/* Test whether a file has a nontrivial ACL. -*- coding: utf-8 -*-
Copyright (C) 2002-2003, 2005-2024 Free Software Foundation, Inc.
This program is free software: you can redistribute it and/or modify
it under the terms of the GNU General Public License as published by
the Free Software Foundation, either version 3 of the License, or
(at your option) any later version.
This program is distributed in the hope that it will be useful,
but WITHOUT ANY WARRANTY; without even the implied warranty of
MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
GNU General Public License for more details.
You should have received a copy of the GNU General Public License
along with this program. If not, see .
Written by Paul Eggert, Andreas Grünbacher, and Bruno Haible. */
#include
/* Without this pragma, gcc 4.7.0 20120126 may suggest that the
file_has_acl function might be candidate for attribute 'const' */
#if _GL_GNUC_PREREQ (4, 6)
# pragma GCC diagnostic ignored "-Wsuggest-attribute=const"
#endif
#include "acl.h"
#include
#include
#include "acl-internal.h"
#include "attribute.h"
#include "minmax.h"
/* Check the assumption that UCHAR_MAX < INT_MAX. */
static_assert (ACL_SYMLINK_FOLLOW & ~ (unsigned char) -1);
static char const UNKNOWN_SECURITY_CONTEXT[] = "?";
#if HAVE_LINUX_XATTR_H && HAVE_LISTXATTR
# define USE_LINUX_XATTR true
#else
# define USE_LINUX_XATTR false
#endif
#if USE_LINUX_XATTR
# if USE_SELINUX_SELINUX_H
# include
# endif
# include
# include
# include
# include
# include
# include
# ifndef XATTR_NAME_NFSV4_ACL
# define XATTR_NAME_NFSV4_ACL "system.nfs4_acl"
# endif
# ifndef XATTR_NAME_POSIX_ACL_ACCESS
# define XATTR_NAME_POSIX_ACL_ACCESS "system.posix_acl_access"
# endif
# ifndef XATTR_NAME_POSIX_ACL_DEFAULT
# define XATTR_NAME_POSIX_ACL_DEFAULT "system.posix_acl_default"
# endif
# ifdef HAVE_SMACK
# include
# else
static char const *
smack_smackfs_path (void)
{
return NULL;
}
static ssize_t
smack_new_label_from_path (MAYBE_UNUSED const char *path,
MAYBE_UNUSED const char *xattr,
MAYBE_UNUSED int follow, MAYBE_UNUSED char **label)
{
return -1;
}
# endif
static bool
is_smack_enabled (void)
{
return !!smack_smackfs_path ();
}
enum {
/* ACE4_ACCESS_ALLOWED_ACE_TYPE = 0x00000000, */
ACE4_ACCESS_DENIED_ACE_TYPE = 0x00000001,
ACE4_IDENTIFIER_GROUP = 0x00000040
};
/* Does AI's xattr set contain XATTR? */
bool
aclinfo_has_xattr (struct aclinfo const *ai, char const *xattr)
{
if (0 < ai->size)
{
char const *blim = ai->buf + ai->size;
for (char const *b = ai->buf; b < blim; b += strlen (b) + 1)
for (char const *a = xattr; *a == *b; a++, b++)
if (!*a)
return true;
}
return false;
}
/* Get attributes of the file NAME into AI, if USE_ACL.
If FLAGS & ACL_GET_SCONTEXT, also get security context.
If FLAGS & ACL_SYMLINK_FOLLOW, follow symbolic links. */
static void
get_aclinfo (char const *name, struct aclinfo *ai, int flags)
{
int scontext_err = ENOTSUP;
ai->buf = ai->u.__gl_acl_ch;
ssize_t acl_alloc = sizeof ai->u.__gl_acl_ch;
if (! (USE_ACL || flags & ACL_GET_SCONTEXT))
ai->size = 0;
else
{
ssize_t (*lsxattr) (char const *, char *, size_t)
= (flags & ACL_SYMLINK_FOLLOW ? listxattr : llistxattr);
while (true)
{
ai->size = lsxattr (name, ai->buf, acl_alloc);
if (0 < ai->size)
break;
ai->u.err = ai->size < 0 ? errno : 0;
if (! (ai->size < 0 && ai->u.err == ERANGE && acl_alloc < SSIZE_MAX))
break;
/* The buffer was too small. Find how large it should have been. */
ssize_t size = lsxattr (name, NULL, 0);
if (size <= 0)
{
ai->size = size;
ai->u.err = size < 0 ? errno : 0;
break;
}
/* Grow allocation to at least 'size'. Grow it by a nontrivial
amount, to defend against denial of service by an adversary
that fiddles with ACLs. */
if (ai->buf != ai->u.__gl_acl_ch)
{
free (ai->buf);
ai->buf = ai->u.__gl_acl_ch;
}
if (ckd_add (&acl_alloc, acl_alloc, acl_alloc >> 1))
acl_alloc = SSIZE_MAX;
if (acl_alloc < size)
acl_alloc = size;
if (SIZE_MAX < acl_alloc)
{
ai->u.err = ENOMEM;
break;
}
char *newbuf = malloc (acl_alloc);
if (!newbuf)
{
ai->u.err = errno;
break;
}
ai->buf = newbuf;
}
}
if (0 < ai->size && flags & ACL_GET_SCONTEXT)
{
if (is_smack_enabled ())
{
if (aclinfo_has_xattr (ai, XATTR_NAME_SMACK))
{
ssize_t r = smack_new_label_from_path (name, "security.SMACK64",
flags & ACL_SYMLINK_FOLLOW,
&ai->scontext);
scontext_err = r < 0 ? errno : 0;
}
}
else
{
# if USE_SELINUX_SELINUX_H
if (aclinfo_has_xattr (ai, XATTR_NAME_SELINUX))
{
ssize_t r =
((flags & ACL_SYMLINK_FOLLOW ? getfilecon : lgetfilecon)
(name, &ai->scontext));
scontext_err = r < 0 ? errno : 0;
# ifndef SE_SELINUX_INLINE
/* Gnulib's selinux-h module is not in use, so getfilecon and
lgetfilecon can misbehave, be it via an old version of
libselinux where these would return 0 and set the result
context to NULL, or via a modern kernel+lib operating on a
file from a disk whose attributes were set by a kernel from
around 2006. In that latter case, the functions return a
length of 10 for the "unlabeled" context. Map both failures
to a return value of -1, and set errno to ENOTSUP in the
first case, and ENODATA in the latter. */
if (r == 0)
scontext_err = ENOTSUP;
if (r == 10 && memcmp (ai->scontext, "unlabeled", 10) == 0)
{
freecon (ai->scontext);
scontext_err = ENODATA;
}
# endif
}
# endif
}
}
ai->scontext_err = scontext_err;
if (scontext_err)
ai->scontext = (char *) UNKNOWN_SECURITY_CONTEXT;
}
# ifndef aclinfo_scontext_free
/* Free the pointer that file_has_aclinfo put into scontext.
However, do nothing if the argument is a null pointer;
This lets the caller replace the scontext member with a null pointer if it
is willing to own the member and call this function later. */
void
aclinfo_scontext_free (char *scontext)
{
if (scontext != UNKNOWN_SECURITY_CONTEXT)
{
if (is_smack_enabled ())
free (scontext);
else if (scontext)
freecon (scontext);
}
}
# endif
/* Free AI's heap storage. */
void
aclinfo_free (struct aclinfo *ai)
{
if (ai->buf != ai->u.__gl_acl_ch)
free (ai->buf);
aclinfo_scontext_free (ai->scontext);
}
/* Return 1 if given ACL in XDR format is non-trivial, 0 if it is trivial.
-1 upon failure to determine it. Possibly change errno. Assume that
the ACL is valid, except avoid undefined behavior even if invalid.
See . The NFSv4 acls are
defined in Internet RFC 7530 and as such, every NFSv4 server
supporting ACLs should support NFSv4 ACLs (they differ from from
POSIX draft ACLs). The ACLs can be obtained via the
nfsv4-acl-tools, e.g., the nfs4_getfacl command. Gnulib provides
only basic support of NFSv4 ACLs, i.e., recognize trivial vs
nontrivial ACLs. */
static int
acl_nfs4_nontrivial (uint32_t *xattr, ssize_t nbytes)
{
enum { BYTES_PER_NETWORK_UINT = 4};
/* Grab the number of aces in the acl. */
nbytes -= BYTES_PER_NETWORK_UINT;
if (nbytes < 0)
return -1;
uint32_t num_aces = ntohl (*xattr++);
if (6 < num_aces)
return 1;
int ace_found = 0;
for (int ace_n = 0; ace_n < num_aces; ace_n++)
{
/* Get the acl type and flag. Skip the mask; it's too risky to
test it and it does not seem to be needed. Get the wholen. */
nbytes -= 4 * BYTES_PER_NETWORK_UINT;
if (nbytes < 0)
return -1;
uint32_t type = ntohl (xattr[0]);
uint32_t flag = ntohl (xattr[1]);
uint32_t wholen = ntohl (xattr[3]);
xattr += 4;
int whowords = (wholen / BYTES_PER_NETWORK_UINT
+ (wholen % BYTES_PER_NETWORK_UINT != 0));
int64_t wholen4 = whowords;
wholen4 *= BYTES_PER_NETWORK_UINT;
/* Trivial ACLs have only ACE4_ACCESS_ALLOWED_ACE_TYPE or
ACE4_ACCESS_DENIED_ACE_TYPE. */
if (ACE4_ACCESS_DENIED_ACE_TYPE < type)
return 1;
/* RFC 7530 says FLAG should be 0, but be generous to NetApp and
also accept the group flag. */
if (flag & ~ACE4_IDENTIFIER_GROUP)
return 1;
/* Get the who string. Check NBYTES - WHOLEN4 before storing
into NBYTES, to avoid truncation on conversion. */
if (nbytes - wholen4 < 0)
return -1;
nbytes -= wholen4;
/* For a trivial ACL, max 6 (typically 3) ACEs, 3 allow, 3 deny.
Check that there is at most one ACE of each TYPE and WHO. */
int who2
= (wholen == 6 && memcmp (xattr, "OWNER@", 6) == 0 ? 0
: wholen == 6 && memcmp (xattr, "GROUP@", 6) == 0 ? 2
: wholen == 9 && memcmp (xattr, "EVERYONE@", 9) == 0 ? 4
: -1);
if (who2 < 0)
return 1;
int ace_found_bit = 1 << (who2 | type);
if (ace_found & ace_found_bit)
return 1;
ace_found |= ace_found_bit;
xattr += whowords;
}
return 0;
}
#endif
/* Return 1 if NAME has a nontrivial access control list,
0 if ACLs are not supported, or if NAME has no or only a base ACL,
and -1 (setting errno) on error. Note callers can determine
if ACLs are not supported as errno is set in that case also.
Set *AI to ACL info regardless of return value.
FLAGS should be a d_type value, optionally ORed with
- _GL_DT_NOTDIR if it is known that NAME is not a directory,
- ACL_GET_SCONTEXT to retrieve security context and return 1 if present,
- ACL_SYMLINK_FOLLOW to follow the link if NAME is a symbolic link;
otherwise do not follow them if possible.
If the d_type value is not known, use DT_UNKNOWN though this may be less
efficient. */
int
file_has_aclinfo (MAYBE_UNUSED char const *restrict name,
struct aclinfo *restrict ai, int flags)
{
MAYBE_UNUSED unsigned char d_type = flags & UCHAR_MAX;
#if USE_LINUX_XATTR
int initial_errno = errno;
get_aclinfo (name, ai, flags);
if (ai->size <= 0)
{
errno = ai->size < 0 ? ai->u.err : initial_errno;
return ai->size;
}
/* In Fedora 39, a file can have both NFSv4 and POSIX ACLs,
but if it has an NFSv4 ACL that's the one that matters.
In earlier Fedora the two types of ACLs were mutually exclusive.
Attempt to work correctly on both kinds of systems. */
if (!aclinfo_has_xattr (ai, XATTR_NAME_NFSV4_ACL))
return
(aclinfo_has_xattr (ai, XATTR_NAME_POSIX_ACL_ACCESS)
|| ((d_type == DT_DIR || d_type == DT_UNKNOWN)
&& aclinfo_has_xattr (ai, XATTR_NAME_POSIX_ACL_DEFAULT)));
/* A buffer large enough to hold any trivial NFSv4 ACL.
The max length of a trivial NFSv4 ACL is 6 words for owner,
6 for group, 7 for everyone, all times 2 because there are both
allow and deny ACEs. There are 6 words for owner because of
type, flag, mask, wholen, "OWNER@"+pad and similarly for group;
everyone is another word to hold "EVERYONE@". */
uint32_t buf[2 * (6 + 6 + 7)];
int ret = ((flags & ACL_SYMLINK_FOLLOW ? getxattr : lgetxattr)
(name, XATTR_NAME_NFSV4_ACL, buf, sizeof buf));
if (ret < 0)
switch (errno)
{
case ENODATA: return 0;
case ERANGE : return 1; /* ACL must be nontrivial. */
default: return - acl_errno_valid (errno);
}
/* It looks like a trivial ACL, but investigate further. */
ret = acl_nfs4_nontrivial (buf, ret);
errno = ret < 0 ? EINVAL : initial_errno;
return ret;
#else /* !USE_LINUX_XATTR */
ai->buf = ai->u.__gl_acl_ch;
ai->size = -1;
ai->u.err = ENOTSUP;
ai->scontext = (char *) UNKNOWN_SECURITY_CONTEXT;
ai->scontext_err = ENOTSUP;
# if USE_ACL
# if HAVE_ACL_GET_FILE
{
/* POSIX 1003.1e (draft 17 -- abandoned) specific version. */
/* Linux, FreeBSD, NetBSD >= 10, Mac OS X, IRIX, Tru64, Cygwin >= 2.5 */
int ret;
# if HAVE_ACL_EXTENDED_FILE /* Linux */
/* On Linux, acl_extended_file is an optimized function: It only
makes two calls to getxattr(), one for ACL_TYPE_ACCESS, one for
ACL_TYPE_DEFAULT. */
ret = ((flags & ACL_SYMLINK_FOLLOW
? acl_extended_file
: acl_extended_file_nofollow)
(name));
# elif HAVE_ACL_TYPE_EXTENDED /* Mac OS X */
/* On Mac OS X, acl_get_file (name, ACL_TYPE_ACCESS)
and acl_get_file (name, ACL_TYPE_DEFAULT)
always return NULL / EINVAL. There is no point in making
these two useless calls. The real ACL is retrieved through
acl_get_file (name, ACL_TYPE_EXTENDED). */
acl_t acl = ((flags & ACL_SYMLINK_FOLLOW
? acl_get_file
: acl_get_link_np)
(name, ACL_TYPE_EXTENDED));
if (acl)
{
ret = acl_extended_nontrivial (acl);
acl_free (acl);
}
else
ret = -1;
# else /* FreeBSD, NetBSD >= 10, IRIX, Tru64, Cygwin >= 2.5 */
acl_t (*acl_get_file_or_link) (char const *, acl_type_t) = acl_get_file;
# if HAVE_ACL_GET_LINK_NP /* FreeBSD, NetBSD >= 10 */
if (! (flags & ACL_SYMLINK_FOLLOW))
acl_get_file_or_link = acl_get_link_np;
# endif
acl_t acl = acl_get_file_or_link (name, ACL_TYPE_ACCESS);
if (acl)
{
ret = acl_access_nontrivial (acl);
int saved_errno = errno;
acl_free (acl);
errno = saved_errno;
# if HAVE_ACL_FREE_TEXT /* Tru64 */
/* On OSF/1, acl_get_file (name, ACL_TYPE_DEFAULT) always
returns NULL with errno not set. There is no point in
making this call. */
# else /* FreeBSD, NetBSD >= 10, IRIX, Cygwin >= 2.5 */
/* On Linux, FreeBSD, NetBSD, IRIX,
acl_get_file (name, ACL_TYPE_ACCESS)
and acl_get_file (name, ACL_TYPE_DEFAULT) on a directory
either both succeed or both fail; it depends on the
file system. Therefore there is no point in making the second
call if the first one already failed. */
if (ret == 0
&& (d_type == DT_DIR
|| (d_type == DT_UNKNOWN && !(flags & _GL_DT_NOTDIR))))
{
acl = acl_get_file_or_link (name, ACL_TYPE_DEFAULT);
if (acl)
{
# ifdef __CYGWIN__ /* Cygwin >= 2.5 */
ret = acl_access_nontrivial (acl);
saved_errno = errno;
acl_free (acl);
errno = saved_errno;
# else
ret = (0 < acl_entries (acl));
acl_free (acl);
# endif
}
else
{
ret = -1;
# ifdef __CYGWIN__ /* Cygwin >= 2.5 */
if (d_type == DT_UNKNOWN)
ret = 0;
# endif
}
}
# endif
}
else
ret = -1;
# endif
return ret < 0 ? - acl_errno_valid (errno) : ret;
}
# else /* !HAVE_ACL_GET_FILE */
/* The remaining APIs always follow symlinks and operate on
platforms where symlinks do not have ACLs, so skip the APIs if
NAME is known to be a symlink. */
if (d_type != DT_LNK)
{
# if HAVE_FACL && defined GETACL /* Solaris, Cygwin < 2.5, not HP-UX */
# ifdef ACL_NO_TRIVIAL
/* Solaris 10 (newer version), which has additional API declared in
(acl_t) and implemented in libsec (acl_set, acl_trivial,
acl_fromtext, ...). */
return acl_trivial (name);
# else /* Solaris, Cygwin, general case */
/* Solaris 2.5 through Solaris 10, Cygwin, and contemporaneous versions
of Unixware. The acl() call returns the access and default ACL both
at once. */
{
/* Initially, try to read the entries into a stack-allocated buffer.
Use malloc if it does not fit. */
enum
{
alloc_init = 4000 / sizeof (aclent_t), /* >= 3 */
alloc_max = MIN (INT_MAX, SIZE_MAX / sizeof (aclent_t))
};
aclent_t buf[alloc_init];
size_t alloc = alloc_init;
aclent_t *entries = buf;
aclent_t *malloced = NULL;
int count;
for (;;)
{
count = acl (name, GETACL, alloc, entries);
if (count < 0 && errno == ENOSPC)
{
/* Increase the size of the buffer. */
free (malloced);
if (alloc > alloc_max / 2)
{
errno = ENOMEM;
return -1;
}
alloc = 2 * alloc; /* <= alloc_max */
entries = malloced =
(aclent_t *) malloc (alloc * sizeof (aclent_t));
if (entries == NULL)
return -1;
continue;
}
break;
}
if (count < 0)
{
if (errno == ENOSYS || errno == ENOTSUP)
;
else
{
free (malloced);
return -1;
}
}
else if (count == 0)
;
else
{
/* Don't use MIN_ACL_ENTRIES: It's set to 4 on Cygwin, but Cygwin
returns only 3 entries for files with no ACL. But this is safe:
If there are more than 4 entries, there cannot be only the
"user::", "group::", "other:", and "mask:" entries. */
if (count > 4)
{
free (malloced);
return 1;
}
if (acl_nontrivial (count, entries))
{
free (malloced);
return 1;
}
}
free (malloced);
}
# ifdef ACE_GETACL
/* Solaris also has a different variant of ACLs, used in ZFS and NFSv4
file systems (whereas the other ones are used in UFS file systems). */
{
/* Initially, try to read the entries into a stack-allocated buffer.
Use malloc if it does not fit. */
enum
{
alloc_init = 4000 / sizeof (ace_t), /* >= 3 */
alloc_max = MIN (INT_MAX, SIZE_MAX / sizeof (ace_t))
};
ace_t buf[alloc_init];
size_t alloc = alloc_init;
ace_t *entries = buf;
ace_t *malloced = NULL;
int count;
for (;;)
{
count = acl (name, ACE_GETACL, alloc, entries);
if (count < 0 && errno == ENOSPC)
{
/* Increase the size of the buffer. */
free (malloced);
if (alloc > alloc_max / 2)
{
errno = ENOMEM;
return -1;
}
alloc = 2 * alloc; /* <= alloc_max */
entries = malloced = (ace_t *) malloc (alloc * sizeof (ace_t));
if (entries == NULL)
return -1;
continue;
}
break;
}
if (count < 0)
{
if (errno == ENOSYS || errno == EINVAL)
;
else
{
free (malloced);
return -1;
}
}
else if (count == 0)
;
else
{
/* In the old (original Solaris 10) convention:
If there are more than 3 entries, there cannot be only the
ACE_OWNER, ACE_GROUP, ACE_OTHER entries.
In the newer Solaris 10 and Solaris 11 convention:
If there are more than 6 entries, there cannot be only the
ACE_OWNER, ACE_GROUP, ACE_EVERYONE entries, each once with
NEW_ACE_ACCESS_ALLOWED_ACE_TYPE and once with
NEW_ACE_ACCESS_DENIED_ACE_TYPE. */
if (count > 6)
{
free (malloced);
return 1;
}
if (acl_ace_nontrivial (count, entries))
{
free (malloced);
return 1;
}
}
free (malloced);
}
# endif
return 0;
# endif
# elif HAVE_GETACL /* HP-UX */
{
struct acl_entry entries[NACLENTRIES];
int count;
count = getacl (name, NACLENTRIES, entries);
if (count < 0)
{
/* ENOSYS is seen on newer HP-UX versions.
EOPNOTSUPP is typically seen on NFS mounts.
ENOTSUP was seen on Quantum StorNext file systems (cvfs). */
if (errno == ENOSYS || errno == EOPNOTSUPP || errno == ENOTSUP)
;
else
return -1;
}
else if (count == 0)
return 0;
else /* count > 0 */
{
if (count > NACLENTRIES)
/* If NACLENTRIES cannot be trusted, use dynamic memory
allocation. */
abort ();
/* If there are more than 3 entries, there cannot be only the
(uid,%), (%,gid), (%,%) entries. */
if (count > 3)
return 1;
{
struct stat statbuf;
if (stat (name, &statbuf) == -1 && errno != EOVERFLOW)
return -1;
return acl_nontrivial (count, entries);
}
}
}
# if HAVE_ACLV_H /* HP-UX >= 11.11 */
{
struct acl entries[NACLVENTRIES];
int count;
count = acl ((char *) name, ACL_GET, NACLVENTRIES, entries);
if (count < 0)
{
/* EOPNOTSUPP is seen on NFS in HP-UX 11.11, 11.23.
EINVAL is seen on NFS in HP-UX 11.31. */
if (errno == ENOSYS || errno == EOPNOTSUPP || errno == EINVAL)
;
else
return -1;
}
else if (count == 0)
return 0;
else /* count > 0 */
{
if (count > NACLVENTRIES)
/* If NACLVENTRIES cannot be trusted, use dynamic memory
allocation. */
abort ();
/* If there are more than 4 entries, there cannot be only the
four base ACL entries. */
if (count > 4)
return 1;
return aclv_nontrivial (count, entries);
}
}
# endif
# elif HAVE_ACLX_GET && defined ACL_AIX_WIP /* AIX */
acl_type_t type;
char aclbuf[1024];
void *acl = aclbuf;
size_t aclsize = sizeof (aclbuf);
mode_t mode;
for (;;)
{
/* The docs say that type being 0 is equivalent to ACL_ANY, but it
is not true, in AIX 5.3. */
type.u64 = ACL_ANY;
if (aclx_get (name, 0, &type, aclbuf, &aclsize, &mode) >= 0)
break;
if (errno == ENOSYS)
return 0;
if (errno != ENOSPC)
{
if (acl != aclbuf)
free (acl);
return -1;
}
aclsize = 2 * aclsize;
if (acl != aclbuf)
free (acl);
acl = malloc (aclsize);
if (acl == NULL)
return -1;
}
if (type.u64 == ACL_AIXC)
{
int result = acl_nontrivial ((struct acl *) acl);
if (acl != aclbuf)
free (acl);
return result;
}
else if (type.u64 == ACL_NFS4)
{
int result = acl_nfs4_nontrivial ((nfs4_acl_int_t *) acl);
if (acl != aclbuf)
free (acl);
return result;
}
else
{
/* A newer type of ACL has been introduced in the system.
We should better support it. */
if (acl != aclbuf)
free (acl);
errno = EINVAL;
return -1;
}
# elif HAVE_STATACL /* older AIX */
union { struct acl a; char room[4096]; } u;
if (statacl ((char *) name, STX_NORMAL, &u.a, sizeof (u)) < 0)
return -1;
return acl_nontrivial (&u.a);
# elif HAVE_ACLSORT /* NonStop Kernel */
{
struct acl entries[NACLENTRIES];
int count;
count = acl ((char *) name, ACL_GET, NACLENTRIES, entries);
if (count < 0)
{
if (errno == ENOSYS || errno == ENOTSUP)
;
else
return -1;
}
else if (count == 0)
return 0;
else /* count > 0 */
{
if (count > NACLENTRIES)
/* If NACLENTRIES cannot be trusted, use dynamic memory
allocation. */
abort ();
/* If there are more than 4 entries, there cannot be only the
four base ACL entries. */
if (count > 4)
return 1;
return acl_nontrivial (count, entries);
}
}
# endif
}
# endif
# endif
#endif
return 0;
}
/* Return 1 if NAME has a nontrivial access control list,
0 if ACLs are not supported, or if NAME has no or only a base ACL,
and -1 (setting errno) on error. Note callers can determine
if ACLs are not supported as errno is set in that case also.
SB must be set to the stat buffer of NAME,
obtained through stat() or lstat(). */
int
file_has_acl (char const *name, struct stat const *sb)
{
int flags = IFTODT (sb->st_mode);
if (!S_ISDIR (sb->st_mode))
flags |= _GL_DT_NOTDIR;
struct aclinfo ai;
int r = file_has_aclinfo (name, &ai, flags);
aclinfo_free (&ai);
return r;
}