From 6ac6902a55f6fd0427373db4d6dd5eedb6e330df Mon Sep 17 00:00:00 2001 From: Michael Orlitzky Date: Sun, 25 Feb 2018 20:10:04 -0500 Subject: [PATCH] Move the "or_dir" out of any_can_execute_or_dir(). The any_can_execute_or_dir() function checked two things; whether or not anyone could execute something, and whether or not that thing was a directory. It's cleaner to have the "is it directory?" check outside these days, so this commit renames that function to any_can_execute() and the one place it's used now checks whether or not the argument is a directory itself. --- src/apply-default-acl.c | 45 +++++++++++++++++------------------------ 1 file changed, 18 insertions(+), 27 deletions(-) diff --git a/src/apply-default-acl.c b/src/apply-default-acl.c index fb472a5..29ca5fa 100644 --- a/src/apply-default-acl.c +++ b/src/apply-default-acl.c @@ -363,38 +363,27 @@ int acl_execute_masked(acl_t acl) { /** - * @brief Determine whether @c fd is executable (by anyone) or a - * directory. + * @brief Determine whether @c fd is executable by anyone. + * * * This is used as part of the heuristic to determine whether or not * we should mask the execute bit when inheriting an ACL. If @c fd - * describes a directory, the answer is a clear-cut yes. This behavior - * is modeled after the capital 'X' perms of setfacl. - * - * If @c fd describes a file, we check the @a effective permissions, - * contrary to what setfacl does. + * describes a file, we check the @a effective permissions, contrary + * to what setfacl does. * * @param fd * The file descriptor to check. * * @return - * - @c ACL_SUCCESS - @c fd describes a directory, or someone has effective - execute permissions. - * - @c ACL_FAILURE - @c fd describes a regular file and nobody can execute - it. + * - @c ACL_SUCCESS - Someone has effective execute permissions on @c fd. + * - @c ACL_FAILURE - Nobody can execute @c fd. * - @c ACL_ERROR - Unexpected library error. */ -int any_can_execute_or_dir(int fd) { - - if (is_directory(fd)) { - /* That was easy... */ - return ACL_SUCCESS; - } - +int any_can_execute(int fd) { acl_t acl = acl_get_fd(fd); if (acl == (acl_t)NULL) { - perror("any_can_execute_or_dir (acl_get_file)"); + perror("any_can_execute (acl_get_file)"); return ACL_ERROR; } @@ -404,7 +393,7 @@ int any_can_execute_or_dir(int fd) { if (acl_is_minimal(acl)) { struct stat s; if (fstat(fd, &s) == -1) { - perror("any_can_execute_or_dir (fstat)"); + perror("any_can_execute (fstat)"); result = ACL_ERROR; goto cleanup; } @@ -427,7 +416,7 @@ int any_can_execute_or_dir(int fd) { acl_tag_t tag = ACL_UNDEFINED_TAG; if (acl_get_tag_type(entry, &tag) == ACL_ERROR) { - perror("any_can_execute_or_dir (acl_get_tag_type)"); + perror("any_can_execute_or (acl_get_tag_type)"); result = ACL_ERROR; goto cleanup; } @@ -441,14 +430,14 @@ int any_can_execute_or_dir(int fd) { acl_permset_t permset; if (acl_get_permset(entry, &permset) == ACL_ERROR) { - perror("any_can_execute_or_dir (acl_get_permset)"); + perror("any_can_execute_or (acl_get_permset)"); result = ACL_ERROR; goto cleanup; } int gp_result = acl_get_perm(permset, ACL_EXECUTE); if (gp_result == ACL_ERROR) { - perror("any_can_execute_or_dir (acl_get_perm)"); + perror("any_can_execute (acl_get_perm)"); result = ACL_ERROR; goto cleanup; } @@ -465,7 +454,7 @@ int any_can_execute_or_dir(int fd) { } if (ge_result == ACL_ERROR) { - perror("any_can_execute_or_dir (acl_get_entry)"); + perror("any_can_execute (acl_get_entry)"); result = ACL_ERROR; goto cleanup; } @@ -646,14 +635,16 @@ int apply_default_acl(const char* path, bool no_exec_mask) { /* Default to not masking the exec bit; i.e. applying the default ACL literally. If --no-exec-mask was not specified, then we try - to "guess" whether or not to mask the exec bit. */ + to "guess" whether or not to mask the exec bit. This behavior + is modeled after the capital 'X' perms of setfacl. */ bool allow_exec = true; if (!no_exec_mask) { - int ace_result = any_can_execute_or_dir(fd); + /* Never mask the execute bit on directories. */ + int ace_result = any_can_execute(fd) || is_directory(fd); if (ace_result == ACL_ERROR) { - perror("apply_default_acl (any_can_execute_or_dir)"); + perror("apply_default_acl (any_can_execute)"); result = ACL_ERROR; goto cleanup; } -- 2.44.2