diff options
| author | Zbigniew Jędrzejewski-Szmek <zbyszek@in.waw.pl> | 2020-08-26 10:59:32 +0200 |
|---|---|---|
| committer | Zbigniew Jędrzejewski-Szmek <zbyszek@in.waw.pl> | 2020-08-27 10:20:12 +0200 |
| commit | 567aeb5801e3df568ac336f5d7da945964912c32 (patch) | |
| tree | f320c8b9bc0256f5a8e02c286715245e4c516c3e /src/shared | |
| parent | 508fa02d6f112c323b0ed595da85cc5bcdd2d122 (diff) | |
| download | systemd-567aeb5801e3df568ac336f5d7da945964912c32.tar.gz | |
shared/acl-util: convert rd,wr,ex to a bitmask
I find this version much more readable.
Add replacement defines so that when acl/libacl.h is not available, the
ACL_{READ,WRITE,EXECUTE} constants are also defined. Those constants were
declared in the kernel headers already in 1da177e4c3f41524e886b7f1b8a0c1f,
so they should be the same pretty much everywhere.
Diffstat (limited to 'src/shared')
| -rw-r--r-- | src/shared/acl-util.c | 20 | ||||
| -rw-r--r-- | src/shared/acl-util.h | 14 |
2 files changed, 26 insertions, 8 deletions
diff --git a/src/shared/acl-util.c b/src/shared/acl-util.c index 02c94f9358..7a2767c37b 100644 --- a/src/shared/acl-util.c +++ b/src/shared/acl-util.c @@ -378,12 +378,20 @@ int acls_for_file(const char *path, acl_type_t type, acl_t new, acl_t *acl) { return 0; } +/* POSIX says that ACL_{READ,WRITE,EXECUTE} don't have to be bitmasks. But that is a natural thing to do and + * all extant implementations do it. Let's make sure that we fail verbosely in the (imho unlikely) scenario + * that we get a new implementation that does not satisfy this. */ +assert_cc(!(ACL_READ & ACL_WRITE)); +assert_cc(!(ACL_WRITE & ACL_EXECUTE)); +assert_cc(!(ACL_EXECUTE & ACL_READ)); +assert_cc((unsigned) ACL_READ == ACL_READ); +assert_cc((unsigned) ACL_WRITE == ACL_WRITE); +assert_cc((unsigned) ACL_EXECUTE == ACL_EXECUTE); + int fd_add_uid_acl_permission( int fd, uid_t uid, - bool rd, - bool wr, - bool ex) { + unsigned mask) { _cleanup_(acl_freep) acl_t acl = NULL; acl_permset_t permset; @@ -411,11 +419,11 @@ int fd_add_uid_acl_permission( if (acl_get_permset(entry, &permset) < 0) return -errno; - if (rd && acl_add_perm(permset, ACL_READ) < 0) + if ((mask & ACL_READ) && acl_add_perm(permset, ACL_READ) < 0) return -errno; - if (wr && acl_add_perm(permset, ACL_WRITE) < 0) + if ((mask & ACL_WRITE) && acl_add_perm(permset, ACL_WRITE) < 0) return -errno; - if (ex && acl_add_perm(permset, ACL_EXECUTE) < 0) + if ((mask & ACL_EXECUTE) && acl_add_perm(permset, ACL_EXECUTE) < 0) return -errno; r = calc_acl_mask_if_needed(&acl); diff --git a/src/shared/acl-util.h b/src/shared/acl-util.h index ace0fe0955..b6a6f480f8 100644 --- a/src/shared/acl-util.h +++ b/src/shared/acl-util.h @@ -1,8 +1,10 @@ /* SPDX-License-Identifier: LGPL-2.1+ */ #pragma once -#if HAVE_ACL +#include <errno.h> +#include <unistd.h> +#if HAVE_ACL #include <acl/libacl.h> #include <stdbool.h> #include <sys/acl.h> @@ -15,7 +17,7 @@ int add_base_acls_if_needed(acl_t *acl_p, const char *path); int acl_search_groups(const char* path, char ***ret_groups); int parse_acl(const char *text, acl_t *acl_access, acl_t *acl_default, bool want_mask); int acls_for_file(const char *path, acl_type_t type, acl_t new, acl_t *acl); -int fd_add_uid_acl_permission(int fd, uid_t uid, bool rd, bool wr, bool ex); +int fd_add_uid_acl_permission(int fd, uid_t uid, unsigned mask); /* acl_free takes multiple argument types. * Multiple cleanup functions are necessary. */ @@ -27,4 +29,12 @@ DEFINE_TRIVIAL_CLEANUP_FUNC(uid_t*, acl_free_uid_tp); #define acl_free_gid_tp acl_free DEFINE_TRIVIAL_CLEANUP_FUNC(gid_t*, acl_free_gid_tp); +#else +#define ACL_READ 0x04 +#define ACL_WRITE 0x02 +#define ACL_EXECUTE 0x01 + +static inline int fd_add_uid_acl_permission(int fd, uid_t uid, unsigned mask) { + return -EOPNOTSUPP; +} #endif |