X-Git-Url: http://gitweb.michael.orlitzky.com/?a=blobdiff_plain;f=src%2Flibadacl.c;h=7874c4ccdae8f647b2694644958085ced3dcb877;hb=c0096b2149b8ce9493a0a1c30689b3fd9dd7036a;hp=69f20733150e1533982adb0044b249e9bbc76aa7;hpb=bf1ac1a44c7ae16f8c01cfe9ce1c8f930e3957e6;p=apply-default-acl.git diff --git a/src/libadacl.c b/src/libadacl.c index 69f2073..7874c4c 100644 --- a/src/libadacl.c +++ b/src/libadacl.c @@ -5,10 +5,10 @@ * */ -/* Enables get_current_dir_name() in unistd.h */ +/* Enables get_current_dir_name() in unistd.h and the O_PATH flag. */ #define _GNU_SOURCE -#include /* ELOOP, EINVAL, etc. */ +#include /* EINVAL, ELOOP, ENOTDIR, etc. */ #include /* openat() */ #include /* basename(), dirname() */ #include /* PATH_MAX */ @@ -26,6 +26,15 @@ #include "libadacl.h" +/* Even though most other library functions reliably return -1 for + * error, it feels a little wrong to re-use the ACL_ERROR constant. + */ +#define CLOSE_ERROR -1 +#define OPEN_ERROR -1 +#define SNPRINTF_ERROR -1 +#define STAT_ERROR -1 + + /** * @brief The recursive portion of the @c safe_open function, used to * open a file descriptor in a symlink-safe way when combined with @@ -37,37 +46,46 @@ * @param pathname * The path to the file/directory/whatever whose descriptor you want. * + * @param flags + * File status flags to be passed to @c openat. + * * @return a file descriptor for @c pathname if everything goes well, * and @c OPEN_ERROR if not. */ int safe_open_ex(int at_fd, char* pathname, int flags) { - if (pathname != NULL && strlen(pathname) == 0) { - /* Oops, went one level to deep with nothing to do. */ - return at_fd; + if (pathname == NULL) { + errno = EINVAL; + perror("safe_open_ex (args)"); + return OPEN_ERROR; } char* firstslash = strchr(pathname, '/'); if (firstslash == NULL) { /* No more slashes, this is the base case. */ - int r = openat(at_fd, pathname, flags); - return r; + return openat(at_fd, pathname, flags); + } + else if (firstslash[1] == '\0') { + /* The first slash is the last character; ensure that we open + a directory. */ + firstslash[0] = '\0'; + return openat(at_fd, pathname, flags | O_DIRECTORY); } - /* Temporarily disable the slash, so that the subsequent call to - openat() opens only the next directory (and doesn't recurse). */ + /* The first slash exists and isn't the last character in the path, + so we can split the path wherever that first slash lies and + recurse. */ *firstslash = '\0'; - int fd = safe_open_ex(at_fd, pathname, flags); + int fd = openat(at_fd, pathname, flags | O_DIRECTORY | O_PATH); if (fd == OPEN_ERROR) { - if (errno != ELOOP) { + if (errno != ENOTDIR) { /* Don't output anything if we ignore a symlink */ perror("safe_open_ex (safe_open_ex)"); } return OPEN_ERROR; } - /* The ++ is safe because there needs to be at least a null byte - after the first slash, even if it's the last real character in - the string. */ + /* The +1 is safe because there needs to be at least one character + after the first slash (we checked this above). */ int result = safe_open_ex(fd, firstslash+1, flags); if (close(fd) == CLOSE_ERROR) { perror("safe_open_ex (close)"); @@ -97,12 +115,16 @@ int safe_open_ex(int at_fd, char* pathname, int flags) { * @param pathname * The path to the file/directory/whatever whose descriptor you want. * + * @param flags + * File status flags to be passed to @c openat. + * * @return a file descriptor for @c pathname if everything goes well, * and @c OPEN_ERROR if not. */ int safe_open(const char* pathname, int flags) { if (pathname == NULL || strlen(pathname) == 0 || pathname[0] == '\0') { - /* error? */ + errno = EINVAL; + perror("safe_open (args)"); return OPEN_ERROR; } @@ -143,7 +165,19 @@ int safe_open(const char* pathname, int flags) { return OPEN_ERROR; } - int fd = open("/", flags); + int fd = 0; + if (strcmp(abspath, "/") == 0) { + fd = open("/", flags | O_DIRECTORY); + } + else { + /* Use O_PATH for some added safety if "/" is not our target */ + fd = open("/", flags | O_DIRECTORY | O_PATH); + } + if (fd == OPEN_ERROR) { + perror("safe_open (open)"); + return OPEN_ERROR; + } + if (strcmp(abspath, "/") == 0) { return fd; } @@ -184,6 +218,11 @@ int safe_open(const char* pathname, int flags) { * */ int acl_set_entry(acl_t* aclp, acl_entry_t entry) { + if (aclp == NULL || entry == NULL) { + errno = EINVAL; + perror("acl_set_entry (args)"); + return ACL_ERROR; + } acl_tag_t entry_tag; if (acl_get_tag_type(entry, &entry_tag) == ACL_ERROR) { @@ -217,12 +256,6 @@ int acl_set_entry(acl_t* aclp, acl_entry_t entry) { been wiped. These three are guaranteed to exist, so if we match one of them, we're allowed to return ACL_SUCCESS below and bypass the rest of the function. */ - acl_permset_t existing_permset; - if (acl_get_permset(existing_entry, &existing_permset) == ACL_ERROR) { - perror("acl_set_entry (acl_get_permset)"); - return ACL_ERROR; - } - if (acl_set_permset(existing_entry, entry_permset) == ACL_ERROR) { perror("acl_set_entry (acl_set_permset)"); return ACL_ERROR; @@ -332,6 +365,11 @@ int acl_entry_count(acl_t acl) { * - @c ACL_ERROR - Unexpected library error */ int acl_is_minimal(acl_t acl) { + if (acl == NULL) { + errno = EINVAL; + perror("acl_is_minimal (args)"); + return ACL_ERROR; + } int ec = acl_entry_count(acl); @@ -362,6 +400,11 @@ int acl_is_minimal(acl_t acl) { * - @c ACL_ERROR - Unexpected library error. */ int acl_execute_masked(acl_t acl) { + if (acl == NULL) { + errno = EINVAL; + perror("acl_execute_masked (args)"); + return ACL_ERROR; + } acl_entry_t entry; int ge_result = acl_get_entry(acl, ACL_FIRST_ENTRY, &entry); @@ -425,6 +468,12 @@ int acl_execute_masked(acl_t acl) { * - @c ACL_ERROR - Unexpected library error. */ int any_can_execute(int fd, const struct stat* sp) { + if (sp == NULL) { + errno = EINVAL; + perror("any_can_execute (args)"); + return ACL_ERROR; + } + acl_t acl = acl_get_fd(fd); if (acl == (acl_t)NULL) { @@ -522,8 +571,7 @@ int any_can_execute(int fd, const struct stat* sp) { * - @c ACL_ERROR - Unexpected library error. */ int assign_default_acl(const char* path, acl_t acl) { - - if (path == NULL) { + if (path == NULL || acl == NULL) { errno = EINVAL; perror("assign_default_acl (args)"); return ACL_ERROR; @@ -599,17 +647,16 @@ int wipe_acls(int fd) { * * @return * - @c ACL_SUCCESS - The parent default ACL was inherited successfully. - * - @c ACL_FAILURE - The target path is not a regular file/directory, - * or the parent of @c path is not a directory. + * - @c ACL_FAILURE - If symlinks or hard links are encountered. * - @c ACL_ERROR - Unexpected library error. */ -int apply_default_acl(const char* path, - const struct stat* sp, - bool no_exec_mask) { +int apply_default_acl_ex(const char* path, + const struct stat* sp, + bool no_exec_mask) { if (path == NULL) { errno = EINVAL; - perror("apply_default_acl (args)"); + perror("apply_default_acl_ex (args)"); return ACL_ERROR; } @@ -631,19 +678,21 @@ int apply_default_acl(const char* path, */ char* path_copy = strdup(path); if (path_copy == NULL) { - perror("apply_default_acl (strdup)"); + perror("apply_default_acl_ex (strdup)"); return ACL_ERROR; } char* parent = dirname(path_copy); fd = safe_open(path, O_NOFOLLOW); if (fd == OPEN_ERROR) { - if (errno == ELOOP) { - result = ACL_FAILURE; /* hit a symlink */ + if (errno == ELOOP || errno == ENOTDIR) { + /* We hit a symlink, either in the last path component (ELOOP) + or higher up (ENOTDIR). */ + result = ACL_FAILURE; goto cleanup; } else { - perror("apply_default_acl (open fd)"); + perror("apply_default_acl_ex (open fd)"); result = ACL_ERROR; goto cleanup; } @@ -663,7 +712,7 @@ int apply_default_acl(const char* path, if (sp == NULL) { struct stat s; if (fstat(fd, &s) == STAT_ERROR) { - perror("apply_default_acl (fstat)"); + perror("apply_default_acl_ex (fstat)"); goto cleanup; } @@ -691,7 +740,7 @@ int apply_default_acl(const char* path, int ace_result = any_can_execute(fd,sp) || S_ISDIR(sp->st_mode); if (ace_result == ACL_ERROR) { - perror("apply_default_acl (any_can_execute)"); + perror("apply_default_acl_ex (any_can_execute)"); result = ACL_ERROR; goto cleanup; } @@ -702,13 +751,13 @@ int apply_default_acl(const char* path, defacl = acl_get_file(parent, ACL_TYPE_DEFAULT); if (defacl == (acl_t)NULL) { - perror("apply_default_acl (acl_get_file)"); + perror("apply_default_acl_ex (acl_get_file)"); result = ACL_ERROR; goto cleanup; } if (wipe_acls(fd) == ACL_ERROR) { - perror("apply_default_acl (wipe_acls)"); + perror("apply_default_acl_ex (wipe_acls)"); result = ACL_ERROR; goto cleanup; } @@ -717,7 +766,7 @@ int apply_default_acl(const char* path, ACL with this one. */ acl_t acl = acl_get_fd(fd); if (acl == (acl_t)NULL) { - perror("apply_default_acl (acl_get_fd)"); + perror("apply_default_acl_ex (acl_get_fd)"); result = ACL_ERROR; goto cleanup; } @@ -729,7 +778,7 @@ int apply_default_acl(const char* path, * want to do? */ if (S_ISDIR(sp->st_mode) && assign_default_acl(path, defacl) == ACL_ERROR) { - perror("apply_default_acl (assign_default_acl)"); + perror("apply_default_acl_ex (assign_default_acl)"); result = ACL_ERROR; goto cleanup; } @@ -741,7 +790,7 @@ int apply_default_acl(const char* path, acl_tag_t tag = ACL_UNDEFINED_TAG; if (acl_get_tag_type(entry, &tag) == ACL_ERROR) { - perror("apply_default_acl (acl_get_tag_type)"); + perror("apply_default_acl_ex (acl_get_tag_type)"); result = ACL_ERROR; goto cleanup; } @@ -750,7 +799,7 @@ int apply_default_acl(const char* path, /* We've got an entry/tag from the default ACL. Get its permset. */ acl_permset_t permset; if (acl_get_permset(entry, &permset) == ACL_ERROR) { - perror("apply_default_acl (acl_get_permset)"); + perror("apply_default_acl_ex (acl_get_permset)"); result = ACL_ERROR; goto cleanup; } @@ -766,13 +815,13 @@ int apply_default_acl(const char* path, minimal ACLs) or acl_other entries, so if execute should be masked, we have to do it manually. */ if (acl_delete_perm(permset, ACL_EXECUTE) == ACL_ERROR) { - perror("apply_default_acl (acl_delete_perm)"); + perror("apply_default_acl_ex (acl_delete_perm)"); result = ACL_ERROR; goto cleanup; } if (acl_set_permset(entry, permset) == ACL_ERROR) { - perror("apply_default_acl (acl_set_permset)"); + perror("apply_default_acl_ex (acl_set_permset)"); result = ACL_ERROR; goto cleanup; } @@ -796,7 +845,7 @@ int apply_default_acl(const char* path, * value of "acl". To do that, it needs the address of "acl". */ if (acl_set_entry(&acl, entry) == ACL_ERROR) { - perror("apply_default_acl (acl_set_entry)"); + perror("apply_default_acl_ex (acl_set_entry)"); result = ACL_ERROR; goto cleanup; } @@ -807,13 +856,13 @@ int apply_default_acl(const char* path, /* Catches the first acl_get_entry as well as the ones at the end of the loop. */ if (ge_result == ACL_ERROR) { - perror("apply_default_acl (acl_get_entry)"); + perror("apply_default_acl_ex (acl_get_entry)"); result = ACL_ERROR; goto cleanup; } if (acl_set_fd(fd, acl) == ACL_ERROR) { - perror("apply_default_acl (acl_set_fd)"); + perror("apply_default_acl_ex (acl_set_fd)"); result = ACL_ERROR; goto cleanup; } @@ -824,8 +873,36 @@ int apply_default_acl(const char* path, acl_free(defacl); } if (fd >= 0 && close(fd) == CLOSE_ERROR) { - perror("apply_default_acl (close)"); + perror("apply_default_acl_ex (close)"); result = ACL_ERROR; } return result; } + + + +/** + * @brief The friendly interface to @c apply_default_acl_ex. + * + * The @c apply_default_acl_ex function holds the real implementation + * of this function, but it takes a weird second argument that most + * people won't care about (a stat structure). But, we use that + * argument for the recursive mode of the CLI, so it's there. + * + * If you don't have a stat structure for your @c path, use this instead. + * + * @param path + * The path whose ACL we would like to reset to its default. + * + * @param no_exec_mask + * The value (either true or false) of the --no-exec-mask flag. + * + * @return + * - @c ACL_SUCCESS - The parent default ACL was inherited successfully. + * - @c ACL_FAILURE - If symlinks or hard links are encountered. + * or the parent of @c path is not a directory. + * - @c ACL_ERROR - Unexpected library error. + */ +int apply_default_acl(const char* path, bool no_exec_mask) { + return apply_default_acl_ex(path, NULL, no_exec_mask); +}