#define XATTR_ERROR -1
+/* Prototypes */
+int safe_open_ex(int at_fd, char* pathname, int flags);
+int safe_open(const char* pathname, int flags);
+int acl_update_entry(acl_t aclp, acl_entry_t entry);
+int acl_entry_count(acl_t acl);
+int acl_is_minimal(acl_t acl);
+int acl_execute_masked(acl_t acl);
+int any_can_execute(int fd, const struct stat* sp);
+int acl_copy_xattr(int src_fd,
+ acl_type_t src_type,
+ int dst_fd,
+ acl_type_t dst_type);
+int has_default_acl_fd(int fd);
+int apply_default_acl_fds(int parent_fd, int fd, bool recursive);
+int apply_default_acl(const char* path, bool recursive);
+
+
+
/**
* @brief The recursive portion of the @c safe_open function, used to
* open a file descriptor in a symlink-safe way when combined with
* @param fd
* The file descriptor that should inherit its parent's default ACL.
*
- * @param no_exec_mask
- * The value (either true or false) of the --no-exec-mask flag.
- *
* @param recursive
* Should we recurse into subdirectories?
*
*/
int apply_default_acl_fds(int parent_fd,
int fd,
- bool no_exec_mask,
bool recursive) {
int result = ACL_SUCCESS;
}
- /* Default to not masking the exec bit; i.e. applying the default
- ACL literally. If --no-exec-mask was not specified, then we try
- to "guess" whether or not to mask the exec bit. This behavior
- is modeled after the capital 'X' perms of setfacl. */
- bool allow_exec = true;
+ /* Next We try to guess whether or not to strip the execute bits.
+ * This behavior is modeled after the capital 'X' perms of setfacl.
+ */
+ int ace_result = any_can_execute(fd, &s);
- if (!no_exec_mask) {
- /* Never mask the execute bit on directories. */
- int ace_result = any_can_execute(fd,&s) || S_ISDIR(s.st_mode);
+ if (ace_result == ACL_ERROR) {
+ perror("apply_default_acl_fds (any_can_execute)");
+ result = ACL_ERROR;
+ goto cleanup;
+ }
- if (ace_result == ACL_ERROR) {
- perror("apply_default_acl_fds (any_can_execute)");
- result = ACL_ERROR;
- goto cleanup;
- }
+ /* Never mask the execute bit on directories. */
+ bool allow_exec = (bool)ace_result || S_ISDIR(s.st_mode);
- allow_exec = (bool)ace_result;
- }
/* If it's a directory, inherit the parent's default. */
if (S_ISDIR(s.st_mode)) {
continue;
}
}
- switch (apply_default_acl_fds(fd, new_fd, no_exec_mask, recursive)) {
+ switch (apply_default_acl_fds(fd, new_fd, recursive)) {
/* Don't overwrite an error result with success/failure. */
case ACL_FAILURE:
if (result == ACL_SUCCESS) {
* @param path
* The path whose ACL we would like to reset to its default.
*
- * @param no_exec_mask
- * The value (either true or false) of the --no-exec-mask flag.
- *
* @param recursive
* Should we recurse into subdirectories?
*
* - @c ACL_FAILURE - If symlinks or hard links are encountered.
* - @c ACL_ERROR - Unexpected library error.
*/
-int apply_default_acl(const char* path, bool no_exec_mask, bool recursive) {
+int apply_default_acl(const char* path, bool recursive) {
if (path == NULL) {
errno = EINVAL;
}
}
- result = apply_default_acl_fds(parent_fd, fd, no_exec_mask, recursive);
+ result = apply_default_acl_fds(parent_fd, fd, recursive);
cleanup:
free(dirname_path_copy);