Gave up deleting of single ACL entries if they match st_mode.
Only totally trivial ACLs are discarded as a whole. This seems necessary because the relation between st_mode and ACL is not clearly defined in man 5 acl.
This commit is contained in:
parent
24fadd7649
commit
6ad6d3c219
@ -28,9 +28,8 @@
|
||||
with bit15 of flag.
|
||||
@param flag Bitfield for control purposes
|
||||
bit0= obtain default ACL rather than access ACL
|
||||
bit4= do not return entries which match the st_mode
|
||||
permissions. If no other ACL entries exist:
|
||||
set *text = NULL and return 2
|
||||
bit4= set *text = NULL and return 2
|
||||
if the ACL matches st_mode permissions.
|
||||
bit15= free text and return 1
|
||||
@return > 0 ok
|
||||
-1 failure of system ACL service (see errno)
|
||||
@ -63,8 +62,11 @@ int aaip_get_acl_text(char *path, char **text, int flag)
|
||||
return(-1);
|
||||
if(flag & 16) {
|
||||
ret= stat(path, &stbuf);
|
||||
if(ret != -1)
|
||||
aaip_cleanout_st_mode(*text, stbuf.st_mode, 0);
|
||||
if(ret != -1) {
|
||||
ret = aaip_cleanout_st_mode(*text, stbuf.st_mode, 2);
|
||||
if(!(ret & (7 | 64)))
|
||||
(*text)[0]= 0;
|
||||
}
|
||||
if((*text)[0] == 0 || strcmp(*text, "\n") == 0) {
|
||||
acl_free(text);
|
||||
*text= NULL;
|
||||
@ -91,7 +93,7 @@ int aaip_get_acl_text(char *path, char **text, int flag)
|
||||
bit1= use numeric ACL qualifiers rather than names
|
||||
bit2= do not encode attributes other than ACL
|
||||
bit3= -reserved-
|
||||
bit4= do not return st_mode permissions in ACL.
|
||||
bit4= do not return trivial ACL that matches st_mode
|
||||
bit15= free memory of names, value_lengths, values
|
||||
@return >0 ok
|
||||
<=0 error
|
||||
|
||||
@ -31,12 +31,12 @@
|
||||
with bit15 of flag.
|
||||
@param flag Bitfield for control purposes
|
||||
bit0= obtain default ACL rather than access ACL
|
||||
bit4= do not return entries which match the st_mode
|
||||
permissions. If no other ACL entries exist:
|
||||
set *text = NULL and return 2
|
||||
bit4= set *text = NULL and return 2
|
||||
if the ACL matches st_mode permissions.
|
||||
bit15= free text and return 1
|
||||
@return > 0 ok
|
||||
-1 failure of system ACL service (see errno)
|
||||
@return 1 ok
|
||||
2 only st_mode permissions exist and bit 4 is set
|
||||
-1 failure of system ACL service (see errno)
|
||||
*/
|
||||
int aaip_get_acl_text(char *path, char **text, int flag)
|
||||
{
|
||||
@ -60,8 +60,11 @@ int aaip_get_acl_text(char *path, char **text, int flag)
|
||||
return(-1);
|
||||
if(flag & 16) {
|
||||
ret= stat(path, &stbuf);
|
||||
if(ret != -1)
|
||||
aaip_cleanout_st_mode(*text, stbuf.st_mode, 0);
|
||||
if(ret != -1) {
|
||||
ret = aaip_cleanout_st_mode(*text, stbuf.st_mode, 2);
|
||||
if(!(ret & (7 | 64)))
|
||||
(*text)[0]= 0;
|
||||
}
|
||||
if((*text)[0] == 0 || strcmp(*text, "\n") == 0) {
|
||||
acl_free(text);
|
||||
*text= NULL;
|
||||
@ -85,7 +88,7 @@ int aaip_get_acl_text(char *path, char **text, int flag)
|
||||
bit2= do not obtain attributes other than ACL
|
||||
bit3= do not ignore eventual local ACL attribute
|
||||
(e.g. system.posix_acl_access)
|
||||
bit4= do not return st_mode permissions in ACL.
|
||||
bit4= do not return trivial ACL that matches st_mode
|
||||
bit15= free memory of names, value_lengths, values
|
||||
@return >0 ok
|
||||
<=0 error
|
||||
|
||||
@ -429,6 +429,8 @@ group_by_name:;
|
||||
/* Remove the entries user::??? , group::??? , other::??? , other:???
|
||||
from an ACL in long text form if they match the bits in st_mode.
|
||||
@param flag bit0= do not remove entries, only determine return value
|
||||
bit1= like bit0 but return immediately if non-st_mode
|
||||
ACL entry is found
|
||||
*/
|
||||
int aaip_cleanout_st_mode(char *acl_text, mode_t st_mode, int flag)
|
||||
{
|
||||
@ -454,8 +456,7 @@ int aaip_cleanout_st_mode(char *acl_text, mode_t st_mode, int flag)
|
||||
continue;
|
||||
}
|
||||
overriders|= 4;
|
||||
}
|
||||
if(strncmp(rpt, "group::", 7) == 0 && npt - rpt == 10) {
|
||||
} else if(strncmp(rpt, "group::", 7) == 0 && npt - rpt == 10) {
|
||||
cpt= rpt + 7;
|
||||
m= 0;
|
||||
if(cpt[0] == 'r')
|
||||
@ -469,8 +470,7 @@ int aaip_cleanout_st_mode(char *acl_text, mode_t st_mode, int flag)
|
||||
continue;
|
||||
}
|
||||
overriders|= 2;
|
||||
}
|
||||
if(strncmp(rpt, "other::", 7) == 0 && npt - rpt == 10) {
|
||||
} else if(strncmp(rpt, "other::", 7) == 0 && npt - rpt == 10) {
|
||||
cpt= rpt + 7;
|
||||
others_st_mode:;
|
||||
m= 0;
|
||||
@ -485,20 +485,23 @@ others_st_mode:;
|
||||
continue;
|
||||
}
|
||||
overriders|= 1;
|
||||
}
|
||||
if(strncmp(rpt, "other:", 6) == 0 && npt - rpt == 9) {
|
||||
} else if(strncmp(rpt, "other:", 6) == 0 && npt - rpt == 9) {
|
||||
cpt= rpt + 7;
|
||||
goto others_st_mode;
|
||||
} else if(*rpt != 0) {
|
||||
overriders|= 64;
|
||||
}
|
||||
if (flag & 2)
|
||||
return overriders;
|
||||
if(wpt == rpt) {
|
||||
wpt= npt + 1;
|
||||
continue;
|
||||
}
|
||||
if(!(flag & 1))
|
||||
if(!(flag & 3))
|
||||
memmove(wpt, rpt, 1 + npt - rpt);
|
||||
wpt+= 1 + npt - rpt;
|
||||
}
|
||||
if(!(flag & 1)) {
|
||||
if(!(flag & 3)) {
|
||||
if(wpt == acl_text)
|
||||
*wpt= 0;
|
||||
else if(*(wpt - 1) != 0)
|
||||
|
||||
@ -66,8 +66,10 @@ int aaip_encode_acl(char *acl_text,
|
||||
variable which holds permissions as indicated by ECMA-119
|
||||
and RRIP data.
|
||||
@param flag bit0= do not remove entries, only determine return value
|
||||
bit1= like bit0 but return immediately if a non-st_mode
|
||||
ACL entry is found
|
||||
@return <0 failure
|
||||
>=0 tells in six bits which tag types are present.
|
||||
>=0 tells in its bits which tag types are present.
|
||||
The first three tell which types deviate from the
|
||||
corresponding st_mode settings:
|
||||
bit0= "other::" overrides S_IRWXO
|
||||
@ -79,6 +81,7 @@ int aaip_encode_acl(char *acl_text,
|
||||
bit5= "user::" matches S_IRWXU
|
||||
Given the nature of ACLs all 64 combinations are
|
||||
possible although some show inner contradictions.
|
||||
bit6= other ACL tag types are present
|
||||
*/
|
||||
int aaip_cleanout_st_mode(char *acl_text, mode_t st_mode, int flag);
|
||||
|
||||
@ -105,9 +108,8 @@ int aaip_add_acl_st_mode(char *acl_text, mode_t st_mode, int flag);
|
||||
with bit15 of flag.
|
||||
@param flag Bitfield for control purposes
|
||||
bit0= obtain default ACL rather than access ACL
|
||||
bit4= do not return entries which match the st_mode
|
||||
permissions. If no other ACL entries exist:
|
||||
set *text = NULL and return 2
|
||||
bit4= set *text = NULL and return 2
|
||||
if the ACL matches st_mode permissions.
|
||||
bit15= free text and return 1
|
||||
@return 1 ok
|
||||
2 only st_mode permissions exist and bit 4 is set
|
||||
@ -131,7 +133,7 @@ int aaip_get_acl_text(char *path, char **text, int flag);
|
||||
bit2= do not obtain attributes other than ACLs
|
||||
bit3= do not ignore eventual ACL attribute
|
||||
(e.g. system.posix_acl_access)
|
||||
bit4= do not return st_mode permissions in ACL.
|
||||
bit4= do not return trivial ACL that matches st_mode
|
||||
bit15= free memory of names, value_lengths, values
|
||||
@return >0 ok
|
||||
<=0 error
|
||||
|
||||
Loading…
Reference in New Issue
Block a user