1 /* Support for extended attributes.
3 Copyright (C) 2006, 2007, 2008, 2009, 2010, 2011, 2012 Free Software
6 Written by James Antill, on 2006-07-27.
8 This program is free software; you can redistribute it and/or modify it
9 under the terms of the GNU General Public License as published by the
10 Free Software Foundation; either version 2, or (at your option) any later
13 This program is distributed in the hope that it will be useful, but
14 WITHOUT ANY WARRANTY; without even the implied warranty of
15 MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU General
16 Public License for more details.
18 You should have received a copy of the GNU General Public License along
19 with this program; if not, write to the Free Software Foundation, Inc.,
20 51 Franklin Street, Fifth Floor, Boston, MA 02110-1301, USA. */
31 #include "selinux-at.h"
33 struct xattrs_mask_map
40 /* list of fnmatch patterns */
43 /* lists of fnmatch patterns */
44 struct xattrs_mask_map incl
;
45 struct xattrs_mask_map excl
;
48 /* disable posix acls when problem found in gnulib script m4/acl.m4 */
50 # undef HAVE_POSIX_ACLS
53 #ifdef HAVE_POSIX_ACLS
58 #ifdef HAVE_POSIX_ACLS
60 /* acl-at wrappers, TODO: move to gnulib in future? */
61 acl_t
acl_get_file_at (int dirfd
, const char *file
, acl_type_t type
);
62 int acl_set_file_at (int dirfd
, const char *file
, acl_type_t type
, acl_t acl
);
63 int file_has_acl_at (int dirfd
, char const *, struct stat
const *);
66 #define AT_FUNC_NAME acl_get_file_at
67 #define AT_FUNC_RESULT acl_t
68 #define AT_FUNC_FAIL (acl_t)NULL
69 #define AT_FUNC_F1 acl_get_file
70 #define AT_FUNC_POST_FILE_PARAM_DECLS , acl_type_t type
71 #define AT_FUNC_POST_FILE_ARGS , type
77 #undef AT_FUNC_POST_FILE_PARAM_DECLS
78 #undef AT_FUNC_POST_FILE_ARGS
81 #define AT_FUNC_NAME acl_set_file_at
82 #define AT_FUNC_F1 acl_set_file
83 #define AT_FUNC_POST_FILE_PARAM_DECLS , acl_type_t type, acl_t acl
84 #define AT_FUNC_POST_FILE_ARGS , type, acl
88 #undef AT_FUNC_POST_FILE_PARAM_DECLS
89 #undef AT_FUNC_POST_FILE_ARGS
91 /* gnulib file_has_acl_at */
92 #define AT_FUNC_NAME file_has_acl_at
93 #define AT_FUNC_F1 file_has_acl
94 #define AT_FUNC_POST_FILE_PARAM_DECLS , struct stat const *st
95 #define AT_FUNC_POST_FILE_ARGS , st
99 #undef AT_FUNC_POST_FILE_PARAM_DECLS
100 #undef AT_FUNC_POST_FILE_ARGS
102 /* convert unix permissions into an ACL ... needed due to "default" ACLs */
103 static acl_t
perms2acl (int perms
)
105 char val
[] = "user::---,group::---,other::---";
106 /* 0123456789 123456789 123456789 123456789 */
109 if (perms
& 0400) val
[ 6] = 'r';
110 if (perms
& 0200) val
[ 7] = 'w';
111 if (perms
& 0100) val
[ 8] = 'x';
114 if (perms
& 0040) val
[17] = 'r';
115 if (perms
& 0020) val
[18] = 'w';
116 if (perms
& 0010) val
[19] = 'x';
119 if (perms
& 0004) val
[28] = 'r';
120 if (perms
& 0002) val
[29] = 'w';
121 if (perms
& 0001) val
[30] = 'x';
123 return (acl_from_text (val
));
126 static char *skip_to_ext_fields (char *ptr
)
128 ptr
+= strcspn (ptr
, ":,\n"); /* skip tag name. Ie. user/group/default/mask */
131 return (ptr
); /* error? no user/group field */
134 ptr
+= strcspn (ptr
, ":,\n"); /* skip user/group name */
137 return (ptr
); /* error? no perms field */
140 ptr
+= strcspn (ptr
, ":,\n"); /* skip perms */
143 return (ptr
); /* no extra fields */
148 /* The POSIX draft allows extra fields after the three main ones. Star
149 uses this to add a fourth field for user/group which is the numeric ID.
150 We just skip all extra fields atm. */
151 static const char *fixup_extra_acl_fields (const char *ptr
)
153 char *src
= (char *)ptr
;
154 char *dst
= (char *)ptr
;
158 const char *old
= src
;
161 src
= skip_to_ext_fields (src
);
163 if (old
!= dst
) memmove (dst
, old
, len
);
166 if (*src
== ':') /* We have extra fields, skip them all */
167 src
+= strcspn (src
, "\n,");
169 if ((*src
== '\n') || (*src
== ','))
170 *dst
++ = *src
++; /* also done when dst == src, but that's ok */
178 static void xattrs__acls_set (struct tar_stat_info
const *st
,
179 char const *file_name
, int type
,
180 const char *ptr
, size_t len
, bool def
)
181 { /* "system.posix_acl_access" */
186 /* assert (strlen (ptr) == len); */
187 ptr
= fixup_extra_acl_fields (ptr
);
189 acl
= acl_from_text (ptr
);
192 else if (acls_option
> 0)
193 acl
= perms2acl (st
->stat
.st_mode
);
195 return; /* don't call acl functions unless we first hit an ACL, or
196 --acls was passed explicitly */
198 if (acl
== (acl_t
)NULL
)
200 call_arg_warn ("acl_from_text", file_name
);
204 if (acl_set_file_at (chdir_fd
, file_name
, type
, acl
) == -1)
205 /* warn even if filesystem does not support acls */
206 WARNOPT (WARN_XATTR_WRITE
, (0, errno
,
207 _("acl_set_file_at: Cannot set POSIX ACLs for file '%s'"), file_name
));
212 static void xattrs__acls_get_a (int parentfd
, const char *file_name
,
213 struct tar_stat_info
*st
,
214 char **ret_ptr
, size_t *ret_len
)
215 { /* "system.posix_acl_access" */
220 if ((acl
= acl_get_file_at (parentfd
, file_name
, ACL_TYPE_ACCESS
))
223 if (errno
!= ENOTSUP
)
224 call_arg_warn ("acl_get_file_at", file_name
);
228 val
= acl_to_text (acl
, &len
);
233 call_arg_warn ("acl_to_text", file_name
);
237 *ret_ptr
= xstrdup (val
);
243 static void xattrs__acls_get_d (int parentfd
, char const *file_name
,
244 struct tar_stat_info
*st
,
245 char **ret_ptr
, size_t *ret_len
)
246 { /* "system.posix_acl_default" */
251 if ((acl
= acl_get_file_at (parentfd
, file_name
, ACL_TYPE_DEFAULT
))
254 if (errno
!= ENOTSUP
)
255 call_arg_warn ("acl_get_file_at", file_name
);
259 val
= acl_to_text (acl
, &len
);
264 call_arg_warn ("acl_to_text", file_name
);
268 *ret_ptr
= xstrdup (val
);
273 #endif /* HAVE_POSIX_ACLS */
275 static void acls_one_line (const char *prefix
, char delim
,
276 const char *aclstring
, size_t len
)
278 /* support both long and short text representation of posix acls */
281 int pref_len
= strlen (prefix
);
282 const char *oldstring
= aclstring
;
284 if (!aclstring
|| !len
)
290 int move
= strcspn (aclstring
, ",\n");
294 if (oldstring
!= aclstring
)
295 obstack_1grow (&stk
, delim
);
297 obstack_grow (&stk
, prefix
, pref_len
);
298 obstack_grow (&stk
, aclstring
, move
);
300 aclstring
+= move
+ 1;
303 obstack_1grow (&stk
, '\0');
304 const char *toprint
= obstack_finish (&stk
);
306 fprintf (stdlis
, "%s", toprint
);
308 obstack_free (&stk
, NULL
);
311 void xattrs_acls_get (int parentfd
, char const *file_name
,
312 struct tar_stat_info
*st
, int fd
, int xisfile
)
316 #ifndef HAVE_POSIX_ACLS
319 WARN ((0, 0, _("POSIX ACL support is not available")));
322 int err
= file_has_acl_at (parentfd
, file_name
, &st
->stat
);
327 call_arg_warn ("file_has_acl_at", file_name
);
331 xattrs__acls_get_a (parentfd
, file_name
, st
,
332 &st
->acls_a_ptr
, &st
->acls_a_len
);
334 xattrs__acls_get_d (parentfd
, file_name
, st
,
335 &st
->acls_d_ptr
, &st
->acls_d_len
);
340 void xattrs_acls_set (struct tar_stat_info
const *st
,
341 char const *file_name
, char typeflag
)
343 if ((acls_option
> 0) && (typeflag
!= SYMTYPE
))
345 #ifndef HAVE_POSIX_ACLS
348 WARN ((0, 0, _("POSIX ACL support is not available")));
351 xattrs__acls_set (st
, file_name
, ACL_TYPE_ACCESS
,
352 st
->acls_a_ptr
, st
->acls_a_len
, false);
353 if ((typeflag
== DIRTYPE
) || (typeflag
== GNUTYPE_DUMPDIR
))
354 xattrs__acls_set (st
, file_name
, ACL_TYPE_DEFAULT
,
355 st
->acls_d_ptr
, st
->acls_d_len
, true);
360 static void mask_map_realloc (struct xattrs_mask_map
*map
)
365 map
->masks
= xmalloc (16 * sizeof (char *));
369 if (map
->size
<= map
->used
)
372 map
->masks
= xrealloc (map
->masks
, map
->size
* sizeof (char *));
377 void xattrs_mask_add (const char *mask
, bool incl
)
379 struct xattrs_mask_map
*mask_map
= incl
? &xattrs_setup
.incl
380 : &xattrs_setup
.excl
;
381 /* ensure there is enough space */
382 mask_map_realloc (mask_map
);
383 /* just assign pointers -- we silently expect that pointer "mask" is valid
384 through the whole program (pointer to argv array) */
385 mask_map
->masks
[mask_map
->used
++] = mask
;
388 static void clear_mask_map (struct xattrs_mask_map
*mask_map
)
391 free (mask_map
->masks
);
394 void xattrs_clear_setup ()
396 clear_mask_map (&xattrs_setup
.incl
);
397 clear_mask_map (&xattrs_setup
.excl
);
400 /* get all xattrs from file given by FILE_NAME or FD (when non-zero). This
401 includes all the user.*, security.*, system.*, etc. available domains */
402 void xattrs_xattrs_get (int parentfd
, char const *file_name
,
403 struct tar_stat_info
*st
, int fd
)
405 if (xattrs_option
> 0)
410 WARN ((0, 0, _("XATTR support is not available")));
413 static ssize_t xsz
= 1024;
414 static char *xatrs
= NULL
;
417 if (!xatrs
) xatrs
= xmalloc (xsz
);
420 ((xret
= llistxattrat (parentfd
, file_name
, xatrs
, xsz
)) == -1) :
421 ((xret
= flistxattr (fd
, xatrs
, xsz
)) == -1)) &&
425 xatrs
= xrealloc (xatrs
, xsz
);
429 call_arg_warn ((fd
== 0) ? "llistxattrat" : "flistxattr", file_name
);
432 const char *attr
= xatrs
;
433 static ssize_t asz
= 1024;
434 static char *val
= NULL
;
436 if (!val
) val
= xmalloc (asz
);
440 size_t len
= strlen (attr
);
443 /* Archive all xattrs during creation, decide at extraction time
444 * which ones are of interest/use for the target filesystem. */
446 ? ((aret
= lgetxattrat (parentfd
, file_name
, attr
,
448 : ((aret
= fgetxattr (fd
, attr
, val
, asz
)) == -1))
449 && (errno
== ERANGE
))
452 val
= xrealloc (val
, asz
);
456 xheader_xattr_add (st
, attr
, val
, aret
);
457 else if (errno
!= ENOATTR
)
458 call_arg_warn ((fd
== 0) ? "lgetxattrat"
459 : "fgetxattr", file_name
);
469 static void xattrs__fd_set (struct tar_stat_info
const *st
,
470 char const *file_name
, char typeflag
,
472 const char *ptr
, size_t len
)
476 const char *sysname
= "setxattrat";
479 if (typeflag
!= SYMTYPE
)
480 ret
= setxattrat (chdir_fd
, file_name
, attr
, ptr
, len
, 0);
483 sysname
= "lsetxattr";
484 ret
= lsetxattrat (chdir_fd
, file_name
, attr
, ptr
, len
, 0);
488 WARNOPT (WARN_XATTR_WRITE
, (0, errno
,
489 _("%s: Cannot set '%s' extended attribute for file '%s'"),
490 sysname
, attr
, file_name
));
494 /* lgetfileconat is called against FILE_NAME iff the FD parameter is set to
495 zero, otherwise the fgetfileconat is used against correct file descriptor */
496 void xattrs_selinux_get (int parentfd
, char const *file_name
,
497 struct tar_stat_info
*st
, int fd
)
499 if (selinux_context_option
> 0)
501 #if HAVE_SELINUX_SELINUX_H != 1
504 WARN ((0, 0, _("SELinux support is not available")));
507 int result
= (fd
? fgetfilecon (fd
, &st
->cntx_name
)
508 : lgetfileconat (parentfd
, file_name
, &st
->cntx_name
));
510 if (result
== -1 && errno
!= ENODATA
&& errno
!= ENOTSUP
)
511 call_arg_warn (fd
? "fgetfilecon" : "lgetfileconat", file_name
);
516 void xattrs_selinux_set (struct tar_stat_info
const *st
,
517 char const *file_name
, char typeflag
)
519 if (selinux_context_option
> 0)
521 #if HAVE_SELINUX_SELINUX_H != 1
524 WARN ((0, 0, _("SELinux support is not available")));
527 const char *sysname
= "setfilecon";
533 if (typeflag
!= SYMTYPE
)
535 ret
= setfileconat (chdir_fd
, file_name
, st
->cntx_name
);
536 sysname
= "setfileconat";
540 ret
= lsetfileconat (chdir_fd
, file_name
, st
->cntx_name
);
541 sysname
= "lsetfileconat";
545 WARNOPT (WARN_XATTR_WRITE
, (0, errno
,
546 _("%s: Cannot set SELinux context for file '%s'"), sysname
,
552 static bool xattrs_matches_mask (const char *kw
, struct xattrs_mask_map
*mm
)
559 for (i
= 0; i
< mm
->used
; i
++)
560 if (fnmatch (mm
->masks
[i
], kw
, 0) == 0)
566 static bool xattrs_kw_included (const char *kw
, bool archiving
)
568 if (xattrs_setup
.incl
.size
)
569 return xattrs_matches_mask (kw
, &xattrs_setup
.incl
);
575 return strncmp (kw
, "user.", strlen ("user.")) == 0;
579 static bool xattrs_kw_excluded (const char *kw
, bool archiving
)
581 if (!xattrs_setup
.excl
.size
)
584 return xattrs_matches_mask (kw
, &xattrs_setup
.excl
);
587 /* Check whether the xattr with keyword KW should be discarded from list of
588 attributes that are going to be archived/excluded (set ARCHIVING=true for
589 archiving, false for excluding) */
590 static bool xattrs_masked_out (const char *kw
, bool archiving
)
592 if (!xattrs_kw_included (kw
, archiving
))
595 return xattrs_kw_excluded (kw
, archiving
);
598 void xattrs_xattrs_set (struct tar_stat_info
const *st
,
599 char const *file_name
, char typeflag
,
602 if (xattrs_option
> 0)
607 WARN ((0, 0, _("XATTR support is not available")));
612 if (!st
->xattr_map_size
)
615 for (; scan
< st
->xattr_map_size
; ++scan
)
617 char *keyword
= st
->xattr_map
[scan
].xkey
;
618 keyword
+= strlen ("SCHILY.xattr.");
620 /* TODO: this 'later_run' workaround is temporary solution -> once
621 capabilities should become fully supported by it's API and there
622 should exist something like xattrs_capabilities_set() call.
623 For a regular files: all extended attributes are restored during
624 the first run except 'security.capability' which is restored in
626 if (typeflag
== REGTYPE
627 && later_run
== !!strcmp (keyword
, "security.capability"))
630 if (xattrs_masked_out (keyword
, false /* extracting */ ))
631 /* we don't want to restore this keyword */
634 xattrs__fd_set (st
, file_name
, typeflag
, keyword
,
635 st
->xattr_map
[scan
].xval_ptr
,
636 st
->xattr_map
[scan
].xval_len
);
642 void xattrs_print_char (struct tar_stat_info
const *st
, char *output
)
645 if (verbose_option
< 2)
651 if (xattrs_option
> 0 || selinux_context_option
> 0 || acls_option
> 0)
658 if (xattrs_option
> 0 && st
->xattr_map_size
)
659 for (i
= 0; i
< st
->xattr_map_size
; ++i
)
661 char *keyword
= st
->xattr_map
[i
].xkey
+ strlen ("SCHILY.xattr.");
662 if (xattrs_masked_out (keyword
, false /* like extracting */ ))
668 if (selinux_context_option
> 0 && st
->cntx_name
)
671 if (acls_option
&& (st
->acls_a_len
|| st
->acls_d_len
))
675 void xattrs_print (struct tar_stat_info
const *st
)
677 if (verbose_option
< 3)
681 if (selinux_context_option
&& st
->cntx_name
)
682 fprintf (stdlis
, " s: %s\n", st
->cntx_name
);
685 if (acls_option
&& (st
->acls_a_len
|| st
->acls_d_len
))
687 fprintf (stdlis
, " a: ");
688 acls_one_line ("", ',', st
->acls_a_ptr
, st
->acls_a_len
);
689 acls_one_line ("default:", ',', st
->acls_d_ptr
, st
->acls_d_len
);
690 fprintf (stdlis
, "\n");
694 if (xattrs_option
&& st
->xattr_map_size
)
697 for (i
= 0; i
< st
->xattr_map_size
; ++i
)
699 char *keyword
= st
->xattr_map
[i
].xkey
+ strlen ("SCHILY.xattr.");
700 if (xattrs_masked_out (keyword
, false /* like extracting */ ))
702 fprintf (stdlis
, " x: %lu %s\n",
703 (unsigned long) st
->xattr_map
[i
].xval_len
, keyword
);