/* No more slashes, this is the base case. */
return openat(at_fd, pathname, flags);
}
- else if (firstslash[1] == '\0') {
+ if (firstslash[1] == '\0') {
/* The first slash is the last character; ensure that we open
a directory. */
firstslash[0] = '\0';
* and @c OPEN_ERROR if not.
*/
int safe_open(const char* pathname, int flags) {
- if (pathname == NULL || strlen(pathname) == 0 || pathname[0] == '\0') {
+ if (pathname == NULL) {
errno = EINVAL;
perror("safe_open (args)");
return OPEN_ERROR;
-/**
- * @brief Remove all @c ACL_TYPE_ACCESS entries from the given file
- * descriptor, leaving the UNIX permission bits.
- *
- * @param fd
- * The file descriptor whose ACLs we want to wipe.
- *
- * @return
- * - @c ACL_SUCCESS - The ACLs were wiped successfully, or none
- * existed in the first place.
- * - @c ACL_ERROR - Unexpected library error.
- */
-int wipe_acls(int fd) {
- /* Initialize an empty ACL, and then overwrite the one on "fd" with it. */
- acl_t empty_acl = acl_init(0);
-
- if (empty_acl == (acl_t)NULL) {
- perror("wipe_acls (acl_init)");
- return ACL_ERROR;
- }
-
- if (acl_set_fd(fd, empty_acl) == ACL_ERROR) {
- perror("wipe_acls (acl_set_fd)");
- acl_free(empty_acl);
- return ACL_ERROR;
- }
-
- acl_free(empty_acl);
- return ACL_SUCCESS;
-}
-
-
/**
* @brief Copy ACLs between file descriptors as xattrs, verbatim.
*
allow_exec = (bool)ace_result;
}
- if (wipe_acls(fd) == ACL_ERROR) {
- perror("apply_default_acl_ex (wipe_acls)");
- result = ACL_ERROR;
- goto cleanup;
- }
-
/* If it's a directory, inherit the parent's default. */
if (S_ISDIR(sp->st_mode)) {
if (acl_copy_xattr(parent_fd,
*/
/* Now we potentially need to mask the execute permissions in the
- ACL on fd. First obtain the current one... */
+ ACL on fd; or maybe now. */
+ if (allow_exec) {
+ goto cleanup;
+ }
+
+ /* OK, we need to mask some execute permissions. First obtain the
+ current ACL... */
new_acl = acl_get_fd(fd);
if (new_acl == (acl_t)NULL) {
perror("apply_default_acl_ex (acl_get_fd)");
tag == ACL_GROUP_OBJ ||
tag == ACL_OTHER) {
- if (!allow_exec) {
- /* The mask doesn't affect acl_user_obj, acl_group_obj (in
- minimal ACLs) or acl_other entries, so if execute should be
- masked, we have to do it manually. */
- if (acl_delete_perm(permset, ACL_EXECUTE) == ACL_ERROR) {
- perror("apply_default_acl_ex (acl_delete_perm)");
- result = ACL_ERROR;
- goto cleanup;
- }
-
- if (acl_set_permset(entry, permset) == ACL_ERROR) {
- perror("apply_default_acl_ex (acl_set_permset)");
- result = ACL_ERROR;
- goto cleanup;
- }
+ /* The mask doesn't affect acl_user_obj, acl_group_obj (in
+ minimal ACLs) or acl_other entries, so if execute should be
+ masked, we have to do it manually. */
+ if (acl_delete_perm(permset, ACL_EXECUTE) == ACL_ERROR) {
+ perror("apply_default_acl_ex (acl_delete_perm)");
+ result = ACL_ERROR;
+ goto cleanup;
+ }
+
+ if (acl_set_permset(entry, permset) == ACL_ERROR) {
+ perror("apply_default_acl_ex (acl_set_permset)");
+ result = ACL_ERROR;
+ goto cleanup;
}
}