1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
114
115
116
117
118
119
120
121
122
123
124
125
126
127
128
129
130
131
132
133
134
135
136
137
138
139
140
141
142
143
144
145
146
147
148
149
150
151
152
153
154
155
156
157
158
159
160
161
162
163
164
165
166
167
|
/* A more POSIX-compliant fchownat
This serves as replacement for a missing fchownat function,
as well as a workaround for the fchownat bug in glibc-2.4:
<https://lists.ubuntu.com/archives/ubuntu-users/2006-September/093218.html>
when the buggy fchownat-with-AT_SYMLINK_NOFOLLOW operates on a symlink, it
mistakenly affects the symlink referent, rather than the symlink itself.
Copyright (C) 2006-2007, 2009-2026 Free Software Foundation, Inc.
This program is free software: you can redistribute it and/or modify
it under the terms of the GNU General Public License as published by
the Free Software Foundation, either version 3 of the License, or
(at your option) any later version.
This program is distributed in the hope that it will be useful,
but WITHOUT ANY WARRANTY; without even the implied warranty of
MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
GNU General Public License for more details.
You should have received a copy of the GNU General Public License
along with this program. If not, see <https://www.gnu.org/licenses/>. */
/* written by Jim Meyering */
#include <config.h>
/* Specification. */
#include <unistd.h>
#include <errno.h>
#include <stdlib.h>
#include <string.h>
#include <sys/stat.h>
#include "openat.h"
#include "stat-time.h"
#ifndef CHOWN_CHANGE_TIME_BUG
# define CHOWN_CHANGE_TIME_BUG 0
#endif
#ifndef CHOWN_TRAILING_SLASH_BUG
# define CHOWN_TRAILING_SLASH_BUG 0
#endif
#ifndef FCHOWNAT_EMPTY_FILENAME_BUG
# define FCHOWNAT_EMPTY_FILENAME_BUG 0
#endif
/* Gnulib target platforms lacking utimensat do not need it,
because in practice the bug it works around does not occur. */
#if !HAVE_UTIMENSAT
# undef utimensat
# define utimensat(fd, file, times, flag) \
((void) (fd), (void) (file), (void) (times), (void) (flag), \
0)
#endif
#if !HAVE_FCHOWNAT
/* Replacement for Solaris' function by the same name.
Invoke chown or lchown on file, FILE, using OWNER and GROUP, in the
directory open on descriptor FD. If FLAG is AT_SYMLINK_NOFOLLOW, then
use lchown, otherwise, use chown. If possible, do it without changing
the working directory. Otherwise, resort to using save_cwd/fchdir,
then (chown|lchown)/restore_cwd. If either the save_cwd or the
restore_cwd fails, then give a diagnostic and exit nonzero. */
# define AT_FUNC_NAME fchownat
# define AT_FUNC_F1 lchown
# define AT_FUNC_F2 chown
# define AT_FUNC_USE_F1_COND AT_SYMLINK_NOFOLLOW
# define AT_FUNC_POST_FILE_PARAM_DECLS , uid_t owner, gid_t group, int flag
# define AT_FUNC_POST_FILE_ARGS , owner, group
# include "at-func.c"
# undef AT_FUNC_NAME
# undef AT_FUNC_F1
# undef AT_FUNC_F2
# undef AT_FUNC_USE_F1_COND
# undef AT_FUNC_POST_FILE_PARAM_DECLS
# undef AT_FUNC_POST_FILE_ARGS
#else /* HAVE_FCHOWNAT */
# undef fchownat
# if FCHOWNAT_NOFOLLOW_BUG
/* Failure to handle AT_SYMLINK_NOFOLLOW requires the /proc/self/fd or
fchdir workaround to call lchown for lchownat, but there is no need
to penalize chownat. */
static int
local_lchownat (int fd, char const *file, uid_t owner, gid_t group);
# define AT_FUNC_NAME local_lchownat
# define AT_FUNC_F1 lchown
# define AT_FUNC_POST_FILE_PARAM_DECLS , uid_t owner, gid_t group
# define AT_FUNC_POST_FILE_ARGS , owner, group
# include "at-func.c"
# undef AT_FUNC_NAME
# undef AT_FUNC_F1
# undef AT_FUNC_POST_FILE_PARAM_DECLS
# undef AT_FUNC_POST_FILE_ARGS
# endif
/* Work around bugs with trailing slash, using the same workarounds as
chown and lchown. */
int
rpl_fchownat (int fd, char const *file, uid_t owner, gid_t group, int flag)
{
/* No need to worry about CHOWN_FAILS_TO_HONOR_ID_OF_NEGATIVE_ONE
or CHOWN_MODIFIES_SYMLINK, as no known fchownat implementations
have these bugs. */
if (FCHOWNAT_EMPTY_FILENAME_BUG && file[0] == '\0')
{
errno = ENOENT;
return -1;
}
bool trailing_slash_check = (CHOWN_TRAILING_SLASH_BUG
&& file[0] && file[strlen (file) - 1] == '/');
if (trailing_slash_check)
flag &= ~AT_SYMLINK_NOFOLLOW;
# if FCHOWNAT_NOFOLLOW_BUG
if (flag == AT_SYMLINK_NOFOLLOW)
return local_lchownat (fd, file, owner, group);
# endif
struct stat st;
gid_t no_gid = -1;
uid_t no_uid = -1;
bool gid_noop = group == no_gid;
bool uid_noop = owner == no_uid;
bool change_time_check = CHOWN_CHANGE_TIME_BUG && !(gid_noop & uid_noop);
if (change_time_check | trailing_slash_check)
{
int r = fstatat (fd, file, &st, flag);
/* EOVERFLOW means the file exists, which is all that the
trailing slash check needs. */
if (r < 0 && (change_time_check || errno != EOVERFLOW))
return r;
}
int result = fchownat (fd, file, owner, group, flag);
/* If no change in ownership, but at least one argument was not -1,
update ctime indirectly via a no-change update to atime and mtime.
Do not use UTIME_NOW or UTIME_OMIT as they might run into bugs
on some platforms. Do not communicate any failure to the caller
as that would be worse than communicating the ownership change. */
if (result == 0 && change_time_check
&& (((owner == st.st_uid) | uid_noop)
& ((group == st.st_gid) | gid_noop)))
utimensat (fd, file,
((struct timespec[]) { get_stat_atime (&st),
get_stat_mtime (&st) }),
flag);
return result;
}
#endif /* HAVE_FCHOWNAT */
|
