X-Git-Url: http://gitweb.michael.orlitzky.com/?a=blobdiff_plain;f=src%2Flibadacl.c;h=4ca60c0c0d972018486bc725c17752725a07ebeb;hb=d9a84af0c1e29146ce708a3f4db50b0f86865cf6;hp=ce125db12dc77397574a98e11c683e12d7ed5911;hpb=4e8d531d9561674cfa5fc4853bafcd3a2b949911;p=apply-default-acl.git diff --git a/src/libadacl.c b/src/libadacl.c index ce125db..4ca60c0 100644 --- a/src/libadacl.c +++ b/src/libadacl.c @@ -5,16 +5,17 @@ * */ -/* Enables get_current_dir_name() in unistd.h and the O_PATH flag. */ +/* Enables get_current_dir_name() in unistd.h, the O_PATH flag, and + * the asprintf() function. +*/ #define _GNU_SOURCE #include /* readdir(), etc. */ #include /* EINVAL, ELOOP, ENOTDIR, etc. */ #include /* openat() */ #include /* basename(), dirname() */ -#include /* PATH_MAX */ #include /* the "bool" type */ -#include /* perror(), snprintf() */ +#include /* perror(), asprintf() */ #include /* free() */ #include /* strdup() */ #include /* fstat() */ @@ -36,11 +37,29 @@ */ #define CLOSE_ERROR -1 #define OPEN_ERROR -1 -#define SNPRINTF_ERROR -1 +#define ASPRINTF_ERROR -1 #define STAT_ERROR -1 #define XATTR_ERROR -1 +/* Prototypes */ +int safe_open_ex(int at_fd, char* pathname, int flags); +int safe_open(const char* pathname, int flags); +int acl_update_entry(acl_t aclp, acl_entry_t entry); +int acl_entry_count(acl_t acl); +int acl_is_minimal(acl_t acl); +int acl_execute_masked(acl_t acl); +int any_can_execute(int fd, const struct stat* sp); +int acl_copy_xattr(int src_fd, + acl_type_t src_type, + int dst_fd, + acl_type_t dst_type); +int has_default_acl_fd(int fd); +int apply_default_acl_fds(int parent_fd, int fd, bool recursive); +int apply_default_acl(const char* path, bool recursive); + + + /** * @brief The recursive portion of the @c safe_open function, used to * open a file descriptor in a symlink-safe way when combined with @@ -134,11 +153,11 @@ int safe_open(const char* pathname, int flags) { return OPEN_ERROR; } - char abspath[PATH_MAX]; - int snprintf_result = 0; + char* abspath = NULL; + int asprintf_result = 0; if (strchr(pathname, '/') == pathname) { /* pathname is already absolute; just copy it. */ - snprintf_result = snprintf(abspath, PATH_MAX, "%s", pathname); + asprintf_result = asprintf(&abspath, "%s", pathname); } else { /* Concatenate the current working directory and pathname into an @@ -163,14 +182,17 @@ int safe_open(const char* pathname, int flags) { free(cwd); return OPEN_ERROR; } - snprintf_result = snprintf(abspath, PATH_MAX, "%s/%s", abs_cwd, pathname); + asprintf_result = asprintf(&abspath, "%s/%s", abs_cwd, pathname); free(cwd); } - if (snprintf_result == SNPRINTF_ERROR || snprintf_result > PATH_MAX) { - perror("safe_open (snprintf)"); + if (asprintf_result == ASPRINTF_ERROR) { + perror("safe_open (asprintf)"); return OPEN_ERROR; } + /* Beyond here, asprintf() worked, and we need to free abspath. */ + int result = OPEN_ERROR; + bool abspath_is_root = (strcmp(abspath, "/") == 0); int rootflags = flags | O_DIRECTORY; if (!abspath_is_root) { @@ -180,18 +202,24 @@ int safe_open(const char* pathname, int flags) { int rootfd = open("/", rootflags); if (rootfd == OPEN_ERROR) { perror("safe_open (open)"); - return OPEN_ERROR; + result = OPEN_ERROR; + goto cleanup; } if (abspath_is_root) { - return rootfd; + result = rootfd; + goto cleanup; } - int result = safe_open_ex(rootfd, abspath+1, flags); + result = safe_open_ex(rootfd, abspath+1, flags); if (close(rootfd) == CLOSE_ERROR) { perror("safe_open (close)"); - return OPEN_ERROR; + result = OPEN_ERROR; + goto cleanup; } + + cleanup: + free(abspath); return result; } @@ -579,8 +607,14 @@ int acl_copy_xattr(int src_fd, return ACL_ERROR; } char* src_acl_p = alloca(src_size_guess); - /* The actual size may be smaller than our guess? I don't know. */ - ssize_t src_size = fgetxattr(src_fd, src_name, src_acl_p, src_size_guess); + /* The actual size may be smaller than our guess? I don't know. The + return value from fgetxattr() will either be nonnegative, or + XATTR_ERROR (which we've already ruled out), so it's safe to cast + it to an unsigned size_t here to avoid a compiler warning. */ + ssize_t src_size = fgetxattr(src_fd, + src_name, + src_acl_p, + (size_t)src_size_guess); if (src_size == XATTR_ERROR) { if (errno == ENODATA) { /* A missing ACL isn't an error. */ @@ -590,7 +624,14 @@ int acl_copy_xattr(int src_fd, return ACL_ERROR; } - if (fsetxattr(dst_fd, dst_name, src_acl_p, src_size, 0) == XATTR_ERROR) { + /* See above: src_size must be nonnegative at this point,so we cast + it to size_t to avoid a compiler warning. */ + if (fsetxattr(dst_fd, + dst_name, + src_acl_p, + (size_t)src_size, + 0) + == XATTR_ERROR) { perror("acl_copy_xattr (fsetxattr)"); return ACL_ERROR; } @@ -644,9 +685,6 @@ int has_default_acl_fd(int fd) { * @param fd * The file descriptor that should inherit its parent's default ACL. * - * @param no_exec_mask - * The value (either true or false) of the --no-exec-mask flag. - * * @param recursive * Should we recurse into subdirectories? * @@ -655,10 +693,7 @@ int has_default_acl_fd(int fd) { * - @c ACL_FAILURE - If symlinks or hard links are encountered. * - @c ACL_ERROR - Unexpected library error. */ -int apply_default_acl_fds(int parent_fd, - int fd, - bool no_exec_mask, - bool recursive) { +int apply_default_acl_fds(int parent_fd, int fd, bool recursive) { int result = ACL_SUCCESS; /* The new ACL for this path */ @@ -708,24 +743,20 @@ int apply_default_acl_fds(int parent_fd, } - /* Default to not masking the exec bit; i.e. applying the default - ACL literally. If --no-exec-mask was not specified, then we try - to "guess" whether or not to mask the exec bit. This behavior - is modeled after the capital 'X' perms of setfacl. */ - bool allow_exec = true; + /* Next We try to guess whether or not to strip the execute bits. + * This behavior is modeled after the capital 'X' perms of setfacl. + */ + int ace_result = any_can_execute(fd, &s); - if (!no_exec_mask) { - /* Never mask the execute bit on directories. */ - int ace_result = any_can_execute(fd,&s) || S_ISDIR(s.st_mode); + if (ace_result == ACL_ERROR) { + perror("apply_default_acl_fds (any_can_execute)"); + result = ACL_ERROR; + goto cleanup; + } - if (ace_result == ACL_ERROR) { - perror("apply_default_acl_fds (any_can_execute)"); - result = ACL_ERROR; - goto cleanup; - } + /* Never mask the execute bit on directories. */ + bool allow_exec = (bool)ace_result || S_ISDIR(s.st_mode); - allow_exec = (bool)ace_result; - } /* If it's a directory, inherit the parent's default. */ if (S_ISDIR(s.st_mode)) { @@ -895,7 +926,7 @@ int apply_default_acl_fds(int parent_fd, continue; } } - switch (apply_default_acl_fds(fd, new_fd, no_exec_mask, recursive)) { + switch (apply_default_acl_fds(fd, new_fd, recursive)) { /* Don't overwrite an error result with success/failure. */ case ACL_FAILURE: if (result == ACL_SUCCESS) { @@ -930,9 +961,6 @@ int apply_default_acl_fds(int parent_fd, * @param path * The path whose ACL we would like to reset to its default. * - * @param no_exec_mask - * The value (either true or false) of the --no-exec-mask flag. - * * @param recursive * Should we recurse into subdirectories? * @@ -941,7 +969,7 @@ int apply_default_acl_fds(int parent_fd, * - @c ACL_FAILURE - If symlinks or hard links are encountered. * - @c ACL_ERROR - Unexpected library error. */ -int apply_default_acl(const char* path, bool no_exec_mask, bool recursive) { +int apply_default_acl(const char* path, bool recursive) { if (path == NULL) { errno = EINVAL; @@ -975,7 +1003,30 @@ int apply_default_acl(const char* path, bool no_exec_mask, bool recursive) { return ACL_ERROR; } char* parent = dirname(dirname_path_copy); + + basename_path_copy = strdup(path); + if (basename_path_copy == NULL) { + perror("apply_default_acl (strdup)"); + result = ACL_ERROR; + goto cleanup; + } + char* child = basename(basename_path_copy); + + /* Just kidding, if the path is "." or "..", then dirname will do + * the wrong thing and give us "." as its parent, too. So, we handle + * those as special cases. We use "child" instead of "path" here to + * catch things like "./" and "../" + */ + bool path_is_dots = strcmp(child, ".") == 0 || strcmp(child, "..") == 0; + char dots_parent[6] = "../"; + if (path_is_dots) { + /* We know that "child" contains no more than two characters here, and + using strncat to enforce that belief keeps clang-tidy happy. */ + parent = strncat(dots_parent, child, 2); + } + parent_fd = safe_open(parent, O_DIRECTORY | O_NOFOLLOW); + if (parent_fd == OPEN_ERROR) { if (errno == ELOOP || errno == ENOTDIR) { /* We hit a symlink, either in the last path component (ELOOP) @@ -991,15 +1042,20 @@ int apply_default_acl(const char* path, bool no_exec_mask, bool recursive) { } /* We already obtained the parent fd safely, so if we use the - basename of path here instead of the full thing, then we can get - away with using openat() and spare ourselves the slowness of - another safe_open(). */ - basename_path_copy = strdup(path); - if (basename_path_copy == NULL) { - perror("apply_default_acl (strdup)"); - return ACL_ERROR; + * basename of path here instead of the full thing, then we can get + * away with using openat() and spare ourselves the slowness of + * another safe_open(). + * + * Note that if the basename is "." or "..", then we don't want to + * open it relative to the parent_fd, so we need another special + * case for those paths here. + */ + if (path_is_dots) { + fd = open(child, O_NOFOLLOW); + } + else { + fd = openat(parent_fd, child, O_NOFOLLOW); } - fd = openat(parent_fd, basename(basename_path_copy), O_NOFOLLOW); if (fd == OPEN_ERROR) { if (errno == ELOOP || errno == ENOTDIR) { /* We hit a symlink, either in the last path component (ELOOP) @@ -1014,7 +1070,7 @@ int apply_default_acl(const char* path, bool no_exec_mask, bool recursive) { } } - result = apply_default_acl_fds(parent_fd, fd, no_exec_mask, recursive); + result = apply_default_acl_fds(parent_fd, fd, recursive); cleanup: free(dirname_path_copy);