X-Git-Url: http://gitweb.michael.orlitzky.com/?a=blobdiff_plain;f=src%2Flibadacl.c;h=1411536ea8e4963f2fe951058daac69b2715f5dd;hb=0e4810e0a4e3ca231c1c526729d74200d7fef031;hp=62ab3cc0047dcb2e92dcf3d9b21d86b21fe518b8;hpb=d8b55a1ea987e0ac8915bd5b2597d85f2d81c85d;p=apply-default-acl.git diff --git a/src/libadacl.c b/src/libadacl.c index 62ab3cc..1411536 100644 --- a/src/libadacl.c +++ b/src/libadacl.c @@ -42,6 +42,24 @@ #define XATTR_ERROR -1 +/* Prototypes */ +int safe_open_ex(int at_fd, char* pathname, int flags); +int safe_open(const char* pathname, int flags); +int acl_update_entry(acl_t aclp, acl_entry_t entry); +int acl_entry_count(acl_t acl); +int acl_is_minimal(acl_t acl); +int acl_execute_masked(acl_t acl); +int any_can_execute(int fd, const struct stat* sp); +int acl_copy_xattr(int src_fd, + acl_type_t src_type, + int dst_fd, + acl_type_t dst_type); +int has_default_acl_fd(int fd); +int apply_default_acl_fds(int parent_fd, int fd, bool recursive); +int apply_default_acl(const char* path, bool recursive); + + + /** * @brief The recursive portion of the @c safe_open function, used to * open a file descriptor in a symlink-safe way when combined with @@ -654,9 +672,6 @@ int has_default_acl_fd(int fd) { * @param fd * The file descriptor that should inherit its parent's default ACL. * - * @param no_exec_mask - * The value (either true or false) of the --no-exec-mask flag. - * * @param recursive * Should we recurse into subdirectories? * @@ -667,7 +682,6 @@ int has_default_acl_fd(int fd) { */ int apply_default_acl_fds(int parent_fd, int fd, - bool no_exec_mask, bool recursive) { int result = ACL_SUCCESS; @@ -718,24 +732,20 @@ int apply_default_acl_fds(int parent_fd, } - /* Default to not masking the exec bit; i.e. applying the default - ACL literally. If --no-exec-mask was not specified, then we try - to "guess" whether or not to mask the exec bit. This behavior - is modeled after the capital 'X' perms of setfacl. */ - bool allow_exec = true; + /* Next We try to guess whether or not to strip the execute bits. + * This behavior is modeled after the capital 'X' perms of setfacl. + */ + int ace_result = any_can_execute(fd, &s); - if (!no_exec_mask) { - /* Never mask the execute bit on directories. */ - int ace_result = any_can_execute(fd,&s) || S_ISDIR(s.st_mode); + if (ace_result == ACL_ERROR) { + perror("apply_default_acl_fds (any_can_execute)"); + result = ACL_ERROR; + goto cleanup; + } - if (ace_result == ACL_ERROR) { - perror("apply_default_acl_fds (any_can_execute)"); - result = ACL_ERROR; - goto cleanup; - } + /* Never mask the execute bit on directories. */ + bool allow_exec = (bool)ace_result || S_ISDIR(s.st_mode); - allow_exec = (bool)ace_result; - } /* If it's a directory, inherit the parent's default. */ if (S_ISDIR(s.st_mode)) { @@ -905,7 +915,7 @@ int apply_default_acl_fds(int parent_fd, continue; } } - switch (apply_default_acl_fds(fd, new_fd, no_exec_mask, recursive)) { + switch (apply_default_acl_fds(fd, new_fd, recursive)) { /* Don't overwrite an error result with success/failure. */ case ACL_FAILURE: if (result == ACL_SUCCESS) { @@ -940,9 +950,6 @@ int apply_default_acl_fds(int parent_fd, * @param path * The path whose ACL we would like to reset to its default. * - * @param no_exec_mask - * The value (either true or false) of the --no-exec-mask flag. - * * @param recursive * Should we recurse into subdirectories? * @@ -951,7 +958,7 @@ int apply_default_acl_fds(int parent_fd, * - @c ACL_FAILURE - If symlinks or hard links are encountered. * - @c ACL_ERROR - Unexpected library error. */ -int apply_default_acl(const char* path, bool no_exec_mask, bool recursive) { +int apply_default_acl(const char* path, bool recursive) { if (path == NULL) { errno = EINVAL; @@ -1024,7 +1031,7 @@ int apply_default_acl(const char* path, bool no_exec_mask, bool recursive) { } } - result = apply_default_acl_fds(parent_fd, fd, no_exec_mask, recursive); + result = apply_default_acl_fds(parent_fd, fd, recursive); cleanup: free(dirname_path_copy);