From d87d053c3183ccdbfe60a3c957cffa85212131c0 Mon Sep 17 00:00:00 2001 From: Michael Orlitzky Date: Tue, 14 Aug 2012 18:40:41 -0400 Subject: [PATCH] Generalize a few functions to non-default ACLs. --- src/aclq.c | 88 +++++++++++++++++++++++++++++++++++++----------------- 1 file changed, 61 insertions(+), 27 deletions(-) diff --git a/src/aclq.c b/src/aclq.c index 9fca9b2..eaeb2ed 100644 --- a/src/aclq.c +++ b/src/aclq.c @@ -73,10 +73,12 @@ bool is_directory(const char* path) { } -int has_default_tag_acl(const char* path, acl_tag_t desired_tag) { +int has_type_tag_acl(const char* path, + acl_type_t type, + acl_tag_t desired_tag) { /* Returns one if the given path has a default ACL for the supplied tag, zero if it doesn't, and -1 on error. */ - acl_t defacl = acl_get_file(path, ACL_TYPE_DEFAULT); + acl_t defacl = acl_get_file(path, type); if (defacl == (acl_t)NULL) { return 0; @@ -110,6 +112,13 @@ int has_default_tag_acl(const char* path, acl_tag_t desired_tag) { return 0; } +int has_default_tag_acl(const char* path, acl_tag_t desired_tag) { + return has_type_tag_acl(path, ACL_TYPE_DEFAULT, desired_tag); +} + +int has_access_tag_acl(const char* path, acl_tag_t desired_tag) { + return has_type_tag_acl(path, ACL_TYPE_ACCESS, desired_tag); +} int has_default_user_obj_acl(const char* path) { return has_default_tag_acl(path, ACL_USER_OBJ); @@ -128,12 +137,13 @@ int has_default_mask_acl(const char* path) { } -int get_default_tag_entry(const char* path, - acl_tag_t desired_tag, - acl_entry_t* entry) { +int get_type_tag_entry(const char* path, + acl_type_t type, + acl_tag_t desired_tag, + acl_entry_t* entry) { /* Returns one if successful, zero when the ACL doesn't exist, and -1 on unexpected errors. */ - acl_t defacl = acl_get_file(path, ACL_TYPE_DEFAULT); + acl_t defacl = acl_get_file(path, type); if (defacl == (acl_t)NULL) { /* Follow the acl_foo convention of -1 == error. */ @@ -169,14 +179,27 @@ int get_default_tag_entry(const char* path, return 0; } +int get_default_tag_entry(const char* path, + acl_tag_t desired_tag, + acl_entry_t* entry) { + return get_type_tag_entry(path, ACL_TYPE_DEFAULT, desired_tag, entry); +} +int get_access_tag_entry(const char* path, + acl_tag_t desired_tag, + acl_entry_t* entry) { + return get_type_tag_entry(path, ACL_TYPE_ACCESS, desired_tag, entry); +} -int get_default_tag_permset(const char* path, - acl_tag_t desired_tag, - acl_permset_t* output_perms) { + + +int get_type_tag_permset(const char* path, + acl_type_t type, + acl_tag_t desired_tag, + acl_permset_t* output_perms) { /* Returns one if successful, zero when the ACL doesn't exist, and -1 on unexpected errors. */ - acl_t defacl = acl_get_file(path, ACL_TYPE_DEFAULT); + acl_t defacl = acl_get_file(path, type); if (defacl == (acl_t)NULL) { /* Follow the acl_foo convention of -1 == error. */ @@ -205,6 +228,17 @@ int get_default_tag_permset(const char* path, } } +int get_default_tag_permset(const char* path, + acl_tag_t desired_tag, + acl_permset_t* output_perms) { + return get_type_tag_permset(path, ACL_TYPE_DEFAULT, desired_tag, output_perms); +} + +int get_access_tag_permset(const char* path, + acl_tag_t desired_tag, + acl_permset_t* output_perms) { + return get_type_tag_permset(path, ACL_TYPE_ACCESS, desired_tag, output_perms); +} int has_default_tag_perm(const char* path, acl_tag_t tag, @@ -233,19 +267,19 @@ int has_default_tag_perm(const char* path, return p_result; } -int remove_default_tag_perm(const char* path, - acl_tag_t tag, - acl_perm_t perm) { +int remove_access_tag_perm(const char* path, + acl_tag_t tag, + acl_perm_t perm) { /* Attempt to remove perm from tag. Returns one if successful, zero if there was nothing to do, and -1 on errors. */ - int hdta = has_default_tag_acl(path, tag); - if (hdta != 1) { + int hata = has_access_tag_acl(path, tag); + if (hata != 1) { /* Failure or error. */ - return hdta; + return hata; } acl_permset_t permset; - bool ps_result = get_default_tag_permset(path, tag, &permset); + bool ps_result = get_access_tag_permset(path, tag, &permset); if (ps_result != 1) { /* Failure or error. */ @@ -254,17 +288,17 @@ int remove_default_tag_perm(const char* path, int d_result = acl_delete_perm(permset, perm); if (d_result == -1) { - perror("remove_default_tag_perm (acl_delete_perm)"); + perror("remove_access_tag_perm (acl_delete_perm)"); return -1; } /* We've only removed perm from the permset; now we have to replace the permset. */ acl_entry_t entry; - int entry_result = get_default_tag_entry(path, tag, &entry); + int entry_result = get_access_tag_entry(path, tag, &entry); if (entry_result == -1) { - perror("remove_default_tag_perm (get_default_tag_entry)"); + perror("remove_access_tag_perm (get_access_tag_entry)"); return -1; } @@ -272,7 +306,7 @@ int remove_default_tag_perm(const char* path, /* Success. */ int s_result = acl_set_permset(entry, permset); if (s_result == -1) { - perror("remove_default_tag_perm (acl_set_permset)"); + perror("remove_access_tag_perm (acl_set_permset)"); return -1; } @@ -283,8 +317,8 @@ int remove_default_tag_perm(const char* path, } } -int remove_default_group_obj_execute(const char* path) { - return remove_default_tag_perm(path, ACL_GROUP_OBJ, ACL_EXECUTE); +int remove_access_group_obj_execute(const char* path) { + return remove_access_tag_perm(path, ACL_GROUP_OBJ, ACL_EXECUTE); } @@ -380,7 +414,7 @@ int reapply_default_acl(const char* path) { else { path_mode &= ~S_IRGRP; } - + if (has_default_mask_write(parent)) { path_mode |= S_IWGRP; } @@ -395,7 +429,7 @@ int reapply_default_acl(const char* path) { either. In the presence of ACLs, the group permissions come not from the mode bits, but from the group:: ACL entry. So, to do this, we remove the group::x entry. */ - remove_default_group_obj_execute(path); + remove_access_group_obj_execute(path); } /* We need to determine whether or not to mask the execute @@ -443,8 +477,8 @@ int reapply_default_acl(const char* path) { } } } - - + + /* If parent has a default user ACL, apply it. */ if (has_default_user_obj_acl(parent)) { -- 2.43.2