diff --git a/libisofs/aaip-os-freebsd.c b/libisofs/aaip-os-freebsd.c index dd1297b..2403e61 100644 --- a/libisofs/aaip-os-freebsd.c +++ b/libisofs/aaip-os-freebsd.c @@ -28,9 +28,8 @@ with bit15 of flag. @param flag Bitfield for control purposes bit0= obtain default ACL rather than access ACL - bit4= do not return entries which match the st_mode - permissions. If no other ACL entries exist: - set *text = NULL and return 2 + bit4= set *text = NULL and return 2 + if the ACL matches st_mode permissions. bit15= free text and return 1 @return > 0 ok -1 failure of system ACL service (see errno) @@ -63,8 +62,11 @@ int aaip_get_acl_text(char *path, char **text, int flag) return(-1); if(flag & 16) { ret= stat(path, &stbuf); - if(ret != -1) - aaip_cleanout_st_mode(*text, stbuf.st_mode, 0); + if(ret != -1) { + ret = aaip_cleanout_st_mode(*text, stbuf.st_mode, 2); + if(!(ret & (7 | 64))) + (*text)[0]= 0; + } if((*text)[0] == 0 || strcmp(*text, "\n") == 0) { acl_free(text); *text= NULL; @@ -91,7 +93,7 @@ int aaip_get_acl_text(char *path, char **text, int flag) bit1= use numeric ACL qualifiers rather than names bit2= do not encode attributes other than ACL bit3= -reserved- - bit4= do not return st_mode permissions in ACL. + bit4= do not return trivial ACL that matches st_mode bit15= free memory of names, value_lengths, values @return >0 ok <=0 error diff --git a/libisofs/aaip-os-linux.c b/libisofs/aaip-os-linux.c index 7bf90a3..04fc24b 100644 --- a/libisofs/aaip-os-linux.c +++ b/libisofs/aaip-os-linux.c @@ -31,12 +31,12 @@ with bit15 of flag. @param flag Bitfield for control purposes bit0= obtain default ACL rather than access ACL - bit4= do not return entries which match the st_mode - permissions. If no other ACL entries exist: - set *text = NULL and return 2 + bit4= set *text = NULL and return 2 + if the ACL matches st_mode permissions. bit15= free text and return 1 - @return > 0 ok - -1 failure of system ACL service (see errno) + @return 1 ok + 2 only st_mode permissions exist and bit 4 is set + -1 failure of system ACL service (see errno) */ int aaip_get_acl_text(char *path, char **text, int flag) { @@ -60,8 +60,11 @@ int aaip_get_acl_text(char *path, char **text, int flag) return(-1); if(flag & 16) { ret= stat(path, &stbuf); - if(ret != -1) - aaip_cleanout_st_mode(*text, stbuf.st_mode, 0); + if(ret != -1) { + ret = aaip_cleanout_st_mode(*text, stbuf.st_mode, 2); + if(!(ret & (7 | 64))) + (*text)[0]= 0; + } if((*text)[0] == 0 || strcmp(*text, "\n") == 0) { acl_free(text); *text= NULL; @@ -85,7 +88,7 @@ int aaip_get_acl_text(char *path, char **text, int flag) bit2= do not obtain attributes other than ACL bit3= do not ignore eventual local ACL attribute (e.g. system.posix_acl_access) - bit4= do not return st_mode permissions in ACL. + bit4= do not return trivial ACL that matches st_mode bit15= free memory of names, value_lengths, values @return >0 ok <=0 error diff --git a/libisofs/aaip_0_2.c b/libisofs/aaip_0_2.c index 9a0f1eb..a84842b 100644 --- a/libisofs/aaip_0_2.c +++ b/libisofs/aaip_0_2.c @@ -429,6 +429,8 @@ group_by_name:; /* Remove the entries user::??? , group::??? , other::??? , other:??? from an ACL in long text form if they match the bits in st_mode. @param flag bit0= do not remove entries, only determine return value + bit1= like bit0 but return immediately if non-st_mode + ACL entry is found */ int aaip_cleanout_st_mode(char *acl_text, mode_t st_mode, int flag) { @@ -454,8 +456,7 @@ int aaip_cleanout_st_mode(char *acl_text, mode_t st_mode, int flag) continue; } overriders|= 4; - } - if(strncmp(rpt, "group::", 7) == 0 && npt - rpt == 10) { + } else if(strncmp(rpt, "group::", 7) == 0 && npt - rpt == 10) { cpt= rpt + 7; m= 0; if(cpt[0] == 'r') @@ -469,8 +470,7 @@ int aaip_cleanout_st_mode(char *acl_text, mode_t st_mode, int flag) continue; } overriders|= 2; - } - if(strncmp(rpt, "other::", 7) == 0 && npt - rpt == 10) { + } else if(strncmp(rpt, "other::", 7) == 0 && npt - rpt == 10) { cpt= rpt + 7; others_st_mode:; m= 0; @@ -485,20 +485,23 @@ others_st_mode:; continue; } overriders|= 1; - } - if(strncmp(rpt, "other:", 6) == 0 && npt - rpt == 9) { + } else if(strncmp(rpt, "other:", 6) == 0 && npt - rpt == 9) { cpt= rpt + 7; goto others_st_mode; + } else if(*rpt != 0) { + overriders|= 64; } + if (flag & 2) + return overriders; if(wpt == rpt) { wpt= npt + 1; continue; } - if(!(flag & 1)) + if(!(flag & 3)) memmove(wpt, rpt, 1 + npt - rpt); wpt+= 1 + npt - rpt; } - if(!(flag & 1)) { + if(!(flag & 3)) { if(wpt == acl_text) *wpt= 0; else if(*(wpt - 1) != 0) diff --git a/libisofs/aaip_0_2.h b/libisofs/aaip_0_2.h index 27753c5..caf94a2 100644 --- a/libisofs/aaip_0_2.h +++ b/libisofs/aaip_0_2.h @@ -66,8 +66,10 @@ int aaip_encode_acl(char *acl_text, variable which holds permissions as indicated by ECMA-119 and RRIP data. @param flag bit0= do not remove entries, only determine return value + bit1= like bit0 but return immediately if a non-st_mode + ACL entry is found @return <0 failure - >=0 tells in six bits which tag types are present. + >=0 tells in its bits which tag types are present. The first three tell which types deviate from the corresponding st_mode settings: bit0= "other::" overrides S_IRWXO @@ -79,6 +81,7 @@ int aaip_encode_acl(char *acl_text, bit5= "user::" matches S_IRWXU Given the nature of ACLs all 64 combinations are possible although some show inner contradictions. + bit6= other ACL tag types are present */ int aaip_cleanout_st_mode(char *acl_text, mode_t st_mode, int flag); @@ -105,9 +108,8 @@ int aaip_add_acl_st_mode(char *acl_text, mode_t st_mode, int flag); with bit15 of flag. @param flag Bitfield for control purposes bit0= obtain default ACL rather than access ACL - bit4= do not return entries which match the st_mode - permissions. If no other ACL entries exist: - set *text = NULL and return 2 + bit4= set *text = NULL and return 2 + if the ACL matches st_mode permissions. bit15= free text and return 1 @return 1 ok 2 only st_mode permissions exist and bit 4 is set @@ -131,7 +133,7 @@ int aaip_get_acl_text(char *path, char **text, int flag); bit2= do not obtain attributes other than ACLs bit3= do not ignore eventual ACL attribute (e.g. system.posix_acl_access) - bit4= do not return st_mode permissions in ACL. + bit4= do not return trivial ACL that matches st_mode bit15= free memory of names, value_lengths, values @return >0 ok <=0 error