From 6727b9e8ed3807cd565127f87fa6faa33c4b5ee4 Mon Sep 17 00:00:00 2001
From: Michael Orlitzky <michael@orlitzky.com>
Date: Thu, 1 Mar 2018 16:20:15 -0500
Subject: [PATCH] Bail out of apply_default_acl_ex() early if the parent has no
 default ACL.

---
 run-tests.sh   |  3 +++
 src/libadacl.c | 31 +++++++++++++++++++++++++++++++
 2 files changed, 34 insertions(+)

diff --git a/run-tests.sh b/run-tests.sh
index 07ad496..3ac659f 100755
--- a/run-tests.sh
+++ b/run-tests.sh
@@ -846,10 +846,13 @@ compare
 
 
 # Test that one "failure" exit code overrides two "successes"
+# We need a default ACL on ${TESTDIR} because otherwise we do
+# nothing, successfully, on the symlink path.
 TESTNUM=37
 mkdir "${TESTDIR}/foo"
 ln -s foo "${TESTDIR}/bar"
 mkdir "${TESTDIR}/baz"
+setfacl --default --modify user:${USERS[0]}:rw "${TESTDIR}"
 "${BIN}" "${TESTDIR}/foo" "${TESTDIR}/bar" "${TESTDIR}/baz"
 ACTUAL="$?"
 EXPECTED="1"
diff --git a/src/libadacl.c b/src/libadacl.c
index d924322..0d07f2c 100644
--- a/src/libadacl.c
+++ b/src/libadacl.c
@@ -681,6 +681,30 @@ int acl_copy_xattr(int src_fd,
 }
 
 
+/**
+ * @brief Determine if a file descriptor has a default ACL.
+ *
+ * @param fd
+ *   The file descriptor whose default ACL is in question.
+ *
+ * @return
+ *   - @c ACL_SUCCESS - If @c fd has a default ACL.
+ *   - @c ACL_FAILURE - If @c fd does not have a default ACL.
+ *   - @c ACL_ERROR - Unexpected library error.
+ */
+int has_default_acl_fd(int fd) {
+  if (fgetxattr(fd, XATTR_NAME_POSIX_ACL_DEFAULT, NULL, 0) == XATTR_ERROR) {
+    if (errno == ENODATA) {
+      return ACL_FAILURE;
+    }
+    perror("has_default_acl_fd (fgetxattr)");
+    return ACL_ERROR;
+  }
+
+  return ACL_SUCCESS;
+}
+
+
 /**
  * @brief Apply parent default ACL to a path.
  *
@@ -754,6 +778,13 @@ int apply_default_acl_ex(const char* path,
     }
   }
 
+  /* Check to make sure the parent descriptor actually has a default
+     ACL. If it doesn't, then we can "succeed" immediately. */
+  if (has_default_acl_fd(parent_fd) == ACL_FAILURE) {
+    result = ACL_SUCCESS;
+    goto cleanup;
+  }
+
   fd = safe_open(path, O_NOFOLLOW);
   if (fd == OPEN_ERROR) {
     if (errno == ELOOP || errno == ENOTDIR) {
-- 
2.43.2