2 * Copyright (c) 1991 - 1994, Julianne Frances Haugh
3 * Copyright (c) 1996 - 2001, Marek Michałkiewicz
4 * Copyright (c) 2003 - 2006, Tomasz Kłoczko
5 * Copyright (c) 2007 - 2008, Nicolas François
8 * Redistribution and use in source and binary forms, with or without
9 * modification, are permitted provided that the following conditions
11 * 1. Redistributions of source code must retain the above copyright
12 * notice, this list of conditions and the following disclaimer.
13 * 2. Redistributions in binary form must reproduce the above copyright
14 * notice, this list of conditions and the following disclaimer in the
15 * documentation and/or other materials provided with the distribution.
16 * 3. The name of the copyright holders or contributors may not be used to
17 * endorse or promote products derived from this software without
18 * specific prior written permission.
20 * THIS SOFTWARE IS PROVIDED BY THE COPYRIGHT HOLDERS AND CONTRIBUTORS
21 * ``AS IS'' AND ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT
22 * LIMITED TO, THE IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A
23 * PARTICULAR PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE COPYRIGHT
24 * HOLDERS OR CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL,
25 * SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT NOT
26 * LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; LOSS OF USE,
27 * DATA, OR PROFITS; OR BUSINESS INTERRUPTION) HOWEVER CAUSED AND ON ANY
28 * THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT LIABILITY, OR TORT
29 * (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE
30 * OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE.
38 #include <sys/types.h>
42 #include "prototypes.h"
45 #include <selinux/selinux.h>
47 static const char *src_orig;
48 static const char *dst_orig;
55 struct link_name *ln_next;
57 static struct link_name *links;
59 static int copy_entry (const char *src, const char *dst,
60 long int uid, long int gid);
61 static int copy_dir (const char *src, const char *dst,
62 const struct stat *statp, const struct timeval mt[],
63 long int uid, long int gid);
65 static int copy_symlink (const char *src, const char *dst,
66 const struct stat *statp, const struct timeval mt[],
67 long int uid, long int gid);
69 static int copy_hardlink (const char *src, const char *dst,
70 struct link_name *lp);
71 static int copy_special (const char *dst,
72 const struct stat *statp, const struct timeval mt[],
73 long int uid, long int gid);
74 static int copy_file (const char *src, const char *dst,
75 const struct stat *statp, const struct timeval mt[],
76 long int uid, long int gid);
80 * selinux_file_context - Set the security context before any file or
83 * selinux_file_context () should be called before any creation of file,
84 * symlink, directory, ...
87 static int selinux_file_context (const char *dst_name)
89 static bool selinux_checked = false;
90 static bool selinux_enabled;
91 security_context_t scontext = NULL;
93 if (!selinux_checked) {
94 selinux_enabled = is_selinux_enabled () > 0;
95 selinux_checked = true;
98 if (selinux_enabled) {
99 /* Get the default security context for this file */
100 if (matchpathcon (dst_name, 0, &scontext) < 0) {
101 if (security_getenforce () != 0) {
105 /* Set the security context for the next created file */
106 if (setfscreatecon (scontext) < 0) {
107 if (security_getenforce () != 0) {
118 * remove_link - delete a link from the linked list
120 static void remove_link (struct link_name *ln)
122 struct link_name *lp;
130 for (lp = links; NULL !=lp; lp = lp->ln_next) {
131 if (lp->ln_next == ln) {
140 lp->ln_next = lp->ln_next->ln_next;
146 * check_link - see if a file is really a link
149 static struct link_name *check_link (const char *name, const struct stat *sb)
151 struct link_name *lp;
157 for (lp = links; lp; lp = lp->ln_next) {
158 if ((lp->ln_dev == sb->st_dev) && (lp->ln_ino == sb->st_ino)) {
163 if (sb->st_nlink == 1) {
167 lp = (struct link_name *) xmalloc (sizeof *lp);
168 src_len = strlen (src_orig);
169 dst_len = strlen (dst_orig);
170 name_len = strlen (name);
171 lp->ln_dev = sb->st_dev;
172 lp->ln_ino = sb->st_ino;
173 lp->ln_count = sb->st_nlink;
174 len = name_len - src_len + dst_len + 1;
175 lp->ln_name = (char *) xmalloc (len);
176 snprintf (lp->ln_name, len, "%s%s", dst_orig, name + src_len);
184 * copy_tree - copy files in a directory tree
186 * copy_tree() walks a directory tree and copies ordinary files
189 int copy_tree (const char *src_root, const char *dst_root,
190 long int uid, long int gid)
195 bool set_orig = false;
200 * Make certain both directories exist. This routine is called
201 * after the home directory is created, or recursively after the
202 * target is created. It assumes the target directory exists.
205 if ( (access (src_root, F_OK) != 0)
206 || (access (dst_root, F_OK) != 0)) {
211 * Open the source directory and read each entry. Every file
212 * entry in the directory is copied with the UID and GID set
213 * to the provided values. As an added security feature only
214 * regular files (and directories ...) are copied, and no file
217 dir = opendir (src_root);
222 if (src_orig == NULL) {
227 while ((0 == err) && (ent = readdir (dir)) != NULL) {
229 * Skip the "." and ".." entries
231 if ((strcmp (ent->d_name, ".") != 0) &&
232 (strcmp (ent->d_name, "..") != 0)) {
234 * Make sure the resulting source and destination
235 * filenames will fit in their buffers.
237 if ( (strlen (src_root) + strlen (ent->d_name) + 2 >
239 || (strlen (dst_root) + strlen (ent->d_name) + 2 >
244 * Build the filename for both the source and
245 * the destination files.
247 snprintf (src_name, sizeof src_name, "%s/%s",
248 src_root, ent->d_name);
249 snprintf (dst_name, sizeof dst_name, "%s/%s",
250 dst_root, ent->d_name);
252 err = copy_entry (src_name, dst_name, uid, gid);
256 (void) closedir (dir);
266 * copy_entry - copy the entry of a directory
268 * Copy the entry src to dst.
269 * Depending on the type of entry, this function will forward the
270 * request to copy_dir(), copy_symlink(), copy_hardlink(),
271 * copy_special(), or copy_file().
273 * The access and modification time will not be modified.
275 * The permissions will be set to uid/gid.
277 * If uid (resp. gid) is equal to -1, the user (resp. group) will
280 static int copy_entry (const char *src, const char *dst,
281 long int uid, long int gid)
285 struct link_name *lp;
286 struct timeval mt[2];
288 if (LSTAT (src, &sb) == -1) {
289 /* If we cannot stat the file, do not care. */
291 #ifdef HAVE_STRUCT_STAT_ST_ATIM
292 mt[0].tv_sec = sb.st_atim.tv_sec;
293 mt[0].tv_usec = sb.st_atim.tv_nsec / 1000;
295 mt[0].tv_sec = sb.st_atime;
296 #ifdef HAVE_STRUCT_STAT_ST_ATIMENSEC
297 mt[0].tv_usec = sb.st_atimensec / 1000;
303 #ifdef HAVE_STRUCT_STAT_ST_MTIM
304 mt[1].tv_sec = sb.st_mtim.tv_sec;
305 mt[1].tv_usec = sb.st_mtim.tv_nsec / 1000;
307 mt[1].tv_sec = sb.st_mtime;
308 #ifdef HAVE_STRUCT_STAT_ST_MTIMENSEC
309 mt[1].tv_usec = sb.st_mtimensec / 1000;
315 if (S_ISDIR (sb.st_mode)) {
316 err = copy_dir (src, dst, &sb, mt, uid, gid);
321 * Copy any symbolic links
324 else if (S_ISLNK (sb.st_mode)) {
325 err = copy_symlink (src, dst, &sb, mt, uid, gid);
330 * See if this is a previously copied link
333 else if ((lp = check_link (src, &sb)) != NULL) {
334 err = copy_hardlink (src, dst, lp);
338 * Deal with FIFOs and special files. The user really
339 * shouldn't have any of these, but it seems like it
340 * would be nice to copy everything ...
343 else if (!S_ISREG (sb.st_mode)) {
344 err = copy_special (dst, &sb, mt, uid, gid);
348 * Create the new file and copy the contents. The new
349 * file will be owned by the provided UID and GID values.
353 err = copy_file (src, dst, &sb, mt, uid, gid);
361 * copy_dir - copy a directory
363 * Copy a directory (recursively) from src to dst.
365 * statp, mt, uid, gid are used to set the access and modification and the
368 * Return 0 on success, -1 on error.
370 static int copy_dir (const char *src, const char *dst,
371 const struct stat *statp, const struct timeval mt[],
372 long int uid, long int gid)
377 * Create a new target directory, make it owned by
378 * the user and then recursively copy that directory.
382 selinux_file_context (dst);
384 if ( (mkdir (dst, statp->st_mode) != 0)
386 (uid == - 1) ? statp->st_uid : (uid_t) uid,
387 (gid == - 1) ? statp->st_gid : (gid_t) gid) != 0)
388 || (chmod (dst, statp->st_mode) != 0)
389 || (copy_tree (src, dst, uid, gid) != 0)
390 || (utimes (dst, mt) != 0)) {
399 * copy_symlink - copy a symlink
401 * Copy a symlink from src to dst.
403 * statp, mt, uid, gid are used to set the access and modification and the
406 * Return 0 on success, -1 on error.
408 static int copy_symlink (const char *src, const char *dst,
409 const struct stat *statp, const struct timeval mt[],
410 long int uid, long int gid)
418 * Get the name of the file which the link points
419 * to. If that name begins with the original
420 * source directory name, that part of the link
421 * name will be replaced with the original
422 * destination directory name.
425 len = readlink (src, oldlink, sizeof (oldlink) - 1);
429 oldlink[len] = '\0'; /* readlink() does not NUL-terminate */
430 if (strncmp (oldlink, src_orig, strlen (src_orig)) == 0) {
431 snprintf (dummy, sizeof dummy, "%s%s",
433 oldlink + strlen (src_orig));
434 strcpy (oldlink, dummy);
437 selinux_file_context (dst);
439 if ( (symlink (oldlink, dst) != 0)
441 (uid == -1) ? statp->st_uid : (uid_t) uid,
442 (gid == -1) ? statp->st_gid : (gid_t) gid) != 0)) {
447 /* 2007-10-18: We don't care about
448 * exit status of lutimes because
449 * it returns ENOSYS on many system
460 * copy_hardlink - copy a hardlink
462 * Copy a hardlink from src to dst.
464 * Return 0 on success, -1 on error.
466 static int copy_hardlink (const char *src, const char *dst,
467 struct link_name *lp)
469 /* TODO: selinux needed? */
471 if (link (lp->ln_name, dst) != 0) {
474 if (unlink (src) != 0) {
478 /* If the file could be unlinked, decrement the links counter,
479 * and delete the file if it was the last reference */
481 if (lp->ln_count <= 0) {
489 * copy_special - copy a special file
491 * Copy a special file from src to dst.
493 * statp, mt, uid, gid are used to set the access and modification and the
496 * Return 0 on success, -1 on error.
498 static int copy_special (const char *dst,
499 const struct stat *statp, const struct timeval mt[],
500 long int uid, long int gid)
505 selinux_file_context (dst);
508 if ( (mknod (dst, statp->st_mode & ~07777, statp->st_rdev) != 0)
510 (uid == -1) ? statp->st_uid : (uid_t) uid,
511 (gid == -1) ? statp->st_gid : (gid_t) gid) != 0)
512 || (chmod (dst, statp->st_mode & 07777) != 0)
513 || (utimes (dst, mt) != 0)) {
521 * copy_file - copy a file
523 * Copy a file from src to dst.
525 * statp, mt, uid, gid are used to set the access and modification and the
528 * Return 0 on success, -1 on error.
530 static int copy_file (const char *src, const char *dst,
531 const struct stat *statp, const struct timeval mt[],
532 long int uid, long int gid)
540 ifd = open (src, O_RDONLY);
545 selinux_file_context (dst);
547 ofd = open (dst, O_WRONLY | O_CREAT | O_TRUNC, 0);
550 (uid == -1) ? statp->st_uid : (uid_t) uid,
551 (gid == -1) ? statp->st_gid : (gid_t) gid) != 0)
552 || (chmod (dst, statp->st_mode & 07777) != 0)) {
557 while ((cnt = read (ifd, buf, sizeof buf)) > 0) {
558 if (write (ofd, buf, (size_t)cnt) != cnt) {
566 if (futimes (ofd, mt) != 0) {
571 if (close (ofd) != 0) {
576 if (utimes(dst, mt) != 0) {
585 * remove_tree - delete a directory tree
587 * remove_tree() walks a directory tree and deletes all the files
589 * At the end, it deletes the root directory itself.
592 int remove_tree (const char *root)
601 * Make certain the directory exists.
604 if (access (root, F_OK) != 0) {
609 * Open the source directory and read each entry. Every file
610 * entry in the directory is copied with the UID and GID set
611 * to the provided values. As an added security feature only
612 * regular files (and directories ...) are copied, and no file
615 dir = opendir (root);
620 while ((ent = readdir (dir))) {
623 * Skip the "." and ".." entries
626 if (strcmp (ent->d_name, ".") == 0 ||
627 strcmp (ent->d_name, "..") == 0) {
632 * Make the filename for the current entry.
635 if (strlen (root) + strlen (ent->d_name) + 2 > sizeof new_name) {
639 snprintf (new_name, sizeof new_name, "%s/%s", root,
641 if (LSTAT (new_name, &sb) == -1) {
645 if (S_ISDIR (sb.st_mode)) {
647 * Recursively delete this directory.
649 if (remove_tree (new_name) != 0) {
657 if (unlink (new_name) != 0) {
663 (void) closedir (dir);
666 if (rmdir (root) != 0) {