/src/systemd/src/core/chown-recursive.c

Source (jump to first uncovered line)
/* SPDX-License-Identifier: LGPL-2.1+ */

#include <fcntl.h>
#include <sys/stat.h>
#include <sys/types.h>
#include <sys/xattr.h>

#include "chown-recursive.h"
#include "dirent-util.h"
#include "fd-util.h"
#include "fs-util.h"
#include "macro.h"
#include "stdio-util.h"
#include "strv.h"
#include "user-util.h"

static int chown_one(
                int fd,
                const struct stat *st,
                uid_t uid,
                gid_t gid,
                mode_t mask) {

        char procfs_path[STRLEN("/proc/self/fd/") + DECIMAL_STR_MAX(int) + 1];
        const char *n;
        int r;

        assert(fd >= 0);
        assert(st);

        /* We change ACLs through the /proc/self/fd/%i path, so that we have a stable reference that works
         * with O_PATH. */
        xsprintf(procfs_path, "/proc/self/fd/%i", fd);

        /* Drop any ACL if there is one */
        FOREACH_STRING(n, "system.posix_acl_access", "system.posix_acl_default")
                if (removexattr(procfs_path, n) < 0)
                        if (!IN_SET(errno, ENODATA, EOPNOTSUPP, ENOSYS, ENOTTY))
                                return -errno;

        r = fchmod_and_chown(fd, st->st_mode & mask, uid, gid);
        if (r < 0)
                return r;

        return 1;
}

static int chown_recursive_internal(
                int fd,
                const struct stat *st,
                uid_t uid,
                gid_t gid,
                mode_t mask) {

        _cleanup_closedir_ DIR *d = NULL;
        bool changed = false;
        struct dirent *de;
        int r;

        assert(fd >= 0);
        assert(st);

        d = fdopendir(fd);
        if (!d) {
                safe_close(fd);
                return -errno;
        }

        FOREACH_DIRENT_ALL(de, d, return -errno) {
                _cleanup_close_ int path_fd = -1;
                struct stat fst;

                if (dot_or_dot_dot(de->d_name))
                        continue;

                /* Let's pin the child inode we want to fix now with an O_PATH fd, so that it cannot be swapped out
                 * while we manipulate it. */
                path_fd = openat(dirfd(d), de->d_name, O_PATH|O_CLOEXEC|O_NOFOLLOW);
                if (path_fd < 0)
                        return -errno;

                if (fstat(path_fd, &fst) < 0)
                        return -errno;

                if (S_ISDIR(fst.st_mode)) {
                        int subdir_fd;

                        /* Convert it to a "real" (i.e. non-O_PATH) fd now */
                        subdir_fd = fd_reopen(path_fd, O_RDONLY|O_CLOEXEC|O_NOATIME);
                        if (subdir_fd < 0)
                                return subdir_fd;

                        r = chown_recursive_internal(subdir_fd, &fst, uid, gid, mask); /* takes possession of subdir_fd even on failure */
                        if (r < 0)
                                return r;
                        if (r > 0)
                                changed = true;
                } else {
                        r = chown_one(path_fd, &fst, uid, gid, mask);
                        if (r < 0)
                                return r;
                        if (r > 0)
                                changed = true;
                }
        }

        r = chown_one(dirfd(d), st, uid, gid, mask);
        if (r < 0)
                return r;

        return r > 0 || changed;
}

int path_chown_recursive(
                const char *path,
                uid_t uid,
                gid_t gid,
                mode_t mask) {

        _cleanup_close_ int fd = -1;
        struct stat st;

        fd = open(path, O_RDONLY|O_DIRECTORY|O_CLOEXEC|O_NOFOLLOW|O_NOATIME);
        if (fd < 0)
                return -errno;

        if (!uid_is_valid(uid) && !gid_is_valid(gid) && (mask & 07777) == 07777)
                return 0; /* nothing to do */

        if (fstat(fd, &st) < 0)
                return -errno;

        /* Let's take a shortcut: if the top-level directory is properly owned, we don't descend into the
         * whole tree, under the assumption that all is OK anyway. */
        if ((!uid_is_valid(uid) || st.st_uid == uid) &&
            (!gid_is_valid(gid) || st.st_gid == gid) &&
            ((st.st_mode & ~mask & 07777) == 0))
                return 0;

        return chown_recursive_internal(TAKE_FD(fd), &st, uid, gid, mask); /* we donate the fd to the call, regardless if it succeeded or failed */
}

Line	Count	Source (jump to first uncovered line)
1		/* SPDX-License-Identifier: LGPL-2.1+ */
2
3		#include <fcntl.h>
4		#include <sys/stat.h>
5		#include <sys/types.h>
6		#include <sys/xattr.h>
7
8		#include "chown-recursive.h"
9		#include "dirent-util.h"
10		#include "fd-util.h"
11		#include "fs-util.h"
12		#include "macro.h"
13		#include "stdio-util.h"
14		#include "strv.h"
15		#include "user-util.h"
16
17		static int chown_one(
18		int fd,
19		const struct stat *st,
20		uid_t uid,
21		gid_t gid,
22	0	mode_t mask) {
23	0
24	0	char procfs_path[STRLEN("/proc/self/fd/") + DECIMAL_STR_MAX(int) + 1];
25	0	const char *n;
26	0	int r;
27	0
28	0	assert(fd >= 0);
29	0	assert(st);
30	0
31	0	/* We change ACLs through the /proc/self/fd/%i path, so that we have a stable reference that works
32	0	* with O_PATH. */
33	0	xsprintf(procfs_path, "/proc/self/fd/%i", fd);
34	0
35	0	/* Drop any ACL if there is one */
36	0	FOREACH_STRING(n, "system.posix_acl_access", "system.posix_acl_default")
37	0	if (removexattr(procfs_path, n) < 0)
38	0	if (!IN_SET(errno, ENODATA, EOPNOTSUPP, ENOSYS, ENOTTY))
39	0	return -errno;
40	0
41	0	r = fchmod_and_chown(fd, st->st_mode & mask, uid, gid);
42	0	if (r < 0)
43	0	return r;
44	0
45	0	return 1;
46	0	}
47
48		static int chown_recursive_internal(
49		int fd,
50		const struct stat *st,
51		uid_t uid,
52		gid_t gid,
53	0	mode_t mask) {
54	0
55	0	_cleanup_closedir_ DIR *d = NULL;
56	0	bool changed = false;
57	0	struct dirent *de;
58	0	int r;
59	0
60	0	assert(fd >= 0);
61	0	assert(st);
62	0
63	0	d = fdopendir(fd);
64	0	if (!d) {
65	0	safe_close(fd);
66	0	return -errno;
67	0	}
68	0
69	0	FOREACH_DIRENT_ALL(de, d, return -errno) {
70	0	_cleanup_close_ int path_fd = -1;
71	0	struct stat fst;
72	0
73	0	if (dot_or_dot_dot(de->d_name))
74	0	continue;
75	0
76	0	/* Let's pin the child inode we want to fix now with an O_PATH fd, so that it cannot be swapped out
77	0	* while we manipulate it. */
78	0	path_fd = openat(dirfd(d), de->d_name, O_PATH\|O_CLOEXEC\|O_NOFOLLOW);
79	0	if (path_fd < 0)
80	0	return -errno;
81	0
82	0	if (fstat(path_fd, &fst) < 0)
83	0	return -errno;
84	0
85	0	if (S_ISDIR(fst.st_mode)) {
86	0	int subdir_fd;
87	0
88	0	/* Convert it to a "real" (i.e. non-O_PATH) fd now */
89	0	subdir_fd = fd_reopen(path_fd, O_RDONLY\|O_CLOEXEC\|O_NOATIME);
90	0	if (subdir_fd < 0)
91	0	return subdir_fd;
92	0
93	0	r = chown_recursive_internal(subdir_fd, &fst, uid, gid, mask); /* takes possession of subdir_fd even on failure */
94	0	if (r < 0)
95	0	return r;
96	0	if (r > 0)
97	0	changed = true;
98	0	} else {
99	0	r = chown_one(path_fd, &fst, uid, gid, mask);
100	0	if (r < 0)
101	0	return r;
102	0	if (r > 0)
103	0	changed = true;
104	0	}
105	0	}
106	0
107	0	r = chown_one(dirfd(d), st, uid, gid, mask);
108	0	if (r < 0)
109	0	return r;
110	0
111	0	return r > 0 \|\| changed;
112	0	}
113
114		int path_chown_recursive(
115		const char *path,
116		uid_t uid,
117		gid_t gid,
118	0	mode_t mask) {
119	0
120	0	_cleanup_close_ int fd = -1;
121	0	struct stat st;
122	0
123	0	fd = open(path, O_RDONLY\|O_DIRECTORY\|O_CLOEXEC\|O_NOFOLLOW\|O_NOATIME);
124	0	if (fd < 0)
125	0	return -errno;
126	0
127	0	if (!uid_is_valid(uid) && !gid_is_valid(gid) && (mask & 07777) == 07777)
128	0	return 0; /* nothing to do */
129	0
130	0	if (fstat(fd, &st) < 0)
131	0	return -errno;
132	0
133	0	/* Let's take a shortcut: if the top-level directory is properly owned, we don't descend into the
134	0	* whole tree, under the assumption that all is OK anyway. */
135	0	if ((!uid_is_valid(uid) \|\| st.st_uid == uid) &&
136	0	(!gid_is_valid(gid) \|\| st.st_gid == gid) &&
137	0	((st.st_mode & ~mask & 07777) == 0))
138	0	return 0;
139	0
140	0	return chown_recursive_internal(TAKE_FD(fd), &st, uid, gid, mask); /* we donate the fd to the call, regardless if it succeeded or failed */
141	0	}

Coverage Report

Created: 2019-06-19 13:33