2 * Copyright 1991 - 1994, Julianne Frances Haugh
5 * Redistribution and use in source and binary forms, with or without
6 * modification, are permitted provided that the following conditions
8 * 1. Redistributions of source code must retain the above copyright
9 * notice, this list of conditions and the following disclaimer.
10 * 2. Redistributions in binary form must reproduce the above copyright
11 * notice, this list of conditions and the following disclaimer in the
12 * documentation and/or other materials provided with the distribution.
13 * 3. Neither the name of Julianne F. Haugh nor the names of its contributors
14 * may be used to endorse or promote products derived from this software
15 * without specific prior written permission.
17 * THIS SOFTWARE IS PROVIDED BY JULIE HAUGH AND CONTRIBUTORS ``AS IS'' AND
18 * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
19 * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE
20 * ARE DISCLAIMED. IN NO EVENT SHALL JULIE HAUGH OR CONTRIBUTORS BE LIABLE
21 * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL
22 * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS
23 * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
24 * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT
25 * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY
26 * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
35 #include <sys/types.h>
39 #include "prototypes.h"
42 #include <selinux/selinux.h>
43 static int selinux_enabled = -1;
45 static const char *src_orig;
46 static const char *dst_orig;
53 struct link_name *ln_next;
55 static struct link_name *links;
57 static int copy_entry (const char *src, const char *dst,
58 uid_t uid, gid_t gid);
59 static int copy_dir (const char *src, const char *dst,
60 const struct stat *statp, const struct timeval mt[2],
61 uid_t uid, gid_t gid);
63 static int copy_symlink (const char *src, const char *dst,
64 const struct stat *statp, const struct timeval mt[2],
65 uid_t uid, gid_t gid);
67 static int copy_hardlink (const char *src, const char *dst,
68 struct link_name *lp);
69 static int copy_special (const char *src, const char *dst,
70 const struct stat *statp, const struct timeval mt[2],
71 uid_t uid, gid_t gid);
72 static int copy_file (const char *src, const char *dst,
73 const struct stat *statp, const struct timeval mt[2],
74 uid_t uid, gid_t gid);
78 * selinux_file_context - Set the security context before any file or
81 * selinux_file_context () should be called before any creation of file,
82 * symlink, directory, ...
85 static int selinux_file_context (const char *dst_name)
87 security_context_t scontext = NULL;
89 if (selinux_enabled < 0) {
90 selinux_enabled = is_selinux_enabled () > 0;
92 if (selinux_enabled) {
93 /* Get the default security context for this file */
94 if (matchpathcon (dst_name, 0, &scontext) < 0) {
95 if (security_getenforce () != 0) {
99 /* Set the security context for the next created file */
100 if (setfscreatecon (scontext) < 0) {
101 if (security_getenforce () != 0) {
112 * remove_link - delete a link from the link list
114 static void remove_link (struct link_name *ln)
116 struct link_name *lp;
124 for (lp = links; NULL !=lp; lp = lp->ln_next) {
125 if (lp->ln_next == ln) {
134 lp->ln_next = lp->ln_next->ln_next;
140 * check_link - see if a file is really a link
143 static struct link_name *check_link (const char *name, const struct stat *sb)
145 struct link_name *lp;
151 for (lp = links; lp; lp = lp->ln_next) {
152 if ((lp->ln_dev == sb->st_dev) && (lp->ln_ino == sb->st_ino)) {
157 if (sb->st_nlink == 1) {
161 lp = (struct link_name *) xmalloc (sizeof *lp);
162 src_len = strlen (src_orig);
163 dst_len = strlen (dst_orig);
164 name_len = strlen (name);
165 lp->ln_dev = sb->st_dev;
166 lp->ln_ino = sb->st_ino;
167 lp->ln_count = sb->st_nlink;
168 len = name_len - src_len + dst_len + 1;
169 lp->ln_name = xmalloc (len);
170 snprintf (lp->ln_name, len, "%s%s", dst_orig, name + src_len);
178 * copy_tree - copy files in a directory tree
180 * copy_tree() walks a directory tree and copies ordinary files
183 int copy_tree (const char *src_root, const char *dst_root, uid_t uid, gid_t gid)
193 * Make certain both directories exist. This routine is called
194 * after the home directory is created, or recursively after the
195 * target is created. It assumes the target directory exists.
198 if ( (access (src_root, F_OK) != 0)
199 || (access (dst_root, F_OK) != 0)) {
204 * Open the source directory and read each entry. Every file
205 * entry in the directory is copied with the UID and GID set
206 * to the provided values. As an added security feature only
207 * regular files (and directories ...) are copied, and no file
210 dir = opendir (src_root);
220 while ((0 == err) && (ent = readdir (dir)) != NULL) {
223 * Skip the "." and ".." entries
226 if (strcmp (ent->d_name, ".") == 0 ||
227 strcmp (ent->d_name, "..") == 0) {
232 * Make the filename for both the source and the
236 if (strlen (src_root) + strlen (ent->d_name) + 2 >
241 snprintf (src_name, sizeof src_name, "%s/%s", src_root,
244 if (strlen (dst_root) + strlen (ent->d_name) + 2 >
249 snprintf (dst_name, sizeof dst_name, "%s/%s", dst_root,
252 err = copy_entry (src_name, dst_name, uid, gid);
263 static int copy_entry (const char *src, const char *dst,
264 uid_t uid, gid_t gid)
268 struct link_name *lp;
269 struct timeval mt[2];
271 if (LSTAT (src, &sb) == -1) {
272 /* If we cannot stat the file, do not care. */
274 #if defined(_BSD_SOURCE) || defined(_SVID_SOURCE)
275 mt[0].tv_sec = sb.st_atim.tv_sec;
276 mt[0].tv_usec = sb.st_atim.tv_nsec / 1000;
277 mt[1].tv_sec = sb.st_mtim.tv_sec;
278 mt[1].tv_usec = sb.st_mtim.tv_nsec / 1000;
280 mt[0].tv_sec = sb.st_atime;
281 mt[0].tv_usec = sb.st_atimensec / 1000;
282 mt[1].tv_sec = sb.st_mtime;
283 mt[1].tv_usec = sb.st_mtimensec / 1000;
286 if (S_ISDIR (sb.st_mode)) {
287 err = copy_dir (src, dst, &sb, mt, uid, gid);
292 * Copy any symbolic links
295 else if (S_ISLNK (sb.st_mode)) {
296 err = copy_symlink (src, dst, &sb, mt, uid, gid);
301 * See if this is a previously copied link
304 else if ((lp = check_link (src, &sb)) != NULL) {
305 err = copy_hardlink (src, dst, lp);
309 * Deal with FIFOs and special files. The user really
310 * shouldn't have any of these, but it seems like it
311 * would be nice to copy everything ...
314 else if (!S_ISREG (sb.st_mode)) {
315 err = copy_special (src, dst, &sb, mt, uid, gid);
319 * Create the new file and copy the contents. The new
320 * file will be owned by the provided UID and GID values.
324 err = copy_file (src, dst, &sb, mt, uid, gid);
331 static int copy_dir (const char *src, const char *dst,
332 const struct stat *statp, const struct timeval mt[2],
333 uid_t uid, gid_t gid)
338 * Create a new target directory, make it owned by
339 * the user and then recursively copy that directory.
343 selinux_file_context (dst);
345 if ( (mkdir (dst, statp->st_mode) != 0)
347 (uid == (uid_t) - 1) ? statp->st_uid : uid,
348 (gid == (gid_t) - 1) ? statp->st_gid : gid) != 0)
349 || (chmod (dst, statp->st_mode) != 0)
350 || (copy_tree (src, dst, uid, gid) != 0)
351 || (utimes (dst, mt) != 0)) {
359 static int copy_symlink (const char *src, const char *dst,
360 const struct stat *statp, const struct timeval mt[2],
361 uid_t uid, gid_t gid)
369 * Get the name of the file which the link points
370 * to. If that name begins with the original
371 * source directory name, that part of the link
372 * name will be replaced with the original
373 * destination directory name.
376 len = readlink (src, oldlink, sizeof (oldlink) - 1);
380 oldlink[len] = '\0'; /* readlink() does not NUL-terminate */
381 if (!strncmp (oldlink, src_orig, strlen (src_orig))) {
382 snprintf (dummy, sizeof dummy, "%s%s",
384 oldlink + strlen (src_orig));
385 strcpy (oldlink, dummy);
388 selinux_file_context (dst);
390 if ( (symlink (oldlink, dst) != 0)
392 uid == (uid_t) - 1 ? statp->st_uid : uid,
393 gid == (gid_t) - 1 ? statp->st_gid : gid) != 0)) {
397 /* 2007-10-18: We don't care about
398 * exit status of lutimes because
399 * it returns ENOSYS on many system
408 static int copy_hardlink (const char *src, const char *dst,
409 struct link_name *lp)
411 /* TODO: selinux needed? */
413 if (link (lp->ln_name, dst) != 0) {
416 if (unlink (src) != 0) {
421 if (lp->ln_count <= 0) {
428 static int copy_special (const char *src, const char *dst,
429 const struct stat *statp, const struct timeval mt[2],
430 uid_t uid, gid_t gid)
435 selinux_file_context (dst);
438 if ( (mknod (dst, statp->st_mode & ~07777, statp->st_rdev) != 0)
440 (uid == (uid_t) - 1) ? statp->st_uid : uid,
441 (gid == (gid_t) - 1) ? statp->st_gid : gid) != 0)
442 || (chmod (dst, statp->st_mode & 07777) != 0)
443 || (utimes (dst, mt) != 0)) {
450 static int copy_file (const char *src, const char *dst,
451 const struct stat *statp, const struct timeval mt[2],
452 uid_t uid, gid_t gid)
460 ifd = open (src, O_RDONLY);
465 selinux_file_context (dst);
467 ofd = open (dst, O_WRONLY | O_CREAT | O_TRUNC, 0);
470 (uid == (uid_t) - 1) ? statp->st_uid : uid,
471 (gid == (gid_t) - 1) ? statp->st_gid : gid) != 0)
472 || (chmod (dst, statp->st_mode & 07777) != 0)) {
477 while ((cnt = read (ifd, buf, sizeof buf)) > 0) {
478 if (write (ofd, buf, cnt) != cnt) {
485 if (futimes (ofd, mt) != 0) {
489 if (close (ofd) != 0) {
497 * remove_tree - remove files in a directory tree
499 * remove_tree() walks a directory tree and deletes all the files
503 int remove_tree (const char *root)
512 * Make certain the directory exists.
515 if (access (root, F_OK) != 0) {
520 * Open the source directory and read each entry. Every file
521 * entry in the directory is copied with the UID and GID set
522 * to the provided values. As an added security feature only
523 * regular files (and directories ...) are copied, and no file
526 dir = opendir (root);
531 while ((ent = readdir (dir))) {
534 * Skip the "." and ".." entries
537 if (strcmp (ent->d_name, ".") == 0 ||
538 strcmp (ent->d_name, "..") == 0) {
543 * Make the filename for the current entry.
546 if (strlen (root) + strlen (ent->d_name) + 2 > sizeof new_name) {
550 snprintf (new_name, sizeof new_name, "%s/%s", root,
552 if (LSTAT (new_name, &sb) == -1) {
556 if (S_ISDIR (sb.st_mode)) {
559 * Recursively delete this directory.
562 if (remove_tree (new_name)) {
566 if (rmdir (new_name)) {