X-Git-Url: http://gitweb.michael.orlitzky.com/?a=blobdiff_plain;f=src%2Flibadacl.c;h=e83f46be630bc40c779f9792786fa2c82e9ff944;hb=bd6889a6483bc13a05b36a4d8e37834bd50f2941;hp=0d07f2c6d0126880b59e830011fcbbefc75e797f;hpb=6727b9e8ed3807cd565127f87fa6faa33c4b5ee4;p=apply-default-acl.git diff --git a/src/libadacl.c b/src/libadacl.c index 0d07f2c..e83f46b 100644 --- a/src/libadacl.c +++ b/src/libadacl.c @@ -69,7 +69,7 @@ int safe_open_ex(int at_fd, char* pathname, int flags) { /* No more slashes, this is the base case. */ return openat(at_fd, pathname, flags); } - else if (firstslash[1] == '\0') { + if (firstslash[1] == '\0') { /* The first slash is the last character; ensure that we open a directory. */ firstslash[0] = '\0'; @@ -127,7 +127,7 @@ int safe_open_ex(int at_fd, char* pathname, int flags) { * and @c OPEN_ERROR if not. */ int safe_open(const char* pathname, int flags) { - if (pathname == NULL || strlen(pathname) == 0 || pathname[0] == '\0') { + if (pathname == NULL) { errno = EINVAL; perror("safe_open (args)"); return OPEN_ERROR; @@ -170,25 +170,24 @@ int safe_open(const char* pathname, int flags) { return OPEN_ERROR; } - int fd = 0; - if (strcmp(abspath, "/") == 0) { - fd = open("/", flags | O_DIRECTORY); - } - else { + bool abspath_is_root = (strcmp(abspath, "/") == 0); + int rootflags = flags | O_DIRECTORY; + if (!abspath_is_root) { /* Use O_PATH for some added safety if "/" is not our target */ - fd = open("/", flags | O_DIRECTORY | O_PATH); + rootflags |= O_PATH; } - if (fd == OPEN_ERROR) { + int rootfd = open("/", rootflags); + if (rootfd == OPEN_ERROR) { perror("safe_open (open)"); return OPEN_ERROR; } - if (strcmp(abspath, "/") == 0) { - return fd; + if (abspath_is_root) { + return rootfd; } - int result = safe_open_ex(fd, abspath+1, flags); - if (close(fd) == CLOSE_ERROR) { + int result = safe_open_ex(rootfd, abspath+1, flags); + if (close(rootfd) == CLOSE_ERROR) { perror("safe_open (close)"); return OPEN_ERROR; } @@ -199,51 +198,41 @@ int safe_open(const char* pathname, int flags) { /** - * @brief Update (or create) an entry in an @b minimal ACL. - * - * This function will not work if @c aclp contains extended - * entries. This is fine for our purposes, since we call @c wipe_acls - * on each path before applying the default to it. - * - * The assumption that there are no extended entries makes things much - * simpler. For example, we only have to update the @c ACL_USER_OBJ, - * @c ACL_GROUP_OBJ, and @c ACL_OTHER entries -- all others can simply - * be created anew. This means we don't have to fool around comparing - * named-user/group entries. + * @brief Update an entry in an @b minimal ACL. * * @param aclp - * A pointer to the acl_t structure whose entry we want to modify. + * A pointer to the acl_t structure whose entry we want to update. * * @param entry - * The new entry. If @c entry contains a user/group/other entry, we - * update the existing one. Otherwise we create a new entry. - * - * @return If there is an unexpected library error, @c ACL_ERROR is - * returned. Otherwise, @c ACL_SUCCESS. + * The new entry. * + * @return + * - @c ACL_SUCCESS - If we update an existing entry. + * - @c ACL_FAILURE - If we don't find an entry to update. + * - @c ACL_ERROR - Unexpected library error. */ -int acl_set_entry(acl_t* aclp, acl_entry_t entry) { +int acl_update_entry(acl_t aclp, acl_entry_t entry) { if (aclp == NULL || entry == NULL) { errno = EINVAL; - perror("acl_set_entry (args)"); + perror("acl_update_entry (args)"); return ACL_ERROR; } acl_tag_t entry_tag; if (acl_get_tag_type(entry, &entry_tag) == ACL_ERROR) { - perror("acl_set_entry (acl_get_tag_type)"); + perror("acl_update_entry (acl_get_tag_type)"); return ACL_ERROR; } acl_permset_t entry_permset; if (acl_get_permset(entry, &entry_permset) == ACL_ERROR) { - perror("acl_set_entry (acl_get_permset)"); + perror("acl_update_entry (acl_get_permset)"); return ACL_ERROR; } acl_entry_t existing_entry; /* Loop through the given ACL looking for matching entries. */ - int result = acl_get_entry(*aclp, ACL_FIRST_ENTRY, &existing_entry); + int result = acl_get_entry(aclp, ACL_FIRST_ENTRY, &existing_entry); while (result == ACL_SUCCESS) { acl_tag_t existing_tag = ACL_UNDEFINED_TAG; @@ -256,64 +245,24 @@ int acl_set_entry(acl_t* aclp, acl_entry_t entry) { if (existing_tag == entry_tag) { /* If we update something, we're done and return ACL_SUCCESS */ if (acl_set_permset(existing_entry, entry_permset) == ACL_ERROR) { - perror("acl_set_entry (acl_set_permset)"); + perror("acl_update_entry (acl_set_permset)"); return ACL_ERROR; } return ACL_SUCCESS; } - result = acl_get_entry(*aclp, ACL_NEXT_ENTRY, &existing_entry); + result = acl_get_entry(aclp, ACL_NEXT_ENTRY, &existing_entry); } /* This catches both the initial acl_get_entry and the ones at the end of the loop. */ if (result == ACL_ERROR) { - perror("acl_set_entry (acl_get_entry)"); - return ACL_ERROR; - } - - /* If we've made it this far, we need to add a new entry to the - ACL. */ - acl_entry_t new_entry; - - /* The acl_create_entry() function can allocate new memory and/or - * change the location of the ACL structure entirely. When that - * happens, the value pointed to by aclp is updated, which means - * that a new acl_t gets "passed out" to our caller, eventually to - * be fed to acl_free(). In other words, we should still be freeing - * the right thing, even if the value pointed to by aclp changes. - */ - if (acl_create_entry(aclp, &new_entry) == ACL_ERROR) { - perror("acl_set_entry (acl_create_entry)"); - return ACL_ERROR; - } - - if (acl_set_tag_type(new_entry, entry_tag) == ACL_ERROR) { - perror("acl_set_entry (acl_set_tag_type)"); + perror("acl_update_entry (acl_get_entry)"); return ACL_ERROR; } - if (acl_set_permset(new_entry, entry_permset) == ACL_ERROR) { - perror("acl_set_entry (acl_set_permset)"); - return ACL_ERROR; - } - - if (entry_tag == ACL_USER || entry_tag == ACL_GROUP) { - /* We need to set the qualifier too. */ - void* entry_qual = acl_get_qualifier(entry); - if (entry_qual == (void*)NULL) { - perror("acl_set_entry (acl_get_qualifier)"); - return ACL_ERROR; - } - - if (acl_set_qualifier(new_entry, entry_qual) == ACL_ERROR) { - perror("acl_set_entry (acl_set_qualifier)"); - return ACL_ERROR; - } - } - - return ACL_SUCCESS; + return ACL_FAILURE; } @@ -551,38 +500,6 @@ int any_can_execute(int fd, const struct stat* sp) { -/** - * @brief Remove all @c ACL_TYPE_ACCESS entries from the given file - * descriptor, leaving the UNIX permission bits. - * - * @param fd - * The file descriptor whose ACLs we want to wipe. - * - * @return - * - @c ACL_SUCCESS - The ACLs were wiped successfully, or none - * existed in the first place. - * - @c ACL_ERROR - Unexpected library error. - */ -int wipe_acls(int fd) { - /* Initialize an empty ACL, and then overwrite the one on "fd" with it. */ - acl_t empty_acl = acl_init(0); - - if (empty_acl == (acl_t)NULL) { - perror("wipe_acls (acl_init)"); - return ACL_ERROR; - } - - if (acl_set_fd(fd, empty_acl) == ACL_ERROR) { - perror("wipe_acls (acl_set_fd)"); - acl_free(empty_acl); - return ACL_ERROR; - } - - acl_free(empty_acl); - return ACL_SUCCESS; -} - - /** * @brief Copy ACLs between file descriptors as xattrs, verbatim. * @@ -649,7 +566,7 @@ int acl_copy_xattr(int src_fd, return ACL_ERROR; } - size_t src_size_guess = fgetxattr(src_fd, src_name, NULL, 0); + ssize_t src_size_guess = fgetxattr(src_fd, src_name, NULL, 0); if (src_size_guess == XATTR_ERROR) { if (errno == ENODATA) { /* A missing ACL isn't really an error. ENOATTR and ENODATA are @@ -662,7 +579,7 @@ int acl_copy_xattr(int src_fd, } char* src_acl_p = alloca(src_size_guess); /* The actual size may be smaller than our guess? I don't know. */ - size_t src_size = fgetxattr(src_fd, src_name, src_acl_p, (int)src_size_guess); + ssize_t src_size = fgetxattr(src_fd, src_name, src_acl_p, src_size_guess); if (src_size == XATTR_ERROR) { if (errno == ENODATA) { /* A missing ACL isn't an error. */ @@ -713,10 +630,6 @@ int has_default_acl_fd(int fd) { * @param path * The path whose ACL we would like to reset to its default. * - * @param sp - * A pointer to a stat structure for @c path, or @c NULL if you don't - * have one handy. - * * @param no_exec_mask * The value (either true or false) of the --no-exec-mask flag. * @@ -725,13 +638,11 @@ int has_default_acl_fd(int fd) { * - @c ACL_FAILURE - If symlinks or hard links are encountered. * - @c ACL_ERROR - Unexpected library error. */ -int apply_default_acl_ex(const char* path, - const struct stat* sp, - bool no_exec_mask) { +int apply_default_acl(const char* path, bool no_exec_mask) { if (path == NULL) { errno = EINVAL; - perror("apply_default_acl_ex (args)"); + perror("apply_default_acl (args)"); return ACL_ERROR; } @@ -755,14 +666,19 @@ int apply_default_acl_ex(const char* path, /* The file descriptor for the directory containing "path" */ int parent_fd = 0; + /* dirname() and basename() mangle their arguments, so we need + to make copies of "path" before using them. */ + char* dirname_path_copy = NULL; + char* basename_path_copy = NULL; + /* Get the parent directory of "path" with dirname(), which happens * to murder its argument and necessitates a path_copy. */ - char* path_copy = strdup(path); - if (path_copy == NULL) { - perror("apply_default_acl_ex (strdup)"); + dirname_path_copy = strdup(path); + if (dirname_path_copy == NULL) { + perror("apply_default_acl (strdup)"); return ACL_ERROR; } - char* parent = dirname(path_copy); + char* parent = dirname(dirname_path_copy); parent_fd = safe_open(parent, O_DIRECTORY | O_NOFOLLOW); if (parent_fd == OPEN_ERROR) { if (errno == ELOOP || errno == ENOTDIR) { @@ -772,7 +688,7 @@ int apply_default_acl_ex(const char* path, goto cleanup; } else { - perror("apply_default_acl_ex (open parent fd)"); + perror("apply_default_acl (open parent fd)"); result = ACL_ERROR; goto cleanup; } @@ -785,7 +701,16 @@ int apply_default_acl_ex(const char* path, goto cleanup; } - fd = safe_open(path, O_NOFOLLOW); + /* We already obtained the parent fd safely, so if we use the + basename of path here instead of the full thing, then we can get + away with using openat() and spare ourselves the slowness of + another safe_open(). */ + basename_path_copy = strdup(path); + if (basename_path_copy == NULL) { + perror("apply_default_acl (strdup)"); + return ACL_ERROR; + } + fd = openat(parent_fd, basename(basename_path_copy), O_NOFOLLOW); if (fd == OPEN_ERROR) { if (errno == ELOOP || errno == ENOTDIR) { /* We hit a symlink, either in the last path component (ELOOP) @@ -794,7 +719,7 @@ int apply_default_acl_ex(const char* path, goto cleanup; } else { - perror("apply_default_acl_ex (open fd)"); + perror("apply_default_acl (open fd)"); result = ACL_ERROR; goto cleanup; } @@ -806,24 +731,17 @@ int apply_default_acl_ex(const char* path, * race condition here, but the window is as small as possible * between when we open the file descriptor (look above) and when we * fstat it. - * - * Note: we only need to call fstat ourselves if we weren't passed a - * valid pointer to a stat structure (nftw does that). */ - if (sp == NULL) { - struct stat s; - if (fstat(fd, &s) == STAT_ERROR) { - perror("apply_default_acl_ex (fstat)"); - goto cleanup; - } - - sp = &s; + struct stat s; + if (fstat(fd, &s) == STAT_ERROR) { + perror("apply_default_acl (fstat)"); + goto cleanup; } - if (!S_ISDIR(sp->st_mode)) { + if (!S_ISDIR(s.st_mode)) { /* If it's not a directory, make sure it's a regular, non-hard-linked file. */ - if (!S_ISREG(sp->st_mode) || sp->st_nlink != 1) { + if (!S_ISREG(s.st_mode) || s.st_nlink != 1) { result = ACL_FAILURE; goto cleanup; } @@ -838,10 +756,10 @@ int apply_default_acl_ex(const char* path, if (!no_exec_mask) { /* Never mask the execute bit on directories. */ - int ace_result = any_can_execute(fd,sp) || S_ISDIR(sp->st_mode); + int ace_result = any_can_execute(fd,&s) || S_ISDIR(s.st_mode); if (ace_result == ACL_ERROR) { - perror("apply_default_acl_ex (any_can_execute)"); + perror("apply_default_acl (any_can_execute)"); result = ACL_ERROR; goto cleanup; } @@ -849,19 +767,13 @@ int apply_default_acl_ex(const char* path, allow_exec = (bool)ace_result; } - if (wipe_acls(fd) == ACL_ERROR) { - perror("apply_default_acl_ex (wipe_acls)"); - result = ACL_ERROR; - goto cleanup; - } - /* If it's a directory, inherit the parent's default. */ - if (S_ISDIR(sp->st_mode)) { + if (S_ISDIR(s.st_mode)) { if (acl_copy_xattr(parent_fd, ACL_TYPE_DEFAULT, fd, ACL_TYPE_DEFAULT) == ACL_ERROR) { - perror("apply_default_acl_ex (acl_copy_xattr default)"); + perror("apply_default_acl (acl_copy_xattr default)"); result = ACL_ERROR; goto cleanup; } @@ -872,13 +784,13 @@ int apply_default_acl_ex(const char* path, ACL_TYPE_DEFAULT, fd, ACL_TYPE_ACCESS) == ACL_ERROR) { - perror("apply_default_acl_ex (acl_copy_xattr access)"); + perror("apply_default_acl (acl_copy_xattr access)"); result = ACL_ERROR; goto cleanup; } /* There's a good reason why we saved the ACL above, even though - * we're about tto read it back into memory and mess with it on the + * we're about to read it back into memory and mess with it on the * next line. The acl_copy_xattr() function is already a hack to let * us copy default ACLs without resorting to path names; we simply * have no way to read the parent's default ACL into memory using @@ -889,10 +801,16 @@ int apply_default_acl_ex(const char* path, */ /* Now we potentially need to mask the execute permissions in the - ACL on fd. First obtain the current one... */ + ACL on fd; or maybe not. */ + if (allow_exec) { + goto cleanup; + } + + /* OK, we need to mask some execute permissions. First obtain the + current ACL... */ new_acl = acl_get_fd(fd); if (new_acl == (acl_t)NULL) { - perror("apply_default_acl_ex (acl_get_fd)"); + perror("apply_default_acl (acl_get_fd)"); result = ACL_ERROR; goto cleanup; } @@ -902,7 +820,7 @@ int apply_default_acl_ex(const char* path, looping over it no worky). */ new_acl_unmasked = acl_dup(new_acl); if (new_acl_unmasked == (acl_t)NULL) { - perror("apply_default_acl_ex (acl_dup)"); + perror("apply_default_acl (acl_dup)"); result = ACL_ERROR; goto cleanup; } @@ -914,7 +832,7 @@ int apply_default_acl_ex(const char* path, acl_tag_t tag = ACL_UNDEFINED_TAG; if (acl_get_tag_type(entry, &tag) == ACL_ERROR) { - perror("apply_default_acl_ex (acl_get_tag_type)"); + perror("apply_default_acl (acl_get_tag_type)"); result = ACL_ERROR; goto cleanup; } @@ -923,7 +841,7 @@ int apply_default_acl_ex(const char* path, /* We've got an entry/tag from the default ACL. Get its permset. */ acl_permset_t permset; if (acl_get_permset(entry, &permset) == ACL_ERROR) { - perror("apply_default_acl_ex (acl_get_permset)"); + perror("apply_default_acl (acl_get_permset)"); result = ACL_ERROR; goto cleanup; } @@ -933,43 +851,24 @@ int apply_default_acl_ex(const char* path, tag == ACL_GROUP_OBJ || tag == ACL_OTHER) { - if (!allow_exec) { - /* The mask doesn't affect acl_user_obj, acl_group_obj (in - minimal ACLs) or acl_other entries, so if execute should be - masked, we have to do it manually. */ - if (acl_delete_perm(permset, ACL_EXECUTE) == ACL_ERROR) { - perror("apply_default_acl_ex (acl_delete_perm)"); - result = ACL_ERROR; - goto cleanup; - } - - if (acl_set_permset(entry, permset) == ACL_ERROR) { - perror("apply_default_acl_ex (acl_set_permset)"); - result = ACL_ERROR; - goto cleanup; - } + /* The mask doesn't affect acl_user_obj, acl_group_obj (in + minimal ACLs) or acl_other entries, so if execute should be + masked, we have to do it manually. */ + if (acl_delete_perm(permset, ACL_EXECUTE) == ACL_ERROR) { + perror("apply_default_acl (acl_delete_perm)"); + result = ACL_ERROR; + goto cleanup; + } + + if (acl_set_permset(entry, permset) == ACL_ERROR) { + perror("apply_default_acl (acl_set_permset)"); + result = ACL_ERROR; + goto cleanup; } } - /* Finally, add the permset to the access ACL. It's actually - * important that we pass in the address of "new_acl" here, and not - * "new_acl" itself. Why? The call to acl_create_entry() within - * acl_set_entry() can allocate new memory for the entry. - * Sometimes that can be done in-place, in which case everything - * is cool and the new memory gets released when we call - * acl_free(acl). - * - * But occasionally, the whole ACL structure will have to be moved - * in order to allocate the extra space. When that happens, - * acl_create_entry() modifies the pointer it was passed (in this - * case, &acl) to point to the new location. We want to call - * acl_free() on the new location, and since acl_free() gets - * called right here, we need acl_create_entry() to update the - * value of "new_acl". To do that, it needs the address of "new_acl". - */ - - if (acl_set_entry(&new_acl, entry) == ACL_ERROR) { - perror("apply_default_acl_ex (acl_set_entry)"); + if (acl_update_entry(new_acl, entry) == ACL_ERROR) { + perror("apply_default_acl (acl_update_entry)"); result = ACL_ERROR; goto cleanup; } @@ -980,60 +879,30 @@ int apply_default_acl_ex(const char* path, /* Catches the first acl_get_entry as well as the ones at the end of the loop. */ if (ge_result == ACL_ERROR) { - perror("apply_default_acl_ex (acl_get_entry)"); + perror("apply_default_acl (acl_get_entry)"); result = ACL_ERROR; goto cleanup; } if (acl_set_fd(fd, new_acl) == ACL_ERROR) { - perror("apply_default_acl_ex (acl_set_fd)"); + perror("apply_default_acl (acl_set_fd)"); result = ACL_ERROR; goto cleanup; } cleanup: - free(path_copy); - if (new_acl != (acl_t)NULL) { - acl_free(new_acl); - } - if (new_acl_unmasked != (acl_t)NULL) { - acl_free(new_acl_unmasked); - } + free(dirname_path_copy); + free(basename_path_copy); + acl_free(new_acl); + acl_free(new_acl_unmasked); + if (fd > 0 && close(fd) == CLOSE_ERROR) { - perror("apply_default_acl_ex (close fd)"); + perror("apply_default_acl (close fd)"); result = ACL_ERROR; } if (parent_fd > 0 && close(parent_fd) == CLOSE_ERROR) { - perror("apply_default_acl_ex (close parent_fd)"); + perror("apply_default_acl (close parent_fd)"); result = ACL_ERROR; } return result; } - - - -/** - * @brief The friendly interface to @c apply_default_acl_ex. - * - * The @c apply_default_acl_ex function holds the real implementation - * of this function, but it takes a weird second argument that most - * people won't care about (a stat structure). But, we use that - * argument for the recursive mode of the CLI, so it's there. - * - * If you don't have a stat structure for your @c path, use this instead. - * - * @param path - * The path whose ACL we would like to reset to its default. - * - * @param no_exec_mask - * The value (either true or false) of the --no-exec-mask flag. - * - * @return - * - @c ACL_SUCCESS - The parent default ACL was inherited successfully. - * - @c ACL_FAILURE - If symlinks or hard links are encountered. - * or the parent of @c path is not a directory. - * - @c ACL_ERROR - Unexpected library error. - */ -int apply_default_acl(const char* path, bool no_exec_mask) { - return apply_default_acl_ex(path, NULL, no_exec_mask); -}