From: Michael Orlitzky Date: Thu, 1 Mar 2018 21:20:15 +0000 (-0500) Subject: Bail out of apply_default_acl_ex() early if the parent has no default ACL. X-Git-Tag: v0.2.0~16 X-Git-Url: https://gitweb.michael.orlitzky.com/?a=commitdiff_plain;h=6727b9e8ed3807cd565127f87fa6faa33c4b5ee4;p=apply-default-acl.git Bail out of apply_default_acl_ex() early if the parent has no default ACL. --- diff --git a/run-tests.sh b/run-tests.sh index 07ad496..3ac659f 100755 --- a/run-tests.sh +++ b/run-tests.sh @@ -846,10 +846,13 @@ compare # Test that one "failure" exit code overrides two "successes" +# We need a default ACL on ${TESTDIR} because otherwise we do +# nothing, successfully, on the symlink path. TESTNUM=37 mkdir "${TESTDIR}/foo" ln -s foo "${TESTDIR}/bar" mkdir "${TESTDIR}/baz" +setfacl --default --modify user:${USERS[0]}:rw "${TESTDIR}" "${BIN}" "${TESTDIR}/foo" "${TESTDIR}/bar" "${TESTDIR}/baz" ACTUAL="$?" EXPECTED="1" diff --git a/src/libadacl.c b/src/libadacl.c index d924322..0d07f2c 100644 --- a/src/libadacl.c +++ b/src/libadacl.c @@ -681,6 +681,30 @@ int acl_copy_xattr(int src_fd, } +/** + * @brief Determine if a file descriptor has a default ACL. + * + * @param fd + * The file descriptor whose default ACL is in question. + * + * @return + * - @c ACL_SUCCESS - If @c fd has a default ACL. + * - @c ACL_FAILURE - If @c fd does not have a default ACL. + * - @c ACL_ERROR - Unexpected library error. + */ +int has_default_acl_fd(int fd) { + if (fgetxattr(fd, XATTR_NAME_POSIX_ACL_DEFAULT, NULL, 0) == XATTR_ERROR) { + if (errno == ENODATA) { + return ACL_FAILURE; + } + perror("has_default_acl_fd (fgetxattr)"); + return ACL_ERROR; + } + + return ACL_SUCCESS; +} + + /** * @brief Apply parent default ACL to a path. * @@ -754,6 +778,13 @@ int apply_default_acl_ex(const char* path, } } + /* Check to make sure the parent descriptor actually has a default + ACL. If it doesn't, then we can "succeed" immediately. */ + if (has_default_acl_fd(parent_fd) == ACL_FAILURE) { + result = ACL_SUCCESS; + goto cleanup; + } + fd = safe_open(path, O_NOFOLLOW); if (fd == OPEN_ERROR) { if (errno == ELOOP || errno == ENOTDIR) {