d/freebsd-skq
1
0
Fork 0
Code Issues Pull Requests Packages Projects Releases Wiki Activity

setfacl: add recursive functionality

Browse Source 
Add a -R option to setfacl to operate recursively on directories, along
with the accompanying flags -H, -L, and -P (whose behaviour mimics
chmod).

A patch was submitted with PR 155163, but this is a new implementation
based on comments raised in the Phabricator review for that patch
(review D9096).

PR:		155163
Submitted by:	Mitchell Horne <mhorne063@gmail.com>
Reviewed by:	jilles
MFC after:	2 weeks
Relnotes:	Yes
Sponsored by:	The FreeBSD Foundation
Differential Revision:	https://reviews.freebsd.org/D14934
This commit is contained in:
Ed Maste 2018-04-10 23:29:57 +00:00
parent 97603f1da2
commit 0629b15276
4 changed files with 169 additions and 91 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

20
bin/setfacl/setfacl.1
View File

@ -26,7 +26,7 @@
.\"
.\" $FreeBSD$
.\"
.Dd January 23, 2016
.Dd April 10, 2018
.Dt SETFACL 1
.Os
.Sh NAME
@ -34,6 +34,7 @@
.Nd set ACL information
.Sh SYNOPSIS
.Nm
.Op Fl R Op Fl H | L | P
.Op Fl bdhkn
.Op Fl a Ar position entries
.Op Fl m Ar entries
@ -83,6 +84,12 @@ default ACL's. This option is not applicable to NFSv4 ACLs.
.It Fl h
If the target of the operation is a symbolic link, perform the operation
on the symbolic link itself, rather than following the link.
.It Fl H
If the
.Fl R
option is specified, symbolic links on the command line are followed
and hence unaffected by the command.
(Symbolic links encountered during tree traversal are not followed.)
.It Fl k
Delete any default ACL entries on the specified files.
It
@ -91,6 +98,10 @@ any default ACL entries.
An error will be reported if any of
the specified files cannot have a default entry (i.e.\&
non-directories). This option is not applicable to NFSv4 ACLs.
.It Fl L
If the
.Fl R
option is specified, all symbolic links are followed.
.It Fl m Ar entries
Modify the ACL on the specified file.
New entries will be added, and existing entries will be modified
@ -116,6 +127,13 @@ the input is taken from stdin.
Do not recalculate the permissions associated with the ACL
mask entry.
This option is not applicable to NFSv4 ACLs.
.It Fl P
If the
.Fl R
option is specified, no symbolic links are followed.
This is the default.
.It Fl R
Perform the action recursively on any specified directories.
.It Fl x Ar entries | position
If
.Ar entries

228
bin/setfacl/setfacl.c
View File

@ -35,6 +35,9 @@ __FBSDID("$FreeBSD$");
#include <err.h>
#include <errno.h>
#include <fts.h>
#include <stdbool.h>
#include <stdint.h>
#include <stdio.h>
#include <stdlib.h>
#include <string.h>
@ -59,41 +62,20 @@ struct sf_entry {
};
static TAILQ_HEAD(, sf_entry) entrylist;
/* TAILQ entry for files */
struct sf_file {
const char *filename;
TAILQ_ENTRY(sf_file) next;
};
static TAILQ_HEAD(, sf_file) filelist;
uint have_mask;
uint need_mask;
uint have_stdin;
uint n_flag;
static void add_filename(const char *filename);
static void usage(void);
static void
add_filename(const char *filename)
{
struct sf_file *file;
if (strlen(filename) > PATH_MAX - 1) {
warn("illegal filename");
return;
}
file = zmalloc(sizeof(struct sf_file));
file->filename = filename;
TAILQ_INSERT_TAIL(&filelist, file, next);
}
static void
usage(void)
{
fprintf(stderr, "usage: setfacl [-bdhkn] [-a position entries] "
"[-m entries] [-M file] [-x entries] [-X file] [file ...]\n");
fprintf(stderr, "usage: setfacl [-R [-H | -L | -P]] [-bdhkn] "
"[-a position entries] [-m entries] [-M file] "
"[-x entries] [-X file] [file ...]\n");
exit(1);
}
@ -104,23 +86,32 @@ main(int argc, char *argv[])
acl_type_t acl_type;
acl_entry_t unused_entry;
char filename[PATH_MAX];
int local_error, carried_error, ch, i, entry_number, ret;
int h_flag;
struct sf_file *file;
int local_error, carried_error, ch, entry_number, ret, fts_options;
bool h_flag, H_flag, L_flag, R_flag, follow_symlink;
size_t fl_count, i;
FTS *ftsp;
FTSENT *file;
char **files_list;
struct sf_entry *entry;
const char *fn_dup;
char *end;
struct stat sb;
acl_type = ACL_TYPE_ACCESS;
carried_error = local_error = 0;
h_flag = have_mask = have_stdin = n_flag = need_mask = 0;
carried_error = local_error = fts_options = 0;
have_mask = have_stdin = n_flag = need_mask = 0;
h_flag = H_flag = L_flag = R_flag = false;
TAILQ_INIT(&entrylist);
TAILQ_INIT(&filelist);
while ((ch = getopt(argc, argv, "M:X:a:bdhkm:nx:")) != -1)
while ((ch = getopt(argc, argv, "HLM:PRX:a:bdhkm:nx:")) != -1)
switch(ch) {
case 'H':
H_flag = true;
L_flag = false;
break;
case 'L':
L_flag = true;
H_flag = false;
break;
case 'M':
entry = zmalloc(sizeof(struct sf_entry));
entry->acl = get_acl_from_file(optarg);
@ -129,6 +120,12 @@ main(int argc, char *argv[])
entry->op = OP_MERGE_ACL;
TAILQ_INSERT_TAIL(&entrylist, entry, next);
break;
case 'P':
H_flag = L_flag = false;
break;
case 'R':
R_flag = true;
break;
case 'X':
entry = zmalloc(sizeof(struct sf_entry));
entry->acl = get_acl_from_file(optarg);
@ -213,43 +210,93 @@ main(int argc, char *argv[])
err(1, "cannot have more than one stdin");
have_stdin = 1;
bzero(&filename, sizeof(filename));
i = 0;
/* Start with an array size sufficient for basic cases. */
fl_count = 1024;
files_list = zmalloc(fl_count * sizeof(char *));
while (fgets(filename, (int)sizeof(filename), stdin)) {
/* remove the \n */
filename[strlen(filename) - 1] = '\0';
fn_dup = strdup(filename);
if (fn_dup == NULL)
files_list[i] = strdup(filename);
if (files_list[i] == NULL)
err(1, "strdup() failed");
add_filename(fn_dup);
/* Grow array if necessary. */
if (++i == fl_count) {
fl_count <<= 1;
if (fl_count > SIZE_MAX / sizeof(char *))
errx(1, "Too many input files");
files_list = zrealloc(files_list,
fl_count * sizeof(char *));
}
}
/* fts_open() requires the last array element to be NULL. */
files_list[i] = NULL;
} else
files_list = argv;
if (R_flag) {
if (h_flag)
errx(1, "the -R and -h options may not be "
"specified together.");
if (L_flag) {
fts_options = FTS_LOGICAL;
} else {
fts_options = FTS_PHYSICAL;
if (H_flag) {
fts_options |= FTS_COMFOLLOW;
}
}
} else if (h_flag) {
fts_options = FTS_PHYSICAL;
} else {
fts_options = FTS_LOGICAL;
}
/* Open all files. */
if ((ftsp = fts_open(files_list, fts_options | FTS_NOSTAT, 0)) == NULL)
err(1, "fts_open");
while ((file = fts_read(ftsp)) != NULL) {
switch (file->fts_info) {
case FTS_D:
/* Do not recurse if -R not specified. */
if (!R_flag)
fts_set(ftsp, file, FTS_SKIP);
break;
case FTS_DP:
/* Skip the second visit to a directory. */
continue;
case FTS_DNR:
case FTS_ERR:
warnx("%s: %s", file->fts_path,
strerror(file->fts_errno));
continue;
default:
break;
}
if (acl_type == ACL_TYPE_DEFAULT && file->fts_info != FTS_D) {
warnx("%s: default ACL may only be set on "
"a directory", file->fts_path);
carried_error++;
continue;
}
} else
for (i = 0; i < argc; i++)
add_filename(argv[i]);
/* cycle through each file */
TAILQ_FOREACH(file, &filelist, next) {
local_error = 0;
if (stat(file->filename, &sb) == -1) {
warn("%s: stat() failed", file->filename);
carried_error++;
continue;
}
follow_symlink = ((fts_options & FTS_LOGICAL) ||
((fts_options & FTS_COMFOLLOW) &&
file->fts_level == FTS_ROOTLEVEL));
if (acl_type == ACL_TYPE_DEFAULT && S_ISDIR(sb.st_mode) == 0) {
warnx("%s: default ACL may only be set on a directory",
file->filename);
carried_error++;
continue;
}
if (h_flag)
ret = lpathconf(file->filename, _PC_ACL_NFS4);
if (follow_symlink)
ret = pathconf(file->fts_accpath, _PC_ACL_NFS4);
else
ret = pathconf(file->filename, _PC_ACL_NFS4);
ret = lpathconf(file->fts_accpath, _PC_ACL_NFS4);
if (ret > 0) {
if (acl_type == ACL_TYPE_DEFAULT) {
warnx("%s: there are no default entries "
"in NFSv4 ACLs", file->filename);
"in NFSv4 ACLs", file->fts_path);
carried_error++;
continue;
}
@ -259,20 +306,20 @@ main(int argc, char *argv[])
acl_type = ACL_TYPE_ACCESS;
} else if (ret < 0 && errno != EINVAL) {
warn("%s: pathconf(..., _PC_ACL_NFS4) failed",
file->filename);
file->fts_path);
}
if (h_flag)
acl = acl_get_link_np(file->filename, acl_type);
if (follow_symlink)
acl = acl_get_file(file->fts_accpath, acl_type);
else
acl = acl_get_file(file->filename, acl_type);
acl = acl_get_link_np(file->fts_accpath, acl_type);
if (acl == NULL) {
if (h_flag)
warn("%s: acl_get_link_np() failed",
file->filename);
else
if (follow_symlink)
warn("%s: acl_get_file() failed",
file->filename);
file->fts_path);
else
warn("%s: acl_get_link_np() failed",
file->fts_path);
carried_error++;
continue;
}
@ -285,11 +332,12 @@ main(int argc, char *argv[])
switch(entry->op) {
case OP_ADD_ACL:
local_error += add_acl(entry->acl,
entry->entry_number, &acl, file->filename);
entry->entry_number,
&acl, file->fts_path);
break;
case OP_MERGE_ACL:
local_error += merge_acl(entry->acl, &acl,
file->filename);
file->fts_path);
need_mask = 1;
break;
case OP_REMOVE_EXT:
@ -301,37 +349,37 @@ main(int argc, char *argv[])
acl_get_entry(acl, ACL_FIRST_ENTRY,
&unused_entry) == 0) {
local_error += remove_default(&acl,
file->filename);
file->fts_path);
break;
}
remove_ext(&acl, file->filename);
remove_ext(&acl, file->fts_path);
need_mask = 0;
break;
case OP_REMOVE_DEF:
if (acl_type == ACL_TYPE_NFS4) {
warnx("%s: there are no default entries in NFSv4 ACLs; "
"cannot remove", file->filename);
"cannot remove", file->fts_path);
local_error++;
break;
}
if (acl_delete_def_file(file->filename) == -1) {
if (acl_delete_def_file(file->fts_accpath) == -1) {
warn("%s: acl_delete_def_file() failed",
file->filename);
file->fts_path);
local_error++;
}
if (acl_type == ACL_TYPE_DEFAULT)
local_error += remove_default(&acl,
file->filename);
file->fts_path);
need_mask = 0;
break;
case OP_REMOVE_ACL:
local_error += remove_acl(entry->acl, &acl,
file->filename);
file->fts_path);
need_mask = 1;
break;
case OP_REMOVE_BY_NUMBER:
local_error += remove_by_number(entry->entry_number,
&acl, file->filename);
&acl, file->fts_path);
need_mask = 1;
break;
}
@ -343,9 +391,9 @@ main(int argc, char *argv[])
*/
if (acl_type == ACL_TYPE_DEFAULT &&
acl_get_entry(acl, ACL_FIRST_ENTRY, &unused_entry) == 0) {
if (acl_delete_def_file(file->filename) == -1) {
if (acl_delete_def_file(file->fts_accpath) == -1) {
warn("%s: acl_delete_def_file() failed",
file->filename);
file->fts_path);
carried_error++;
}
continue;
@ -358,22 +406,22 @@ main(int argc, char *argv[])
}
if (acl_type != ACL_TYPE_NFS4 && need_mask &&
set_acl_mask(&acl, file->filename) == -1) {
warnx("%s: failed to set ACL mask", file->filename);
set_acl_mask(&acl, file->fts_path) == -1) {
warnx("%s: failed to set ACL mask", file->fts_path);
carried_error++;
} else if (h_flag) {
if (acl_set_link_np(file->filename, acl_type,
acl) == -1) {
carried_error++;
warn("%s: acl_set_link_np() failed",
file->filename);
}
} else {
if (acl_set_file(file->filename, acl_type,
} else if (follow_symlink) {
if (acl_set_file(file->fts_accpath, acl_type,
acl) == -1) {
carried_error++;
warn("%s: acl_set_file() failed",
file->filename);
file->fts_path);
}
} else {
if (acl_set_link_np(file->fts_accpath, acl_type,
acl) == -1) {
carried_error++;
warn("%s: acl_set_link_np() failed",
file->fts_path);
}
}

1
bin/setfacl/setfacl.h
View File

@ -47,6 +47,7 @@ void remove_ext(acl_t *prev_acl, const char *filename);
int set_acl_mask(acl_t *prev_acl, const char *filename);
/* util.c */
void *zmalloc(size_t size);
void *zrealloc(void *ptr, size_t size);
const char *brand_name(int brand);
int branding_mismatch(int brand1, int brand2);

11
bin/setfacl/util.c
View File

@ -44,6 +44,17 @@ zmalloc(size_t size)
return (ptr);
}
void *
zrealloc(void *ptr, size_t size)
{
void *newptr;
newptr = realloc(ptr, size);
if (newptr == NULL)
err(1, "realloc() failed");
return (newptr);
}
const char *
brand_name(int brand)
{