*
*/
-/* Enables get_current_dir_name() in unistd.h */
+/* Enables get_current_dir_name() in unistd.h and the O_PATH flag. */
#define _GNU_SOURCE
-#include <errno.h>
-#include <fcntl.h>
-#include <libgen.h> /* basename(), dirname() */
-#include <limits.h> /* PATH_MAX */
-#include <stdbool.h>
-#include <stdio.h>
-#include <stdlib.h>
-#include <string.h>
-#include <sys/stat.h>
-#include <unistd.h> /* get_current_dir_name() */
+#include <errno.h> /* EINVAL, ELOOP, ENOTDIR, etc. */
+#include <fcntl.h> /* openat() */
+#include <libgen.h> /* basename(), dirname() */
+#include <limits.h> /* PATH_MAX */
+#include <stdbool.h> /* the "bool" type */
+#include <stdio.h> /* perror(), snprintf() */
+#include <stdlib.h> /* free() */
+#include <string.h> /* strdup() */
+#include <sys/stat.h> /* fstat() */
+#include <unistd.h> /* get_current_dir_name() */
/* ACLs */
#include <acl/libacl.h> /* acl_get_perm, not portable */
-#include <sys/types.h>
-#include <sys/acl.h>
+#include <sys/acl.h> /* all other acl_foo functions */
#include "libadacl.h"
+/* Even though most other library functions reliably return -1 for
+ * error, it feels a little wrong to re-use the ACL_ERROR constant.
+ */
+#define CLOSE_ERROR -1
+#define OPEN_ERROR -1
+#define SNPRINTF_ERROR -1
+#define STAT_ERROR -1
+
+
/**
* @brief The recursive portion of the @c safe_open function, used to
* open a file descriptor in a symlink-safe way when combined with
* @param pathname
* The path to the file/directory/whatever whose descriptor you want.
*
+ * @param flags
+ * File status flags to be passed to @c openat.
+ *
* @return a file descriptor for @c pathname if everything goes well,
* and @c OPEN_ERROR if not.
*/
int safe_open_ex(int at_fd, char* pathname, int flags) {
- if (pathname != NULL && strlen(pathname) == 0) {
- /* Oops, went one level to deep with nothing to do. */
- return at_fd;
+ if (pathname == NULL) {
+ errno = EINVAL;
+ perror("safe_open_ex (args)");
+ return OPEN_ERROR;
}
char* firstslash = strchr(pathname, '/');
if (firstslash == NULL) {
/* No more slashes, this is the base case. */
- int r = openat(at_fd, pathname, flags);
- return r;
+ return openat(at_fd, pathname, flags);
+ }
+ else if (firstslash[1] == '\0') {
+ /* The first slash is the last character; ensure that we open
+ a directory. */
+ firstslash[0] = '\0';
+ return openat(at_fd, pathname, flags | O_DIRECTORY);
}
- /* Temporarily disable the slash, so that the subsequent call to
- openat() opens only the next directory (and doesn't recurse). */
+ /* The first slash exists and isn't the last character in the path,
+ so we can split the path wherever that first slash lies and
+ recurse. */
*firstslash = '\0';
- int fd = safe_open_ex(at_fd, pathname, flags);
+ int fd = openat(at_fd, pathname, flags | O_DIRECTORY | O_PATH);
if (fd == OPEN_ERROR) {
- if (errno != ELOOP) {
+ if (errno != ENOTDIR) {
/* Don't output anything if we ignore a symlink */
perror("safe_open_ex (safe_open_ex)");
}
return OPEN_ERROR;
}
- /* The ++ is safe because there needs to be at least a null byte
- after the first slash, even if it's the last real character in
- the string. */
+ /* The +1 is safe because there needs to be at least one character
+ after the first slash (we checked this above). */
int result = safe_open_ex(fd, firstslash+1, flags);
if (close(fd) == CLOSE_ERROR) {
perror("safe_open_ex (close)");
* @param pathname
* The path to the file/directory/whatever whose descriptor you want.
*
+ * @param flags
+ * File status flags to be passed to @c openat.
+ *
* @return a file descriptor for @c pathname if everything goes well,
* and @c OPEN_ERROR if not.
*/
int safe_open(const char* pathname, int flags) {
if (pathname == NULL || strlen(pathname) == 0 || pathname[0] == '\0') {
- /* error? */
+ errno = EINVAL;
+ perror("safe_open (args)");
return OPEN_ERROR;
}
return OPEN_ERROR;
}
- int fd = open("/", flags);
+ int fd = 0;
+ if (strcmp(abspath, "/") == 0) {
+ fd = open("/", flags | O_DIRECTORY);
+ }
+ else {
+ /* Use O_PATH for some added safety if "/" is not our target */
+ fd = open("/", flags | O_DIRECTORY | O_PATH);
+ }
+ if (fd == OPEN_ERROR) {
+ perror("safe_open (open)");
+ return OPEN_ERROR;
+ }
+
if (strcmp(abspath, "/") == 0) {
return fd;
}
*
*/
int acl_set_entry(acl_t* aclp, acl_entry_t entry) {
+ if (aclp == NULL || entry == NULL) {
+ errno = EINVAL;
+ perror("acl_set_entry (args)");
+ return ACL_ERROR;
+ }
acl_tag_t entry_tag;
if (acl_get_tag_type(entry, &entry_tag) == ACL_ERROR) {
been wiped. These three are guaranteed to exist, so if we
match one of them, we're allowed to return ACL_SUCCESS
below and bypass the rest of the function. */
- acl_permset_t existing_permset;
- if (acl_get_permset(existing_entry, &existing_permset) == ACL_ERROR) {
- perror("acl_set_entry (acl_get_permset)");
- return ACL_ERROR;
- }
-
if (acl_set_permset(existing_entry, entry_permset) == ACL_ERROR) {
perror("acl_set_entry (acl_set_permset)");
return ACL_ERROR;
* - @c ACL_ERROR - Unexpected library error
*/
int acl_is_minimal(acl_t acl) {
+ if (acl == NULL) {
+ errno = EINVAL;
+ perror("acl_is_minimal (args)");
+ return ACL_ERROR;
+ }
int ec = acl_entry_count(acl);
* - @c ACL_ERROR - Unexpected library error.
*/
int acl_execute_masked(acl_t acl) {
+ if (acl == NULL) {
+ errno = EINVAL;
+ perror("acl_execute_masked (args)");
+ return ACL_ERROR;
+ }
acl_entry_t entry;
int ge_result = acl_get_entry(acl, ACL_FIRST_ENTRY, &entry);
* - @c ACL_ERROR - Unexpected library error.
*/
int any_can_execute(int fd, const struct stat* sp) {
+ if (sp == NULL) {
+ errno = EINVAL;
+ perror("any_can_execute (args)");
+ return ACL_ERROR;
+ }
+
acl_t acl = acl_get_fd(fd);
if (acl == (acl_t)NULL) {
- perror("any_can_execute (acl_get_file)");
+ perror("any_can_execute (acl_get_fd)");
return ACL_ERROR;
}
* - @c ACL_ERROR - Unexpected library error.
*/
int assign_default_acl(const char* path, acl_t acl) {
-
- if (path == NULL) {
+ if (path == NULL || acl == NULL) {
errno = EINVAL;
perror("assign_default_acl (args)");
return ACL_ERROR;
*
* @return
* - @c ACL_SUCCESS - The parent default ACL was inherited successfully.
- * - @c ACL_FAILURE - The target path is not a regular file/directory,
- * or the parent of @c path is not a directory.
+ * - @c ACL_FAILURE - If symlinks or hard links are encountered.
* - @c ACL_ERROR - Unexpected library error.
*/
-int apply_default_acl(const char* path,
- const struct stat* sp,
- bool no_exec_mask) {
+int apply_default_acl_ex(const char* path,
+ const struct stat* sp,
+ bool no_exec_mask) {
if (path == NULL) {
errno = EINVAL;
- perror("apply_default_acl (args)");
+ perror("apply_default_acl_ex (args)");
return ACL_ERROR;
}
*/
char* path_copy = strdup(path);
if (path_copy == NULL) {
- perror("apply_default_acl (strdup)");
+ perror("apply_default_acl_ex (strdup)");
return ACL_ERROR;
}
char* parent = dirname(path_copy);
fd = safe_open(path, O_NOFOLLOW);
if (fd == OPEN_ERROR) {
- if (errno == ELOOP) {
- result = ACL_FAILURE; /* hit a symlink */
+ if (errno == ELOOP || errno == ENOTDIR) {
+ /* We hit a symlink, either in the last path component (ELOOP)
+ or higher up (ENOTDIR). */
+ result = ACL_FAILURE;
goto cleanup;
}
else {
- perror("apply_default_acl (open fd)");
+ perror("apply_default_acl_ex (open fd)");
result = ACL_ERROR;
goto cleanup;
}
if (sp == NULL) {
struct stat s;
if (fstat(fd, &s) == STAT_ERROR) {
- perror("apply_default_acl (fstat)");
+ perror("apply_default_acl_ex (fstat)");
goto cleanup;
}
int ace_result = any_can_execute(fd,sp) || S_ISDIR(sp->st_mode);
if (ace_result == ACL_ERROR) {
- perror("apply_default_acl (any_can_execute)");
+ perror("apply_default_acl_ex (any_can_execute)");
result = ACL_ERROR;
goto cleanup;
}
defacl = acl_get_file(parent, ACL_TYPE_DEFAULT);
if (defacl == (acl_t)NULL) {
- perror("apply_default_acl (acl_get_file)");
+ perror("apply_default_acl_ex (acl_get_file)");
result = ACL_ERROR;
goto cleanup;
}
if (wipe_acls(fd) == ACL_ERROR) {
- perror("apply_default_acl (wipe_acls)");
+ perror("apply_default_acl_ex (wipe_acls)");
result = ACL_ERROR;
goto cleanup;
}
ACL with this one. */
acl_t acl = acl_get_fd(fd);
if (acl == (acl_t)NULL) {
- perror("apply_default_acl (acl_get_fd)");
+ perror("apply_default_acl_ex (acl_get_fd)");
result = ACL_ERROR;
goto cleanup;
}
* want to do?
*/
if (S_ISDIR(sp->st_mode) && assign_default_acl(path, defacl) == ACL_ERROR) {
- perror("apply_default_acl (assign_default_acl)");
+ perror("apply_default_acl_ex (assign_default_acl)");
result = ACL_ERROR;
goto cleanup;
}
acl_tag_t tag = ACL_UNDEFINED_TAG;
if (acl_get_tag_type(entry, &tag) == ACL_ERROR) {
- perror("apply_default_acl (acl_get_tag_type)");
+ perror("apply_default_acl_ex (acl_get_tag_type)");
result = ACL_ERROR;
goto cleanup;
}
/* We've got an entry/tag from the default ACL. Get its permset. */
acl_permset_t permset;
if (acl_get_permset(entry, &permset) == ACL_ERROR) {
- perror("apply_default_acl (acl_get_permset)");
+ perror("apply_default_acl_ex (acl_get_permset)");
result = ACL_ERROR;
goto cleanup;
}
minimal ACLs) or acl_other entries, so if execute should be
masked, we have to do it manually. */
if (acl_delete_perm(permset, ACL_EXECUTE) == ACL_ERROR) {
- perror("apply_default_acl (acl_delete_perm)");
+ perror("apply_default_acl_ex (acl_delete_perm)");
result = ACL_ERROR;
goto cleanup;
}
if (acl_set_permset(entry, permset) == ACL_ERROR) {
- perror("apply_default_acl (acl_set_permset)");
+ perror("apply_default_acl_ex (acl_set_permset)");
result = ACL_ERROR;
goto cleanup;
}
* value of "acl". To do that, it needs the address of "acl".
*/
if (acl_set_entry(&acl, entry) == ACL_ERROR) {
- perror("apply_default_acl (acl_set_entry)");
+ perror("apply_default_acl_ex (acl_set_entry)");
result = ACL_ERROR;
goto cleanup;
}
/* Catches the first acl_get_entry as well as the ones at the end of
the loop. */
if (ge_result == ACL_ERROR) {
- perror("apply_default_acl (acl_get_entry)");
+ perror("apply_default_acl_ex (acl_get_entry)");
result = ACL_ERROR;
goto cleanup;
}
if (acl_set_fd(fd, acl) == ACL_ERROR) {
- perror("apply_default_acl (acl_set_fd)");
+ perror("apply_default_acl_ex (acl_set_fd)");
result = ACL_ERROR;
goto cleanup;
}
acl_free(defacl);
}
if (fd >= 0 && close(fd) == CLOSE_ERROR) {
- perror("apply_default_acl (close)");
+ perror("apply_default_acl_ex (close)");
result = ACL_ERROR;
}
return result;
}
+
+
+
+/**
+ * @brief The friendly interface to @c apply_default_acl_ex.
+ *
+ * The @c apply_default_acl_ex function holds the real implementation
+ * of this function, but it takes a weird second argument that most
+ * people won't care about (a stat structure). But, we use that
+ * argument for the recursive mode of the CLI, so it's there.
+ *
+ * If you don't have a stat structure for your @c path, use this instead.
+ *
+ * @param path
+ * The path whose ACL we would like to reset to its default.
+ *
+ * @param no_exec_mask
+ * The value (either true or false) of the --no-exec-mask flag.
+ *
+ * @return
+ * - @c ACL_SUCCESS - The parent default ACL was inherited successfully.
+ * - @c ACL_FAILURE - If symlinks or hard links are encountered.
+ * or the parent of @c path is not a directory.
+ * - @c ACL_ERROR - Unexpected library error.
+ */
+int apply_default_acl(const char* path, bool no_exec_mask) {
+ return apply_default_acl_ex(path, NULL, no_exec_mask);
+}