X-Git-Url: https://gitweb.michael.orlitzky.com/?a=blobdiff_plain;f=src%2Fapply-default-acl.c;h=0a70b09d27dc7c88355e9cc339016b1f33357647;hb=7e0a431bdbba1757b4fc54289dcfb5f26b59781e;hp=fb472a58742c95016e7bbf6ad74e0ec19ac2f81a;hpb=aeedc5826cb0594318031e35acaf8b4a1b6e7c32;p=apply-default-acl.git diff --git a/src/apply-default-acl.c b/src/apply-default-acl.c index fb472a5..0a70b09 100644 --- a/src/apply-default-acl.c +++ b/src/apply-default-acl.c @@ -69,54 +69,6 @@ bool path_accessible(const char* path) { -/** - * @brief Determine whether or not the given path is a directory. - * - * @param path - * The path to test. - * - * @return true if @c path is a directory, false otherwise. - */ -bool is_path_directory(const char* path) { - if (path == NULL) { - return false; - } - - struct stat s; - if (lstat(path, &s) == 0) { - return S_ISDIR(s.st_mode); - } - else { - return false; - } -} - - -/** - * @brief Determine whether or not the given file descriptor is for - * a directory. - * - * @param fd - * The file descriptor whose directoryness is in question. - * - * @return true if @c fd describes a directory, and false otherwise. - */ -bool is_directory(int fd) { - if (fd <= 0) { - return false; - } - - struct stat s; - if (fstat(fd, &s) == 0) { - return S_ISDIR(s.st_mode); - } - else { - return false; - } -} - - - /** * @brief Update (or create) an entry in an @b minimal ACL. * @@ -363,38 +315,30 @@ int acl_execute_masked(acl_t acl) { /** - * @brief Determine whether @c fd is executable (by anyone) or a - * directory. + * @brief Determine whether @c fd is executable by anyone. + * * * This is used as part of the heuristic to determine whether or not * we should mask the execute bit when inheriting an ACL. If @c fd - * describes a directory, the answer is a clear-cut yes. This behavior - * is modeled after the capital 'X' perms of setfacl. - * - * If @c fd describes a file, we check the @a effective permissions, - * contrary to what setfacl does. + * describes a file, we check the @a effective permissions, contrary + * to what setfacl does. * * @param fd * The file descriptor to check. * + * @param sp + * A pointer to a stat structure for @c fd. + * * @return - * - @c ACL_SUCCESS - @c fd describes a directory, or someone has effective - execute permissions. - * - @c ACL_FAILURE - @c fd describes a regular file and nobody can execute - it. + * - @c ACL_SUCCESS - Someone has effective execute permissions on @c fd. + * - @c ACL_FAILURE - Nobody can execute @c fd. * - @c ACL_ERROR - Unexpected library error. */ -int any_can_execute_or_dir(int fd) { - - if (is_directory(fd)) { - /* That was easy... */ - return ACL_SUCCESS; - } - +int any_can_execute(int fd, const struct stat* sp) { acl_t acl = acl_get_fd(fd); if (acl == (acl_t)NULL) { - perror("any_can_execute_or_dir (acl_get_file)"); + perror("any_can_execute (acl_get_file)"); return ACL_ERROR; } @@ -402,13 +346,7 @@ int any_can_execute_or_dir(int fd) { int result = ACL_FAILURE; if (acl_is_minimal(acl)) { - struct stat s; - if (fstat(fd, &s) == -1) { - perror("any_can_execute_or_dir (fstat)"); - result = ACL_ERROR; - goto cleanup; - } - if (s.st_mode & (S_IXUSR | S_IXOTH | S_IXGRP)) { + if (sp->st_mode & (S_IXUSR | S_IXOTH | S_IXGRP)) { result = ACL_SUCCESS; goto cleanup; } @@ -427,7 +365,7 @@ int any_can_execute_or_dir(int fd) { acl_tag_t tag = ACL_UNDEFINED_TAG; if (acl_get_tag_type(entry, &tag) == ACL_ERROR) { - perror("any_can_execute_or_dir (acl_get_tag_type)"); + perror("any_can_execute_or (acl_get_tag_type)"); result = ACL_ERROR; goto cleanup; } @@ -441,14 +379,14 @@ int any_can_execute_or_dir(int fd) { acl_permset_t permset; if (acl_get_permset(entry, &permset) == ACL_ERROR) { - perror("any_can_execute_or_dir (acl_get_permset)"); + perror("any_can_execute_or (acl_get_permset)"); result = ACL_ERROR; goto cleanup; } int gp_result = acl_get_perm(permset, ACL_EXECUTE); if (gp_result == ACL_ERROR) { - perror("any_can_execute_or_dir (acl_get_perm)"); + perror("any_can_execute (acl_get_perm)"); result = ACL_ERROR; goto cleanup; } @@ -465,7 +403,7 @@ int any_can_execute_or_dir(int fd) { } if (ge_result == ACL_ERROR) { - perror("any_can_execute_or_dir (acl_get_entry)"); + perror("any_can_execute (acl_get_entry)"); result = ACL_ERROR; goto cleanup; } @@ -478,11 +416,10 @@ int any_can_execute_or_dir(int fd) { /** - * @brief Set @c acl as the default ACL on @c path if it's a directory. + * @brief Set @c acl as the default ACL on @c path. * - * This overwrites any existing default ACL on @c path. If no default - * ACL exists, then one is created. If @c path is not a directory, we - * return ACL_FAILURE but no error is raised. + * This overwrites any existing default ACL on @c path. If @c path is + * not a directory, we return ACL_ERROR and @c errno is set. * * @param path * The target directory whose ACL we wish to replace or create. @@ -492,21 +429,17 @@ int any_can_execute_or_dir(int fd) { * * @return * - @c ACL_SUCCESS - The default ACL was assigned successfully. - * - @c ACL_FAILURE - If @c path is not a directory. * - @c ACL_ERROR - Unexpected library error. */ int assign_default_acl(const char* path, acl_t acl) { if (path == NULL) { - errno = ENOENT; + errno = EINVAL; + perror("assign_default_acl (args)"); return ACL_ERROR; } - if (!is_path_directory(path)) { - return ACL_FAILURE; - } - - /* Our return value; success unless something bad happens. */ + /* Our return value; success unless something bad happens. */ int result = ACL_SUCCESS; acl_t path_acl = acl_dup(acl); @@ -567,6 +500,10 @@ int wipe_acls(int fd) { * @param path * The path whose ACL we would like to reset to its default. * + * @param sp + * A pointer to a stat structure for @c path, or @c NULL if you don't + * have one handy. + * * @param no_exec_mask * The value (either true or false) of the --no-exec-mask flag. * @@ -576,7 +513,9 @@ int wipe_acls(int fd) { * or the parent of @c path is not a directory. * - @c ACL_ERROR - Unexpected library error. */ -int apply_default_acl(const char* path, bool no_exec_mask) { +int apply_default_acl(const char* path, + const struct stat* sp, + bool no_exec_mask) { if (path == NULL) { errno = EINVAL; @@ -628,16 +567,24 @@ int apply_default_acl(const char* path, bool no_exec_mask) { * race condition here, but the window is as small as possible * between when we open the file descriptor (look above) and when we * fstat it. + * + * Note: we only need to call fstat ourselves if we weren't passed a + * valid pointer to a stat structure (nftw does that). */ - struct stat s; - if (fstat(fd, &s) == -1) { - perror("apply_default_acl (fstat)"); - goto cleanup; + if (sp == NULL) { + struct stat s; + if (fstat(fd, &s) == -1) { + perror("apply_default_acl (fstat)"); + goto cleanup; + } + + sp = &s; } - if (!S_ISDIR(s.st_mode)) { + + if (!S_ISDIR(sp->st_mode)) { /* If it's not a directory, make sure it's a regular, non-hard-linked file. */ - if (!S_ISREG(s.st_mode) || s.st_nlink != 1) { + if (!S_ISREG(sp->st_mode) || sp->st_nlink != 1) { result = ACL_FAILURE; goto cleanup; } @@ -646,14 +593,16 @@ int apply_default_acl(const char* path, bool no_exec_mask) { /* Default to not masking the exec bit; i.e. applying the default ACL literally. If --no-exec-mask was not specified, then we try - to "guess" whether or not to mask the exec bit. */ + to "guess" whether or not to mask the exec bit. This behavior + is modeled after the capital 'X' perms of setfacl. */ bool allow_exec = true; if (!no_exec_mask) { - int ace_result = any_can_execute_or_dir(fd); + /* Never mask the execute bit on directories. */ + int ace_result = any_can_execute(fd,sp) || S_ISDIR(sp->st_mode); if (ace_result == ACL_ERROR) { - perror("apply_default_acl (any_can_execute_or_dir)"); + perror("apply_default_acl (any_can_execute)"); result = ACL_ERROR; goto cleanup; } @@ -684,8 +633,13 @@ int apply_default_acl(const char* path, bool no_exec_mask) { goto cleanup; } - /* If it's a directory, inherit the parent's default. */ - if (assign_default_acl(path, defacl) == ACL_ERROR) { + /* If it's a directory, inherit the parent's default. We sure hope + * that "path" still points to the same thing that "fd" and this + * "sp" describe. If not, we may wind up trying to set a default ACL + * on a file, and this will throw an error. I guess that's what we + * want to do? + */ + if (S_ISDIR(sp->st_mode) && assign_default_acl(path, defacl) == ACL_ERROR) { perror("apply_default_acl (assign_default_acl)"); result = ACL_ERROR; goto cleanup; @@ -822,11 +776,11 @@ void usage(const char* program_name) { * */ int apply_default_acl_nftw(const char *target, - const struct stat *s, + const struct stat *sp, int info, struct FTW *ftw) { - if (apply_default_acl(target, false)) { + if (apply_default_acl(target, sp, false)) { return FTW_CONTINUE; } else { @@ -844,11 +798,11 @@ int apply_default_acl_nftw(const char *target, * */ int apply_default_acl_nftw_x(const char *target, - const struct stat *s, + const struct stat *sp, int info, struct FTW *ftw) { - if (apply_default_acl(target, true)) { + if (apply_default_acl(target, sp, true)) { return FTW_CONTINUE; } else { @@ -883,11 +837,6 @@ int apply_default_acl_nftw_x(const char *target, * we still return @c false. */ bool apply_default_acl_recursive(const char *target, bool no_exec_mask) { - - if (!is_path_directory(target)) { - return apply_default_acl(target, no_exec_mask); - } - int max_levels = 256; int flags = FTW_PHYS; /* Don't follow links. */ @@ -987,7 +936,7 @@ int main(int argc, char* argv[]) { } else { /* It's either a normal file, or we're not operating recursively. */ - reapp_result = apply_default_acl(target, no_exec_mask); + reapp_result = apply_default_acl(target, NULL, no_exec_mask); } if (!reapp_result) {