X-Git-Url: http://gitweb.michael.orlitzky.com/?a=blobdiff_plain;f=src%2Flibadacl.c;h=e83f46be630bc40c779f9792786fa2c82e9ff944;hb=bd6889a6483bc13a05b36a4d8e37834bd50f2941;hp=36812e8af3dd18a4dbfd96f7c7b769865d90298d;hpb=ee4b602d26225bb5a548eaeb7bd570adaa48721a;p=apply-default-acl.git diff --git a/src/libadacl.c b/src/libadacl.c index 36812e8..e83f46b 100644 --- a/src/libadacl.c +++ b/src/libadacl.c @@ -630,10 +630,6 @@ int has_default_acl_fd(int fd) { * @param path * The path whose ACL we would like to reset to its default. * - * @param sp - * A pointer to a stat structure for @c path, or @c NULL if you don't - * have one handy. - * * @param no_exec_mask * The value (either true or false) of the --no-exec-mask flag. * @@ -642,13 +638,11 @@ int has_default_acl_fd(int fd) { * - @c ACL_FAILURE - If symlinks or hard links are encountered. * - @c ACL_ERROR - Unexpected library error. */ -int apply_default_acl_ex(const char* path, - const struct stat* sp, - bool no_exec_mask) { +int apply_default_acl(const char* path, bool no_exec_mask) { if (path == NULL) { errno = EINVAL; - perror("apply_default_acl_ex (args)"); + perror("apply_default_acl (args)"); return ACL_ERROR; } @@ -672,14 +666,19 @@ int apply_default_acl_ex(const char* path, /* The file descriptor for the directory containing "path" */ int parent_fd = 0; + /* dirname() and basename() mangle their arguments, so we need + to make copies of "path" before using them. */ + char* dirname_path_copy = NULL; + char* basename_path_copy = NULL; + /* Get the parent directory of "path" with dirname(), which happens * to murder its argument and necessitates a path_copy. */ - char* path_copy = strdup(path); - if (path_copy == NULL) { - perror("apply_default_acl_ex (strdup)"); + dirname_path_copy = strdup(path); + if (dirname_path_copy == NULL) { + perror("apply_default_acl (strdup)"); return ACL_ERROR; } - char* parent = dirname(path_copy); + char* parent = dirname(dirname_path_copy); parent_fd = safe_open(parent, O_DIRECTORY | O_NOFOLLOW); if (parent_fd == OPEN_ERROR) { if (errno == ELOOP || errno == ENOTDIR) { @@ -689,7 +688,7 @@ int apply_default_acl_ex(const char* path, goto cleanup; } else { - perror("apply_default_acl_ex (open parent fd)"); + perror("apply_default_acl (open parent fd)"); result = ACL_ERROR; goto cleanup; } @@ -702,7 +701,16 @@ int apply_default_acl_ex(const char* path, goto cleanup; } - fd = safe_open(path, O_NOFOLLOW); + /* We already obtained the parent fd safely, so if we use the + basename of path here instead of the full thing, then we can get + away with using openat() and spare ourselves the slowness of + another safe_open(). */ + basename_path_copy = strdup(path); + if (basename_path_copy == NULL) { + perror("apply_default_acl (strdup)"); + return ACL_ERROR; + } + fd = openat(parent_fd, basename(basename_path_copy), O_NOFOLLOW); if (fd == OPEN_ERROR) { if (errno == ELOOP || errno == ENOTDIR) { /* We hit a symlink, either in the last path component (ELOOP) @@ -711,7 +719,7 @@ int apply_default_acl_ex(const char* path, goto cleanup; } else { - perror("apply_default_acl_ex (open fd)"); + perror("apply_default_acl (open fd)"); result = ACL_ERROR; goto cleanup; } @@ -723,24 +731,17 @@ int apply_default_acl_ex(const char* path, * race condition here, but the window is as small as possible * between when we open the file descriptor (look above) and when we * fstat it. - * - * Note: we only need to call fstat ourselves if we weren't passed a - * valid pointer to a stat structure (nftw does that). */ - if (sp == NULL) { - struct stat s; - if (fstat(fd, &s) == STAT_ERROR) { - perror("apply_default_acl_ex (fstat)"); - goto cleanup; - } - - sp = &s; + struct stat s; + if (fstat(fd, &s) == STAT_ERROR) { + perror("apply_default_acl (fstat)"); + goto cleanup; } - if (!S_ISDIR(sp->st_mode)) { + if (!S_ISDIR(s.st_mode)) { /* If it's not a directory, make sure it's a regular, non-hard-linked file. */ - if (!S_ISREG(sp->st_mode) || sp->st_nlink != 1) { + if (!S_ISREG(s.st_mode) || s.st_nlink != 1) { result = ACL_FAILURE; goto cleanup; } @@ -755,10 +756,10 @@ int apply_default_acl_ex(const char* path, if (!no_exec_mask) { /* Never mask the execute bit on directories. */ - int ace_result = any_can_execute(fd,sp) || S_ISDIR(sp->st_mode); + int ace_result = any_can_execute(fd,&s) || S_ISDIR(s.st_mode); if (ace_result == ACL_ERROR) { - perror("apply_default_acl_ex (any_can_execute)"); + perror("apply_default_acl (any_can_execute)"); result = ACL_ERROR; goto cleanup; } @@ -767,12 +768,12 @@ int apply_default_acl_ex(const char* path, } /* If it's a directory, inherit the parent's default. */ - if (S_ISDIR(sp->st_mode)) { + if (S_ISDIR(s.st_mode)) { if (acl_copy_xattr(parent_fd, ACL_TYPE_DEFAULT, fd, ACL_TYPE_DEFAULT) == ACL_ERROR) { - perror("apply_default_acl_ex (acl_copy_xattr default)"); + perror("apply_default_acl (acl_copy_xattr default)"); result = ACL_ERROR; goto cleanup; } @@ -783,13 +784,13 @@ int apply_default_acl_ex(const char* path, ACL_TYPE_DEFAULT, fd, ACL_TYPE_ACCESS) == ACL_ERROR) { - perror("apply_default_acl_ex (acl_copy_xattr access)"); + perror("apply_default_acl (acl_copy_xattr access)"); result = ACL_ERROR; goto cleanup; } /* There's a good reason why we saved the ACL above, even though - * we're about tto read it back into memory and mess with it on the + * we're about to read it back into memory and mess with it on the * next line. The acl_copy_xattr() function is already a hack to let * us copy default ACLs without resorting to path names; we simply * have no way to read the parent's default ACL into memory using @@ -800,7 +801,7 @@ int apply_default_acl_ex(const char* path, */ /* Now we potentially need to mask the execute permissions in the - ACL on fd; or maybe now. */ + ACL on fd; or maybe not. */ if (allow_exec) { goto cleanup; } @@ -809,7 +810,7 @@ int apply_default_acl_ex(const char* path, current ACL... */ new_acl = acl_get_fd(fd); if (new_acl == (acl_t)NULL) { - perror("apply_default_acl_ex (acl_get_fd)"); + perror("apply_default_acl (acl_get_fd)"); result = ACL_ERROR; goto cleanup; } @@ -819,7 +820,7 @@ int apply_default_acl_ex(const char* path, looping over it no worky). */ new_acl_unmasked = acl_dup(new_acl); if (new_acl_unmasked == (acl_t)NULL) { - perror("apply_default_acl_ex (acl_dup)"); + perror("apply_default_acl (acl_dup)"); result = ACL_ERROR; goto cleanup; } @@ -831,7 +832,7 @@ int apply_default_acl_ex(const char* path, acl_tag_t tag = ACL_UNDEFINED_TAG; if (acl_get_tag_type(entry, &tag) == ACL_ERROR) { - perror("apply_default_acl_ex (acl_get_tag_type)"); + perror("apply_default_acl (acl_get_tag_type)"); result = ACL_ERROR; goto cleanup; } @@ -840,7 +841,7 @@ int apply_default_acl_ex(const char* path, /* We've got an entry/tag from the default ACL. Get its permset. */ acl_permset_t permset; if (acl_get_permset(entry, &permset) == ACL_ERROR) { - perror("apply_default_acl_ex (acl_get_permset)"); + perror("apply_default_acl (acl_get_permset)"); result = ACL_ERROR; goto cleanup; } @@ -854,20 +855,20 @@ int apply_default_acl_ex(const char* path, minimal ACLs) or acl_other entries, so if execute should be masked, we have to do it manually. */ if (acl_delete_perm(permset, ACL_EXECUTE) == ACL_ERROR) { - perror("apply_default_acl_ex (acl_delete_perm)"); + perror("apply_default_acl (acl_delete_perm)"); result = ACL_ERROR; goto cleanup; } if (acl_set_permset(entry, permset) == ACL_ERROR) { - perror("apply_default_acl_ex (acl_set_permset)"); + perror("apply_default_acl (acl_set_permset)"); result = ACL_ERROR; goto cleanup; } } if (acl_update_entry(new_acl, entry) == ACL_ERROR) { - perror("apply_default_acl_ex (acl_update_entry)"); + perror("apply_default_acl (acl_update_entry)"); result = ACL_ERROR; goto cleanup; } @@ -878,60 +879,30 @@ int apply_default_acl_ex(const char* path, /* Catches the first acl_get_entry as well as the ones at the end of the loop. */ if (ge_result == ACL_ERROR) { - perror("apply_default_acl_ex (acl_get_entry)"); + perror("apply_default_acl (acl_get_entry)"); result = ACL_ERROR; goto cleanup; } if (acl_set_fd(fd, new_acl) == ACL_ERROR) { - perror("apply_default_acl_ex (acl_set_fd)"); + perror("apply_default_acl (acl_set_fd)"); result = ACL_ERROR; goto cleanup; } cleanup: - free(path_copy); - if (new_acl != (acl_t)NULL) { - acl_free(new_acl); - } - if (new_acl_unmasked != (acl_t)NULL) { - acl_free(new_acl_unmasked); - } + free(dirname_path_copy); + free(basename_path_copy); + acl_free(new_acl); + acl_free(new_acl_unmasked); + if (fd > 0 && close(fd) == CLOSE_ERROR) { - perror("apply_default_acl_ex (close fd)"); + perror("apply_default_acl (close fd)"); result = ACL_ERROR; } if (parent_fd > 0 && close(parent_fd) == CLOSE_ERROR) { - perror("apply_default_acl_ex (close parent_fd)"); + perror("apply_default_acl (close parent_fd)"); result = ACL_ERROR; } return result; } - - - -/** - * @brief The friendly interface to @c apply_default_acl_ex. - * - * The @c apply_default_acl_ex function holds the real implementation - * of this function, but it takes a weird second argument that most - * people won't care about (a stat structure). But, we use that - * argument for the recursive mode of the CLI, so it's there. - * - * If you don't have a stat structure for your @c path, use this instead. - * - * @param path - * The path whose ACL we would like to reset to its default. - * - * @param no_exec_mask - * The value (either true or false) of the --no-exec-mask flag. - * - * @return - * - @c ACL_SUCCESS - The parent default ACL was inherited successfully. - * - @c ACL_FAILURE - If symlinks or hard links are encountered. - * or the parent of @c path is not a directory. - * - @c ACL_ERROR - Unexpected library error. - */ -int apply_default_acl(const char* path, bool no_exec_mask) { - return apply_default_acl_ex(path, NULL, no_exec_mask); -}