| blob | 2a85578a607797faff754e73be98ea73bcc6bf07 |
1 /* copy.c -- core functions for copying files and directories
2 Copyright (C) 89, 90, 91, 1995-2006 Free Software Foundation.
4 This program is free software; you can redistribute it and/or modify
5 it under the terms of the GNU General Public License as published by
6 the Free Software Foundation; either version 2, or (at your option)
7 any later version.
9 This program is distributed in the hope that it will be useful,
10 but WITHOUT ANY WARRANTY; without even the implied warranty of
11 MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
12 GNU General Public License for more details.
14 You should have received a copy of the GNU General Public License
15 along with this program; if not, write to the Free Software Foundation,
16 Inc., 51 Franklin Street, Fifth Floor, Boston, MA 02110-1301, USA. */
18 /* Extracted from cp.c and librarified by Jim Meyering. */
20 #include <config.h>
21 #include <stdio.h>
22 #include <assert.h>
23 #include <sys/types.h>
25 #if HAVE_HURD_H
26 # include <hurd.h>
27 #endif
28 #if HAVE_PRIV_H
29 # include <priv.h>
30 #endif
56 #ifndef HAVE_FCHOWN
57 # define HAVE_FCHOWN false
58 # define fchown(fd, uid, gid) (-1)
59 #endif
61 #define SAME_OWNER(A, B) ((A).st_uid == (B).st_uid)
62 #define SAME_GROUP(A, B) ((A).st_gid == (B).st_gid)
63 #define SAME_OWNER_AND_GROUP(A, B) (SAME_OWNER (A, B) && SAME_GROUP (A, B))
65 #define UNWRITABLE(File_name, File_mode) \
67 ! S_ISLNK (File_mode) \
68 && euidaccess (File_name, W_OK) != 0)
70 struct dir_list
71 {
73 ino_t ino;
74 dev_t dev;
75 };
77 /* Describe a just-created or just-renamed destination file. */
78 struct F_triple
79 {
81 ino_t st_ino;
82 dev_t st_dev;
83 };
85 /* Initial size of the above hash table. */
86 #define DEST_INFO_INITIAL_CAPACITY 61
96 /* Pointers to the file names: they're used in the diagnostic that is issued
97 when we detect the user is trying to copy a directory into itself. */
101 /* The invocation name of this program. */
104 /* FIXME: describe */
105 /* FIXME: rewrite this to use a hash table so we avoid the quadratic
106 performance hit that's probably noticeable only on trees deeper
107 than a few hundred levels. See use of active_dir_map in remove.c */
109 static bool
111 {
113 {
117 }
119 }
121 /* Read the contents of the directory SRC_NAME_IN, and recursively
122 copy the contents to DST_NAME_IN. NEW_DST is true if
123 DST_NAME_IN is a directory that was created previously in the
124 recursion. SRC_SB and ANCESTORS describe SRC_NAME_IN.
125 Set *COPY_INTO_SELF if SRC_NAME_IN is a parent of
126 (or the same as) DST_NAME_IN; otherwise, clear it.
127 Return true if successful. */
129 static bool
133 {
141 {
142 /* This diagnostic is a bit vague because savedir can fail in
143 several different ways. */
146 }
148 /* For cp's -H option, dereference command line arguments, but do not
149 dereference symlinks that are found via recursive traversal. */
155 {
169 }
172 }
174 /* Set the owner and owning group of DEST_DESC to the st_uid and
175 st_gid fields of SRC_SB. If DEST_DESC is undefined (-1), set
176 the owner and owning group of DST_NAME instead. DEST_DESC must
177 refer to the same file as DEST_NAME if defined.
178 Return true if the syscall succeeds, or if it's ok not to
179 preserve ownership. */
181 static bool
184 {
186 {
189 }
190 else
191 {
194 }
197 {
202 }
205 }
207 /* Set the st_author field of DEST_DESC to the st_author field of
208 SRC_SB. If DEST_DESC is undefined (-1), set the st_author field
209 of DST_NAME instead. DEST_DESC must refer to the same file as
210 DEST_NAME if defined. */
212 static void
214 {
215 #if HAVE_STRUCT_STAT_ST_AUTHOR
216 /* Preserve the st_author field. */
222 else
223 {
229 }
230 #endif
231 }
233 /* Copy a regular file from SRC_NAME to DST_NAME.
234 If the source file contains holes, copies holes and blocks of zeros
235 in the source file as holes in the destination file.
236 (Holes are read as zeroes by the `read' system call.)
237 Use DST_MODE as the 3rd argument in the call to open.
238 X provides many option settings.
239 Return true if successful.
240 *NEW_DST is as in copy_internal.
241 SRC_SB is the result of calling XSTAT (aka stat) on SRC_NAME. */
243 static bool
247 {
258 {
261 }
264 {
268 }
270 /* Compare the source dev/ino from the open file to the incoming,
271 saved ones obtained via a previous call to stat. */
273 {
279 }
281 /* These semantics are required for cp.
282 The if-block will be taken in move_mode. */
284 {
286 }
287 else
288 {
292 {
294 {
298 }
302 /* Tell caller that the destination file was unlinked. */
305 /* Try the open again, but this time with different flags. */
307 }
308 }
311 {
315 }
318 {
322 }
325 {
329 /* Choose a suitable buffer size; it may be adjusted later. */
334 /* Deal with sparse files. */
339 {
340 /* Even with --sparse=always, try to create holes only
341 if the destination is a regular file. */
345 #if HAVE_STRUCT_STAT_ST_BLOCKS
346 /* Use a heuristic to determine whether SRC_NAME contains any sparse
347 blocks. If the file has fewer blocks than would normally be
348 needed for a file of its size, then at least one of the blocks in
349 the file is a hole. */
353 #endif
354 }
356 /* If not making a sparse file, try to use a more-efficient
357 buffer size. */
359 {
360 /* These days there's no point ever messing with buffers smaller
361 than 8 KiB. It would be nice to configure SMALL_BUF_SIZE
362 dynamically for this host and pair of files, but there doesn't
363 seem to be a good way to get readahead info portably. */
366 /* Compute the least common multiple of the input and output
367 buffer sizes, adjusting for outlandish values. */
370 blcm_max);
372 /* Do not use a block size that is too small. */
375 /* Do not bother with a buffer larger than the input file, plus one
376 byte to make sure the file has not grown while reading it. */
380 /* However, stick with a block size that is a positive multiple of
381 blcm, overriding the above adjustments. Watch out for
382 overflow. */
387 }
389 /* Make a buffer with space for a sentinel at the end. */
394 {
399 {
400 #ifdef EINTR
403 #endif
407 }
414 {
419 /* Find first nonzero *word*, or the word with the sentinel. */
425 /* Find the first nonzero *byte*, or the sentinel. */
432 /* Clear to indicate that a normal write is needed. */
434 else
435 {
436 /* We found the sentinel, so the whole input block was zero.
437 Make a hole. */
439 {
443 }
445 }
446 }
449 {
452 {
456 }
459 /* A short read on a regular file means EOF. */
462 }
463 }
465 /* If the file ends with a `hole', we need to do something to record
466 the length of the file. On modern systems, calling ftruncate does
467 the job. On systems without native ftruncate support, we have to
468 write a byte at the ending position. Otherwise the kernel would
469 truncate the file at the end of the last write operation. */
472 {
475 so there is no need for a write. */
480 {
484 }
485 }
486 }
489 {
495 {
498 {
501 }
502 }
503 }
506 {
508 {
511 }
512 }
517 {
521 }
523 {
526 }
528 close_src_and_dst_desc:
530 {
533 }
534 close_src_desc:
536 {
539 }
543 }
545 /* Return true if it's ok that the source and destination
546 files are the `same' by some measure. The goal is to avoid
547 making the `copy' operation remove both copies of the file
548 in that case, while still allowing the user to e.g., move or
549 copy a regular file onto a symlink that points to it.
550 Try to minimize the cost of this function in the common case.
551 Set *RETURN_NOW if we've determined that the caller has no more
552 work to do and should return successfully, right away.
554 Set *UNLINK_SRC if we've determined that the caller wants to do
555 `rename (a, b)' where `a' and `b' are distinct hard links to the same
556 file. In that case, the caller should try to unlink `a' and then return
557 successfully. Ideally, we wouldn't have to do that, and we'd be
558 able to rely on rename to remove the source file. However, POSIX
559 mistakenly requires that such a rename call do *nothing* and return
560 successfully. */
562 static bool
566 {
578 /* FIXME: this should (at the very least) be moved into the following
579 if-block. More likely, it should be removed, because it inhibits
580 making backups. But removing it will result in a change in behavior
581 that will probably have to be documented -- and tests will have to
582 be updated. */
584 {
587 }
590 {
593 /* If both the source and destination files are symlinks (and we'll
594 know this here IFF preserving symlinks), then it's ok -- as long
595 as they are distinct. */
601 }
602 else
603 {
616 /* If both are symlinks, then it's ok, but only if the destination
617 will be unlinked before being opened. This is like the test
618 above, but with the addition of the unlink_dest_before_opening
619 conjunct because otherwise, with two symlinks to the same target,
620 we'd end up truncating the source file. */
624 }
626 /* The backup code ensures there's a copy, so it's usually ok to
627 remove any destination file. One exception is when both
628 source and destination are the same directory entry. In that
629 case, moving the destination file aside (in making the backup)
630 would also rename the source file and result in an error. */
632 {
634 {
635 /* In copy mode when dereferencing symlinks, if the source is a
636 symlink and the dest is not, then backing up the destination
637 (moving it aside) would make it a dangling symlink, and the
638 subsequent attempt to open it in copy_reg would fail with
639 a misleading diagnostic. Avoid that by returning zero in
640 that case so the caller can make cp (or mv when it has to
641 resort to reading the source file) fail now. */
643 /* FIXME-note: even with the following kludge, we can still provoke
644 the offending diagnostic. It's just a little harder to do :-)
645 $ rm -f a b c; touch c; ln -s c b; ln -s b a; cp -b a b
646 cp: cannot open `a' for reading: No such file or directory
647 That's misleading, since a subsequent `ls' shows that `a'
648 is still there.
649 One solution would be to open the source file *before* moving
650 aside the destination, but that'd involve a big rewrite. */
658 }
661 }
663 #if 0
664 /* FIXME: use or remove */
666 /* If we're making a backup, we'll detect the problem case in
667 copy_reg because SRC_NAME will no longer exist. Allowing
668 the test to be deferred lets cp do some useful things.
669 But when creating hardlinks and SRC_NAME is a symlink
670 but DST_NAME is not we must test anyway. */
678 #endif
680 /* They may refer to the same file if we're in move mode and the
681 target is a symlink. That is ok, since we remove any existing
682 destination file before opening it -- via `rename' if they're on
683 the same file system, via `unlink (DST_NAME)' otherwise.
684 It's also ok if they're distinct hard links to the same file. */
686 {
693 {
695 {
698 }
700 }
701 }
703 /* If neither is a symlink, then it's ok as long as they aren't
704 hard links to the same file. */
706 {
710 /* If they are the same file, it's ok if we're making hard links. */
712 {
715 }
716 }
718 /* It's ok to remove a destination symlink. But that works only when we
719 unlink before opening the destination and when the source and destination
720 files are on the same partition. */
726 {
740 /* FIXME: shouldn't this be testing whether we're making symlinks? */
742 {
745 }
746 }
749 }
751 static void
753 {
755 {
760 }
761 else
762 {
765 }
766 }
768 /* Hash an F_triple. */
769 static size_t
771 {
774 /* Also take the name into account, so that when moving N hard links to the
775 same file (all listed on the command line) all into the same directory,
776 we don't experience any N^2 behavior. */
777 /* FIXME-maybe: is it worth the overhead of doing this
778 just to avoid N^2 in such an unusual case? N would have
779 to be very large to make the N^2 factor noticable, and
780 one would probably encounter a limit on the length of
781 a command line before it became a problem. */
784 /* Ignoring the device number here should be fine. */
786 }
788 /* Hash an F_triple. */
789 static size_t
791 {
794 /* Ignoring the device number here should be fine. */
796 }
798 /* Compare two F_triple structs. */
799 static bool
801 {
805 }
807 /* Free an F_triple. */
808 static void
810 {
814 }
816 /* Initialize the hash table implementing a set of F_triple entries
817 corresponding to destination files. */
820 {
821 x->dest_info
823 NULL,
824 triple_hash,
825 triple_compare,
826 triple_free);
827 }
829 /* Initialize the hash table implementing a set of F_triple entries
830 corresponding to source files listed on the command line. */
833 {
835 /* Note that we use triple_hash_no_name here.
836 Contrast with the use of triple_hash above.
837 That is necessary because a source file may be specified
838 in many different ways. We want to warn about this
839 cp a a d/
840 as well as this:
841 cp a ./a d/
842 */
843 x->src_info
845 NULL,
846 triple_hash_no_name,
847 triple_compare,
848 triple_free);
849 }
851 /* Return true if there is an entry in hash table, HT,
852 for the file described by FILE and STATS. */
853 static bool
856 {
867 }
869 /* Record destination file, FILE, and dev/ino from *STATS,
870 in the hash table, HT. If HT is NULL, return immediately.
871 If STATS is NULL, call lstat on FILE to get the device
872 and inode numbers. If that lstat fails, simply return.
873 If memory allocation fails, exit immediately. */
874 static void
877 {
886 {
889 }
890 else
891 {
897 }
899 {
902 {
903 /* Insertion failed due to lack of memory. */
905 }
908 {
909 /* There was alread a matching entry in the table, so ENT was
910 not inserted. Free it. */
912 }
913 }
914 }
916 /* When effecting a move (e.g., for mv(1)), and given the name DST_NAME
917 of the destination and a corresponding stat buffer, DST_SB, return
918 true if the logical `move' operation should _not_ proceed.
919 Otherwise, return false.
920 Depending on options specified in X, this code may issue an
921 interactive prompt asking whether it's ok to overwrite DST_NAME. */
922 static bool
926 {
935 }
937 /* Print --verbose output on standard output, e.g. `new' -> `old'.
938 If BACKUP_DST_NAME is non-NULL, then also indicate that it is
939 the name of a backup file. */
940 static void
942 {
947 }
949 /* Copy the file SRC_NAME to the file DST_NAME. The files may be of
950 any type. NEW_DST should be true if the file DST_NAME cannot
951 exist because its parent directory was just created; NEW_DST should
952 be false if DST_NAME might already exist. DEVICE is the device
953 number of the parent directory, or 0 if the parent of this file is
954 not known. ANCESTORS points to a linked, null terminated list of
955 devices and inodes of parent directories of SRC_NAME. COMMAND_LINE_ARG
956 is true iff SRC_NAME was specified on the command line.
957 Set *COPY_INTO_SELF if SRC_NAME is a parent of (or the
958 same as) DST_NAME; otherwise, clear it.
959 Return true if successful. */
960 static bool
963 dev_t device,
969 {
972 mode_t src_mode;
973 mode_t src_type;
989 {
992 }
999 {
1002 }
1004 /* Detect the case in which the same source file appears more than
1005 once on the command line and no backup option has been selected.
1006 If so, simply warn and don't copy it the second time.
1007 This check is enabled only if x->src_info is non-NULL. */
1009 {
1013 {
1017 }
1020 }
1023 {
1025 {
1027 {
1030 }
1031 else
1032 {
1034 }
1035 }
1036 else
1038 that it is XSTAT'able. */
1044 {
1048 }
1050 /* When there is an existing destination file, we may end up
1051 returning early, and hence not copying/moving the file.
1052 This may be due to an interactive `negative' reply to the
1053 prompt about the existing file. It may also be due to the
1054 use of the --reply=no option.
1056 cp and mv treat -i and -f differently. */
1058 {
1061 {
1062 /* Pretend the rename succeeded, so the caller (mv)
1063 doesn't end up removing the source file. */
1069 }
1071 {
1074 }
1075 }
1076 else
1077 {
1084 }
1090 {
1092 {
1094 {
1095 /* Moving a directory onto an existing
1096 non-directory is ok only with --backup. */
1097 }
1098 else
1099 {
1104 }
1105 }
1107 /* Don't let the user destroy their data, even if they try hard:
1108 This mv command must fail (likewise for cp):
1109 rm -rf a b c; mkdir a b c; touch a/f b/f; mv a/f b/f c
1110 Otherwise, the contents of b/f would be lost.
1111 In the case of `cp', b/f would be lost if the user simulated
1112 a move using cp and rm.
1113 Note that it works fine if you use --backup=numbered. */
1117 {
1122 }
1123 }
1126 {
1128 {
1130 {
1131 /* Moving a non-directory onto an existing
1132 directory is ok only with --backup. */
1133 }
1134 else
1135 {
1140 }
1141 }
1144 {
1145 /* When preserving time stamps (but not moving within a file
1146 system), don't worry if the destination time stamp is
1147 less than the source merely because of time stamp
1148 truncation. */
1152 ? UTIMECMP_TRUNCATE_SOURCE
1156 {
1157 /* We're using --update and the destination is not older
1158 than the source, so do not copy or move. Pretend the
1159 rename succeeded, so the caller (if it's mv) doesn't
1160 end up removing the source file. */
1164 }
1165 }
1166 }
1169 {
1170 /* Don't allow user to move a directory onto a non-directory. */
1173 {
1178 }
1179 }
1182 /* Don't try to back up a destination if the last
1183 component of src_name is "." or "..". */
1185 {
1189 /* Detect (and fail) when creating the backup file would
1190 destroy the source file. Before, running the commands
1191 cd /tmp; rm -f a a~; : > a; echo A > a~; cp --b=simple a~ a
1192 would leave two zero-length files: a and a~. */
1193 /* FIXME: but simply change e.g., the final a~ to `./a~'
1194 and the source will still be destroyed. */
1196 {
1206 }
1208 /* FIXME: use fts:
1209 Using alloca for a file name that may be arbitrarily
1210 long is not recommended. In fact, even forming such a name
1211 should be discouraged. Eventually, this code will be rewritten
1212 to use fts, so using alloca here will be less of a problem. */
1216 {
1218 {
1221 }
1222 else
1223 {
1225 }
1226 }
1227 else
1228 {
1230 }
1232 }
1239 ))
1240 {
1242 {
1245 }
1249 }
1250 }
1251 }
1253 /* If the source is a directory, we don't always create the destination
1254 directory. So --verbose should not announce anything until we're
1255 sure we'll create a directory. */
1259 /* Associate the destination file name with the source device and inode
1260 so that if we encounter a matching dev/ino pair in the source tree
1261 we can arrange to create a hard link between the corresponding names
1262 in the destination tree.
1264 Sometimes, when preserving links, we have to record dev/ino even
1265 though st_nlink == 1:
1266 - when in move_mode, since we may be moving a group of N hard-linked
1267 files (via two or more command line arguments) to a different
1268 partition; the links may be distributed among the command line
1269 arguments (possibly hierarchies) so that the link count of
1270 the final, once-linked source file is reduced to 1 when it is
1271 considered below. But in this case (for mv) we don't need to
1272 incur the expense of recording the dev/ino => name mapping; all we
1273 really need is a lookup, to see if the dev/ino pair has already
1274 been copied.
1275 - when using -H and processing a command line argument;
1276 that command line argument could be a symlink pointing to another
1277 command line argument. With `cp -H --preserve=link', we hard-link
1278 those two destination files.
1279 - likewise for -L except that it applies to all files, not just
1280 command line arguments.
1282 Also record directory dev/ino when using --recursive. We'll use that
1283 info to detect this problem: cp -R dir dir. FIXME-maybe: ideally,
1284 directory info would be recorded in a separate hash table, since
1285 such entries are useful only while a single command line hierarchy
1286 is being copied -- so that separate table could be cleared between
1287 command line args. Using the same hash table to preserve hard
1288 links means that it may not be cleared. */
1291 {
1293 }
1296 || (command_line_arg
1300 {
1302 }
1304 /* Did we copy this inode somewhere else (in this command line argument)
1305 and therefore this is a second hard link to the inode? */
1308 {
1309 /* Avoid damaging the destination file system by refusing to preserve
1310 hard-linked directories (which are found at least in Netapp snapshot
1311 directories). */
1313 {
1314 /* If src_name and earlier_file refer to the same directory entry,
1315 then warn about copying a directory into itself. */
1317 {
1323 }
1325 {
1326 /* This happens when e.g., encountering a directory for the
1327 second or subsequent time via symlinks when cp is invoked
1328 with -R and -L. E.g.,
1329 rm -rf a b c d; mkdir a b c d; ln -s ../c a; ln -s ../c b;
1330 cp -RL a b d
1331 */
1332 }
1333 else
1334 {
1338 }
1339 }
1340 else
1341 {
1344 /* If the link failed because of an existing destination,
1345 remove that file and then call link again. */
1347 {
1349 {
1352 }
1356 }
1359 {
1363 }
1366 }
1367 }
1370 {
1372 {
1381 {
1382 /* Record destination dev/ino/name, so that if we are asked
1383 to overwrite that file again, we can detect it and fail. */
1384 /* It's fine to use the _source_ stat buffer (src_sb) to get the
1385 _destination_ dev/ino, since the rename above can't have
1386 changed those, and `mv' always uses lstat.
1387 We could limit it further by operating
1388 only on non-directories. */
1390 }
1393 }
1395 /* FIXME: someday, consider what to do when moving a directory into
1396 itself but when source and destination are on different devices. */
1398 /* This happens when attempting to rename a directory to a
1399 subdirectory of itself. */
1401 {
1402 /* FIXME: this is a little fragile in that it relies on rename(2)
1403 failing with a specific errno value. Expect problems on
1404 non-POSIX systems. */
1409 /* Note that there is no need to call forget_created here,
1410 (compare with the other calls in this file) since the
1411 destination directory didn't exist before. */
1414 /* FIXME-cleanup: Don't return true here; adjust mv.c accordingly.
1415 The only caller that uses this code (mv.c) ends up setting its
1416 exit status to nonzero when copy_into_self is nonzero. */
1418 }
1420 /* WARNING: there probably exist systems for which an inter-device
1421 rename fails with a value of errno not handled here.
1422 If/as those are reported, add them to the condition below.
1423 If this happens to you, please do the following and send the output
1424 to the bug-reporting address (e.g., in the output of cp --help):
1425 touch k; perl -e 'rename "k","/tmp/k" or print "$!(",$!+0,")\n"'
1426 where your current directory is on one partion and /tmp is the other.
1427 Also, please try to find the E* errno macro name corresponding to
1428 the diagnostic and parenthesized integer, and include that in your
1429 e-mail. One way to do that is to run a command like this
1430 find /usr/include/. -type f \
1431 | xargs grep 'define.*\<E[A-Z]*\>.*\<18\>' /dev/null
1432 where you'd replace `18' with the integer in parentheses that
1433 was output from the perl one-liner above.
1434 If necessary, of course, change `/tmp' to some other directory. */
1436 {
1437 /* There are many ways this can happen due to a race condition.
1438 When something happens between the initial XSTAT and the
1439 subsequent rename, we can get many different types of errors.
1440 For example, if the destination is initially a non-directory
1441 or non-existent, but it is created as a directory, the rename
1442 fails. If two `mv' commands try to rename the same file at
1443 about the same time, one will succeed and the other will fail.
1444 If the permissions on the directory containing the source or
1445 destination file are made too restrictive, the rename will
1446 fail. Etc. */
1452 }
1454 /* The rename attempt has failed. Remove any existing destination
1455 file so that a cross-device `mv' acts as if it were really using
1456 the rename syscall. */
1458 {
1464 }
1467 }
1471 /* In certain modes (cp's --symbolic-link), and for certain file types
1472 (symlinks and hard links) it doesn't make sense to preserve metadata,
1473 or it's possible to preserve only some of it.
1474 In such cases, set this variable to zero. */
1478 {
1481 /* If this directory has been copied before during the
1482 recursion, there is a symbolic link to an ancestor
1483 directory of the symbolic link. It is impossible to
1484 continue to copy this, unless we've got an infinite disk. */
1487 {
1491 }
1493 /* Insert the current directory in the list of parents. */
1501 {
1503 {
1507 }
1509 /* We need search and write permissions to the new directory
1510 for writing the directory's contents. Check if these
1511 permissions are there. */
1514 {
1517 }
1519 {
1520 /* Make the new directory searchable and writable. */
1526 {
1530 }
1531 }
1533 /* Insert the created directory's inode and device
1534 numbers into the search structure, so that we can
1535 avoid copying it again. */
1541 }
1543 /* Are we crossing a file system boundary? */
1547 /* Copy the contents of the directory. */
1550 copy_into_self))
1551 {
1552 /* Don't just return here -- otherwise, the failure to read a
1553 single file in a source directory would cause the containing
1554 destination directory not to have owner/perms set properly. */
1556 }
1557 }
1559 {
1563 {
1564 /* Check that DST_NAME denotes a file in the current directory. */
1573 /* If either stat call fails, it's ok not to report
1574 the failure and say dst_name is in the current
1575 directory. Other things will fail later. */
1582 {
1587 }
1588 }
1590 {
1594 }
1595 }
1598 #ifdef LINK_FOLLOWS_SYMLINKS
1599 /* A POSIX-conforming link syscall dereferences a symlink, yet cp,
1600 invoked with `--link --no-dereference', should not. Thus, with
1601 a POSIX-conforming link system call, we can't use link() here,
1602 since that would create a hard link to the referent (effectively
1603 dereferencing the symlink), rather than to the symlink itself.
1604 We can approximate the desired behavior by skipping this hard-link
1605 creating block and instead copying the symlink, via the `S_ISLNK'-
1606 copying code below.
1607 When link operates on the symlinks themselves, we use this block
1608 and just call link(). */
1610 #endif
1611 )
1612 {
1615 {
1618 }
1619 }
1622 {
1624 /* POSIX says the permission bits of the source file must be
1625 used as the 3rd argument in the open call, but that's not consistent
1626 with historical practice. */
1629 }
1631 {
1633 {
1636 }
1637 }
1639 {
1641 {
1645 }
1646 }
1648 {
1651 {
1654 }
1658 else
1659 {
1664 {
1665 /* See if the destination is already the desired symlink.
1666 FIXME: This behavior isn't documented, and seems wrong
1667 in some cases, e.g., if the destination symlink has the
1668 wrong ownership, permissions, or time stamps. */
1673 }
1677 {
1681 }
1682 }
1684 /* There's no need to preserve timestamps or permissions. */
1688 {
1689 /* Preserve the owner and group of the just-`copied'
1690 symbolic link, if possible. */
1691 #if HAVE_LCHOWN
1694 {
1696 dst_name);
1698 }
1699 #else
1700 /* Can't preserve ownership of symlinks.
1701 FIXME: maybe give a warning or even error for symlinks
1702 in directories with the sticky bit set -- there, not
1703 preserving owner/group is a potential security problem. */
1704 #endif
1705 }
1706 }
1707 else
1708 {
1711 }
1722 /* POSIX says that `cp -p' must restore the following:
1723 - permission bits
1724 - setuid, setgid bits
1725 - owner and group
1726 If it fails to restore any of those, we may give a warning but
1727 the destination must not be removed.
1728 FIXME: implement the above. */
1730 /* Adjust the times (and if possible, ownership) for the copy.
1731 chown turns off set[ug]id bits for non-root,
1732 so do the chmod last. */
1735 {
1741 {
1745 }
1746 }
1748 /* Avoid calling chown if we know it's not necessary. */
1751 {
1754 }
1759 {
1763 }
1765 {
1768 }
1770 {
1772 {
1777 }
1778 }
1782 un_backup:
1784 /* We have failed to create the destination file.
1785 If we've just added a dev/ino entry via the remember_copied
1786 call above (i.e., unless we've just failed to create a hard link),
1787 remove the entry associating the source dev/ino with the
1788 destination file name, so we don't try to `preserve' a link
1789 to a file we didn't create. */
1794 {
1797 else
1798 {
1802 }
1803 }
1805 }
1807 static bool
1809 {
1815 }
1817 /* Copy the file SRC_NAME to the file DST_NAME. The files may be of
1818 any type. NONEXISTENT_DST should be true if the file DST_NAME
1819 is known not to exist (e.g., because its parent directory was just
1820 created); NONEXISTENT_DST should be false if DST_NAME might already
1821 exist. OPTIONS is ... FIXME-describe
1822 Set *COPY_INTO_SELF if SRC_NAME is a parent of (or the
1823 same as) DST_NAME; otherwise, set clear it.
1824 Return true if successful. */
1830 {
1833 /* Record the file names: they're used in case of error, when copying
1834 a directory into itself. I don't like to make these tools do *any*
1835 extra work in the common case when that work is solely to handle
1836 exceptional cases, but in this case, I don't see a way to derive the
1837 top level source and destination directory names where they're used.
1838 An alternative is to use COPY_INTO_SELF and print the diagnostic
1839 from every caller -- but I don't want to do that. */
1845 }
1847 /* Return true if this process has appropriate privileges to chown a
1848 file whose owner is not the effective user ID. */
1852 {
1853 #ifdef PRIV_FILE_CHOWN
1862 #else
1864 #endif
1865 }
1867 /* Return true if it's OK for chown to fail, where errno is
1868 the error number that chown failed with and X is the copying
1869 option set. */
1873 {
1874 /* If non-root uses -p, it's ok if we can't preserve ownership.
1875 But root probably wants to know, e.g. if NFS disallows it,
1876 or if the target system doesn't support file ownership. */
1879 }