]>
Dogcows Code - chaz/tar/blob - src/xattrs.c
1 /* Support for extended attributes.
3 Copyright (C) 2006, 2007, 2008, 2009, 2010, 2011, 2012 Free Software
6 Written by James Antill, on 2006-07-27.
8 This program is free software; you can redistribute it and/or modify it
9 under the terms of the GNU General Public License as published by the
10 Free Software Foundation; either version 3, or (at your option) any later
13 This program is distributed in the hope that it will be useful, but
14 WITHOUT ANY WARRANTY; without even the implied warranty of
15 MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU General
16 Public License for more details.
18 You should have received a copy of the GNU General Public License along
19 with this program; if not, write to the Free Software Foundation, Inc.,
20 51 Franklin Street, Fifth Floor, Boston, MA 02110-1301, USA. */
31 #include "selinux-at.h"
33 struct xattrs_mask_map
40 /* list of fnmatch patterns */
43 /* lists of fnmatch patterns */
44 struct xattrs_mask_map incl
;
45 struct xattrs_mask_map excl
;
48 /* disable posix acls when problem found in gnulib script m4/acl.m4 */
50 # undef HAVE_POSIX_ACLS
53 #ifdef HAVE_POSIX_ACLS
58 #ifdef HAVE_POSIX_ACLS
60 /* acl-at wrappers, TODO: move to gnulib in future? */
61 acl_t
acl_get_file_at (int dirfd
, const char *file
, acl_type_t type
);
62 int acl_set_file_at (int dirfd
, const char *file
, acl_type_t type
, acl_t acl
);
63 int file_has_acl_at (int dirfd
, char const *, struct stat
const *);
66 #define AT_FUNC_NAME acl_get_file_at
67 #define AT_FUNC_RESULT acl_t
68 #define AT_FUNC_FAIL (acl_t)NULL
69 #define AT_FUNC_F1 acl_get_file
70 #define AT_FUNC_POST_FILE_PARAM_DECLS , acl_type_t type
71 #define AT_FUNC_POST_FILE_ARGS , type
77 #undef AT_FUNC_POST_FILE_PARAM_DECLS
78 #undef AT_FUNC_POST_FILE_ARGS
81 #define AT_FUNC_NAME acl_set_file_at
82 #define AT_FUNC_F1 acl_set_file
83 #define AT_FUNC_POST_FILE_PARAM_DECLS , acl_type_t type, acl_t acl
84 #define AT_FUNC_POST_FILE_ARGS , type, acl
88 #undef AT_FUNC_POST_FILE_PARAM_DECLS
89 #undef AT_FUNC_POST_FILE_ARGS
91 /* gnulib file_has_acl_at */
92 #define AT_FUNC_NAME file_has_acl_at
93 #define AT_FUNC_F1 file_has_acl
94 #define AT_FUNC_POST_FILE_PARAM_DECLS , struct stat const *st
95 #define AT_FUNC_POST_FILE_ARGS , st
99 #undef AT_FUNC_POST_FILE_PARAM_DECLS
100 #undef AT_FUNC_POST_FILE_ARGS
102 /* convert unix permissions into an ACL ... needed due to "default" ACLs */
104 perms2acl (int perms
)
106 char val
[] = "user::---,group::---,other::---";
107 /* 0123456789 123456789 123456789 123456789 */
133 return acl_from_text (val
);
137 skip_to_ext_fields (char *ptr
)
139 ptr
+= strcspn (ptr
, ":,\n"); /* skip tag name. Ie. user/group/default/mask */
142 return ptr
; /* error? no user/group field */
145 ptr
+= strcspn (ptr
, ":,\n"); /* skip user/group name */
148 return ptr
; /* error? no perms field */
151 ptr
+= strcspn (ptr
, ":,\n"); /* skip perms */
154 return ptr
; /* no extra fields */
159 /* The POSIX draft allows extra fields after the three main ones. Star
160 uses this to add a fourth field for user/group which is the numeric ID.
161 We just skip all extra fields atm. */
163 fixup_extra_acl_fields (const char *ptr
)
165 char *src
= (char *) ptr
;
166 char *dst
= (char *) ptr
;
170 const char *old
= src
;
173 src
= skip_to_ext_fields (src
);
176 memmove (dst
, old
, len
);
179 if (*src
== ':') /* We have extra fields, skip them all */
180 src
+= strcspn (src
, "\n,");
182 if ((*src
== '\n') || (*src
== ','))
183 *dst
++ = *src
++; /* also done when dst == src, but that's ok */
192 xattrs__acls_set (struct tar_stat_info
const *st
,
193 char const *file_name
, int type
,
194 const char *ptr
, size_t len
, bool def
)
195 { /* "system.posix_acl_access" */
200 /* assert (strlen (ptr) == len); */
201 ptr
= fixup_extra_acl_fields (ptr
);
203 acl
= acl_from_text (ptr
);
206 else if (acls_option
> 0)
207 acl
= perms2acl (st
->stat
.st_mode
);
209 return; /* don't call acl functions unless we first hit an ACL, or
210 --acls was passed explicitly */
212 if (acl
== (acl_t
) NULL
)
214 call_arg_warn ("acl_from_text", file_name
);
218 if (acl_set_file_at (chdir_fd
, file_name
, type
, acl
) == -1)
219 /* warn even if filesystem does not support acls */
220 WARNOPT (WARN_XATTR_WRITE
,
222 _("acl_set_file_at: Cannot set POSIX ACLs for file '%s'"),
229 xattrs__acls_get_a (int parentfd
, const char *file_name
,
230 struct tar_stat_info
*st
,
231 char **ret_ptr
, size_t * ret_len
)
232 { /* "system.posix_acl_access" */
237 if ((acl
= acl_get_file_at (parentfd
, file_name
, ACL_TYPE_ACCESS
))
240 if (errno
!= ENOTSUP
)
241 call_arg_warn ("acl_get_file_at", file_name
);
245 val
= acl_to_text (acl
, &len
);
250 call_arg_warn ("acl_to_text", file_name
);
254 *ret_ptr
= xstrdup (val
);
261 xattrs__acls_get_d (int parentfd
, char const *file_name
,
262 struct tar_stat_info
*st
,
263 char **ret_ptr
, size_t * ret_len
)
264 { /* "system.posix_acl_default" */
269 if ((acl
= acl_get_file_at (parentfd
, file_name
, ACL_TYPE_DEFAULT
))
272 if (errno
!= ENOTSUP
)
273 call_arg_warn ("acl_get_file_at", file_name
);
277 val
= acl_to_text (acl
, &len
);
282 call_arg_warn ("acl_to_text", file_name
);
286 *ret_ptr
= xstrdup (val
);
291 #endif /* HAVE_POSIX_ACLS */
294 acls_one_line (const char *prefix
, char delim
,
295 const char *aclstring
, size_t len
)
297 /* support both long and short text representation of posix acls */
300 int pref_len
= strlen (prefix
);
301 const char *oldstring
= aclstring
;
303 if (!aclstring
|| !len
)
309 int move
= strcspn (aclstring
, ",\n");
313 if (oldstring
!= aclstring
)
314 obstack_1grow (&stk
, delim
);
316 obstack_grow (&stk
, prefix
, pref_len
);
317 obstack_grow (&stk
, aclstring
, move
);
319 aclstring
+= move
+ 1;
322 obstack_1grow (&stk
, '\0');
323 const char *toprint
= obstack_finish (&stk
);
325 fprintf (stdlis
, "%s", toprint
);
327 obstack_free (&stk
, NULL
);
331 xattrs_acls_get (int parentfd
, char const *file_name
,
332 struct tar_stat_info
*st
, int fd
, int xisfile
)
336 #ifndef HAVE_POSIX_ACLS
339 WARN ((0, 0, _("POSIX ACL support is not available")));
342 int err
= file_has_acl_at (parentfd
, file_name
, &st
->stat
);
347 call_arg_warn ("file_has_acl_at", file_name
);
351 xattrs__acls_get_a (parentfd
, file_name
, st
,
352 &st
->acls_a_ptr
, &st
->acls_a_len
);
354 xattrs__acls_get_d (parentfd
, file_name
, st
,
355 &st
->acls_d_ptr
, &st
->acls_d_len
);
361 xattrs_acls_set (struct tar_stat_info
const *st
,
362 char const *file_name
, char typeflag
)
364 if ((acls_option
> 0) && (typeflag
!= SYMTYPE
))
366 #ifndef HAVE_POSIX_ACLS
369 WARN ((0, 0, _("POSIX ACL support is not available")));
372 xattrs__acls_set (st
, file_name
, ACL_TYPE_ACCESS
,
373 st
->acls_a_ptr
, st
->acls_a_len
, false);
374 if ((typeflag
== DIRTYPE
) || (typeflag
== GNUTYPE_DUMPDIR
))
375 xattrs__acls_set (st
, file_name
, ACL_TYPE_DEFAULT
,
376 st
->acls_d_ptr
, st
->acls_d_len
, true);
382 mask_map_realloc (struct xattrs_mask_map
*map
)
387 map
->masks
= xmalloc (16 * sizeof (char *));
391 if (map
->size
<= map
->used
)
394 map
->masks
= xrealloc (map
->masks
, map
->size
* sizeof (char *));
400 xattrs_mask_add (const char *mask
, bool incl
)
402 struct xattrs_mask_map
*mask_map
= incl
? &xattrs_setup
.incl
403 : &xattrs_setup
.excl
;
404 /* ensure there is enough space */
405 mask_map_realloc (mask_map
);
406 /* just assign pointers -- we silently expect that pointer "mask" is valid
407 through the whole program (pointer to argv array) */
408 mask_map
->masks
[mask_map
->used
++] = mask
;
412 clear_mask_map (struct xattrs_mask_map
*mask_map
)
415 free (mask_map
->masks
);
419 xattrs_clear_setup ()
421 clear_mask_map (&xattrs_setup
.incl
);
422 clear_mask_map (&xattrs_setup
.excl
);
425 /* get all xattrs from file given by FILE_NAME or FD (when non-zero). This
426 includes all the user.*, security.*, system.*, etc. available domains */
428 xattrs_xattrs_get (int parentfd
, char const *file_name
,
429 struct tar_stat_info
*st
, int fd
)
431 if (xattrs_option
> 0)
436 WARN ((0, 0, _("XATTR support is not available")));
439 static ssize_t xsz
= 1024;
440 static char *xatrs
= NULL
;
444 xatrs
= xmalloc (xsz
);
448 llistxattrat (parentfd
, file_name
, xatrs
, xsz
)) == -1) :
449 ((xret
= flistxattr (fd
, xatrs
, xsz
)) == -1))
450 && (errno
== ERANGE
))
453 xatrs
= xrealloc (xatrs
, xsz
);
457 call_arg_warn ((fd
== 0) ? "llistxattrat" : "flistxattr", file_name
);
460 const char *attr
= xatrs
;
461 static ssize_t asz
= 1024;
462 static char *val
= NULL
;
469 size_t len
= strlen (attr
);
472 /* Archive all xattrs during creation, decide at extraction time
473 * which ones are of interest/use for the target filesystem. */
475 ? ((aret
= lgetxattrat (parentfd
, file_name
, attr
,
477 : ((aret
= fgetxattr (fd
, attr
, val
, asz
)) == -1))
478 && (errno
== ERANGE
))
481 val
= xrealloc (val
, asz
);
485 xheader_xattr_add (st
, attr
, val
, aret
);
486 else if (errno
!= ENOATTR
)
487 call_arg_warn ((fd
== 0) ? "lgetxattrat"
488 : "fgetxattr", file_name
);
499 xattrs__fd_set (struct tar_stat_info
const *st
,
500 char const *file_name
, char typeflag
,
501 const char *attr
, const char *ptr
, size_t len
)
505 const char *sysname
= "setxattrat";
508 if (typeflag
!= SYMTYPE
)
509 ret
= setxattrat (chdir_fd
, file_name
, attr
, ptr
, len
, 0);
512 sysname
= "lsetxattr";
513 ret
= lsetxattrat (chdir_fd
, file_name
, attr
, ptr
, len
, 0);
517 WARNOPT (WARN_XATTR_WRITE
,
519 _("%s: Cannot set '%s' extended attribute for file '%s'"),
520 sysname
, attr
, file_name
));
524 /* lgetfileconat is called against FILE_NAME iff the FD parameter is set to
525 zero, otherwise the fgetfileconat is used against correct file descriptor */
527 xattrs_selinux_get (int parentfd
, char const *file_name
,
528 struct tar_stat_info
*st
, int fd
)
530 if (selinux_context_option
> 0)
532 #if HAVE_SELINUX_SELINUX_H != 1
535 WARN ((0, 0, _("SELinux support is not available")));
538 int result
= (fd
? fgetfilecon (fd
, &st
->cntx_name
)
539 : lgetfileconat (parentfd
, file_name
, &st
->cntx_name
));
541 if (result
== -1 && errno
!= ENODATA
&& errno
!= ENOTSUP
)
542 call_arg_warn (fd
? "fgetfilecon" : "lgetfileconat", file_name
);
548 xattrs_selinux_set (struct tar_stat_info
const *st
,
549 char const *file_name
, char typeflag
)
551 if (selinux_context_option
> 0)
553 #if HAVE_SELINUX_SELINUX_H != 1
556 WARN ((0, 0, _("SELinux support is not available")));
559 const char *sysname
= "setfilecon";
565 if (typeflag
!= SYMTYPE
)
567 ret
= setfileconat (chdir_fd
, file_name
, st
->cntx_name
);
568 sysname
= "setfileconat";
572 ret
= lsetfileconat (chdir_fd
, file_name
, st
->cntx_name
);
573 sysname
= "lsetfileconat";
577 WARNOPT (WARN_XATTR_WRITE
,
579 _("%s: Cannot set SELinux context for file '%s'"),
580 sysname
, file_name
));
586 xattrs_matches_mask (const char *kw
, struct xattrs_mask_map
*mm
)
593 for (i
= 0; i
< mm
->used
; i
++)
594 if (fnmatch (mm
->masks
[i
], kw
, 0) == 0)
601 xattrs_kw_included (const char *kw
, bool archiving
)
603 if (xattrs_setup
.incl
.size
)
604 return xattrs_matches_mask (kw
, &xattrs_setup
.incl
);
610 return strncmp (kw
, "user.", strlen ("user.")) == 0;
615 xattrs_kw_excluded (const char *kw
, bool archiving
)
617 if (!xattrs_setup
.excl
.size
)
620 return xattrs_matches_mask (kw
, &xattrs_setup
.excl
);
623 /* Check whether the xattr with keyword KW should be discarded from list of
624 attributes that are going to be archived/excluded (set ARCHIVING=true for
625 archiving, false for excluding) */
627 xattrs_masked_out (const char *kw
, bool archiving
)
629 if (!xattrs_kw_included (kw
, archiving
))
632 return xattrs_kw_excluded (kw
, archiving
);
636 xattrs_xattrs_set (struct tar_stat_info
const *st
,
637 char const *file_name
, char typeflag
, int later_run
)
639 if (xattrs_option
> 0)
644 WARN ((0, 0, _("XATTR support is not available")));
649 if (!st
->xattr_map_size
)
652 for (; scan
< st
->xattr_map_size
; ++scan
)
654 char *keyword
= st
->xattr_map
[scan
].xkey
;
655 keyword
+= strlen ("SCHILY.xattr.");
657 /* TODO: this 'later_run' workaround is temporary solution -> once
658 capabilities should become fully supported by it's API and there
659 should exist something like xattrs_capabilities_set() call.
660 For a regular files: all extended attributes are restored during
661 the first run except 'security.capability' which is restored in
663 if (typeflag
== REGTYPE
664 && later_run
== !!strcmp (keyword
, "security.capability"))
667 if (xattrs_masked_out (keyword
, false /* extracting */ ))
668 /* we don't want to restore this keyword */
671 xattrs__fd_set (st
, file_name
, typeflag
, keyword
,
672 st
->xattr_map
[scan
].xval_ptr
,
673 st
->xattr_map
[scan
].xval_len
);
680 xattrs_print_char (struct tar_stat_info
const *st
, char *output
)
684 if (verbose_option
< 2)
690 if (xattrs_option
> 0 || selinux_context_option
> 0 || acls_option
> 0)
697 if (xattrs_option
> 0 && st
->xattr_map_size
)
698 for (i
= 0; i
< st
->xattr_map_size
; ++i
)
700 char *keyword
= st
->xattr_map
[i
].xkey
+ strlen ("SCHILY.xattr.");
701 if (xattrs_masked_out (keyword
, false /* like extracting */ ))
707 if (selinux_context_option
> 0 && st
->cntx_name
)
710 if (acls_option
&& (st
->acls_a_len
|| st
->acls_d_len
))
715 xattrs_print (struct tar_stat_info
const *st
)
717 if (verbose_option
< 3)
721 if (selinux_context_option
&& st
->cntx_name
)
722 fprintf (stdlis
, " s: %s\n", st
->cntx_name
);
725 if (acls_option
&& (st
->acls_a_len
|| st
->acls_d_len
))
727 fprintf (stdlis
, " a: ");
728 acls_one_line ("", ',', st
->acls_a_ptr
, st
->acls_a_len
);
729 acls_one_line ("default:", ',', st
->acls_d_ptr
, st
->acls_d_len
);
730 fprintf (stdlis
, "\n");
734 if (xattrs_option
&& st
->xattr_map_size
)
737 for (i
= 0; i
< st
->xattr_map_size
; ++i
)
739 char *keyword
= st
->xattr_map
[i
].xkey
+ strlen ("SCHILY.xattr.");
740 if (xattrs_masked_out (keyword
, false /* like extracting */ ))
742 fprintf (stdlis
, " x: %lu %s\n",
743 (unsigned long) st
->xattr_map
[i
].xval_len
, keyword
);
This page took 0.060321 seconds and 5 git commands to generate.