X-Git-Url: https://gitweb.michael.orlitzky.com/?a=blobdiff_plain;f=src%2Flibadacl.c;h=789d12c9807ba541a51a823da58fb1d9e269fa63;hb=237493e8056c43b284755c1717d7ad25eb3da029;hp=5402a32be0ac3ca03a535aa40bf049ef1eabca3f;hpb=71831f01c40806756b6640591fca739c7790aebe;p=apply-default-acl.git

diff --git a/src/libadacl.c b/src/libadacl.c
index 5402a32..789d12c 100644
--- a/src/libadacl.c
+++ b/src/libadacl.c
@@ -5,10 +5,10 @@
  *
  */
 
-/* Enables get_current_dir_name() in unistd.h */
+/* Enables get_current_dir_name() in unistd.h and the O_PATH flag. */
 #define _GNU_SOURCE
 
-#include <errno.h>    /* ELOOP, EINVAL, etc. */
+#include <errno.h>    /* EINVAL, ELOOP, ENOTDIR, etc. */
 #include <fcntl.h>    /* openat() */
 #include <libgen.h>   /* basename(), dirname() */
 #include <limits.h>   /* PATH_MAX */
@@ -40,9 +40,6 @@
  *   open a file descriptor in a symlink-safe way when combined with
  *   the @c O_NOFOLLOW flag.
  *
- * The @c O_PATH flag is not used because we want to fail upon
- * encountering any symlinks.
- *
  * @param at_fd
  *   A file descriptor relative to which @c pathname will be opened.
  *
@@ -62,33 +59,33 @@ int safe_open_ex(int at_fd, char* pathname, int flags) {
     return OPEN_ERROR;
   }
 
-  if (strlen(pathname) == 0) {
-    /* Oops, went one level to deep with nothing to do. */
-    return at_fd;
-  }
-
   char* firstslash = strchr(pathname, '/');
   if (firstslash == NULL) {
     /* No more slashes, this is the base case. */
-    int r = openat(at_fd, pathname, flags);
-    return r;
+    return openat(at_fd, pathname, flags);
+  }
+  else if (firstslash[1] == '\0') {
+    /* The first slash is the last character; ensure that we open
+       a directory. */
+    firstslash[0] = '\0';
+    return openat(at_fd, pathname, flags | O_DIRECTORY);
   }
 
-  /* Temporarily disable the slash, so that the subsequent call to
-     openat() opens only the next directory (and doesn't recurse). */
+  /* The first slash exists and isn't the last character in the path,
+     so we can split the path wherever that first slash lies and
+     recurse. */
    *firstslash = '\0';
-   int fd = safe_open_ex(at_fd, pathname, flags);
+   int fd = openat(at_fd, pathname, flags | O_DIRECTORY | O_PATH);
    if (fd == OPEN_ERROR) {
-     if (errno != ELOOP) {
+     if (errno != ENOTDIR) {
        /* Don't output anything if we ignore a symlink */
        perror("safe_open_ex (safe_open_ex)");
      }
      return OPEN_ERROR;
    }
 
-   /* The ++ is safe because there needs to be at least a null byte
-      after the first slash, even if it's the last real character in
-      the string. */
+   /* The +1 is safe because there needs to be at least one character
+      after the first slash (we checked this above). */
    int result = safe_open_ex(fd, firstslash+1, flags);
    if (close(fd) == CLOSE_ERROR) {
       perror("safe_open_ex (close)");
@@ -168,7 +165,14 @@ int safe_open(const char* pathname, int flags) {
     return OPEN_ERROR;
   }
 
-  int fd = open("/", flags);
+  int fd = 0;
+  if (strcmp(abspath, "/") == 0) {
+    fd = open("/", flags | O_DIRECTORY);
+  }
+  else {
+    /* Use O_PATH for some added safety if "/" is not our target */
+    fd = open("/", flags | O_DIRECTORY | O_PATH);
+  }
   if (fd == OPEN_ERROR) {
     perror("safe_open (open)");
     return OPEN_ERROR;
@@ -252,12 +256,6 @@ int acl_set_entry(acl_t* aclp, acl_entry_t entry) {
 	   been wiped. These three are guaranteed to exist, so if we
 	   match one of them, we're allowed to return ACL_SUCCESS
 	   below and bypass the rest of the function. */
-	acl_permset_t existing_permset;
-	if (acl_get_permset(existing_entry, &existing_permset) == ACL_ERROR) {
-	  perror("acl_set_entry (acl_get_permset)");
-	  return ACL_ERROR;
-	}
-
 	if (acl_set_permset(existing_entry, entry_permset) == ACL_ERROR) {
 	  perror("acl_set_entry (acl_set_permset)");
 	  return ACL_ERROR;
@@ -479,7 +477,7 @@ int any_can_execute(int fd, const struct stat* sp) {
   acl_t acl = acl_get_fd(fd);
 
   if (acl == (acl_t)NULL) {
-    perror("any_can_execute (acl_get_file)");
+    perror("any_can_execute (acl_get_fd)");
     return ACL_ERROR;
   }
 
@@ -687,8 +685,10 @@ int apply_default_acl_ex(const char* path,
 
   fd = safe_open(path, O_NOFOLLOW);
   if (fd == OPEN_ERROR) {
-    if (errno == ELOOP) {
-      result = ACL_FAILURE; /* hit a symlink */
+    if (errno == ELOOP || errno == ENOTDIR) {
+      /* We hit a symlink, either in the last path component (ELOOP)
+	 or higher up (ENOTDIR). */
+      result = ACL_FAILURE;
       goto cleanup;
     }
     else {