}
-int has_default_tag_acl(const char* path, acl_tag_t desired_tag) {
+int has_type_tag_acl(const char* path,
+ acl_type_t type,
+ acl_tag_t desired_tag) {
/* Returns one if the given path has a default ACL for the supplied
tag, zero if it doesn't, and -1 on error. */
- acl_t defacl = acl_get_file(path, ACL_TYPE_DEFAULT);
+ acl_t defacl = acl_get_file(path, type);
if (defacl == (acl_t)NULL) {
return 0;
return 0;
}
+int has_default_tag_acl(const char* path, acl_tag_t desired_tag) {
+ return has_type_tag_acl(path, ACL_TYPE_DEFAULT, desired_tag);
+}
+
+int has_access_tag_acl(const char* path, acl_tag_t desired_tag) {
+ return has_type_tag_acl(path, ACL_TYPE_ACCESS, desired_tag);
+}
int has_default_user_obj_acl(const char* path) {
return has_default_tag_acl(path, ACL_USER_OBJ);
}
-int get_default_tag_entry(const char* path,
- acl_tag_t desired_tag,
- acl_entry_t* entry) {
+int get_type_tag_entry(const char* path,
+ acl_type_t type,
+ acl_tag_t desired_tag,
+ acl_entry_t* entry) {
/* Returns one if successful, zero when the ACL doesn't exist, and
-1 on unexpected errors. */
- acl_t defacl = acl_get_file(path, ACL_TYPE_DEFAULT);
+ acl_t defacl = acl_get_file(path, type);
if (defacl == (acl_t)NULL) {
/* Follow the acl_foo convention of -1 == error. */
return 0;
}
+int get_default_tag_entry(const char* path,
+ acl_tag_t desired_tag,
+ acl_entry_t* entry) {
+ return get_type_tag_entry(path, ACL_TYPE_DEFAULT, desired_tag, entry);
+}
+int get_access_tag_entry(const char* path,
+ acl_tag_t desired_tag,
+ acl_entry_t* entry) {
+ return get_type_tag_entry(path, ACL_TYPE_ACCESS, desired_tag, entry);
+}
-int get_default_tag_permset(const char* path,
- acl_tag_t desired_tag,
- acl_permset_t* output_perms) {
+
+
+int get_type_tag_permset(const char* path,
+ acl_type_t type,
+ acl_tag_t desired_tag,
+ acl_permset_t* output_perms) {
/* Returns one if successful, zero when the ACL doesn't exist, and
-1 on unexpected errors. */
- acl_t defacl = acl_get_file(path, ACL_TYPE_DEFAULT);
+ acl_t defacl = acl_get_file(path, type);
if (defacl == (acl_t)NULL) {
/* Follow the acl_foo convention of -1 == error. */
}
}
+int get_default_tag_permset(const char* path,
+ acl_tag_t desired_tag,
+ acl_permset_t* output_perms) {
+ return get_type_tag_permset(path, ACL_TYPE_DEFAULT, desired_tag, output_perms);
+}
+
+int get_access_tag_permset(const char* path,
+ acl_tag_t desired_tag,
+ acl_permset_t* output_perms) {
+ return get_type_tag_permset(path, ACL_TYPE_ACCESS, desired_tag, output_perms);
+}
int has_default_tag_perm(const char* path,
acl_tag_t tag,
return p_result;
}
-int remove_default_tag_perm(const char* path,
- acl_tag_t tag,
- acl_perm_t perm) {
+int remove_access_tag_perm(const char* path,
+ acl_tag_t tag,
+ acl_perm_t perm) {
/* Attempt to remove perm from tag. Returns one if successful, zero
if there was nothing to do, and -1 on errors. */
- int hdta = has_default_tag_acl(path, tag);
- if (hdta != 1) {
+ int hata = has_access_tag_acl(path, tag);
+ if (hata != 1) {
/* Failure or error. */
- return hdta;
+ return hata;
}
acl_permset_t permset;
- bool ps_result = get_default_tag_permset(path, tag, &permset);
+ bool ps_result = get_access_tag_permset(path, tag, &permset);
if (ps_result != 1) {
/* Failure or error. */
int d_result = acl_delete_perm(permset, perm);
if (d_result == -1) {
- perror("remove_default_tag_perm (acl_delete_perm)");
+ perror("remove_access_tag_perm (acl_delete_perm)");
return -1;
}
/* We've only removed perm from the permset; now we have to replace
the permset. */
acl_entry_t entry;
- int entry_result = get_default_tag_entry(path, tag, &entry);
+ int entry_result = get_access_tag_entry(path, tag, &entry);
if (entry_result == -1) {
- perror("remove_default_tag_perm (get_default_tag_entry)");
+ perror("remove_access_tag_perm (get_access_tag_entry)");
return -1;
}
/* Success. */
int s_result = acl_set_permset(entry, permset);
if (s_result == -1) {
- perror("remove_default_tag_perm (acl_set_permset)");
+ perror("remove_access_tag_perm (acl_set_permset)");
return -1;
}
}
}
-int remove_default_group_obj_execute(const char* path) {
- return remove_default_tag_perm(path, ACL_GROUP_OBJ, ACL_EXECUTE);
+int remove_access_group_obj_execute(const char* path) {
+ return remove_access_tag_perm(path, ACL_GROUP_OBJ, ACL_EXECUTE);
}
else {
path_mode &= ~S_IRGRP;
}
-
+
if (has_default_mask_write(parent)) {
path_mode |= S_IWGRP;
}
either. In the presence of ACLs, the group permissions come not
from the mode bits, but from the group:: ACL entry. So, to do
this, we remove the group::x entry. */
- remove_default_group_obj_execute(path);
+ remove_access_group_obj_execute(path);
}
/* We need to determine whether or not to mask the execute
}
}
}
-
-
+
+
/* If parent has a default user ACL, apply it. */
if (has_default_user_obj_acl(parent)) {
projects / apply-default-acl.git / commitdiff