From 6fe61386fa97f4225119aa3affec3f2233fd2060 Mon Sep 17 00:00:00 2001 From: Kamil Dudka Date: Wed, 6 Apr 2011 13:36:16 +0200 Subject: [PATCH] add function acl_extended_file_nofollow() (#692982) --- acl-2.2.49-bz692982.patch | 375 ++++++++++++++++++++++++++++++++++++++ acl.spec | 9 +- 2 files changed, 383 insertions(+), 1 deletion(-) create mode 100644 acl-2.2.49-bz692982.patch diff --git a/acl-2.2.49-bz692982.patch b/acl-2.2.49-bz692982.patch new file mode 100644 index 0000000..0b5ef44 --- /dev/null +++ b/acl-2.2.49-bz692982.patch @@ -0,0 +1,375 @@ +From 6bf5e24d48077db58b389e90558100fc121b8134 Mon Sep 17 00:00:00 2001 +From: Kamil Dudka +Date: Mon, 4 Apr 2011 12:43:39 +0200 +Subject: [PATCH 1/2] libacl: Add acl_extended_file_nofollow() + +This function calls lgetxattr() instead of getxattr(), which helps ls(1) +to prevent unnecessary automatic mounts, which acl_extended_file() +triggers. See the following bug report for more details: +https://bugzilla.redhat.com/692982 +--- + exports | 1 + + include/libacl.h | 1 + + libacl/Makefile | 3 +- + libacl/__acl_extended_file.c | 49 +++++++++++++++++++++++++++++++++++ + libacl/__acl_extended_file.h | 4 +++ + libacl/acl_extended_file.c | 20 ++------------ + libacl/acl_extended_file_nofollow.c | 34 ++++++++++++++++++++++++ + man/man3/acl_extended_file.3 | 11 +++++++- + man/man5/acl.5 | 1 + + 9 files changed, 105 insertions(+), 19 deletions(-) + create mode 100644 libacl/__acl_extended_file.c + create mode 100644 libacl/__acl_extended_file.h + create mode 100644 libacl/acl_extended_file_nofollow.c + +diff --git a/exports b/exports +index ef02842..b368c22 100644 +--- a/exports ++++ b/exports +@@ -82,4 +82,5 @@ ACL_1.1 { + # Linux specific extensions + perm_copy_fd; + perm_copy_file; ++ acl_extended_file_nofollow; + } ACL_1.0; +diff --git a/include/libacl.h b/include/libacl.h +index 41ec48e..d6a6650 100644 +--- a/include/libacl.h ++++ b/include/libacl.h +@@ -59,6 +59,7 @@ extern int acl_check(acl_t acl, int *last); + extern acl_t acl_from_mode(mode_t mode); + extern int acl_equiv_mode(acl_t acl, mode_t *mode_p); + int acl_extended_file(const char *path_p); ++int acl_extended_file_nofollow(const char *path_p); + int acl_extended_fd(int fd); + extern int acl_entries(acl_t acl); + extern const char *acl_error(int code); +diff --git a/libacl/Makefile b/libacl/Makefile +index 1224b65..cfe3d3a 100644 +--- a/libacl/Makefile ++++ b/libacl/Makefile +@@ -47,7 +47,8 @@ POSIX_CFILES = \ + + LIBACL_CFILES = \ + acl_to_any_text.c acl_entries.c acl_check.c acl_error.c acl_cmp.c \ +- acl_extended_fd.c acl_extended_file.c acl_equiv_mode.c acl_from_mode.c ++ acl_extended_fd.c acl_extended_file.c acl_equiv_mode.c acl_from_mode.c \ ++ acl_extended_file_nofollow.c __acl_extended_file.c + + INTERNAL_CFILES = \ + __acl_to_any_text.c __acl_to_xattr.c __acl_from_xattr.c \ +diff --git a/libacl/__acl_extended_file.c b/libacl/__acl_extended_file.c +new file mode 100644 +index 0000000..629afe9 +--- /dev/null ++++ b/libacl/__acl_extended_file.c +@@ -0,0 +1,49 @@ ++/* ++ File: acl_extended_file.c ++ ++ Copyright (C) 2000, 2011 ++ Andreas Gruenbacher, ++ ++ This program is free software; you can redistribute it and/or ++ modify it under the terms of the GNU Lesser General Public ++ License as published by the Free Software Foundation; either ++ version 2.1 of the License, or (at your option) any later version. ++ ++ This program is distributed in the hope that it will be useful, ++ but WITHOUT ANY WARRANTY; without even the implied warranty of ++ MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU ++ Lesser General Public License for more details. ++ ++ You should have received a copy of the GNU Lesser General Public ++ License along with this library; if not, write to the Free Software ++ Foundation, Inc., 59 Temple Place - Suite 330, Boston, MA 02111-1307, USA. ++*/ ++ ++#include ++#include ++#include "libacl.h" ++ ++#include "byteorder.h" ++#include "acl_ea.h" ++#include "__acl_extended_file.h" ++ ++ ++int ++__acl_extended_file(const char *path_p, getxattr_t fun) ++{ ++ int base_size = sizeof(acl_ea_header) + 3 * sizeof(acl_ea_entry); ++ int retval; ++ ++ retval = fun(path_p, ACL_EA_ACCESS, NULL, 0); ++ if (retval < 0 && errno != ENOATTR && errno != ENODATA) ++ return -1; ++ if (retval > base_size) ++ return 1; ++ retval = fun(path_p, ACL_EA_DEFAULT, NULL, 0); ++ if (retval < 0 && errno != ENOATTR && errno != ENODATA) ++ return -1; ++ if (retval >= base_size) ++ return 1; ++ return 0; ++} ++ +diff --git a/libacl/__acl_extended_file.h b/libacl/__acl_extended_file.h +new file mode 100644 +index 0000000..f8881a1 +--- /dev/null ++++ b/libacl/__acl_extended_file.h +@@ -0,0 +1,4 @@ ++typedef ssize_t (*getxattr_t)(const char *, const char *, void *value, ++ size_t size); ++ ++int __acl_extended_file(const char *path_p, getxattr_t fun); +diff --git a/libacl/acl_extended_file.c b/libacl/acl_extended_file.c +index d1cb85d..f417784 100644 +--- a/libacl/acl_extended_file.c ++++ b/libacl/acl_extended_file.c +@@ -1,7 +1,7 @@ + /* + File: acl_extended_file.c + +- Copyright (C) 2000 ++ Copyright (C) 2011 + Andreas Gruenbacher, + + This program is free software; you can redistribute it and/or +@@ -23,26 +23,12 @@ + #include + #include "libacl.h" + +-#include "byteorder.h" +-#include "acl_ea.h" ++#include "__acl_extended_file.h" + + + int + acl_extended_file(const char *path_p) + { +- int base_size = sizeof(acl_ea_header) + 3 * sizeof(acl_ea_entry); +- int retval; +- +- retval = getxattr(path_p, ACL_EA_ACCESS, NULL, 0); +- if (retval < 0 && errno != ENOATTR && errno != ENODATA) +- return -1; +- if (retval > base_size) +- return 1; +- retval = getxattr(path_p, ACL_EA_DEFAULT, NULL, 0); +- if (retval < 0 && errno != ENOATTR && errno != ENODATA) +- return -1; +- if (retval >= base_size) +- return 1; +- return 0; ++ return __acl_extended_file(path_p, getxattr); + } + +diff --git a/libacl/acl_extended_file_nofollow.c b/libacl/acl_extended_file_nofollow.c +new file mode 100644 +index 0000000..8f4711f +--- /dev/null ++++ b/libacl/acl_extended_file_nofollow.c +@@ -0,0 +1,34 @@ ++/* ++ File: acl_extended_file.c ++ ++ Copyright (C) 2011 ++ Andreas Gruenbacher, ++ ++ This program is free software; you can redistribute it and/or ++ modify it under the terms of the GNU Lesser General Public ++ License as published by the Free Software Foundation; either ++ version 2.1 of the License, or (at your option) any later version. ++ ++ This program is distributed in the hope that it will be useful, ++ but WITHOUT ANY WARRANTY; without even the implied warranty of ++ MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU ++ Lesser General Public License for more details. ++ ++ You should have received a copy of the GNU Lesser General Public ++ License along with this library; if not, write to the Free Software ++ Foundation, Inc., 59 Temple Place - Suite 330, Boston, MA 02111-1307, USA. ++*/ ++ ++#include ++#include ++#include "libacl.h" ++ ++#include "__acl_extended_file.h" ++ ++ ++int ++acl_extended_file_nofollow(const char *path_p) ++{ ++ return __acl_extended_file(path_p, lgetxattr); ++} ++ +diff --git a/man/man3/acl_extended_file.3 b/man/man3/acl_extended_file.3 +index 0ca7e0f..1f04331 100644 +--- a/man/man3/acl_extended_file.3 ++++ b/man/man3/acl_extended_file.3 +@@ -25,7 +25,7 @@ + .Dt ACL_EXTENDED_FILE 3 + .Os "Linux ACL" + .Sh NAME +-.Nm acl_extended_file ++.Nm acl_extended_file, acl_extended_file_nofollow + .Nd test for information in ACLs by file name + .Sh LIBRARY + Linux Access Control Lists library (libacl, \-lacl). +@@ -34,6 +34,8 @@ Linux Access Control Lists library (libacl, \-lacl). + .In acl/libacl.h + .Ft int + .Fn acl_extended_file "const char *path_p" ++.Ft int ++.Fn acl_extended_file_nofollow "const char *path_p" + .Sh DESCRIPTION + The + .Fn acl_extended_file +@@ -61,6 +63,13 @@ mechanisms, such as Mandatory Access Control schemes. The + .Xr access 2 + system call can be used to check whether a given type of access to a file + object would be granted. ++.Pp ++.Fn acl_extended_file_nofollow ++is identical to ++.Fn acl_extended_file , ++except in the case of a symbolic link, where the link itself is interrogated, ++not the file that it refers to. Since symbolic links have no ACL themselves, ++the operation is supposed to fail on them. + .Sh RETURN VALUE + If successful, the + .Fn acl_extended_file +diff --git a/man/man5/acl.5 b/man/man5/acl.5 +index 6b0f468..aec58aa 100644 +--- a/man/man5/acl.5 ++++ b/man/man5/acl.5 +@@ -497,6 +497,7 @@ These non-portable extensions are available on Linux systems. + .Xr acl_error 3 , + .Xr acl_extended_fd 3 , + .Xr acl_extended_file 3 , ++.Xr acl_extended_file_nofollow 3 , + .Xr acl_from_mode 3 , + .Xr acl_get_perm 3 , + .Xr acl_to_any_text 3 +-- +1.7.4 + + +From ad4ca5aaee96e98b2e8e8a4351fa5e6c58d65216 Mon Sep 17 00:00:00 2001 +From: Andreas Gruenbacher +Date: Mon, 4 Apr 2011 17:18:38 +0200 +Subject: [PATCH 2/2] Minor fixes to the previous commit + +* Assign the new libacl version ACL_1.2 to acl_extended_file_nofollow + so that package managers will end up with the appropriate + dependencies. +* Add a manpage entry for acl_extended_file_nofollow which sources + ("links to") the acl_extended_file manpage. +* Remove the prototype for getxattr/lgetxattr. +* Whitespace cleanups. +--- + exports | 7 ++++++- + libacl/__acl_extended_file.c | 7 ++++--- + libacl/__acl_extended_file.h | 7 +++---- + libacl/acl_extended_file_nofollow.c | 3 +-- + man/man3/acl_extended_file.3 | 2 +- + man/man3/acl_extended_file_nofollow.3 | 1 + + 6 files changed, 16 insertions(+), 11 deletions(-) + create mode 100644 man/man3/acl_extended_file_nofollow.3 + +diff --git a/exports b/exports +index b368c22..7d8e69e 100644 +--- a/exports ++++ b/exports +@@ -82,5 +82,10 @@ ACL_1.1 { + # Linux specific extensions + perm_copy_fd; + perm_copy_file; +- acl_extended_file_nofollow; + } ACL_1.0; ++ ++ACL_1.2 { ++ global: ++ # Linux specific extensions ++ acl_extended_file_nofollow; ++} ACL_1.1; +diff --git a/libacl/__acl_extended_file.c b/libacl/__acl_extended_file.c +index 629afe9..3e45abd 100644 +--- a/libacl/__acl_extended_file.c ++++ b/libacl/__acl_extended_file.c +@@ -1,5 +1,5 @@ + /* +- File: acl_extended_file.c ++ File: __acl_extended_file.c + + Copyright (C) 2000, 2011 + Andreas Gruenbacher, +@@ -29,7 +29,9 @@ + + + int +-__acl_extended_file(const char *path_p, getxattr_t fun) ++__acl_extended_file(const char *path_p, ++ ssize_t (*fun)(const char *, const char *, ++ void *, size_t)) + { + int base_size = sizeof(acl_ea_header) + 3 * sizeof(acl_ea_entry); + int retval; +@@ -46,4 +48,3 @@ __acl_extended_file(const char *path_p, getxattr_t fun) + return 1; + return 0; + } +- +diff --git a/libacl/__acl_extended_file.h b/libacl/__acl_extended_file.h +index f8881a1..0b0da9e 100644 +--- a/libacl/__acl_extended_file.h ++++ b/libacl/__acl_extended_file.h +@@ -1,4 +1,3 @@ +-typedef ssize_t (*getxattr_t)(const char *, const char *, void *value, +- size_t size); +- +-int __acl_extended_file(const char *path_p, getxattr_t fun); ++int __acl_extended_file(const char *path_p, ++ ssize_t (*)(const char *, const char *, ++ void *, size_t)); +diff --git a/libacl/acl_extended_file_nofollow.c b/libacl/acl_extended_file_nofollow.c +index 8f4711f..c253e4d 100644 +--- a/libacl/acl_extended_file_nofollow.c ++++ b/libacl/acl_extended_file_nofollow.c +@@ -1,5 +1,5 @@ + /* +- File: acl_extended_file.c ++ File: acl_extended_file_nofollow.c + + Copyright (C) 2011 + Andreas Gruenbacher, +@@ -31,4 +31,3 @@ acl_extended_file_nofollow(const char *path_p) + { + return __acl_extended_file(path_p, lgetxattr); + } +- +diff --git a/man/man3/acl_extended_file.3 b/man/man3/acl_extended_file.3 +index 1f04331..fdeef86 100644 +--- a/man/man3/acl_extended_file.3 ++++ b/man/man3/acl_extended_file.3 +@@ -65,7 +65,7 @@ system call can be used to check whether a given type of access to a file + object would be granted. + .Pp + .Fn acl_extended_file_nofollow +-is identical to ++is identical to + .Fn acl_extended_file , + except in the case of a symbolic link, where the link itself is interrogated, + not the file that it refers to. Since symbolic links have no ACL themselves, +diff --git a/man/man3/acl_extended_file_nofollow.3 b/man/man3/acl_extended_file_nofollow.3 +new file mode 100644 +index 0000000..44fc24f +--- /dev/null ++++ b/man/man3/acl_extended_file_nofollow.3 +@@ -0,0 +1 @@ ++.so man3/acl_extended_file.3 +-- +1.7.4 + diff --git a/acl.spec b/acl.spec index b3d80ad..878b250 100644 --- a/acl.spec +++ b/acl.spec @@ -1,7 +1,7 @@ Summary: Access control list utilities Name: acl Version: 2.2.49 -Release: 10%{?dist} +Release: 11%{?dist} BuildRoot: %{_tmppath}/%{name}-%{version}-%{release}-root-%(%{__id_u} -n) BuildRequires: gawk BuildRequires: gettext @@ -26,6 +26,9 @@ Patch5: acl-2.2.49-setfacl-restore.patch # fix typos in setfacl(1) man page (#675451) Patch6: acl-2.2.49-bz675451.patch +# add function acl_extended_file_nofollow() (#692982) +Patch7: acl-2.2.49-bz692982.patch + License: GPLv2+ Group: System Environment/Base URL: http://oss.sgi.com/projects/xfs/ @@ -65,6 +68,7 @@ defined in POSIX 1003.1e draft standard 17. %patch4 -p1 %patch5 -p1 %patch6 -p1 +%patch7 -p1 %build touch .census @@ -138,6 +142,9 @@ rm -rf $RPM_BUILD_ROOT /%{_lib}/libacl.so.* %changelog +* Wed Apr 06 2011 Kamil Dudka 2.2.49-11 +- add function acl_extended_file_nofollow() (#692982) + * Tue Mar 29 2011 Kamil Dudka 2.2.49-10 - fix typos in setfacl(1) man page (#675451)