X-Git-Url: https://gitweb.michael.orlitzky.com/?a=blobdiff_plain;f=src%2Flibadacl.c;h=aa473c4d696db186e2271d3ed92a09ed9c48596b;hb=9c3d24f7347f6f9f7a8c5fdf0c7f649ce5fb927a;hp=cdd07fcfee7c7400256e9ea619cc6abea99a195d;hpb=dcaa939a0e09bceb1392488fa126232629a63aa8;p=apply-default-acl.git diff --git a/src/libadacl.c b/src/libadacl.c index cdd07fc..aa473c4 100644 --- a/src/libadacl.c +++ b/src/libadacl.c @@ -259,39 +259,97 @@ int acl_update_entry(acl_t aclp, acl_entry_t entry) { return ACL_ERROR; } + /* This can allocate memory, so from here on out we have to jump to + the "cleanup" label to exit. */ + void* entry_qualifier = acl_get_qualifier(entry); + if (entry_qualifier == NULL && + (entry_tag == ACL_USER || entry_tag == ACL_GROUP)) { + /* acl_get_qualifier() can return NULL, but it shouldn't for + ACL_USER or ACL_GROUP entries. */ + perror("acl_update_entry (acl_get_qualifier)"); + return ACL_ERROR; + } + + /* Our return value. Default to failure, and change to success if we + actually update something. */ + int result = ACL_FAILURE; + acl_entry_t existing_entry; /* Loop through the given ACL looking for matching entries. */ - int result = acl_get_entry(aclp, ACL_FIRST_ENTRY, &existing_entry); + int get_entry_result = acl_get_entry(aclp, ACL_FIRST_ENTRY, &existing_entry); - while (result == ACL_SUCCESS) { + while (get_entry_result == ACL_SUCCESS) { acl_tag_t existing_tag = ACL_UNDEFINED_TAG; if (acl_get_tag_type(existing_entry, &existing_tag) == ACL_ERROR) { perror("set_acl_tag_permset (acl_get_tag_type)"); - return ACL_ERROR; + result = ACL_ERROR; + goto cleanup; } if (existing_tag == entry_tag) { - /* If we update something, we're done and return ACL_SUCCESS */ - if (acl_set_permset(existing_entry, entry_permset) == ACL_ERROR) { - perror("acl_update_entry (acl_set_permset)"); - return ACL_ERROR; + /* Our tag types match, but if we have a named user or group + entry, then we need to check that the user/group (that is, + the qualifier) matches too. */ + bool qualifiers_match = false; + + /* There are three ways the qualifiers can match... */ + void* existing_qualifier = acl_get_qualifier(existing_entry); + if (existing_qualifier == NULL) { + if (existing_tag == ACL_USER || existing_tag == ACL_GROUP) { + perror("acl_update_entry (acl_get_qualifier)"); + result = ACL_ERROR; + goto cleanup; + } + else { + /* First, we could be dealing with an entry that isn't a + named user or group, in which case they "match + vacuously." */ + qualifiers_match = true; + } + } + + /* Otherwise, we have to have matching UIDs or GIDs. */ + if (entry_tag == ACL_USER) { + qualifiers_match = ( *((uid_t*)existing_qualifier) + == + *((uid_t*)entry_qualifier) ); + } + else if (entry_tag == ACL_GROUP) { + qualifiers_match = ( *((gid_t*)existing_qualifier) + == + *((gid_t*)entry_qualifier) ); } - return ACL_SUCCESS; + /* Be sure to free this inside the loop, where memory is allocated. */ + acl_free(existing_qualifier); + + if (qualifiers_match) { + /* If we update something, we're done and return ACL_SUCCESS */ + if (acl_set_permset(existing_entry, entry_permset) == ACL_ERROR) { + perror("acl_update_entry (acl_set_permset)"); + result = ACL_ERROR; + goto cleanup; + } + + result = ACL_SUCCESS; + goto cleanup; + } } - result = acl_get_entry(aclp, ACL_NEXT_ENTRY, &existing_entry); + get_entry_result = acl_get_entry(aclp, ACL_NEXT_ENTRY, &existing_entry); } /* This catches both the initial acl_get_entry and the ones at the end of the loop. */ - if (result == ACL_ERROR) { + if (get_entry_result == ACL_ERROR) { perror("acl_update_entry (acl_get_entry)"); - return ACL_ERROR; + result = ACL_ERROR; } - return ACL_FAILURE; + cleanup: + acl_free(entry_qualifier); + return result; } @@ -1003,7 +1061,30 @@ int apply_default_acl(const char* path, bool recursive) { return ACL_ERROR; } char* parent = dirname(dirname_path_copy); + + basename_path_copy = strdup(path); + if (basename_path_copy == NULL) { + perror("apply_default_acl (strdup)"); + result = ACL_ERROR; + goto cleanup; + } + char* child = basename(basename_path_copy); + + /* Just kidding, if the path is "." or "..", then dirname will do + * the wrong thing and give us "." as its parent, too. So, we handle + * those as special cases. We use "child" instead of "path" here to + * catch things like "./" and "../" + */ + bool path_is_dots = strcmp(child, ".") == 0 || strcmp(child, "..") == 0; + char dots_parent[6] = "../"; + if (path_is_dots) { + /* We know that "child" contains no more than two characters here, and + using strncat to enforce that belief keeps clang-tidy happy. */ + parent = strncat(dots_parent, child, 2); + } + parent_fd = safe_open(parent, O_DIRECTORY | O_NOFOLLOW); + if (parent_fd == OPEN_ERROR) { if (errno == ELOOP || errno == ENOTDIR) { /* We hit a symlink, either in the last path component (ELOOP) @@ -1019,15 +1100,20 @@ int apply_default_acl(const char* path, bool recursive) { } /* We already obtained the parent fd safely, so if we use the - basename of path here instead of the full thing, then we can get - away with using openat() and spare ourselves the slowness of - another safe_open(). */ - basename_path_copy = strdup(path); - if (basename_path_copy == NULL) { - perror("apply_default_acl (strdup)"); - return ACL_ERROR; + * basename of path here instead of the full thing, then we can get + * away with using openat() and spare ourselves the slowness of + * another safe_open(). + * + * Note that if the basename is "." or "..", then we don't want to + * open it relative to the parent_fd, so we need another special + * case for those paths here. + */ + if (path_is_dots) { + fd = open(child, O_NOFOLLOW); + } + else { + fd = openat(parent_fd, child, O_NOFOLLOW); } - fd = openat(parent_fd, basename(basename_path_copy), O_NOFOLLOW); if (fd == OPEN_ERROR) { if (errno == ELOOP || errno == ENOTDIR) { /* We hit a symlink, either in the last path component (ELOOP)