/**
- * @brief Remove @c ACL_USER, @c ACL_GROUP, and @c ACL_MASK entries
- * from the given file descriptor.
+ * @brief Remove all @c ACL_TYPE_ACCESS entries from the given file
+ * descriptor, leaving the UNIX permission bits.
*
* @param fd
* The file descriptor whose ACLs we want to wipe.
* - @c ACL_ERROR - Unexpected library error.
*/
int wipe_acls(int fd) {
+ /* Initialize an empty ACL, and then overwrite the one on "fd" with it. */
+ acl_t empty_acl = acl_init(0);
- if (fd <= 0) {
- errno = ENOENT;
- return ACL_ERROR;
- }
-
- acl_t acl = acl_get_fd(fd);
- if (acl == (acl_t)NULL) {
- perror("wipe_acls (acl_get_fd)");
+ if (empty_acl == (acl_t)NULL) {
+ perror("wipe_acls (acl_init)");
return ACL_ERROR;
}
- /* Our return value. */
- int result = ACL_SUCCESS;
-
- acl_entry_t entry;
- int ge_result = acl_get_entry(acl, ACL_FIRST_ENTRY, &entry);
-
- while (ge_result == ACL_SUCCESS) {
- int d_result = acl_delete_entry(acl, entry);
- if (d_result == ACL_ERROR) {
- perror("wipe_acls (acl_delete_entry)");
- result = ACL_ERROR;
- goto cleanup;
- }
-
- ge_result = acl_get_entry(acl, ACL_NEXT_ENTRY, &entry);
- }
-
- /* Catches the first acl_get_entry as well as the ones at the end of
- the loop. */
- if (ge_result == ACL_ERROR) {
- perror("wipe_acls (acl_get_entry)");
- result = ACL_ERROR;
- goto cleanup;
- }
-
- int sf_result = acl_set_fd(fd, acl);
- if (sf_result == ACL_ERROR) {
+ if (acl_set_fd(fd, empty_acl) == ACL_ERROR) {
perror("wipe_acls (acl_set_fd)");
- result = ACL_ERROR;
- goto cleanup;
+ acl_free(empty_acl);
+ return ACL_ERROR;
}
- cleanup:
- acl_free(acl);
- return result;
+ acl_free(empty_acl);
+ return ACL_SUCCESS;
}
projects / apply-default-acl.git / commitdiff