1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
|
/* Copy access control list from one file to another. -*- coding: utf-8 -*-
Copyright (C) 2002-2003, 2005-2025 Free Software Foundation, Inc.
This program is free software: you can redistribute it and/or modify
it under the terms of the GNU General Public License as published by
the Free Software Foundation, either version 3 of the License, or
(at your option) any later version.
This program is distributed in the hope that it will be useful,
but WITHOUT ANY WARRANTY; without even the implied warranty of
MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
GNU General Public License for more details.
You should have received a copy of the GNU General Public License
along with this program. If not, see <https://www.gnu.org/licenses/>.
Written by Paul Eggert, Andreas Grünbacher, and Bruno Haible. */
#include <config.h>
#include "acl.h"
#include "acl-internal.h"
#if USE_XATTR
# include <attr/libattr.h>
# include <string.h>
# if HAVE_LINUX_XATTR_H
# include <linux/xattr.h>
# endif
# ifndef XATTR_NAME_NFSV4_ACL
# define XATTR_NAME_NFSV4_ACL "system.nfs4_acl"
# endif
# ifndef XATTR_NAME_POSIX_ACL_ACCESS
# define XATTR_NAME_POSIX_ACL_ACCESS "system.posix_acl_access"
# endif
# ifndef XATTR_NAME_POSIX_ACL_DEFAULT
# define XATTR_NAME_POSIX_ACL_DEFAULT "system.posix_acl_default"
# endif
/* Returns 1 if NAME is the name of an extended attribute that is related
to permissions, i.e. ACLs. Returns 0 otherwise. */
static int
is_attr_permissions (const char *name, struct error_context *ctx)
{
/* We need to explicitly test for the known extended attribute names,
because at least on CentOS 7, attr_copy_action does not do it. */
return strcmp (name, XATTR_NAME_POSIX_ACL_ACCESS) == 0
|| strcmp (name, XATTR_NAME_POSIX_ACL_DEFAULT) == 0
|| strcmp (name, XATTR_NAME_NFSV4_ACL) == 0
|| attr_copy_action (name, ctx) == ATTR_ACTION_PERMISSIONS;
}
#endif /* USE_XATTR */
/* Copy access control lists from one file to another. If SOURCE_DESC is
a valid file descriptor, use file descriptor operations, else use
filename based operations on SRC_NAME. Likewise for DEST_DESC and
DST_NAME.
If access control lists are not available, fchmod the target file to
MODE. Also sets the non-permission bits of the destination file
(S_ISUID, S_ISGID, S_ISVTX) to those from MODE if any are set.
Return 0 if successful.
Return -2 and set errno for an error relating to the source file.
Return -1 and set errno for an error relating to the destination file. */
int
qcopy_acl (const char *src_name, int source_desc, const char *dst_name,
int dest_desc, mode_t mode)
{
int ret;
#ifdef USE_XATTR
/* in case no ACLs present and also to set higher mode bits
we chmod before setting ACLs as doing it after could overwrite them
(especially true for NFSv4, posix ACL has that ugly "mask" hack that
nobody understands) */
ret = chmod_or_fchmod (dst_name, dest_desc, mode);
/* Rather than fiddling with acls one by one, we just copy the whole ACL xattrs
(Posix or NFSv4). Of course, that won't address ACLs conversion
(i.e. posix <-> nfs4) but we can't do it anyway, so for now, we don't care
Functions attr_copy_* return 0 in case we copied something OR nothing
to copy */
if (ret == 0)
ret = source_desc <= 0 || dest_desc <= 0
? attr_copy_file (src_name, dst_name, is_attr_permissions, NULL)
: attr_copy_fd (src_name, source_desc, dst_name, dest_desc,
is_attr_permissions, NULL);
#else
/* no XATTR, so we proceed the old dusty way */
struct permission_context ctx;
ret = get_permissions (src_name, source_desc, mode, &ctx);
if (ret != 0)
return -2;
ret = set_permissions (&ctx, dst_name, dest_desc);
free_permission_context (&ctx);
#endif
return ret;
}
|
