* and @c OPEN_ERROR if not.
*/
int safe_open(const char* pathname, int flags) {
- if (pathname == NULL || strlen(pathname) == 0 || pathname[0] == '\0') {
+ if (pathname == NULL) {
errno = EINVAL;
perror("safe_open (args)");
return OPEN_ERROR;
return OPEN_ERROR;
}
- int fd = 0;
- if (strcmp(abspath, "/") == 0) {
- fd = open("/", flags | O_DIRECTORY);
- }
- else {
+ bool abspath_is_root = (strcmp(abspath, "/") == 0);
+ int rootflags = flags | O_DIRECTORY;
+ if (!abspath_is_root) {
/* Use O_PATH for some added safety if "/" is not our target */
- fd = open("/", flags | O_DIRECTORY | O_PATH);
+ rootflags |= O_PATH;
}
- if (fd == OPEN_ERROR) {
+ int rootfd = open("/", rootflags);
+ if (rootfd == OPEN_ERROR) {
perror("safe_open (open)");
return OPEN_ERROR;
}
- if (strcmp(abspath, "/") == 0) {
- return fd;
+ if (abspath_is_root) {
+ return rootfd;
}
- int result = safe_open_ex(fd, abspath+1, flags);
- if (close(fd) == CLOSE_ERROR) {
+ int result = safe_open_ex(rootfd, abspath+1, flags);
+ if (close(rootfd) == CLOSE_ERROR) {
perror("safe_open (close)");
return OPEN_ERROR;
}
/**
- * @brief Update (or create) an entry in an @b minimal ACL.
- *
- * This function will not work if @c aclp contains extended
- * entries. This is fine for our purposes, since we call @c wipe_acls
- * on each path before applying the default to it.
- *
- * The assumption that there are no extended entries makes things much
- * simpler. For example, we only have to update the @c ACL_USER_OBJ,
- * @c ACL_GROUP_OBJ, and @c ACL_OTHER entries -- all others can simply
- * be created anew. This means we don't have to fool around comparing
- * named-user/group entries.
+ * @brief Update an entry in an @b minimal ACL.
*
* @param aclp
- * A pointer to the acl_t structure whose entry we want to modify.
+ * A pointer to the acl_t structure whose entry we want to update.
*
* @param entry
- * The new entry. If @c entry contains a user/group/other entry, we
- * update the existing one. Otherwise we create a new entry.
- *
- * @return If there is an unexpected library error, @c ACL_ERROR is
- * returned. Otherwise, @c ACL_SUCCESS.
+ * The new entry.
*
+ * @return
+ * - @c ACL_SUCCESS - If we update an existing entry.
+ * - @c ACL_FAILURE - If we don't find an entry to update.
+ * - @c ACL_ERROR - Unexpected library error.
*/
-int acl_set_entry(acl_t* aclp, acl_entry_t entry) {
+int acl_update_entry(acl_t aclp, acl_entry_t entry) {
if (aclp == NULL || entry == NULL) {
errno = EINVAL;
- perror("acl_set_entry (args)");
+ perror("acl_update_entry (args)");
return ACL_ERROR;
}
acl_tag_t entry_tag;
if (acl_get_tag_type(entry, &entry_tag) == ACL_ERROR) {
- perror("acl_set_entry (acl_get_tag_type)");
+ perror("acl_update_entry (acl_get_tag_type)");
return ACL_ERROR;
}
acl_permset_t entry_permset;
if (acl_get_permset(entry, &entry_permset) == ACL_ERROR) {
- perror("acl_set_entry (acl_get_permset)");
+ perror("acl_update_entry (acl_get_permset)");
return ACL_ERROR;
}
acl_entry_t existing_entry;
/* Loop through the given ACL looking for matching entries. */
- int result = acl_get_entry(*aclp, ACL_FIRST_ENTRY, &existing_entry);
+ int result = acl_get_entry(aclp, ACL_FIRST_ENTRY, &existing_entry);
while (result == ACL_SUCCESS) {
acl_tag_t existing_tag = ACL_UNDEFINED_TAG;
if (existing_tag == entry_tag) {
/* If we update something, we're done and return ACL_SUCCESS */
if (acl_set_permset(existing_entry, entry_permset) == ACL_ERROR) {
- perror("acl_set_entry (acl_set_permset)");
+ perror("acl_update_entry (acl_set_permset)");
return ACL_ERROR;
}
return ACL_SUCCESS;
}
- result = acl_get_entry(*aclp, ACL_NEXT_ENTRY, &existing_entry);
+ result = acl_get_entry(aclp, ACL_NEXT_ENTRY, &existing_entry);
}
/* This catches both the initial acl_get_entry and the ones at the
end of the loop. */
if (result == ACL_ERROR) {
- perror("acl_set_entry (acl_get_entry)");
- return ACL_ERROR;
- }
-
- /* If we've made it this far, we need to add a new entry to the
- ACL. */
- acl_entry_t new_entry;
-
- /* The acl_create_entry() function can allocate new memory and/or
- * change the location of the ACL structure entirely. When that
- * happens, the value pointed to by aclp is updated, which means
- * that a new acl_t gets "passed out" to our caller, eventually to
- * be fed to acl_free(). In other words, we should still be freeing
- * the right thing, even if the value pointed to by aclp changes.
- */
- if (acl_create_entry(aclp, &new_entry) == ACL_ERROR) {
- perror("acl_set_entry (acl_create_entry)");
+ perror("acl_update_entry (acl_get_entry)");
return ACL_ERROR;
}
- if (acl_set_tag_type(new_entry, entry_tag) == ACL_ERROR) {
- perror("acl_set_entry (acl_set_tag_type)");
- return ACL_ERROR;
- }
-
- if (acl_set_permset(new_entry, entry_permset) == ACL_ERROR) {
- perror("acl_set_entry (acl_set_permset)");
- return ACL_ERROR;
- }
-
- if (entry_tag == ACL_USER || entry_tag == ACL_GROUP) {
- /* We need to set the qualifier too. */
- void* entry_qual = acl_get_qualifier(entry);
- if (entry_qual == (void*)NULL) {
- perror("acl_set_entry (acl_get_qualifier)");
- return ACL_ERROR;
- }
-
- if (acl_set_qualifier(new_entry, entry_qual) == ACL_ERROR) {
- perror("acl_set_entry (acl_set_qualifier)");
- return ACL_ERROR;
- }
- }
-
- return ACL_SUCCESS;
+ return ACL_FAILURE;
}
-/**
- * @brief Remove all @c ACL_TYPE_ACCESS entries from the given file
- * descriptor, leaving the UNIX permission bits.
- *
- * @param fd
- * The file descriptor whose ACLs we want to wipe.
- *
- * @return
- * - @c ACL_SUCCESS - The ACLs were wiped successfully, or none
- * existed in the first place.
- * - @c ACL_ERROR - Unexpected library error.
- */
-int wipe_acls(int fd) {
- /* Initialize an empty ACL, and then overwrite the one on "fd" with it. */
- acl_t empty_acl = acl_init(0);
-
- if (empty_acl == (acl_t)NULL) {
- perror("wipe_acls (acl_init)");
- return ACL_ERROR;
- }
-
- if (acl_set_fd(fd, empty_acl) == ACL_ERROR) {
- perror("wipe_acls (acl_set_fd)");
- acl_free(empty_acl);
- return ACL_ERROR;
- }
-
- acl_free(empty_acl);
- return ACL_SUCCESS;
-}
-
-
/**
* @brief Copy ACLs between file descriptors as xattrs, verbatim.
*
return ACL_ERROR;
}
- size_t src_size_guess = fgetxattr(src_fd, src_name, NULL, 0);
+ ssize_t src_size_guess = fgetxattr(src_fd, src_name, NULL, 0);
if (src_size_guess == XATTR_ERROR) {
if (errno == ENODATA) {
/* A missing ACL isn't really an error. ENOATTR and ENODATA are
}
char* src_acl_p = alloca(src_size_guess);
/* The actual size may be smaller than our guess? I don't know. */
- size_t src_size = fgetxattr(src_fd, src_name, src_acl_p, (int)src_size_guess);
+ ssize_t src_size = fgetxattr(src_fd, src_name, src_acl_p, src_size_guess);
if (src_size == XATTR_ERROR) {
if (errno == ENODATA) {
/* A missing ACL isn't an error. */
* @param path
* The path whose ACL we would like to reset to its default.
*
- * @param sp
- * A pointer to a stat structure for @c path, or @c NULL if you don't
- * have one handy.
- *
* @param no_exec_mask
* The value (either true or false) of the --no-exec-mask flag.
*
* - @c ACL_FAILURE - If symlinks or hard links are encountered.
* - @c ACL_ERROR - Unexpected library error.
*/
-int apply_default_acl_ex(const char* path,
- const struct stat* sp,
- bool no_exec_mask) {
+int apply_default_acl(const char* path, bool no_exec_mask) {
if (path == NULL) {
errno = EINVAL;
- perror("apply_default_acl_ex (args)");
+ perror("apply_default_acl (args)");
return ACL_ERROR;
}
/* The file descriptor for the directory containing "path" */
int parent_fd = 0;
+ /* dirname() and basename() mangle their arguments, so we need
+ to make copies of "path" before using them. */
+ char* dirname_path_copy = NULL;
+ char* basename_path_copy = NULL;
+
/* Get the parent directory of "path" with dirname(), which happens
* to murder its argument and necessitates a path_copy. */
- char* path_copy = strdup(path);
- if (path_copy == NULL) {
- perror("apply_default_acl_ex (strdup)");
+ dirname_path_copy = strdup(path);
+ if (dirname_path_copy == NULL) {
+ perror("apply_default_acl (strdup)");
return ACL_ERROR;
}
- char* parent = dirname(path_copy);
+ char* parent = dirname(dirname_path_copy);
parent_fd = safe_open(parent, O_DIRECTORY | O_NOFOLLOW);
if (parent_fd == OPEN_ERROR) {
if (errno == ELOOP || errno == ENOTDIR) {
goto cleanup;
}
else {
- perror("apply_default_acl_ex (open parent fd)");
+ perror("apply_default_acl (open parent fd)");
result = ACL_ERROR;
goto cleanup;
}
goto cleanup;
}
- fd = safe_open(path, O_NOFOLLOW);
+ /* We already obtained the parent fd safely, so if we use the
+ basename of path here instead of the full thing, then we can get
+ away with using openat() and spare ourselves the slowness of
+ another safe_open(). */
+ basename_path_copy = strdup(path);
+ if (basename_path_copy == NULL) {
+ perror("apply_default_acl (strdup)");
+ return ACL_ERROR;
+ }
+ fd = openat(parent_fd, basename(basename_path_copy), O_NOFOLLOW);
if (fd == OPEN_ERROR) {
if (errno == ELOOP || errno == ENOTDIR) {
/* We hit a symlink, either in the last path component (ELOOP)
goto cleanup;
}
else {
- perror("apply_default_acl_ex (open fd)");
+ perror("apply_default_acl (open fd)");
result = ACL_ERROR;
goto cleanup;
}
* race condition here, but the window is as small as possible
* between when we open the file descriptor (look above) and when we
* fstat it.
- *
- * Note: we only need to call fstat ourselves if we weren't passed a
- * valid pointer to a stat structure (nftw does that).
*/
- if (sp == NULL) {
- struct stat s;
- if (fstat(fd, &s) == STAT_ERROR) {
- perror("apply_default_acl_ex (fstat)");
- goto cleanup;
- }
-
- sp = &s;
+ struct stat s;
+ if (fstat(fd, &s) == STAT_ERROR) {
+ perror("apply_default_acl (fstat)");
+ goto cleanup;
}
- if (!S_ISDIR(sp->st_mode)) {
+ if (!S_ISDIR(s.st_mode)) {
/* If it's not a directory, make sure it's a regular,
non-hard-linked file. */
- if (!S_ISREG(sp->st_mode) || sp->st_nlink != 1) {
+ if (!S_ISREG(s.st_mode) || s.st_nlink != 1) {
result = ACL_FAILURE;
goto cleanup;
}
if (!no_exec_mask) {
/* Never mask the execute bit on directories. */
- int ace_result = any_can_execute(fd,sp) || S_ISDIR(sp->st_mode);
+ int ace_result = any_can_execute(fd,&s) || S_ISDIR(s.st_mode);
if (ace_result == ACL_ERROR) {
- perror("apply_default_acl_ex (any_can_execute)");
+ perror("apply_default_acl (any_can_execute)");
result = ACL_ERROR;
goto cleanup;
}
allow_exec = (bool)ace_result;
}
- if (wipe_acls(fd) == ACL_ERROR) {
- perror("apply_default_acl_ex (wipe_acls)");
- result = ACL_ERROR;
- goto cleanup;
- }
-
/* If it's a directory, inherit the parent's default. */
- if (S_ISDIR(sp->st_mode)) {
+ if (S_ISDIR(s.st_mode)) {
if (acl_copy_xattr(parent_fd,
ACL_TYPE_DEFAULT,
fd,
ACL_TYPE_DEFAULT) == ACL_ERROR) {
- perror("apply_default_acl_ex (acl_copy_xattr default)");
+ perror("apply_default_acl (acl_copy_xattr default)");
result = ACL_ERROR;
goto cleanup;
}
ACL_TYPE_DEFAULT,
fd,
ACL_TYPE_ACCESS) == ACL_ERROR) {
- perror("apply_default_acl_ex (acl_copy_xattr access)");
+ perror("apply_default_acl (acl_copy_xattr access)");
result = ACL_ERROR;
goto cleanup;
}
/* There's a good reason why we saved the ACL above, even though
- * we're about tto read it back into memory and mess with it on the
+ * we're about to read it back into memory and mess with it on the
* next line. The acl_copy_xattr() function is already a hack to let
* us copy default ACLs without resorting to path names; we simply
* have no way to read the parent's default ACL into memory using
*/
/* Now we potentially need to mask the execute permissions in the
- ACL on fd; or maybe now. */
+ ACL on fd; or maybe not. */
if (allow_exec) {
goto cleanup;
}
current ACL... */
new_acl = acl_get_fd(fd);
if (new_acl == (acl_t)NULL) {
- perror("apply_default_acl_ex (acl_get_fd)");
+ perror("apply_default_acl (acl_get_fd)");
result = ACL_ERROR;
goto cleanup;
}
looping over it no worky). */
new_acl_unmasked = acl_dup(new_acl);
if (new_acl_unmasked == (acl_t)NULL) {
- perror("apply_default_acl_ex (acl_dup)");
+ perror("apply_default_acl (acl_dup)");
result = ACL_ERROR;
goto cleanup;
}
acl_tag_t tag = ACL_UNDEFINED_TAG;
if (acl_get_tag_type(entry, &tag) == ACL_ERROR) {
- perror("apply_default_acl_ex (acl_get_tag_type)");
+ perror("apply_default_acl (acl_get_tag_type)");
result = ACL_ERROR;
goto cleanup;
}
/* We've got an entry/tag from the default ACL. Get its permset. */
acl_permset_t permset;
if (acl_get_permset(entry, &permset) == ACL_ERROR) {
- perror("apply_default_acl_ex (acl_get_permset)");
+ perror("apply_default_acl (acl_get_permset)");
result = ACL_ERROR;
goto cleanup;
}
minimal ACLs) or acl_other entries, so if execute should be
masked, we have to do it manually. */
if (acl_delete_perm(permset, ACL_EXECUTE) == ACL_ERROR) {
- perror("apply_default_acl_ex (acl_delete_perm)");
+ perror("apply_default_acl (acl_delete_perm)");
result = ACL_ERROR;
goto cleanup;
}
if (acl_set_permset(entry, permset) == ACL_ERROR) {
- perror("apply_default_acl_ex (acl_set_permset)");
+ perror("apply_default_acl (acl_set_permset)");
result = ACL_ERROR;
goto cleanup;
}
}
- /* Finally, add the permset to the access ACL. It's actually
- * important that we pass in the address of "new_acl" here, and not
- * "new_acl" itself. Why? The call to acl_create_entry() within
- * acl_set_entry() can allocate new memory for the entry.
- * Sometimes that can be done in-place, in which case everything
- * is cool and the new memory gets released when we call
- * acl_free(acl).
- *
- * But occasionally, the whole ACL structure will have to be moved
- * in order to allocate the extra space. When that happens,
- * acl_create_entry() modifies the pointer it was passed (in this
- * case, &acl) to point to the new location. We want to call
- * acl_free() on the new location, and since acl_free() gets
- * called right here, we need acl_create_entry() to update the
- * value of "new_acl". To do that, it needs the address of "new_acl".
- */
-
- if (acl_set_entry(&new_acl, entry) == ACL_ERROR) {
- perror("apply_default_acl_ex (acl_set_entry)");
+ if (acl_update_entry(new_acl, entry) == ACL_ERROR) {
+ perror("apply_default_acl (acl_update_entry)");
result = ACL_ERROR;
goto cleanup;
}
/* Catches the first acl_get_entry as well as the ones at the end of
the loop. */
if (ge_result == ACL_ERROR) {
- perror("apply_default_acl_ex (acl_get_entry)");
+ perror("apply_default_acl (acl_get_entry)");
result = ACL_ERROR;
goto cleanup;
}
if (acl_set_fd(fd, new_acl) == ACL_ERROR) {
- perror("apply_default_acl_ex (acl_set_fd)");
+ perror("apply_default_acl (acl_set_fd)");
result = ACL_ERROR;
goto cleanup;
}
cleanup:
- free(path_copy);
- if (new_acl != (acl_t)NULL) {
- acl_free(new_acl);
- }
- if (new_acl_unmasked != (acl_t)NULL) {
- acl_free(new_acl_unmasked);
- }
+ free(dirname_path_copy);
+ free(basename_path_copy);
+ acl_free(new_acl);
+ acl_free(new_acl_unmasked);
+
if (fd > 0 && close(fd) == CLOSE_ERROR) {
- perror("apply_default_acl_ex (close fd)");
+ perror("apply_default_acl (close fd)");
result = ACL_ERROR;
}
if (parent_fd > 0 && close(parent_fd) == CLOSE_ERROR) {
- perror("apply_default_acl_ex (close parent_fd)");
+ perror("apply_default_acl (close parent_fd)");
result = ACL_ERROR;
}
return result;
}
-
-
-
-/**
- * @brief The friendly interface to @c apply_default_acl_ex.
- *
- * The @c apply_default_acl_ex function holds the real implementation
- * of this function, but it takes a weird second argument that most
- * people won't care about (a stat structure). But, we use that
- * argument for the recursive mode of the CLI, so it's there.
- *
- * If you don't have a stat structure for your @c path, use this instead.
- *
- * @param path
- * The path whose ACL we would like to reset to its default.
- *
- * @param no_exec_mask
- * The value (either true or false) of the --no-exec-mask flag.
- *
- * @return
- * - @c ACL_SUCCESS - The parent default ACL was inherited successfully.
- * - @c ACL_FAILURE - If symlinks or hard links are encountered.
- * or the parent of @c path is not a directory.
- * - @c ACL_ERROR - Unexpected library error.
- */
-int apply_default_acl(const char* path, bool no_exec_mask) {
- return apply_default_acl_ex(path, NULL, no_exec_mask);
-}
projects / apply-default-acl.git / blobdiff