[tar.git] / acls-bugfix.patch

Description: Do not set default acls when --acls flag is used 
Origin: http://git.savannah.gnu.org/cgit/tar.git/commit/?id=7fe7adcbb985e78aaf9f78051fa26167779be1f6
Forwarded: not-needed
Author: Pavel Raiskup <praiskup@redhat.com>
Bug-Upstream: http://www.mail-archive.com/bug-tar@gnu.org/msg04355.html
Bug-Debian: https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=819978
Bug-PVE: https://bugzilla.proxmox.com/show_bug.cgi?id=928

acls: bugfix for default ACLs extraction
    
    When --acls option is on (regardless of tarball contents or
    tarball format), we should explicitly set OR delete default ACLs
    for extracted directories.  Prior to this update, we always
    created arbitrary default ACLs based standard file permissions.
    
    * configure.ac (with_posix_acls): Check also for acl_free and
    acl_delete_def_file to mark IEEE 1003.1e ACLs as supported.
    * src/xattrs.c (acl_delete_def_file_at): New function.
    (xattrs__acls_set): Do not treat acls_option at all;  Delete
    default ACLs if appropriate.
    
    References:
    http://www.mail-archive.com/bug-tar@gnu.org/msg04355.html
    Thanks: Juan J. Martínez and Mark Steinborn

diff --git a/configure.ac b/configure.ac
index 08bed2b..d393876 100644
--- a/configure.ac
+++ b/configure.ac
@@ -74,7 +74,8 @@ AC_ARG_WITH([posix-acls],
 if test "x$with_posix_acls" != "xno"; then
   AC_CHECK_HEADERS(sys/acl.h,, [with_posix_acls=no])
   for tar_acl_func in acl_get_file acl_get_fd acl_set_file acl_set_fd \
-		      acl_to_text acl_from_text; do \
+		      acl_to_text acl_from_text acl_delete_def_file \
+		      acl_free; do \
     test "x$with_posix_acls" = xno && break
     AC_SEARCH_LIBS([$tar_acl_func], [acl pacl], [], [with_posix_acls=no])
   done
diff --git a/src/xattrs.c b/src/xattrs.c
index dbaa209..307ee38 100644
--- a/src/xattrs.c
+++ b/src/xattrs.c
@@ -61,6 +61,7 @@ static struct
 static acl_t acl_get_file_at (int, const char *, acl_type_t);
 static int acl_set_file_at (int, const char *, acl_type_t, acl_t);
 static int file_has_acl_at (int, char const *, struct stat const *);
+static int acl_delete_def_file_at (int, char const *);
 
 /* acl_get_file_at */
 #define AT_FUNC_NAME acl_get_file_at
@@ -88,6 +89,17 @@ static int file_has_acl_at (int, char const *, struct stat const *);
 #undef AT_FUNC_POST_FILE_PARAM_DECLS
 #undef AT_FUNC_POST_FILE_ARGS
 
+/* acl_delete_def_file_at */
+#define AT_FUNC_NAME acl_delete_def_file_at
+#define AT_FUNC_F1 acl_delete_def_file
+#define AT_FUNC_POST_FILE_PARAM_DECLS
+#define AT_FUNC_POST_FILE_ARGS
+#include "at-func.c"
+#undef AT_FUNC_NAME
+#undef AT_FUNC_F1
+#undef AT_FUNC_POST_FILE_PARAM_DECLS
+#undef AT_FUNC_POST_FILE_ARGS
+
 /* gnulib file_has_acl_at */
 #define AT_FUNC_NAME file_has_acl_at
 #define AT_FUNC_F1 file_has_acl
@@ -187,7 +199,8 @@ fixup_extra_acl_fields (char *ptr)
   return ptr;
 }
 
-/* "system.posix_acl_access" */
+/* Set the "system.posix_acl_access/system.posix_acl_default" extended
+   attribute.  Called only when acls_option > 0. */
 static void
 xattrs__acls_set (struct tar_stat_info const *st,
                   char const *file_name, int type,
@@ -199,15 +212,23 @@ xattrs__acls_set (struct tar_stat_info const *st,
     {
       /* assert (strlen (ptr) == len); */
       ptr = fixup_extra_acl_fields (ptr);
-
       acl = acl_from_text (ptr);
-      acls_option = 1;
     }
-  else if (acls_option > 0)
-    acl = perms2acl (st->stat.st_mode);
+  else if (def)
+    {
+      /* No "default" IEEE 1003.1e ACL set for directory.  At this moment,
+         FILE_NAME may already have inherited default acls from parent
+         directory;  clean them up. */
+      if (acl_delete_def_file_at (chdir_fd, file_name))
+        WARNOPT (WARN_XATTR_WRITE,
+                (0, errno,
+                 _("acl_delete_def_file_at: Cannot drop default POSIX ACLs "
+                   "for file '%s'"),
+                 file_name));
+      return;
+    }
   else
-    return;  /* don't call acl functions unless we first hit an ACL, or
-		--acls was passed explicitly */
+    acl = perms2acl (st->stat.st_mode);
 
   if (!acl)
     {
Commit	Line	Data
39d1dc12 EK	1	Description: Do not set default acls when --acls flag is used
	2	Origin: http://git.savannah.gnu.org/cgit/tar.git/commit/?id=7fe7adcbb985e78aaf9f78051fa26167779be1f6
	3	Forwarded: not-needed
	4	Author: Pavel Raiskup <praiskup@redhat.com>
	5	Bug-Upstream: http://www.mail-archive.com/bug-tar@gnu.org/msg04355.html
	6	Bug-Debian: https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=819978
	7	Bug-PVE: https://bugzilla.proxmox.com/show_bug.cgi?id=928
	8
	9	acls: bugfix for default ACLs extraction
	10
	11	When --acls option is on (regardless of tarball contents or
	12	tarball format), we should explicitly set OR delete default ACLs
	13	for extracted directories. Prior to this update, we always
	14	created arbitrary default ACLs based standard file permissions.
	15
	16	* configure.ac (with_posix_acls): Check also for acl_free and
	17	acl_delete_def_file to mark IEEE 1003.1e ACLs as supported.
	18	* src/xattrs.c (acl_delete_def_file_at): New function.
	19	(xattrs__acls_set): Do not treat acls_option at all; Delete
	20	default ACLs if appropriate.
	21
	22	References:
	23	http://www.mail-archive.com/bug-tar@gnu.org/msg04355.html
	24	Thanks: Juan J. Martínez and Mark Steinborn
	25
	26	diff --git a/configure.ac b/configure.ac
	27	index 08bed2b..d393876 100644
	28	--- a/configure.ac
	29	+++ b/configure.ac
	30	@@ -74,7 +74,8 @@ AC_ARG_WITH([posix-acls],
	31	if test "x$with_posix_acls" != "xno"; then
	32	AC_CHECK_HEADERS(sys/acl.h,, [with_posix_acls=no])
	33	for tar_acl_func in acl_get_file acl_get_fd acl_set_file acl_set_fd \
	34	- acl_to_text acl_from_text; do \
	35	+ acl_to_text acl_from_text acl_delete_def_file \
	36	+ acl_free; do \
	37	test "x$with_posix_acls" = xno && break
	38	AC_SEARCH_LIBS([$tar_acl_func], [acl pacl], [], [with_posix_acls=no])
	39	done
	40	diff --git a/src/xattrs.c b/src/xattrs.c
	41	index dbaa209..307ee38 100644
	42	--- a/src/xattrs.c
	43	+++ b/src/xattrs.c
	44	@@ -61,6 +61,7 @@ static struct
	45	static acl_t acl_get_file_at (int, const char *, acl_type_t);
	46	static int acl_set_file_at (int, const char *, acl_type_t, acl_t);
	47	static int file_has_acl_at (int, char const , struct stat const );
	48	+static int acl_delete_def_file_at (int, char const *);
	49
	50	/* acl_get_file_at */
	51	#define AT_FUNC_NAME acl_get_file_at
	52	@@ -88,6 +89,17 @@ static int file_has_acl_at (int, char const , struct stat const );
	53	#undef AT_FUNC_POST_FILE_PARAM_DECLS
	54	#undef AT_FUNC_POST_FILE_ARGS
	55
	56	+/* acl_delete_def_file_at */
	57	+#define AT_FUNC_NAME acl_delete_def_file_at
	58	+#define AT_FUNC_F1 acl_delete_def_file
	59	+#define AT_FUNC_POST_FILE_PARAM_DECLS
	60	+#define AT_FUNC_POST_FILE_ARGS
	61	+#include "at-func.c"
	62	+#undef AT_FUNC_NAME
	63	+#undef AT_FUNC_F1
	64	+#undef AT_FUNC_POST_FILE_PARAM_DECLS
65	+#undef AT_FUNC_POST_FILE_ARGS
66	+
67	/* gnulib file_has_acl_at */
68	#define AT_FUNC_NAME file_has_acl_at
69	#define AT_FUNC_F1 file_has_acl
70	@@ -187,7 +199,8 @@ fixup_extra_acl_fields (char *ptr)
71	return ptr;
72	}
73
74	-/* "system.posix_acl_access" */
75	+/* Set the "system.posix_acl_access/system.posix_acl_default" extended
76	+ attribute. Called only when acls_option > 0. */
77	static void
78	xattrs__acls_set (struct tar_stat_info const *st,
79	char const *file_name, int type,
80	@@ -199,15 +212,23 @@ xattrs__acls_set (struct tar_stat_info const *st,
81	{
82	/* assert (strlen (ptr) == len); */
83	ptr = fixup_extra_acl_fields (ptr);
84	-
85	acl = acl_from_text (ptr);
86	- acls_option = 1;
87	}
88	- else if (acls_option > 0)
89	- acl = perms2acl (st->stat.st_mode);
90	+ else if (def)
91	+ {
92	+ /* No "default" IEEE 1003.1e ACL set for directory. At this moment,
93	+ FILE_NAME may already have inherited default acls from parent
94	+ directory; clean them up. */
95	+ if (acl_delete_def_file_at (chdir_fd, file_name))
96	+ WARNOPT (WARN_XATTR_WRITE,
97	+ (0, errno,
98	+ _("acl_delete_def_file_at: Cannot drop default POSIX ACLs "
99	+ "for file '%s'"),
100	+ file_name));
101	+ return;
102	+ }
103	else
104	- return; /* don't call acl functions unless we first hit an ACL, or
105	- --acls was passed explicitly */
106	+ acl = perms2acl (st->stat.st_mode);
107
108	if (!acl)
109	{