X-Git-Url: https://gitweb.michael.orlitzky.com/?a=blobdiff_plain;f=src%2Fapply-default-acl.c;h=1d590303462fc601685cfdb2aeb22f6135c6947a;hb=2bc2d104386912d39aa78c6fceb5694014257a7e;hp=1eb49c44fd88b9d403c2bc0b4c8cce28e1e6ce87;hpb=40a0da32d5f91b416f45d8e66c4406774f3b6383;p=apply-default-acl.git

diff --git a/src/apply-default-acl.c b/src/apply-default-acl.c
index 1eb49c4..1d59030 100644
--- a/src/apply-default-acl.c
+++ b/src/apply-default-acl.c
@@ -35,56 +35,6 @@
 
 
 
-/**
- * @brief Determine if the given file descriptor might refer to an
- *   (unsafe) hard link.
- *
- * @param fd
- *   The file descriptor whose link count we want to investigate.
- *
- * @return true if we are certain that @c fd does not describe a hard
- *   link, and false otherwise. In case of error, false is returned,
- *   because we are not sure that @c fd is not a hard link.
- */
-bool is_hardlink_safe(int fd) {
-  if (fd <= 0) {
-    return false;
-  }
-  struct stat s;
-  if (fstat(fd, &s) == 0) {
-    return (s.st_nlink == 1 || S_ISDIR(s.st_mode));
-  }
-  else {
-    return false;
-  }
-}
-
-
-/**
- * @brief Determine whether or not the given file descriptor is for
- *   a regular file.
- *
- * @param fd
- *   The file descriptor to test for regular-fileness.
- *
- * @return true if @c fd describes a regular file, and false otherwise.
- */
-bool is_regular_file(int fd) {
-  if (fd <= 0) {
-    return false;
-  }
-
-  struct stat s;
-  if (fstat(fd, &s) == 0) {
-    return S_ISREG(s.st_mode);
-  }
-  else {
-    return false;
-  }
-}
-
-
-
 /**
  * @brief Determine whether or not the given path is accessible.
  *
@@ -142,29 +92,6 @@ bool is_path_directory(const char* path) {
 }
 
 
-/**
- * @brief Determine whether or not the given file descriptor is for
- *   a directory.
- *
- * @param fd
- *   The file descriptor whose directoryness is in question.
- *
- * @return true if @c fd describes a directory, and false otherwise.
- */
-bool is_directory(int fd) {
-  if (fd <= 0) {
-    return false;
-  }
-
-  struct stat s;
-  if (fstat(fd, &s) == 0) {
-    return S_ISDIR(s.st_mode);
-  }
-  else {
-    return false;
-  }
-}
-
 
 
 /**
@@ -413,38 +340,27 @@ int acl_execute_masked(acl_t acl) {
 
 
 /**
- * @brief Determine whether @c fd is executable (by anyone) or a
- *   directory.
+ * @brief Determine whether @c fd is executable by anyone.
+ *
  *
  * This is used as part of the heuristic to determine whether or not
  * we should mask the execute bit when inheriting an ACL. If @c fd
- * describes a directory, the answer is a clear-cut yes. This behavior
- * is modeled after the capital 'X' perms of setfacl.
- *
- * If @c fd describes a file, we check the @a effective permissions,
- * contrary to what setfacl does.
+ * describes a file, we check the @a effective permissions, contrary
+ * to what setfacl does.
  *
  * @param fd
  *   The file descriptor to check.
  *
  * @return
- *   - @c ACL_SUCCESS - @c fd describes a directory, or someone has effective
-       execute permissions.
- *   - @c ACL_FAILURE - @c fd describes a regular file and nobody can execute
-       it.
+ *   - @c ACL_SUCCESS - Someone has effective execute permissions on @c fd.
+ *   - @c ACL_FAILURE - Nobody can execute @c fd.
  *   - @c ACL_ERROR - Unexpected library error.
  */
-int any_can_execute_or_dir(int fd) {
-
-  if (is_directory(fd)) {
-    /* That was easy... */
-    return ACL_SUCCESS;
-  }
-
+int any_can_execute(int fd) {
   acl_t acl = acl_get_fd(fd);
 
   if (acl == (acl_t)NULL) {
-    perror("any_can_execute_or_dir (acl_get_file)");
+    perror("any_can_execute (acl_get_file)");
     return ACL_ERROR;
   }
 
@@ -454,7 +370,7 @@ int any_can_execute_or_dir(int fd) {
   if (acl_is_minimal(acl)) {
     struct stat s;
     if (fstat(fd, &s) == -1) {
-      perror("any_can_execute_or_dir (fstat)");
+      perror("any_can_execute (fstat)");
       result = ACL_ERROR;
       goto cleanup;
     }
@@ -477,7 +393,7 @@ int any_can_execute_or_dir(int fd) {
     acl_tag_t tag = ACL_UNDEFINED_TAG;
 
     if (acl_get_tag_type(entry, &tag) == ACL_ERROR) {
-      perror("any_can_execute_or_dir (acl_get_tag_type)");
+      perror("any_can_execute_or (acl_get_tag_type)");
       result = ACL_ERROR;
       goto cleanup;
     }
@@ -491,14 +407,14 @@ int any_can_execute_or_dir(int fd) {
     acl_permset_t permset;
 
     if (acl_get_permset(entry, &permset) == ACL_ERROR) {
-      perror("any_can_execute_or_dir (acl_get_permset)");
+      perror("any_can_execute_or (acl_get_permset)");
       result = ACL_ERROR;
       goto cleanup;
     }
 
     int gp_result = acl_get_perm(permset, ACL_EXECUTE);
     if (gp_result == ACL_ERROR) {
-      perror("any_can_execute_or_dir (acl_get_perm)");
+      perror("any_can_execute (acl_get_perm)");
       result = ACL_ERROR;
       goto cleanup;
     }
@@ -515,7 +431,7 @@ int any_can_execute_or_dir(int fd) {
   }
 
   if (ge_result == ACL_ERROR) {
-    perror("any_can_execute_or_dir (acl_get_entry)");
+    perror("any_can_execute (acl_get_entry)");
     result = ACL_ERROR;
     goto cleanup;
   }
@@ -548,7 +464,8 @@ int any_can_execute_or_dir(int fd) {
 int assign_default_acl(const char* path, acl_t acl) {
 
   if (path == NULL) {
-    errno = ENOENT;
+    errno = EINVAL;
+    perror("assign_default_acl (args)");
     return ACL_ERROR;
   }
 
@@ -629,7 +546,8 @@ int wipe_acls(int fd) {
 int apply_default_acl(const char* path, bool no_exec_mask) {
 
   if (path == NULL) {
-    errno = ENOENT;
+    errno = EINVAL;
+    perror("apply_default_acl (args)");
     return ACL_ERROR;
   }
 
@@ -678,26 +596,33 @@ int apply_default_acl(const char* path, bool no_exec_mask) {
    * between when we open the file descriptor (look above) and when we
    * fstat it.
   */
-  if (!is_hardlink_safe(fd)) {
-    result = ACL_FAILURE;
+  struct stat s;
+  if (fstat(fd, &s) == -1) {
+    perror("apply_default_acl (fstat)");
     goto cleanup;
   }
-
-  if (!is_regular_file(fd) && !is_directory(fd)) {
-    result = ACL_FAILURE;
-    goto cleanup;
+  if (!S_ISDIR(s.st_mode)) {
+    /* If it's not a directory, make sure it's a regular,
+       non-hard-linked file. */
+    if (!S_ISREG(s.st_mode) || s.st_nlink != 1) {
+      result = ACL_FAILURE;
+      goto cleanup;
+    }
   }
 
+
   /* Default to not masking the exec bit; i.e. applying the default
      ACL literally. If --no-exec-mask was not specified, then we try
-     to "guess" whether or not to mask the exec bit. */
+     to "guess" whether or not to mask the exec bit. This behavior
+     is modeled after the capital 'X' perms of setfacl. */
   bool allow_exec = true;
 
   if (!no_exec_mask) {
-    int ace_result = any_can_execute_or_dir(fd);
+    /* Never mask the execute bit on directories. */
+    int ace_result = any_can_execute(fd) || S_ISDIR(s.st_mode);
 
     if (ace_result == ACL_ERROR) {
-      perror("apply_default_acl (any_can_execute_or_dir)");
+      perror("apply_default_acl (any_can_execute)");
       result = ACL_ERROR;
       goto cleanup;
     }