[Top][All Lists]
[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]
acl: make acl_entries work reliably
From: |
Bruno Haible |
Subject: |
acl: make acl_entries work reliably |
Date: |
Tue, 3 Jun 2008 00:28:43 +0200 |
User-agent: |
KMail/1.5.4 |
Hi Jim,
In my tests, I found that the textual representation of ACLs varies much
more than the API used to access the ACLs.
The acl_entries() function, currently, converts the ACL to a string whose
format is undocumented and then starts counting newlines. This is already
known to go wrong on IRIX.
Here's an implementation that is more reliable: it uses the documented
acl_get_entry() API. Except on two platforms:
- On IRIX, acl_get_entry is undocumented.
- On Tru64, acl_get_entry takes only 1 argument, not 3, and in my tests
always returned NULL.
But on these platforms, the innards of the ACL are exposed through <sys/acl.h>.
OK?
2008-06-02 Bruno Haible <address@hidden>
* lib/acl_entries.c (acl_entries): Rewrite to use acl_get_entry.
* lib/copy-acl.c (qcopy_acl): Update comment.
--- lib/acl_entries.c.orig 2008-06-03 00:18:12.000000000 +0200
+++ lib/acl_entries.c 2008-06-03 00:08:09.000000000 +0200
@@ -21,18 +21,38 @@
#include "acl-internal.h"
+/* This file assumes POSIX-draft like ACLs
+ (Linux, FreeBSD, MacOS X, IRIX, Tru64). */
+
/* Return the number of entries in ACL. */
int
acl_entries (acl_t acl)
{
- char *t;
- int entries = 0;
- char *text = acl_to_text (acl, NULL);
- if (! text)
- return -1;
- for (t = text; *t; t++)
- entries += (*t == '\n');
- acl_free_text (text);
- return entries;
+ int count = 0;
+
+ if (acl != NULL)
+ {
+#if HAVE_ACL_FIRST_ENTRY /* Linux, FreeBSD, MacOS X */
+ acl_entry_t ace;
+ int at_end;
+
+ for (at_end = acl_get_entry (acl, ACL_FIRST_ENTRY, &ace);
+ !at_end;
+ at_end = acl_get_entry (acl, ACL_NEXT_ENTRY, &ace))
+ count++;
+#else /* IRIX, Tru64 */
+# if HAVE_ACL_TO_SHORT_TEXT /* IRIX */
+ /* Don't use acl_get_entry: it is undocumented. */
+ count = acl->acl_cnt;
+# endif
+# if HAVE_ACL_FREE_TEXT /* Tru64 */
+ /* Don't use acl_get_entry: it takes only one argument and does not
+ work. */
+ count = acl->acl_num;
+# endif
+#endif
+ }
+
+ return count;
}
--- lib/copy-acl.c.orig 2008-06-03 00:21:44.000000000 +0200
+++ lib/copy-acl.c 2008-06-03 00:21:31.000000000 +0200
@@ -72,8 +72,7 @@
acl_free (acl);
/* On most hosts with MODE_INSIDE_ACL an ACL is trivial if n == 3,
- and it cannot be less than 3. On IRIX 6.5 it is also trivial if
- n == -1.
+ and it cannot be less than 3.
For simplicity and safety, assume the ACL is trivial if n <= 3.
Also see file-has-acl.c for some of the other possibilities;
it's not clear whether that complexity is needed here. */
- acl: make acl_entries work reliably,
Bruno Haible <=