|
|
d6b572 |
From fba4f123cc456d2b2538f811bb831483bf336bad Mon Sep 17 00:00:00 2001
|
|
|
d6b572 |
From: Martin Matuska <martin@matuska.org>
|
|
|
d6b572 |
Date: Sat, 21 Aug 2021 20:51:07 +0200
|
|
|
d6b572 |
Subject: [PATCH 1/2] Fix handling of symbolic link ACLs
|
|
|
d6b572 |
|
|
|
d6b572 |
On Linux ACLs on symbolic links are not supported.
|
|
|
d6b572 |
We must avoid calling acl_set_file() on symbolic links as their
|
|
|
d6b572 |
targets are modified instead.
|
|
|
d6b572 |
|
|
|
d6b572 |
While here, do not try to set default ACLs on non-directories.
|
|
|
d6b572 |
|
|
|
d6b572 |
Fixes #1565
|
|
|
d6b572 |
---
|
|
|
d6b572 |
libarchive/archive_disk_acl_freebsd.c | 20 +++++++++++++++-----
|
|
|
d6b572 |
libarchive/archive_disk_acl_linux.c | 23 ++++++++++++++++++++---
|
|
|
d6b572 |
libarchive/archive_disk_acl_sunos.c | 13 +++++++++----
|
|
|
d6b572 |
3 files changed, 44 insertions(+), 12 deletions(-)
|
|
|
d6b572 |
|
|
|
d6b572 |
diff --git a/libarchive/archive_disk_acl_freebsd.c b/libarchive/archive_disk_acl_freebsd.c
|
|
|
d6b572 |
index aba41e5d..ed4e7a78 100644
|
|
|
d6b572 |
--- a/libarchive/archive_disk_acl_freebsd.c
|
|
|
d6b572 |
+++ b/libarchive/archive_disk_acl_freebsd.c
|
|
|
d6b572 |
@@ -319,7 +319,7 @@ translate_acl(struct archive_read_disk *a,
|
|
|
d6b572 |
|
|
|
d6b572 |
static int
|
|
|
d6b572 |
set_acl(struct archive *a, int fd, const char *name,
|
|
|
d6b572 |
- struct archive_acl *abstract_acl,
|
|
|
d6b572 |
+ struct archive_acl *abstract_acl, __LA_MODE_T mode,
|
|
|
d6b572 |
int ae_requested_type, const char *tname)
|
|
|
d6b572 |
{
|
|
|
d6b572 |
int acl_type = 0;
|
|
|
d6b572 |
@@ -364,6 +364,13 @@ set_acl(struct archive *a, int fd, const char *name,
|
|
|
d6b572 |
return (ARCHIVE_FAILED);
|
|
|
d6b572 |
}
|
|
|
d6b572 |
|
|
|
d6b572 |
+ if (acl_type == ACL_TYPE_DEFAULT && !S_ISDIR(mode)) {
|
|
|
d6b572 |
+ errno = EINVAL;
|
|
|
d6b572 |
+ archive_set_error(a, errno,
|
|
|
d6b572 |
+ "Cannot set default ACL on non-directory");
|
|
|
d6b572 |
+ return (ARCHIVE_WARN);
|
|
|
d6b572 |
+ }
|
|
|
d6b572 |
+
|
|
|
d6b572 |
acl = acl_init(entries);
|
|
|
d6b572 |
if (acl == (acl_t)NULL) {
|
|
|
d6b572 |
archive_set_error(a, errno,
|
|
|
d6b572 |
@@ -542,7 +549,10 @@ set_acl(struct archive *a, int fd, const char *name,
|
|
|
d6b572 |
else if (acl_set_link_np(name, acl_type, acl) != 0)
|
|
|
d6b572 |
#else
|
|
|
d6b572 |
/* FreeBSD older than 8.0 */
|
|
|
d6b572 |
- else if (acl_set_file(name, acl_type, acl) != 0)
|
|
|
d6b572 |
+ else if (S_ISLNK(mode)) {
|
|
|
d6b572 |
+ /* acl_set_file() follows symbolic links, skip */
|
|
|
d6b572 |
+ ret = ARCHIVE_OK;
|
|
|
d6b572 |
+ } else if (acl_set_file(name, acl_type, acl) != 0)
|
|
|
d6b572 |
#endif
|
|
|
d6b572 |
{
|
|
|
d6b572 |
if (errno == EOPNOTSUPP) {
|
|
|
d6b572 |
@@ -677,14 +687,14 @@ archive_write_disk_set_acls(struct archive *a, int fd, const char *name,
|
|
|
d6b572 |
& ARCHIVE_ENTRY_ACL_TYPE_POSIX1E) != 0) {
|
|
|
d6b572 |
if ((archive_acl_types(abstract_acl)
|
|
|
d6b572 |
& ARCHIVE_ENTRY_ACL_TYPE_ACCESS) != 0) {
|
|
|
d6b572 |
- ret = set_acl(a, fd, name, abstract_acl,
|
|
|
d6b572 |
+ ret = set_acl(a, fd, name, abstract_acl, mode,
|
|
|
d6b572 |
ARCHIVE_ENTRY_ACL_TYPE_ACCESS, "access");
|
|
|
d6b572 |
if (ret != ARCHIVE_OK)
|
|
|
d6b572 |
return (ret);
|
|
|
d6b572 |
}
|
|
|
d6b572 |
if ((archive_acl_types(abstract_acl)
|
|
|
d6b572 |
& ARCHIVE_ENTRY_ACL_TYPE_DEFAULT) != 0)
|
|
|
d6b572 |
- ret = set_acl(a, fd, name, abstract_acl,
|
|
|
d6b572 |
+ ret = set_acl(a, fd, name, abstract_acl, mode,
|
|
|
d6b572 |
ARCHIVE_ENTRY_ACL_TYPE_DEFAULT, "default");
|
|
|
d6b572 |
|
|
|
d6b572 |
/* Simultaneous POSIX.1e and NFSv4 is not supported */
|
|
|
d6b572 |
@@ -693,7 +703,7 @@ archive_write_disk_set_acls(struct archive *a, int fd, const char *name,
|
|
|
d6b572 |
#if ARCHIVE_ACL_FREEBSD_NFS4
|
|
|
d6b572 |
else if ((archive_acl_types(abstract_acl) &
|
|
|
d6b572 |
ARCHIVE_ENTRY_ACL_TYPE_NFS4) != 0) {
|
|
|
d6b572 |
- ret = set_acl(a, fd, name, abstract_acl,
|
|
|
d6b572 |
+ ret = set_acl(a, fd, name, abstract_acl, mode,
|
|
|
d6b572 |
ARCHIVE_ENTRY_ACL_TYPE_NFS4, "nfs4");
|
|
|
d6b572 |
}
|
|
|
d6b572 |
#endif
|
|
|
d6b572 |
diff --git a/libarchive/archive_disk_acl_linux.c b/libarchive/archive_disk_acl_linux.c
|
|
|
d6b572 |
index 3928f3d6..31d27053 100644
|
|
|
d6b572 |
--- a/libarchive/archive_disk_acl_linux.c
|
|
|
d6b572 |
+++ b/libarchive/archive_disk_acl_linux.c
|
|
|
d6b572 |
@@ -343,6 +343,11 @@ set_richacl(struct archive *a, int fd, const char *name,
|
|
|
d6b572 |
return (ARCHIVE_FAILED);
|
|
|
d6b572 |
}
|
|
|
d6b572 |
|
|
|
d6b572 |
+ if (S_ISLNK(mode)) {
|
|
|
d6b572 |
+ /* Linux does not support RichACLs on symbolic links */
|
|
|
d6b572 |
+ return (ARCHIVE_OK);
|
|
|
d6b572 |
+ }
|
|
|
d6b572 |
+
|
|
|
d6b572 |
richacl = richacl_alloc(entries);
|
|
|
d6b572 |
if (richacl == NULL) {
|
|
|
d6b572 |
archive_set_error(a, errno,
|
|
|
d6b572 |
@@ -455,7 +460,7 @@ exit_free:
|
|
|
d6b572 |
#if ARCHIVE_ACL_LIBACL
|
|
|
d6b572 |
static int
|
|
|
d6b572 |
set_acl(struct archive *a, int fd, const char *name,
|
|
|
d6b572 |
- struct archive_acl *abstract_acl,
|
|
|
d6b572 |
+ struct archive_acl *abstract_acl, __LA_MODE_T mode,
|
|
|
d6b572 |
int ae_requested_type, const char *tname)
|
|
|
d6b572 |
{
|
|
|
d6b572 |
int acl_type = 0;
|
|
|
d6b572 |
@@ -488,6 +493,18 @@ set_acl(struct archive *a, int fd, const char *name,
|
|
|
d6b572 |
return (ARCHIVE_FAILED);
|
|
|
d6b572 |
}
|
|
|
d6b572 |
|
|
|
d6b572 |
+ if (S_ISLNK(mode)) {
|
|
|
d6b572 |
+ /* Linux does not support ACLs on symbolic links */
|
|
|
d6b572 |
+ return (ARCHIVE_OK);
|
|
|
d6b572 |
+ }
|
|
|
d6b572 |
+
|
|
|
d6b572 |
+ if (acl_type == ACL_TYPE_DEFAULT && !S_ISDIR(mode)) {
|
|
|
d6b572 |
+ errno = EINVAL;
|
|
|
d6b572 |
+ archive_set_error(a, errno,
|
|
|
d6b572 |
+ "Cannot set default ACL on non-directory");
|
|
|
d6b572 |
+ return (ARCHIVE_WARN);
|
|
|
d6b572 |
+ }
|
|
|
d6b572 |
+
|
|
|
d6b572 |
acl = acl_init(entries);
|
|
|
d6b572 |
if (acl == (acl_t)NULL) {
|
|
|
d6b572 |
archive_set_error(a, errno,
|
|
|
d6b572 |
@@ -727,14 +744,14 @@ archive_write_disk_set_acls(struct archive *a, int fd, const char *name,
|
|
|
d6b572 |
& ARCHIVE_ENTRY_ACL_TYPE_POSIX1E) != 0) {
|
|
|
d6b572 |
if ((archive_acl_types(abstract_acl)
|
|
|
d6b572 |
& ARCHIVE_ENTRY_ACL_TYPE_ACCESS) != 0) {
|
|
|
d6b572 |
- ret = set_acl(a, fd, name, abstract_acl,
|
|
|
d6b572 |
+ ret = set_acl(a, fd, name, abstract_acl, mode,
|
|
|
d6b572 |
ARCHIVE_ENTRY_ACL_TYPE_ACCESS, "access");
|
|
|
d6b572 |
if (ret != ARCHIVE_OK)
|
|
|
d6b572 |
return (ret);
|
|
|
d6b572 |
}
|
|
|
d6b572 |
if ((archive_acl_types(abstract_acl)
|
|
|
d6b572 |
& ARCHIVE_ENTRY_ACL_TYPE_DEFAULT) != 0)
|
|
|
d6b572 |
- ret = set_acl(a, fd, name, abstract_acl,
|
|
|
d6b572 |
+ ret = set_acl(a, fd, name, abstract_acl, mode,
|
|
|
d6b572 |
ARCHIVE_ENTRY_ACL_TYPE_DEFAULT, "default");
|
|
|
d6b572 |
}
|
|
|
d6b572 |
#endif /* ARCHIVE_ACL_LIBACL */
|
|
|
d6b572 |
diff --git a/libarchive/archive_disk_acl_sunos.c b/libarchive/archive_disk_acl_sunos.c
|
|
|
d6b572 |
index b0f5dfad..0ef3ad52 100644
|
|
|
d6b572 |
--- a/libarchive/archive_disk_acl_sunos.c
|
|
|
d6b572 |
+++ b/libarchive/archive_disk_acl_sunos.c
|
|
|
d6b572 |
@@ -443,7 +443,7 @@ translate_acl(struct archive_read_disk *a,
|
|
|
d6b572 |
|
|
|
d6b572 |
static int
|
|
|
d6b572 |
set_acl(struct archive *a, int fd, const char *name,
|
|
|
d6b572 |
- struct archive_acl *abstract_acl,
|
|
|
d6b572 |
+ struct archive_acl *abstract_acl, __LA_MODE_T mode,
|
|
|
d6b572 |
int ae_requested_type, const char *tname)
|
|
|
d6b572 |
{
|
|
|
d6b572 |
aclent_t *aclent;
|
|
|
d6b572 |
@@ -467,7 +467,6 @@ set_acl(struct archive *a, int fd, const char *name,
|
|
|
d6b572 |
if (entries == 0)
|
|
|
d6b572 |
return (ARCHIVE_OK);
|
|
|
d6b572 |
|
|
|
d6b572 |
-
|
|
|
d6b572 |
switch (ae_requested_type) {
|
|
|
d6b572 |
case ARCHIVE_ENTRY_ACL_TYPE_POSIX1E:
|
|
|
d6b572 |
cmd = SETACL;
|
|
|
d6b572 |
@@ -492,6 +491,12 @@ set_acl(struct archive *a, int fd, const char *name,
|
|
|
d6b572 |
return (ARCHIVE_FAILED);
|
|
|
d6b572 |
}
|
|
|
d6b572 |
|
|
|
d6b572 |
+ if (S_ISLNK(mode)) {
|
|
|
d6b572 |
+ /* Skip ACLs on symbolic links */
|
|
|
d6b572 |
+ ret = ARCHIVE_OK;
|
|
|
d6b572 |
+ goto exit_free;
|
|
|
d6b572 |
+ }
|
|
|
d6b572 |
+
|
|
|
d6b572 |
e = 0;
|
|
|
d6b572 |
|
|
|
d6b572 |
while (archive_acl_next(a, abstract_acl, ae_requested_type, &ae_type,
|
|
|
d6b572 |
@@ -801,7 +806,7 @@ archive_write_disk_set_acls(struct archive *a, int fd, const char *name,
|
|
|
d6b572 |
if ((archive_acl_types(abstract_acl)
|
|
|
d6b572 |
& ARCHIVE_ENTRY_ACL_TYPE_POSIX1E) != 0) {
|
|
|
d6b572 |
/* Solaris writes POSIX.1e access and default ACLs together */
|
|
|
d6b572 |
- ret = set_acl(a, fd, name, abstract_acl,
|
|
|
d6b572 |
+ ret = set_acl(a, fd, name, abstract_acl, mode,
|
|
|
d6b572 |
ARCHIVE_ENTRY_ACL_TYPE_POSIX1E, "posix1e");
|
|
|
d6b572 |
|
|
|
d6b572 |
/* Simultaneous POSIX.1e and NFSv4 is not supported */
|
|
|
d6b572 |
@@ -810,7 +815,7 @@ archive_write_disk_set_acls(struct archive *a, int fd, const char *name,
|
|
|
d6b572 |
#if ARCHIVE_ACL_SUNOS_NFS4
|
|
|
d6b572 |
else if ((archive_acl_types(abstract_acl) &
|
|
|
d6b572 |
ARCHIVE_ENTRY_ACL_TYPE_NFS4) != 0) {
|
|
|
d6b572 |
- ret = set_acl(a, fd, name, abstract_acl,
|
|
|
d6b572 |
+ ret = set_acl(a, fd, name, abstract_acl, mode,
|
|
|
d6b572 |
ARCHIVE_ENTRY_ACL_TYPE_NFS4, "nfs4");
|
|
|
d6b572 |
}
|
|
|
d6b572 |
#endif
|
|
|
d6b572 |
--
|
|
|
d6b572 |
2.31.1
|
|
|
d6b572 |
|