X-Git-Url: http://gitweb.michael.orlitzky.com/?a=blobdiff_plain;f=src%2Flibadacl.c;h=5402a32be0ac3ca03a535aa40bf049ef1eabca3f;hb=71831f01c40806756b6640591fca739c7790aebe;hp=28d5782157f547b4a3b2b9dffebafc6f83db1cb5;hpb=7ce092ba47607098bb57695396357b8eab90e81b;p=apply-default-acl.git

diff --git a/src/libadacl.c b/src/libadacl.c
index 28d5782..5402a32 100644
--- a/src/libadacl.c
+++ b/src/libadacl.c
@@ -8,41 +8,61 @@
 /* Enables get_current_dir_name() in unistd.h */
 #define _GNU_SOURCE
 
-#include <errno.h>
-#include <fcntl.h>
-#include <libgen.h> /* basename(), dirname() */
-#include <limits.h> /* PATH_MAX */
-#include <stdbool.h>
-#include <stdio.h>
-#include <stdlib.h>
-#include <string.h>
-#include <sys/stat.h>
-#include <unistd.h> /* get_current_dir_name() */
+#include <errno.h>    /* ELOOP, EINVAL, etc. */
+#include <fcntl.h>    /* openat() */
+#include <libgen.h>   /* basename(), dirname() */
+#include <limits.h>   /* PATH_MAX */
+#include <stdbool.h>  /* the "bool" type */
+#include <stdio.h>    /* perror(), snprintf() */
+#include <stdlib.h>   /* free() */
+#include <string.h>   /* strdup() */
+#include <sys/stat.h> /* fstat() */
+#include <unistd.h>   /* get_current_dir_name() */
 
 /* ACLs */
 #include <acl/libacl.h> /* acl_get_perm, not portable */
-#include <sys/types.h>
-#include <sys/acl.h>
+#include <sys/acl.h>    /* all other acl_foo functions */
 
 #include "libadacl.h"
 
 
+/* Even though most other library functions reliably return -1 for
+ * error, it feels a little wrong to re-use the ACL_ERROR constant.
+ */
+#define CLOSE_ERROR -1
+#define OPEN_ERROR -1
+#define SNPRINTF_ERROR -1
+#define STAT_ERROR -1
+
+
 /**
  * @brief The recursive portion of the @c safe_open function, used to
  *   open a file descriptor in a symlink-safe way when combined with
  *   the @c O_NOFOLLOW flag.
  *
+ * The @c O_PATH flag is not used because we want to fail upon
+ * encountering any symlinks.
+ *
  * @param at_fd
  *   A file descriptor relative to which @c pathname will be opened.
  *
  * @param pathname
  *   The path to the file/directory/whatever whose descriptor you want.
  *
+ * @param flags
+ *   File status flags to be passed to @c openat.
+ *
  * @return a file descriptor for @c pathname if everything goes well,
  *   and @c OPEN_ERROR if not.
  */
 int safe_open_ex(int at_fd, char* pathname, int flags) {
-  if (pathname != NULL && strlen(pathname) == 0) {
+  if (pathname == NULL) {
+    errno = EINVAL;
+    perror("safe_open_ex (args)");
+    return OPEN_ERROR;
+  }
+
+  if (strlen(pathname) == 0) {
     /* Oops, went one level to deep with nothing to do. */
     return at_fd;
   }
@@ -98,12 +118,16 @@ int safe_open_ex(int at_fd, char* pathname, int flags) {
  * @param pathname
  *   The path to the file/directory/whatever whose descriptor you want.
  *
+ * @param flags
+ *   File status flags to be passed to @c openat.
+ *
  * @return a file descriptor for @c pathname if everything goes well,
  *   and @c OPEN_ERROR if not.
  */
 int safe_open(const char* pathname, int flags) {
   if (pathname == NULL || strlen(pathname) == 0 || pathname[0] == '\0') {
-    /* error? */
+    errno = EINVAL;
+    perror("safe_open (args)");
     return OPEN_ERROR;
   }
 
@@ -145,6 +169,11 @@ int safe_open(const char* pathname, int flags) {
   }
 
   int fd = open("/", flags);
+  if (fd == OPEN_ERROR) {
+    perror("safe_open (open)");
+    return OPEN_ERROR;
+  }
+
   if (strcmp(abspath, "/") == 0) {
     return fd;
   }
@@ -185,6 +214,11 @@ int safe_open(const char* pathname, int flags) {
  *
  */
 int acl_set_entry(acl_t* aclp, acl_entry_t entry) {
+  if (aclp == NULL || entry == NULL) {
+    errno = EINVAL;
+    perror("acl_set_entry (args)");
+    return ACL_ERROR;
+  }
 
   acl_tag_t entry_tag;
   if (acl_get_tag_type(entry, &entry_tag) == ACL_ERROR) {
@@ -333,6 +367,11 @@ int acl_entry_count(acl_t acl) {
  *   - @c ACL_ERROR - Unexpected library error
  */
 int acl_is_minimal(acl_t acl) {
+  if (acl == NULL) {
+    errno = EINVAL;
+    perror("acl_is_minimal (args)");
+    return ACL_ERROR;
+  }
 
   int ec = acl_entry_count(acl);
 
@@ -363,6 +402,11 @@ int acl_is_minimal(acl_t acl) {
  *   - @c ACL_ERROR - Unexpected library error.
  */
 int acl_execute_masked(acl_t acl) {
+  if (acl == NULL) {
+    errno = EINVAL;
+    perror("acl_execute_masked (args)");
+    return ACL_ERROR;
+  }
 
   acl_entry_t entry;
   int ge_result = acl_get_entry(acl, ACL_FIRST_ENTRY, &entry);
@@ -426,6 +470,12 @@ int acl_execute_masked(acl_t acl) {
  *   - @c ACL_ERROR - Unexpected library error.
  */
 int any_can_execute(int fd, const struct stat* sp) {
+  if (sp == NULL) {
+    errno = EINVAL;
+    perror("any_can_execute (args)");
+    return ACL_ERROR;
+  }
+
   acl_t acl = acl_get_fd(fd);
 
   if (acl == (acl_t)NULL) {
@@ -523,8 +573,7 @@ int any_can_execute(int fd, const struct stat* sp) {
  *   - @c ACL_ERROR - Unexpected library error.
  */
 int assign_default_acl(const char* path, acl_t acl) {
-
-  if (path == NULL) {
+  if (path == NULL || acl == NULL) {
     errno = EINVAL;
     perror("assign_default_acl (args)");
     return ACL_ERROR;
@@ -600,17 +649,16 @@ int wipe_acls(int fd) {
  *
  * @return
  *   - @c ACL_SUCCESS - The parent default ACL was inherited successfully.
- *   - @c ACL_FAILURE - The target path is not a regular file/directory,
- *     or the parent of @c path is not a directory.
+ *   - @c ACL_FAILURE - If symlinks or hard links are encountered.
  *   - @c ACL_ERROR - Unexpected library error.
  */
-int apply_default_acl(const char* path,
-		      const struct stat* sp,
-		      bool no_exec_mask) {
+int apply_default_acl_ex(const char* path,
+			 const struct stat* sp,
+			 bool no_exec_mask) {
 
   if (path == NULL) {
     errno = EINVAL;
-    perror("apply_default_acl (args)");
+    perror("apply_default_acl_ex (args)");
     return ACL_ERROR;
   }
 
@@ -632,7 +680,7 @@ int apply_default_acl(const char* path,
    */
   char* path_copy = strdup(path);
   if (path_copy == NULL) {
-    perror("apply_default_acl (strdup)");
+    perror("apply_default_acl_ex (strdup)");
     return ACL_ERROR;
   }
   char* parent = dirname(path_copy);
@@ -644,7 +692,7 @@ int apply_default_acl(const char* path,
       goto cleanup;
     }
     else {
-      perror("apply_default_acl (open fd)");
+      perror("apply_default_acl_ex (open fd)");
       result = ACL_ERROR;
       goto cleanup;
     }
@@ -664,7 +712,7 @@ int apply_default_acl(const char* path,
   if (sp == NULL) {
     struct stat s;
     if (fstat(fd, &s) == STAT_ERROR) {
-      perror("apply_default_acl (fstat)");
+      perror("apply_default_acl_ex (fstat)");
       goto cleanup;
     }
 
@@ -692,7 +740,7 @@ int apply_default_acl(const char* path,
     int ace_result = any_can_execute(fd,sp) || S_ISDIR(sp->st_mode);
 
     if (ace_result == ACL_ERROR) {
-      perror("apply_default_acl (any_can_execute)");
+      perror("apply_default_acl_ex (any_can_execute)");
       result = ACL_ERROR;
       goto cleanup;
     }
@@ -703,13 +751,13 @@ int apply_default_acl(const char* path,
   defacl = acl_get_file(parent, ACL_TYPE_DEFAULT);
 
   if (defacl == (acl_t)NULL) {
-    perror("apply_default_acl (acl_get_file)");
+    perror("apply_default_acl_ex (acl_get_file)");
     result = ACL_ERROR;
     goto cleanup;
   }
 
   if (wipe_acls(fd) == ACL_ERROR) {
-    perror("apply_default_acl (wipe_acls)");
+    perror("apply_default_acl_ex (wipe_acls)");
     result = ACL_ERROR;
     goto cleanup;
   }
@@ -718,7 +766,7 @@ int apply_default_acl(const char* path,
      ACL with this one. */
   acl_t acl = acl_get_fd(fd);
   if (acl == (acl_t)NULL) {
-    perror("apply_default_acl (acl_get_fd)");
+    perror("apply_default_acl_ex (acl_get_fd)");
     result = ACL_ERROR;
     goto cleanup;
   }
@@ -730,7 +778,7 @@ int apply_default_acl(const char* path,
    * want to do?
    */
   if (S_ISDIR(sp->st_mode) && assign_default_acl(path, defacl) == ACL_ERROR) {
-    perror("apply_default_acl (assign_default_acl)");
+    perror("apply_default_acl_ex (assign_default_acl)");
     result = ACL_ERROR;
     goto cleanup;
   }
@@ -742,7 +790,7 @@ int apply_default_acl(const char* path,
     acl_tag_t tag = ACL_UNDEFINED_TAG;
 
     if (acl_get_tag_type(entry, &tag) == ACL_ERROR) {
-       perror("apply_default_acl (acl_get_tag_type)");
+       perror("apply_default_acl_ex (acl_get_tag_type)");
        result = ACL_ERROR;
        goto cleanup;
     }
@@ -751,7 +799,7 @@ int apply_default_acl(const char* path,
     /* We've got an entry/tag from the default ACL. Get its permset. */
     acl_permset_t permset;
     if (acl_get_permset(entry, &permset) == ACL_ERROR) {
-      perror("apply_default_acl (acl_get_permset)");
+      perror("apply_default_acl_ex (acl_get_permset)");
       result = ACL_ERROR;
       goto cleanup;
     }
@@ -767,13 +815,13 @@ int apply_default_acl(const char* path,
 	   minimal ACLs) or acl_other entries, so if execute should be
 	   masked, we have to do it manually. */
 	if (acl_delete_perm(permset, ACL_EXECUTE) == ACL_ERROR) {
-	  perror("apply_default_acl (acl_delete_perm)");
+	  perror("apply_default_acl_ex (acl_delete_perm)");
 	  result = ACL_ERROR;
 	  goto cleanup;
 	}
 
 	if (acl_set_permset(entry, permset) == ACL_ERROR) {
-	  perror("apply_default_acl (acl_set_permset)");
+	  perror("apply_default_acl_ex (acl_set_permset)");
 	  result = ACL_ERROR;
 	  goto cleanup;
 	}
@@ -797,7 +845,7 @@ int apply_default_acl(const char* path,
      * value of "acl". To do that, it needs the address of "acl".
      */
     if (acl_set_entry(&acl, entry) == ACL_ERROR) {
-      perror("apply_default_acl (acl_set_entry)");
+      perror("apply_default_acl_ex (acl_set_entry)");
       result = ACL_ERROR;
       goto cleanup;
     }
@@ -808,13 +856,13 @@ int apply_default_acl(const char* path,
   /* Catches the first acl_get_entry as well as the ones at the end of
      the loop. */
   if (ge_result == ACL_ERROR) {
-    perror("apply_default_acl (acl_get_entry)");
+    perror("apply_default_acl_ex (acl_get_entry)");
     result = ACL_ERROR;
     goto cleanup;
   }
 
   if (acl_set_fd(fd, acl) == ACL_ERROR) {
-    perror("apply_default_acl (acl_set_fd)");
+    perror("apply_default_acl_ex (acl_set_fd)");
     result = ACL_ERROR;
     goto cleanup;
   }
@@ -825,8 +873,36 @@ int apply_default_acl(const char* path,
     acl_free(defacl);
   }
   if (fd >= 0 && close(fd) == CLOSE_ERROR) {
-    perror("apply_default_acl (close)");
+    perror("apply_default_acl_ex (close)");
     result = ACL_ERROR;
   }
   return result;
 }
+
+
+
+/**
+ * @brief The friendly interface to @c apply_default_acl_ex.
+ *
+ * The @c apply_default_acl_ex function holds the real implementation
+ * of this function, but it takes a weird second argument that most
+ * people won't care about (a stat structure). But, we use that
+ * argument for the recursive mode of the CLI, so it's there.
+ *
+ * If you don't have a stat structure for your @c path, use this instead.
+ *
+ * @param path
+ *   The path whose ACL we would like to reset to its default.
+ *
+ * @param no_exec_mask
+ *   The value (either true or false) of the --no-exec-mask flag.
+ *
+ * @return
+ *   - @c ACL_SUCCESS - The parent default ACL was inherited successfully.
+ *   - @c ACL_FAILURE - If symlinks or hard links are encountered.
+ *     or the parent of @c path is not a directory.
+ *   - @c ACL_ERROR - Unexpected library error.
+ */
+int apply_default_acl(const char* path, bool no_exec_mask) {
+  return apply_default_acl_ex(path, NULL, no_exec_mask);
+}