From owner-svn-src-head@freebsd.org Tue Apr 10 23:29:58 2018 Return-Path: Delivered-To: svn-src-head@mailman.ysv.freebsd.org Received: from mx1.freebsd.org (mx1.freebsd.org [IPv6:2610:1c1:1:606c::19:1]) by mailman.ysv.freebsd.org (Postfix) with ESMTP id 48BA9FA337E; Tue, 10 Apr 2018 23:29:58 +0000 (UTC) (envelope-from emaste@FreeBSD.org) Received: from mxrelay.nyi.freebsd.org (mxrelay.nyi.freebsd.org [IPv6:2610:1c1:1:606c::19:3]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)) (Client CN "mxrelay.nyi.freebsd.org", Issuer "Let's Encrypt Authority X3" (verified OK)) by mx1.freebsd.org (Postfix) with ESMTPS id EB5787D1D5; Tue, 10 Apr 2018 23:29:57 +0000 (UTC) (envelope-from emaste@FreeBSD.org) Received: from repo.freebsd.org (repo.freebsd.org [IPv6:2610:1c1:1:6068::e6a:0]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)) (Client did not present a certificate) by mxrelay.nyi.freebsd.org (Postfix) with ESMTPS id E61DB144D6; Tue, 10 Apr 2018 23:29:57 +0000 (UTC) (envelope-from emaste@FreeBSD.org) Received: from repo.freebsd.org ([127.0.1.37]) by repo.freebsd.org (8.15.2/8.15.2) with ESMTP id w3ANTviN075721; Tue, 10 Apr 2018 23:29:57 GMT (envelope-from emaste@FreeBSD.org) Received: (from emaste@localhost) by repo.freebsd.org (8.15.2/8.15.2/Submit) id w3ANTvqb075717; Tue, 10 Apr 2018 23:29:57 GMT (envelope-from emaste@FreeBSD.org) Message-Id: <201804102329.w3ANTvqb075717@repo.freebsd.org> X-Authentication-Warning: repo.freebsd.org: emaste set sender to emaste@FreeBSD.org using -f From: Ed Maste Date: Tue, 10 Apr 2018 23:29:57 +0000 (UTC) To: src-committers@freebsd.org, svn-src-all@freebsd.org, svn-src-head@freebsd.org Subject: svn commit: r332396 - head/bin/setfacl X-SVN-Group: head X-SVN-Commit-Author: emaste X-SVN-Commit-Paths: head/bin/setfacl X-SVN-Commit-Revision: 332396 X-SVN-Commit-Repository: base MIME-Version: 1.0 Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 8bit X-BeenThere: svn-src-head@freebsd.org X-Mailman-Version: 2.1.25 Precedence: list List-Id: SVN commit messages for the src tree for head/-current List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Tue, 10 Apr 2018 23:29:58 -0000 Author: emaste Date: Tue Apr 10 23:29:57 2018 New Revision: 332396 URL: https://svnweb.freebsd.org/changeset/base/332396 Log: setfacl: add recursive functionality Add a -R option to setfacl to operate recursively on directories, along with the accompanying flags -H, -L, and -P (whose behaviour mimics chmod). A patch was submitted with PR 155163, but this is a new implementation based on comments raised in the Phabricator review for that patch (review D9096). PR: 155163 Submitted by: Mitchell Horne Reviewed by: jilles MFC after: 2 weeks Relnotes: Yes Sponsored by: The FreeBSD Foundation Differential Revision: https://reviews.freebsd.org/D14934 Modified: head/bin/setfacl/setfacl.1 head/bin/setfacl/setfacl.c head/bin/setfacl/setfacl.h head/bin/setfacl/util.c Modified: head/bin/setfacl/setfacl.1 ============================================================================== --- head/bin/setfacl/setfacl.1 Tue Apr 10 22:57:56 2018 (r332395) +++ head/bin/setfacl/setfacl.1 Tue Apr 10 23:29:57 2018 (r332396) @@ -26,7 +26,7 @@ .\" .\" $FreeBSD$ .\" -.Dd January 23, 2016 +.Dd April 10, 2018 .Dt SETFACL 1 .Os .Sh NAME @@ -34,6 +34,7 @@ .Nd set ACL information .Sh SYNOPSIS .Nm +.Op Fl R Op Fl H | L | P .Op Fl bdhkn .Op Fl a Ar position entries .Op Fl m Ar entries @@ -83,6 +84,12 @@ default ACL's. This option is not applicable to NFSv4 .It Fl h If the target of the operation is a symbolic link, perform the operation on the symbolic link itself, rather than following the link. +.It Fl H +If the +.Fl R +option is specified, symbolic links on the command line are followed +and hence unaffected by the command. +(Symbolic links encountered during tree traversal are not followed.) .It Fl k Delete any default ACL entries on the specified files. It @@ -91,6 +98,10 @@ any default ACL entries. An error will be reported if any of the specified files cannot have a default entry (i.e.\& non-directories). This option is not applicable to NFSv4 ACLs. +.It Fl L +If the +.Fl R +option is specified, all symbolic links are followed. .It Fl m Ar entries Modify the ACL on the specified file. New entries will be added, and existing entries will be modified @@ -116,6 +127,13 @@ the input is taken from stdin. Do not recalculate the permissions associated with the ACL mask entry. This option is not applicable to NFSv4 ACLs. +.It Fl P +If the +.Fl R +option is specified, no symbolic links are followed. +This is the default. +.It Fl R +Perform the action recursively on any specified directories. .It Fl x Ar entries | position If .Ar entries Modified: head/bin/setfacl/setfacl.c ============================================================================== --- head/bin/setfacl/setfacl.c Tue Apr 10 22:57:56 2018 (r332395) +++ head/bin/setfacl/setfacl.c Tue Apr 10 23:29:57 2018 (r332396) @@ -35,6 +35,9 @@ __FBSDID("$FreeBSD$"); #include #include +#include +#include +#include #include #include #include @@ -59,41 +62,20 @@ struct sf_entry { }; static TAILQ_HEAD(, sf_entry) entrylist; -/* TAILQ entry for files */ -struct sf_file { - const char *filename; - TAILQ_ENTRY(sf_file) next; -}; -static TAILQ_HEAD(, sf_file) filelist; - uint have_mask; uint need_mask; uint have_stdin; uint n_flag; -static void add_filename(const char *filename); static void usage(void); static void -add_filename(const char *filename) -{ - struct sf_file *file; - - if (strlen(filename) > PATH_MAX - 1) { - warn("illegal filename"); - return; - } - file = zmalloc(sizeof(struct sf_file)); - file->filename = filename; - TAILQ_INSERT_TAIL(&filelist, file, next); -} - -static void usage(void) { - fprintf(stderr, "usage: setfacl [-bdhkn] [-a position entries] " - "[-m entries] [-M file] [-x entries] [-X file] [file ...]\n"); + fprintf(stderr, "usage: setfacl [-R [-H | -L | -P]] [-bdhkn] " + "[-a position entries] [-m entries] [-M file] " + "[-x entries] [-X file] [file ...]\n"); exit(1); } @@ -104,23 +86,32 @@ main(int argc, char *argv[]) acl_type_t acl_type; acl_entry_t unused_entry; char filename[PATH_MAX]; - int local_error, carried_error, ch, i, entry_number, ret; - int h_flag; - struct sf_file *file; + int local_error, carried_error, ch, entry_number, ret, fts_options; + bool h_flag, H_flag, L_flag, R_flag, follow_symlink; + size_t fl_count, i; + FTS *ftsp; + FTSENT *file; + char **files_list; struct sf_entry *entry; - const char *fn_dup; char *end; - struct stat sb; acl_type = ACL_TYPE_ACCESS; - carried_error = local_error = 0; - h_flag = have_mask = have_stdin = n_flag = need_mask = 0; + carried_error = local_error = fts_options = 0; + have_mask = have_stdin = n_flag = need_mask = 0; + h_flag = H_flag = L_flag = R_flag = false; TAILQ_INIT(&entrylist); - TAILQ_INIT(&filelist); - while ((ch = getopt(argc, argv, "M:X:a:bdhkm:nx:")) != -1) + while ((ch = getopt(argc, argv, "HLM:PRX:a:bdhkm:nx:")) != -1) switch(ch) { + case 'H': + H_flag = true; + L_flag = false; + break; + case 'L': + L_flag = true; + H_flag = false; + break; case 'M': entry = zmalloc(sizeof(struct sf_entry)); entry->acl = get_acl_from_file(optarg); @@ -129,6 +120,12 @@ main(int argc, char *argv[]) entry->op = OP_MERGE_ACL; TAILQ_INSERT_TAIL(&entrylist, entry, next); break; + case 'P': + H_flag = L_flag = false; + break; + case 'R': + R_flag = true; + break; case 'X': entry = zmalloc(sizeof(struct sf_entry)); entry->acl = get_acl_from_file(optarg); @@ -213,43 +210,93 @@ main(int argc, char *argv[]) err(1, "cannot have more than one stdin"); have_stdin = 1; bzero(&filename, sizeof(filename)); + i = 0; + /* Start with an array size sufficient for basic cases. */ + fl_count = 1024; + files_list = zmalloc(fl_count * sizeof(char *)); while (fgets(filename, (int)sizeof(filename), stdin)) { /* remove the \n */ filename[strlen(filename) - 1] = '\0'; - fn_dup = strdup(filename); - if (fn_dup == NULL) + files_list[i] = strdup(filename); + if (files_list[i] == NULL) err(1, "strdup() failed"); - add_filename(fn_dup); + /* Grow array if necessary. */ + if (++i == fl_count) { + fl_count <<= 1; + if (fl_count > SIZE_MAX / sizeof(char *)) + errx(1, "Too many input files"); + files_list = zrealloc(files_list, + fl_count * sizeof(char *)); + } } + + /* fts_open() requires the last array element to be NULL. */ + files_list[i] = NULL; } else - for (i = 0; i < argc; i++) - add_filename(argv[i]); + files_list = argv; - /* cycle through each file */ - TAILQ_FOREACH(file, &filelist, next) { - local_error = 0; + if (R_flag) { + if (h_flag) + errx(1, "the -R and -h options may not be " + "specified together."); + if (L_flag) { + fts_options = FTS_LOGICAL; + } else { + fts_options = FTS_PHYSICAL; - if (stat(file->filename, &sb) == -1) { - warn("%s: stat() failed", file->filename); - carried_error++; + if (H_flag) { + fts_options |= FTS_COMFOLLOW; + } + } + } else if (h_flag) { + fts_options = FTS_PHYSICAL; + } else { + fts_options = FTS_LOGICAL; + } + + /* Open all files. */ + if ((ftsp = fts_open(files_list, fts_options | FTS_NOSTAT, 0)) == NULL) + err(1, "fts_open"); + while ((file = fts_read(ftsp)) != NULL) { + switch (file->fts_info) { + case FTS_D: + /* Do not recurse if -R not specified. */ + if (!R_flag) + fts_set(ftsp, file, FTS_SKIP); + break; + case FTS_DP: + /* Skip the second visit to a directory. */ continue; + case FTS_DNR: + case FTS_ERR: + warnx("%s: %s", file->fts_path, + strerror(file->fts_errno)); + continue; + default: + break; } - if (acl_type == ACL_TYPE_DEFAULT && S_ISDIR(sb.st_mode) == 0) { - warnx("%s: default ACL may only be set on a directory", - file->filename); + if (acl_type == ACL_TYPE_DEFAULT && file->fts_info != FTS_D) { + warnx("%s: default ACL may only be set on " + "a directory", file->fts_path); carried_error++; continue; } - if (h_flag) - ret = lpathconf(file->filename, _PC_ACL_NFS4); + local_error = 0; + + follow_symlink = ((fts_options & FTS_LOGICAL) || + ((fts_options & FTS_COMFOLLOW) && + file->fts_level == FTS_ROOTLEVEL)); + + if (follow_symlink) + ret = pathconf(file->fts_accpath, _PC_ACL_NFS4); else - ret = pathconf(file->filename, _PC_ACL_NFS4); + ret = lpathconf(file->fts_accpath, _PC_ACL_NFS4); if (ret > 0) { if (acl_type == ACL_TYPE_DEFAULT) { warnx("%s: there are no default entries " - "in NFSv4 ACLs", file->filename); + "in NFSv4 ACLs", file->fts_path); carried_error++; continue; } @@ -259,20 +306,20 @@ main(int argc, char *argv[]) acl_type = ACL_TYPE_ACCESS; } else if (ret < 0 && errno != EINVAL) { warn("%s: pathconf(..., _PC_ACL_NFS4) failed", - file->filename); + file->fts_path); } - if (h_flag) - acl = acl_get_link_np(file->filename, acl_type); + if (follow_symlink) + acl = acl_get_file(file->fts_accpath, acl_type); else - acl = acl_get_file(file->filename, acl_type); + acl = acl_get_link_np(file->fts_accpath, acl_type); if (acl == NULL) { - if (h_flag) - warn("%s: acl_get_link_np() failed", - file->filename); - else + if (follow_symlink) warn("%s: acl_get_file() failed", - file->filename); + file->fts_path); + else + warn("%s: acl_get_link_np() failed", + file->fts_path); carried_error++; continue; } @@ -285,11 +332,12 @@ main(int argc, char *argv[]) switch(entry->op) { case OP_ADD_ACL: local_error += add_acl(entry->acl, - entry->entry_number, &acl, file->filename); + entry->entry_number, + &acl, file->fts_path); break; case OP_MERGE_ACL: local_error += merge_acl(entry->acl, &acl, - file->filename); + file->fts_path); need_mask = 1; break; case OP_REMOVE_EXT: @@ -301,37 +349,37 @@ main(int argc, char *argv[]) acl_get_entry(acl, ACL_FIRST_ENTRY, &unused_entry) == 0) { local_error += remove_default(&acl, - file->filename); + file->fts_path); break; } - remove_ext(&acl, file->filename); + remove_ext(&acl, file->fts_path); need_mask = 0; break; case OP_REMOVE_DEF: if (acl_type == ACL_TYPE_NFS4) { warnx("%s: there are no default entries in NFSv4 ACLs; " - "cannot remove", file->filename); + "cannot remove", file->fts_path); local_error++; break; } - if (acl_delete_def_file(file->filename) == -1) { + if (acl_delete_def_file(file->fts_accpath) == -1) { warn("%s: acl_delete_def_file() failed", - file->filename); + file->fts_path); local_error++; } if (acl_type == ACL_TYPE_DEFAULT) local_error += remove_default(&acl, - file->filename); + file->fts_path); need_mask = 0; break; case OP_REMOVE_ACL: local_error += remove_acl(entry->acl, &acl, - file->filename); + file->fts_path); need_mask = 1; break; case OP_REMOVE_BY_NUMBER: local_error += remove_by_number(entry->entry_number, - &acl, file->filename); + &acl, file->fts_path); need_mask = 1; break; } @@ -343,9 +391,9 @@ main(int argc, char *argv[]) */ if (acl_type == ACL_TYPE_DEFAULT && acl_get_entry(acl, ACL_FIRST_ENTRY, &unused_entry) == 0) { - if (acl_delete_def_file(file->filename) == -1) { + if (acl_delete_def_file(file->fts_accpath) == -1) { warn("%s: acl_delete_def_file() failed", - file->filename); + file->fts_path); carried_error++; } continue; @@ -358,22 +406,22 @@ main(int argc, char *argv[]) } if (acl_type != ACL_TYPE_NFS4 && need_mask && - set_acl_mask(&acl, file->filename) == -1) { - warnx("%s: failed to set ACL mask", file->filename); + set_acl_mask(&acl, file->fts_path) == -1) { + warnx("%s: failed to set ACL mask", file->fts_path); carried_error++; - } else if (h_flag) { - if (acl_set_link_np(file->filename, acl_type, + } else if (follow_symlink) { + if (acl_set_file(file->fts_accpath, acl_type, acl) == -1) { carried_error++; - warn("%s: acl_set_link_np() failed", - file->filename); + warn("%s: acl_set_file() failed", + file->fts_path); } } else { - if (acl_set_file(file->filename, acl_type, + if (acl_set_link_np(file->fts_accpath, acl_type, acl) == -1) { carried_error++; - warn("%s: acl_set_file() failed", - file->filename); + warn("%s: acl_set_link_np() failed", + file->fts_path); } } Modified: head/bin/setfacl/setfacl.h ============================================================================== --- head/bin/setfacl/setfacl.h Tue Apr 10 22:57:56 2018 (r332395) +++ head/bin/setfacl/setfacl.h Tue Apr 10 23:29:57 2018 (r332396) @@ -47,6 +47,7 @@ void remove_ext(acl_t *prev_acl, const char *filenam int set_acl_mask(acl_t *prev_acl, const char *filename); /* util.c */ void *zmalloc(size_t size); +void *zrealloc(void *ptr, size_t size); const char *brand_name(int brand); int branding_mismatch(int brand1, int brand2); Modified: head/bin/setfacl/util.c ============================================================================== --- head/bin/setfacl/util.c Tue Apr 10 22:57:56 2018 (r332395) +++ head/bin/setfacl/util.c Tue Apr 10 23:29:57 2018 (r332396) @@ -44,6 +44,17 @@ zmalloc(size_t size) return (ptr); } +void * +zrealloc(void *ptr, size_t size) +{ + void *newptr; + + newptr = realloc(ptr, size); + if (newptr == NULL) + err(1, "realloc() failed"); + return (newptr); +} + const char * brand_name(int brand) {