]> gitweb.michael.orlitzky.com - apply-default-acl.git/blob - src/apply-default-acl.c
projects / apply-default-acl.git / blob
? search:
summary | shortlog | log | commit | commitdiff | tree
history | raw | HEAD
Improve the error message for most types of inaccessible paths.
[apply-default-acl.git] / src / apply-default-acl.c
1 /**
2 * @file apply-default-acl.c
3 *
4 * @brief The command-line interface.
5 *
6 */
7
8 /* On Linux, ftw.h needs this special voodoo to work. */
9 #define _XOPEN_SOURCE 500
10 #define _GNU_SOURCE
11
12 #include <errno.h> /* EINVAL */
13 #include <fcntl.h> /* AT_FOO constants */
14 #include <ftw.h> /* nftw() et al. */
15 #include <getopt.h> /* getopt_long() */
16 #include <stdbool.h> /* the "bool" type */
17 #include <stdio.h> /* perror() */
18 #include <stdlib.h> /* EXIT_FAILURE, EXIT_SUCCESS */
19 #include <unistd.h> /* faccessat() */
20
21 #include "libadacl.h"
22
23 /* We exit with EXIT_FAILURE for small errors, but we need something
24 * else for big ones. */
25 #define EXIT_ERROR 2
26
27 #define NFTW_ERROR -1
28
29
30 /**
31 * @brief Determine whether or not the given path is accessible.
32 *
33 * @param path
34 * The path to test.
35 *
36 * @return true if @c path is accessible to the current effective
37 * user/group, false otherwise.
38 */
39 bool path_accessible(const char* path) {
40 if (path == NULL) {
41 return false;
42 }
43
44 /* Test for access using the effective user and group rather than
45 the real one. */
46 int flags = AT_EACCESS;
47
48 /* Don't follow symlinks when checking for a path's existence,
49 since we won't follow them to set its ACLs either. */
50 flags |= AT_SYMLINK_NOFOLLOW;
51
52 /* If the path is relative, interpret it relative to the current
53 working directory (just like the access() system call). */
54 if (faccessat(AT_FDCWD, path, F_OK, flags) == 0) {
55 return true;
56 }
57 else {
58 return false;
59 }
60 }
61
62
63 /**
64 * @brief Display program usage information.
65 *
66 * @param program_name
67 * The program name to use in the output.
68 *
69 */
70 void usage(const char* program_name) {
71 if (program_name == NULL) {
72 /* ??? */
73 return;
74 }
75
76 printf("Apply any applicable default ACLs to the given files or "
77 "directories.\n\n");
78 printf("Usage: %s [flags] <target1> [<target2> [ <target3>...]]\n\n",
79 program_name);
80 printf("Flags:\n");
81 printf(" -h, --help Print this help message\n");
82 printf(" -r, --recursive Act on any given directories recursively\n");
83 printf(" -x, --no-exec-mask Apply execute permissions unconditionally\n");
84
85 return;
86 }
87
88
89 /**
90 * @brief Wrapper around @c apply_default_acl() for use with @c nftw().
91 *
92 * For parameter information, see the @c nftw man page.
93 *
94 * @return If the ACL was applied to @c target successfully, we return
95 * @c FTW_CONTINUE to signal to @ nftw() that we should proceed onto
96 * the next file or directory. Otherwise, we return @c FTW_STOP to
97 * signal failure.
98 *
99 */
100 int apply_default_acl_nftw(const char *target,
101 const struct stat *sp,
102 int info,
103 struct FTW *ftw) {
104
105 if (target == NULL) {
106 errno = EINVAL;
107 perror("apply_default_acl_nftw (args)");
108 return ACL_ERROR;
109 }
110
111
112 if (apply_default_acl_ex(target, sp, false) == ACL_ERROR) {
113 /* I guess we do want to bail out for serious/unexpected errors? */
114 return ACL_ERROR;
115 }
116
117 /* We don't want to kill the tree walk because we it a symlink. */
118 return 0;
119 }
120
121
122
123 /**
124 * @brief Wrapper around @c apply_default_acl() for use with @c nftw().
125 *
126 * This is identical to @c apply_default_acl_nftw(), except it passes
127 * @c true to @c apply_default_acl() as its no_exec_mask argument.
128 *
129 */
130 int apply_default_acl_nftw_x(const char *target,
131 const struct stat *sp,
132 int info,
133 struct FTW *ftw) {
134
135 if (target == NULL) {
136 errno = EINVAL;
137 perror("apply_default_acl_nftw_x (args)");
138 return ACL_ERROR;
139 }
140
141 if (apply_default_acl_ex(target, sp, true) == ACL_ERROR) {
142 /* I guess we do want to bail out for serious/unexpected errors? */
143 return ACL_ERROR;
144 }
145
146 /* We don't want to kill the tree walk because we it a symlink. */
147 return 0;
148 }
149
150
151
152 /**
153 * @brief Recursive version of @c apply_default_acl().
154 *
155 * If @c target is a directory, we use @c nftw() to call @c
156 * apply_default_acl() recursively on all of its children. Otherwise,
157 * we just delegate to @c apply_default_acl().
158 *
159 * @param target
160 * The root (path) of the recursive application.
161 *
162 * @param no_exec_mask
163 * The value (either true or false) of the --no-exec-mask flag.
164 *
165 * @return
166 * If @c nftw() fails with a serious error (returns NFTW_ERROR),
167 * then we return @c ACL_ERROR. Otherwise, we return @c ACL_SUCCESS.
168 */
169 int apply_default_acl_recursive(const char *target, bool no_exec_mask) {
170 if (target == NULL) {
171 errno = EINVAL;
172 perror("apply_default_acl_recursive (args)");
173 return ACL_ERROR;
174 }
175
176 int max_levels = 256;
177 int flags = FTW_MOUNT | FTW_PHYS;
178
179 /* There are two separate functions that could be passed to
180 nftw(). One passes no_exec_mask = true to apply_default_acl(),
181 and the other passes no_exec_mask = false. Since the function we
182 pass to nftw() cannot have parameters, we have to create separate
183 options and make the decision here. */
184 int (*fn)(const char *, const struct stat *, int, struct FTW *) = NULL;
185 fn = no_exec_mask ? apply_default_acl_nftw_x : apply_default_acl_nftw;
186
187 int nftw_result = nftw(target, fn, max_levels, flags);
188
189 /* nftw will itself return NFTW_ERROR on errors like malloc failure,
190 and since the only non-success value that "fn" can return us
191 ACL_ERROR == NFTW_ERROR, this covers all error cases. */
192 if (nftw_result == NFTW_ERROR) {
193 perror("apply_default_acl_recursive (nftw)");
194 return ACL_ERROR;
195 }
196
197 /* Beware: nftw indicates success with 0, but ACL_SUCCESS != 0. */
198 return ACL_SUCCESS;
199 }
200
201
202
203 /**
204 * @brief Call apply_default_acl (possibly recursively) on each
205 * command-line argument.
206 *
207 * @return Either @c EXIT_FAILURE or @c EXIT_SUCCESS. If everything
208 * goes as expected, we return @c EXIT_SUCCESS. Otherwise, we return
209 * @c EXIT_FAILURE.
210 */
211 int main(int argc, char* argv[]) {
212
213 if (argc < 2) {
214 usage(argv[0]);
215 return EXIT_FAILURE;
216 }
217
218 bool recursive = false;
219 bool no_exec_mask = false;
220
221 struct option long_options[] = {
222 /* These options set a flag. */
223 {"help", no_argument, NULL, 'h'},
224 {"recursive", no_argument, NULL, 'r'},
225 {"no-exec-mask", no_argument, NULL, 'x'},
226 {NULL, 0, NULL, 0}
227 };
228
229 int opt = 0;
230
231 while ((opt = getopt_long(argc, argv, "hrx", long_options, NULL)) != -1) {
232 switch (opt) {
233 case 'h':
234 usage(argv[0]);
235 return EXIT_SUCCESS;
236 case 'r':
237 recursive = true;
238 break;
239 case 'x':
240 no_exec_mask = true;
241 break;
242 default:
243 usage(argv[0]);
244 return EXIT_FAILURE;
245 }
246 }
247
248 int result = EXIT_SUCCESS;
249
250 int arg_index = 1;
251 for (arg_index = optind; arg_index < argc; arg_index++) {
252 const char* target = argv[arg_index];
253
254 /* Make sure we can access the given path before we go out of our
255 * way to please it. Doing this check outside of
256 * apply_default_acl() lets us spit out a better error message for
257 * typos, too.
258 */
259 if (!path_accessible(target)) {
260 perror(target);
261 result = EXIT_FAILURE;
262 continue;
263 }
264
265 int (*f)(const char *, bool) = recursive ? apply_default_acl_recursive
266 : apply_default_acl;
267 int reapp_result = f(target, no_exec_mask);
268
269 if (result == EXIT_SUCCESS && reapp_result == ACL_FAILURE) {
270 /* We don't want to turn an error into a (less-severe) failure. */
271 result = EXIT_FAILURE;
272 }
273 if (reapp_result == ACL_ERROR) {
274 /* Turn both success and failure into an error, if we encounter one. */
275 result = EXIT_ERROR;
276 }
277 }
278
279 return result;
280 }
Applies default POSIX ACLs to files and directories.