int setacl(const char *pathp, int size, aclent_t *aclpbuf)
{
acl_t acl = NULL, default_acl = NULL, *current;
acl_entry_t entry;
acl_permset_t permset;
int i, result, default_count = 0;
struct stat st;
if (stat(pathp, &st) != 0) {
return -1;
}
for (i = 0; i < size; i++) {
if (aclpbuf[i].a_type & ACL_DEFAULT) {
default_count++;
}
}
acl = acl_init(size - default_count);
if (default_count > 0) {
default_acl = acl_init(default_count);
}
for (i = 0; i < size; i++) {
if (aclpbuf[i].a_type & ACL_DEFAULT) {
current = &default_acl;
} else {
current = &acl;
}
acl_create_entry(current, &entry);
acl_get_permset(entry, &permset);
setmode(&permset, aclpbuf[i].a_perm);
acl_set_tag_type(entry, aclpbuf[i].a_type & ~ACL_DEFAULT);
acl_set_qualifier(entry, &aclpbuf[i].a_id);
acl_free(entry);
}
result = acl_set_file(pathp, ACL_TYPE_ACCESS, acl);
if (result != 0 && (errno == ENOSYS || errno == ENOTSUP)) {
if (default_acl != NULL) {
return result;
}
mode_t mode;
if (acl_equiv_mode(acl, &mode) == 0) {
result = chmod(pathp, mode);
}
} else if ((result == 0) && S_ISDIR(st.st_mode)) {
if (default_acl == NULL) {
result = acl_delete_def_file(pathp);
} else {
result = acl_set_file(pathp, ACL_TYPE_DEFAULT, default_acl);
acl_free(default_acl);
}
}
acl_free(acl);
return result;
}
QString KrVfsHandler::getACL(const QString & path, int type)
{
Q_UNUSED(path);
Q_UNUSED(type);
#ifdef HAVE_POSIX_ACL
acl_t acl = 0;
// do we have an acl for the file, and/or a default acl for the dir, if it is one?
if ((acl = acl_get_file(path.toLocal8Bit(), type)) != 0) {
bool aclExtended = false;
#ifdef HAVE_NON_POSIX_ACL_EXTENSIONS
aclExtended = acl_equiv_mode(acl, 0);
#else
acl_entry_t entry;
int ret = acl_get_entry(acl, ACL_FIRST_ENTRY, &entry);
while (ret == 1) {
acl_tag_t currentTag;
acl_get_tag_type(entry, ¤tTag);
if (currentTag != ACL_USER_OBJ &&
currentTag != ACL_GROUP_OBJ &&
currentTag != ACL_OTHER) {
aclExtended = true;
break;
}
ret = acl_get_entry(acl, ACL_NEXT_ENTRY, &entry);
}
#endif
if (!aclExtended) {
acl_free(acl);
acl = 0;
}
}
if (acl == 0)
return QString();
char *aclString = acl_to_text(acl, 0);
QString ret = QString::fromLatin1(aclString);
acl_free((void*)aclString);
acl_free(acl);
return ret;
#else
return QString();
#endif
}
rpmVerifyAttrs rpmfilesVerify(rpmfiles fi, int ix, rpmVerifyAttrs omitMask)
{
rpmfileAttrs fileAttrs = rpmfilesFFlags(fi, ix);
rpmVerifyAttrs flags = rpmfilesVFlags(fi, ix);
const char * fn = rpmfilesFN(fi, ix);
struct stat sb, fsb;
rpmVerifyAttrs vfy = RPMVERIFY_NONE;
/*
* Check to see if the file was installed - if not pretend all is OK.
*/
switch (rpmfilesFState(fi, ix)) {
case RPMFILE_STATE_NETSHARED:
case RPMFILE_STATE_NOTINSTALLED:
goto exit;
break;
case RPMFILE_STATE_REPLACED:
/* For replaced files we can only verify if it exists at all */
flags = RPMVERIFY_LSTATFAIL;
break;
case RPMFILE_STATE_WRONGCOLOR:
/*
* Files with wrong color are supposed to share some attributes
* with the actually installed file - verify what we can.
*/
flags &= ~(RPMVERIFY_FILEDIGEST | RPMVERIFY_FILESIZE |
RPMVERIFY_MTIME | RPMVERIFY_RDEV);
break;
case RPMFILE_STATE_NORMAL:
/* File from a non-installed package, try to verify nevertheless */
case RPMFILE_STATE_MISSING:
break;
}
if (fn == NULL || lstat(fn, &sb) != 0 || rpmfilesStat(fi, ix, 0, &fsb)) {
vfy |= RPMVERIFY_LSTATFAIL;
goto exit;
}
/* If we expected a directory but got a symlink to one, follow the link */
if (S_ISDIR(fsb.st_mode) && S_ISLNK(sb.st_mode)) {
struct stat dsb;
/* ...if it actually points to a directory */
if (stat(fn, &dsb) == 0 && S_ISDIR(dsb.st_mode)) {
/* ...and is by a legit user, to match fsmVerify() behavior */
if (sb.st_uid == 0 || sb.st_uid == fsb.st_uid)
sb = dsb; /* struct assignment */
}
}
/* Links have no mode, other types have no linkto */
if (S_ISLNK(sb.st_mode))
flags &= ~(RPMVERIFY_MODE);
else
flags &= ~(RPMVERIFY_LINKTO);
/* Not all attributes of non-regular files can be verified */
if (!S_ISREG(sb.st_mode))
flags &= ~(RPMVERIFY_FILEDIGEST | RPMVERIFY_FILESIZE |
RPMVERIFY_MTIME | RPMVERIFY_CAPS);
/* Content checks of %ghost files are meaningless. */
if (fileAttrs & RPMFILE_GHOST)
flags &= ~(RPMVERIFY_FILEDIGEST | RPMVERIFY_FILESIZE |
RPMVERIFY_MTIME | RPMVERIFY_LINKTO);
/* Don't verify any features in omitMask. */
flags &= ~(omitMask | RPMVERIFY_FAILURES);
if (flags & RPMVERIFY_FILEDIGEST) {
const unsigned char *digest;
int algo;
size_t diglen;
/* XXX If --nomd5, then prelinked library sizes are not corrected. */
if ((digest = rpmfilesFDigest(fi, ix, &algo, &diglen))) {
unsigned char fdigest[diglen];
rpm_loff_t fsize;
if (rpmDoDigest(algo, fn, 0, fdigest, &fsize)) {
vfy |= (RPMVERIFY_READFAIL|RPMVERIFY_FILEDIGEST);
} else {
sb.st_size = fsize;
if (memcmp(fdigest, digest, diglen))
vfy |= RPMVERIFY_FILEDIGEST;
}
} else {
vfy |= RPMVERIFY_FILEDIGEST;
}
}
if (flags & RPMVERIFY_LINKTO) {
char linkto[1024+1];
int size = 0;
if ((size = readlink(fn, linkto, sizeof(linkto)-1)) == -1)
vfy |= (RPMVERIFY_READLINKFAIL|RPMVERIFY_LINKTO);
else {
const char * flink = rpmfilesFLink(fi, ix);
linkto[size] = '\0';
if (flink == NULL || !rstreq(linkto, flink))
vfy |= RPMVERIFY_LINKTO;
}
}
if ((flags & RPMVERIFY_FILESIZE) && (sb.st_size != fsb.st_size))
vfy |= RPMVERIFY_FILESIZE;
if (flags & RPMVERIFY_MODE) {
mode_t metamode = fsb.st_mode;
mode_t filemode = sb.st_mode;
/*
* Comparing the type of %ghost files is meaningless, but perms are OK.
*/
if (fileAttrs & RPMFILE_GHOST) {
metamode &= ~S_IFMT;
filemode &= ~S_IFMT;
}
if (metamode != filemode)
vfy |= RPMVERIFY_MODE;
#if WITH_ACL
/*
* For now, any non-default acl's on a file is a difference as rpm
* cannot have set them.
*/
acl_t facl = acl_get_file(fn, ACL_TYPE_ACCESS);
if (facl) {
if (acl_equiv_mode(facl, NULL) == 1) {
vfy |= RPMVERIFY_MODE;
}
acl_free(facl);
}
#endif
}
if (flags & RPMVERIFY_RDEV) {
if (S_ISCHR(fsb.st_mode) != S_ISCHR(sb.st_mode)
|| S_ISBLK(fsb.st_mode) != S_ISBLK(sb.st_mode))
{
vfy |= RPMVERIFY_RDEV;
} else if (S_ISDEV(fsb.st_mode) && S_ISDEV(sb.st_mode)) {
rpm_rdev_t st_rdev = (sb.st_rdev & 0xffff);
rpm_rdev_t frdev = (fsb.st_rdev & 0xffff);
if (st_rdev != frdev)
vfy |= RPMVERIFY_RDEV;
}
}
#if WITH_CAP
if (flags & RPMVERIFY_CAPS) {
/*
* Empty capability set ("=") is not exactly the same as no
* capabilities at all but suffices for now...
*/
cap_t cap, fcap;
cap = cap_from_text(rpmfilesFCaps(fi, ix));
if (!cap) {
cap = cap_from_text("=");
}
fcap = cap_get_file(fn);
if (!fcap) {
fcap = cap_from_text("=");
}
if (cap_compare(cap, fcap) != 0)
vfy |= RPMVERIFY_CAPS;
cap_free(fcap);
cap_free(cap);
}
#endif
if ((flags & RPMVERIFY_MTIME) && (sb.st_mtime != fsb.st_mtime))
vfy |= RPMVERIFY_MTIME;
if ((flags & RPMVERIFY_USER) && (sb.st_uid != fsb.st_uid))
vfy |= RPMVERIFY_USER;
if ((flags & RPMVERIFY_GROUP) && (sb.st_gid != fsb.st_gid))
vfy |= RPMVERIFY_GROUP;
exit:
return vfy;
}
int do_print(const char *path_p, const struct stat *st, int walk_flags, void *unused)
{
const char *default_prefix = NULL;
acl_t acl = NULL, default_acl = NULL;
int error = 0;
if (walk_flags & WALK_TREE_FAILED) {
fprintf(stderr, "%s: %s: %s\n", progname, xquote(path_p, "\n\r"),
strerror(errno));
return 1;
}
/*
* Symlinks can never have ACLs, so when doing a physical walk, we
* skip symlinks altogether, and when doing a half-logical walk, we
* skip all non-toplevel symlinks.
*/
if ((walk_flags & WALK_TREE_SYMLINK) &&
((walk_flags & WALK_TREE_PHYSICAL) ||
!(walk_flags & (WALK_TREE_TOPLEVEL | WALK_TREE_LOGICAL))))
return 0;
if (opt_print_acl) {
acl = acl_get_file(path_p, ACL_TYPE_ACCESS);
if (acl == NULL && (errno == ENOSYS || errno == ENOTSUP))
acl = acl_get_file_mode(path_p);
if (acl == NULL)
goto fail;
}
if (opt_print_default_acl && S_ISDIR(st->st_mode)) {
default_acl = acl_get_file(path_p, ACL_TYPE_DEFAULT);
if (default_acl == NULL) {
if (errno != ENOSYS && errno != ENOTSUP)
goto fail;
} else if (acl_entries(default_acl) == 0) {
acl_free(default_acl);
default_acl = NULL;
}
}
if (opt_skip_base &&
(!acl || acl_equiv_mode(acl, NULL) == 0) && !default_acl)
return 0;
if (opt_print_acl && opt_print_default_acl)
default_prefix = "default:";
if (opt_strip_leading_slash) {
if (*path_p == '/') {
if (!absolute_warning) {
fprintf(stderr, _("%s: Removing leading "
"'/' from absolute path names\n"),
progname);
absolute_warning = 1;
}
while (*path_p == '/')
path_p++;
} else if (*path_p == '.' && *(path_p+1) == '/')
while (*++path_p == '/')
/* nothing */ ;
if (*path_p == '\0')
path_p = ".";
}
if (opt_tabular) {
if (do_show(stdout, path_p, st, acl, default_acl) != 0)
goto fail;
} else {
if (opt_comments) {
printf("# file: %s\n", xquote(path_p, "\n\r"));
printf("# owner: %s\n",
xquote(user_name(st->st_uid, opt_numeric), " \t\n\r"));
printf("# group: %s\n",
xquote(group_name(st->st_gid, opt_numeric), " \t\n\r"));
if ((st->st_mode & (S_ISVTX | S_ISUID | S_ISGID)) && !posixly_correct)
printf("# flags: %s\n", flagstr(st->st_mode));
}
if (acl != NULL) {
char *acl_text = acl_to_any_text(acl, NULL, '\n',
print_options);
if (!acl_text)
goto fail;
if (puts(acl_text) < 0) {
acl_free(acl_text);
goto fail;
}
acl_free(acl_text);
}
if (default_acl != NULL) {
char *acl_text = acl_to_any_text(default_acl,
default_prefix, '\n',
print_options);
if (!acl_text)
goto fail;
if (puts(acl_text) < 0) {
acl_free(acl_text);
goto fail;
}
acl_free(acl_text);
}
}
if (acl || default_acl || opt_comments)
printf("\n");
cleanup:
if (acl)
acl_free(acl);
if (default_acl)
acl_free(default_acl);
return error;
fail:
fprintf(stderr, "%s: %s: %s\n", progname, xquote(path_p, "\n\r"),
strerror(errno));
error = -1;
goto cleanup;
}
MateVFSResult
file_set_acl (const char *path,
const MateVFSFileInfo *info,
MateVFSContext *context)
{
#ifdef HAVE_SOLARIS_ACL
GList *acls;
GList *entry;
guint len;
MateVFSResult re;
aclent_t *new_aclp;
aclent_t *taclp;
guint aclp_i;
gboolean changed;
if (info->acl == NULL)
return MATE_VFS_ERROR_BAD_PARAMETERS;
acls = mate_vfs_acl_get_ace_list (info->acl);
if (acls == NULL) return MATE_VFS_OK;
changed = fixup_acl (info->acl, acls);
if (changed) {
mate_vfs_acl_free_ace_list (acls);
acls = mate_vfs_acl_get_ace_list (info->acl);
if (acls == NULL) return MATE_VFS_OK;
}
len = g_list_length (acls);
if (len <= 0) return MATE_VFS_OK;
new_aclp = (aclent_t *) malloc (len * sizeof(aclent_t));
if (new_aclp == NULL) return MATE_VFS_ERROR_NO_MEMORY;
memset (new_aclp, 0, len * sizeof(aclent_t));
aclp_i = 0;
taclp = new_aclp;
for (entry=acls; entry != NULL; entry = entry->next) {
MateVFSACE *ace = MATE_VFS_ACE(entry->data);
re = translate_ace_into_aclent (ace, taclp);
if (re != MATE_VFS_OK) continue;
aclp_i++;
taclp++;
}
/* Sort it out
*/
re = aclsort (aclp_i, 0, (aclent_t *)new_aclp);
if (re == -1) {
g_free (new_aclp);
return MATE_VFS_ERROR_INTERNAL;
}
/* Commit it to the file system
*/
re = acl (path, SETACL, aclp_i, (aclent_t *)new_aclp);
if (re < 0) {
int err = errno;
g_free (new_aclp);
return aclerrno_to_vfserror(err);
}
g_free (new_aclp);
return MATE_VFS_OK;
#elif defined(HAVE_POSIX_ACL)
GList *acls;
GList *entry;
acl_t acl_obj;
acl_t acl_obj_default;
if (info->acl == NULL)
return MATE_VFS_ERROR_BAD_PARAMETERS;
/* POSIX ACL object
*/
acl_obj_default = acl_get_file (path, ACL_TYPE_DEFAULT);
acl_obj = acl_get_file (path, ACL_TYPE_ACCESS);
if (acl_obj == NULL) return MATE_VFS_ERROR_GENERIC;
/* Parse stored information
*/
acls = mate_vfs_acl_get_ace_list (info->acl);
if (acls == NULL) return MATE_VFS_OK;
for (entry=acls; entry != NULL; entry = entry->next) {
MateVFSACE *ace = MATE_VFS_ACE(entry->data);
gboolean is_default = FALSE;
const char *id_str;
MateVFSACLKind kind;
int id;
int re;
acl_tag_t type;
mode_t perms = 0;
acl_entry_t new_entry = NULL;
acl_permset_t permset = NULL;
id_str = mate_vfs_ace_get_id (ace);
kind = mate_vfs_ace_get_kind (ace);
is_default = mate_vfs_ace_get_inherit (ace);
/* Perms
*/
if (mate_vfs_ace_check_perm (ace, MATE_VFS_ACL_READ))
perms |= CMD_PERM_READ;
else if (mate_vfs_ace_check_perm (ace, MATE_VFS_ACL_WRITE))
perms |= CMD_PERM_WRITE;
else if (mate_vfs_ace_check_perm (ace, MATE_VFS_ACL_EXECUTE))
perms |= CMD_PERM_EXECUTE;
/* Type
*/
switch (kind) {
case MATE_VFS_ACL_USER:
id = string_to_uid (id_str);
type = ACL_USER;
break;
case MATE_VFS_ACL_GROUP:
id = string_to_gid (id_str);
type = ACL_GROUP;
break;
case MATE_VFS_ACL_OTHER:
type = ACL_OTHER;
break;
default:
return MATE_VFS_ERROR_NOT_SUPPORTED;
}
/* Add the entry
*/
new_entry = find_entry (acl_obj, type, id);
if (new_entry == NULL) {
/* new */
if (is_default)
re = acl_create_entry (&acl_obj_default, &new_entry);
else
re = acl_create_entry (&acl_obj, &new_entry);
if (re != 0) return aclerrno_to_vfserror (errno);
/* e_tag */
re = acl_set_tag_type (new_entry, type);
if (re != 0) return aclerrno_to_vfserror (errno);
/* e_id */
re = acl_set_qualifier (new_entry, &id);
if (re != 0) return aclerrno_to_vfserror (errno);
}
/* e_perm */
re = acl_get_permset (new_entry, &permset);
if (re != 0) return aclerrno_to_vfserror (errno);
set_permset (permset, perms);
/* Fix it up
*/
if (is_default && (acl_obj_default != NULL)) {
if (! find_entry (acl_obj_default, ACL_USER_OBJ, ACL_UNDEFINED_ID)) {
clone_entry (acl_obj, ACL_USER_OBJ, &acl_obj_default, ACL_USER_OBJ);
}
if (! find_entry (acl_obj_default, ACL_GROUP_OBJ, ACL_UNDEFINED_ID)) {
clone_entry (acl_obj, ACL_GROUP_OBJ, &acl_obj_default, ACL_GROUP_OBJ);
}
if (! find_entry (acl_obj_default, ACL_OTHER, ACL_UNDEFINED_ID)) {
clone_entry (acl_obj, ACL_OTHER, &acl_obj_default, ACL_OTHER);
}
}
if (acl_equiv_mode (acl_obj, NULL) != 0) {
if (! find_entry (acl_obj, ACL_MASK, ACL_UNDEFINED_ID)) {
clone_entry (acl_obj, ACL_GROUP_OBJ, &acl_obj, ACL_MASK);
}
if (is_default)
re = acl_calc_mask (&acl_obj_default);
else
re = acl_calc_mask (&acl_obj);
if (re != 0) return aclerrno_to_vfserror (errno);
}
}
mate_vfs_acl_free_ace_list (acls);
return MATE_VFS_OK;
#else
return MATE_VFS_ERROR_NOT_SUPPORTED;
#endif
}
int
do_set(
const char *path_p,
const struct stat *st,
const seq_t seq)
{
acl_t old_acl = NULL, old_default_acl = NULL;
acl_t acl = NULL, default_acl = NULL;
acl_t *xacl, *old_xacl;
acl_entry_t ent;
cmd_t cmd;
int which_entry;
int errors = 0, error;
char *acl_text;
int acl_modified = 0, default_acl_modified = 0;
int acl_mask_provided = 0, default_acl_mask_provided = 0;
/* Execute the commands in seq (read ACLs on demand) */
error = seq_get_cmd(seq, SEQ_FIRST_CMD, &cmd);
if (error == 0)
return 0;
while (error == 1) {
if (cmd->c_type == ACL_TYPE_ACCESS) {
xacl = &acl;
old_xacl = &old_acl;
acl_modified = 1;
if (cmd->c_tag == ACL_MASK)
acl_mask_provided = 1;
} else {
xacl = &default_acl;
old_xacl = &old_default_acl;
default_acl_modified = 1;
if (cmd->c_tag == ACL_MASK)
default_acl_mask_provided = 1;
}
RETRIEVE_ACL(cmd->c_type);
/* Check for `X', and replace with `x' as appropriate. */
if (cmd->c_perm & CMD_PERM_COND_EXECUTE) {
cmd->c_perm &= ~CMD_PERM_COND_EXECUTE;
if (S_ISDIR(st->st_mode) || has_execute_perms(*xacl))
cmd->c_perm |= CMD_PERM_EXECUTE;
}
switch(cmd->c_cmd) {
case CMD_ENTRY_REPLACE:
ent = find_entry(*xacl, cmd->c_tag, cmd->c_id);
if (!ent) {
if (acl_create_entry(xacl, &ent) != 0)
goto fail;
acl_set_tag_type(ent, cmd->c_tag);
if (cmd->c_id != ACL_UNDEFINED_ID)
acl_set_qualifier(ent,
&cmd->c_id);
}
set_perm(ent, cmd->c_perm, ~cmd->c_perm);
break;
case CMD_ENTRY_ADD:
ent = find_entry(*xacl, cmd->c_tag, cmd->c_id);
if (ent)
set_perm(ent, cmd->c_perm, 0);
break;
case CMD_ENTRY_SUBTRACT:
ent = find_entry(*xacl, cmd->c_tag, cmd->c_id);
if (ent)
set_perm(ent, 0, cmd->c_perm);
break;
case CMD_REMOVE_ENTRY:
ent = find_entry(*xacl, cmd->c_tag, cmd->c_id);
if (ent)
acl_delete_entry(*xacl, ent);
else
/* ignore */;
break;
case CMD_REMOVE_EXTENDED_ACL:
remove_extended_entries(acl);
break;
case CMD_REMOVE_ACL:
acl_free(*xacl);
*xacl = acl_init(5);
if (!*xacl)
goto fail;
break;
default:
errno = EINVAL;
goto fail;
}
error = seq_get_cmd(seq, SEQ_NEXT_CMD, &cmd);
}
if (error < 0)
goto fail;
/* Try to fill in missing entries */
if (default_acl && acl_entries(default_acl) != 0) {
xacl = &acl;
old_xacl = &old_acl;
if (!find_entry(default_acl, ACL_USER_OBJ, ACL_UNDEFINED_ID)) {
if (!acl)
RETRIEVE_ACL(ACL_TYPE_ACCESS);
clone_entry(acl, ACL_USER_OBJ,
&default_acl, ACL_USER_OBJ);
}
if (!find_entry(default_acl, ACL_GROUP_OBJ, ACL_UNDEFINED_ID)) {
if (!acl)
RETRIEVE_ACL(ACL_TYPE_ACCESS);
clone_entry(acl, ACL_GROUP_OBJ,
&default_acl, ACL_GROUP_OBJ);
}
if (!find_entry(default_acl, ACL_OTHER, ACL_UNDEFINED_ID)) {
if (!acl)
RETRIEVE_ACL(ACL_TYPE_ACCESS);
clone_entry(acl, ACL_OTHER,
&default_acl, ACL_OTHER);
}
}
/* update mask entries and check if ACLs are valid */
if (acl && acl_modified) {
if (acl_equiv_mode(acl, NULL) != 0) {
if (!acl_mask_provided &&
!find_entry(acl, ACL_MASK, ACL_UNDEFINED_ID))
clone_entry(acl, ACL_GROUP_OBJ,
&acl, ACL_MASK);
if (opt_recalculate != -1 &&
(!acl_mask_provided || opt_recalculate == 1))
acl_calc_mask(&acl);
}
error = acl_check(acl, &which_entry);
if (error < 0)
goto fail;
if (error > 0) {
acl_text = acl_to_any_text(acl, NULL, ',', 0);
fprintf(stderr, gettext("%s: %s: Malformed access ACL "
"`%s': %s at entry %d\n"), progname, path_p,
acl_text, acl_error(error), which_entry+1);
acl_free(acl_text);
errors++;
goto cleanup;
}
}
if (default_acl && acl_entries(default_acl) != 0 &&
default_acl_modified) {
if (acl_equiv_mode(default_acl, NULL) != 0) {
if (!default_acl_mask_provided &&
!find_entry(default_acl,ACL_MASK,ACL_UNDEFINED_ID))
clone_entry(default_acl, ACL_GROUP_OBJ,
&default_acl, ACL_MASK);
if (opt_recalculate != -1 &&
(!default_acl_mask_provided ||
opt_recalculate == 1))
acl_calc_mask(&default_acl);
}
error = acl_check(default_acl, &which_entry);
if (error < 0)
goto fail;
if (error > 0) {
acl_text = acl_to_any_text(default_acl, NULL, ',', 0);
fprintf(stderr, gettext("%s: %s: Malformed default ACL "
"`%s': %s at entry %d\n"),
progname, path_p, acl_text,
acl_error(error), which_entry+1);
acl_free(acl_text);
errors++;
goto cleanup;
}
}
/* Only directores can have default ACLs */
if (default_acl && !S_ISDIR(st->st_mode) && opt_recursive) {
/* In recursive mode, ignore default ACLs for files */
acl_free(default_acl);
default_acl = NULL;
}
/* check which ACLs have changed */
if (acl && old_acl && acl_cmp(old_acl, acl) == 0) {
acl_free(acl);
acl = NULL;
}
if ((default_acl && old_default_acl &&
acl_cmp(old_default_acl, default_acl) == 0)) {
acl_free(default_acl);
default_acl = NULL;
}
/* update the file system */
if (opt_test) {
print_test(stdout, path_p, st,
acl, default_acl);
goto cleanup;
}
if (acl) {
if (acl_set_file(path_p, ACL_TYPE_ACCESS, acl) != 0) {
if (errno == ENOSYS || errno == ENOTSUP) {
int saved_errno = errno;
mode_t mode;
if (acl_equiv_mode(acl, &mode) != 0) {
errno = saved_errno;
goto fail;
} else if (chmod(path_p, mode) != 0)
goto fail;
} else
goto fail;
}
}
if (default_acl) {
if (S_ISDIR(st->st_mode)) {
if (acl_entries(default_acl) == 0) {
if (acl_delete_def_file(path_p) != 0 &&
errno != ENOSYS && errno != ENOTSUP)
goto fail;
} else {
if (acl_set_file(path_p, ACL_TYPE_DEFAULT,
default_acl) != 0)
goto fail;
}
} else {
if (acl_entries(default_acl) != 0) {
fprintf(stderr, gettext(
"%s: %s: Only directories "
"can have default ACLs\n"),
progname, path_p);
errors++;
goto cleanup;
}
}
}
error = 0;
cleanup:
if (acl)
acl_free(acl);
if (old_acl)
acl_free(old_acl);
if (default_acl)
acl_free(default_acl);
if (old_default_acl)
acl_free(old_default_acl);
return errors;
fail:
fprintf(stderr, "%s: %s: %s\n", progname, path_p, strerror(errno));
errors++;
goto cleanup;
}
int rpmVerifyFile(const rpmts ts, const rpmfi fi,
rpmVerifyAttrs * res, rpmVerifyAttrs omitMask)
{
rpm_mode_t fmode = rpmfiFMode(fi);
rpmfileAttrs fileAttrs = rpmfiFFlags(fi);
rpmVerifyAttrs flags = rpmfiVFlags(fi);
const char * fn = rpmfiFN(fi);
struct stat sb;
int rc;
*res = RPMVERIFY_NONE;
/*
* Check to see if the file was installed - if not pretend all is OK.
*/
switch (rpmfiFState(fi)) {
case RPMFILE_STATE_NETSHARED:
case RPMFILE_STATE_REPLACED:
case RPMFILE_STATE_NOTINSTALLED:
case RPMFILE_STATE_WRONGCOLOR:
return 0;
break;
case RPMFILE_STATE_NORMAL:
break;
}
if (fn == NULL || lstat(fn, &sb) != 0) {
*res |= RPMVERIFY_LSTATFAIL;
return 1;
}
/*
* Not all attributes of non-regular files can be verified.
*/
if (S_ISDIR(sb.st_mode))
flags &= ~(RPMVERIFY_MD5 | RPMVERIFY_FILESIZE | RPMVERIFY_MTIME |
RPMVERIFY_LINKTO | RPMVERIFY_CAPS);
else if (S_ISLNK(sb.st_mode)) {
flags &= ~(RPMVERIFY_MD5 | RPMVERIFY_FILESIZE | RPMVERIFY_MTIME |
RPMVERIFY_MODE | RPMVERIFY_CAPS);
#if CHOWN_FOLLOWS_SYMLINK
flags &= ~(RPMVERIFY_USER | RPMVERIFY_GROUP);
#endif
}
else if (S_ISFIFO(sb.st_mode))
flags &= ~(RPMVERIFY_MD5 | RPMVERIFY_FILESIZE | RPMVERIFY_MTIME |
RPMVERIFY_LINKTO | RPMVERIFY_CAPS);
else if (S_ISCHR(sb.st_mode))
flags &= ~(RPMVERIFY_MD5 | RPMVERIFY_FILESIZE | RPMVERIFY_MTIME |
RPMVERIFY_LINKTO | RPMVERIFY_CAPS);
else if (S_ISBLK(sb.st_mode))
flags &= ~(RPMVERIFY_MD5 | RPMVERIFY_FILESIZE | RPMVERIFY_MTIME |
RPMVERIFY_LINKTO | RPMVERIFY_CAPS);
else
flags &= ~(RPMVERIFY_LINKTO);
/*
* Content checks of %ghost files are meaningless.
*/
if (fileAttrs & RPMFILE_GHOST)
flags &= ~(RPMVERIFY_MD5 | RPMVERIFY_FILESIZE | RPMVERIFY_MTIME |
RPMVERIFY_LINKTO);
/*
* Don't verify any features in omitMask.
*/
flags &= ~(omitMask | RPMVERIFY_FAILURES);
if (flags & RPMVERIFY_MD5) {
const unsigned char *digest;
pgpHashAlgo algo;
size_t diglen;
/* XXX If --nomd5, then prelinked library sizes are not corrected. */
if ((digest = rpmfiFDigest(fi, &algo, &diglen))) {
unsigned char fdigest[diglen];
rpm_loff_t fsize;
rc = rpmDoDigest(algo, fn, 0, fdigest, &fsize);
sb.st_size = fsize;
if (rc) {
*res |= (RPMVERIFY_READFAIL|RPMVERIFY_MD5);
} else if (memcmp(fdigest, digest, diglen)) {
*res |= RPMVERIFY_MD5;
}
} else {
*res |= RPMVERIFY_MD5;
}
}
if (flags & RPMVERIFY_LINKTO) {
char linkto[1024+1];
int size = 0;
if ((size = readlink(fn, linkto, sizeof(linkto)-1)) == -1)
*res |= (RPMVERIFY_READLINKFAIL|RPMVERIFY_LINKTO);
else {
const char * flink = rpmfiFLink(fi);
linkto[size] = '\0';
if (flink == NULL || strcmp(linkto, flink))
*res |= RPMVERIFY_LINKTO;
}
}
if (flags & RPMVERIFY_FILESIZE) {
if (sb.st_size != rpmfiFSize(fi))
*res |= RPMVERIFY_FILESIZE;
}
if (flags & RPMVERIFY_MODE) {
rpm_mode_t metamode = fmode;
rpm_mode_t filemode;
/*
* Platforms (like AIX) where sizeof(rpm_mode_t) != sizeof(mode_t)
* need the (rpm_mode_t) cast here.
*/
filemode = (rpm_mode_t)sb.st_mode;
/*
* Comparing the type of %ghost files is meaningless, but perms are OK.
*/
if (fileAttrs & RPMFILE_GHOST) {
metamode &= ~0xf000;
filemode &= ~0xf000;
}
if (metamode != filemode)
*res |= RPMVERIFY_MODE;
#if WITH_ACL
/*
* For now, any non-default acl's on a file is a difference as rpm
* cannot have set them.
*/
acl_t facl = acl_get_file(fn, ACL_TYPE_ACCESS);
if (facl) {
if (acl_equiv_mode(facl, NULL) == 1) {
*res |= RPMVERIFY_MODE;
}
acl_free(facl);
}
#endif
}
if (flags & RPMVERIFY_RDEV) {
if (S_ISCHR(fmode) != S_ISCHR(sb.st_mode)
|| S_ISBLK(fmode) != S_ISBLK(sb.st_mode))
{
*res |= RPMVERIFY_RDEV;
} else if (S_ISDEV(fmode) && S_ISDEV(sb.st_mode)) {
rpm_rdev_t st_rdev = (sb.st_rdev & 0xffff);
rpm_rdev_t frdev = (rpmfiFRdev(fi) & 0xffff);
if (st_rdev != frdev)
*res |= RPMVERIFY_RDEV;
}
}
#if WITH_CAP
if (flags & RPMVERIFY_CAPS) {
/*
* Empty capability set ("=") is not exactly the same as no
* capabilities at all but suffices for now...
*/
cap_t cap, fcap;
cap = cap_from_text(rpmfiFCaps(fi));
if (!cap) {
cap = cap_from_text("=");
}
fcap = cap_get_file(fn);
if (!fcap) {
fcap = cap_from_text("=");
}
if (cap_compare(cap, fcap) != 0)
*res |= RPMVERIFY_CAPS;
cap_free(fcap);
cap_free(cap);
}
#endif
if ((flags & RPMVERIFY_MTIME) && (sb.st_mtime != rpmfiFMtime(fi))) {
/* Filter out timestamp differences of shared files */
rpmdbMatchIterator mi = rpmtsInitIterator(ts, RPMTAG_BASENAMES, fn, 0);
if (rpmdbGetIteratorCount(mi) < 2)
*res |= RPMVERIFY_MTIME;
rpmdbFreeIterator(mi);
}
if (flags & RPMVERIFY_USER) {
const char * name = uidToUname(sb.st_uid);
const char * fuser = rpmfiFUser(fi);
if (name == NULL || fuser == NULL || strcmp(name, fuser))
*res |= RPMVERIFY_USER;
}
if (flags & RPMVERIFY_GROUP) {
const char * name = gidToGname(sb.st_gid);
const char * fgroup = rpmfiFGroup(fi);
if (name == NULL || fgroup == NULL || strcmp(name, fgroup))
*res |= RPMVERIFY_GROUP;
}
return 0;
}
