From 593b48b7d98ffc2973cd43bf64b7a16f259fcfa0 Mon Sep 17 00:00:00 2001
From: Nathan Scott <nathans@sgi.com>
Date: Wed, 14 Jan 2004 02:32:27 +0000
Subject: Extended attribute updates mainly from Andreas Gruenbacher.

---
 VERSION                  |  2 +-
 attr/attr.c              | 20 +++++++++++++-------
 debian/changelog         |  4 ++--
 doc/CHANGES              |  7 +++++++
 include/attributes.h     |  7 ++++---
 libattr/attr_copy_file.c | 10 +++++-----
 libattr/libattr.c        |  3 +++
 man/man5/attr.5          |  5 ++---
 8 files changed, 37 insertions(+), 21 deletions(-)

diff --git a/VERSION b/VERSION
index 6697223..91884f5 100644
--- a/VERSION
+++ b/VERSION
@@ -3,5 +3,5 @@
 #
 PKG_MAJOR=2
 PKG_MINOR=4
-PKG_REVISION=13
+PKG_REVISION=14
 PKG_BUILD=1
diff --git a/attr/attr.c b/attr/attr.c
index 79d21aa..d468de0 100644
--- a/attr/attr.c
+++ b/attr/attr.c
@@ -1,5 +1,5 @@
 /*
- * Copyright (c) 2000-2002 Silicon Graphics, Inc.  All Rights Reserved.
+ * Copyright (c) 2000-2002,2004 Silicon Graphics, Inc.  All Rights Reserved.
  * 
  * This program is free software; you can redistribute it and/or modify it
  * under the terms of version 2 of the GNU General Public License as
@@ -54,9 +54,9 @@ void
 usage(void)
 {
 	fprintf(stderr, _(
-"Usage: %s [-LRq] -s attrname [-V attrvalue] pathname  # set value\n"
-"       %s [-LRq] -g attrname pathname                 # get value\n"
-"       %s [-LRq] -r attrname pathname                 # remove attr\n"
+"Usage: %s [-LRSq] -s attrname [-V attrvalue] pathname  # set value\n"
+"       %s [-LRSq] -g attrname pathname                 # get value\n"
+"       %s [-LRSq] -r attrname pathname                 # remove attr\n"
 "      -s reads a value from stdin and -g writes a value to stdout\n"),
 		progname, progname, progname);
 	exit(1);
@@ -67,7 +67,7 @@ main(int argc, char **argv)
 {
 	char *attrname, *attrvalue, *filename;
 	int attrlength;
-	int opflag, ch, error, follow, verbose, rootflag;
+	int opflag, ch, error, follow, verbose, rootflag, secureflag;
 
 	progname = basename(argv[0]);
 
@@ -80,9 +80,9 @@ main(int argc, char **argv)
 	 * Pick up and validate the arguments.
 	 */
 	verbose = 1;
-	follow = opflag = rootflag = 0;
+	follow = opflag = rootflag = secureflag = 0;
 	attrname = attrvalue = NULL;
-	while ((ch = getopt(argc, argv, "s:V:g:r:qLR")) != EOF) {
+	while ((ch = getopt(argc, argv, "s:V:g:r:qLRS")) != EOF) {
 		switch (ch) {
 		case 's':
 			if ((opflag != 0) && (opflag != SETOP)) {
@@ -126,6 +126,9 @@ main(int argc, char **argv)
 		case 'R':
 			rootflag++;
 			break;
+		case 'S':
+			secureflag++;
+			break;
 		case 'q':
 			verbose = 0;
 			break;
@@ -161,6 +164,7 @@ main(int argc, char **argv)
 		error = attr_set(filename, attrname, attrvalue,
 					   attrlength,
 					   (!follow ? ATTR_DONTFOLLOW : 0) |
+					   (secureflag ? ATTR_SECURE : 0) |
 					   (rootflag ? ATTR_ROOT : 0));
 		if (error) {
 			perror("attr_set");
@@ -186,6 +190,7 @@ main(int argc, char **argv)
 		error = attr_get(filename, attrname, attrvalue,
 					   &attrlength,
 					   (!follow ? ATTR_DONTFOLLOW : 0) |
+					   (secureflag ? ATTR_SECURE : 0) |
 					   (rootflag ? ATTR_ROOT : 0));
 		if (error) {
 			perror("attr_get");
@@ -206,6 +211,7 @@ main(int argc, char **argv)
 	case REMOVEOP:
 		error = attr_remove(filename, attrname,
 					      (!follow ? ATTR_DONTFOLLOW : 0) |
+					      (secureflag ? ATTR_SECURE : 0) |
 					      (rootflag ? ATTR_ROOT : 0));
 		if (error) {
 			perror("attr_remove");
diff --git a/debian/changelog b/debian/changelog
index 952746d..0d366af 100644
--- a/debian/changelog
+++ b/debian/changelog
@@ -1,8 +1,8 @@
-attr (2.4.13-1) unstable; urgency=low
+attr (2.4.14-1) unstable; urgency=low
 
   * New upstream release
 
- -- Nathan Scott <nathans@debian.org>  Tue, 06 Jan 2004 12:08:38 +1100
+ -- Nathan Scott <nathans@debian.org>  Wed, 14 Jan 2004 08:56:40 +1100
 
 attr (2.4.12-1) unstable; urgency=low
 
diff --git a/doc/CHANGES b/doc/CHANGES
index a7f0a3e..385a15f 100644
--- a/doc/CHANGES
+++ b/doc/CHANGES
@@ -1,3 +1,10 @@
+attr-2.4.14 (14 January 2004)
+	- When attr_copy_file is used on a symlink, process the
+	  symlink instead of the file the symlink points to.
+	- Improve wording in attr(5) man page.
+	- Add the security namespace into the attr(1) command and
+	  libattr IRIX-compatibility code for XFS commands to use.
+
 attr-2.4.13 (06 January 2004)
 	- Fix a permission bug in directory tree walking code.
 
diff --git a/include/attributes.h b/include/attributes.h
index b3d3077..2731da6 100644
--- a/include/attributes.h
+++ b/include/attributes.h
@@ -1,5 +1,5 @@
 /*
- * Copyright (c) 2001-2002 Silicon Graphics, Inc.  All Rights Reserved.
+ * Copyright (c) 2001-2002,2004 Silicon Graphics, Inc.  All Rights Reserved.
  * 
  * This program is free software; you can redistribute it and/or modify it
  * under the terms of version 2.1 of the GNU Lesser General Public License
@@ -39,7 +39,7 @@ extern "C" {
 
 /*
  *	An almost-IRIX-compatible extended attributes API
- *	(the IRIX attribute "list" operation is missing).
+ *	(the IRIX attribute "list" operation is missing, added ATTR_SECURE).
  */
 
 /*
@@ -55,9 +55,10 @@ extern "C" {
  * All desired flags should be bit-wise OR'ed together.
  */
 #define ATTR_DONTFOLLOW	0x0001	/* do not follow symlinks for a pathname */
-#define ATTR_ROOT	0x0002	/* use root-defined attrs in op, not user */
+#define ATTR_ROOT	0x0002	/* use root namespace attributes in op */
 #define ATTR_TRUST	0x0004	/* tell server we can be trusted to properly
 				   handle extended attributes */
+#define ATTR_SECURE	0x0008	/* use security namespace attributes in op */
 
 /*
  * Additional flags that can be used with the set() attribute call.
diff --git a/libattr/attr_copy_file.c b/libattr/attr_copy_file.c
index ad0045d..858e70a 100644
--- a/libattr/attr_copy_file.c
+++ b/libattr/attr_copy_file.c
@@ -71,7 +71,7 @@ attr_copy_file(const char *src_path, const char *dst_path,
 	if (check == NULL)
 		check = attr_copy_check_permissions;
 
-	size = listxattr (src_path, NULL, 0);
+	size = llistxattr (src_path, NULL, 0);
 	if (size < 0) {
 		if (errno != ENOSYS && errno != ENOTSUP) {
 			const char *qpath = quote (ctx, src_path);
@@ -87,7 +87,7 @@ attr_copy_file(const char *src_path, const char *dst_path,
 		ret = -1;
 		goto getout;
 	}
-	size = listxattr (src_path, names, size);
+	size = llistxattr (src_path, names, size);
 	if (size < 0) {
 		const char *qpath = quote (ctx, src_path);
 		error (ctx, _("listing attributes of %s"), qpath);
@@ -107,7 +107,7 @@ attr_copy_file(const char *src_path, const char *dst_path,
 		if (!*name || !check(name, ctx))
 			continue;
 
-		size = getxattr (src_path, name, NULL, 0);
+		size = lgetxattr (src_path, name, NULL, 0);
 		if (size < 0) {
 			const char *qpath = quote (ctx, src_path);
 			const char *qname = quote (ctx, name);
@@ -124,7 +124,7 @@ attr_copy_file(const char *src_path, const char *dst_path,
 			error (ctx, "");
 			ret = -1;
 		}
-		size = getxattr (src_path, name, value, size);
+		size = lgetxattr (src_path, name, value, size);
 		if (size < 0) {
 			const char *qpath = quote (ctx, src_path);
 			const char *qname = quote (ctx, name);
@@ -134,7 +134,7 @@ attr_copy_file(const char *src_path, const char *dst_path,
 			quote_free (ctx, qpath);
 			ret = -1;
 		}
-		if (setxattr (dst_path, name, value, size, 0) != 0)
+		if (lsetxattr (dst_path, name, value, size, 0) != 0)
 		{
 			const char *qpath = quote (ctx, dst_path);
 			if (errno == ENOSYS) {
diff --git a/libattr/libattr.c b/libattr/libattr.c
index 9b1a810..34a96c3 100644
--- a/libattr/libattr.c
+++ b/libattr/libattr.c
@@ -50,6 +50,7 @@ static int
 api_convert(char *name, const char *irixname, int irixflags, int compat)
 {
 	static const char *user_name = "user.";
+	static const char *secure_name = "security.";
 	static const char *trusted_name = "trusted.";
 	static const char *xfsroot_name = "xfsroot.";
 
@@ -62,6 +63,8 @@ api_convert(char *name, const char *irixname, int irixflags, int compat)
 			strcpy(name, xfsroot_name);
 		else
 			strcpy(name, trusted_name);
+	} else if (irixflags & ATTR_SECURE) {
+		strcpy(name, secure_name);
 	} else {
 		strcpy(name, user_name);
 	}
diff --git a/man/man5/attr.5 b/man/man5/attr.5
index 1e7a495..b2d69e9 100644
--- a/man/man5/attr.5
+++ b/man/man5/attr.5
@@ -70,14 +70,13 @@ attributes are defined by the file permission bits.
 The file permission bits of regular files and directories are
 interpreted differently from the file permission bits of special files
 and symbolic links. For regular files and directories the file
-permission bits define access to the file's contents, while for special
+permission bits define access to the file's contents, while for device special
 files they define access to the device described by the special file.
 The file permissions of symbolic links are not used in access
 checks. These differences would allow users to consume filesystem resources in
 a way not controllable by disk quotas for group or world writable special files and directories.
 .PP
-For this reason, extended user attributes are disallowed for symbolic links and
-special files, and access to extended user attributes is restricted to the
+For this reason, extended user attributes are only allowed for regular files and directories, and access to extended user attributes is restricted to the
 owner and to users with appropriate capabilities for directories with the
 sticky bit set (see the
 .BR chmod (1)
-- 
cgit v1.2.3