/* No more slashes, this is the base case. */
return openat(at_fd, pathname, flags);
}
- else if (firstslash[1] == '\0') {
+ if (firstslash[1] == '\0') {
/* The first slash is the last character; ensure that we open
a directory. */
firstslash[0] = '\0';
* and @c OPEN_ERROR if not.
*/
int safe_open(const char* pathname, int flags) {
- if (pathname == NULL || strlen(pathname) == 0 || pathname[0] == '\0') {
+ if (pathname == NULL) {
errno = EINVAL;
perror("safe_open (args)");
return OPEN_ERROR;
if (existing_tag == entry_tag) {
/* If we update something, we're done and return ACL_SUCCESS */
if (acl_set_permset(existing_entry, entry_permset) == ACL_ERROR) {
- perror("acl_set_entry (acl_set_permset)");
- return ACL_ERROR;
+ perror("acl_set_entry (acl_set_permset)");
+ return ACL_ERROR;
}
return ACL_SUCCESS;
if (tag == ACL_MASK) {
/* This is the mask entry, get its permissions, and see if
- execute is specified. */
+ execute is specified. */
acl_permset_t permset;
if (acl_get_permset(entry, &permset) == ACL_ERROR) {
- perror("acl_execute_masked (acl_get_permset)");
- return ACL_ERROR;
+ perror("acl_execute_masked (acl_get_permset)");
+ return ACL_ERROR;
}
int gp_result = acl_get_perm(permset, ACL_EXECUTE);
if (gp_result == ACL_ERROR) {
- perror("acl_execute_masked (acl_get_perm)");
- return ACL_ERROR;
+ perror("acl_execute_masked (acl_get_perm)");
+ return ACL_ERROR;
}
if (gp_result == ACL_FAILURE) {
- /* No execute bit set in the mask; execute not allowed. */
- return ACL_SUCCESS;
+ /* No execute bit set in the mask; execute not allowed. */
+ return ACL_SUCCESS;
}
}
if (gp_result == ACL_SUCCESS) {
/* Only return ACL_SUCCESS if this execute bit is not masked. */
if (acl_execute_masked(acl) != ACL_SUCCESS) {
- result = ACL_SUCCESS;
- goto cleanup;
+ result = ACL_SUCCESS;
+ goto cleanup;
}
}
if (src_size_guess == XATTR_ERROR) {
if (errno == ENODATA) {
/* A missing ACL isn't really an error. ENOATTR and ENODATA are
- synonyms, but using ENODATA here lets us avoid another
- "include" directive. */
+ synonyms, but using ENODATA here lets us avoid another
+ "include" directive. */
return ACL_FAILURE;
}
perror("acl_copy_xattr (fgetxattr size guess)");
}
+/**
+ * @brief Determine if a file descriptor has a default ACL.
+ *
+ * @param fd
+ * The file descriptor whose default ACL is in question.
+ *
+ * @return
+ * - @c ACL_SUCCESS - If @c fd has a default ACL.
+ * - @c ACL_FAILURE - If @c fd does not have a default ACL.
+ * - @c ACL_ERROR - Unexpected library error.
+ */
+int has_default_acl_fd(int fd) {
+ if (fgetxattr(fd, XATTR_NAME_POSIX_ACL_DEFAULT, NULL, 0) == XATTR_ERROR) {
+ if (errno == ENODATA) {
+ return ACL_FAILURE;
+ }
+ perror("has_default_acl_fd (fgetxattr)");
+ return ACL_ERROR;
+ }
+
+ return ACL_SUCCESS;
+}
+
+
/**
* @brief Apply parent default ACL to a path.
*
* - @c ACL_ERROR - Unexpected library error.
*/
int apply_default_acl_ex(const char* path,
- const struct stat* sp,
- bool no_exec_mask) {
+ const struct stat* sp,
+ bool no_exec_mask) {
if (path == NULL) {
errno = EINVAL;
if (parent_fd == OPEN_ERROR) {
if (errno == ELOOP || errno == ENOTDIR) {
/* We hit a symlink, either in the last path component (ELOOP)
- or higher up (ENOTDIR). */
+ or higher up (ENOTDIR). */
result = ACL_FAILURE;
goto cleanup;
}
}
}
+ /* Check to make sure the parent descriptor actually has a default
+ ACL. If it doesn't, then we can "succeed" immediately. */
+ if (has_default_acl_fd(parent_fd) == ACL_FAILURE) {
+ result = ACL_SUCCESS;
+ goto cleanup;
+ }
+
fd = safe_open(path, O_NOFOLLOW);
if (fd == OPEN_ERROR) {
if (errno == ELOOP || errno == ENOTDIR) {
/* We hit a symlink, either in the last path component (ELOOP)
- or higher up (ENOTDIR). */
+ or higher up (ENOTDIR). */
result = ACL_FAILURE;
goto cleanup;
}
*/
/* Now we potentially need to mask the execute permissions in the
- ACL on fd. First obtain the current one... */
+ ACL on fd; or maybe now. */
+ if (allow_exec) {
+ goto cleanup;
+ }
+
+ /* OK, we need to mask some execute permissions. First obtain the
+ current ACL... */
new_acl = acl_get_fd(fd);
if (new_acl == (acl_t)NULL) {
perror("apply_default_acl_ex (acl_get_fd)");
}
if (tag == ACL_MASK ||
- tag == ACL_USER_OBJ ||
- tag == ACL_GROUP_OBJ ||
- tag == ACL_OTHER) {
-
- if (!allow_exec) {
- /* The mask doesn't affect acl_user_obj, acl_group_obj (in
- minimal ACLs) or acl_other entries, so if execute should be
- masked, we have to do it manually. */
- if (acl_delete_perm(permset, ACL_EXECUTE) == ACL_ERROR) {
- perror("apply_default_acl_ex (acl_delete_perm)");
- result = ACL_ERROR;
- goto cleanup;
- }
-
- if (acl_set_permset(entry, permset) == ACL_ERROR) {
- perror("apply_default_acl_ex (acl_set_permset)");
- result = ACL_ERROR;
- goto cleanup;
- }
+ tag == ACL_USER_OBJ ||
+ tag == ACL_GROUP_OBJ ||
+ tag == ACL_OTHER) {
+
+ /* The mask doesn't affect acl_user_obj, acl_group_obj (in
+ minimal ACLs) or acl_other entries, so if execute should be
+ masked, we have to do it manually. */
+ if (acl_delete_perm(permset, ACL_EXECUTE) == ACL_ERROR) {
+ perror("apply_default_acl_ex (acl_delete_perm)");
+ result = ACL_ERROR;
+ goto cleanup;
+ }
+
+ if (acl_set_permset(entry, permset) == ACL_ERROR) {
+ perror("apply_default_acl_ex (acl_set_permset)");
+ result = ACL_ERROR;
+ goto cleanup;
}
}
if (new_acl_unmasked != (acl_t)NULL) {
acl_free(new_acl_unmasked);
}
- if (fd >= 0 && close(fd) == CLOSE_ERROR) {
+ if (fd > 0 && close(fd) == CLOSE_ERROR) {
perror("apply_default_acl_ex (close fd)");
result = ACL_ERROR;
}
- if (parent_fd >= 0 && close(parent_fd) == CLOSE_ERROR) {
+ if (parent_fd > 0 && close(parent_fd) == CLOSE_ERROR) {
perror("apply_default_acl_ex (close parent_fd)");
result = ACL_ERROR;
}