X-Git-Url: https://gitweb.michael.orlitzky.com/?a=blobdiff_plain;f=src%2Fapply-default-acl.c;h=a3c28fb59ca963db23f2dcf79150a320cf40c947;hb=927c66a6c66bcbd69b62f07f4b937c5df9afab88;hp=b89a732d9251556357dc9d52396aa657af80e15d;hpb=e5d36040a86457ed66782496d79136d6bdc4d9a3;p=apply-default-acl.git diff --git a/src/apply-default-acl.c b/src/apply-default-acl.c index b89a732..a3c28fb 100644 --- a/src/apply-default-acl.c +++ b/src/apply-default-acl.c @@ -371,29 +371,17 @@ int acl_is_minimal(acl_t* acl) { /** - * @brief Determine whether the given path has an ACL whose mask - * denies execute. + * @brief Determine whether the given ACL's mask denies execute. * - * @param path - * The path to check. + * @param acl + * The ACL whose mask we want to check. * * @return - * - @c ACL_SUCCESS - @c path has a mask which denies execute. - * - @c ACL_FAILURE - The ACL for @c path does not deny execute, - * or @c path has no extended ACL at all. + * - @c ACL_SUCCESS - The @c acl has a mask which denies execute. + * - @c ACL_FAILURE - The @c acl has a mask which does not deny execute. * - @c ACL_ERROR - Unexpected library error. */ -int acl_execute_masked(const char* path) { - - acl_t acl = acl_get_file(path, ACL_TYPE_ACCESS); - - if (acl == (acl_t)NULL) { - perror("acl_execute_masked (acl_get_file)"); - return ACL_ERROR; - } - - /* Our return value. */ - int result = ACL_FAILURE; +int acl_execute_masked(acl_t acl) { acl_entry_t entry; int ge_result = acl_get_entry(acl, ACL_FIRST_ENTRY, &entry); @@ -404,8 +392,7 @@ int acl_execute_masked(const char* path) { if (tag_result == ACL_ERROR) { perror("acl_execute_masked (acl_get_tag_type)"); - result = ACL_ERROR; - goto cleanup; + return ACL_ERROR; } if (tag == ACL_MASK) { @@ -416,15 +403,13 @@ int acl_execute_masked(const char* path) { int ps_result = acl_get_permset(entry, &permset); if (ps_result == ACL_ERROR) { perror("acl_execute_masked (acl_get_permset)"); - result = ACL_ERROR; - goto cleanup; + return ACL_ERROR; } int gp_result = acl_get_perm(permset, ACL_EXECUTE); if (gp_result == ACL_ERROR) { perror("acl_execute_masked (acl_get_perm)"); - result = ACL_ERROR; - goto cleanup; + return ACL_ERROR; } if (gp_result == ACL_FAILURE) { @@ -436,9 +421,7 @@ int acl_execute_masked(const char* path) { ge_result = acl_get_entry(acl, ACL_NEXT_ENTRY, &entry); } - cleanup: - acl_free(acl); - return result; + return ACL_FAILURE; } @@ -533,7 +516,7 @@ int any_can_execute_or_dir(const char* path) { if (gp_result == ACL_SUCCESS) { /* Only return ACL_SUCCESS if this execute bit is not masked. */ - if (acl_execute_masked(path) != ACL_SUCCESS) { + if (acl_execute_masked(acl) != ACL_SUCCESS) { result = ACL_SUCCESS; goto cleanup; } @@ -556,59 +539,49 @@ int any_can_execute_or_dir(const char* path) { /** - * @brief Inherit the default ACL from @c parent to @c path. + * @brief Set @c acl as the default ACL on @c path if it's a directory. * - * The @c parent parameter does not necessarily need to be the parent - * of @c path, although that will usually be the case. This overwrites - * any existing default ACL on @c path. - * - * @param parent - * The parent directory whose ACL we want to inherit. + * This overwrites any existing default ACL on @c path. If no default + * ACL exists, then one is created. If @c path is not a directory, we + * return ACL_FAILURE but no error is raised. * * @param path - * The target directory whose ACL we wish to overwrite (or create). + * The target directory whose ACL we wish to replace or create. + * + * @param acl + * The ACL to set as default on @c path. * * @return - * - @c ACL_SUCCESS - The default ACL was inherited successfully. - * - @c ACL_FAILURE - Either @c parent or @c path is not a directory. + * - @c ACL_SUCCESS - The default ACL was assigned successfully. + * - @c ACL_FAILURE - If @c path is not a directory. * - @c ACL_ERROR - Unexpected library error. */ -int inherit_default_acl(const char* path, const char* parent) { - - /* Our return value. */ - int result = ACL_SUCCESS; +int assign_default_acl(const char* path, acl_t acl) { if (path == NULL) { errno = ENOENT; return ACL_ERROR; } - if (!is_directory(path) || !is_directory(parent)) { + if (!is_directory(path)) { return ACL_FAILURE; } - acl_t parent_acl = acl_get_file(parent, ACL_TYPE_DEFAULT); - if (parent_acl == (acl_t)NULL) { - perror("inherit_default_acl (acl_get_file)"); - return ACL_ERROR; - } - - acl_t path_acl = acl_dup(parent_acl); + /* Our return value; success unless something bad happens. */ + int result = ACL_SUCCESS; + acl_t path_acl = acl_dup(acl); if (path_acl == (acl_t)NULL) { perror("inherit_default_acl (acl_dup)"); - acl_free(parent_acl); - return ACL_ERROR; + return ACL_ERROR; /* Nothing to clean up in this case. */ } int sf_result = acl_set_file(path, ACL_TYPE_DEFAULT, path_acl); if (sf_result == -1) { perror("inherit_default_acl (acl_set_file)"); result = ACL_ERROR; - goto cleanup; } - cleanup: acl_free(path_acl); return result; } @@ -786,7 +759,7 @@ int apply_default_acl(const char* path, bool no_exec_mask) { } /* If it's a directory, inherit the parent's default. */ - int inherit_result = inherit_default_acl(path, parent); + int inherit_result = assign_default_acl(path, defacl); if (inherit_result == ACL_ERROR) { perror("apply_default_acl (inherit_acls)"); result = ACL_ERROR;