2 #include <limits.h> /* PATH_MAX */
12 bool has_default_acl(const char* path
) {
13 /* Return true if the given path has a default ACL, false
15 acl_t defacl
= acl_get_file(path
, ACL_TYPE_DEFAULT
);
17 if (defacl
== (acl_t
)NULL
) {
21 /* Used to store the entry if it exists, even though we don't care
25 int result
= acl_get_entry(defacl
, ACL_FIRST_ENTRY
, &dummy
);
28 /* There's a first entry in the default ACL. */
31 else if (result
== 0) {
35 perror("has_default_acl");
42 bool has_default_tag_acl(const char* path
, acl_tag_t tag_type
) {
43 /* Return true if the given path has a default ACL for the supplied
44 tag, false otherwise. */
45 acl_t defacl
= acl_get_file(path
, ACL_TYPE_DEFAULT
);
47 if (defacl
== (acl_t
)NULL
) {
52 int result
= acl_get_entry(defacl
, ACL_FIRST_ENTRY
, &entry
);
55 acl_tag_t tag
= ACL_UNDEFINED_TAG
;
56 int tag_result
= acl_get_tag_type(entry
, &tag
);
58 if (tag_result
== -1) {
59 perror("has_default_tag_acl - acl_get_tag_type");
63 if (tag
== tag_type
) {
68 result
= acl_get_entry(defacl
, ACL_NEXT_ENTRY
, &entry
);
75 bool has_default_user_obj_acl(const char* path
) {
76 return has_default_tag_acl(path
, ACL_USER_OBJ
);
79 bool has_default_group_obj_acl(const char* path
) {
80 return has_default_tag_acl(path
, ACL_GROUP_OBJ
);
83 bool has_default_other_obj_acl(const char* path
) {
84 return has_default_tag_acl(path
, ACL_OTHER
);
88 int get_default_tag_permset(const char* path
,
90 acl_permset_t
* output_perms
) {
91 /* Returns 0 if successful or -1 on error in accordance with
93 acl_t defacl
= acl_get_file(path
, ACL_TYPE_DEFAULT
);
95 if (defacl
== (acl_t
)NULL
) {
96 /* Follow the acl_foo convention of -1 == error. */
102 int result
= acl_get_entry(defacl
, ACL_FIRST_ENTRY
, &entry
);
104 while (result
== 1) {
105 acl_tag_t tag
= ACL_UNDEFINED_TAG
;
106 int tag_result
= acl_get_tag_type(entry
, &tag
);
108 if (tag_result
== -1) {
109 perror("get_default_tag_permset");
113 if (tag
== tag_type
) {
114 /* We found the right tag, now get the permset. */
115 return acl_get_permset(entry
, output_perms
);
119 result
= acl_get_entry(defacl
, ACL_NEXT_ENTRY
, &entry
);
126 int get_default_user_obj_permset(const char* path
,
127 acl_permset_t
* output_perms
) {
128 return get_default_tag_permset(path
, ACL_USER_OBJ
, output_perms
);
131 int get_default_group_obj_permset(const char* path
,
132 acl_permset_t
* output_perms
) {
133 return get_default_tag_permset(path
, ACL_GROUP_OBJ
, output_perms
);
136 int get_default_other_obj_permset(const char* path
,
137 acl_permset_t
* output_perms
) {
138 return get_default_tag_permset(path
, ACL_OTHER
, output_perms
);
143 bool has_default_tag_perm(const char* path
, acl_perm_t
, perm
) {
144 acl_permset_t permset
;
145 int ps_result
= get_default_tag_permset(path
, tag
, &permset
);
147 if (ps_result
== -1) {
148 perror("has_default_tag_perm - get_default_tag_permset");
152 int p_result
= acl_get_perm(permset
, perm
);
156 else if (p_result
== 0) {
161 perror("has_default_tag_perm - get_default_tag_permset");
166 bool has_default_user_obj_read(const char* path
) {
167 return has_default_tag_perm(ACL_USER_OBJ
, ACL_READ
);
170 bool has_default_user_obj_write(const char* path
) {
171 return has_default_tag_perm(ACL_USER_OBJ
, ACL_WRITE
);
174 bool has_default_user_obj_execute(const char* path
) {
175 return has_default_tag_perm(ACL_USER_OBJ
, ACL_EXECUTE
);
178 int main(int argc
, char* argv
[]) {
179 const char* target
= argv
[1];
180 printf("Target: %s\n", target
);
182 if (has_default_acl(target
)) {
183 printf("Target has a default ACL.\n");
186 printf("Target does not have a default ACL.\n");
189 if (has_default_user_obj_acl(target
)) {
190 printf("Target has a default owner ACL.\n");
191 acl_permset_t owner_perms
;
192 get_default_user_obj_permset(target
, &owner_perms
);
193 if (acl_get_perm(owner_perms
, ACL_READ
) == 1) {
194 printf("User: read\n");
196 if (acl_get_perm(owner_perms
, ACL_WRITE
) == 1) {
197 printf("User: write\n");
199 if (acl_get_perm(owner_perms
, ACL_EXECUTE
) == 1) {
200 printf("User: execute\n");
204 printf("Target does not have a default owner ACL.\n");
207 if (has_default_group_obj_acl(target
)) {
208 printf("Target has a default group ACL.\n");
211 printf("Target does not have a default group ACL.\n");
214 if (has_default_other_obj_acl(target
)) {
215 printf("Target has a default other ACL.\n");
218 printf("Target does not have a default other ACL.\n");
221 acl_permset_t group_perms;
222 get_default_group_obj_permset();
224 acl_permset_t other_perms;
225 get_default_other_obj_permset();