X-Git-Url: https://gitweb.michael.orlitzky.com/?a=blobdiff_plain;f=src%2Fapply-default-acl.c;h=6900a636e3ddc94b5045df620c8bf3ab772e73a6;hb=b088861e27935185fdd94425035000c4a8704b71;hp=b279814df45d747f727a78ead4b8835edd0b447e;hpb=6c033a0444deb72dbe606b12a2c1c86b77275634;p=apply-default-acl.git diff --git a/src/apply-default-acl.c b/src/apply-default-acl.c index b279814..6900a63 100644 --- a/src/apply-default-acl.c +++ b/src/apply-default-acl.c @@ -33,10 +33,6 @@ #define ACL_SUCCESS 1 -/* Command-line options */ -static bool no_exec_mask = false; - - /** * @brief Get the mode bits from the given path. @@ -384,6 +380,7 @@ int acl_execute_masked(const char* path) { } + /** * @brief Determine whether @c path is executable (by anyone) or a * directory. @@ -439,6 +436,23 @@ int any_can_execute_or_dir(const char* path) { int ge_result = acl_get_entry(acl, ACL_FIRST_ENTRY, &entry); while (ge_result == ACL_SUCCESS) { + /* The first thing we do is check to see if this is a mask + entry. If it is, we skip it entirely. */ + acl_tag_t tag = ACL_UNDEFINED_TAG; + int tag_result = acl_get_tag_type(entry, &tag); + + if (tag_result == ACL_ERROR) { + perror("any_can_execute_or_dir (acl_get_tag_type)"); + result = ACL_ERROR; + goto cleanup; + } + + if (tag == ACL_MASK) { + ge_result = acl_get_entry(acl, ACL_NEXT_ENTRY, &entry); + continue; + } + + /* Ok, so it's not a mask entry. Check the execute perms. */ acl_permset_t permset; int ps_result = acl_get_permset(entry, &permset); @@ -456,7 +470,7 @@ int any_can_execute_or_dir(const char* path) { } if (gp_result == ACL_SUCCESS) { - /* Only return one if this execute bit is not masked. */ + /* Only return ACL_SUCCESS if this execute bit is not masked. */ if (acl_execute_masked(path) != ACL_SUCCESS) { result = ACL_SUCCESS; goto cleanup; @@ -611,13 +625,16 @@ int wipe_acls(const char* path) { * @param path * The path whose ACL we would like to reset to its default. * + * @param no_exec_mask + * The value (either true or false) of the --no-exec-mask flag. + * * @return * - @c ACL_SUCCESS - The parent default ACL was inherited successfully. * - @c ACL_FAILURE - The target path is not a regular file/directory, * or the parent of @c path is not a directory. * - @c ACL_ERROR - Unexpected library error. */ -int apply_default_acl(const char* path) { +int apply_default_acl(const char* path, bool no_exec_mask) { if (path == NULL) { errno = ENOENT; @@ -777,7 +794,7 @@ int apply_default_acl(const char* path) { * The program name to use in the output. * */ -void usage(char* program_name) { +void usage(const char* program_name) { printf("Apply any applicable default ACLs to the given files or " "directories.\n\n"); printf("Usage: %s [flags] [ [ ...]]\n\n", @@ -807,7 +824,30 @@ int apply_default_acl_nftw(const char *target, int info, struct FTW *ftw) { - bool app_result = apply_default_acl(target); + bool app_result = apply_default_acl(target, false); + if (app_result) { + return FTW_CONTINUE; + } + else { + return FTW_STOP; + } +} + + + +/** + * @brief Wrapper around @c apply_default_acl() for use with @c nftw(). + * + * This is identical to @c apply_default_acl_nftw(), except it passes + * @c true to @c apply_default_acl() as its no_exec_mask argument. + * + */ +int apply_default_acl_nftw_x(const char *target, + const struct stat *s, + int info, + struct FTW *ftw) { + + bool app_result = apply_default_acl(target, true); if (app_result) { return FTW_CONTINUE; } @@ -827,6 +867,12 @@ int apply_default_acl_nftw(const char *target, * * We ignore symlinks for consistency with chmod -r. * + * @param target + * The root (path) of the recursive application. + * + * @param no_exec_mask + * The value (either true or false) of the --no-exec-mask flag. + * * @return * If @c target is not a directory, we return the result of * calling @c apply_default_acl() on @c target. Otherwise, we convert @@ -836,19 +882,24 @@ int apply_default_acl_nftw(const char *target, * If there is an error, it will be reported via @c perror, but * we still return @c false. */ -bool apply_default_acl_recursive(const char *target) { +bool apply_default_acl_recursive(const char *target, bool no_exec_mask) { if (!is_directory(target)) { - return apply_default_acl(target); + return apply_default_acl(target, no_exec_mask); } int max_levels = 256; int flags = FTW_PHYS; /* Don't follow links. */ - int nftw_result = nftw(target, - apply_default_acl_nftw, - max_levels, - flags); + /* There are two separate functions that could be passed to + nftw(). One passes no_exec_mask = true to apply_default_acl(), + and the other passes no_exec_mask = false. Since the function we + pass to nftw() cannot have parameters, we have to create separate + options and make the decision here. */ + int (*fn)(const char *, const struct stat *, int, struct FTW *) = NULL; + fn = no_exec_mask ? apply_default_acl_nftw_x : apply_default_acl_nftw; + + int nftw_result = nftw(target, fn, max_levels, flags); if (nftw_result == 0) { /* Success */ @@ -884,7 +935,7 @@ int main(int argc, char* argv[]) { } bool recursive = false; - /* bool no_exec_mask is declared static/global */ + bool no_exec_mask = false; struct option long_options[] = { /* These options set a flag. */ @@ -921,11 +972,11 @@ int main(int argc, char* argv[]) { bool reapp_result = false; if (recursive) { - reapp_result = apply_default_acl_recursive(target); + reapp_result = apply_default_acl_recursive(target, no_exec_mask); } else { - /* It's either normal file, or we're not operating recursively. */ - reapp_result = apply_default_acl(target); + /* It's either a normal file, or we're not operating recursively. */ + reapp_result = apply_default_acl(target, no_exec_mask); } if (!reapp_result) {