2 * Copyright (c) 1991 - 1994, Julianne Frances Haugh
3 * Copyright (c) 1996 - 2001, Marek Michałkiewicz
4 * Copyright (c) 2003 - 2006, Tomasz Kłoczko
5 * Copyright (c) 2007 - 2008, Nicolas François
8 * Redistribution and use in source and binary forms, with or without
9 * modification, are permitted provided that the following conditions
11 * 1. Redistributions of source code must retain the above copyright
12 * notice, this list of conditions and the following disclaimer.
13 * 2. Redistributions in binary form must reproduce the above copyright
14 * notice, this list of conditions and the following disclaimer in the
15 * documentation and/or other materials provided with the distribution.
16 * 3. The name of the copyright holders or contributors may not be used to
17 * endorse or promote products derived from this software without
18 * specific prior written permission.
20 * THIS SOFTWARE IS PROVIDED BY THE COPYRIGHT HOLDERS AND CONTRIBUTORS
21 * ``AS IS'' AND ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT
22 * LIMITED TO, THE IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A
23 * PARTICULAR PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE COPYRIGHT
24 * HOLDERS OR CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL,
25 * SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT NOT
26 * LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; LOSS OF USE,
27 * DATA, OR PROFITS; OR BUSINESS INTERRUPTION) HOWEVER CAUSED AND ON ANY
28 * THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT LIABILITY, OR TORT
29 * (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE
30 * OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE.
38 #include <sys/types.h>
42 #include "prototypes.h"
45 #include <selinux/selinux.h>
46 static int selinux_enabled = -1;
48 static const char *src_orig;
49 static const char *dst_orig;
56 struct link_name *ln_next;
58 static struct link_name *links;
60 static int copy_entry (const char *src, const char *dst,
61 long int uid, long int gid);
62 static int copy_dir (const char *src, const char *dst,
63 const struct stat *statp, const struct timeval mt[2],
64 long int uid, long int gid);
66 static int copy_symlink (const char *src, const char *dst,
67 const struct stat *statp, const struct timeval mt[2],
68 long int uid, long int gid);
70 static int copy_hardlink (const char *src, const char *dst,
71 struct link_name *lp);
72 static int copy_special (const char *dst,
73 const struct stat *statp, const struct timeval mt[2],
74 long int uid, long int gid);
75 static int copy_file (const char *src, const char *dst,
76 const struct stat *statp, const struct timeval mt[2],
77 long int uid, long int gid);
81 * selinux_file_context - Set the security context before any file or
84 * selinux_file_context () should be called before any creation of file,
85 * symlink, directory, ...
88 static int selinux_file_context (const char *dst_name)
90 security_context_t scontext = NULL;
92 if (selinux_enabled < 0) {
93 selinux_enabled = is_selinux_enabled () > 0;
95 if (selinux_enabled) {
96 /* Get the default security context for this file */
97 if (matchpathcon (dst_name, 0, &scontext) < 0) {
98 if (security_getenforce () != 0) {
102 /* Set the security context for the next created file */
103 if (setfscreatecon (scontext) < 0) {
104 if (security_getenforce () != 0) {
115 * remove_link - delete a link from the linked list
117 static void remove_link (struct link_name *ln)
119 struct link_name *lp;
127 for (lp = links; NULL !=lp; lp = lp->ln_next) {
128 if (lp->ln_next == ln) {
137 lp->ln_next = lp->ln_next->ln_next;
143 * check_link - see if a file is really a link
146 static struct link_name *check_link (const char *name, const struct stat *sb)
148 struct link_name *lp;
154 for (lp = links; lp; lp = lp->ln_next) {
155 if ((lp->ln_dev == sb->st_dev) && (lp->ln_ino == sb->st_ino)) {
160 if (sb->st_nlink == 1) {
164 lp = (struct link_name *) xmalloc (sizeof *lp);
165 src_len = strlen (src_orig);
166 dst_len = strlen (dst_orig);
167 name_len = strlen (name);
168 lp->ln_dev = sb->st_dev;
169 lp->ln_ino = sb->st_ino;
170 lp->ln_count = sb->st_nlink;
171 len = name_len - src_len + dst_len + 1;
172 lp->ln_name = xmalloc (len);
173 snprintf (lp->ln_name, len, "%s%s", dst_orig, name + src_len);
181 * copy_tree - copy files in a directory tree
183 * copy_tree() walks a directory tree and copies ordinary files
186 int copy_tree (const char *src_root, const char *dst_root,
187 long int uid, long int gid)
197 * Make certain both directories exist. This routine is called
198 * after the home directory is created, or recursively after the
199 * target is created. It assumes the target directory exists.
202 if ( (access (src_root, F_OK) != 0)
203 || (access (dst_root, F_OK) != 0)) {
208 * Open the source directory and read each entry. Every file
209 * entry in the directory is copied with the UID and GID set
210 * to the provided values. As an added security feature only
211 * regular files (and directories ...) are copied, and no file
214 dir = opendir (src_root);
224 while ((0 == err) && (ent = readdir (dir)) != NULL) {
226 * Skip the "." and ".." entries
228 if ((strcmp (ent->d_name, ".") != 0) &&
229 (strcmp (ent->d_name, "..") != 0)) {
231 * Make sure the resulting source and destination
232 * filenames will fit in their buffers.
234 if ( (strlen (src_root) + strlen (ent->d_name) + 2 >
236 || (strlen (dst_root) + strlen (ent->d_name) + 2 >
241 * Build the filename for both the source and
242 * the destination files.
244 snprintf (src_name, sizeof src_name, "%s/%s",
245 src_root, ent->d_name);
246 snprintf (dst_name, sizeof dst_name, "%s/%s",
247 dst_root, ent->d_name);
249 err = copy_entry (src_name, dst_name, uid, gid);
263 * copy_entry - copy the entry of a directory
265 * Copy the entry src to dst.
266 * Depending on the type of entry, this function will forward the
267 * request to copy_dir(), copy_symlink(), copy_hardlink(),
268 * copy_special(), or copy_file().
270 * The access and modification time will not be modified.
272 * The permissions will be set to uid/gid.
274 * If uid (resp. gid) is equal to -1, the user (resp. group) will
277 static int copy_entry (const char *src, const char *dst,
278 long int uid, long int gid)
282 struct link_name *lp;
283 struct timeval mt[2];
285 if (LSTAT (src, &sb) == -1) {
286 /* If we cannot stat the file, do not care. */
288 #if defined(_BSD_SOURCE) || defined(_SVID_SOURCE)
289 mt[0].tv_sec = sb.st_atim.tv_sec;
290 mt[0].tv_usec = sb.st_atim.tv_nsec / 1000;
291 mt[1].tv_sec = sb.st_mtim.tv_sec;
292 mt[1].tv_usec = sb.st_mtim.tv_nsec / 1000;
294 mt[0].tv_sec = sb.st_atime;
295 mt[0].tv_usec = sb.st_atimensec / 1000;
296 mt[1].tv_sec = sb.st_mtime;
297 mt[1].tv_usec = sb.st_mtimensec / 1000;
300 if (S_ISDIR (sb.st_mode)) {
301 err = copy_dir (src, dst, &sb, mt, uid, gid);
306 * Copy any symbolic links
309 else if (S_ISLNK (sb.st_mode)) {
310 err = copy_symlink (src, dst, &sb, mt, uid, gid);
315 * See if this is a previously copied link
318 else if ((lp = check_link (src, &sb)) != NULL) {
319 err = copy_hardlink (src, dst, lp);
323 * Deal with FIFOs and special files. The user really
324 * shouldn't have any of these, but it seems like it
325 * would be nice to copy everything ...
328 else if (!S_ISREG (sb.st_mode)) {
329 err = copy_special (dst, &sb, mt, uid, gid);
333 * Create the new file and copy the contents. The new
334 * file will be owned by the provided UID and GID values.
338 err = copy_file (src, dst, &sb, mt, uid, gid);
346 * copy_dir - copy a directory
348 * Copy a directory (recursively) from src to dst.
350 * statp, mt, uid, gid are used to set the access and modification and the
353 * Return 0 on success, -1 on error.
355 static int copy_dir (const char *src, const char *dst,
356 const struct stat *statp, const struct timeval mt[2],
357 long int uid, long int gid)
362 * Create a new target directory, make it owned by
363 * the user and then recursively copy that directory.
367 selinux_file_context (dst);
369 if ( (mkdir (dst, statp->st_mode) != 0)
371 (uid == - 1) ? statp->st_uid : (uid_t) uid,
372 (gid == - 1) ? statp->st_gid : (gid_t) gid) != 0)
373 || (chmod (dst, statp->st_mode) != 0)
374 || (copy_tree (src, dst, uid, gid) != 0)
375 || (utimes (dst, mt) != 0)) {
384 * copy_symlink - copy a symlink
386 * Copy a symlink from src to dst.
388 * statp, mt, uid, gid are used to set the access and modification and the
391 * Return 0 on success, -1 on error.
393 static int copy_symlink (const char *src, const char *dst,
394 const struct stat *statp, const struct timeval mt[2],
395 long int uid, long int gid)
403 * Get the name of the file which the link points
404 * to. If that name begins with the original
405 * source directory name, that part of the link
406 * name will be replaced with the original
407 * destination directory name.
410 len = readlink (src, oldlink, sizeof (oldlink) - 1);
414 oldlink[len] = '\0'; /* readlink() does not NUL-terminate */
415 if (!strncmp (oldlink, src_orig, strlen (src_orig))) {
416 snprintf (dummy, sizeof dummy, "%s%s",
418 oldlink + strlen (src_orig));
419 strcpy (oldlink, dummy);
422 selinux_file_context (dst);
424 if ( (symlink (oldlink, dst) != 0)
426 (uid == -1) ? statp->st_uid : (uid_t) uid,
427 (gid == -1) ? statp->st_gid : (gid_t) gid) != 0)) {
431 /* 2007-10-18: We don't care about
432 * exit status of lutimes because
433 * it returns ENOSYS on many system
443 * copy_hardlink - copy a hardlink
445 * Copy a hardlink from src to dst.
447 * Return 0 on success, -1 on error.
449 static int copy_hardlink (const char *src, const char *dst,
450 struct link_name *lp)
452 /* TODO: selinux needed? */
454 if (link (lp->ln_name, dst) != 0) {
457 if (unlink (src) != 0) {
461 /* If the file could be unlinked, decrement the links counter,
462 * and delete the file if it was the last reference */
464 if (lp->ln_count <= 0) {
472 * copy_special - copy a special file
474 * Copy a special file from src to dst.
476 * statp, mt, uid, gid are used to set the access and modification and the
479 * Return 0 on success, -1 on error.
481 static int copy_special (const char *dst,
482 const struct stat *statp, const struct timeval mt[2],
483 long int uid, long int gid)
488 selinux_file_context (dst);
491 if ( (mknod (dst, statp->st_mode & ~07777, statp->st_rdev) != 0)
493 (uid == -1) ? statp->st_uid : (uid_t) uid,
494 (gid == -1) ? statp->st_gid : (gid_t) gid) != 0)
495 || (chmod (dst, statp->st_mode & 07777) != 0)
496 || (utimes (dst, mt) != 0)) {
504 * copy_file - copy a file
506 * Copy a file from src to dst.
508 * statp, mt, uid, gid are used to set the access and modification and the
511 * Return 0 on success, -1 on error.
513 static int copy_file (const char *src, const char *dst,
514 const struct stat *statp, const struct timeval mt[2],
515 long int uid, long int gid)
523 ifd = open (src, O_RDONLY);
528 selinux_file_context (dst);
530 ofd = open (dst, O_WRONLY | O_CREAT | O_TRUNC, 0);
533 (uid == -1) ? statp->st_uid : (uid_t) uid,
534 (gid == -1) ? statp->st_gid : (gid_t) gid) != 0)
535 || (chmod (dst, statp->st_mode & 07777) != 0)) {
540 while ((cnt = read (ifd, buf, sizeof buf)) > 0) {
541 if (write (ofd, buf, cnt) != cnt) {
548 if (futimes (ofd, mt) != 0) {
552 if (close (ofd) != 0) {
560 * remove_tree - remove files in a directory tree
562 * remove_tree() walks a directory tree and deletes all the files
566 int remove_tree (const char *root)
575 * Make certain the directory exists.
578 if (access (root, F_OK) != 0) {
583 * Open the source directory and read each entry. Every file
584 * entry in the directory is copied with the UID and GID set
585 * to the provided values. As an added security feature only
586 * regular files (and directories ...) are copied, and no file
589 dir = opendir (root);
594 while ((ent = readdir (dir))) {
597 * Skip the "." and ".." entries
600 if (strcmp (ent->d_name, ".") == 0 ||
601 strcmp (ent->d_name, "..") == 0) {
606 * Make the filename for the current entry.
609 if (strlen (root) + strlen (ent->d_name) + 2 > sizeof new_name) {
613 snprintf (new_name, sizeof new_name, "%s/%s", root,
615 if (LSTAT (new_name, &sb) == -1) {
619 if (S_ISDIR (sb.st_mode)) {
622 * Recursively delete this directory.
625 if (remove_tree (new_name)) {
629 if (rmdir (new_name)) {
projects / shadow / blob