2009-09-19 Eric Blake <ebb9@byu.net>
+ unlink: new module, for Solaris 9 bug
+ * modules/unlink: New file.
+ * lib/unlink.c: Likewise.
+ * m4/unlink.m4 (gl_FUNC_UNLINK): Likewise.
+ * m4/unistd_h.m4 (gl_UNISTD_H_DEFAULTS): Add witnesses.
+ * modules/unistd (Makefile.am): Use them.
+ * lib/unistd.in.h (stat): Declare replacement.
+ * MODULES.html.sh (systems lacking POSIX:2008): Mention module.
+ * doc/posix-functions/unlink.texi (unlink): Likewise.
+ * modules/unlink-tests: New test.
+ * tests/test-unlink.c: Likewise.
+
lstat: fix Solaris 9 bug
* lib/lstat.c (lstat): Also check for trailing slash on
non-symlink, non-directories. Use stat module to simplify logic.
func_module sys_wait
func_module tsearch
func_module unistd
+ func_module unlink
func_module utime
func_module vasnprintf-posix
func_module vasprintf-posix
POSIX specification: @url{http://www.opengroup.org/onlinepubs/9699919799/functions/unlink.html}
-Gnulib module: ---
+Gnulib module: unlink
Portability problems fixed by Gnulib:
@itemize
+@item
+Some systems mistakenly succeed on @code{unlink("file/")}:
+Solaris 9.
@end itemize
Portability problems not fixed by Gnulib:
@itemize
@item
+Some systems allow a superuser to unlink directories, even though this
+can cause file system corruption. The error given if a process is not
+permitted to unlink directories varies across implementations; it is
+not always the POSIX value of @code{EPERM}. Meanwhile, if a process
+has the ability to unlink directories, POSIX requires that
+@code{unlink("symlink-to-dir/")} remove @file{dir} and leave
+@file{symlink-to-dir} dangling; this behavior is counter-intuitive.
+The gnulib module unlinkdir can help determine whether code must be
+cautious of unlinking directories.
+@item
Removing an open file is non-portable: On Unix this allows the programs that
have the file already open to continue working with it; the file's storage
is only freed when the no process has the file open any more. On Windows,
#endif
+#if @GNULIB_UNLINK@
+# if @REPLACE_UNLINK@
+# undef unlink
+# define unlink rpl_unlink
+extern int unlink (char const *file);
+# endif
+#elif defined GNULIB_POSIXCHECK
+# undef unlink
+# define unlink(n) \
+ (GL_LINK_WARNING ("unlink is not portable - " \
+ "use gnulib module unlink for portability"), \
+ unlink (n))
+#endif
+
+
#if @GNULIB_UNLINKAT@
# if !@HAVE_UNLINKAT@
extern int unlinkat (int fd, char const *file, int flag);
--- /dev/null
+/* Work around unlink bugs.
+
+ Copyright (C) 2009 Free Software Foundation, Inc.
+
+ This program is free software: you can redistribute it and/or modify
+ it under the terms of the GNU General Public License as published by
+ the Free Software Foundation; either version 3 of the License, or
+ (at your option) any later version.
+
+ This program is distributed in the hope that it will be useful,
+ but WITHOUT ANY WARRANTY; without even the implied warranty of
+ MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
+ GNU General Public License for more details.
+
+ You should have received a copy of the GNU General Public License
+ along with this program. If not, see <http://www.gnu.org/licenses/>. */
+
+#include <config.h>
+
+#include <unistd.h>
+
+#include <errno.h>
+#include <stdlib.h>
+#include <string.h>
+#include <sys/stat.h>
+
+#undef unlink
+
+/* Remove file NAME.
+ Return 0 if successful, -1 if not. */
+
+int
+rpl_unlink (char const *name)
+{
+ /* Work around Solaris 9 bug where unlink("file/") succeeds. */
+ size_t len = strlen (name);
+ int result = 0;
+ if (len && ISSLASH (name[len - 1]))
+ {
+ /* We can't unlink(2) something if it doesn't exist. If it does
+ exist, then it resolved to a directory, due to the trailing
+ slash, and POSIX requires that the unlink attempt to remove
+ that directory (which would leave the symlink dangling).
+ Unfortunately, Solaris 9 is one of the platforms where the
+ root user can unlink directories, and we don't want to
+ cripple this behavior on real directories, even if it is
+ seldom needed (at any rate, it's nicer to let coreutils'
+ unlink(1) give the correct errno for non-root users). But we
+ don't know whether name was an actual directory, or a symlink
+ to a directory; and due to the bug of ignoring trailing
+ slash, Solaris 9 would end up successfully unlinking the
+ symlink instead of the directory. Technically, we could use
+ realpath to find the canonical directory name to attempt
+ deletion on. But that is a lot of work for a corner case; so
+ we instead just use an lstat on the shortened name, and
+ reject symlinks with trailing slashes. The root user of
+ unlink(1) will just have to live with the rule that they
+ can't delete a directory via a symlink. */
+ struct stat st;
+ result = lstat (name, &st);
+ if (result == 0)
+ {
+ /* Trailing NUL will overwrite the trailing slash. */
+ char *short_name = malloc (len);
+ if (!short_name)
+ {
+ errno = EPERM;
+ return -1;
+ }
+ memcpy (short_name, name, len);
+ while (len && ISSLASH (short_name[len - 1]))
+ short_name[--len] = '\0';
+ if (len && (lstat (short_name, &st) || S_ISLNK (st.st_mode)))
+ {
+ free (short_name);
+ errno = EPERM;
+ return -1;
+ }
+ free (short_name);
+ }
+ }
+ if (!result)
+ result = unlink (name);
+ return result;
+}
-# unistd_h.m4 serial 27
+# unistd_h.m4 serial 28
dnl Copyright (C) 2006-2009 Free Software Foundation, Inc.
dnl This file is free software; the Free Software Foundation
dnl gives unlimited permission to copy and/or distribute it,
GNULIB_SYMLINKAT=0; AC_SUBST([GNULIB_SYMLINKAT])
GNULIB_UNISTD_H_GETOPT=0; AC_SUBST([GNULIB_UNISTD_H_GETOPT])
GNULIB_UNISTD_H_SIGPIPE=0; AC_SUBST([GNULIB_UNISTD_H_SIGPIPE])
+ GNULIB_UNLINK=0; AC_SUBST([GNULIB_UNLINK])
GNULIB_UNLINKAT=0; AC_SUBST([GNULIB_UNLINKAT])
GNULIB_WRITE=0; AC_SUBST([GNULIB_WRITE])
dnl Assume proper GNU behavior unless another module says otherwise.
REPLACE_LINK=0; AC_SUBST([REPLACE_LINK])
REPLACE_LSEEK=0; AC_SUBST([REPLACE_LSEEK])
REPLACE_RMDIR=0; AC_SUBST([REPLACE_RMDIR])
+ REPLACE_UNLINK=0; AC_SUBST([REPLACE_UNLINK])
REPLACE_WRITE=0; AC_SUBST([REPLACE_WRITE])
UNISTD_H_HAVE_WINSOCK2_H=0; AC_SUBST([UNISTD_H_HAVE_WINSOCK2_H])
UNISTD_H_HAVE_WINSOCK2_H_AND_USE_SOCKETS=0;
--- /dev/null
+# unlink.m4 serial 1
+dnl Copyright (C) 2009 Free Software Foundation, Inc.
+dnl This file is free software; the Free Software Foundation
+dnl gives unlimited permission to copy and/or distribute it,
+dnl with or without modifications, as long as this notice is preserved.
+
+AC_DEFUN([gl_FUNC_UNLINK],
+[
+ AC_REQUIRE([gl_AC_DOS])
+ AC_REQUIRE([gl_UNISTD_H_DEFAULTS])
+ dnl Detect Solaris 9 bug.
+ AC_CACHE_CHECK([whether unlink honors trailing slashes],
+ [gl_cv_func_unlink_works],
+ [touch conftest.file
+ AC_RUN_IFELSE(
+ [AC_LANG_PROGRAM(
+ [[#include <stdio.h>
+ #include <errno.h>
+]], [[return !unlink ("conftest.file/") || errno != ENOTDIR;]])],
+ [gl_cv_func_unlink_works=yes], [gl_cv_func_unlink_works=no],
+ [gl_cv_func_unlink_works="guessing no"])
+ rm -f conftest.file])
+ if test x"$gl_cv_func_unlink_works" != xyes; then
+ REPLACE_UNLINK=1
+ AC_LIBOBJ([unlink])
+ fi
+])
-e 's|@''GNULIB_SYMLINKAT''@|$(GNULIB_SYMLINKAT)|g' \
-e 's|@''GNULIB_UNISTD_H_GETOPT''@|$(GNULIB_UNISTD_H_GETOPT)|g' \
-e 's|@''GNULIB_UNISTD_H_SIGPIPE''@|$(GNULIB_UNISTD_H_SIGPIPE)|g' \
+ -e 's|@''GNULIB_UNLINK''@|$(GNULIB_UNLINK)|g' \
-e 's|@''GNULIB_UNLINKAT''@|$(GNULIB_UNLINKAT)|g' \
-e 's|@''GNULIB_WRITE''@|$(GNULIB_WRITE)|g' \
-e 's|@''HAVE_DUP2''@|$(HAVE_DUP2)|g' \
-e 's|@''REPLACE_LINK''@|$(REPLACE_LINK)|g' \
-e 's|@''REPLACE_LSEEK''@|$(REPLACE_LSEEK)|g' \
-e 's|@''REPLACE_RMDIR''@|$(REPLACE_RMDIR)|g' \
+ -e 's|@''REPLACE_UNLINK''@|$(REPLACE_UNLINK)|g' \
-e 's|@''REPLACE_WRITE''@|$(REPLACE_WRITE)|g' \
-e 's|@''UNISTD_H_HAVE_WINSOCK2_H''@|$(UNISTD_H_HAVE_WINSOCK2_H)|g' \
-e 's|@''UNISTD_H_HAVE_WINSOCK2_H_AND_USE_SOCKETS''@|$(UNISTD_H_HAVE_WINSOCK2_H_AND_USE_SOCKETS)|g' \
--- /dev/null
+Description:
+unlink(): remove a file.
+
+Files:
+lib/unlink.c
+m4/dos.m4
+m4/unlink.m4
+
+Depends-on:
+lstat
+unistd
+
+configure.ac:
+gl_FUNC_UNLINK
+gl_UNISTD_MODULE_INDICATOR([unlink])
+
+Makefile.am:
+
+Include:
+<unistd.h>
+
+License:
+LGPL
+
+Maintainer:
+Eric Blake
--- /dev/null
+Files:
+tests/test-unlink.c
+
+Depends-on:
+unlinkdir
+
+configure.ac:
+AC_CHECK_FUNCS_ONCE([symlink])
+
+Makefile.am:
+TESTS += test-unlink
+check_PROGRAMS += test-unlink
--- /dev/null
+/* Tests of unlink.
+ Copyright (C) 2009 Free Software Foundation, Inc.
+
+ This program is free software: you can redistribute it and/or modify
+ it under the terms of the GNU General Public License as published by
+ the Free Software Foundation; either version 3 of the License, or
+ (at your option) any later version.
+
+ This program is distributed in the hope that it will be useful,
+ but WITHOUT ANY WARRANTY; without even the implied warranty of
+ MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
+ GNU General Public License for more details.
+
+ You should have received a copy of the GNU General Public License
+ along with this program. If not, see <http://www.gnu.org/licenses/>. */
+
+/* Written by Eric Blake <ebb9@byu.net>, 2009. */
+
+#include <config.h>
+
+#include <unistd.h>
+
+#include <fcntl.h>
+#include <errno.h>
+#include <stdio.h>
+#include <stdlib.h>
+#include <string.h>
+#include <sys/stat.h>
+
+#include "unlinkdir.h"
+
+#if !HAVE_SYMLINK
+# define symlink(a,b) (-1)
+#endif
+
+#define ASSERT(expr) \
+ do \
+ { \
+ if (!(expr)) \
+ { \
+ fprintf (stderr, "%s:%d: assertion failed\n", __FILE__, __LINE__); \
+ fflush (stderr); \
+ abort (); \
+ } \
+ } \
+ while (0)
+
+#define BASE "test-unlink.t"
+
+int
+main ()
+{
+ /* Remove any leftovers from a previous partial run. */
+ ASSERT (system ("rm -rf " BASE "*") == 0);
+
+ /* Setup. */
+ ASSERT (mkdir (BASE "dir", 0700) == 0);
+ ASSERT (close (creat (BASE "dir/file", 0600)) == 0);
+
+ /* Basic error conditions. */
+ errno = 0;
+ ASSERT (unlink ("") == -1);
+ ASSERT (errno == ENOENT);
+ errno = 0;
+ ASSERT (unlink (BASE "nosuch") == -1);
+ ASSERT (errno == ENOENT);
+ errno = 0;
+ ASSERT (unlink (BASE "nosuch/") == -1);
+ ASSERT (errno == ENOENT);
+ /* Resulting errno after directories is rather varied across
+ implementations (EPERM, EINVAL, EACCES, EBUSY, EISDIR, ENOTSUP);
+ however, we must be careful to not attempt unlink on a directory
+ unless we know it must fail. */
+ if (cannot_unlink_dir ())
+ {
+ ASSERT (unlink (".") == -1);
+ ASSERT (unlink ("..") == -1);
+ ASSERT (unlink ("/") == -1);
+ ASSERT (unlink (BASE "dir") == -1);
+ ASSERT (mkdir (BASE "dir1", 0700) == 0);
+ ASSERT (unlink (BASE "dir1") == -1);
+ ASSERT (rmdir (BASE "dir1") == 0);
+ }
+ errno = 0;
+ ASSERT (unlink (BASE "dir/file/") == -1);
+ ASSERT (errno == ENOTDIR);
+
+ /* Test symlink behavior. Specifying trailing slash will attempt
+ unlink of a directory, so only attempt it if we know it must
+ fail. */
+ if (symlink (BASE "dir", BASE "link") != 0)
+ {
+ ASSERT (unlink (BASE "dir/file") == 0);
+ ASSERT (rmdir (BASE "dir") == 0);
+ fputs ("skipping test: symlinks not supported on this filesystem\n",
+ stderr);
+ return 77;
+ }
+ if (cannot_unlink_dir ())
+ ASSERT (unlink (BASE "link/") == -1);
+ ASSERT (unlink (BASE "link") == 0);
+ ASSERT (symlink (BASE "dir/file", BASE "link") == 0);
+ /* Order here proves unlink of a symlink does not follow through to
+ the file. */
+ ASSERT (unlink (BASE "link") == 0);
+ ASSERT (unlink (BASE "dir/file") == 0);
+ ASSERT (rmdir (BASE "dir") == 0);
+
+ return 0;
+}
projects / pspp / commitdiff