between machines. */
-int u_strcmp(const char *cs1, const char *cs2)
-{
- const uchar *s1 = (const uchar *)cs1;
- const uchar *s2 = (const uchar *)cs2;
-
- while (*s1 && *s2 && (*s1 == *s2)) {
- s1++; s2++;
- }
-
- return (int)*s1 - (int)*s2;
-}
-
-
-
/**
* Determine if a symlink points outside the current directory tree.
* This is considered "unsafe" because e.g. when mirroring somebody
if (human_readable) {
char units = '\0';
- int mult = human_readable == 1 ? 1024 : 1000;
+ int mult = human_readable == 1 ? 1000 : 1024;
double dnum = 0;
if (num > mult*mult*mult) {
dnum = (double)num / (mult*mult*mult);
{
static char TimeBuf[200];
struct tm *tm = localtime(&t);
+ char *p;
#ifdef HAVE_STRFTIME
strftime(TimeBuf, sizeof TimeBuf - 1, "%Y/%m/%d %H:%M:%S", tm);
strlcpy(TimeBuf, asctime(tm), sizeof TimeBuf);
#endif
- if (TimeBuf[strlen(TimeBuf)-1] == '\n') {
- TimeBuf[strlen(TimeBuf)-1] = 0;
- }
+ if ((p = strchr(TimeBuf, '\n')) != NULL)
+ *p = '\0';
- return(TimeBuf);
+ return TimeBuf;
}
-
/**
* Sleep for a specified number of milliseconds.
*
return True;
}
-
-/**
- * Determine if two file modification times are equivalent (either
- * exact or in the modification timestamp window established by
- * --modify-window).
+/* Determine if two time_t values are equivalent (either exact, or in
+ * the modification timestamp window established by --modify-window).
*
* @retval 0 if the times should be treated as the same
*
*
* @retval -1 if the 2nd is later
**/
-int cmp_modtime(time_t file1, time_t file2)
+int cmp_time(time_t file1, time_t file2)
{
if (file2 > file1) {
if (file2 - file1 <= modify_window)
}
#endif
-
#define MALLOC_MAX 0x40000000
void *_new_array(unsigned int size, unsigned long num)
return a[len2-1];
}
+
+#define BB_SLOT_SIZE (16*1024) /* Desired size in bytes */
+#define BB_PER_SLOT_BITS (BB_SLOT_SIZE * 8) /* Number of bits per slot */
+#define BB_PER_SLOT_INTS (BB_SLOT_SIZE / 4) /* Number of int32s per slot */
+
+struct bitbag {
+ uint32 **bits;
+ int slot_cnt;
+};
+
+struct bitbag *bitbag_create(int max_ndx)
+{
+ struct bitbag *bb = new(struct bitbag);
+ bb->slot_cnt = (max_ndx + BB_PER_SLOT_BITS - 1) / BB_PER_SLOT_BITS;
+
+ if (!(bb->bits = (uint32**)calloc(bb->slot_cnt, sizeof (uint32*))))
+ out_of_memory("bitbag_create");
+
+ return bb;
+}
+
+void bitbag_set_bit(struct bitbag *bb, int ndx)
+{
+ int slot = ndx / BB_PER_SLOT_BITS;
+ ndx %= BB_PER_SLOT_BITS;
+
+ if (!bb->bits[slot]) {
+ if (!(bb->bits[slot] = (uint32*)calloc(BB_PER_SLOT_INTS, 4)))
+ out_of_memory("bitbag_set_bit");
+ }
+
+ bb->bits[slot][ndx/32] |= 1u << (ndx % 32);
+}
+
+#if 0 /* not needed yet */
+void bitbag_clear_bit(struct bitbag *bb, int ndx)
+{
+ int slot = ndx / BB_PER_SLOT_BITS;
+ ndx %= BB_PER_SLOT_BITS;
+
+ if (!bb->bits[slot])
+ return;
+
+ bb->bits[slot][ndx/32] &= ~(1u << (ndx % 32));
+}
+
+int bitbag_check_bit(struct bitbag *bb, int ndx)
+{
+ int slot = ndx / BB_PER_SLOT_BITS;
+ ndx %= BB_PER_SLOT_BITS;
+
+ if (!bb->bits[slot])
+ return 0;
+
+ return bb->bits[slot][ndx/32] & (1u << (ndx % 32)) ? 1 : 0;
+}
+#endif
+
+/* Call this with -1 to start checking from 0. Returns -1 at the end. */
+int bitbag_next_bit(struct bitbag *bb, int after)
+{
+ uint32 bits, mask;
+ int i, ndx = after + 1;
+ int slot = ndx / BB_PER_SLOT_BITS;
+ ndx %= BB_PER_SLOT_BITS;
+
+ mask = (1u << (ndx % 32)) - 1;
+ for (i = ndx / 32; slot < bb->slot_cnt; slot++, i = mask = 0) {
+ if (!bb->bits[slot])
+ continue;
+ for ( ; i < BB_PER_SLOT_INTS; i++, mask = 0) {
+ if (!(bits = bb->bits[slot][i] & ~mask))
+ continue;
+ /* The xor magic figures out the lowest enabled bit in
+ * bits, and the switch quickly computes log2(bit). */
+ switch (bits ^ (bits & (bits-1))) {
+#define LOG2(n) case 1u << n: return slot*BB_PER_SLOT_BITS + i*32 + n
+ LOG2(0); LOG2(1); LOG2(2); LOG2(3);
+ LOG2(4); LOG2(5); LOG2(6); LOG2(7);
+ LOG2(8); LOG2(9); LOG2(10); LOG2(11);
+ LOG2(12); LOG2(13); LOG2(14); LOG2(15);
+ LOG2(16); LOG2(17); LOG2(18); LOG2(19);
+ LOG2(20); LOG2(21); LOG2(22); LOG2(23);
+ LOG2(24); LOG2(25); LOG2(26); LOG2(27);
+ LOG2(28); LOG2(29); LOG2(30); LOG2(31);
+ }
+ return -1; /* impossible... */
+ }
+ }
+
+ return -1;
+}
Matt McCutchen's Web Site / rsync / rsync.git / blobdiff