]> gitweb.michael.orlitzky.com - apply-default-acl.git/blob - src/aclq.c
projects / apply-default-acl.git / blob
? search:


4f9ad721d2b9c5ac5bb68d428e61b01228a30336
[apply-default-acl.git] / src / aclq.c
1 #include <errno.h>
2 #include <limits.h> /* PATH_MAX */
3 #include <stdbool.h>
4 #include <stdio.h>
5 #include <stdlib.h>
6
7 /* ACLs */
8 #include <sys/types.h>
9 #include <sys/acl.h>
10
11
12 bool has_default_acl(const char* path) {
13 /* Return true if the given path has a default ACL, false
14 otherwise. */
15 acl_t defacl = acl_get_file(path, ACL_TYPE_DEFAULT);
16
17 if (defacl == (acl_t)NULL) {
18 return false;
19 }
20
21 /* Used to store the entry if it exists, even though we don't care
22 what it is. */
23 acl_entry_t dummy;
24
25 int result = acl_get_entry(defacl, ACL_FIRST_ENTRY, &dummy);
26
27 if (result == 1) {
28 /* There's a first entry in the default ACL. */
29 return true;
30 }
31 else if (result == 0) {
32 return false;
33 }
34 else {
35 perror("has_default_acl");
36 return false;
37 }
38 }
39
40
41
42 bool has_default_tag_acl(const char* path, acl_tag_t tag_type) {
43 /* Return true if the given path has a default ACL for the supplied
44 tag, false otherwise. */
45 acl_t defacl = acl_get_file(path, ACL_TYPE_DEFAULT);
46
47 if (defacl == (acl_t)NULL) {
48 return false;
49 }
50
51 acl_entry_t entry;
52 int result = acl_get_entry(defacl, ACL_FIRST_ENTRY, &entry);
53
54 while (result == 1) {
55 acl_tag_t tag = ACL_UNDEFINED_TAG;
56 int tag_result = acl_get_tag_type(entry, &tag);
57
58 if (tag_result == -1) {
59 perror("has_default_tag_acl - acl_get_tag_type");
60 return false;
61 }
62 else {
63 if (tag == tag_type) {
64 return true;
65 }
66 }
67
68 result = acl_get_entry(defacl, ACL_NEXT_ENTRY, &entry);
69 }
70
71 return false;
72 }
73
74
75 bool has_default_user_obj_acl(const char* path) {
76 return has_default_tag_acl(path, ACL_USER_OBJ);
77 }
78
79 bool has_default_group_obj_acl(const char* path) {
80 return has_default_tag_acl(path, ACL_GROUP_OBJ);
81 }
82
83 bool has_default_other_obj_acl(const char* path) {
84 return has_default_tag_acl(path, ACL_OTHER);
85 }
86
87
88 int get_default_tag_permset(const char* path,
89 acl_tag_t tag_type,
90 acl_permset_t* output_perms) {
91 /* Returns 0 if successful or -1 on error in accordance with
92 acl_get_permset. */
93 acl_t defacl = acl_get_file(path, ACL_TYPE_DEFAULT);
94
95 if (defacl == (acl_t)NULL) {
96 /* Follow the acl_foo convention of -1 == error. */
97 errno = EINVAL;
98 return -1;
99 }
100
101 acl_entry_t entry;
102 int result = acl_get_entry(defacl, ACL_FIRST_ENTRY, &entry);
103
104 while (result == 1) {
105 acl_tag_t tag = ACL_UNDEFINED_TAG;
106 int tag_result = acl_get_tag_type(entry, &tag);
107
108 if (tag_result == -1) {
109 perror("get_default_tag_permset");
110 return -1;
111 }
112 else {
113 if (tag == tag_type) {
114 /* We found the right tag, now get the permset. */
115 return acl_get_permset(entry, output_perms);
116 }
117 }
118
119 result = acl_get_entry(defacl, ACL_NEXT_ENTRY, &entry);
120 }
121
122 errno = EINVAL;
123 return -1;
124 }
125
126 int get_default_user_obj_permset(const char* path,
127 acl_permset_t* output_perms) {
128 return get_default_tag_permset(path, ACL_USER_OBJ, output_perms);
129 }
130
131 int get_default_group_obj_permset(const char* path,
132 acl_permset_t* output_perms) {
133 return get_default_tag_permset(path, ACL_GROUP_OBJ, output_perms);
134 }
135
136 int get_default_other_obj_permset(const char* path,
137 acl_permset_t* output_perms) {
138 return get_default_tag_permset(path, ACL_OTHER, output_perms);
139 }
140
141
142
143 bool has_default_tag_perm(const char* path, acl_perm_t, perm) {
144 acl_permset_t permset;
145 int ps_result = get_default_tag_permset(path, tag, &permset);
146
147 if (ps_result == -1) {
148 perror("has_default_tag_perm - get_default_tag_permset");
149 return false;
150 }
151
152 int p_result = acl_get_perm(permset, perm);
153 if (p_result == 1) {
154 return true;
155 }
156 else if (p_result == 0) {
157 return false;
158 }
159 else {
160 /* p_result == -1 */
161 perror("has_default_tag_perm - get_default_tag_permset");
162 return false;
163 }
164 }
165
166 bool has_default_user_obj_read(const char* path) {
167 return has_default_tag_perm(ACL_USER_OBJ, ACL_READ);
168 }
169
170 bool has_default_user_obj_write(const char* path) {
171 return has_default_tag_perm(ACL_USER_OBJ, ACL_WRITE);
172 }
173
174 bool has_default_user_obj_execute(const char* path) {
175 return has_default_tag_perm(ACL_USER_OBJ, ACL_EXECUTE);
176 }
177
178 int main(int argc, char* argv[]) {
179 const char* target = argv[1];
180 printf("Target: %s\n", target);
181
182 if (has_default_acl(target)) {
183 printf("Target has a default ACL.\n");
184 }
185 else {
186 printf("Target does not have a default ACL.\n");
187 }
188
189 if (has_default_user_obj_acl(target)) {
190 printf("Target has a default owner ACL.\n");
191 acl_permset_t owner_perms;
192 get_default_user_obj_permset(target, &owner_perms);
193 if (acl_get_perm(owner_perms, ACL_READ) == 1) {
194 printf("User: read\n");
195 }
196 if (acl_get_perm(owner_perms, ACL_WRITE) == 1) {
197 printf("User: write\n");
198 }
199 if (acl_get_perm(owner_perms, ACL_EXECUTE) == 1) {
200 printf("User: execute\n");
201 }
202 }
203 else {
204 printf("Target does not have a default owner ACL.\n");
205 }
206
207 if (has_default_group_obj_acl(target)) {
208 printf("Target has a default group ACL.\n");
209 }
210 else {
211 printf("Target does not have a default group ACL.\n");
212 }
213
214 if (has_default_other_obj_acl(target)) {
215 printf("Target has a default other ACL.\n");
216 }
217 else {
218 printf("Target does not have a default other ACL.\n");
219 }
220 /*
221 acl_permset_t group_perms;
222 get_default_group_obj_permset();
223
224 acl_permset_t other_perms;
225 get_default_other_obj_permset();
226 */
227 return EXIT_SUCCESS;
228 }
Applies default POSIX ACLs to files and directories.