+
+
+
+
+int set_acl_entry(acl_t* aclp,
+ acl_entry_t entry) {
+ /* Update or create the given entry. */
+
+ acl_tag_t entry_tag;
+ int gt_result = acl_get_tag_type(entry, &entry_tag);
+ if (gt_result == -1) {
+ perror("set_acl_entry (acl_get_tag_type)");
+ return -1;
+ }
+
+ acl_permset_t entry_permset;
+ int ps_result = acl_get_permset(entry, &entry_permset);
+ if (ps_result == -1) {
+ perror("set_acl_entry (acl_get_permset)");
+ return -1;
+ }
+
+ acl_entry_t existing_entry;
+ /* Loop through the given ACL looking for matching entries. */
+ int result = acl_get_entry(*aclp, ACL_FIRST_ENTRY, &existing_entry);
+
+ while (result == 1) {
+ acl_tag_t existing_tag = ACL_UNDEFINED_TAG;
+ int tag_result = acl_get_tag_type(existing_entry, &existing_tag);
+
+ if (tag_result == -1) {
+ perror("set_acl_tag_permset (acl_get_tag_type)");
+ return -1;
+ }
+
+ if (existing_tag == entry_tag) {
+ bool update_it = true;
+
+ if (entry_tag == ACL_USER || entry_tag == ACL_GROUP) {
+ void* entry_qual = acl_get_qualifier(entry);
+ if (entry_qual == (void*)NULL) {
+ perror("set_acl_entry (acl_get_qualifier - entry_qual)");
+ return -1;
+ }
+
+ void* existing_qual = acl_get_qualifier(existing_entry);
+ if (existing_qual == (void*)NULL) {
+ perror("set_acl_entry (acl_get_qualifier - existing_qual)");
+ return -1;
+ }
+
+ if (entry_tag == ACL_USER) {
+ uid_t* u1p = (uid_t *)entry_qual;
+ uid_t* u2p = (uid_t *)existing_qual;
+ if (*u1p != *u2p) {
+ update_it = false;
+ }
+ }
+ else {
+ gid_t* g1p = (gid_t *)entry_qual;
+ gid_t* g2p = (gid_t *)existing_qual;
+ if (*g1p != *g2p) {
+ update_it = false;
+ }
+ }
+
+ acl_free(entry_qual);
+ acl_free(existing_qual);
+ }
+
+ if (update_it) {
+ acl_permset_t existing_permset;
+ int gep_result = acl_get_permset(existing_entry, &existing_permset);
+ if (gep_result == -1) {
+ perror("set_acl_entry (acl_get_permset)");
+ return -1;
+ }
+
+ /* If an existing entry doesn't have its execute bits set, we
+ don't want to set them from a default ACL. Unless it's the
+ mask entry! */
+ int gp_result = acl_get_perm(existing_permset, ACL_EXECUTE);
+ if (gp_result == -1) {
+ perror("set_acl_entry (acl_get_perm)");
+ return -1;
+ }
+
+ if (gp_result == 0 && existing_tag != ACL_MASK) {
+ /* It doesn't already have execute perms */
+ int d_result = acl_delete_perm(entry_permset, ACL_EXECUTE);
+ if (d_result == -1) {
+ perror("set_acl_entry (acl_delete_perm)");
+ return -1;
+ }
+ }
+
+ int s_result = acl_set_permset(existing_entry, entry_permset);
+ if (s_result == -1) {
+ perror("set_acl_entry (acl_set_permset)");
+ return -1;
+ }
+
+ return 1;
+ }
+
+ }
+
+ result = acl_get_entry(*aclp, ACL_NEXT_ENTRY, &existing_entry);
+ }
+
+ /* This catches both the initial acl_get_entry and the ones at the
+ end of the loop. */
+ if (result == -1) {
+ perror("set_acl_entry (acl_get_entry)");
+ return -1;
+ }
+
+ /* If we've made it this far, we need to add a new entry to the
+ ACL. */
+ acl_entry_t new_entry;
+ int c_result = acl_create_entry(aclp, &new_entry);
+ if (c_result == -1) {
+ perror("set_acl_entry (acl_create_entry)");
+ return -1;
+ }
+
+ int st_result = acl_set_tag_type(new_entry, entry_tag);
+ if (st_result == -1) {
+ perror("set_acl_entry (acl_set_tag_type)");
+ return -1;
+ }
+
+ int s_result = acl_set_permset(new_entry, entry_permset);
+ if (s_result == -1) {
+ perror("set_acl_entry (acl_set_permset)");
+ return -1;
+ }
+
+ if (entry_tag == ACL_USER || entry_tag == ACL_GROUP) {
+ /* We need to set the qualifier too. */
+ void* entry_qual = acl_get_qualifier(entry);
+ if (entry_qual == (void*)NULL) {
+ perror("set_acl_entry (acl_get_qualifier)");
+ return -1;
+ }
+
+ int sq_result = acl_set_qualifier(new_entry, entry_qual);
+ if (sq_result == -1) {
+ perror("set_acl_entry (acl_set_qualifier)");
+ return -1;
+ }
+ }
+
+ return 1;