Login
[x]
Log in using an account from:
Fedora Account System
Red Hat Associate
Red Hat Customer
Or login using a Red Hat Bugzilla account
Forgot Password
Login:
Hide Forgot
Create an Account
Red Hat Bugzilla – Attachment 849828 Details for
Bug 1052876
Handling of ACLs
[?]
New
Simple Search
Advanced Search
My Links
Browse
Requests
Reports
Current State
Search
Tabular reports
Graphical reports
Duplicates
Other Reports
User Changes
Plotly Reports
Bug Status
Bug Severity
Non-Defaults
|
Product Dashboard
Help
Page Help!
Bug Writing Guidelines
What's new
Browser Support Policy
5.0.4.rh83 Release notes
FAQ
Guides index
User guide
Web Services
Contact
Legal
This site requires JavaScript to be enabled to function correctly, please enable it.
[patch]
Suggested patch series
tar-acl-patches.tar (text/plain), 30.00 KB, created by
M. Steinborn
on 2014-01-14 09:43:32 UTC
(
hide
)
Description:
Suggested patch series
Filename:
MIME Type:
Creator:
M. Steinborn
Created:
2014-01-14 09:43:32 UTC
Size:
30.00 KB
patch
obsolete
>./PaxHeaders.5915/0001-tar-extract-should-use-the-4th-field-discussed-in-po.patch0000644000076400007640000000013212265177420025466 xustar000000000000000030 mtime=1389690640.343000015 >30 atime=1389692288.344000018 >30 ctime=1389690640.343000015 >0001-tar-extract-should-use-the-4th-field-discussed-in-po.patch0000664000076400007640000001556212265177420026114 0ustar00msteinbomsteinbo00000000000000From 74404fc636a267940e1e853a2dd9fc67f4045844 Mon Sep 17 00:00:00 2001 >From: Markus Steinborn <gnugv_maintainer@yahoo.de> >Date: Tue, 17 Dec 2013 21:26:21 +0100 >Subject: [PATCH 1/5] tar extract should use the 4th field (discussed in point > 2) in presence of "-numeric-owner". > >This together with point (2) enabled users to restore an backup created >without numeric owner option on a clean hard disc without passwd entries for >the users (let's assume that /etc/passwd is contained in the archive so the >operation makes sense). >--- > src/xattrs.c | 256 +++++++++++++++++++++++++++++++++++++++++++++++++++++++++-- > 1 file changed, 251 insertions(+), 5 deletions(-) > >diff --git a/src/xattrs.c b/src/xattrs.c >index dac15f3..ddd75a9 100644 >--- a/src/xattrs.c >+++ b/src/xattrs.c >@@ -179,7 +179,7 @@ fixup_extra_acl_fields (char *ptr) > src += strcspn (src, "\n,"); > > if ((*src == '\n') || (*src == ',')) >- *dst++ = *src++; /* also done when dst == src, but that's ok */ >+ *(dst++) = *src++; /* also done when dst == src, but that's ok */ > } > if (src != dst) > *dst = 0; >@@ -187,6 +187,252 @@ fixup_extra_acl_fields (char *ptr) > return ptr; > } > >+void acl_check_ids(char* acltext, char* infotext) >+{ >+ int state = 1; >+ char *src = acltext; >+ char *dst = infotext; >+ char username[100], acc[4], userid[20]; >+ char *tmp = 0; >+ >+ >+ while (1) >+ { >+ if (state == 1) >+ { >+ switch (*src) >+ { >+ case ' ': >+ case 13: >+ case 10: >+ break; >+ >+ case '#': >+ state = 5; >+ break; >+ >+ case 'u': >+ state = 2; >+ *(dst++) = 'u'; >+ break; >+ case 'g': >+ state = 3; >+ *(dst++) = 'g'; >+ break; >+ case 'o': >+ state = 4; >+ *(dst++) = 'o'; >+ break; >+ case 'm': >+ state = 22; >+ *(dst++) = 'm'; >+ break; >+ default: >+ state = 0; >+ } >+ } >+ else if (state == 5) >+ { >+ if (*src == 13) state = 1; >+ else if (*src == 0) { state = 20; *tmp = 0; continue; } >+ } >+ >+ else if (state == 2) >+ { >+ if (*src == ':') { state = 17; *(dst++) = ':'; *username=0; *acc=0; *userid=0; tmp=username; } >+ else if (*src == 's') state = 6; >+ else state = 0; >+ } >+ else if (state == 6) >+ { >+ if (*src == 'e') state = 7; >+ else state = 0; >+ } >+ else if (state == 7) >+ { >+ if (*src == 'r') state = 8; >+ else state = 0; >+ } >+ else if (state == 8) >+ { >+ if (*src == ':') { state = 17; *(dst++) = ':'; *username=0; *acc=0; *userid=0; tmp=username; } >+ else state = 0; >+ } >+ >+ else if (state == 3) >+ { >+ if (*src == ':') { state = 17; *(dst++) = ':'; *username=0; *acc=0; *userid=0; tmp=username; } >+ else if (*src == 'r') state = 9; >+ else state = 0; >+ } >+ else if (state == 9) >+ { >+ if (*src == 'o') state = 10; >+ else state = 0; >+ } >+ else if (state == 10) >+ { >+ if (*src == 'u') state = 11; >+ else state = 0; >+ } >+ else if (state == 11) >+ { >+ if (*src == 'p') state = 12; >+ else state = 0; >+ } >+ else if (state == 12) >+ { >+ if (*src == ':') { state = 17; *(dst++) = ':'; *username=0; *acc=0; *userid=0; tmp=username; } >+ else state = 0; >+ } >+ >+ else if (state == 4) >+ { >+ if (*src == ':') { state = 17; *(dst++) = ':'; *username=0; *acc=0; *userid=0; tmp=username; } >+ else if (*src == 't') state = 13; >+ else state = 0; >+ } >+ else if (state == 13) >+ { >+ if (*src == 'h') state = 14; >+ else state = 0; >+ } >+ else if (state == 14) >+ { >+ if (*src == 'e') state = 15; >+ else state = 0; >+ } >+ else if (state == 15) >+ { >+ if (*src == 'r') state = 16; >+ else state = 0; >+ } >+ else if (state == 16) >+ { >+ if (*src == ':') { state = 17; *(dst++) = ':'; *username=0; *acc=0; *userid=0; tmp=username; } >+ else state = 0; >+ } >+ >+ else if (state == 22) >+ { >+ if (*src == ':') { state = 17; *(dst++) = ':'; *username=0; *acc=0; *userid=0; tmp=username; } >+ else if (*src == 'a') state = 23; >+ else state = 0; >+ } >+ else if (state == 23) >+ { >+ if (*src == 's') state = 24; >+ else state = 0; >+ } >+ else if (state == 24) >+ { >+ if (*src == 'k') state = 25; >+ else state = 0; >+ } >+ else if (state == 25) >+ { >+ if (*src == ':') { state = 17; *(dst++) = ':'; *username=0; *acc=0; *userid=0; tmp=username; } >+ else state = 0; >+ } >+ >+ /* 2nd field */ >+ else if (state == 17) >+ { >+ if (*src == ':') { state = 18; *tmp = 0; tmp = acc; } >+ else if (*src == 0) { state = 0; *tmp = 0; } >+ else *(tmp++) = *src; >+ } >+ >+ /* 3rd field */ >+ else if (state == 18) >+ { >+ if (*src == ' ') { state = 20; *tmp = 0; } >+ else if (*src == '\n') { state = 20; *tmp = 0; } >+ else if (*src == ',') { state = 20; *tmp = 0; } >+ else if (*src == ':') { state = 19; *tmp = 0; tmp = userid; } >+ else if (*src == 0) { state = 20; *tmp = 0; continue; } >+ else *(tmp++) = *src; >+ } >+ >+ /* 4th field */ >+ else if (state == 19) >+ { >+ if (*src == ' ') { state = 20; *tmp = 0; } >+ else if (*src == '\n') { state = 20; *tmp = 0; } >+ else if (*src == ',') { state = 20; *tmp = 0; } >+ else if (*src == ':') { state = 20; *tmp = 0; } >+ else if (*src == 0) { state = 20; *tmp = 0; continue; } >+ else *(tmp++) = *src; >+ } >+ >+ /* End of "line" */ >+ else if (state == 20) >+ { >+ state = 21; >+ if ( numeric_owner_option && *userid ) >+ tmp = userid; >+ else >+ tmp = username; >+ while (*tmp) *(dst++) = *(tmp++); >+ *(dst++) = ':'; >+ tmp = acc; >+ while (*tmp) *(dst++) = *(tmp++); >+ continue; >+ } >+ >+ else if (state == 21) >+ { >+ switch (*src) >+ { >+ case ' ': >+ case 13: >+ case 10: >+ break; >+ >+ case '#': >+ state = 5; >+ break; >+ >+ case 'u': >+ state = 2; >+ *(dst++) = ','; >+ *(dst++) = 'u'; >+ break; >+ case 'g': >+ state = 3; >+ *(dst++) = ','; >+ *(dst++) = 'g'; >+ break; >+ case 'o': >+ state = 4; >+ *(dst++) = ','; >+ *(dst++) = 'o'; >+ break; >+ case 'm': >+ state = 22; >+ *(dst++) = ','; >+ *(dst++) = 'm'; >+ break; >+ >+ case 0: >+ break; >+ >+ default: >+ state = 0; >+ } >+ } >+ >+ if (!state || !*src) >+ break; >+ else >+ ++src; >+ } >+ >+ *dst = 0; >+ if (!state) >+ *infotext = 0; >+} >+ > /* "system.posix_acl_access" */ > static void > xattrs__acls_set (struct tar_stat_info const *st, >@@ -197,10 +443,10 @@ xattrs__acls_set (struct tar_stat_info const *st, > > if (ptr) > { >- /* assert (strlen (ptr) == len); */ >- ptr = fixup_extra_acl_fields (ptr); >- >- acl = acl_from_text (ptr); >+ char* tmp = malloc(len+1); >+ acl_check_ids(ptr,tmp); >+ acl = acl_from_text (tmp); >+ free(tmp); > acls_option = 1; > } > else if (acls_option > 0) >-- >1.8.4 > >./PaxHeaders.5915/0002-tar-archive-creation-without-numeric-owner-option.patch0000644000076400007640000000013212265177420025411 xustar000000000000000030 mtime=1389690640.346000015 >30 atime=1389692288.347000033 >30 ctime=1389690640.346000015 >0002-tar-archive-creation-without-numeric-owner-option.patch0000664000076400007640000001375612265177420026042 0ustar00msteinbomsteinbo00000000000000From 14829681675d9d984c368515dc63989e74f23a28 Mon Sep 17 00:00:00 2001 >From: Markus Steinborn <gnugv_maintainer@yahoo.de> >Date: Sun, 6 Oct 2013 11:50:07 +0200 >Subject: [PATCH 2/5] tar archive creation without "--numeric-owner" option > >In GNU tar 1.26, for every file the owner is stored both, symbolic and >numeric. I would expect that ACLs are stored in both ways, too. star shows >us how to do that: > >star stores the numeric owner in a forth field of an acl: >(e.g. "u:msteinbo:rwx:500"). > >ACLs: tar archive creation with "--numeric-owner" option > >In this case, users are expectiing that the archive does not contain any >symbolic owner name, so it can be extracted to an emoty hard disc on a >--- > src/xattrs.c | 202 ++++++++++++++++++++++++++++++++++++++++++++++++++++++++++- > 1 file changed, 200 insertions(+), 2 deletions(-) > >diff --git a/src/xattrs.c b/src/xattrs.c >index ddd75a9..a66c491 100644 >--- a/src/xattrs.c >+++ b/src/xattrs.c >@@ -53,6 +53,7 @@ static struct > #ifdef HAVE_POSIX_ACLS > # include "acl.h" > # include <sys/acl.h> >+# include <acl/libacl.h> > #endif > > #ifdef HAVE_POSIX_ACLS >@@ -471,12 +472,179 @@ xattrs__acls_set (struct tar_stat_info const *st, > acl_free (acl); > } > >+bool name2uid(char *name, unsigned long *uidp) >+{ >+ struct passwd *pw; >+ >+ if (!*name) >+ return false; >+ >+ if ((pw = getpwnam(name)) != NULL) { >+ *uidp = pw->pw_uid; >+ return true; >+ } else { >+ *uidp = 0; >+ return false; >+ } >+} >+ >+bool name2gid(char* name, unsigned long *gidp) >+{ >+ struct group *gr; >+ >+ if (!*name) >+ return false; >+ >+ if ((gr = getgrnam(name)) != NULL) { >+ *gidp = gr->gr_gid; >+ return true; >+ } else { >+ *gidp = 0; >+ return false; >+ } >+} >+ >+static bool acl_add_ids(char* acltext, char** retInfotext) >+{ >+ int ret, dstlen; >+ char *tmp, *tmp2, *src, *dst; >+ tmp = malloc( 1+strlen(acltext) ); >+ acl_check_ids( acltext, tmp ); >+ src=tmp; >+ >+ dstlen = 1024; >+ dst=tmp2=malloc(dstlen); >+ >+ while (*src) >+ { >+ char *end, *end1, *f1, *f2, *f3, *tmpx; >+ int isNum, len; >+ end = src; >+ while (*end && *end != ',') >+ end++; >+ end1 = end; >+ if (*end) >+ *(end++) = 0; >+ f1 = src; >+ f2 = f1; >+ while (*f2 != ':') >+ f2++; >+ *f2 = 0; >+ f3 = ++f2; >+ while (*f3 != ':') >+ f3++; >+ *f3 = 0; >+ ++f3; >+ >+ isNum = 1; >+ tmpx = f2; >+ while (*tmpx) >+ { >+ if (*tmpx < '0' || *tmpx >'9') >+ isNum = 0; >+ tmpx++; >+ } >+ >+ if (isNum) >+ { >+ int size, si; >+ size = snprintf(dst, 0, "%s:%s:%s", f1, f2, f3); >+ si = (dst-tmp2) + size + 1; >+ >+ if ( si >= dstlen ) >+ { >+ int siz = dst-tmp2; >+ while (si >= dstlen) >+ dstlen *= 2; >+ >+ tmp2 = realloc(tmp2, dstlen); >+ dst = tmp2+siz; >+ } >+ >+ sprintf(dst, "%s:%s:%s", f1, f2, f3); >+ } >+ else >+ { >+ int f4 = 0; >+ int ok = 0; >+ >+ if (*f1 == 'u') >+ { >+ ok = name2uid(f2, &f4); >+ } >+ if (*f1 == 'g') >+ { >+ ok = name2gid(f2, &f4); >+ } >+ >+ if (ok) >+ { >+ int size, si; >+ >+ if (numeric_owner_option) >+ size = snprintf(dst, 0, "%s:%i:%s", f1, f4, f3); >+ else >+ size = snprintf(dst, 0, "%s:%s:%s:%i", f1, f2, f3, f4); >+ si = (dst-tmp2) + size + 1; >+ >+ if ( si >= dstlen ) >+ { >+ int siz = dst-tmp2; >+ while (si >= dstlen) >+ dstlen *= 2; >+ >+ tmp2 = realloc(tmp2, dstlen); >+ dst = tmp2+siz; >+ } >+ >+ if (numeric_owner_option) >+ sprintf(dst, "%s:%i:%s", f1, f4, f3); >+ else >+ sprintf(dst, "%s:%s:%s:%i", f1, f2, f3, f4); >+ } >+ else >+ { >+ int size, si; >+ size = snprintf(dst, 0, "%s:%s:%s", f1, f2, f3); >+ si = (dst-tmp2) + size + 1; >+ >+ if ( si >= dstlen ) >+ { >+ int siz = dst-tmp2; >+ while (si >= dstlen) >+ dstlen *= 2; >+ >+ tmp2 = realloc(tmp2, dstlen); >+ dst = tmp2+siz; >+ } >+ >+ sprintf(dst, "%s:%s:%s", f1, f2, f3); >+ } >+ } >+ dst +=strlen(dst); >+ if (end != end1) >+ *(dst++) = ','; >+ >+ src = end; >+ } >+ *dst = 0; >+ >+ free(tmp); >+ *retInfotext = strdup(tmp2); >+ free(tmp2); >+ return true; >+} >+ > static void > xattrs__acls_get_a (int parentfd, const char *file_name, > struct tar_stat_info *st, > char **ret_ptr, size_t * ret_len) > { > char *val = NULL; >+ char* text; >+ char* c; >+ void* toFree = 0; >+ > ssize_t len; > acl_t acl; > >@@ -487,7 +655,18 @@ xattrs__acls_get_a (int parentfd, const char *file_name, > return; > } > >- val = acl_to_text (acl, &len); >+ text = acl_to_text(acl, &len); >+ if (text) >+ { >+ if (!acl_add_ids(text, &val)) { >+ acl_free((acl_t)text); >+ *ret_ptr = 0; >+ *ret_len = 0; >+ return; >+ } >+ acl_free(text); >+ len = strlen(val); >+ } > acl_free (acl); > > if (!val) >@@ -496,6 +675,8 @@ xattrs__acls_get_a (int parentfd, const char *file_name, > return; > } > >+ len = strlen(val); >+ > *ret_ptr = xstrdup (val); > *ret_len = len; > >@@ -509,6 +690,10 @@ xattrs__acls_get_d (int parentfd, char const *file_name, > char **ret_ptr, size_t * ret_len) > { > char *val = NULL; >+ char* text; >+ char* c; >+ void* toFree = 0; >+ > ssize_t len; > acl_t acl; > >@@ -519,7 +704,18 @@ xattrs__acls_get_d (int parentfd, char const *file_name, > return; > } > >- val = acl_to_text (acl, &len); >+ text = acl_to_text(acl, &len); >+ if (text) >+ { >+ if (!acl_add_ids(text, &val)) { >+ acl_free((acl_t)text); >+ *ret_ptr = 0; >+ *ret_len = 0; >+ return; >+ } >+ acl_free(text); >+ len = strlen(val); >+ } > acl_free (acl); > > if (!val) >@@ -528,6 +724,8 @@ xattrs__acls_get_d (int parentfd, char const *file_name, > return; > } > >+ len = strlen(val); >+ > *ret_ptr = xstrdup (val); > *ret_len = len; > >-- >1.8.4 > >./PaxHeaders.5915/0003-Do-not-store-filesystem-dependent-xattrs-i.e.-ACLs-e.patch0000644000076400007640000000013212265177420025300 xustar000000000000000030 mtime=1389690640.354000015 >30 atime=1389692288.347000033 >30 ctime=1389690640.354000015 >0003-Do-not-store-filesystem-dependent-xattrs-i.e.-ACLs-e.patch0000664000076400007640000000574312265177420025726 0ustar00msteinbomsteinbo00000000000000From 70e0943d0b3cdc63ebab4a5bf3e0dca422f1ae23 Mon Sep 17 00:00:00 2001 >From: Markus Steinborn <gnugv_maintainer@yahoo.de> >Date: Tue, 17 Dec 2013 15:26:17 +0100 >Subject: [PATCH 3/5] Do not store filesystem dependent xattrs (i.e. ACLs etc) > >--- > src/tar.c | 4 +++- > src/xattrs.c | 9 +++++++++ > src/xheader.c | 11 ++++++++++- > 3 files changed, 22 insertions(+), 2 deletions(-) > >diff --git a/src/tar.c b/src/tar.c >index df6909b..b8e5b3c 100644 >--- a/src/tar.c >+++ b/src/tar.c >@@ -2061,7 +2061,9 @@ parse_opt (int key, char *arg, struct argp_state *state) > break; > > case XATTR_OPTION: >- set_xattr_option (1); >+ set_archive_format ("posix"); >+ xattrs_option = xattrs_option >= 0 && xattrs_option < 3 ? xattrs_option+1 : >+ xattrs_option < 0 ? 1 : xattrs_option; > break; > > case NO_XATTR_OPTION: >diff --git a/src/xattrs.c b/src/xattrs.c >index a66c491..f5155aa 100644 >--- a/src/xattrs.c >+++ b/src/xattrs.c >@@ -903,6 +903,14 @@ xattrs_xattrs_get (int parentfd, char const *file_name, > size_t len = strlen (attr); > ssize_t aret = 0; > >+ if (strncmp (attr, "user.", strlen("user.")) && >+ strncmp (attr, "trusted.", strlen("trusted.")) && >+ strncmp (attr, "lustre.", strlen("lustre.")) && >+ (xattrs_option != 2 || strncmp (attr, "security.", strlen("security."))) && >+ xattrs_option != 3 >+ ) >+ goto next_attr; /* only store normal xattrs */ >+ > /* Archive all xattrs during creation, decide at extraction time > * which ones are of interest/use for the target filesystem. */ > while (((fd == 0) >@@ -920,6 +928,7 @@ xattrs_xattrs_get (int parentfd, char const *file_name, > call_arg_warn ((fd == 0) ? "lgetxattrat" > : "fgetxattr", file_name); > >+next_attr: > attr += len + 1; > xret -= len + 1; > } >diff --git a/src/xheader.c b/src/xheader.c >index c8c54b6..f9eec91 100644 >--- a/src/xheader.c >+++ b/src/xheader.c >@@ -1778,7 +1778,16 @@ struct xhdr_tab const xhdr_tab[] = { > /* We are storing all extended attributes using this rule even if some of them > were stored by some previous rule (duplicates) -- we just have to make sure > they are restored *only once* during extraction later on. */ >- { "SCHILY.xattr", xattr_coder, xattr_decoder, 0, true }, >+ >+ /* xattrs use the star format. note we only save some variants... */ >+ { "SCHILY.xattr.user", xattr_coder, xattr_decoder, 0, true }, >+ { "SCHILY.xattr.security", xattr_coder, xattr_decoder, 0, true }, >+ { "SCHILY.xattr.trusted", xattr_coder, xattr_decoder, 0, true }, >+ { "SCHILY.xattr.lustre", xattr_coder, xattr_decoder, 0, true }, >+// { "SCHILY.xattr.security.NTACL", xattr_coder, xattr_decoder, 0, true }, >+ >+ /* ignore everything else in the xattr namespaces... */ >+ { "SCHILY.xattr", dummy_coder, dummy_decoder, 0, true }, > > { NULL, NULL, NULL, 0, false } > }; >-- >1.8.4 > >
<b>You cannot view the attachment while viewing its details because your browser does not support IFRAMEs. <a href="attachment.cgi?id=849828">View the attachment on a separate page</a>.</b>
View Attachment As Diff
View Attachment As Raw
Actions:
View
|
Diff
Attachments on
bug 1052876
: 849828 |
1164879