| blob | d362db0eec7c794dd4e59c55fd6df1f2f74a2ec5 |
1 /* remove.c -- core functions for removing files and directories
2 Copyright (C) 88, 90, 91, 1994-2006 Free Software Foundation, Inc.
4 This program is free software; you can redistribute it and/or modify
5 it under the terms of the GNU General Public License as published by
6 the Free Software Foundation; either version 2, or (at your option)
7 any later version.
9 This program is distributed in the hope that it will be useful,
10 but WITHOUT ANY WARRANTY; without even the implied warranty of
11 MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
12 GNU General Public License for more details.
14 You should have received a copy of the GNU General Public License
15 along with this program; if not, write to the Free Software Foundation,
16 Inc., 51 Franklin Street, Fifth Floor, Boston, MA 02110-1301, USA. */
18 /* Extracted from rm.c and librarified, then rewritten by Jim Meyering. */
20 #include <config.h>
21 #include <stdio.h>
22 #include <sys/types.h>
23 #include <setjmp.h>
24 #include <assert.h>
44 /* Avoid shadowing warnings because these are functions declared
45 in dirname.h as well as locals used below. */
46 #define dir_name rm_dir_name
47 #define dir_len rm_dir_len
49 #define obstack_chunk_alloc malloc
50 #define obstack_chunk_free free
52 /* This is the maximum number of consecutive readdir/unlink calls that
53 can be made (with no intervening rewinddir or closedir/opendir) before
54 triggering a bug that makes readdir return NULL even though some
55 directory entries have not been processed. The bug afflicts SunOS's
56 readdir when applied to ufs file systems and Darwin 6.5's (and OSX
57 v.10.3.8's) HFS+. This maximum is conservative in that demonstrating
58 the problem requires a directory containing at least 16 deletable
59 entries (which doesn't count . and ..).
60 This problem also affects Darwin 7.9.0 (aka MacOS X 10.3.9) on HFS+
61 and NFS-mounted file systems, but not vfat ones. */
62 enum
63 {
65 };
67 /* FIXME: in 2009, or whenever Darwin 7.9.0 (aka MacOS X 10.3.9) is no
68 longer relevant, remove this work-around code. Then, there will be
69 no need to perform the extra rewinddir call, ever. */
70 #define NEED_REWIND(readdir_unlink_count) \
71 (CONSECUTIVE_READDIR_UNLINK_THRESHOLD <= (readdir_unlink_count))
73 enum Ternary
74 {
76 T_NO,
77 T_YES
78 };
81 /* The prompt function may be called twice for a given directory.
82 The first time, we ask whether to descend into it, and the
83 second time, we ask whether to remove it. */
84 enum Prompt_action
85 {
87 PA_REMOVE_DIR
88 };
90 /* Initial capacity of per-directory hash table of entries that have
91 been processed but not been deleted. */
94 /* An entry in the active directory stack.
95 Each entry corresponds to an `active' directory. */
96 struct AD_ent
97 {
98 /* For a given active directory, this is the set of names of
99 entries in that directory that could/should not be removed.
100 For example, `.' and `..', as well as files/dirs for which
101 unlink/rmdir failed e.g., due to access restrictions. */
104 /* Record the status for a given active directory; we need to know
105 whether an entry was not removed, either because of an error or
106 because the user declined. */
109 /* The directory's dev/ino. Used to ensure that a malicious user does
110 not replace a directory we're about to process with a symlink to
111 some other directory. */
113 };
117 struct dirstack_state
118 {
119 /* The name of the directory (starting with and relative to a command
120 line argument) being processed. When a subdirectory is entered, a new
121 component is appended (pushed). Remove (pop) the top component
122 upon chdir'ing out of a directory. This is used to form the full
123 name of the current directory or a file therein, when necessary. */
126 /* Stack of lengths of directory names (including trailing slash)
127 appended to dir_stack. We have to have a separate stack of lengths
128 (rather than just popping back to previous slash) because the first
129 element pushed onto the dir stack may contain slashes. */
132 /* Stack of active directory entries.
133 The first `active' directory is the initial working directory.
134 Additional active dirs are pushed onto the stack as we `chdir'
135 into each directory to be processed. When finished with the
136 hierarchy under a directory, pop the active dir stack. */
139 /* Used to detect cycles. */
142 /* Target of a longjmp in case rm has to stop processing the current
143 command-line argument. This happens 1) when rm detects a directory
144 cycle or 2) when it has processed one or more directories, but then
145 is unable to return to the initial working directory to process
146 additional `.'-relative command-line arguments. */
148 };
151 /* Just like close(fd), but don't modify errno. */
154 {
159 }
161 /* Like fstatat, but cache the result. If ST->st_size is -1, the
162 status has not been gotten yet. If less than -1, fstatat failed
163 with errno == -1 - ST->st_size. Otherwise, the status has already
164 been gotten, so return 0. */
165 static int
167 {
174 }
176 /* Initialize a fstatat cache *ST. */
179 {
181 }
183 /* Return true if *ST has been statted. */
186 {
188 }
190 /* Return true if *ST has been statted successfully. */
193 {
195 }
198 static void
200 {
202 }
204 static bool
206 {
208 }
212 {
215 /* Append the string onto the stack. */
218 /* Append a trailing slash. */
221 /* Add one for the slash. */
224 /* Push the length (including slash) onto its stack. */
226 }
228 /* Return the entry name of the directory on the top of the stack
229 in malloc'd storage. */
232 {
241 }
245 {
253 /* Pop the specified length of file name. */
257 /* Pop the length stack, too. */
260 }
262 /* Copy the SRC_LEN bytes of data beginning at SRC into the DST_LEN-byte
263 buffer, DST, so that the last source byte is at the end of the destination
264 buffer. If SRC_LEN is longer than DST_LEN, then set *TRUNCATED.
265 Set *RESULT to point to the beginning of (the portion of) the source data
266 in DST. Return the number of bytes remaining in the destination buffer. */
268 static size_t
271 {
276 {
280 }
281 else
282 {
287 }
291 }
293 /* Using the global directory name obstack, create the full name FILENAME.
294 Return it in sometimes-realloc'd space that should not be freed by the
295 caller. Realloc as necessary. If realloc fails, use a static buffer
296 and put as long a suffix in that buffer as possible. */
298 #define full_filename(Filename) full_filename_ (ds, Filename)
301 {
314 {
315 /* This code requires that realloc accept NULL as the first arg.
316 This function must not use xrealloc. Otherwise, an out-of-memory
317 error involving a file name to be expanded here wouldn't ever
318 be issued. Use realloc and fall back on using a static buffer
319 if memory allocation fails. */
324 {
325 #define SBUF_SIZE 512
337 {
340 }
342 }
345 }
348 {
349 /* FILENAME is just `.' and dir_len is nonzero.
350 Copy the directory part, omitting the trailing slash,
351 and append a trailing zero byte. */
354 }
355 else
356 {
357 /* Copy the directory part, including trailing slash, and then
358 append the filename part, including a trailing zero byte. */
361 }
364 }
368 {
370 }
374 {
377 }
379 static void
381 {
384 /* operate on Active_dir. pop and free top entry */
389 }
391 static void
393 {
395 {
397 }
398 }
402 {
408 }
410 static void
412 {
418 }
420 static void
422 {
427 }
429 /* Pop the active directory (AD) stack and move *DIRP `up' one level,
430 safely. Moving `up' usually means opening `..', but when we've just
431 finished recursively processing a command-line directory argument,
432 there's nothing left on the stack, so set *DIRP to NULL in that case.
433 The idea is to return with *DIRP opened on the parent directory,
434 assuming there are entries in that directory that we need to remove.
436 Whenever using chdir '..' (virtually, now, via openat), verify
437 that the post-chdir dev/ino numbers for `.' match the saved ones.
438 If any system call fails or if dev/ino don't match then give a
439 diagnostic and longjump out.
440 Set *PREV_DIR to the name (in malloc'd storage) of the
441 directory (usually now empty) from which we're coming, and which
442 corresponds to the input value of *DIRP. */
443 static void
445 {
451 /* Get the name of the current (but soon to be `previous') directory
452 from the top of the stack. */
459 /* If the directory we're about to leave (and try to rmdir)
460 is the one whose dev_ino is being used to detect a cycle,
461 reset cycle_check_state.dev_ino to that of the parent.
462 Otherwise, once that directory is removed, its dev_ino
463 could be reused in the creation (by some other process)
464 of a directory that this rm process would encounter,
465 which would result in a false-positive cycle indication. */
469 /* Propagate any failure to parent. */
475 {
479 {
483 }
485 /* The above fails with EACCES when *DIRP is readable but not
486 searchable, when using Solaris' openat. Without this openat
487 call, tests/rm2 would fail to remove directories a/2 and a/3. */
492 {
496 }
499 {
504 }
506 /* Ensure that post-chdir dev/ino match the stored ones. */
508 {
512 }
516 {
520 close_and_next:;
523 next_cmdline_arg:;
526 }
527 }
528 else
529 {
531 {
535 }
537 }
538 }
540 /* Initialize *HT if it is NULL.
541 Insert FILENAME into HT. */
542 static void
544 {
546 {
551 }
555 else
556 {
559 }
561 }
563 /* Mark FILENAME (in current directory) as unremovable. */
564 static void
566 {
568 }
570 /* Mark the current directory as unremovable. I.e., mark the entry
571 in the parent directory corresponding to `.'.
572 This happens e.g., when an opendir fails and the only name
573 the caller has conveniently at hand is `.'. */
574 static void
576 {
584 }
586 /* Push an initial dummy entry onto the stack.
587 This will always be the bottommost entry on the stack. */
588 static void
590 {
593 /* Extend the stack. */
596 /* Fill in the new values. */
600 /* These should never be used.
601 Give them values that might look suspicious
602 in a debugger or in a diagnostic. */
605 }
607 /* Push info about the current working directory (".") onto the
608 active directory stack. DIR is the ./-relative name through
609 which we've just `chdir'd to this directory. DIR_SB_FROM_PARENT
610 is the result of calling lstat on DIR from the parent of DIR.
611 Longjump out (skipping the entire command line argument we're
612 dealing with) if `fstat (FD_CWD, ...' fails or if someone has
613 replaced DIR with e.g., a symlink to some other directory. */
614 static void
617 {
622 /* If our uses of openat are guaranteed not to
623 follow a symlink, then we can skip this check. */
625 {
628 {
632 }
635 {
640 }
641 }
644 {
652 }
654 /* Extend the stack. */
657 /* The active directory stack must be one larger than the length stack. */
661 /* Fill in the new values. */
666 }
670 {
673 }
675 /* Return true if DIR is determined to be an empty directory. */
676 static bool
678 {
691 {
694 }
703 }
705 /* Return true if FILE is determined to be an unwritable non-symlink.
706 Otherwise, return false (including when lstat'ing it fails).
707 Set *BUF to the file status.
708 This is to avoid calling euidaccess when FILE is a symlink. */
709 static bool
714 {
719 /* Here, we know FILE is not a symbolic link. */
721 /* In order to be reentrant -- i.e., to avoid changing the working
722 directory, and at the same time to be able to deal with alternate
723 access control mechanisms (ACLs, xattr-style attributes) and
724 arbitrarily deep trees -- we need a function like eaccessat, i.e.,
725 like Solaris' eaccess, but fd-relative, in the spirit of openat. */
727 /* In the absence of a native eaccessat function, here are some of
728 the implementation choices [#4 and #5 were suggested by Paul Eggert]:
729 1) call openat with O_WRONLY|O_NOCTTY
730 Disadvantage: may create the file and doesn't work for directory,
731 may mistakenly report `unwritable' for EROFS or ACLs even though
732 perm bits say the file is writable.
734 2) fake eaccessat (save_cwd, fchdir, call euidaccess, restore_cwd)
735 Disadvantage: changes working directory (not reentrant) and can't
736 work if save_cwd fails.
738 3) if (euidaccess (full_filename (file), W_OK) == 0)
739 Disadvantage: doesn't work if full_filename is too long.
740 Inefficient for very deep trees (O(Depth^2)).
742 4) If the full pathname is sufficiently short (say, less than
743 PATH_MAX or 8192 bytes, whichever is shorter):
744 use method (3) (i.e., euidaccess (full_filename (file), W_OK));
745 Otherwise: vfork, fchdir in the child, run euidaccess in the
746 child, then the child exits with a status that tells the parent
747 whether euidaccess succeeded.
749 This avoids the O(N**2) algorithm of method (3), and it also avoids
750 the failure-due-to-too-long-file-names of method (3), but it's fast
751 in the normal shallow case. It also avoids the lack-of-reentrancy
752 and the save_cwd problems.
753 Disadvantage; it uses a process slot for very-long file names,
754 and would be very slow for hierarchies with many such files.
756 5) If the full file name is sufficiently short (say, less than
757 PATH_MAX or 8192 bytes, whichever is shorter):
758 use method (3) (i.e., euidaccess (full_filename (file), W_OK));
759 Otherwise: look just at the file bits. Perhaps issue a warning
760 the first time this occurs.
762 This is like (4), except for the "Otherwise" case where it isn't as
763 "perfect" as (4) but is considerably faster. It conforms to current
764 POSIX, and is uniformly better than what Solaris and FreeBSD do (they
765 mess up with long file names). */
767 {
768 /* This implements #5: */
769 size_t file_name_len
775 }
776 }
778 /* Prompt whether to remove FILENAME, if required via a combination of
779 the options specified by X and/or file attributes. If the file may
780 be removed, return RM_OK. If the user declines to remove the file,
781 return RM_USER_DECLINED. If not ignoring missing files and we
782 cannot lstat FILENAME, then return RM_ERROR.
784 Depending on MODE, ask whether to `descend into' or to `remove' the
785 directory FILENAME. MODE is ignored when FILENAME is not a directory.
786 Set *IS_EMPTY to T_YES if FILENAME is an empty directory, and it is
787 appropriate to try to remove it with rmdir (e.g. recursive mode).
788 Don't even try to set *IS_EMPTY when MODE == PA_REMOVE_DIR. */
789 static enum RM_status
794 {
803 {
805 {
806 /* This happens, e.g., with `rm '''. */
810 }
813 {
817 }
819 /* Using permissions doesn't make sense for symlinks. */
821 {
825 }
827 /* Issue the prompt. */
828 {
831 /* FIXME: use a variant of error (instead of fprintf) that doesn't
832 append a newline. Then we won't have to declare program_name in
833 this file. */
840 (write_protected
844 else
845 {
846 /* TRANSLATORS: You may find it more convenient to translate
847 the equivalent of _("%s: remove %s (write-protected) %s? ").
848 It should avoid grammatical problems with the output
849 of file_type. */
851 (write_protected
855 }
859 }
860 }
862 }
864 /* Return true if FILENAME is a directory (and not a symlink to a directory).
865 Otherwise, including the case in which lstat fails, return false.
866 *ST is FILENAME's tstatus.
867 Do not modify errno. */
870 {
877 }
879 #if HAVE_STRUCT_DIRENT_D_TYPE
881 /* True if the type of the directory entry D is known. */
882 # define DT_IS_KNOWN(d) ((d)->d_type != DT_UNKNOWN)
884 /* True if the type of the directory entry D must be T. */
885 # define DT_MUST_BE(d, t) ((d)->d_type == (t))
887 #else
888 # define DT_IS_KNOWN(d) false
889 # define DT_MUST_BE(d, t) false
890 #endif
892 #define DO_UNLINK(Fd_cwd, Filename, X) \
893 do \
894 { \
895 if (unlinkat (Fd_cwd, Filename, 0) == 0) \
896 { \
897 if ((X)->verbose) \
899 return RM_OK; \
900 } \
901 \
902 if (ignorable_missing (X, errno)) \
903 return RM_OK; \
904 } \
905 while (0)
907 #define DO_RMDIR(Fd_cwd, Filename, X) \
908 do \
909 { \
911 { \
912 if ((X)->verbose) \
914 quote (full_filename (Filename))); \
915 return RM_OK; \
916 } \
917 \
918 if (ignorable_missing (X, errno)) \
919 return RM_OK; \
920 \
921 if (errno == ENOTEMPTY || errno == EEXIST) \
922 return RM_NONEMPTY_DIR; \
923 } \
924 while (0)
926 /* When a function like unlink, rmdir, or fstatat fails with an errno
927 value of ERRNUM, return true if the specified file system object
928 is guaranteed not to exist; otherwise, return false. */
931 {
932 /* Do not include ELOOP here, since the specified file may indeed
933 exist, but be (in)accessible only via too long a symlink chain.
934 Likewise for ENAMETOOLONG, since rm -f ./././.../foo may fail
935 if the "..." part expands to a long enough sequence of "./"s,
936 even though ./foo does indeed exist. */
939 {
945 }
946 }
948 /* Encapsulate the test for whether the errno value, ERRNUM, is ignorable. */
951 {
953 }
955 /* Remove the file or directory specified by FILENAME.
956 Return RM_OK if it is removed, and RM_ERROR or RM_USER_DECLINED if not.
957 But if FILENAME specifies a non-empty directory, return RM_NONEMPTY_DIR. */
959 static enum RM_status
963 {
964 Ternary is_empty_directory;
972 /* Why bother with the following if/else block? Because on systems with
973 an unlink function that *can* unlink directories, we must determine the
974 type of each entry before removing it. Otherwise, we'd risk unlinking
975 an entire directory tree simply by unlinking a single directory; then
976 all the storage associated with that hierarchy would not be freed until
977 the next fsck. Not nice. To avoid that, on such slightly losing
978 systems, we need to call lstat to determine the type of each entry,
979 and that represents extra overhead that -- it turns out -- we can
980 avoid on non-losing systems, since there, unlink will never remove
981 a directory. Also, on systems where unlink may unlink directories,
982 we're forced to allow a race condition: we lstat a non-directory, then
983 go to unlink it, but in the mean time, a malicious someone could have
984 replaced it with a directory. */
987 {
989 {
993 }
995 /* is_empty_directory is set iff it's ok to use rmdir.
996 Note that it's set only in interactive mode -- in which case it's
997 an optimization that arranges so that the user is asked just
998 once whether to remove the directory. */
1002 /* If we happen to know that FILENAME is a directory, return now
1003 and let the caller remove it -- this saves the overhead of a failed
1004 unlink call. If FILENAME is a command-line argument, then dp is NULL,
1005 so we'll first try to unlink it. Using unlink here is ok, because it
1006 cannot remove a directory. */
1012 /* Upon a failed attempt to unlink a directory, most non-Linux systems
1013 set errno to the POSIX-required value EPERM. In that case, change
1014 errno to EISDIR so that we emit a better diagnostic. */
1021 {
1025 /* Either --recursive is not in effect, or the file cannot be a
1026 directory. Report the unlink problem and fail. */
1030 }
1031 }
1032 else
1033 {
1034 /* If we don't already know whether FILENAME is a directory,
1035 find out now. Then, if it's a non-directory, we can use
1036 unlink on it. */
1041 else
1042 {
1045 else
1046 {
1048 {
1055 }
1058 }
1059 }
1062 {
1063 /* At this point, barring race conditions, FILENAME is known
1064 to be a non-directory, so it's ok to try to unlink it. */
1067 /* unlink failed with some other error code. report it. */
1071 }
1074 {
1078 }
1081 {
1083 /* Don't diagnose any failure here.
1084 It'll be detected when the caller tries another way. */
1085 }
1086 }
1089 }
1091 /* Given FD_CWD, the file descriptor for an open directory,
1092 open its subdirectory F (F is already `known' to be a directory,
1093 so if it is no longer one, someone is playing games), return a DIR*
1094 pointer for F, and put F's `stat' data in *SUBDIR_SB.
1095 Upon failure give a diagnostic and return NULL.
1096 If PREV_ERRNO is nonzero, it is the errno value from a preceding failed
1097 unlink- or rmdir-like system call -- use that value instead of ENOTDIR
1098 if an opened file turns out not to be a directory. This is important
1099 when the preceding non-dir-unlink failed due to e.g., EPERM or EACCES.
1100 The caller must use a nonnnull CWD_ERRNO the first
1101 time this function is called for each command-line-specified directory.
1102 If CWD_ERRNO is not null, set *CWD_ERRNO to the appropriate error number
1103 if this function fails to restore the initial working directory.
1104 If it is null, report an error and exit if the working directory
1105 isn't restored. */
1111 {
1115 /* Record dev/ino of F. We may compare them against saved values
1116 to thwart any attempt to subvert the traversal. They are also used
1117 to detect directory cycles. */
1119 {
1123 }
1126 {
1130 }
1134 {
1137 }
1140 }
1142 /* Remove entries in the directory open on DIRP
1143 Upon finding a directory that is both non-empty and that can be chdir'd
1144 into, return RM_OK and set *SUBDIR and fill in SUBDIR_SB, where
1145 SUBDIR is the malloc'd name of the subdirectory if the chdir succeeded,
1146 NULL otherwise (e.g., if opendir failed or if there was no subdirectory).
1147 Likewise, SUBDIR_SB is the result of calling lstat on SUBDIR.
1148 Return RM_OK if all entries are removed. Return RM_ERROR if any
1149 entry cannot be removed. Otherwise, return RM_USER_DECLINED if
1150 the user declines to remove at least one entry. Remove as much as
1151 possible, continuing even if we fail to remove some entries. */
1152 static enum RM_status
1156 {
1165 {
1170 /* Set errno to zero so we can distinguish between a readdir failure
1171 and when readdir simply finds that there are no more entries. */
1175 {
1177 {
1178 /* fall through */
1179 }
1181 {
1182 /* Call rewinddir if we've called unlink or rmdir so many times
1183 (since the opendir or the previous rewinddir) that this
1184 NULL-return may be the symptom of a buggy readdir. */
1188 }
1190 }
1194 /* Skip files we've already tried/failed to remove. */
1198 /* Pass dp->d_type info to remove_entry so the non-glibc
1199 case can decide whether to use unlink or chdir.
1200 Systems without the d_type member will have to endure
1201 the performance hit of first calling lstat F. */
1205 {
1207 /* Count how many files we've unlinked since the initial
1208 opendir or the last rewinddir. On buggy systems, if you
1209 remove too many, readdir returns NULL even though there
1210 remain unprocessed directory entries. */
1221 {
1225 {
1228 /* CAUTION: this test and diagnostic are identical to
1229 those following the other use of fd_to_subdirp. */
1231 {
1232 /* With -f, don't report "file not found". */
1233 }
1234 else
1235 {
1236 /* Upon fd_to_subdirp failure, try to remove F directly,
1237 in case it's just an empty directory. */
1241 else
1244 }
1249 }
1253 {
1257 }
1261 }
1262 }
1264 /* Record status for this directory. */
1269 }
1271 /* Ensure that *dirp is not NULL and that its file descriptor is valid. */
1276 }
1278 /* Do this after each call to AD_push or AD_push_initial.
1279 Because the status = RM_OK bit is too remove-specific to
1280 go into the general-purpose AD_* package. */
1281 #define AD_INIT_OTHER_MEMBERS() \
1282 do \
1283 { \
1284 AD_stack_top(ds)->status = RM_OK; \
1285 } \
1286 while (0)
1288 /* Remove the hierarchy rooted at DIR.
1289 Do that by changing into DIR, then removing its contents, then
1290 returning to the original working directory and removing DIR itself.
1291 Don't use recursion. Be careful when using chdir ".." that we
1292 return to the same directory from which we came, if necessary.
1293 Return an RM_status value to indicate success or failure. */
1295 static enum RM_status
1299 {
1302 /* There is a race condition in that an attacker could replace the nonempty
1303 directory, DIR, with a symlink between the preceding call to rmdir
1304 (unlinkat, in our caller) and fd_to_subdirp's openat call. But on most
1305 systems, even those without openat, this isn't a problem, since we ensure
1306 that opening a symlink will fail, when that is possible. Otherwise,
1307 fd_to_subdirp's fstat, along with the `fstat' and the dev/ino
1308 comparison in AD_push ensure that we detect it and fail. */
1313 {
1314 /* CAUTION: this test and diagnostic are identical to
1315 those following the other use of fd_to_subdirp. */
1317 {
1318 /* With -f, don't report "file not found". */
1319 }
1320 else
1321 {
1322 /* Upon fd_to_subdirp failure, try to remove DIR directly,
1323 in case it's just an empty directory. */
1330 }
1333 }
1336 {
1340 }
1348 {
1356 {
1359 }
1361 {
1367 }
1369 /* Execution reaches this point when we've removed the last
1370 removable entry from the current directory. */
1371 {
1372 /* The name of the directory that we have just processed,
1373 nominally removing all of its contents. */
1380 /* Try to remove EMPTY_DIR only if remove_cwd_entries succeeded. */
1382 {
1383 /* This does a little more work than necessary when it actually
1384 prompts the user. E.g., we already know that D is a directory
1385 and that it's almost certainly empty, yet we lstat it.
1386 But that's no big deal since we're interactive. */
1388 Ternary is_empty;
1394 {
1398 }
1401 {
1405 }
1406 else
1407 {
1413 }
1414 }
1420 }
1421 }
1423 /* If the first/final hash table of unremovable entries was used,
1424 free it here. */
1427 closedir_and_return:;
1429 {
1433 }
1436 }
1438 /* Remove the file or directory specified by FILENAME.
1439 Return RM_OK if it is removed, and RM_ERROR or RM_USER_DECLINED if not. */
1441 static enum RM_status
1444 {
1447 {
1453 }
1458 {
1460 {
1465 }
1467 {
1470 }
1471 }
1479 {
1480 /* In the event that remove_dir->remove_cwd_entries detects
1481 a directory cycle, arrange to fail, give up on this FILE, but
1482 continue on with any other arguments. */
1485 else
1489 }
1494 }
1496 /* Remove all files and/or directories specified by N_FILES and FILE.
1497 Apply the options in X. */
1500 {
1507 {
1509 {
1513 }
1519 }
1522 {
1526 }
1531 }