From 6bf5e24d48077db58b389e90558100fc121b8134 Mon Sep 17 00:00:00 2001 From: Kamil Dudka Date: Mon, 4 Apr 2011 12:43:39 +0200 Subject: [PATCH 1/2] libacl: Add acl_extended_file_nofollow() This function calls lgetxattr() instead of getxattr(), which helps ls(1) to prevent unnecessary automatic mounts, which acl_extended_file() triggers. See the following bug report for more details: https://bugzilla.redhat.com/692982 --- exports | 1 + include/libacl.h | 1 + libacl/Makefile | 3 +- libacl/__acl_extended_file.c | 49 +++++++++++++++++++++++++++++++++++ libacl/__acl_extended_file.h | 4 +++ libacl/acl_extended_file.c | 20 ++------------ libacl/acl_extended_file_nofollow.c | 34 ++++++++++++++++++++++++ man/man3/acl_extended_file.3 | 11 +++++++- man/man5/acl.5 | 1 + 9 files changed, 105 insertions(+), 19 deletions(-) create mode 100644 libacl/__acl_extended_file.c create mode 100644 libacl/__acl_extended_file.h create mode 100644 libacl/acl_extended_file_nofollow.c diff --git a/exports b/exports index ef02842..b368c22 100644 --- a/exports +++ b/exports @@ -82,4 +82,5 @@ ACL_1.1 { # Linux specific extensions perm_copy_fd; perm_copy_file; + acl_extended_file_nofollow; } ACL_1.0; diff --git a/include/libacl.h b/include/libacl.h index 41ec48e..d6a6650 100644 --- a/include/libacl.h +++ b/include/libacl.h @@ -59,6 +59,7 @@ extern int acl_check(acl_t acl, int *last); extern acl_t acl_from_mode(mode_t mode); extern int acl_equiv_mode(acl_t acl, mode_t *mode_p); int acl_extended_file(const char *path_p); +int acl_extended_file_nofollow(const char *path_p); int acl_extended_fd(int fd); extern int acl_entries(acl_t acl); extern const char *acl_error(int code); diff --git a/libacl/Makefile b/libacl/Makefile index 1224b65..cfe3d3a 100644 --- a/libacl/Makefile +++ b/libacl/Makefile @@ -47,7 +47,8 @@ POSIX_CFILES = \ LIBACL_CFILES = \ acl_to_any_text.c acl_entries.c acl_check.c acl_error.c acl_cmp.c \ - acl_extended_fd.c acl_extended_file.c acl_equiv_mode.c acl_from_mode.c + acl_extended_fd.c acl_extended_file.c acl_equiv_mode.c acl_from_mode.c \ + acl_extended_file_nofollow.c __acl_extended_file.c INTERNAL_CFILES = \ __acl_to_any_text.c __acl_to_xattr.c __acl_from_xattr.c \ diff --git a/libacl/__acl_extended_file.c b/libacl/__acl_extended_file.c new file mode 100644 index 0000000..629afe9 --- /dev/null +++ b/libacl/__acl_extended_file.c @@ -0,0 +1,49 @@ +/* + File: acl_extended_file.c + + Copyright (C) 2000, 2011 + Andreas Gruenbacher, + + This program is free software; you can redistribute it and/or + modify it under the terms of the GNU Lesser General Public + License as published by the Free Software Foundation; either + version 2.1 of the License, or (at your option) any later version. + + This program is distributed in the hope that it will be useful, + but WITHOUT ANY WARRANTY; without even the implied warranty of + MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU + Lesser General Public License for more details. + + You should have received a copy of the GNU Lesser General Public + License along with this library; if not, write to the Free Software + Foundation, Inc., 59 Temple Place - Suite 330, Boston, MA 02111-1307, USA. +*/ + +#include +#include +#include "libacl.h" + +#include "byteorder.h" +#include "acl_ea.h" +#include "__acl_extended_file.h" + + +int +__acl_extended_file(const char *path_p, getxattr_t fun) +{ + int base_size = sizeof(acl_ea_header) + 3 * sizeof(acl_ea_entry); + int retval; + + retval = fun(path_p, ACL_EA_ACCESS, NULL, 0); + if (retval < 0 && errno != ENOATTR && errno != ENODATA) + return -1; + if (retval > base_size) + return 1; + retval = fun(path_p, ACL_EA_DEFAULT, NULL, 0); + if (retval < 0 && errno != ENOATTR && errno != ENODATA) + return -1; + if (retval >= base_size) + return 1; + return 0; +} + diff --git a/libacl/__acl_extended_file.h b/libacl/__acl_extended_file.h new file mode 100644 index 0000000..f8881a1 --- /dev/null +++ b/libacl/__acl_extended_file.h @@ -0,0 +1,4 @@ +typedef ssize_t (*getxattr_t)(const char *, const char *, void *value, + size_t size); + +int __acl_extended_file(const char *path_p, getxattr_t fun); diff --git a/libacl/acl_extended_file.c b/libacl/acl_extended_file.c index d1cb85d..f417784 100644 --- a/libacl/acl_extended_file.c +++ b/libacl/acl_extended_file.c @@ -1,7 +1,7 @@ /* File: acl_extended_file.c - Copyright (C) 2000 + Copyright (C) 2011 Andreas Gruenbacher, This program is free software; you can redistribute it and/or @@ -23,26 +23,12 @@ #include #include "libacl.h" -#include "byteorder.h" -#include "acl_ea.h" +#include "__acl_extended_file.h" int acl_extended_file(const char *path_p) { - int base_size = sizeof(acl_ea_header) + 3 * sizeof(acl_ea_entry); - int retval; - - retval = getxattr(path_p, ACL_EA_ACCESS, NULL, 0); - if (retval < 0 && errno != ENOATTR && errno != ENODATA) - return -1; - if (retval > base_size) - return 1; - retval = getxattr(path_p, ACL_EA_DEFAULT, NULL, 0); - if (retval < 0 && errno != ENOATTR && errno != ENODATA) - return -1; - if (retval >= base_size) - return 1; - return 0; + return __acl_extended_file(path_p, getxattr); } diff --git a/libacl/acl_extended_file_nofollow.c b/libacl/acl_extended_file_nofollow.c new file mode 100644 index 0000000..8f4711f --- /dev/null +++ b/libacl/acl_extended_file_nofollow.c @@ -0,0 +1,34 @@ +/* + File: acl_extended_file.c + + Copyright (C) 2011 + Andreas Gruenbacher, + + This program is free software; you can redistribute it and/or + modify it under the terms of the GNU Lesser General Public + License as published by the Free Software Foundation; either + version 2.1 of the License, or (at your option) any later version. + + This program is distributed in the hope that it will be useful, + but WITHOUT ANY WARRANTY; without even the implied warranty of + MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU + Lesser General Public License for more details. + + You should have received a copy of the GNU Lesser General Public + License along with this library; if not, write to the Free Software + Foundation, Inc., 59 Temple Place - Suite 330, Boston, MA 02111-1307, USA. +*/ + +#include +#include +#include "libacl.h" + +#include "__acl_extended_file.h" + + +int +acl_extended_file_nofollow(const char *path_p) +{ + return __acl_extended_file(path_p, lgetxattr); +} + diff --git a/man/man3/acl_extended_file.3 b/man/man3/acl_extended_file.3 index 0ca7e0f..1f04331 100644 --- a/man/man3/acl_extended_file.3 +++ b/man/man3/acl_extended_file.3 @@ -25,7 +25,7 @@ .Dt ACL_EXTENDED_FILE 3 .Os "Linux ACL" .Sh NAME -.Nm acl_extended_file +.Nm acl_extended_file, acl_extended_file_nofollow .Nd test for information in ACLs by file name .Sh LIBRARY Linux Access Control Lists library (libacl, \-lacl). @@ -34,6 +34,8 @@ Linux Access Control Lists library (libacl, \-lacl). .In acl/libacl.h .Ft int .Fn acl_extended_file "const char *path_p" +.Ft int +.Fn acl_extended_file_nofollow "const char *path_p" .Sh DESCRIPTION The .Fn acl_extended_file @@ -61,6 +63,13 @@ mechanisms, such as Mandatory Access Control schemes. The .Xr access 2 system call can be used to check whether a given type of access to a file object would be granted. +.Pp +.Fn acl_extended_file_nofollow +is identical to +.Fn acl_extended_file , +except in the case of a symbolic link, where the link itself is interrogated, +not the file that it refers to. Since symbolic links have no ACL themselves, +the operation is supposed to fail on them. .Sh RETURN VALUE If successful, the .Fn acl_extended_file diff --git a/man/man5/acl.5 b/man/man5/acl.5 index 6b0f468..aec58aa 100644 --- a/man/man5/acl.5 +++ b/man/man5/acl.5 @@ -497,6 +497,7 @@ These non-portable extensions are available on Linux systems. .Xr acl_error 3 , .Xr acl_extended_fd 3 , .Xr acl_extended_file 3 , +.Xr acl_extended_file_nofollow 3 , .Xr acl_from_mode 3 , .Xr acl_get_perm 3 , .Xr acl_to_any_text 3 -- 1.7.4 From ad4ca5aaee96e98b2e8e8a4351fa5e6c58d65216 Mon Sep 17 00:00:00 2001 From: Andreas Gruenbacher Date: Mon, 4 Apr 2011 17:18:38 +0200 Subject: [PATCH 2/2] Minor fixes to the previous commit * Assign the new libacl version ACL_1.2 to acl_extended_file_nofollow so that package managers will end up with the appropriate dependencies. * Add a manpage entry for acl_extended_file_nofollow which sources ("links to") the acl_extended_file manpage. * Remove the prototype for getxattr/lgetxattr. * Whitespace cleanups. --- exports | 7 ++++++- libacl/__acl_extended_file.c | 7 ++++--- libacl/__acl_extended_file.h | 7 +++---- libacl/acl_extended_file_nofollow.c | 3 +-- man/man3/acl_extended_file.3 | 2 +- man/man3/acl_extended_file_nofollow.3 | 1 + 6 files changed, 16 insertions(+), 11 deletions(-) create mode 100644 man/man3/acl_extended_file_nofollow.3 diff --git a/exports b/exports index b368c22..7d8e69e 100644 --- a/exports +++ b/exports @@ -82,5 +82,10 @@ ACL_1.1 { # Linux specific extensions perm_copy_fd; perm_copy_file; - acl_extended_file_nofollow; } ACL_1.0; + +ACL_1.2 { + global: + # Linux specific extensions + acl_extended_file_nofollow; +} ACL_1.1; diff --git a/libacl/__acl_extended_file.c b/libacl/__acl_extended_file.c index 629afe9..3e45abd 100644 --- a/libacl/__acl_extended_file.c +++ b/libacl/__acl_extended_file.c @@ -1,5 +1,5 @@ /* - File: acl_extended_file.c + File: __acl_extended_file.c Copyright (C) 2000, 2011 Andreas Gruenbacher, @@ -29,7 +29,9 @@ int -__acl_extended_file(const char *path_p, getxattr_t fun) +__acl_extended_file(const char *path_p, + ssize_t (*fun)(const char *, const char *, + void *, size_t)) { int base_size = sizeof(acl_ea_header) + 3 * sizeof(acl_ea_entry); int retval; @@ -46,4 +48,3 @@ __acl_extended_file(const char *path_p, getxattr_t fun) return 1; return 0; } - diff --git a/libacl/__acl_extended_file.h b/libacl/__acl_extended_file.h index f8881a1..0b0da9e 100644 --- a/libacl/__acl_extended_file.h +++ b/libacl/__acl_extended_file.h @@ -1,4 +1,3 @@ -typedef ssize_t (*getxattr_t)(const char *, const char *, void *value, - size_t size); - -int __acl_extended_file(const char *path_p, getxattr_t fun); +int __acl_extended_file(const char *path_p, + ssize_t (*)(const char *, const char *, + void *, size_t)); diff --git a/libacl/acl_extended_file_nofollow.c b/libacl/acl_extended_file_nofollow.c index 8f4711f..c253e4d 100644 --- a/libacl/acl_extended_file_nofollow.c +++ b/libacl/acl_extended_file_nofollow.c @@ -1,5 +1,5 @@ /* - File: acl_extended_file.c + File: acl_extended_file_nofollow.c Copyright (C) 2011 Andreas Gruenbacher, @@ -31,4 +31,3 @@ acl_extended_file_nofollow(const char *path_p) { return __acl_extended_file(path_p, lgetxattr); } - diff --git a/man/man3/acl_extended_file.3 b/man/man3/acl_extended_file.3 index 1f04331..fdeef86 100644 --- a/man/man3/acl_extended_file.3 +++ b/man/man3/acl_extended_file.3 @@ -65,7 +65,7 @@ system call can be used to check whether a given type of access to a file object would be granted. .Pp .Fn acl_extended_file_nofollow -is identical to +is identical to .Fn acl_extended_file , except in the case of a symbolic link, where the link itself is interrogated, not the file that it refers to. Since symbolic links have no ACL themselves, diff --git a/man/man3/acl_extended_file_nofollow.3 b/man/man3/acl_extended_file_nofollow.3 new file mode 100644 index 0000000..44fc24f --- /dev/null +++ b/man/man3/acl_extended_file_nofollow.3 @@ -0,0 +1 @@ +.so man3/acl_extended_file.3 -- 1.7.4