]>
Commit | Line | Data |
---|---|---|
db9ecf05 | 1 | /* SPDX-License-Identifier: LGPL-2.1-or-later */ |
a1164ae3 | 2 | |
a1164ae3 | 3 | #include <fcntl.h> |
5de6cce5 LP |
4 | #include <sys/stat.h> |
5 | #include <sys/types.h> | |
f89bc84f | 6 | #include <sys/xattr.h> |
a1164ae3 | 7 | |
a1164ae3 | 8 | #include "chown-recursive.h" |
5de6cce5 LP |
9 | #include "dirent-util.h" |
10 | #include "fd-util.h" | |
4b3b5bc7 | 11 | #include "fs-util.h" |
5de6cce5 LP |
12 | #include "macro.h" |
13 | #include "stdio-util.h" | |
14 | #include "strv.h" | |
15 | #include "user-util.h" | |
a1164ae3 | 16 | |
607b358e LP |
17 | static int chown_one( |
18 | int fd, | |
19 | const struct stat *st, | |
20 | uid_t uid, | |
21 | gid_t gid, | |
22 | mode_t mask) { | |
23 | ||
4b3b5bc7 | 24 | int r; |
a1164ae3 LP |
25 | |
26 | assert(fd >= 0); | |
27 | assert(st); | |
28 | ||
4b3b5bc7 LP |
29 | /* We change ACLs through the /proc/self/fd/%i path, so that we have a stable reference that works |
30 | * with O_PATH. */ | |
a1164ae3 | 31 | |
f89bc84f LP |
32 | /* Drop any ACL if there is one */ |
33 | FOREACH_STRING(n, "system.posix_acl_access", "system.posix_acl_default") | |
ddb6eeaf | 34 | if (removexattr(FORMAT_PROC_FD_PATH(fd), n) < 0) |
00675c36 | 35 | if (!ERRNO_IS_XATTR_ABSENT(errno)) |
f89bc84f LP |
36 | return -errno; |
37 | ||
4b3b5bc7 LP |
38 | r = fchmod_and_chown(fd, st->st_mode & mask, uid, gid); |
39 | if (r < 0) | |
40 | return r; | |
5de6cce5 | 41 | |
a1164ae3 LP |
42 | return 1; |
43 | } | |
44 | ||
607b358e LP |
45 | static int chown_recursive_internal( |
46 | int fd, | |
47 | const struct stat *st, | |
48 | uid_t uid, | |
49 | gid_t gid, | |
50 | mode_t mask) { | |
51 | ||
5de6cce5 | 52 | _cleanup_closedir_ DIR *d = NULL; |
a1164ae3 LP |
53 | bool changed = false; |
54 | int r; | |
55 | ||
56 | assert(fd >= 0); | |
57 | assert(st); | |
58 | ||
5de6cce5 LP |
59 | d = fdopendir(fd); |
60 | if (!d) { | |
61 | safe_close(fd); | |
62 | return -errno; | |
63 | } | |
64 | ||
65 | FOREACH_DIRENT_ALL(de, d, return -errno) { | |
254d1313 | 66 | _cleanup_close_ int path_fd = -EBADF; |
5de6cce5 LP |
67 | struct stat fst; |
68 | ||
69 | if (dot_or_dot_dot(de->d_name)) | |
70 | continue; | |
71 | ||
72 | /* Let's pin the child inode we want to fix now with an O_PATH fd, so that it cannot be swapped out | |
73 | * while we manipulate it. */ | |
74 | path_fd = openat(dirfd(d), de->d_name, O_PATH|O_CLOEXEC|O_NOFOLLOW); | |
75 | if (path_fd < 0) | |
76 | return -errno; | |
77 | ||
78 | if (fstat(path_fd, &fst) < 0) | |
79 | return -errno; | |
80 | ||
81 | if (S_ISDIR(fst.st_mode)) { | |
82 | int subdir_fd; | |
83 | ||
84 | /* Convert it to a "real" (i.e. non-O_PATH) fd now */ | |
85 | subdir_fd = fd_reopen(path_fd, O_RDONLY|O_CLOEXEC|O_NOATIME); | |
86 | if (subdir_fd < 0) | |
87 | return subdir_fd; | |
88 | ||
607b358e | 89 | r = chown_recursive_internal(subdir_fd, &fst, uid, gid, mask); /* takes possession of subdir_fd even on failure */ |
5de6cce5 LP |
90 | if (r < 0) |
91 | return r; | |
92 | if (r > 0) | |
93 | changed = true; | |
94 | } else { | |
607b358e | 95 | r = chown_one(path_fd, &fst, uid, gid, mask); |
5de6cce5 LP |
96 | if (r < 0) |
97 | return r; | |
98 | if (r > 0) | |
99 | changed = true; | |
a1164ae3 | 100 | } |
5de6cce5 | 101 | } |
a1164ae3 | 102 | |
607b358e | 103 | r = chown_one(dirfd(d), st, uid, gid, mask); |
a1164ae3 | 104 | if (r < 0) |
5de6cce5 | 105 | return r; |
a1164ae3 | 106 | |
5de6cce5 | 107 | return r > 0 || changed; |
a1164ae3 LP |
108 | } |
109 | ||
607b358e LP |
110 | int path_chown_recursive( |
111 | const char *path, | |
112 | uid_t uid, | |
113 | gid_t gid, | |
d5602c16 LP |
114 | mode_t mask, |
115 | int flags) { | |
607b358e | 116 | |
254d1313 | 117 | _cleanup_close_ int fd = -EBADF; |
a1164ae3 | 118 | struct stat st; |
a1164ae3 | 119 | |
d5602c16 LP |
120 | assert((flags & ~AT_SYMLINK_FOLLOW) == 0); |
121 | ||
122 | fd = open(path, O_RDONLY|O_DIRECTORY|O_CLOEXEC|O_NOATIME|(FLAGS_SET(flags, AT_SYMLINK_FOLLOW) ? 0 : O_NOFOLLOW)); | |
a1164ae3 LP |
123 | if (fd < 0) |
124 | return -errno; | |
125 | ||
1d6cc5d0 | 126 | if (!uid_is_valid(uid) && !gid_is_valid(gid) && FLAGS_SET(mask, 07777)) |
a1164ae3 LP |
127 | return 0; /* nothing to do */ |
128 | ||
129 | if (fstat(fd, &st) < 0) | |
130 | return -errno; | |
131 | ||
85318688 LP |
132 | /* Let's take a shortcut: if the top-level directory is properly owned, we don't descend into the |
133 | * whole tree, under the assumption that all is OK anyway. */ | |
a1164ae3 | 134 | if ((!uid_is_valid(uid) || st.st_uid == uid) && |
85318688 LP |
135 | (!gid_is_valid(gid) || st.st_gid == gid) && |
136 | ((st.st_mode & ~mask & 07777) == 0)) | |
a1164ae3 LP |
137 | return 0; |
138 | ||
607b358e | 139 | return chown_recursive_internal(TAKE_FD(fd), &st, uid, gid, mask); /* we donate the fd to the call, regardless if it succeeded or failed */ |
a1164ae3 | 140 | } |
e1072081 LP |
141 | |
142 | int fd_chown_recursive( | |
143 | int fd, | |
144 | uid_t uid, | |
145 | gid_t gid, | |
146 | mode_t mask) { | |
147 | ||
254d1313 | 148 | int duplicated_fd = -EBADF; |
e1072081 LP |
149 | struct stat st; |
150 | ||
151 | /* Note that the slightly different order of fstat() and the checks here and in | |
162392b7 | 152 | * path_chown_recursive(). That's because when we open the directory ourselves we can specify |
e1072081 LP |
153 | * O_DIRECTORY and we always want to ensure we are operating on a directory before deciding whether |
154 | * the operation is otherwise redundant. */ | |
155 | ||
156 | if (fstat(fd, &st) < 0) | |
157 | return -errno; | |
158 | ||
159 | if (!S_ISDIR(st.st_mode)) | |
160 | return -ENOTDIR; | |
161 | ||
1d6cc5d0 | 162 | if (!uid_is_valid(uid) && !gid_is_valid(gid) && FLAGS_SET(mask, 07777)) |
e1072081 LP |
163 | return 0; /* nothing to do */ |
164 | ||
165 | /* Shortcut, as above */ | |
166 | if ((!uid_is_valid(uid) || st.st_uid == uid) && | |
167 | (!gid_is_valid(gid) || st.st_gid == gid) && | |
168 | ((st.st_mode & ~mask & 07777) == 0)) | |
169 | return 0; | |
170 | ||
171 | /* Let's duplicate the fd here, as opendir() wants to take possession of it and close it afterwards */ | |
172 | duplicated_fd = fcntl(fd, F_DUPFD_CLOEXEC, 3); | |
173 | if (duplicated_fd < 0) | |
174 | return -errno; | |
175 | ||
176 | return chown_recursive_internal(duplicated_fd, &st, uid, gid, mask); /* fd donated even on failure */ | |
177 | } |