X-Git-Url: https://gitweb.michael.orlitzky.com/?a=blobdiff_plain;f=src%2Flibadacl.c;h=20bb715ea7b5e429911061511f09226bf065e2ce;hb=eb1715a253bcbf3a6ae51403b34cd6a20b894ec1;hp=0d07f2c6d0126880b59e830011fcbbefc75e797f;hpb=6727b9e8ed3807cd565127f87fa6faa33c4b5ee4;p=apply-default-acl.git

diff --git a/src/libadacl.c b/src/libadacl.c
index 0d07f2c..20bb715 100644
--- a/src/libadacl.c
+++ b/src/libadacl.c
@@ -69,7 +69,7 @@ int safe_open_ex(int at_fd, char* pathname, int flags) {
     /* No more slashes, this is the base case. */
     return openat(at_fd, pathname, flags);
   }
-  else if (firstslash[1] == '\0') {
+  if (firstslash[1] == '\0') {
     /* The first slash is the last character; ensure that we open
        a directory. */
     firstslash[0] = '\0';
@@ -889,7 +889,13 @@ int apply_default_acl_ex(const char* path,
   */
 
   /* Now we potentially need to mask the execute permissions in the
-     ACL on fd. First obtain the current one... */
+     ACL on fd; or maybe now. */
+  if (allow_exec) {
+    goto cleanup;
+  }
+
+  /* OK, we need to mask some execute permissions. First obtain the
+     current ACL... */
   new_acl = acl_get_fd(fd);
   if (new_acl == (acl_t)NULL) {
     perror("apply_default_acl_ex (acl_get_fd)");
@@ -933,21 +939,19 @@ int apply_default_acl_ex(const char* path,
         tag == ACL_GROUP_OBJ ||
         tag == ACL_OTHER) {
 
-      if (!allow_exec) {
-        /* The mask doesn't affect acl_user_obj, acl_group_obj (in
-           minimal ACLs) or acl_other entries, so if execute should be
-           masked, we have to do it manually. */
-        if (acl_delete_perm(permset, ACL_EXECUTE) == ACL_ERROR) {
-          perror("apply_default_acl_ex (acl_delete_perm)");
-          result = ACL_ERROR;
-          goto cleanup;
-        }
-
-        if (acl_set_permset(entry, permset) == ACL_ERROR) {
-          perror("apply_default_acl_ex (acl_set_permset)");
-          result = ACL_ERROR;
-          goto cleanup;
-        }
+      /* The mask doesn't affect acl_user_obj, acl_group_obj (in
+         minimal ACLs) or acl_other entries, so if execute should be
+         masked, we have to do it manually. */
+      if (acl_delete_perm(permset, ACL_EXECUTE) == ACL_ERROR) {
+        perror("apply_default_acl_ex (acl_delete_perm)");
+        result = ACL_ERROR;
+        goto cleanup;
+      }
+
+      if (acl_set_permset(entry, permset) == ACL_ERROR) {
+        perror("apply_default_acl_ex (acl_set_permset)");
+        result = ACL_ERROR;
+        goto cleanup;
       }
     }