Gave up deleting of single ACL entries if they match st_mode.
Only totally trivial ACLs are discarded as a whole. This seems necessary because the relation between st_mode and ACL is not clearly defined in man 5 acl.
This commit is contained in:
parent
24fadd7649
commit
6ad6d3c219
@ -28,9 +28,8 @@
|
|||||||
with bit15 of flag.
|
with bit15 of flag.
|
||||||
@param flag Bitfield for control purposes
|
@param flag Bitfield for control purposes
|
||||||
bit0= obtain default ACL rather than access ACL
|
bit0= obtain default ACL rather than access ACL
|
||||||
bit4= do not return entries which match the st_mode
|
bit4= set *text = NULL and return 2
|
||||||
permissions. If no other ACL entries exist:
|
if the ACL matches st_mode permissions.
|
||||||
set *text = NULL and return 2
|
|
||||||
bit15= free text and return 1
|
bit15= free text and return 1
|
||||||
@return > 0 ok
|
@return > 0 ok
|
||||||
-1 failure of system ACL service (see errno)
|
-1 failure of system ACL service (see errno)
|
||||||
@ -63,8 +62,11 @@ int aaip_get_acl_text(char *path, char **text, int flag)
|
|||||||
return(-1);
|
return(-1);
|
||||||
if(flag & 16) {
|
if(flag & 16) {
|
||||||
ret= stat(path, &stbuf);
|
ret= stat(path, &stbuf);
|
||||||
if(ret != -1)
|
if(ret != -1) {
|
||||||
aaip_cleanout_st_mode(*text, stbuf.st_mode, 0);
|
ret = aaip_cleanout_st_mode(*text, stbuf.st_mode, 2);
|
||||||
|
if(!(ret & (7 | 64)))
|
||||||
|
(*text)[0]= 0;
|
||||||
|
}
|
||||||
if((*text)[0] == 0 || strcmp(*text, "\n") == 0) {
|
if((*text)[0] == 0 || strcmp(*text, "\n") == 0) {
|
||||||
acl_free(text);
|
acl_free(text);
|
||||||
*text= NULL;
|
*text= NULL;
|
||||||
@ -91,7 +93,7 @@ int aaip_get_acl_text(char *path, char **text, int flag)
|
|||||||
bit1= use numeric ACL qualifiers rather than names
|
bit1= use numeric ACL qualifiers rather than names
|
||||||
bit2= do not encode attributes other than ACL
|
bit2= do not encode attributes other than ACL
|
||||||
bit3= -reserved-
|
bit3= -reserved-
|
||||||
bit4= do not return st_mode permissions in ACL.
|
bit4= do not return trivial ACL that matches st_mode
|
||||||
bit15= free memory of names, value_lengths, values
|
bit15= free memory of names, value_lengths, values
|
||||||
@return >0 ok
|
@return >0 ok
|
||||||
<=0 error
|
<=0 error
|
||||||
|
|||||||
@ -31,12 +31,12 @@
|
|||||||
with bit15 of flag.
|
with bit15 of flag.
|
||||||
@param flag Bitfield for control purposes
|
@param flag Bitfield for control purposes
|
||||||
bit0= obtain default ACL rather than access ACL
|
bit0= obtain default ACL rather than access ACL
|
||||||
bit4= do not return entries which match the st_mode
|
bit4= set *text = NULL and return 2
|
||||||
permissions. If no other ACL entries exist:
|
if the ACL matches st_mode permissions.
|
||||||
set *text = NULL and return 2
|
|
||||||
bit15= free text and return 1
|
bit15= free text and return 1
|
||||||
@return > 0 ok
|
@return 1 ok
|
||||||
-1 failure of system ACL service (see errno)
|
2 only st_mode permissions exist and bit 4 is set
|
||||||
|
-1 failure of system ACL service (see errno)
|
||||||
*/
|
*/
|
||||||
int aaip_get_acl_text(char *path, char **text, int flag)
|
int aaip_get_acl_text(char *path, char **text, int flag)
|
||||||
{
|
{
|
||||||
@ -60,8 +60,11 @@ int aaip_get_acl_text(char *path, char **text, int flag)
|
|||||||
return(-1);
|
return(-1);
|
||||||
if(flag & 16) {
|
if(flag & 16) {
|
||||||
ret= stat(path, &stbuf);
|
ret= stat(path, &stbuf);
|
||||||
if(ret != -1)
|
if(ret != -1) {
|
||||||
aaip_cleanout_st_mode(*text, stbuf.st_mode, 0);
|
ret = aaip_cleanout_st_mode(*text, stbuf.st_mode, 2);
|
||||||
|
if(!(ret & (7 | 64)))
|
||||||
|
(*text)[0]= 0;
|
||||||
|
}
|
||||||
if((*text)[0] == 0 || strcmp(*text, "\n") == 0) {
|
if((*text)[0] == 0 || strcmp(*text, "\n") == 0) {
|
||||||
acl_free(text);
|
acl_free(text);
|
||||||
*text= NULL;
|
*text= NULL;
|
||||||
@ -85,7 +88,7 @@ int aaip_get_acl_text(char *path, char **text, int flag)
|
|||||||
bit2= do not obtain attributes other than ACL
|
bit2= do not obtain attributes other than ACL
|
||||||
bit3= do not ignore eventual local ACL attribute
|
bit3= do not ignore eventual local ACL attribute
|
||||||
(e.g. system.posix_acl_access)
|
(e.g. system.posix_acl_access)
|
||||||
bit4= do not return st_mode permissions in ACL.
|
bit4= do not return trivial ACL that matches st_mode
|
||||||
bit15= free memory of names, value_lengths, values
|
bit15= free memory of names, value_lengths, values
|
||||||
@return >0 ok
|
@return >0 ok
|
||||||
<=0 error
|
<=0 error
|
||||||
|
|||||||
@ -429,6 +429,8 @@ group_by_name:;
|
|||||||
/* Remove the entries user::??? , group::??? , other::??? , other:???
|
/* Remove the entries user::??? , group::??? , other::??? , other:???
|
||||||
from an ACL in long text form if they match the bits in st_mode.
|
from an ACL in long text form if they match the bits in st_mode.
|
||||||
@param flag bit0= do not remove entries, only determine return value
|
@param flag bit0= do not remove entries, only determine return value
|
||||||
|
bit1= like bit0 but return immediately if non-st_mode
|
||||||
|
ACL entry is found
|
||||||
*/
|
*/
|
||||||
int aaip_cleanout_st_mode(char *acl_text, mode_t st_mode, int flag)
|
int aaip_cleanout_st_mode(char *acl_text, mode_t st_mode, int flag)
|
||||||
{
|
{
|
||||||
@ -454,8 +456,7 @@ int aaip_cleanout_st_mode(char *acl_text, mode_t st_mode, int flag)
|
|||||||
continue;
|
continue;
|
||||||
}
|
}
|
||||||
overriders|= 4;
|
overriders|= 4;
|
||||||
}
|
} else if(strncmp(rpt, "group::", 7) == 0 && npt - rpt == 10) {
|
||||||
if(strncmp(rpt, "group::", 7) == 0 && npt - rpt == 10) {
|
|
||||||
cpt= rpt + 7;
|
cpt= rpt + 7;
|
||||||
m= 0;
|
m= 0;
|
||||||
if(cpt[0] == 'r')
|
if(cpt[0] == 'r')
|
||||||
@ -469,8 +470,7 @@ int aaip_cleanout_st_mode(char *acl_text, mode_t st_mode, int flag)
|
|||||||
continue;
|
continue;
|
||||||
}
|
}
|
||||||
overriders|= 2;
|
overriders|= 2;
|
||||||
}
|
} else if(strncmp(rpt, "other::", 7) == 0 && npt - rpt == 10) {
|
||||||
if(strncmp(rpt, "other::", 7) == 0 && npt - rpt == 10) {
|
|
||||||
cpt= rpt + 7;
|
cpt= rpt + 7;
|
||||||
others_st_mode:;
|
others_st_mode:;
|
||||||
m= 0;
|
m= 0;
|
||||||
@ -485,20 +485,23 @@ others_st_mode:;
|
|||||||
continue;
|
continue;
|
||||||
}
|
}
|
||||||
overriders|= 1;
|
overriders|= 1;
|
||||||
}
|
} else if(strncmp(rpt, "other:", 6) == 0 && npt - rpt == 9) {
|
||||||
if(strncmp(rpt, "other:", 6) == 0 && npt - rpt == 9) {
|
|
||||||
cpt= rpt + 7;
|
cpt= rpt + 7;
|
||||||
goto others_st_mode;
|
goto others_st_mode;
|
||||||
|
} else if(*rpt != 0) {
|
||||||
|
overriders|= 64;
|
||||||
}
|
}
|
||||||
|
if (flag & 2)
|
||||||
|
return overriders;
|
||||||
if(wpt == rpt) {
|
if(wpt == rpt) {
|
||||||
wpt= npt + 1;
|
wpt= npt + 1;
|
||||||
continue;
|
continue;
|
||||||
}
|
}
|
||||||
if(!(flag & 1))
|
if(!(flag & 3))
|
||||||
memmove(wpt, rpt, 1 + npt - rpt);
|
memmove(wpt, rpt, 1 + npt - rpt);
|
||||||
wpt+= 1 + npt - rpt;
|
wpt+= 1 + npt - rpt;
|
||||||
}
|
}
|
||||||
if(!(flag & 1)) {
|
if(!(flag & 3)) {
|
||||||
if(wpt == acl_text)
|
if(wpt == acl_text)
|
||||||
*wpt= 0;
|
*wpt= 0;
|
||||||
else if(*(wpt - 1) != 0)
|
else if(*(wpt - 1) != 0)
|
||||||
|
|||||||
@ -66,8 +66,10 @@ int aaip_encode_acl(char *acl_text,
|
|||||||
variable which holds permissions as indicated by ECMA-119
|
variable which holds permissions as indicated by ECMA-119
|
||||||
and RRIP data.
|
and RRIP data.
|
||||||
@param flag bit0= do not remove entries, only determine return value
|
@param flag bit0= do not remove entries, only determine return value
|
||||||
|
bit1= like bit0 but return immediately if a non-st_mode
|
||||||
|
ACL entry is found
|
||||||
@return <0 failure
|
@return <0 failure
|
||||||
>=0 tells in six bits which tag types are present.
|
>=0 tells in its bits which tag types are present.
|
||||||
The first three tell which types deviate from the
|
The first three tell which types deviate from the
|
||||||
corresponding st_mode settings:
|
corresponding st_mode settings:
|
||||||
bit0= "other::" overrides S_IRWXO
|
bit0= "other::" overrides S_IRWXO
|
||||||
@ -79,6 +81,7 @@ int aaip_encode_acl(char *acl_text,
|
|||||||
bit5= "user::" matches S_IRWXU
|
bit5= "user::" matches S_IRWXU
|
||||||
Given the nature of ACLs all 64 combinations are
|
Given the nature of ACLs all 64 combinations are
|
||||||
possible although some show inner contradictions.
|
possible although some show inner contradictions.
|
||||||
|
bit6= other ACL tag types are present
|
||||||
*/
|
*/
|
||||||
int aaip_cleanout_st_mode(char *acl_text, mode_t st_mode, int flag);
|
int aaip_cleanout_st_mode(char *acl_text, mode_t st_mode, int flag);
|
||||||
|
|
||||||
@ -105,9 +108,8 @@ int aaip_add_acl_st_mode(char *acl_text, mode_t st_mode, int flag);
|
|||||||
with bit15 of flag.
|
with bit15 of flag.
|
||||||
@param flag Bitfield for control purposes
|
@param flag Bitfield for control purposes
|
||||||
bit0= obtain default ACL rather than access ACL
|
bit0= obtain default ACL rather than access ACL
|
||||||
bit4= do not return entries which match the st_mode
|
bit4= set *text = NULL and return 2
|
||||||
permissions. If no other ACL entries exist:
|
if the ACL matches st_mode permissions.
|
||||||
set *text = NULL and return 2
|
|
||||||
bit15= free text and return 1
|
bit15= free text and return 1
|
||||||
@return 1 ok
|
@return 1 ok
|
||||||
2 only st_mode permissions exist and bit 4 is set
|
2 only st_mode permissions exist and bit 4 is set
|
||||||
@ -131,7 +133,7 @@ int aaip_get_acl_text(char *path, char **text, int flag);
|
|||||||
bit2= do not obtain attributes other than ACLs
|
bit2= do not obtain attributes other than ACLs
|
||||||
bit3= do not ignore eventual ACL attribute
|
bit3= do not ignore eventual ACL attribute
|
||||||
(e.g. system.posix_acl_access)
|
(e.g. system.posix_acl_access)
|
||||||
bit4= do not return st_mode permissions in ACL.
|
bit4= do not return trivial ACL that matches st_mode
|
||||||
bit15= free memory of names, value_lengths, values
|
bit15= free memory of names, value_lengths, values
|
||||||
@return >0 ok
|
@return >0 ok
|
||||||
<=0 error
|
<=0 error
|
||||||
|
|||||||
Loading…
x
Reference in New Issue
Block a user