/* Test whether a file has a nontrivial access control list.
- Copyright (C) 2002-2003, 2005-2009 Free Software Foundation, Inc.
+ Copyright (C) 2002-2003, 2005-2011 Free Software Foundation, Inc.
This program is free software: you can redistribute it and/or modify
it under the terms of the GNU General Public License as published by
# endif
-#elif USE_ACL && HAVE_ACL && defined GETACL /* Solaris, Cygwin, not HP-UX */
+#elif USE_ACL && HAVE_FACL && defined GETACL /* Solaris, Cygwin, not HP-UX */
# if !defined ACL_NO_TRIVIAL /* Solaris <= 10, Cygwin */
return 0;
}
+# if HAVE_ACLV_H /* HP-UX >= 11.11 */
+
+/* Return 1 if the given ACL is non-trivial.
+ Return 0 if it is trivial, i.e. equivalent to a simple stat() mode. */
+int
+aclv_nontrivial (int count, struct acl *entries)
+{
+ int i;
+
+ for (i = 0; i < count; i++)
+ {
+ struct acl *ace = &entries[i];
+
+ /* Note: If ace->a_type = USER_OBJ, ace->a_id is the st_uid from stat().
+ If ace->a_type = GROUP_OBJ, ace->a_id is the st_gid from stat().
+ We don't need to check ace->a_id in these cases. */
+ if (!(ace->a_type == USER_OBJ /* no need to check ace->a_id here */
+ || ace->a_type == GROUP_OBJ /* no need to check ace->a_id here */
+ || ace->a_type == CLASS_OBJ
+ || ace->a_type == OTHER_OBJ))
+ return 1;
+ }
+ return 0;
+}
+
+# endif
+
#elif USE_ACL && (HAVE_ACLX_GET || HAVE_STATACL) /* AIX */
/* Return 1 if the given ACL is non-trivial.
# endif
+#elif USE_ACL && HAVE_ACLSORT /* NonStop Kernel */
+
+/* Test an ACL retrieved with ACL_GET.
+ Return 1 if the given ACL, consisting of COUNT entries, is non-trivial.
+ Return 0 if it is trivial, i.e. equivalent to a simple stat() mode. */
+int
+acl_nontrivial (int count, struct acl *entries)
+{
+ int i;
+
+ for (i = 0; i < count; i++)
+ {
+ struct acl *ace = &entries[i];
+
+ /* Note: If ace->a_type = USER_OBJ, ace->a_id is the st_uid from stat().
+ If ace->a_type = GROUP_OBJ, ace->a_id is the st_gid from stat().
+ We don't need to check ace->a_id in these cases. */
+ if (!(ace->a_type == USER_OBJ /* no need to check ace->a_id here */
+ || ace->a_type == GROUP_OBJ /* no need to check ace->a_id here */
+ || ace->a_type == CLASS_OBJ
+ || ace->a_type == OTHER_OBJ))
+ return 1;
+ }
+ return 0;
+}
+
#endif
/* Linux, FreeBSD, MacOS X, IRIX, Tru64 */
int ret;
- if (HAVE_ACL_EXTENDED_FILE) /* Linux */
+ if (HAVE_ACL_EXTENDED_FILE || HAVE_ACL_EXTENDED_FILE_NOFOLLOW) /* Linux */
{
+# if HAVE_ACL_EXTENDED_FILE_NOFOLLOW
+ /* acl_extended_file_nofollow() uses lgetxattr() in order to prevent
+ unnecessary mounts, but it returns the same result as we already
+ know that NAME is not a symbolic link at this point (modulo the
+ TOCTTOU race condition). */
+ ret = acl_extended_file_nofollow (name);
+# else
/* On Linux, acl_extended_file is an optimized function: It only
makes two calls to getxattr(), one for ACL_TYPE_ACCESS, one for
ACL_TYPE_DEFAULT. */
ret = acl_extended_file (name);
+# endif
}
else /* FreeBSD, MacOS X, IRIX, Tru64 */
{
return ACL_NOT_WELL_SUPPORTED (errno) ? 0 : -1;
return ret;
-# elif HAVE_ACL && defined GETACLCNT /* Solaris, Cygwin, not HP-UX */
+# elif HAVE_FACL && defined GETACLCNT /* Solaris, Cygwin, not HP-UX */
# if defined ACL_NO_TRIVIAL
# elif HAVE_GETACL /* HP-UX */
- int count;
- struct acl_entry entries[NACLENTRIES];
-
for (;;)
{
+ int count;
+ struct acl_entry entries[NACLENTRIES];
+
count = getacl (name, 0, NULL);
if (count < 0)
- return (errno == ENOSYS || errno == EOPNOTSUPP ? 0 : -1);
+ {
+ /* ENOSYS is seen on newer HP-UX versions.
+ EOPNOTSUPP is typically seen on NFS mounts.
+ ENOTSUP was seen on Quantum StorNext file systems (cvfs). */
+ if (errno == ENOSYS || errno == EOPNOTSUPP || errno == ENOTSUP)
+ break;
+ else
+ return -1;
+ }
if (count == 0)
return 0;
Repeat. */
}
+# if HAVE_ACLV_H /* HP-UX >= 11.11 */
+
+ for (;;)
+ {
+ int count;
+ struct acl entries[NACLVENTRIES];
+
+ count = acl ((char *) name, ACL_CNT, NACLVENTRIES, entries);
+
+ if (count < 0)
+ {
+ /* EOPNOTSUPP is seen on NFS in HP-UX 11.11, 11.23.
+ EINVAL is seen on NFS in HP-UX 11.31. */
+ if (errno == ENOSYS || errno == EOPNOTSUPP || errno == EINVAL)
+ break;
+ else
+ return -1;
+ }
+
+ if (count == 0)
+ return 0;
+
+ if (count > NACLVENTRIES)
+ /* If NACLVENTRIES cannot be trusted, use dynamic memory
+ allocation. */
+ abort ();
+
+ /* If there are more than 4 entries, there cannot be only the
+ four base ACL entries. */
+ if (count > 4)
+ return 1;
+
+ if (acl ((char *) name, ACL_GET, count, entries) == count)
+ return aclv_nontrivial (count, entries);
+ /* Huh? The number of ACL entries changed since the last call.
+ Repeat. */
+ }
+
+# endif
+
# elif HAVE_ACLX_GET && defined ACL_AIX_WIP /* AIX */
acl_type_t type;
return acl_nontrivial (&u.a);
+# elif HAVE_ACLSORT /* NonStop Kernel */
+
+ int count;
+ struct acl entries[NACLENTRIES];
+
+ for (;;)
+ {
+ count = acl ((char *) name, ACL_CNT, NACLENTRIES, NULL);
+
+ if (count < 0)
+ return -1;
+
+ if (count == 0)
+ return 0;
+
+ if (count > NACLENTRIES)
+ /* If NACLENTRIES cannot be trusted, use dynamic memory
+ allocation. */
+ abort ();
+
+ /* If there are more than 4 entries, there cannot be only the
+ four base ACL entries. */
+ if (count > 4)
+ return 1;
+
+ if (acl ((char *) name, ACL_GET, count, entries) == count)
+ return acl_nontrivial (count, entries);
+ /* Huh? The number of ACL entries changed since the last call.
+ Repeat. */
+ }
+
# endif
}
#endif