diff options
| author | Zbigniew Jędrzejewski-Szmek <zbyszek@in.waw.pl> | 2020-08-26 10:59:32 +0200 |
|---|---|---|
| committer | Zbigniew Jędrzejewski-Szmek <zbyszek@in.waw.pl> | 2020-08-27 10:20:12 +0200 |
| commit | 567aeb5801e3df568ac336f5d7da945964912c32 (patch) | |
| tree | f320c8b9bc0256f5a8e02c286715245e4c516c3e /src/shared/acl-util.c | |
| parent | 508fa02d6f112c323b0ed595da85cc5bcdd2d122 (diff) | |
| download | systemd-567aeb5801e3df568ac336f5d7da945964912c32.tar.gz | |
shared/acl-util: convert rd,wr,ex to a bitmask
I find this version much more readable.
Add replacement defines so that when acl/libacl.h is not available, the
ACL_{READ,WRITE,EXECUTE} constants are also defined. Those constants were
declared in the kernel headers already in 1da177e4c3f41524e886b7f1b8a0c1f,
so they should be the same pretty much everywhere.
Diffstat (limited to 'src/shared/acl-util.c')
| -rw-r--r-- | src/shared/acl-util.c | 20 |
1 files changed, 14 insertions, 6 deletions
diff --git a/src/shared/acl-util.c b/src/shared/acl-util.c index 02c94f9358..7a2767c37b 100644 --- a/src/shared/acl-util.c +++ b/src/shared/acl-util.c @@ -378,12 +378,20 @@ int acls_for_file(const char *path, acl_type_t type, acl_t new, acl_t *acl) { return 0; } +/* POSIX says that ACL_{READ,WRITE,EXECUTE} don't have to be bitmasks. But that is a natural thing to do and + * all extant implementations do it. Let's make sure that we fail verbosely in the (imho unlikely) scenario + * that we get a new implementation that does not satisfy this. */ +assert_cc(!(ACL_READ & ACL_WRITE)); +assert_cc(!(ACL_WRITE & ACL_EXECUTE)); +assert_cc(!(ACL_EXECUTE & ACL_READ)); +assert_cc((unsigned) ACL_READ == ACL_READ); +assert_cc((unsigned) ACL_WRITE == ACL_WRITE); +assert_cc((unsigned) ACL_EXECUTE == ACL_EXECUTE); + int fd_add_uid_acl_permission( int fd, uid_t uid, - bool rd, - bool wr, - bool ex) { + unsigned mask) { _cleanup_(acl_freep) acl_t acl = NULL; acl_permset_t permset; @@ -411,11 +419,11 @@ int fd_add_uid_acl_permission( if (acl_get_permset(entry, &permset) < 0) return -errno; - if (rd && acl_add_perm(permset, ACL_READ) < 0) + if ((mask & ACL_READ) && acl_add_perm(permset, ACL_READ) < 0) return -errno; - if (wr && acl_add_perm(permset, ACL_WRITE) < 0) + if ((mask & ACL_WRITE) && acl_add_perm(permset, ACL_WRITE) < 0) return -errno; - if (ex && acl_add_perm(permset, ACL_EXECUTE) < 0) + if ((mask & ACL_EXECUTE) && acl_add_perm(permset, ACL_EXECUTE) < 0) return -errno; r = calc_acl_mask_if_needed(&acl); |