bug-gnulib
[Top][All Lists]
Advanced

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

acl: make acl_entries work reliably


From: Bruno Haible
Subject: acl: make acl_entries work reliably
Date: Tue, 3 Jun 2008 00:28:43 +0200
User-agent: KMail/1.5.4

Hi Jim,

In my tests, I found that the textual representation of ACLs varies much
more than the API used to access the ACLs.

The acl_entries() function, currently, converts the ACL to a string whose
format is undocumented and then starts counting newlines. This is already
known to go wrong on IRIX.

Here's an implementation that is more reliable: it uses the documented
acl_get_entry() API. Except on two platforms:
  - On IRIX, acl_get_entry is undocumented.
  - On Tru64, acl_get_entry takes only 1 argument, not 3, and in my tests
    always returned NULL.
But on these platforms, the innards of the ACL are exposed through <sys/acl.h>.

OK?


2008-06-02  Bruno Haible  <address@hidden>

        * lib/acl_entries.c (acl_entries): Rewrite to use acl_get_entry.
        * lib/copy-acl.c (qcopy_acl): Update comment.

--- lib/acl_entries.c.orig      2008-06-03 00:18:12.000000000 +0200
+++ lib/acl_entries.c   2008-06-03 00:08:09.000000000 +0200
@@ -21,18 +21,38 @@
 
 #include "acl-internal.h"
 
+/* This file assumes POSIX-draft like ACLs
+   (Linux, FreeBSD, MacOS X, IRIX, Tru64).  */
+
 /* Return the number of entries in ACL.  */
 
 int
 acl_entries (acl_t acl)
 {
-  char *t;
-  int entries = 0;
-  char *text = acl_to_text (acl, NULL);
-  if (! text)
-    return -1;
-  for (t = text; *t; t++)
-    entries += (*t == '\n');
-  acl_free_text (text);
-  return entries;
+  int count = 0;
+
+  if (acl != NULL)
+    {
+#if HAVE_ACL_FIRST_ENTRY /* Linux, FreeBSD, MacOS X */
+      acl_entry_t ace;
+      int at_end;
+
+      for (at_end = acl_get_entry (acl, ACL_FIRST_ENTRY, &ace);
+          !at_end;
+          at_end = acl_get_entry (acl, ACL_NEXT_ENTRY, &ace))
+       count++;
+#else /* IRIX, Tru64 */
+# if HAVE_ACL_TO_SHORT_TEXT /* IRIX */
+      /* Don't use acl_get_entry: it is undocumented.  */
+      count = acl->acl_cnt;
+# endif
+# if HAVE_ACL_FREE_TEXT /* Tru64 */
+      /* Don't use acl_get_entry: it takes only one argument and does not
+        work.  */
+      count = acl->acl_num;
+# endif
+#endif
+    }
+
+  return count;
 }
--- lib/copy-acl.c.orig 2008-06-03 00:21:44.000000000 +0200
+++ lib/copy-acl.c      2008-06-03 00:21:31.000000000 +0200
@@ -72,8 +72,7 @@
 
          acl_free (acl);
          /* On most hosts with MODE_INSIDE_ACL an ACL is trivial if n == 3,
-            and it cannot be less than 3.  On IRIX 6.5 it is also trivial if
-            n == -1.
+            and it cannot be less than 3.
             For simplicity and safety, assume the ACL is trivial if n <= 3.
             Also see file-has-acl.c for some of the other possibilities;
             it's not clear whether that complexity is needed here.  */





reply via email to

[Prev in Thread] Current Thread [Next in Thread]