* setfacl.c (addmissing): New function to add missing acl entries to
a modified acl per the rules set by aclcheck. (setfacl): Call addmissing unless action is Delete.
This commit is contained in:
parent
3e61dde3f1
commit
ef1e66cfbf
|
@ -1,3 +1,9 @@
|
||||||
|
2014-09-03 Corinna Vinschen <corinna@vinschen.de>
|
||||||
|
|
||||||
|
* setfacl.c (addmissing): New function to add missing acl entries to
|
||||||
|
a modified acl per the rules set by aclcheck.
|
||||||
|
(setfacl): Call addmissing unless action is Delete.
|
||||||
|
|
||||||
2014-09-03 Corinna Vinschen <corinna@vinschen.de>
|
2014-09-03 Corinna Vinschen <corinna@vinschen.de>
|
||||||
|
|
||||||
* setfacl.c (getaclentry): Fix previous fix again. Allow lone 'm' as
|
* setfacl.c (getaclentry): Fix previous fix again. Allow lone 'm' as
|
||||||
|
|
|
@ -266,6 +266,70 @@ modacl (aclent_t *tgt, int tcnt, aclent_t *src, int scnt)
|
||||||
return tcnt;
|
return tcnt;
|
||||||
}
|
}
|
||||||
|
|
||||||
|
int
|
||||||
|
addmissing (aclent_t *tgt, int tcnt)
|
||||||
|
{
|
||||||
|
int t;
|
||||||
|
int types = 0, def_types = 0;
|
||||||
|
int perm = 0, def_perm = 0;
|
||||||
|
|
||||||
|
/* Check if we have all the required entries now. */
|
||||||
|
for (t = 0; t < tcnt; ++t)
|
||||||
|
if (tgt[t].a_type & ACL_DEFAULT)
|
||||||
|
{
|
||||||
|
def_types |= tgt[t].a_type;
|
||||||
|
if (tgt[t].a_type & (USER | GROUP | GROUP_OBJ))
|
||||||
|
def_perm |= tgt[t].a_perm;
|
||||||
|
}
|
||||||
|
else
|
||||||
|
{
|
||||||
|
types |= tgt[t].a_type;
|
||||||
|
if (tgt[t].a_type & (USER | GROUP | GROUP_OBJ))
|
||||||
|
perm |= tgt[t].a_perm;
|
||||||
|
}
|
||||||
|
/* Add missing CLASS_OBJ */
|
||||||
|
if ((types & (USER | GROUP)) && !(types & CLASS_OBJ))
|
||||||
|
{
|
||||||
|
tgt[tcnt].a_type = CLASS_OBJ;
|
||||||
|
tgt[tcnt].a_id = (uid_t) -1;
|
||||||
|
tgt[tcnt++].a_perm = perm;
|
||||||
|
}
|
||||||
|
if (def_types)
|
||||||
|
{
|
||||||
|
/* Add missing default entries. */
|
||||||
|
if (!(def_types & USER_OBJ) && tcnt < MAX_ACL_ENTRIES)
|
||||||
|
{
|
||||||
|
t = searchace (tgt, tcnt, USER_OBJ, -1);
|
||||||
|
tgt[tcnt].a_type = DEF_USER_OBJ;
|
||||||
|
tgt[tcnt].a_id = (uid_t) -1;
|
||||||
|
tgt[tcnt++].a_perm = t >= 0 ? tgt[t].a_perm : S_IRWXO;
|
||||||
|
}
|
||||||
|
if (!(def_types & GROUP_OBJ) && tcnt < MAX_ACL_ENTRIES)
|
||||||
|
{
|
||||||
|
t = searchace (tgt, tcnt, GROUP_OBJ, -1);
|
||||||
|
tgt[tcnt].a_type = DEF_GROUP_OBJ;
|
||||||
|
tgt[tcnt].a_id = (uid_t) -1;
|
||||||
|
tgt[tcnt].a_perm = t >= 0 ? tgt[t].a_perm : (S_IROTH | S_IXOTH);
|
||||||
|
def_perm |= tgt[tcnt++].a_perm;
|
||||||
|
}
|
||||||
|
if (!(def_types & OTHER_OBJ) && tcnt < MAX_ACL_ENTRIES)
|
||||||
|
{
|
||||||
|
t = searchace (tgt, tcnt, OTHER_OBJ, -1);
|
||||||
|
tgt[tcnt].a_type = DEF_OTHER_OBJ;
|
||||||
|
tgt[tcnt].a_id = (uid_t) -1;
|
||||||
|
tgt[tcnt++].a_perm = t >= 0 ? tgt[t].a_perm : (S_IROTH | S_IXOTH);
|
||||||
|
}
|
||||||
|
/* Add missing DEF_CLASS_OBJ */
|
||||||
|
if ((def_types & (USER | GROUP)) && !(def_types & CLASS_OBJ))
|
||||||
|
{
|
||||||
|
tgt[tcnt].a_type = DEF_CLASS_OBJ;
|
||||||
|
tgt[tcnt].a_id = (uid_t) -1;
|
||||||
|
tgt[tcnt++].a_perm = def_perm;
|
||||||
|
}
|
||||||
|
}
|
||||||
|
return tcnt;
|
||||||
|
}
|
||||||
|
|
||||||
int
|
int
|
||||||
setfacl (action_t action, char *path, aclent_t *acls, int cnt)
|
setfacl (action_t action, char *path, aclent_t *acls, int cnt)
|
||||||
{
|
{
|
||||||
|
@ -283,6 +347,7 @@ setfacl (action_t action, char *path, aclent_t *acls, int cnt)
|
||||||
}
|
}
|
||||||
else if ((lcnt = acl (path, GETACL, MAX_ACL_ENTRIES, lacl)) < 0
|
else if ((lcnt = acl (path, GETACL, MAX_ACL_ENTRIES, lacl)) < 0
|
||||||
|| (lcnt = modacl (lacl, lcnt, acls, cnt)) < 0
|
|| (lcnt = modacl (lacl, lcnt, acls, cnt)) < 0
|
||||||
|
|| (action != Delete && (lcnt = addmissing (lacl, lcnt)) < 0)
|
||||||
|| (lcnt = acl (path, SETACL, lcnt, lacl)) < 0)
|
|| (lcnt = acl (path, SETACL, lcnt, lacl)) < 0)
|
||||||
{
|
{
|
||||||
perror (prog_name);
|
perror (prog_name);
|
||||||
|
|
Loading…
Reference in New Issue