PERFORCE change 147427 for review
Edward Tomasz Napierala
trasz at FreeBSD.org
Fri Aug 15 08:47:30 UTC 2008
http://perforce.freebsd.org/chv.cgi?CH=147427
Change 147427 by trasz at trasz_traszkan on 2008/08/15 08:47:11
Simplify the setfacl(1) utility, removing the acl[2] array
and a few global variables.
Note that the default ACL handling and mask recalculation
were not tested. Will do that later.
Affected files ...
.. //depot/projects/soc2008/trasz_nfs4acl/bin/setfacl/merge.c#9 edit
.. //depot/projects/soc2008/trasz_nfs4acl/bin/setfacl/remove.c#6 edit
.. //depot/projects/soc2008/trasz_nfs4acl/bin/setfacl/setfacl.c#11 edit
.. //depot/projects/soc2008/trasz_nfs4acl/bin/setfacl/setfacl.h#5 edit
Differences ...
==== //depot/projects/soc2008/trasz_nfs4acl/bin/setfacl/merge.c#9 (text+ko) ====
@@ -36,10 +36,11 @@
#include "setfacl.h"
-static int merge_user_group(acl_entry_t *entry, acl_entry_t *entry_new);
+static int merge_user_group(acl_entry_t *entry, acl_entry_t *entry_new,
+ int acl_brand);
static int
-merge_user_group(acl_entry_t *entry, acl_entry_t *entry_new)
+merge_user_group(acl_entry_t *entry, acl_entry_t *entry_new, int acl_brand)
{
acl_permset_t permset;
acl_extended_t extended;
@@ -62,7 +63,7 @@
if (acl_set_permset(*entry_new, permset) == -1)
err(1, "acl_set_permset() failed");
- if (acl_type == ACL_TYPE_NFS4) {
+ if (acl_brand == ACL_BRAND_NFS4) {
if (acl_get_extended_np(*entry, &extended))
err(1, "acl_get_extended_np() failed");
if (acl_set_extended_np(*entry_new, extended))
@@ -97,7 +98,7 @@
int acl_brand, prev_acl_brand;
acl_get_brand_np(acl, &acl_brand);
- acl_get_brand_np(prev_acl[0], &prev_acl_brand);
+ acl_get_brand_np(*prev_acl, &prev_acl_brand);
if (acl_brand != prev_acl_brand) {
warnx("%s: branding mismatch; existing ACL is %s, "
@@ -107,10 +108,7 @@
return (-1);
}
- if (acl_type == ACL_TYPE_ACCESS || acl_type == ACL_TYPE_NFS4)
- acl_new = acl_dup(prev_acl[ACCESS_ACL]);
- else
- acl_new = acl_dup(prev_acl[DEFAULT_ACL]);
+ acl_new = acl_dup(*prev_acl);
if (acl_new == NULL)
err(1, "%s: acl_dup() failed", filename);
@@ -145,7 +143,7 @@
* For NFS4, in addition to "tag" and "id" we also
* compare "extended".
*/
- if (acl_type == ACL_TYPE_NFS4) {
+ if (acl_brand == ACL_BRAND_NFS4) {
if (acl_get_extended_np(entry, &extended))
err(1, "%s: acl_get_extended_np() "
"failed", filename);
@@ -160,7 +158,7 @@
case ACL_USER:
case ACL_GROUP:
have_entry = merge_user_group(&entry,
- &entry_new);
+ &entry_new, acl_brand);
if (have_entry == 0)
break;
/* FALLTHROUGH */
@@ -176,7 +174,7 @@
err(1, "%s: acl_set_permset() failed",
filename);
- if (acl_type == ACL_TYPE_NFS4) {
+ if (acl_brand == ACL_BRAND_NFS4) {
if (acl_get_extended_np(entry, &extended))
err(1, "%s: acl_get_extended_np() failed",
filename);
@@ -207,7 +205,7 @@
* Appending them at the end makes no sense, since
* in most cases they wouldn't even get evaluated.
*/
- if (acl_type == ACL_TYPE_NFS4) {
+ if (acl_brand == ACL_BRAND_NFS4) {
if (acl_create_entry_np(&acl_new, &entry_new, entry_number) == -1) {
warn("%s: acl_create_entry_np() failed", filename);
acl_free(acl_new);
@@ -232,13 +230,8 @@
}
}
- if (acl_type == ACL_TYPE_ACCESS || acl_type == ACL_TYPE_NFS4) {
- acl_free(prev_acl[ACCESS_ACL]);
- prev_acl[ACCESS_ACL] = acl_new;
- } else {
- acl_free(prev_acl[DEFAULT_ACL]);
- prev_acl[DEFAULT_ACL] = acl_new;
- }
+ acl_free(*prev_acl);
+ *prev_acl = acl_new;
return (0);
}
@@ -248,24 +241,25 @@
{
acl_entry_t entry, entry_new;
acl_t acl_new;
- int entry_id, acl_brand;
+ int entry_id, acl_brand, prev_acl_brand;
+
+ acl_get_brand_np(acl, &acl_brand);
+ acl_get_brand_np(*prev_acl, &prev_acl_brand);
- if (acl_type != ACL_TYPE_NFS4) {
+ if (prev_acl_brand != ACL_BRAND_NFS4) {
warnx("%s: the '-a' option is only applicable to NFS4 ACLs",
filename);
return (-1);
}
- acl_get_brand_np(acl, &acl_brand);
-
if (acl_brand != ACL_BRAND_NFS4) {
- warnx("%s: branding mismatch; existing ACL is %s, "
- "entry to be added is NFS4", filename,
+ warnx("%s: branding mismatch; existing ACL is NFS4, "
+ "entry to be added is %s", filename,
acl_brand == ACL_BRAND_NFS4 ? "NFS4" : "POSIX");
return (-1);
}
- acl_new = acl_dup(prev_acl[ACCESS_ACL]);
+ acl_new = acl_dup(*prev_acl);
if (acl_new == NULL)
err(1, "%s: acl_dup() failed", filename);
@@ -295,8 +289,8 @@
err(1, "%s: acl_copy_entry() failed", filename);
}
- acl_free(prev_acl[ACCESS_ACL]);
- prev_acl[ACCESS_ACL] = acl_new;
+ acl_free(*prev_acl);
+ *prev_acl = acl_new;
return (0);
}
==== //depot/projects/soc2008/trasz_nfs4acl/bin/setfacl/remove.c#6 (text+ko) ====
@@ -51,7 +51,7 @@
carried_error = 0;
acl_get_brand_np(acl, &acl_brand);
- acl_get_brand_np(prev_acl[0], &prev_acl_brand);
+ acl_get_brand_np(*prev_acl, &prev_acl_brand);
if (acl_brand != prev_acl_brand) {
warnx("%s: branding mismatch; existing ACL is %s, "
@@ -63,10 +63,7 @@
carried_error = 0;
- if (acl_type == ACL_TYPE_ACCESS || acl_type == ACL_TYPE_NFS4)
- acl_new = acl_dup(prev_acl[ACCESS_ACL]);
- else
- acl_new = acl_dup(prev_acl[DEFAULT_ACL]);
+ acl_new = acl_dup(*prev_acl);
if (acl_new == NULL)
err(1, "%s: acl_dup() failed", filename);
@@ -87,13 +84,8 @@
}
}
- if (acl_type == ACL_TYPE_ACCESS || acl_type == ACL_TYPE_NFS4) {
- acl_free(prev_acl[ACCESS_ACL]);
- prev_acl[ACCESS_ACL] = acl_new;
- } else {
- acl_free(prev_acl[DEFAULT_ACL]);
- prev_acl[DEFAULT_ACL] = acl_new;
- }
+ acl_free(*prev_acl);
+ *prev_acl = acl_new;
if (carried_error)
return (-1);
@@ -112,10 +104,7 @@
carried_error = 0;
- if (acl_type == ACL_TYPE_ACCESS || acl_type == ACL_TYPE_NFS4)
- acl_new = acl_dup(prev_acl[ACCESS_ACL]);
- else
- acl_new = acl_dup(prev_acl[DEFAULT_ACL]);
+ acl_new = acl_dup(*prev_acl);
if (acl_new == NULL)
err(1, "%s: acl_dup() failed", filename);
@@ -148,13 +137,8 @@
warn("%s: acl_delete_entry_np() failed", filename);
}
- if (acl_type == ACL_TYPE_ACCESS || acl_type == ACL_TYPE_NFS4) {
- acl_free(prev_acl[ACCESS_ACL]);
- prev_acl[ACCESS_ACL] = acl_new;
- } else {
- acl_free(prev_acl[DEFAULT_ACL]);
- prev_acl[DEFAULT_ACL] = acl_new;
- }
+ acl_free(*prev_acl);
+ *prev_acl = acl_new;
if (carried_error)
return (-1);
@@ -168,16 +152,11 @@
int
remove_default(acl_t *prev_acl, const char *filename)
{
+ acl_free(*prev_acl);
+ *prev_acl = acl_init(ACL_MAX_ENTRIES);
+ if (*prev_acl == NULL)
+ err(1, "%s: acl_init() failed", filename);
- if (prev_acl[1]) {
- acl_free(prev_acl[1]);
- prev_acl[1] = acl_init(ACL_MAX_ENTRIES);
- if (prev_acl[1] == NULL)
- err(1, "%s: acl_init() failed", filename);
- } else {
- warn("%s: cannot remove default ACL", filename);
- return (-1);
- }
return (0);
}
@@ -187,22 +166,13 @@
void
remove_ext(acl_t *prev_acl, const char *filename)
{
- acl_t acl_new, acl_old;
+ acl_t acl_new;
- if (acl_type == ACL_TYPE_ACCESS || acl_type == ACL_TYPE_NFS4)
- acl_old = prev_acl[ACCESS_ACL];
- else
- acl_old = prev_acl[DEFAULT_ACL];
-
- acl_new = acl_strip_np(acl_old, !n_flag);
+ acl_new = acl_strip_np(*prev_acl, !n_flag);
if (acl_new == NULL)
err(1, "%s: acl_strip_np() failed", filename);
- if (acl_type == ACL_TYPE_ACCESS || acl_type == ACL_TYPE_NFS4) {
- acl_free(prev_acl[ACCESS_ACL]);
- prev_acl[ACCESS_ACL] = acl_new;
- } else {
- acl_free(prev_acl[DEFAULT_ACL]);
- prev_acl[DEFAULT_ACL] = acl_new;
- }
+ acl_free(*prev_acl);
+ *prev_acl = acl_new;
}
+
==== //depot/projects/soc2008/trasz_nfs4acl/bin/setfacl/setfacl.c#11 (text+ko) ====
@@ -41,9 +41,9 @@
#include "setfacl.h"
-static void add_filename(const char *filename);
-static acl_t *get_file_acls(const char *filename);
-static void usage(void);
+static void add_filename(const char *filename);
+static acl_t get_file_acl(const char *filename, acl_type_t type, int h_flag);
+static void usage(void);
static void
add_filename(const char *filename)
@@ -59,41 +59,55 @@
TAILQ_INSERT_TAIL(&filelist, file, next);
}
-static acl_t *
-get_file_acls(const char *filename)
+static acl_t
+get_file_acl(const char *filename, acl_type_t type, int h_flag)
{
- acl_t *acl;
+ acl_t acl = NULL;
struct stat sb;
- int type;
- if (stat(filename, &sb) == -1) {
- warn("%s: stat() failed", filename);
- return (NULL);
+ if (pathconf(filename, _PC_EXTENDED_SECURITY_NP)) {
+ if (type == ACL_TYPE_ACCESS) {
+ type = ACL_TYPE_NFS4;
+ } else {
+ warnx("%s: there are no default entries in NFS4 ACLs",
+ filename);
+ return (NULL);
+ }
}
- if (pathconf(filename, _PC_EXTENDED_SECURITY_NP))
- type = ACL_TYPE_NFS4;
- else
- type = ACL_TYPE_ACCESS;
+ switch (type) {
+ case ACL_TYPE_ACCESS:
+ case ACL_TYPE_NFS4:
+ if (h_flag)
+ acl = acl_get_link_np(filename, type);
+ else
+ acl = acl_get_file(filename, type);
+ break;
+
+ case ACL_TYPE_DEFAULT:
+ if (stat(filename, &sb) == -1) {
+ warn("%s: stat() failed", filename);
+ return (NULL);
+ }
+
+ if (S_ISDIR(sb.st_mode) == 0)
+ return (NULL);
+
+ if (h_flag)
+ acl = acl_get_link_np(filename, ACL_TYPE_DEFAULT);
+ else
+ acl = acl_get_file(filename, ACL_TYPE_DEFAULT);
+ break;
+ }
- acl = zmalloc(sizeof(acl_t) * 2);
- if (h_flag)
- acl[ACCESS_ACL] = acl_get_link_np(filename, type);
- else
- acl[ACCESS_ACL] = acl_get_file(filename, type);
- if (acl[ACCESS_ACL] == NULL)
- err(1, "%s: acl_get_file() failed", filename);
- if (S_ISDIR(sb.st_mode) && type != ACL_TYPE_NFS4) {
+ if (acl == NULL) {
if (h_flag)
- acl[DEFAULT_ACL] = acl_get_link_np(filename,
- ACL_TYPE_DEFAULT);
+ warn("%s: acl_get_link_np() failed", filename);
else
- acl[DEFAULT_ACL] = acl_get_file(filename,
- ACL_TYPE_DEFAULT);
- if (acl[DEFAULT_ACL] == NULL)
- err(1, "%s: acl_get_file() failed", filename);
- } else
- acl[DEFAULT_ACL] = NULL;
+ warn("%s: acl_get_file() failed", filename);
+
+ return (NULL);
+ }
return (acl);
}
@@ -110,9 +124,11 @@
int
main(int argc, char *argv[])
{
- acl_t *acl, final_acl;
+ acl_t acl;
+ acl_type_t acl_type;
char filename[PATH_MAX];
int local_error, carried_error, ch, i, entry_number;
+ int h_flag;
struct sf_file *file;
struct sf_entry *entry;
const char *fn_dup;
@@ -233,17 +249,9 @@
/* cycle through each file */
TAILQ_FOREACH(file, &filelist, next) {
- /* get our initial access and default ACL's */
- acl = get_file_acls(file->filename);
+ acl = get_file_acl(file->filename, acl_type, h_flag);
if (acl == NULL)
continue;
- if ((acl_type == ACL_TYPE_DEFAULT) && !acl[1]) {
- if (pathconf(file->filename, _PC_EXTENDED_SECURITY_NP))
- warnx("%s: there are no default entries in NFS4 ACLs", file->filename);
- else
- warnx("%s: default ACL not valid", file->filename);
- continue;
- }
local_error = 0;
@@ -260,15 +268,15 @@
switch(entry->op) {
case OP_ADD_ACL:
local_error += add_acl(entry->acl,
- entry->entry_number, acl, file->filename);
+ entry->entry_number, &acl, file->filename);
break;
case OP_MERGE_ACL:
- local_error += merge_acl(entry->acl, acl,
+ local_error += merge_acl(entry->acl, &acl,
file->filename);
need_mask = 1;
break;
case OP_REMOVE_EXT:
- remove_ext(acl, file->filename);
+ remove_ext(&acl, file->filename);
need_mask = 0;
break;
case OP_REMOVE_DEF:
@@ -283,17 +291,19 @@
file->filename);
local_error++;
}
- local_error += remove_default(acl, file->filename);
+ if (acl_type == ACL_TYPE_DEFAULT)
+ local_error += remove_default(&acl,
+ file->filename);
need_mask = 0;
break;
case OP_REMOVE_ACL:
- local_error += remove_acl(entry->acl, acl,
+ local_error += remove_acl(entry->acl, &acl,
file->filename);
need_mask = 1;
break;
case OP_REMOVE_BY_NUMBER:
local_error += remove_by_number(entry->entry_number,
- acl, file->filename);
+ &acl, file->filename);
need_mask = 1;
break;
}
@@ -305,43 +315,32 @@
continue;
}
- if (acl_type == ACL_TYPE_ACCESS || acl_type == ACL_TYPE_NFS4)
- final_acl = acl[ACCESS_ACL];
- else
- final_acl = acl[DEFAULT_ACL];
-
if (acl_type == ACL_TYPE_NFS4)
need_mask = 0;
- if (need_mask && (set_acl_mask(&final_acl,
+ if (need_mask && (set_acl_mask(&acl,
file->filename) == -1)) {
warnx("%s: failed to set ACL mask", file->filename);
carried_error++;
} else if (h_flag) {
if (acl_set_link_np(file->filename, acl_type,
- final_acl) == -1) {
+ acl) == -1) {
carried_error++;
warn("%s: acl_set_link_np() failed",
file->filename);
}
} else {
if (acl_set_file(file->filename, acl_type,
- final_acl) == -1) {
+ acl) == -1) {
carried_error++;
warn("%s: acl_set_file() failed",
file->filename);
}
}
- if (acl_type == ACL_TYPE_ACCESS || acl_type == ACL_TYPE_NFS4)
- acl[ACCESS_ACL] = final_acl;
- else
- acl[DEFAULT_ACL] = final_acl;
-
- acl_free(acl[ACCESS_ACL]);
- acl_free(acl[DEFAULT_ACL]);
- free(acl);
+ acl_free(acl);
}
return (carried_error);
}
+
==== //depot/projects/soc2008/trasz_nfs4acl/bin/setfacl/setfacl.h#5 (text+ko) ====
@@ -41,10 +41,6 @@
#define OP_REMOVE_BY_NUMBER 0x04 /* remove acl's (-xX) by acl entry number */
#define OP_ADD_ACL 0x05 /* add acls entries at a given position */
-/* ACL types for the acl array */
-#define ACCESS_ACL 0
-#define DEFAULT_ACL 1
-
/* TAILQ entry for acl operations */
struct sf_entry {
uint op;
@@ -76,11 +72,9 @@
/* util.c */
void *zmalloc(size_t size);
-acl_type_t acl_type;
uint have_mask;
uint need_mask;
uint have_stdin;
-uint h_flag;
uint n_flag;
#endif /* _SETFACL_H */
More information about the p4-projects
mailing list