src/aclq.c

   1 #include <errno.h>
   2 #include <limits.h> /* PATH_MAX */
   3 #include <stdbool.h>
   4 #include <stdio.h>
   5 #include <stdlib.h>
   6
   7 /* ACLs */
   8 #include <sys/types.h>
   9 #include <sys/acl.h>
  10
  11 bool has_default_acl(const char* path) {
  12   /* Return true if the given path has a default ACL, false
  13      otherwise. */
  14   acl_t defacl = acl_get_file(path, ACL_TYPE_DEFAULT);
  15
  16   if (defacl == (acl_t)NULL) {
  17     return false;
  18   }
  19
  20   /* Used to store the entry if it exists, even though we don't care
  21      what it is. */
  22   acl_entry_t dummy;
  23
  24   int result = acl_get_entry(defacl, ACL_FIRST_ENTRY, &dummy);
  25
  26   if (result == 1) {
  27     /* There's a first entry in the default ACL. */
  28     return true;
  29   }
  30   else if (result == 0) {
  31     return false;
  32   }
  33   else {
  34     perror("has_default_acl");
  35     return false;
  36   }
  37 }
  38
  39
  40
  41 bool has_default_tag_acl(const char* path, acl_tag_t tag_type) {
  42   /* Return true if the given path has a default ACL for the supplied
  43      tag, false otherwise. */
  44   acl_t defacl = acl_get_file(path, ACL_TYPE_DEFAULT);
  45
  46   if (defacl == (acl_t)NULL) {
  47     return false;
  48   }
  49
  50   acl_entry_t entry;
  51   int result = acl_get_entry(defacl, ACL_FIRST_ENTRY, &entry);
  52
  53   while (result == 1) {
  54     acl_tag_t tag = ACL_UNDEFINED_TAG;
  55     int tag_result = acl_get_tag_type(entry, &tag);
  56
  57     if (tag_result == -1) {
  58        perror("has_default_tag_acl");
  59        return false;
  60     }
  61     else {
  62       if (tag == tag_type) {
  63         return true;
  64       }
  65     }
  66
  67     result = acl_get_entry(defacl, ACL_NEXT_ENTRY, &entry);
  68   }
  69
  70   return false;
  71 }
  72
  73
  74 bool has_default_user_obj_acl(const char* path) {
  75   return has_default_tag_acl(path, ACL_USER_OBJ);
  76 }
  77
  78 bool has_default_group_obj_acl(const char* path) {
  79   return has_default_tag_acl(path, ACL_GROUP_OBJ);
  80 }
  81
  82 bool has_default_other_obj_acl(const char* path) {
  83   return has_default_tag_acl(path, ACL_OTHER);
  84 }
  85
  86
  87 int get_default_tag_permset(const char* path,
  88                             acl_tag_t tag_type,
  89                             acl_permset_t* output_perms) {
  90   /* Return true if the given path has a default ACL for the supplied
  91      tag, false otherwise. */
  92   acl_t defacl = acl_get_file(path, ACL_TYPE_DEFAULT);
  93
  94   if (defacl == (acl_t)NULL) {
  95     /* Follow the acl_foo convention of -1 == error. */
  96     return -1;
  97   }
  98
  99   acl_entry_t entry;
 100   int result = acl_get_entry(defacl, ACL_FIRST_ENTRY, &entry);
 101
 102   while (result == 1) {
 103     acl_tag_t tag = ACL_UNDEFINED_TAG;
 104     int tag_result = acl_get_tag_type(entry, &tag);
 105
 106     if (tag_result == -1) {
 107        perror("get_default_tag_permset");
 108        return -1;
 109     }
 110     else {
 111       if (tag == tag_type) {
 112         /* We found the right tag, now get the permset. */
 113         return acl_get_permset(entry, output_perms);
 114       }
 115     }
 116
 117     result = acl_get_entry(defacl, ACL_NEXT_ENTRY, &entry);
 118   }
 119
 120   return false;
 121 }
 122
 123 int get_default_user_obj_permset(const char* path,
 124                                  acl_permset_t* output_perms) {
 125   return get_default_tag_permset(path, ACL_USER_OBJ, output_perms);
 126 }
 127
 128 int get_default_group_obj_permset(const char* path,
 129                                  acl_permset_t* output_perms) {
 130   return get_default_tag_permset(path, ACL_GROUP_OBJ, output_perms);
 131 }
 132
 133 int get_default_other_obj_permset(const char* path,
 134                                  acl_permset_t* output_perms) {
 135   return get_default_tag_permset(path, ACL_OTHER, output_perms);
 136 }
 137
 138
 139 int main(int argc, char* argv[]) {
 140    const char* target = argv[1];
 141    printf("Target: %s\n", target);
 142
 143    if (has_default_acl(target)) {
 144      printf("Target has a default ACL.\n");
 145    }
 146    else {
 147      printf("Target does not have a default ACL.\n");
 148    }
 149
 150    if (has_default_user_obj_acl(target)) {
 151      printf("Target has a default owner ACL.\n");
 152      acl_permset_t owner_perms;
 153      get_default_user_obj_permset(target, &owner_perms);
 154      if (acl_get_perm(owner_perms, ACL_READ) == 1) {
 155        printf("User: read\n");
 156      }
 157      if (acl_get_perm(owner_perms, ACL_WRITE) == 1) {
 158        printf("User: write\n");
 159      }
 160      if (acl_get_perm(owner_perms, ACL_EXECUTE) == 1) {
 161        printf("User: execute\n");
 162      }
 163    }
 164    else {
 165      printf("Target does not have a default owner ACL.\n");
 166    }
 167
 168    if (has_default_group_obj_acl(target)) {
 169      printf("Target has a default group ACL.\n");
 170    }
 171    else {
 172      printf("Target does not have a default group ACL.\n");
 173    }
 174
 175    if (has_default_other_obj_acl(target)) {
 176      printf("Target has a default other ACL.\n");
 177    }
 178    else {
 179      printf("Target does not have a default other ACL.\n");
 180    }
 181    /*
 182    acl_permset_t group_perms;
 183    get_default_group_obj_permset();
 184
 185    acl_permset_t other_perms;
 186    get_default_other_obj_permset();
 187    */
 188    return EXIT_SUCCESS;
 189 }