X-Git-Url: https://gitweb.michael.orlitzky.com/?a=blobdiff_plain;f=src%2Flibadacl.c;h=d99cb8f6bfbae32b86503c084d19c3f36061aae7;hb=da44faa5462beba8cfaf35a353438e27422e5e39;hp=0d07f2c6d0126880b59e830011fcbbefc75e797f;hpb=6727b9e8ed3807cd565127f87fa6faa33c4b5ee4;p=apply-default-acl.git diff --git a/src/libadacl.c b/src/libadacl.c index 0d07f2c..d99cb8f 100644 --- a/src/libadacl.c +++ b/src/libadacl.c @@ -69,7 +69,7 @@ int safe_open_ex(int at_fd, char* pathname, int flags) { /* No more slashes, this is the base case. */ return openat(at_fd, pathname, flags); } - else if (firstslash[1] == '\0') { + if (firstslash[1] == '\0') { /* The first slash is the last character; ensure that we open a directory. */ firstslash[0] = '\0'; @@ -127,7 +127,7 @@ int safe_open_ex(int at_fd, char* pathname, int flags) { * and @c OPEN_ERROR if not. */ int safe_open(const char* pathname, int flags) { - if (pathname == NULL || strlen(pathname) == 0 || pathname[0] == '\0') { + if (pathname == NULL) { errno = EINVAL; perror("safe_open (args)"); return OPEN_ERROR; @@ -551,38 +551,6 @@ int any_can_execute(int fd, const struct stat* sp) { -/** - * @brief Remove all @c ACL_TYPE_ACCESS entries from the given file - * descriptor, leaving the UNIX permission bits. - * - * @param fd - * The file descriptor whose ACLs we want to wipe. - * - * @return - * - @c ACL_SUCCESS - The ACLs were wiped successfully, or none - * existed in the first place. - * - @c ACL_ERROR - Unexpected library error. - */ -int wipe_acls(int fd) { - /* Initialize an empty ACL, and then overwrite the one on "fd" with it. */ - acl_t empty_acl = acl_init(0); - - if (empty_acl == (acl_t)NULL) { - perror("wipe_acls (acl_init)"); - return ACL_ERROR; - } - - if (acl_set_fd(fd, empty_acl) == ACL_ERROR) { - perror("wipe_acls (acl_set_fd)"); - acl_free(empty_acl); - return ACL_ERROR; - } - - acl_free(empty_acl); - return ACL_SUCCESS; -} - - /** * @brief Copy ACLs between file descriptors as xattrs, verbatim. * @@ -849,12 +817,6 @@ int apply_default_acl_ex(const char* path, allow_exec = (bool)ace_result; } - if (wipe_acls(fd) == ACL_ERROR) { - perror("apply_default_acl_ex (wipe_acls)"); - result = ACL_ERROR; - goto cleanup; - } - /* If it's a directory, inherit the parent's default. */ if (S_ISDIR(sp->st_mode)) { if (acl_copy_xattr(parent_fd, @@ -889,7 +851,13 @@ int apply_default_acl_ex(const char* path, */ /* Now we potentially need to mask the execute permissions in the - ACL on fd. First obtain the current one... */ + ACL on fd; or maybe now. */ + if (allow_exec) { + goto cleanup; + } + + /* OK, we need to mask some execute permissions. First obtain the + current ACL... */ new_acl = acl_get_fd(fd); if (new_acl == (acl_t)NULL) { perror("apply_default_acl_ex (acl_get_fd)"); @@ -933,21 +901,19 @@ int apply_default_acl_ex(const char* path, tag == ACL_GROUP_OBJ || tag == ACL_OTHER) { - if (!allow_exec) { - /* The mask doesn't affect acl_user_obj, acl_group_obj (in - minimal ACLs) or acl_other entries, so if execute should be - masked, we have to do it manually. */ - if (acl_delete_perm(permset, ACL_EXECUTE) == ACL_ERROR) { - perror("apply_default_acl_ex (acl_delete_perm)"); - result = ACL_ERROR; - goto cleanup; - } - - if (acl_set_permset(entry, permset) == ACL_ERROR) { - perror("apply_default_acl_ex (acl_set_permset)"); - result = ACL_ERROR; - goto cleanup; - } + /* The mask doesn't affect acl_user_obj, acl_group_obj (in + minimal ACLs) or acl_other entries, so if execute should be + masked, we have to do it manually. */ + if (acl_delete_perm(permset, ACL_EXECUTE) == ACL_ERROR) { + perror("apply_default_acl_ex (acl_delete_perm)"); + result = ACL_ERROR; + goto cleanup; + } + + if (acl_set_permset(entry, permset) == ACL_ERROR) { + perror("apply_default_acl_ex (acl_set_permset)"); + result = ACL_ERROR; + goto cleanup; } }