- char *slash;
- mode_t tmp_mode; /* Initial perms for leading dirs. */
- bool re_protect; /* Should leading dirs be unwritable? */
- struct ptr_list
- {
- char *dirname_end;
- struct ptr_list *next;
- };
- struct ptr_list *p, *leading_dirs = NULL;
- bool do_chdir; /* Whether to chdir before each mkdir. */
- struct saved_cwd cwd;
- char *basename_dir;
- char *dir;
-
- /* Temporarily relax umask in case it's overly restrictive. */
- mode_t oldmask = umask (0);
-
- /* Make a copy of ARG that we can scribble NULs on. */
- dir = (char *) alloca (strlen (arg) + 1);
- strcpy (dir, arg);
- strip_trailing_slashes (dir);
-
- /* If leading directories shouldn't be writable or executable,
- or should have set[ug]id or sticky bits set and we are setting
- their owners, we need to fix their permissions after making them. */
- if (((parent_mode & WX_USR) != WX_USR)
- || ((owner != (uid_t) -1 || group != (gid_t) -1)
- && (parent_mode & (S_ISUID | S_ISGID | S_ISVTX)) != 0))
- {
- tmp_mode = S_IRWXU;
- re_protect = true;
- }
- else
- {
- tmp_mode = parent_mode;
- re_protect = false;
- }
-
- /* If we can record the current working directory, we may be able
- to do the chdir optimization. */
- do_chdir = (save_cwd (&cwd) == 0);
-
- /* If we've saved the cwd and DIR is an absolute file name,
- we must chdir to `/' in order to enable the chdir optimization.
- So if chdir ("/") fails, turn off the optimization. */
- if (do_chdir && dir[0] == '/')
- {
- /* POSIX says "//" might be special, so chdir to "//" if the
- file name starts with exactly two slashes. */
- char const *root = "//" + (dir[1] != '/' || dir[2] == '/');
- if (chdir (root) != 0)
- do_chdir = false;
- }
-
- slash = dir;
-
- /* Skip over leading slashes. */
- while (*slash == '/')
- slash++;
-
- while (1)
- {
- bool newly_created_dir;
-
- /* slash points to the leftmost unprocessed component of dir. */
- basename_dir = slash;
-
- slash = strchr (slash, '/');
- if (slash == NULL)
- break;
-
- /* If we're *not* doing chdir before each mkdir, then we have to refer
- to the target using the full (multi-component) directory name. */
- if (!do_chdir)
- basename_dir = dir;
-
- *slash = '\0';
- if (! make_dir (basename_dir, dir, tmp_mode, &newly_created_dir))
- {
- CLEANUP;
- return false;
- }
-
- if (newly_created_dir)
- {
- if (verbose_fmt_string)
- error (0, 0, verbose_fmt_string, quote (dir));
-
- if ((owner != (uid_t) -1 || group != (gid_t) -1)
- && chown (basename_dir, owner, group)
-#if defined AFS && defined EPERM
- && errno != EPERM
-#endif
- )
- {
- error (0, errno, _("cannot change owner and/or group of %s"),
- quote (dir));
- CLEANUP;
- return false;
- }
-
- if (re_protect)
- {
- struct ptr_list *new = (struct ptr_list *)
- alloca (sizeof *new);
- new->dirname_end = slash;
- new->next = leading_dirs;
- leading_dirs = new;
- }
- }
-
- /* If we were able to save the initial working directory,
- then we can use chdir to change into each directory before
- creating an entry in that directory. This avoids making
- stat and mkdir process O(n^2) file name components. */
- if (do_chdir && chdir (basename_dir) < 0)
- {
- error (0, errno, _("cannot chdir to directory %s"),
- quote (dir));
- CLEANUP;
- return false;
- }
-
- *slash++ = '/';
-
- /* Avoid unnecessary calls to `stat' when given
- file names containing multiple adjacent slashes. */
- while (*slash == '/')
- slash++;
- }
-
- if (!do_chdir)
- basename_dir = dir;
-
- /* Done creating leading directories. Restore original umask. */
- umask (oldmask);
-
- /* We're done making leading directories.
- Create the final component of the file name. */
-
- if (! make_dir (basename_dir, dir, mode, NULL))
- {
- CLEANUP;
- return false;
- }
-
- if (verbose_fmt_string != NULL)
- error (0, 0, verbose_fmt_string, quote (dir));
-
- if (owner != (uid_t) -1 || group != (gid_t) -1)
- {
- if (chown (basename_dir, owner, group)
-#ifdef AFS
- && errno != EPERM
-#endif
- )
- {
- error (0, errno, _("cannot change owner and/or group of %s"),
- quote (dir));
- retval = false;
- }
- }
-
- /* The above chown may have turned off some permission bits in MODE.
- Another reason we may have to use chmod here is that mkdir(2) is
- required to honor only the file permission bits. In particular,
- it need not honor the `special' bits, so if MODE includes any
- special bits, set them here. */
- if ((mode & ~S_IRWXUGO)
- && chmod (basename_dir, mode))
- {
- error (0, errno, _("cannot change permissions of %s"),
- quote (dir));
- retval = false;
- }
-
- CLEANUP_CWD;
-
- /* If the mode for leading directories didn't include owner "wx"
- privileges, we have to reset their protections to the correct
- value. */
- for (p = leading_dirs; p != NULL; p = p->next)
- {
- *(p->dirname_end) = '\0';
- if (chmod (dir, parent_mode) != 0)
- {
- error (0, errno, _("cannot change permissions of %s"),
- quote (dir));
- retval = false;
- }
- }
- }
- else
- {
- /* We get here if the file already exists. */
-
- char const *dir = arg;
-
- if (!S_ISDIR (stats.st_mode))
- {
- error (0, 0, _("%s exists but is not a directory"), quote (dir));
- return false;
- }
-
- if (!preserve_existing)
- {
- /* chown must precede chmod because on some systems,
- chown clears the set[ug]id bits for non-superusers,
- resulting in incorrect permissions.
- On System V, users can give away files with chown and then not
- be able to chmod them. So don't give files away. */
-
- if ((owner != (uid_t) -1 || group != (gid_t) -1)
- && chown (dir, owner, group)
-#ifdef AFS
- && errno != EPERM
-#endif
- )
- {
- error (0, errno, _("cannot change owner and/or group of %s"),
- quote (dir));
- retval = false;
- }
- if (chmod (dir, mode) != 0)
- {
- error (0, errno, _("cannot change permissions of %s"),
- quote (dir));
- retval = false;
- }
- }
+ ptrdiff_t prefix_len = 0;
+ int savewd_chdir_options = (HAVE_FCHMOD ? SAVEWD_CHDIR_SKIP_READABLE : 0);
+
+ if (make_ancestor)
+ {
+ prefix_len = mkancesdirs (dir, wd, make_ancestor, options);
+ if (prefix_len < 0)
+ {
+ if (prefix_len < -1)
+ return true;
+ mkdir_errno = errno;
+ }
+ }
+
+ if (0 <= prefix_len)
+ {
+ /* If the ownership might change, or if the directory will be
+ writable to other users and its special mode bits may
+ change after the directory is created, create it with
+ more restrictive permissions at first, so unauthorized
+ users cannot nip in before the directory is ready. */
+ bool keep_owner = owner == (uid_t) -1 && group == (gid_t) -1;
+ bool keep_special_mode_bits =
+ ((mode_bits & (S_ISUID | S_ISGID)) | (mode & S_ISVTX)) == 0;
+ mode_t mkdir_mode = mode;
+ if (! keep_owner)
+ mkdir_mode &= ~ (S_IRWXG | S_IRWXO);
+ else if (! keep_special_mode_bits)
+ mkdir_mode &= ~ (S_IWGRP | S_IWOTH);
+
+ if (mkdir (dir + prefix_len, mkdir_mode) == 0)
+ {
+ announce (dir, options);
+ preserve_existing = keep_owner & keep_special_mode_bits;
+ savewd_chdir_options |=
+ (SAVEWD_CHDIR_NOFOLLOW
+ | (mode & S_IRUSR ? SAVEWD_CHDIR_READABLE : 0));
+ }
+ else
+ {
+ mkdir_errno = errno;
+ mkdir_mode = -1;
+ }
+
+ if (preserve_existing)
+ {
+ struct stat st;
+ if (mkdir_errno == 0
+ || (mkdir_errno != ENOENT && make_ancestor
+ && stat (dir + prefix_len, &st) == 0
+ && S_ISDIR (st.st_mode)))
+ return true;
+ }
+ else
+ {
+ int open_result[2];
+ int chdir_result =
+ savewd_chdir (wd, dir + prefix_len,
+ savewd_chdir_options, open_result);
+ if (chdir_result < -1)
+ return true;
+ else
+ {
+ bool chdir_ok = (chdir_result == 0);
+ int chdir_errno = errno;
+ int fd = open_result[0];
+ bool chdir_failed_unexpectedly =
+ (mkdir_errno == 0
+ && ((! chdir_ok && (mode & S_IXUSR))
+ || (fd < 0 && (mode & S_IRUSR))));
+
+ if (chdir_failed_unexpectedly)
+ {
+ /* No need to save errno here; it's irrelevant. */
+ if (0 <= fd)
+ close (fd);
+ }
+ else
+ {
+ char const *subdir = (chdir_ok ? "." : dir + prefix_len);
+ if (dirchownmod (fd, subdir, mkdir_mode, owner, group,
+ mode, mode_bits)
+ == 0)
+ return true;
+ }
+
+ if (mkdir_errno == 0
+ || (mkdir_errno != ENOENT && make_ancestor
+ && errno != ENOTDIR))
+ {
+ error (0,
+ (! chdir_failed_unexpectedly ? errno
+ : ! chdir_ok && (mode & S_IXUSR) ? chdir_errno
+ : open_result[1]),
+ _(keep_owner
+ ? "cannot change permissions of %s"
+ : "cannot change owner and permissions of %s"),
+ quote (dir));
+ return false;
+ }
+ }
+ }
+ }