* setfacl.c (addmissing): New function to add missing acl entries to

a modified acl per the rules set by aclcheck. (setfacl): Call addmissing unless action is Delete.
2025-02-20 16:01:10 +08:00 · 2014-09-03 12:44:05 +00:00 · 2014-09-03 12:44:05 +00:00 · ef1e66cfbf
commit ef1e66cfbf
parent 3e61dde3f1
2 changed files with 71 additions and 0 deletions
--- a/winsup/utils/ChangeLog
+++ b/winsup/utils/ChangeLog
@ -1,3 +1,9 @@
+2014-09-03  Corinna Vinschen  <corinna@vinschen.de>
+
+	* setfacl.c (addmissing): New function to add missing acl entries to
+	a modified acl per the rules set by aclcheck.
+	(setfacl): Call addmissing unless action is Delete.
+
 2014-09-03  Corinna Vinschen  <corinna@vinschen.de>

 	* setfacl.c (getaclentry): Fix previous fix again.  Allow lone 'm' as
--- a/winsup/utils/setfacl.c
+++ b/winsup/utils/setfacl.c
@ -266,6 +266,70 @@ modacl (aclent_t *tgt, int tcnt, aclent_t *src, int scnt)
  return tcnt;
 }

+int
+addmissing (aclent_t *tgt, int tcnt)
+{
+  int t;
+  int types = 0, def_types = 0;
+  int perm = 0, def_perm = 0;
+
+  /* Check if we have all the required entries now. */
+  for (t = 0; t < tcnt; ++t)
+    if (tgt[t].a_type & ACL_DEFAULT)
+      {
+	def_types |= tgt[t].a_type;
+	if (tgt[t].a_type & (USER | GROUP | GROUP_OBJ))
+	  def_perm |= tgt[t].a_perm;
+      }
+    else
+      {
+	types |= tgt[t].a_type;
+	if (tgt[t].a_type & (USER | GROUP | GROUP_OBJ))
+	  perm |= tgt[t].a_perm;
+      }
+  /* Add missing CLASS_OBJ */
+  if ((types & (USER | GROUP)) && !(types & CLASS_OBJ))
+    {
+      tgt[tcnt].a_type = CLASS_OBJ;
+      tgt[tcnt].a_id = (uid_t) -1;
+      tgt[tcnt++].a_perm = perm;
+    }
+  if (def_types)
+    {
+      /* Add missing default entries. */
+      if (!(def_types & USER_OBJ) && tcnt < MAX_ACL_ENTRIES)
+	{
+	  t = searchace (tgt, tcnt, USER_OBJ, -1);
+	  tgt[tcnt].a_type = DEF_USER_OBJ;
+	  tgt[tcnt].a_id = (uid_t) -1;
+	  tgt[tcnt++].a_perm = t >= 0 ? tgt[t].a_perm : S_IRWXO;
+	}
+      if (!(def_types & GROUP_OBJ) && tcnt < MAX_ACL_ENTRIES)
+	{
+	  t = searchace (tgt, tcnt, GROUP_OBJ, -1);
+	  tgt[tcnt].a_type = DEF_GROUP_OBJ;
+	  tgt[tcnt].a_id = (uid_t) -1;
+	  tgt[tcnt].a_perm = t >= 0 ? tgt[t].a_perm : (S_IROTH | S_IXOTH);
+	  def_perm |= tgt[tcnt++].a_perm;
+	}
+      if (!(def_types & OTHER_OBJ) && tcnt < MAX_ACL_ENTRIES)
+	{
+	  t = searchace (tgt, tcnt, OTHER_OBJ, -1);
+	  tgt[tcnt].a_type = DEF_OTHER_OBJ;
+	  tgt[tcnt].a_id = (uid_t) -1;
+	  tgt[tcnt++].a_perm = t >= 0 ? tgt[t].a_perm : (S_IROTH | S_IXOTH);
+	}
+      /* Add missing DEF_CLASS_OBJ */
+      if ((def_types & (USER | GROUP)) && !(def_types & CLASS_OBJ))
+	{
+	  tgt[tcnt].a_type = DEF_CLASS_OBJ;
+	  tgt[tcnt].a_id = (uid_t) -1;
+	  tgt[tcnt++].a_perm = def_perm;
+	}
+    }
+  return tcnt;
+}
+
 int
 setfacl (action_t action, char *path, aclent_t *acls, int cnt)
 {
@ -283,6 +347,7 @@ setfacl (action_t action, char *path, aclent_t *acls, int cnt)
    }
  else if ((lcnt = acl (path, GETACL, MAX_ACL_ENTRIES, lacl)) < 0
      || (lcnt = modacl (lacl, lcnt, acls, cnt)) < 0
+      || (action != Delete && (lcnt = addmissing (lacl, lcnt)) < 0)
      || (lcnt = acl (path, SETACL, lcnt, lacl)) < 0)
    {
      perror (prog_name);