X-Git-Url: http://gitweb.michael.orlitzky.com/?a=blobdiff_plain;f=src%2Flibadacl.c;h=e83f46be630bc40c779f9792786fa2c82e9ff944;hb=bd6889a6483bc13a05b36a4d8e37834bd50f2941;hp=1b31938666c9aab2aab84f4bdd3087bb7561b079;hpb=fb29df3ea25b6f6a5bfdeaa8912997f73d2e4d14;p=apply-default-acl.git

diff --git a/src/libadacl.c b/src/libadacl.c
index 1b31938..e83f46b 100644
--- a/src/libadacl.c
+++ b/src/libadacl.c
@@ -170,25 +170,24 @@ int safe_open(const char* pathname, int flags) {
     return OPEN_ERROR;
   }
 
-  int fd = 0;
-  if (strcmp(abspath, "/") == 0) {
-    fd = open("/", flags | O_DIRECTORY);
-  }
-  else {
+  bool abspath_is_root = (strcmp(abspath, "/") == 0);
+  int rootflags = flags | O_DIRECTORY;
+  if (!abspath_is_root) {
     /* Use O_PATH for some added safety if "/" is not our target */
-    fd = open("/", flags | O_DIRECTORY | O_PATH);
+    rootflags |= O_PATH;
   }
-  if (fd == OPEN_ERROR) {
+  int rootfd = open("/", rootflags);
+  if (rootfd == OPEN_ERROR) {
     perror("safe_open (open)");
     return OPEN_ERROR;
   }
 
-  if (strcmp(abspath, "/") == 0) {
-    return fd;
+  if (abspath_is_root) {
+    return rootfd;
   }
 
-  int result = safe_open_ex(fd, abspath+1, flags);
-  if (close(fd) == CLOSE_ERROR) {
+  int result = safe_open_ex(rootfd, abspath+1, flags);
+  if (close(rootfd) == CLOSE_ERROR) {
     perror("safe_open (close)");
     return OPEN_ERROR;
   }
@@ -631,10 +630,6 @@ int has_default_acl_fd(int fd) {
  * @param path
  *   The path whose ACL we would like to reset to its default.
  *
- * @param sp
- *   A pointer to a stat structure for @c path, or @c NULL if you don't
- *   have one handy.
- *
  * @param no_exec_mask
  *   The value (either true or false) of the --no-exec-mask flag.
  *
@@ -643,13 +638,11 @@ int has_default_acl_fd(int fd) {
  *   - @c ACL_FAILURE - If symlinks or hard links are encountered.
  *   - @c ACL_ERROR - Unexpected library error.
  */
-int apply_default_acl_ex(const char* path,
-                         const struct stat* sp,
-                         bool no_exec_mask) {
+int apply_default_acl(const char* path, bool no_exec_mask) {
 
   if (path == NULL) {
     errno = EINVAL;
-    perror("apply_default_acl_ex (args)");
+    perror("apply_default_acl (args)");
     return ACL_ERROR;
   }
 
@@ -673,14 +666,19 @@ int apply_default_acl_ex(const char* path,
   /* The file descriptor for the directory containing "path" */
   int parent_fd = 0;
 
+  /* dirname() and basename() mangle their arguments, so we need
+     to make copies of "path" before using them. */
+  char* dirname_path_copy = NULL;
+  char* basename_path_copy = NULL;
+
   /* Get the parent directory of "path" with dirname(), which happens
    * to murder its argument and necessitates a path_copy. */
-  char* path_copy = strdup(path);
-  if (path_copy == NULL) {
-    perror("apply_default_acl_ex (strdup)");
+  dirname_path_copy = strdup(path);
+  if (dirname_path_copy == NULL) {
+    perror("apply_default_acl (strdup)");
     return ACL_ERROR;
   }
-  char* parent = dirname(path_copy);
+  char* parent = dirname(dirname_path_copy);
   parent_fd = safe_open(parent, O_DIRECTORY | O_NOFOLLOW);
   if (parent_fd == OPEN_ERROR) {
     if (errno == ELOOP || errno == ENOTDIR) {
@@ -690,7 +688,7 @@ int apply_default_acl_ex(const char* path,
       goto cleanup;
     }
     else {
-      perror("apply_default_acl_ex (open parent fd)");
+      perror("apply_default_acl (open parent fd)");
       result = ACL_ERROR;
       goto cleanup;
     }
@@ -703,7 +701,16 @@ int apply_default_acl_ex(const char* path,
     goto cleanup;
   }
 
-  fd = safe_open(path, O_NOFOLLOW);
+  /* We already obtained the parent fd safely, so if we use the
+     basename of path here instead of the full thing, then we can get
+     away with using openat() and spare ourselves the slowness of
+     another safe_open(). */
+  basename_path_copy = strdup(path);
+  if (basename_path_copy == NULL) {
+    perror("apply_default_acl (strdup)");
+    return ACL_ERROR;
+  }
+  fd = openat(parent_fd, basename(basename_path_copy), O_NOFOLLOW);
   if (fd == OPEN_ERROR) {
     if (errno == ELOOP || errno == ENOTDIR) {
       /* We hit a symlink, either in the last path component (ELOOP)
@@ -712,7 +719,7 @@ int apply_default_acl_ex(const char* path,
       goto cleanup;
     }
     else {
-      perror("apply_default_acl_ex (open fd)");
+      perror("apply_default_acl (open fd)");
       result = ACL_ERROR;
       goto cleanup;
     }
@@ -724,24 +731,17 @@ int apply_default_acl_ex(const char* path,
    * race condition here, but the window is as small as possible
    * between when we open the file descriptor (look above) and when we
    * fstat it.
-   *
-   * Note: we only need to call fstat ourselves if we weren't passed a
-   * valid pointer to a stat structure (nftw does that).
   */
-  if (sp == NULL) {
-    struct stat s;
-    if (fstat(fd, &s) == STAT_ERROR) {
-      perror("apply_default_acl_ex (fstat)");
-      goto cleanup;
-    }
-
-    sp = &s;
+  struct stat s;
+  if (fstat(fd, &s) == STAT_ERROR) {
+    perror("apply_default_acl (fstat)");
+    goto cleanup;
   }
 
-  if (!S_ISDIR(sp->st_mode)) {
+  if (!S_ISDIR(s.st_mode)) {
     /* If it's not a directory, make sure it's a regular,
        non-hard-linked file. */
-    if (!S_ISREG(sp->st_mode) || sp->st_nlink != 1) {
+    if (!S_ISREG(s.st_mode) || s.st_nlink != 1) {
       result = ACL_FAILURE;
       goto cleanup;
     }
@@ -756,10 +756,10 @@ int apply_default_acl_ex(const char* path,
 
   if (!no_exec_mask) {
     /* Never mask the execute bit on directories. */
-    int ace_result = any_can_execute(fd,sp) || S_ISDIR(sp->st_mode);
+    int ace_result = any_can_execute(fd,&s) || S_ISDIR(s.st_mode);
 
     if (ace_result == ACL_ERROR) {
-      perror("apply_default_acl_ex (any_can_execute)");
+      perror("apply_default_acl (any_can_execute)");
       result = ACL_ERROR;
       goto cleanup;
     }
@@ -768,12 +768,12 @@ int apply_default_acl_ex(const char* path,
   }
 
   /* If it's a directory, inherit the parent's default.  */
-  if (S_ISDIR(sp->st_mode)) {
+  if (S_ISDIR(s.st_mode)) {
     if (acl_copy_xattr(parent_fd,
                        ACL_TYPE_DEFAULT,
                        fd,
                        ACL_TYPE_DEFAULT) == ACL_ERROR) {
-      perror("apply_default_acl_ex (acl_copy_xattr default)");
+      perror("apply_default_acl (acl_copy_xattr default)");
       result = ACL_ERROR;
       goto cleanup;
     }
@@ -784,13 +784,13 @@ int apply_default_acl_ex(const char* path,
                      ACL_TYPE_DEFAULT,
                      fd,
                      ACL_TYPE_ACCESS) == ACL_ERROR) {
-    perror("apply_default_acl_ex (acl_copy_xattr access)");
+    perror("apply_default_acl (acl_copy_xattr access)");
     result = ACL_ERROR;
     goto cleanup;
   }
 
   /* There's a good reason why we saved the ACL above, even though
-   * we're about tto read it back into memory and mess with it on the
+   * we're about to read it back into memory and mess with it on the
    * next line. The acl_copy_xattr() function is already a hack to let
    * us copy default ACLs without resorting to path names; we simply
    * have no way to read the parent's default ACL into memory using
@@ -801,7 +801,7 @@ int apply_default_acl_ex(const char* path,
   */
 
   /* Now we potentially need to mask the execute permissions in the
-     ACL on fd; or maybe now. */
+     ACL on fd; or maybe not. */
   if (allow_exec) {
     goto cleanup;
   }
@@ -810,7 +810,7 @@ int apply_default_acl_ex(const char* path,
      current ACL... */
   new_acl = acl_get_fd(fd);
   if (new_acl == (acl_t)NULL) {
-    perror("apply_default_acl_ex (acl_get_fd)");
+    perror("apply_default_acl (acl_get_fd)");
     result = ACL_ERROR;
     goto cleanup;
   }
@@ -820,7 +820,7 @@ int apply_default_acl_ex(const char* path,
      looping over it no worky). */
   new_acl_unmasked = acl_dup(new_acl);
   if (new_acl_unmasked == (acl_t)NULL) {
-    perror("apply_default_acl_ex (acl_dup)");
+    perror("apply_default_acl (acl_dup)");
     result = ACL_ERROR;
     goto cleanup;
   }
@@ -832,7 +832,7 @@ int apply_default_acl_ex(const char* path,
     acl_tag_t tag = ACL_UNDEFINED_TAG;
 
     if (acl_get_tag_type(entry, &tag) == ACL_ERROR) {
-       perror("apply_default_acl_ex (acl_get_tag_type)");
+       perror("apply_default_acl (acl_get_tag_type)");
        result = ACL_ERROR;
        goto cleanup;
     }
@@ -841,7 +841,7 @@ int apply_default_acl_ex(const char* path,
     /* We've got an entry/tag from the default ACL. Get its permset. */
     acl_permset_t permset;
     if (acl_get_permset(entry, &permset) == ACL_ERROR) {
-      perror("apply_default_acl_ex (acl_get_permset)");
+      perror("apply_default_acl (acl_get_permset)");
       result = ACL_ERROR;
       goto cleanup;
     }
@@ -855,20 +855,20 @@ int apply_default_acl_ex(const char* path,
          minimal ACLs) or acl_other entries, so if execute should be
          masked, we have to do it manually. */
       if (acl_delete_perm(permset, ACL_EXECUTE) == ACL_ERROR) {
-        perror("apply_default_acl_ex (acl_delete_perm)");
+        perror("apply_default_acl (acl_delete_perm)");
         result = ACL_ERROR;
         goto cleanup;
       }
 
       if (acl_set_permset(entry, permset) == ACL_ERROR) {
-        perror("apply_default_acl_ex (acl_set_permset)");
+        perror("apply_default_acl (acl_set_permset)");
         result = ACL_ERROR;
         goto cleanup;
       }
     }
 
     if (acl_update_entry(new_acl, entry) == ACL_ERROR) {
-      perror("apply_default_acl_ex (acl_update_entry)");
+      perror("apply_default_acl (acl_update_entry)");
       result = ACL_ERROR;
       goto cleanup;
     }
@@ -879,60 +879,30 @@ int apply_default_acl_ex(const char* path,
   /* Catches the first acl_get_entry as well as the ones at the end of
      the loop. */
   if (ge_result == ACL_ERROR) {
-    perror("apply_default_acl_ex (acl_get_entry)");
+    perror("apply_default_acl (acl_get_entry)");
     result = ACL_ERROR;
     goto cleanup;
   }
 
   if (acl_set_fd(fd, new_acl) == ACL_ERROR) {
-    perror("apply_default_acl_ex (acl_set_fd)");
+    perror("apply_default_acl (acl_set_fd)");
     result = ACL_ERROR;
     goto cleanup;
   }
 
  cleanup:
-  free(path_copy);
-  if (new_acl != (acl_t)NULL) {
-    acl_free(new_acl);
-  }
-  if (new_acl_unmasked != (acl_t)NULL) {
-    acl_free(new_acl_unmasked);
-  }
+  free(dirname_path_copy);
+  free(basename_path_copy);
+  acl_free(new_acl);
+  acl_free(new_acl_unmasked);
+
   if (fd > 0 && close(fd) == CLOSE_ERROR) {
-    perror("apply_default_acl_ex (close fd)");
+    perror("apply_default_acl (close fd)");
     result = ACL_ERROR;
   }
   if (parent_fd > 0 && close(parent_fd) == CLOSE_ERROR) {
-    perror("apply_default_acl_ex (close parent_fd)");
+    perror("apply_default_acl (close parent_fd)");
     result = ACL_ERROR;
   }
   return result;
 }
-
-
-
-/**
- * @brief The friendly interface to @c apply_default_acl_ex.
- *
- * The @c apply_default_acl_ex function holds the real implementation
- * of this function, but it takes a weird second argument that most
- * people won't care about (a stat structure). But, we use that
- * argument for the recursive mode of the CLI, so it's there.
- *
- * If you don't have a stat structure for your @c path, use this instead.
- *
- * @param path
- *   The path whose ACL we would like to reset to its default.
- *
- * @param no_exec_mask
- *   The value (either true or false) of the --no-exec-mask flag.
- *
- * @return
- *   - @c ACL_SUCCESS - The parent default ACL was inherited successfully.
- *   - @c ACL_FAILURE - If symlinks or hard links are encountered.
- *     or the parent of @c path is not a directory.
- *   - @c ACL_ERROR - Unexpected library error.
- */
-int apply_default_acl(const char* path, bool no_exec_mask) {
-  return apply_default_acl_ex(path, NULL, no_exec_mask);
-}