1/* 2 * Copyright (c) 2012, 2013 SRI International 3 * Copyright (c) 1987, 1993 4 * The Regents of the University of California. All rights reserved. 5 * 6 * Redistribution and use in source and binary forms, with or without 7 * modification, are permitted provided that the following conditions 8 * are met: 9 * 1. Redistributions of source code must retain the above copyright 10 * notice, this list of conditions and the following disclaimer. 11 * 2. Redistributions in binary form must reproduce the above copyright 12 * notice, this list of conditions and the following disclaimer in the 13 * documentation and/or other materials provided with the distribution. 14 * 4. Neither the name of the University nor the names of its contributors 15 * may be used to endorse or promote products derived from this software 16 * without specific prior written permission. 17 * 18 * THIS SOFTWARE IS PROVIDED BY THE REGENTS AND CONTRIBUTORS ``AS IS'' AND 19 * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE 20 * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE 21 * ARE DISCLAIMED. IN NO EVENT SHALL THE REGENTS OR CONTRIBUTORS BE LIABLE 22 * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL 23 * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS 24 * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) 25 * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT 26 * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY 27 * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF 28 * SUCH DAMAGE. 29 */ 30 31#ifndef lint 32static const char copyright[] = 33"@(#) Copyright (c) 1987, 1993\n\ 34 The Regents of the University of California. All rights reserved.\n"; 35#endif /* not lint */ 36 37#if 0 38#ifndef lint 39static char sccsid[] = "@(#)xinstall.c 8.1 (Berkeley) 7/21/93"; 40#endif /* not lint */ 41#endif 42 43#include <sys/cdefs.h> 44__FBSDID("$FreeBSD$"); 45 46#include <sys/param.h> 47#include <sys/mman.h> 48#include <sys/mount.h> 49#include <sys/stat.h> 50#include <sys/time.h> 51#include <sys/wait.h> 52 53#include <err.h> 54#include <errno.h> 55#include <fcntl.h> 56#include <grp.h> 57#include <libgen.h> 58#include <md5.h> 59#include <paths.h> 60#include <pwd.h> 61#include <ripemd.h> 62#include <sha.h> 63#include <sha256.h> 64#include <sha512.h> 65#include <stdint.h> 66#include <stdio.h> 67#include <stdlib.h> 68#include <string.h> 69#include <sysexits.h> 70#include <unistd.h> 71#include <vis.h> 72 73#include "mtree.h" 74 75/* Bootstrap aid - this doesn't exist in most older releases */ 76#ifndef MAP_FAILED 77#define MAP_FAILED ((void *)-1) /* from <sys/mman.h> */ 78#endif 79 80#define MAX_CMP_SIZE (16 * 1024 * 1024) 81 82#define LN_ABSOLUTE 0x01 83#define LN_RELATIVE 0x02 84#define LN_HARD 0x04 85#define LN_SYMBOLIC 0x08 86#define LN_MIXED 0x10 87 88#define DIRECTORY 0x01 /* Tell install it's a directory. */ 89#define SETFLAGS 0x02 /* Tell install to set flags. */ 90#define NOCHANGEBITS (UF_IMMUTABLE | UF_APPEND | SF_IMMUTABLE | SF_APPEND) 91#define BACKUP_SUFFIX ".old" 92 93typedef union { 94 MD5_CTX MD5; 95 RIPEMD160_CTX RIPEMD160; 96 SHA1_CTX SHA1; 97 SHA256_CTX SHA256; 98 SHA512_CTX SHA512; 99} DIGEST_CTX; 100 101static enum { 102 DIGEST_NONE = 0, 103 DIGEST_MD5, 104 DIGEST_RIPEMD160, 105 DIGEST_SHA1, 106 DIGEST_SHA256, 107 DIGEST_SHA512, 108} digesttype = DIGEST_NONE; 109 110static gid_t gid; 111static uid_t uid; 112static int dobackup, docompare, dodir, dolink, dopreserve, dostrip, dounpriv, 113 safecopy, verbose; 114static int haveopt_f, haveopt_g, haveopt_m, haveopt_o; 115static mode_t mode = S_IRWXU | S_IRGRP | S_IXGRP | S_IROTH | S_IXOTH; 116static FILE *metafp; 117static const char *group, *owner; 118static const char *suffix = BACKUP_SUFFIX; 119static char *destdir, *digest, *fflags, *metafile, *tags; 120 121static int compare(int, const char *, size_t, int, const char *, size_t, 122 char **); 123static char *copy(int, const char *, int, const char *, off_t); 124static int create_newfile(const char *, int, struct stat *); 125static int create_tempfile(const char *, char *, size_t); 126static char *quiet_mktemp(char *template); 127static char *digest_file(const char *); 128static void digest_init(DIGEST_CTX *); 129static void digest_update(DIGEST_CTX *, const unsigned char *, size_t); 130static char *digest_end(DIGEST_CTX *, char *); 131static int do_link(const char *, const char *, const struct stat *); 132static void do_symlink(const char *, const char *, const struct stat *); 133static void makelink(const char *, const char *, const struct stat *); 134static void install(const char *, const char *, u_long, u_int); 135static void install_dir(char *); 136static void metadata_log(const char *, const char *, struct timeval *, 137 const char *, const char *, off_t); 138static int parseid(const char *, id_t *); 139static void strip(const char *); 140static int trymmap(int); 141static void usage(void); 142 143int 144main(int argc, char *argv[]) 145{ 146 struct stat from_sb, to_sb; 147 mode_t *set; 148 u_long fset; 149 int ch, no_target; 150 u_int iflags; 151 char *p; 152 const char *to_name; 153 154 iflags = 0; 155 group = owner = NULL; 156 while ((ch = getopt(argc, argv, "B:bCcD:df:g:h:l:M:m:N:o:pSsT:Uv")) != 157 -1) 158 switch((char)ch) { 159 case 'B': 160 suffix = optarg; 161 /* FALLTHROUGH */ 162 case 'b': 163 dobackup = 1; 164 break; 165 case 'C': 166 docompare = 1; 167 break; 168 case 'c': 169 /* For backwards compatibility. */ 170 break; 171 case 'D': 172 destdir = optarg; 173 break; 174 case 'd': 175 dodir = 1; 176 break; 177 case 'f': 178 haveopt_f = 1; 179 fflags = optarg; 180 break; 181 case 'g': 182 haveopt_g = 1; 183 group = optarg; 184 break; 185 case 'h': 186 digest = optarg; 187 break; 188 case 'l': 189 for (p = optarg; *p != '\0'; p++) 190 switch (*p) { 191 case 's': 192 dolink &= ~(LN_HARD|LN_MIXED); 193 dolink |= LN_SYMBOLIC; 194 break; 195 case 'h': 196 dolink &= ~(LN_SYMBOLIC|LN_MIXED); 197 dolink |= LN_HARD; 198 break; 199 case 'm': 200 dolink &= ~(LN_SYMBOLIC|LN_HARD); 201 dolink |= LN_MIXED; 202 break; 203 case 'a': 204 dolink &= ~LN_RELATIVE; 205 dolink |= LN_ABSOLUTE; 206 break; 207 case 'r': 208 dolink &= ~LN_ABSOLUTE; 209 dolink |= LN_RELATIVE; 210 break; 211 default: 212 errx(1, "%c: invalid link type", *p); 213 /* NOTREACHED */ 214 } 215 break; 216 case 'M': 217 metafile = optarg; 218 break; 219 case 'm': 220 haveopt_m = 1; 221 if (!(set = setmode(optarg))) 222 errx(EX_USAGE, "invalid file mode: %s", 223 optarg); 224 mode = getmode(set, 0); 225 free(set); 226 break; 227 case 'N': 228 if (!setup_getid(optarg)) 229 err(EX_OSERR, "Unable to use user and group " 230 "databases in `%s'", optarg); 231 break; 232 case 'o': 233 haveopt_o = 1; 234 owner = optarg; 235 break; 236 case 'p': 237 docompare = dopreserve = 1; 238 break; 239 case 'S': 240 safecopy = 1; 241 break; 242 case 's': 243 dostrip = 1; 244 break; 245 case 'T': 246 tags = optarg; 247 break; 248 case 'U': 249 dounpriv = 1; 250 break; 251 case 'v': 252 verbose = 1; 253 break; 254 case '?': 255 default: 256 usage(); 257 } 258 argc -= optind; 259 argv += optind; 260 261 /* some options make no sense when creating directories */ 262 if (dostrip && dodir) { 263 warnx("-d and -s may not be specified together"); 264 usage(); 265 } 266 267 if (getenv("DONTSTRIP") != NULL) { 268 warnx("DONTSTRIP set - will not strip installed binaries"); 269 dostrip = 0; 270 } 271 272 /* must have at least two arguments, except when creating directories */ 273 if (argc == 0 || (argc == 1 && !dodir)) 274 usage(); 275 276 if (digest != NULL) { 277 if (strcmp(digest, "none") == 0) { 278 digesttype = DIGEST_NONE; 279 } else if (strcmp(digest, "md5") == 0) { 280 digesttype = DIGEST_MD5; 281 } else if (strcmp(digest, "rmd160") == 0) { 282 digesttype = DIGEST_RIPEMD160; 283 } else if (strcmp(digest, "sha1") == 0) { 284 digesttype = DIGEST_SHA1; 285 } else if (strcmp(digest, "sha256") == 0) { 286 digesttype = DIGEST_SHA256; 287 } else if (strcmp(digest, "sha512") == 0) { 288 digesttype = DIGEST_SHA512; 289 } else { 290 warnx("unknown digest `%s'", digest); 291 usage(); 292 } 293 } 294 295 /* need to make a temp copy so we can compare stripped version */ 296 if (docompare && dostrip) 297 safecopy = 1; 298 299 /* get group and owner id's */ 300 if (group != NULL && !dounpriv) { 301 if (gid_from_group(group, &gid) == -1) { 302 id_t id; 303 if (!parseid(group, &id)) 304 errx(1, "unknown group %s", group); 305 gid = id; 306 } 307 } else 308 gid = (gid_t)-1; 309 310 if (owner != NULL && !dounpriv) { 311 if (uid_from_user(owner, &uid) == -1) { 312 id_t id; 313 if (!parseid(owner, &id)) 314 errx(1, "unknown user %s", owner); 315 uid = id; 316 } 317 } else 318 uid = (uid_t)-1; 319 320 if (fflags != NULL && !dounpriv) { 321 if (strtofflags(&fflags, &fset, NULL)) 322 errx(EX_USAGE, "%s: invalid flag", fflags); 323 iflags |= SETFLAGS; 324 } 325 326 if (metafile != NULL) { 327 if ((metafp = fopen(metafile, "a")) == NULL) 328 warn("open %s", metafile); 329 } else 330 digesttype = DIGEST_NONE; 331 332 if (dodir) { 333 for (; *argv != NULL; ++argv) 334 install_dir(*argv); 335 exit(EX_OK); 336 /* NOTREACHED */ 337 } 338 339 to_name = argv[argc - 1]; 340 no_target = stat(to_name, &to_sb); 341 if (!no_target && S_ISDIR(to_sb.st_mode)) { 342 if (dolink & LN_SYMBOLIC) { 343 if (lstat(to_name, &to_sb) != 0) 344 err(EX_OSERR, "%s vanished", to_name); 345 if (S_ISLNK(to_sb.st_mode)) { 346 if (argc != 2) { 347 errno = ENOTDIR; 348 err(EX_USAGE, "%s", to_name); 349 } 350 install(*argv, to_name, fset, iflags); 351 exit(EX_OK); 352 } 353 } 354 for (; *argv != to_name; ++argv) 355 install(*argv, to_name, fset, iflags | DIRECTORY); 356 exit(EX_OK); 357 /* NOTREACHED */ 358 } 359 360 /* can't do file1 file2 directory/file */ 361 if (argc != 2) { 362 if (no_target) 363 warnx("target directory `%s' does not exist", 364 argv[argc - 1]); 365 else 366 warnx("target `%s' is not a directory", 367 argv[argc - 1]); 368 usage(); 369 } 370 371 if (!no_target && !dolink) { 372 if (stat(*argv, &from_sb)) 373 err(EX_OSERR, "%s", *argv); 374 if (!S_ISREG(to_sb.st_mode)) { 375 errno = EFTYPE; 376 err(EX_OSERR, "%s", to_name); 377 } 378 if (to_sb.st_dev == from_sb.st_dev && 379 to_sb.st_ino == from_sb.st_ino) 380 errx(EX_USAGE, 381 "%s and %s are the same file", *argv, to_name); 382 } 383 install(*argv, to_name, fset, iflags); 384 exit(EX_OK); 385 /* NOTREACHED */ 386} 387 388static char * 389digest_file(const char *name) 390{ 391 392 switch (digesttype) { 393 case DIGEST_MD5: 394 return (MD5File(name, NULL)); 395 case DIGEST_RIPEMD160: 396 return (RIPEMD160_File(name, NULL)); 397 case DIGEST_SHA1: 398 return (SHA1_File(name, NULL)); 399 case DIGEST_SHA256: 400 return (SHA256_File(name, NULL)); 401 case DIGEST_SHA512: 402 return (SHA512_File(name, NULL)); 403 default: 404 return (NULL); 405 } 406} 407 408static void 409digest_init(DIGEST_CTX *c) 410{ 411 412 switch (digesttype) { 413 case DIGEST_NONE: 414 break; 415 case DIGEST_MD5: 416 MD5Init(&(c->MD5)); 417 break; 418 case DIGEST_RIPEMD160: 419 RIPEMD160_Init(&(c->RIPEMD160)); 420 break; 421 case DIGEST_SHA1: 422 SHA1_Init(&(c->SHA1)); 423 break; 424 case DIGEST_SHA256: 425 SHA256_Init(&(c->SHA256)); 426 break; 427 case DIGEST_SHA512: 428 SHA512_Init(&(c->SHA512)); 429 break; 430 } 431} 432 433static void 434digest_update(DIGEST_CTX *c, const unsigned char *data, size_t len) 435{ 436 437 switch (digesttype) { 438 case DIGEST_NONE: 439 break; 440 case DIGEST_MD5: 441 MD5Update(&(c->MD5), data, len); 442 break; 443 case DIGEST_RIPEMD160: 444 RIPEMD160_Update(&(c->RIPEMD160), data, len); 445 break; 446 case DIGEST_SHA1: 447 SHA1_Update(&(c->SHA1), data, len); 448 break; 449 case DIGEST_SHA256: 450 SHA256_Update(&(c->SHA256), data, len); 451 break; 452 case DIGEST_SHA512: 453 SHA512_Update(&(c->SHA512), data, len); 454 break; 455 } 456} 457 458static char * 459digest_end(DIGEST_CTX *c, char *buf) 460{ 461 462 switch (digesttype) { 463 case DIGEST_MD5: 464 return (MD5End(&(c->MD5), buf)); 465 case DIGEST_RIPEMD160: 466 return (RIPEMD160_End(&(c->RIPEMD160), buf)); 467 case DIGEST_SHA1: 468 return (SHA1_End(&(c->SHA1), buf)); 469 case DIGEST_SHA256: 470 return (SHA256_End(&(c->SHA256), buf)); 471 case DIGEST_SHA512: 472 return (SHA512_End(&(c->SHA512), buf)); 473 default: 474 return (NULL); 475 } 476} 477 478/* 479 * parseid -- 480 * parse uid or gid from arg into id, returning non-zero if successful 481 */ 482static int 483parseid(const char *name, id_t *id) 484{ 485 char *ep; 486 errno = 0; 487 *id = (id_t)strtoul(name, &ep, 10); 488 if (errno || *ep != '\0') 489 return (0); 490 return (1); 491} 492 493/* 494 * quiet_mktemp -- 495 * mktemp implementation used mkstemp to avoid mktemp warnings. We 496 * really do need mktemp semantics here as we will be creating a link. 497 */ 498static char * 499quiet_mktemp(char *template) 500{ 501 int fd; 502 503 if ((fd = mkstemp(template)) == -1) 504 return (NULL); 505 close (fd); 506 if (unlink(template) == -1) 507 err(EX_OSERR, "unlink %s", template); 508 return (template); 509} 510 511/* 512 * do_link -- 513 * make a hard link, obeying dorename if set 514 * return -1 on failure 515 */ 516static int 517do_link(const char *from_name, const char *to_name, 518 const struct stat *target_sb) 519{ 520 char tmpl[MAXPATHLEN]; 521 int ret; 522 523 if (safecopy && target_sb != NULL) { 524 (void)snprintf(tmpl, sizeof(tmpl), "%s.inst.XXXXXX", to_name); 525 /* This usage is safe. */ 526 if (quiet_mktemp(tmpl) == NULL) 527 err(EX_OSERR, "%s: mktemp", tmpl); 528 ret = link(from_name, tmpl); 529 if (ret == 0) { 530 if (target_sb->st_mode & S_IFDIR && rmdir(to_name) == 531 -1) { 532 unlink(tmpl); 533 err(EX_OSERR, "%s", to_name); 534 } 535 if (target_sb->st_flags & NOCHANGEBITS) 536 (void)chflags(to_name, target_sb->st_flags & 537 ~NOCHANGEBITS); 538 unlink(to_name); 539 ret = rename(tmpl, to_name); 540 /* 541 * If rename has posix semantics, then the temporary 542 * file may still exist when from_name and to_name point 543 * to the same file, so unlink it unconditionally. 544 */ 545 (void)unlink(tmpl); 546 } 547 return (ret); 548 } else 549 return (link(from_name, to_name)); 550} 551 552/* 553 * do_symlink -- 554 * Make a symbolic link, obeying dorename if set. Exit on failure. 555 */ 556static void 557do_symlink(const char *from_name, const char *to_name, 558 const struct stat *target_sb) 559{ 560 char tmpl[MAXPATHLEN]; 561 562 if (safecopy && target_sb != NULL) { 563 (void)snprintf(tmpl, sizeof(tmpl), "%s.inst.XXXXXX", to_name); 564 /* This usage is safe. */ 565 if (quiet_mktemp(tmpl) == NULL) 566 err(EX_OSERR, "%s: mktemp", tmpl); 567 568 if (symlink(from_name, tmpl) == -1) 569 err(EX_OSERR, "symlink %s -> %s", from_name, tmpl); 570 571 if (target_sb->st_mode & S_IFDIR && rmdir(to_name) == -1) { 572 (void)unlink(tmpl); 573 err(EX_OSERR, "%s", to_name); 574 } 575 if (target_sb->st_flags & NOCHANGEBITS) 576 (void)chflags(to_name, target_sb->st_flags & 577 ~NOCHANGEBITS); 578 unlink(to_name); 579 580 if (rename(tmpl, to_name) == -1) { 581 /* Remove temporary link before exiting. */ 582 (void)unlink(tmpl); 583 err(EX_OSERR, "%s: rename", to_name); 584 } 585 } else { 586 if (symlink(from_name, to_name) == -1) 587 err(EX_OSERR, "symlink %s -> %s", from_name, to_name); 588 } 589} 590 591/* 592 * makelink -- 593 * make a link from source to destination 594 */ 595static void 596makelink(const char *from_name, const char *to_name, 597 const struct stat *target_sb) 598{ 599 char src[MAXPATHLEN], dst[MAXPATHLEN], lnk[MAXPATHLEN]; 600 struct stat to_sb; 601 602 /* Try hard links first. */ 603 if (dolink & (LN_HARD|LN_MIXED)) { 604 if (do_link(from_name, to_name, target_sb) == -1) { 605 if ((dolink & LN_HARD) || errno != EXDEV) 606 err(EX_OSERR, "link %s -> %s", from_name, to_name); 607 } else { 608 if (stat(to_name, &to_sb)) 609 err(EX_OSERR, "%s: stat", to_name); 610 if (S_ISREG(to_sb.st_mode)) { 611 /* 612 * XXX: hard links to anything other than 613 * plain files are not metalogged 614 */ 615 int omode; 616 const char *oowner, *ogroup; 617 char *offlags; 618 char *dres; 619 620 /* 621 * XXX: use underlying perms, unless 622 * overridden on command line. 623 */ 624 omode = mode; 625 if (!haveopt_m) 626 mode = (to_sb.st_mode & 0777); 627 oowner = owner; 628 if (!haveopt_o) 629 owner = NULL; 630 ogroup = group; 631 if (!haveopt_g) 632 group = NULL; 633 offlags = fflags; 634 if (!haveopt_f) 635 fflags = NULL; 636 dres = digest_file(from_name); 637 metadata_log(to_name, "file", NULL, NULL, 638 dres, to_sb.st_size); 639 free(dres); 640 mode = omode; 641 owner = oowner; 642 group = ogroup; 643 fflags = offlags; 644 } 645 return; 646 } 647 } 648 649 /* Symbolic links. */ 650 if (dolink & LN_ABSOLUTE) { 651 /* Convert source path to absolute. */ 652 if (realpath(from_name, src) == NULL) 653 err(EX_OSERR, "%s: realpath", from_name); 654 do_symlink(src, to_name, target_sb); 655 /* XXX: src may point outside of destdir */ 656 metadata_log(to_name, "link", NULL, src, NULL, 0); 657 return; 658 } 659 660 if (dolink & LN_RELATIVE) { 661 char *cp, *d, *s; 662 663 /* Resolve pathnames. */ 664 if (realpath(from_name, src) == NULL) 665 err(EX_OSERR, "%s: realpath", from_name); 666 667 /* 668 * The last component of to_name may be a symlink, 669 * so use realpath to resolve only the directory. 670 */ 671 cp = dirname(to_name); 672 if (realpath(cp, dst) == NULL) 673 err(EX_OSERR, "%s: realpath", cp); 674 /* .. and add the last component. */ 675 if (strcmp(dst, "/") != 0) { 676 if (strlcat(dst, "/", sizeof(dst)) > sizeof(dst)) 677 errx(1, "resolved pathname too long"); 678 } 679 cp = basename(to_name); 680 if (strlcat(dst, cp, sizeof(dst)) > sizeof(dst)) 681 errx(1, "resolved pathname too long"); 682 683 /* Trim common path components. */ 684 for (s = src, d = dst; *s == *d; s++, d++) 685 continue; 686 while (*s != '/') 687 s--, d--; 688 689 /* Count the number of directories we need to backtrack. */ 690 for (++d, lnk[0] = '\0'; *d; d++) 691 if (*d == '/') 692 (void)strlcat(lnk, "../", sizeof(lnk)); 693 694 (void)strlcat(lnk, ++s, sizeof(lnk)); 695 696 do_symlink(lnk, to_name, target_sb); 697 /* XXX: Link may point outside of destdir. */ 698 metadata_log(to_name, "link", NULL, lnk, NULL, 0); 699 return; 700 } 701 702 /* 703 * If absolute or relative was not specified, try the names the 704 * user provided. 705 */ 706 do_symlink(from_name, to_name, target_sb); 707 /* XXX: from_name may point outside of destdir. */ 708 metadata_log(to_name, "link", NULL, from_name, NULL, 0); 709} 710 711/* 712 * install -- 713 * build a path name and install the file 714 */ 715static void 716install(const char *from_name, const char *to_name, u_long fset, u_int flags) 717{ 718 struct stat from_sb, temp_sb, to_sb; 719 struct timeval tvb[2]; 720 int devnull, files_match, from_fd, serrno, target; 721 int tempcopy, temp_fd, to_fd; 722 char backup[MAXPATHLEN], *p, pathbuf[MAXPATHLEN], tempfile[MAXPATHLEN]; 723 char *digestresult; 724 725 files_match = 0; 726 from_fd = -1; 727 to_fd = -1; 728 729 /* If try to install NULL file to a directory, fails. */ 730 if (flags & DIRECTORY || strcmp(from_name, _PATH_DEVNULL)) { 731 if (!dolink) { 732 if (stat(from_name, &from_sb)) 733 err(EX_OSERR, "%s", from_name); 734 if (!S_ISREG(from_sb.st_mode)) { 735 errno = EFTYPE; 736 err(EX_OSERR, "%s", from_name); 737 } 738 } 739 /* Build the target path. */ 740 if (flags & DIRECTORY) { 741 (void)snprintf(pathbuf, sizeof(pathbuf), "%s/%s", 742 to_name, 743 (p = strrchr(from_name, '/')) ? ++p : from_name); 744 to_name = pathbuf; 745 } 746 devnull = 0; 747 } else { 748 devnull = 1; 749 } 750 751 if (!dolink) 752 target = (stat(to_name, &to_sb) == 0); 753 else 754 target = (lstat(to_name, &to_sb) == 0); 755 756 if (dolink) { 757 if (target && !safecopy) { 758 if (to_sb.st_mode & S_IFDIR && rmdir(to_name) == -1) 759 err(EX_OSERR, "%s", to_name); 760 if (to_sb.st_flags & NOCHANGEBITS) 761 (void)chflags(to_name, 762 to_sb.st_flags & ~NOCHANGEBITS); 763 unlink(to_name); 764 } 765 makelink(from_name, to_name, target ? &to_sb : NULL); 766 return; 767 } 768 769 /* Only install to regular files. */ 770 if (target && !S_ISREG(to_sb.st_mode)) { 771 errno = EFTYPE; 772 warn("%s", to_name); 773 return; 774 } 775 776 /* Only copy safe if the target exists. */ 777 tempcopy = safecopy && target; 778 779 if (!devnull && (from_fd = open(from_name, O_RDONLY, 0)) < 0) 780 err(EX_OSERR, "%s", from_name); 781 782 /* If we don't strip, we can compare first. */ 783 if (docompare && !dostrip && target) { 784 if ((to_fd = open(to_name, O_RDONLY, 0)) < 0) 785 err(EX_OSERR, "%s", to_name); 786 if (devnull) 787 files_match = to_sb.st_size == 0; 788 else 789 files_match = !(compare(from_fd, from_name, 790 (size_t)from_sb.st_size, to_fd, 791 to_name, (size_t)to_sb.st_size, &digestresult)); 792 793 /* Close "to" file unless we match. */ 794 if (!files_match) 795 (void)close(to_fd); 796 } 797 798 if (!files_match) { 799 if (tempcopy) { 800 to_fd = create_tempfile(to_name, tempfile, 801 sizeof(tempfile)); 802 if (to_fd < 0) 803 err(EX_OSERR, "%s", tempfile); 804 } else { 805 if ((to_fd = create_newfile(to_name, target, 806 &to_sb)) < 0) 807 err(EX_OSERR, "%s", to_name); 808 if (verbose) 809 (void)printf("install: %s -> %s\n", 810 from_name, to_name); 811 } 812 if (!devnull) 813 digestresult = copy(from_fd, from_name, to_fd, 814 tempcopy ? tempfile : to_name, from_sb.st_size); 815 else 816 digestresult = NULL; 817 } 818 819 if (dostrip) { 820 strip(tempcopy ? tempfile : to_name); 821 822 /* 823 * Re-open our fd on the target, in case we used a strip 824 * that does not work in-place -- like GNU binutils strip. 825 */ 826 close(to_fd); 827 to_fd = open(tempcopy ? tempfile : to_name, O_RDONLY, 0); 828 if (to_fd < 0) 829 err(EX_OSERR, "stripping %s", to_name); 830 } 831 832 /* 833 * Compare the stripped temp file with the target. 834 */ 835 if (docompare && dostrip && target) { 836 temp_fd = to_fd; 837 838 /* Re-open to_fd using the real target name. */ 839 if ((to_fd = open(to_name, O_RDONLY, 0)) < 0) 840 err(EX_OSERR, "%s", to_name); 841 842 if (fstat(temp_fd, &temp_sb)) { 843 serrno = errno; 844 (void)unlink(tempfile); 845 errno = serrno; 846 err(EX_OSERR, "%s", tempfile); 847 } 848 849 if (compare(temp_fd, tempfile, (size_t)temp_sb.st_size, to_fd, 850 to_name, (size_t)to_sb.st_size, &digestresult) 851 == 0) { 852 /* 853 * If target has more than one link we need to 854 * replace it in order to snap the extra links. 855 * Need to preserve target file times, though. 856 */ 857 if (to_sb.st_nlink != 1) { 858 tvb[0].tv_sec = to_sb.st_atime; 859 tvb[0].tv_usec = 0; 860 tvb[1].tv_sec = to_sb.st_mtime; 861 tvb[1].tv_usec = 0; 862 (void)utimes(tempfile, tvb); 863 } else { 864 files_match = 1; 865 (void)unlink(tempfile); 866 } 867 (void) close(temp_fd); 868 } 869 } 870 871 if (dostrip && (!docompare || !target)) 872 digestresult = digest_file(tempfile); 873 874 /* 875 * Move the new file into place if doing a safe copy 876 * and the files are different (or just not compared). 877 */ 878 if (tempcopy && !files_match) { 879 /* Try to turn off the immutable bits. */ 880 if (to_sb.st_flags & NOCHANGEBITS) 881 (void)chflags(to_name, to_sb.st_flags & ~NOCHANGEBITS); 882 if (dobackup) { 883 if ((size_t)snprintf(backup, MAXPATHLEN, "%s%s", to_name, 884 suffix) != strlen(to_name) + strlen(suffix)) { 885 unlink(tempfile); 886 errx(EX_OSERR, "%s: backup filename too long", 887 to_name); 888 } 889 if (verbose) 890 (void)printf("install: %s -> %s\n", to_name, backup); 891 if (rename(to_name, backup) < 0) { 892 serrno = errno; 893 unlink(tempfile); 894 errno = serrno; 895 err(EX_OSERR, "rename: %s to %s", to_name, 896 backup); 897 } 898 } 899 if (verbose) 900 (void)printf("install: %s -> %s\n", from_name, to_name); 901 if (rename(tempfile, to_name) < 0) { 902 serrno = errno; 903 unlink(tempfile); 904 errno = serrno; 905 err(EX_OSERR, "rename: %s to %s", 906 tempfile, to_name); 907 } 908 909 /* Re-open to_fd so we aren't hosed by the rename(2). */ 910 (void) close(to_fd); 911 if ((to_fd = open(to_name, O_RDONLY, 0)) < 0) 912 err(EX_OSERR, "%s", to_name); 913 } 914 915 /* 916 * Preserve the timestamp of the source file if necessary. 917 */ 918 if (dopreserve && !files_match && !devnull) { 919 tvb[0].tv_sec = from_sb.st_atime; 920 tvb[0].tv_usec = 0; 921 tvb[1].tv_sec = from_sb.st_mtime; 922 tvb[1].tv_usec = 0; 923 (void)utimes(to_name, tvb); 924 } 925 926 if (fstat(to_fd, &to_sb) == -1) { 927 serrno = errno; 928 (void)unlink(to_name); 929 errno = serrno; 930 err(EX_OSERR, "%s", to_name); 931 } 932 933 /* 934 * Set owner, group, mode for target; do the chown first, 935 * chown may lose the setuid bits. 936 */ 937 if (!dounpriv && ((gid != (gid_t)-1 && gid != to_sb.st_gid) || 938 (uid != (uid_t)-1 && uid != to_sb.st_uid) || 939 (mode != (to_sb.st_mode & ALLPERMS)))) { 940 /* Try to turn off the immutable bits. */ 941 if (to_sb.st_flags & NOCHANGEBITS) 942 (void)fchflags(to_fd, to_sb.st_flags & ~NOCHANGEBITS); 943 } 944 945 if (!dounpriv & 946 (gid != (gid_t)-1 && gid != to_sb.st_gid) || 947 (uid != (uid_t)-1 && uid != to_sb.st_uid)) 948 if (fchown(to_fd, uid, gid) == -1) { 949 serrno = errno; 950 (void)unlink(to_name); 951 errno = serrno; 952 err(EX_OSERR,"%s: chown/chgrp", to_name); 953 } 954 955 if (mode != (to_sb.st_mode & ALLPERMS)) { 956 if (fchmod(to_fd, 957 dounpriv ? mode & (S_IRWXU|S_IRWXG|S_IRWXO) : mode)) { 958 serrno = errno; 959 (void)unlink(to_name); 960 errno = serrno; 961 err(EX_OSERR, "%s: chmod", to_name); 962 } 963 } 964 965 /* 966 * If provided a set of flags, set them, otherwise, preserve the 967 * flags, except for the dump flag. 968 * NFS does not support flags. Ignore EOPNOTSUPP flags if we're just 969 * trying to turn off UF_NODUMP. If we're trying to set real flags, 970 * then warn if the fs doesn't support it, otherwise fail. 971 */ 972 if (!dounpriv & !devnull && (flags & SETFLAGS || 973 (from_sb.st_flags & ~UF_NODUMP) != to_sb.st_flags) && 974 fchflags(to_fd, 975 flags & SETFLAGS ? fset : from_sb.st_flags & ~UF_NODUMP)) { 976 if (flags & SETFLAGS) { 977 if (errno == EOPNOTSUPP) 978 warn("%s: chflags", to_name); 979 else { 980 serrno = errno; 981 (void)unlink(to_name); 982 errno = serrno; 983 err(EX_OSERR, "%s: chflags", to_name); 984 } 985 } 986 } 987 988 (void)close(to_fd); 989 if (!devnull) 990 (void)close(from_fd); 991 992 metadata_log(to_name, "file", tvb, NULL, digestresult, to_sb.st_size); 993 free(digestresult); 994} 995 996/* 997 * compare -- 998 * compare two files; non-zero means files differ 999 */ 1000static int 1001compare(int from_fd, const char *from_name __unused, size_t from_len, 1002 int to_fd, const char *to_name __unused, size_t to_len, 1003 char **dresp) 1004{ 1005 char *p, *q; 1006 int rv; 1007 int done_compare; 1008 DIGEST_CTX ctx; 1009 1010 rv = 0; 1011 if (from_len != to_len) 1012 return 1; 1013 1014 if (from_len <= MAX_CMP_SIZE) { 1015 if (dresp != NULL) 1016 digest_init(&ctx); 1017 done_compare = 0; 1018 if (trymmap(from_fd) && trymmap(to_fd)) { 1019 p = mmap(NULL, from_len, PROT_READ, MAP_SHARED, 1020 from_fd, (off_t)0); 1021 if (p == (char *)MAP_FAILED) 1022 goto out; 1023 q = mmap(NULL, from_len, PROT_READ, MAP_SHARED, 1024 to_fd, (off_t)0); 1025 if (q == (char *)MAP_FAILED) { 1026 munmap(p, from_len); 1027 goto out; 1028 } 1029 1030 rv = memcmp(p, q, from_len); 1031 if (dresp != NULL) 1032 digest_update(&ctx, p, from_len); 1033 munmap(p, from_len); 1034 munmap(q, from_len); 1035 done_compare = 1; 1036 } 1037 out: 1038 if (!done_compare) { 1039 char buf1[MAXBSIZE]; 1040 char buf2[MAXBSIZE]; 1041 int n1, n2; 1042 1043 rv = 0; 1044 lseek(from_fd, 0, SEEK_SET); 1045 lseek(to_fd, 0, SEEK_SET); 1046 while (rv == 0) { 1047 n1 = read(from_fd, buf1, sizeof(buf1)); 1048 if (n1 == 0) 1049 break; /* EOF */ 1050 else if (n1 > 0) { 1051 n2 = read(to_fd, buf2, n1); 1052 if (n2 == n1) 1053 rv = memcmp(buf1, buf2, n1); 1054 else 1055 rv = 1; /* out of sync */ 1056 } else 1057 rv = 1; /* read failure */ 1058 digest_update(&ctx, buf1, n1); 1059 } 1060 lseek(from_fd, 0, SEEK_SET); 1061 lseek(to_fd, 0, SEEK_SET); 1062 } 1063 } else 1064 rv = 1; /* don't bother in this case */ 1065 1066 if (dresp != NULL) { 1067 if (rv == 0) 1068 *dresp = digest_end(&ctx, NULL); 1069 else 1070 (void)digest_end(&ctx, NULL); 1071 } 1072 1073 return rv; 1074} 1075 1076/* 1077 * create_tempfile -- 1078 * create a temporary file based on path and open it 1079 */ 1080static int 1081create_tempfile(const char *path, char *temp, size_t tsize) 1082{ 1083 char *p; 1084 1085 (void)strncpy(temp, path, tsize); 1086 temp[tsize - 1] = '\0'; 1087 if ((p = strrchr(temp, '/')) != NULL) 1088 p++; 1089 else 1090 p = temp; 1091 (void)strncpy(p, "INS@XXXX", &temp[tsize - 1] - p); 1092 temp[tsize - 1] = '\0'; 1093 return (mkstemp(temp)); 1094} 1095 1096/* 1097 * create_newfile -- 1098 * create a new file, overwriting an existing one if necessary 1099 */ 1100static int 1101create_newfile(const char *path, int target, struct stat *sbp) 1102{ 1103 char backup[MAXPATHLEN]; 1104 int saved_errno = 0; 1105 int newfd; 1106 1107 if (target) { 1108 /* 1109 * Unlink now... avoid ETXTBSY errors later. Try to turn 1110 * off the append/immutable bits -- if we fail, go ahead, 1111 * it might work. 1112 */ 1113 if (sbp->st_flags & NOCHANGEBITS) 1114 (void)chflags(path, sbp->st_flags & ~NOCHANGEBITS); 1115 1116 if (dobackup) { 1117 if ((size_t)snprintf(backup, MAXPATHLEN, "%s%s", 1118 path, suffix) != strlen(path) + strlen(suffix)) 1119 errx(EX_OSERR, "%s: backup filename too long", 1120 path); 1121 (void)snprintf(backup, MAXPATHLEN, "%s%s", 1122 path, suffix); 1123 if (verbose) 1124 (void)printf("install: %s -> %s\n", 1125 path, backup); 1126 if (rename(path, backup) < 0) 1127 err(EX_OSERR, "rename: %s to %s", path, backup); 1128 } else 1129 if (unlink(path) < 0) 1130 saved_errno = errno; 1131 } 1132 1133 newfd = open(path, O_CREAT | O_RDWR | O_TRUNC, S_IRUSR | S_IWUSR); 1134 if (newfd < 0 && saved_errno != 0) 1135 errno = saved_errno; 1136 return newfd; 1137} 1138 1139/* 1140 * copy -- 1141 * copy from one file to another 1142 */ 1143static char * 1144copy(int from_fd, const char *from_name, int to_fd, const char *to_name, 1145 off_t size) 1146{ 1147 int nr, nw; 1148 int serrno; 1149 char *p, buf[MAXBSIZE]; 1150 int done_copy; 1151 DIGEST_CTX ctx; 1152 1153 /* Rewind file descriptors. */ 1154 if (lseek(from_fd, (off_t)0, SEEK_SET) == (off_t)-1) 1155 err(EX_OSERR, "lseek: %s", from_name); 1156 if (lseek(to_fd, (off_t)0, SEEK_SET) == (off_t)-1) 1157 err(EX_OSERR, "lseek: %s", to_name); 1158 1159 digest_init(&ctx); 1160 1161 /* 1162 * Mmap and write if less than 8M (the limit is so we don't totally 1163 * trash memory on big files. This is really a minor hack, but it 1164 * wins some CPU back. 1165 */ 1166 done_copy = 0; 1167 if (size <= 8 * 1048576 && trymmap(from_fd) && 1168 (p = mmap(NULL, (size_t)size, PROT_READ, MAP_SHARED, 1169 from_fd, (off_t)0)) != (char *)MAP_FAILED) { 1170 nw = write(to_fd, p, size); 1171 if (nw != size) { 1172 serrno = errno; 1173 (void)unlink(to_name); 1174 if (nw >= 0) { 1175 errx(EX_OSERR, 1176 "short write to %s: %jd bytes written, %jd bytes asked to write", 1177 to_name, (uintmax_t)nw, (uintmax_t)size); 1178 } else { 1179 errno = serrno; 1180 err(EX_OSERR, "%s", to_name); 1181 } 1182 } 1183 digest_update(&ctx, p, size); 1184 (void)munmap(p, size); 1185 done_copy = 1; 1186 } 1187 if (!done_copy) { 1188 while ((nr = read(from_fd, buf, sizeof(buf))) > 0) { 1189 if ((nw = write(to_fd, buf, nr)) != nr) { 1190 serrno = errno; 1191 (void)unlink(to_name); 1192 if (nw >= 0) { 1193 errx(EX_OSERR, 1194 "short write to %s: %jd bytes written, %jd bytes asked to write", 1195 to_name, (uintmax_t)nw, 1196 (uintmax_t)size); 1197 } else { 1198 errno = serrno; 1199 err(EX_OSERR, "%s", to_name); 1200 } 1201 } 1202 digest_update(&ctx, buf, nr); 1203 } 1204 if (nr != 0) { 1205 serrno = errno; 1206 (void)unlink(to_name); 1207 errno = serrno; 1208 err(EX_OSERR, "%s", from_name); 1209 } 1210 } 1211 return (digest_end(&ctx, NULL)); 1212} 1213 1214/* 1215 * strip -- 1216 * use strip(1) to strip the target file 1217 */ 1218static void 1219strip(const char *to_name) 1220{ 1221 const char *stripbin; 1222 int serrno, status; 1223 1224 switch (fork()) { 1225 case -1: 1226 serrno = errno; 1227 (void)unlink(to_name); 1228 errno = serrno; 1229 err(EX_TEMPFAIL, "fork"); 1230 case 0: 1231 stripbin = getenv("STRIPBIN"); 1232 if (stripbin == NULL) 1233 stripbin = "strip"; 1234 execlp(stripbin, stripbin, to_name, (char *)NULL); 1235 err(EX_OSERR, "exec(%s)", stripbin); 1236 default: 1237 if (wait(&status) == -1 || status) { 1238 serrno = errno; 1239 (void)unlink(to_name); 1240 errc(EX_SOFTWARE, serrno, "wait"); 1241 /* NOTREACHED */ 1242 } 1243 } 1244} 1245 1246/* 1247 * install_dir -- 1248 * build directory hierarchy 1249 */ 1250static void 1251install_dir(char *path) 1252{ 1253 char *p; 1254 struct stat sb; 1255 int ch; 1256 1257 for (p = path;; ++p) 1258 if (!*p || (p != path && *p == '/')) { 1259 ch = *p; 1260 *p = '\0'; 1261 if (stat(path, &sb)) { 1262 if (errno != ENOENT || mkdir(path, 0755) < 0) { 1263 err(EX_OSERR, "mkdir %s", path); 1264 /* NOTREACHED */ 1265 } else if (verbose) 1266 (void)printf("install: mkdir %s\n", 1267 path); 1268 } else if (!S_ISDIR(sb.st_mode)) 1269 errx(EX_OSERR, "%s exists but is not a directory", path); 1270 if (!(*p = ch)) 1271 break; 1272 } 1273 1274 if (!dounpriv) { 1275 if ((gid != (gid_t)-1 || uid != (uid_t)-1) && 1276 chown(path, uid, gid)) 1277 warn("chown %u:%u %s", uid, gid, path); 1278 /* XXXBED: should we do the chmod in the dounpriv case? */ 1279 if (chmod(path, mode)) 1280 warn("chmod %o %s", mode, path); 1281 } 1282 metadata_log(path, "dir", NULL, NULL, NULL, 0); 1283} 1284 1285/* 1286 * metadata_log -- 1287 * if metafp is not NULL, output mtree(8) full path name and settings to 1288 * metafp, to allow permissions to be set correctly by other tools, 1289 * or to allow integrity checks to be performed. 1290 */ 1291static void 1292metadata_log(const char *path, const char *type, struct timeval *tv, 1293 const char *slink, const char *digestresult, off_t size) 1294{ 1295 static const char extra[] = { ' ', '\t', '\n', '\\', '#', '\0' }; 1296 const char *p; 1297 char *buf; 1298 size_t destlen; 1299 struct flock metalog_lock; 1300 1301 if (!metafp) 1302 return; 1303 /* Buffer for strsvis(3). */ 1304 buf = (char *)malloc(4 * strlen(path) + 1); 1305 if (buf == NULL) { 1306 warnx("%s", strerror(ENOMEM)); 1307 return; 1308 } 1309 1310 /* Lock log file. */ 1311 metalog_lock.l_start = 0; 1312 metalog_lock.l_len = 0; 1313 metalog_lock.l_whence = SEEK_SET; 1314 metalog_lock.l_type = F_WRLCK; 1315 if (fcntl(fileno(metafp), F_SETLKW, &metalog_lock) == -1) { 1316 warn("can't lock %s", metafile); 1317 free(buf); 1318 return; 1319 } 1320 1321 /* Remove destdir. */ 1322 p = path; 1323 if (destdir) { 1324 destlen = strlen(destdir); 1325 if (strncmp(p, destdir, destlen) == 0 && 1326 (p[destlen] == '/' || p[destlen] == '\0')) 1327 p += destlen; 1328 } 1329 while (*p && *p == '/') 1330 p++; 1331 strsvis(buf, p, VIS_OCTAL, extra); 1332 p = buf; 1333 /* Print details. */ 1334 fprintf(metafp, ".%s%s type=%s", *p ? "/" : "", p, type); 1335 if (owner) 1336 fprintf(metafp, " uname=%s", owner); 1337 if (group) 1338 fprintf(metafp, " gname=%s", group); 1339 fprintf(metafp, " mode=%#o", mode); 1340 if (slink) { 1341 strsvis(buf, slink, VIS_CSTYLE, extra); /* encode link */ 1342 fprintf(metafp, " link=%s", buf); 1343 } 1344 if (*type == 'f') /* type=file */ 1345 fprintf(metafp, " size=%lld", (long long)size); 1346 if (tv != NULL && dopreserve) 1347 fprintf(metafp, " time=%lld.%ld", 1348 (long long)tv[1].tv_sec, (long)tv[1].tv_usec); 1349 if (digestresult && digest) 1350 fprintf(metafp, " %s=%s", digest, digestresult); 1351 if (fflags) 1352 fprintf(metafp, " flags=%s", fflags); 1353 if (tags) 1354 fprintf(metafp, " tags=%s", tags); 1355 fputc('\n', metafp); 1356 /* Flush line. */ 1357 fflush(metafp); 1358 1359 /* Unlock log file. */ 1360 metalog_lock.l_type = F_UNLCK; 1361 if (fcntl(fileno(metafp), F_SETLKW, &metalog_lock) == -1) 1362 warn("can't unlock %s", metafile); 1363 free(buf); 1364} 1365 1366/* 1367 * usage -- 1368 * print a usage message and die 1369 */ 1370static void 1371usage(void) 1372{ 1373 (void)fprintf(stderr, 1374"usage: install [-bCcpSsUv] [-f flags] [-g group] [-m mode] [-o owner]\n" 1375" [-M log] [-D dest] [-h hash] [-T tags]\n" 1376" [-B suffix] [-l linkflags] [-N dbdir]\n" 1377" file1 file2\n" 1378" install [-bCcpSsUv] [-f flags] [-g group] [-m mode] [-o owner]\n" 1379" [-M log] [-D dest] [-h hash] [-T tags]\n" 1380" [-B suffix] [-l linkflags] [-N dbdir]\n" 1381" file1 ... fileN directory\n" 1382" install -dU [-vU] [-g group] [-m mode] [-N dbdir] [-o owner]\n" 1383" [-M log] [-D dest] [-h hash] [-T tags]\n" 1384" directory ...\n"); 1385 exit(EX_USAGE); 1386 /* NOTREACHED */ 1387} 1388 1389/* 1390 * trymmap -- 1391 * return true (1) if mmap should be tried, false (0) if not. 1392 */ 1393static int 1394trymmap(int fd) 1395{ 1396/* 1397 * The ifdef is for bootstrapping - f_fstypename doesn't exist in 1398 * pre-Lite2-merge systems. 1399 */ 1400#ifdef MFSNAMELEN 1401 struct statfs stfs; 1402 1403 if (fstatfs(fd, &stfs) != 0) 1404 return (0); 1405 if (strcmp(stfs.f_fstypename, "ufs") == 0 || 1406 strcmp(stfs.f_fstypename, "cd9660") == 0) 1407 return (1); 1408#endif 1409 return (0); 1410} 1411