int
add_acl(acl_t acl, uint entry_number, acl_t *prev_acl, const char *filename)
{
acl_entry_t entry, entry_new;
acl_t acl_new;
int entry_id, acl_brand, prev_acl_brand;
acl_get_brand_np(acl, &acl_brand);
acl_get_brand_np(*prev_acl, &prev_acl_brand);
if (prev_acl_brand != ACL_BRAND_NFS4) {
warnx("%s: the '-a' option is only applicable to NFSv4 ACLs",
filename);
return (-1);
}
if (branding_mismatch(acl_brand, ACL_BRAND_NFS4)) {
warnx("%s: branding mismatch; existing ACL is NFSv4, "
"entry to be added is %s", filename,
brand_name(acl_brand));
return (-1);
}
acl_new = acl_dup(*prev_acl);
if (acl_new == NULL)
err(1, "%s: acl_dup() failed", filename);
entry_id = ACL_FIRST_ENTRY;
while (acl_get_entry(acl, entry_id, &entry) == 1) {
entry_id = ACL_NEXT_ENTRY;
if (acl_create_entry_np(&acl_new, &entry_new, entry_number) == -1) {
warn("%s: acl_create_entry_np() failed", filename);
acl_free(acl_new);
return (-1);
}
/*
* Without this increment, adding several
* entries at once, for example
* "setfacl -m user:1:r:allow,user:2:r:allow",
* would make them appear in reverse order.
*/
entry_number++;
if (acl_copy_entry(entry_new, entry) == -1)
err(1, "%s: acl_copy_entry() failed", filename);
}
acl_free(*prev_acl);
*prev_acl = acl_new;
return (0);
}
int
acl_create_entry(acl_t *acl_p, acl_entry_t *entry_p)
{
return(acl_create_entry_np(acl_p, entry_p, ACL_LAST_ENTRY));
}
/*
* merge an ACL into existing file's ACL
*/
int
merge_acl(acl_t acl, acl_t *prev_acl, const char *filename)
{
acl_entry_t entry, entry_new;
acl_permset_t permset;
acl_t acl_new;
acl_tag_t tag, tag_new;
acl_entry_type_t entry_type, entry_type_new;
acl_flagset_t flagset;
int entry_id, entry_id_new, have_entry, had_entry, entry_number = 0;
int acl_brand, prev_acl_brand;
acl_get_brand_np(acl, &acl_brand);
acl_get_brand_np(*prev_acl, &prev_acl_brand);
if (branding_mismatch(acl_brand, prev_acl_brand)) {
warnx("%s: branding mismatch; existing ACL is %s, "
"entry to be merged is %s", filename,
brand_name(prev_acl_brand), brand_name(acl_brand));
return (-1);
}
acl_new = acl_dup(*prev_acl);
if (acl_new == NULL)
err(1, "%s: acl_dup() failed", filename);
entry_id = ACL_FIRST_ENTRY;
while (acl_get_entry(acl, entry_id, &entry) == 1) {
entry_id = ACL_NEXT_ENTRY;
have_entry = 0;
had_entry = 0;
/* keep track of existing ACL_MASK entries */
if (acl_get_tag_type(entry, &tag) == -1)
err(1, "%s: acl_get_tag_type() failed - "
"invalid ACL entry", filename);
if (tag == ACL_MASK)
have_mask = 1;
/* check against the existing ACL entries */
entry_id_new = ACL_FIRST_ENTRY;
while (acl_get_entry(acl_new, entry_id_new, &entry_new) == 1) {
entry_id_new = ACL_NEXT_ENTRY;
if (acl_get_tag_type(entry, &tag) == -1)
err(1, "%s: acl_get_tag_type() failed",
filename);
if (acl_get_tag_type(entry_new, &tag_new) == -1)
err(1, "%s: acl_get_tag_type() failed",
filename);
if (tag != tag_new)
continue;
/*
* For NFSv4, in addition to "tag" and "id" we also
* compare "entry_type".
*/
if (acl_brand == ACL_BRAND_NFS4) {
if (acl_get_entry_type_np(entry, &entry_type))
err(1, "%s: acl_get_entry_type_np() "
"failed", filename);
if (acl_get_entry_type_np(entry_new, &entry_type_new))
err(1, "%s: acl_get_entry_type_np() "
"failed", filename);
if (entry_type != entry_type_new)
continue;
}
switch(tag) {
case ACL_USER:
case ACL_GROUP:
have_entry = merge_user_group(&entry,
&entry_new, acl_brand);
if (have_entry == 0)
break;
/* FALLTHROUGH */
case ACL_USER_OBJ:
case ACL_GROUP_OBJ:
case ACL_OTHER:
case ACL_MASK:
case ACL_EVERYONE:
if (acl_get_permset(entry, &permset) == -1)
err(1, "%s: acl_get_permset() failed",
filename);
if (acl_set_permset(entry_new, permset) == -1)
err(1, "%s: acl_set_permset() failed",
filename);
if (acl_brand == ACL_BRAND_NFS4) {
if (acl_get_entry_type_np(entry, &entry_type))
err(1, "%s: acl_get_entry_type_np() failed",
filename);
if (acl_set_entry_type_np(entry_new, entry_type))
err(1, "%s: acl_set_entry_type_np() failed",
filename);
if (acl_get_flagset_np(entry, &flagset))
err(1, "%s: acl_get_flagset_np() failed",
filename);
if (acl_set_flagset_np(entry_new, flagset))
err(1, "%s: acl_set_flagset_np() failed",
filename);
}
had_entry = have_entry = 1;
break;
default:
/* should never be here */
errx(1, "%s: invalid tag type: %i", filename, tag);
break;
}
}
/* if this entry has not been found, it must be new */
if (had_entry == 0) {
/*
* NFSv4 ACL entries must be prepended to the ACL.
* Appending them at the end makes no sense, since
* in most cases they wouldn't even get evaluated.
*/
if (acl_brand == ACL_BRAND_NFS4) {
if (acl_create_entry_np(&acl_new, &entry_new, entry_number) == -1) {
warn("%s: acl_create_entry_np() failed", filename);
acl_free(acl_new);
return (-1);
}
/*
* Without this increment, adding several
* entries at once, for example
* "setfacl -m user:1:r:allow,user:2:r:allow",
* would make them appear in reverse order.
*/
entry_number++;
} else {
if (acl_create_entry(&acl_new, &entry_new) == -1) {
warn("%s: acl_create_entry() failed", filename);
acl_free(acl_new);
return (-1);
}
}
if (acl_copy_entry(entry_new, entry) == -1)
err(1, "%s: acl_copy_entry() failed", filename);
}
}
acl_free(*prev_acl);
*prev_acl = acl_new;
return (0);
}
static unsigned int
call_syscall(struct syscall_desc *scall, char *argv[])
{
struct stat64 sb;
long long flags;
unsigned int i;
char *endp;
int name, rval;
union {
char *str;
long long num;
} args[MAX_ARGS];
#ifdef HAS_FREEBSD_ACL
int entry_id = ACL_FIRST_ENTRY;
acl_t acl, newacl;
acl_entry_t entry, newentry;
#endif
/*
* Verify correctness of the arguments.
*/
for (i = 0; i < sizeof(args)/sizeof(args[0]); i++) {
if (scall->sd_args[i] == TYPE_NONE) {
if (argv[i] == NULL || strcmp(argv[i], ":") == 0)
break;
fprintf(stderr, "too many arguments [%s]\n", argv[i]);
exit(1);
} else {
if (argv[i] == NULL || strcmp(argv[i], ":") == 0) {
if (scall->sd_args[i] & TYPE_OPTIONAL)
break;
fprintf(stderr, "too few arguments\n");
exit(1);
}
if ((scall->sd_args[i] & TYPE_MASK) == TYPE_STRING) {
if (strcmp(argv[i], "NULL") == 0)
args[i].str = NULL;
else if (strcmp(argv[i], "DEADCODE") == 0)
args[i].str = (void *)0xdeadc0de;
else
args[i].str = argv[i];
} else if ((scall->sd_args[i] & TYPE_MASK) ==
TYPE_NUMBER) {
args[i].num = strtoll(argv[i], &endp, 0);
if (*endp != '\0' &&
!isspace((unsigned char)*endp)) {
fprintf(stderr,
"invalid argument %u, number expected [%s]\n",
i, endp);
exit(1);
}
} else if ((scall->sd_args[i] & TYPE_MASK) ==
TYPE_DESCRIPTOR) {
if (strcmp(argv[i], "AT_FDCWD") == 0) {
args[i].num = AT_FDCWD;
} else if (strcmp(argv[i], "BADFD") == 0) {
/* In case AT_FDCWD is -1 on some systems... */
if (AT_FDCWD == -1)
args[i].num = -2;
else
args[i].num = -1;
} else {
int pos;
pos = strtoll(argv[i], &endp, 0);
if (*endp != '\0' &&
!isspace((unsigned char)*endp)) {
fprintf(stderr,
"invalid argument %u, number expected [%s]\n",
i, endp);
exit(1);
}
args[i].num = descriptor_get(pos);
}
}
}
}
/*
* Call the given syscall.
*/
#define NUM(n) (args[(n)].num)
#define STR(n) (args[(n)].str)
switch (scall->sd_action) {
case ACTION_OPEN:
flags = str2flags(open_flags, STR(1));
if (flags & O_CREAT) {
if (i == 2) {
fprintf(stderr, "too few arguments\n");
exit(1);
}
rval = open(STR(0), (int)flags, (mode_t)NUM(2));
} else {
if (i == 3) {
fprintf(stderr, "too many arguments\n");
exit(1);
}
rval = open(STR(0), (int)flags);
}
if (rval >= 0)
descriptor_add(rval);
break;
case ACTION_OPENAT:
flags = str2flags(open_flags, STR(2));
if (flags & O_CREAT) {
if (i == 3) {
fprintf(stderr, "too few arguments\n");
exit(1);
}
rval = openat(NUM(0), STR(1), (int)flags,
(mode_t)NUM(3));
} else {
if (i == 4) {
fprintf(stderr, "too many arguments\n");
exit(1);
}
rval = openat(NUM(0), STR(1), (int)flags);
}
if (rval >= 0)
descriptor_add(rval);
break;
case ACTION_CREATE:
rval = open(STR(0), O_CREAT | O_EXCL, (mode_t)NUM(1));
if (rval >= 0)
close(rval);
break;
case ACTION_UNLINK:
rval = unlink(STR(0));
break;
case ACTION_UNLINKAT:
rval = unlinkat(NUM(0), STR(1),
(int)str2flags(unlinkat_flags, STR(2)));
break;
case ACTION_MKDIR:
rval = mkdir(STR(0), (mode_t)NUM(1));
break;
case ACTION_MKDIRAT:
rval = mkdirat(NUM(0), STR(1), (mode_t)NUM(2));
break;
case ACTION_RMDIR:
rval = rmdir(STR(0));
break;
case ACTION_LINK:
rval = link(STR(0), STR(1));
break;
case ACTION_LINKAT:
rval = linkat(NUM(0), STR(1), NUM(2), STR(3),
(int)str2flags(linkat_flags, STR(4)));
break;
case ACTION_SYMLINK:
rval = symlink(STR(0), STR(1));
break;
case ACTION_SYMLINKAT:
rval = symlinkat(STR(0), NUM(1), STR(2));
break;
case ACTION_RENAME:
rval = rename(STR(0), STR(1));
break;
case ACTION_RENAMEAT:
rval = renameat(NUM(0), STR(1), NUM(2), STR(3));
break;
case ACTION_MKFIFO:
rval = mkfifo(STR(0), (mode_t)NUM(1));
break;
case ACTION_MKFIFOAT:
rval = mkfifoat(NUM(0), STR(1), (mode_t)NUM(2));
break;
case ACTION_MKNOD:
case ACTION_MKNODAT:
{
mode_t ntype;
dev_t dev;
int fa;
switch (scall->sd_action) {
case ACTION_MKNOD:
fa = 0;
break;
case ACTION_MKNODAT:
fa = 1;
break;
default:
abort();
}
dev = makedev(NUM(fa + 3), NUM(fa + 4));
if (strcmp(STR(fa + 1), "c") == 0) /* character device */
ntype = S_IFCHR;
else if (strcmp(STR(fa + 1), "b") == 0) /* block device */
ntype = S_IFBLK;
else if (strcmp(STR(fa + 1), "f") == 0) /* fifo special */
ntype = S_IFIFO;
else if (strcmp(STR(fa + 1), "d") == 0) /* directory */
ntype = S_IFDIR;
else if (strcmp(STR(fa + 1), "o") == 0) /* regular file */
ntype = S_IFREG;
else {
fprintf(stderr, "wrong argument 1\n");
exit(1);
}
switch (scall->sd_action) {
case ACTION_MKNOD:
rval = mknod(STR(0), ntype | NUM(2), dev);
break;
case ACTION_MKNODAT:
rval = mknodat(NUM(0), STR(1), ntype | NUM(3), dev);
break;
default:
abort();
}
break;
}
case ACTION_BIND:
{
struct sockaddr_un sunx;
sunx.sun_family = AF_UNIX;
strncpy(sunx.sun_path, STR(0), sizeof(sunx.sun_path) - 1);
sunx.sun_path[sizeof(sunx.sun_path) - 1] = '\0';
rval = socket(AF_UNIX, SOCK_STREAM, 0);
if (rval < 0)
break;
rval = bind(rval, (struct sockaddr *)&sunx, sizeof(sunx));
break;
}
#ifdef HAS_BINDAT
case ACTION_BINDAT:
{
struct sockaddr_un sunx;
sunx.sun_family = AF_UNIX;
strncpy(sunx.sun_path, STR(1), sizeof(sunx.sun_path) - 1);
sunx.sun_path[sizeof(sunx.sun_path) - 1] = '\0';
rval = socket(AF_UNIX, SOCK_STREAM, 0);
if (rval < 0)
break;
rval = bindat(NUM(0), rval, (struct sockaddr *)&sunx,
sizeof(sunx));
break;
}
#endif
case ACTION_CONNECT:
{
struct sockaddr_un sunx;
sunx.sun_family = AF_UNIX;
strncpy(sunx.sun_path, STR(0), sizeof(sunx.sun_path) - 1);
sunx.sun_path[sizeof(sunx.sun_path) - 1] = '\0';
rval = socket(AF_UNIX, SOCK_STREAM, 0);
if (rval < 0)
break;
rval = connect(rval, (struct sockaddr *)&sunx, sizeof(sunx));
break;
}
#ifdef HAS_CONNECTAT
case ACTION_CONNECTAT:
{
struct sockaddr_un sunx;
sunx.sun_family = AF_UNIX;
strncpy(sunx.sun_path, STR(1), sizeof(sunx.sun_path) - 1);
sunx.sun_path[sizeof(sunx.sun_path) - 1] = '\0';
rval = socket(AF_UNIX, SOCK_STREAM, 0);
if (rval < 0)
break;
rval = connectat(NUM(0), rval, (struct sockaddr *)&sunx,
sizeof(sunx));
break;
}
#endif
case ACTION_CHMOD:
rval = chmod(STR(0), (mode_t)NUM(1));
break;
case ACTION_FCHMOD:
rval = fchmod(NUM(0), (mode_t)NUM(1));
break;
#ifdef HAS_LCHMOD
case ACTION_LCHMOD:
rval = lchmod(STR(0), (mode_t)NUM(1));
break;
#endif
case ACTION_FCHMODAT:
rval = fchmodat(NUM(0), STR(1), (mode_t)NUM(2),
str2flags(fchmodat_flags, STR(3)));
break;
case ACTION_CHOWN:
rval = chown(STR(0), (uid_t)NUM(1), (gid_t)NUM(2));
break;
case ACTION_FCHOWN:
rval = fchown(NUM(0), (uid_t)NUM(1), (gid_t)NUM(2));
break;
case ACTION_LCHOWN:
rval = lchown(STR(0), (uid_t)NUM(1), (gid_t)NUM(2));
break;
case ACTION_FCHOWNAT:
rval = fchownat(NUM(0), STR(1), (uid_t)NUM(2), (gid_t)NUM(3),
(int)str2flags(fchownat_flags, STR(4)));
break;
#ifdef HAS_CHFLAGS
case ACTION_CHFLAGS:
rval = chflags(STR(0),
(unsigned long)str2flags(chflags_flags, STR(1)));
break;
#endif
#ifdef HAS_FCHFLAGS
case ACTION_FCHFLAGS:
rval = fchflags(NUM(0),
(unsigned long)str2flags(chflags_flags, STR(1)));
break;
#endif
#ifdef HAS_CHFLAGSAT
case ACTION_CHFLAGSAT:
rval = chflagsat(NUM(0), STR(1),
(unsigned long)str2flags(chflags_flags, STR(2)),
(int)str2flags(chflagsat_flags, STR(3)));
break;
#endif
#ifdef HAS_LCHFLAGS
case ACTION_LCHFLAGS:
rval = lchflags(STR(0),
(unsigned long)str2flags(chflags_flags, STR(1)));
break;
#endif
case ACTION_TRUNCATE:
rval = truncate64(STR(0), NUM(1));
break;
case ACTION_FTRUNCATE:
rval = ftruncate64(NUM(0), NUM(1));
break;
case ACTION_STAT:
rval = stat64(STR(0), &sb);
if (rval == 0) {
show_stats(&sb, STR(1));
return (i);
}
break;
case ACTION_FSTAT:
rval = fstat64(NUM(0), &sb);
if (rval == 0) {
show_stats(&sb, STR(1));
return (i);
}
break;
case ACTION_LSTAT:
rval = lstat64(STR(0), &sb);
if (rval == 0) {
show_stats(&sb, STR(1));
return (i);
}
break;
case ACTION_FSTATAT:
rval = fstatat(NUM(0), STR(1), &sb,
(int)str2flags(fstatat_flags, STR(2)));
if (rval == 0) {
show_stats(&sb, STR(3));
return (i);
}
break;
case ACTION_PATHCONF:
case ACTION_FPATHCONF:
case ACTION_LPATHCONF:
{
long lrval;
name = str2name(pathconf_names, STR(1));
if (name == -1) {
fprintf(stderr, "unknown name %s", STR(1));
exit(1);
}
errno = 0;
switch (scall->sd_action) {
case ACTION_PATHCONF:
lrval = pathconf(STR(0), name);
break;
case ACTION_FPATHCONF:
lrval = fpathconf(NUM(0), name);
break;
case ACTION_LPATHCONF:
lrval = lpathconf(STR(0), name);
break;
default:
abort();
}
if (lrval == -1 && errno == 0) {
printf("unlimited\n");
return (i);
} else if (lrval >= 0) {
printf("%ld\n", lrval);
return (i);
}
rval = -1;
break;
}
#ifdef HAS_FREEBSD_ACL
case ACTION_PREPENDACL:
rval = -1;
acl = acl_get_file(STR(0), ACL_TYPE_NFS4);
if (acl == NULL)
break;
newacl = acl_from_text(STR(1));
if (acl == NULL)
break;
while (acl_get_entry(newacl, entry_id, &newentry) == 1) {
entry_id = ACL_NEXT_ENTRY;
if (acl_create_entry_np(&acl, &entry, 0))
break;
if (acl_copy_entry(entry, newentry))
break;
}
rval = acl_set_file(STR(0), ACL_TYPE_NFS4, acl);
break;
case ACTION_READACL:
acl = acl_get_file(STR(0), ACL_TYPE_NFS4);
if (acl == NULL)
rval = -1;
else
rval = 0;
break;
#endif
case ACTION_WRITE:
rval = write(NUM(0), STR(1), strlen(STR(1)));
break;
default:
fprintf(stderr, "unsupported syscall\n");
exit(1);
}
#undef STR
#undef NUM
if (rval < 0) {
const char *serrno;
serrno = err2str(errno);
fprintf(stderr, "%s returned %d\n", scall->sd_name, rval);
printf("%s\n", serrno);
exit(1);
}
printf("0\n");
return (i);
}
/* merge 2 acl's together */
static int
merge_acl(acl_t acl, acl_t *prev_acl, const char *path)
{
acl_t acl_new;
acl_permset_t permset;
acl_flagset_t flagset;
acl_tag_t tag, tag_new;
acl_entry_t entry, entry_new;
acl_entry_type_t entry_type, entry_type_new;
int entry_id, entry_id_new, have_entry, had_entry, entry_number = 0;
if ((acl_new = acl_dup(*prev_acl)) == NULL)
err(EX_OSERR, "%s: acl_dup() failed", path);
entry_id = ACL_FIRST_ENTRY;
while (acl_get_entry(acl, entry_id, &entry) == 1) {
entry_id = ACL_NEXT_ENTRY;
have_entry = had_entry = 0;
entry_id_new = ACL_FIRST_ENTRY;
while (acl_get_entry(acl_new, entry_id_new, &entry_new) > 0) {
entry_id_new = ACL_NEXT_ENTRY;
if (acl_get_tag_type(entry, &tag) < 0)
err(EX_OSERR, "%s: acl_get_tag_type() failed", path);
if (acl_get_tag_type(entry_new, &tag_new) < 0)
err(EX_OSERR, "%s: acl_get_tag_type() failed", path);
if (tag != tag_new)
continue;
if (acl_get_entry_type_np(entry, &entry_type) < 0)
err(EX_OSERR, "%s: acl_get_entry_type_np() failed", path);
if (acl_get_entry_type_np(entry_new, &entry_type_new) < 0)
err(EX_OSERR, "%s: acl_get_entry_type_np() failed", path);
if (entry_type != entry_type_new)
continue;
switch(tag) {
case ACL_USER:
case ACL_GROUP:
have_entry = merge_user_group(&entry, &entry_new);
if (have_entry == 0)
break;
case ACL_USER_OBJ:
case ACL_GROUP_OBJ:
case ACL_EVERYONE:
merge_acl_entries(&entry, &entry_new);
had_entry = have_entry = 1;
break;
default:
errx(EX_OSERR, "%s: invalid tag type: %i", path, tag);
break;
}
}
if (had_entry == 0) {
if (acl_create_entry_np(&acl_new, &entry_new, entry_number) < 0) {
warn("%s: acl_create_entry_np() failed", path);
acl_free(acl_new);
return (-1);
}
entry_number++;
if (acl_copy_entry(entry_new, entry) < 0)
err(EX_OSERR, "%s: acl_copy_entry() failed", path);
}
}
acl_free(*prev_acl);
*prev_acl = acl_new;
return (0);
}
int
modify_acl(acl_t *oaclp, acl_entry_t modifier, unsigned int optflags,
int position, int inheritance_level,
unsigned flag_new_acl, const char* path) {
unsigned cpos = 0;
acl_entry_t newent = NULL;
int dmatch = 0;
acl_entry_t rentry = NULL;
unsigned retval = 0;
acl_t oacl = *oaclp;
/* Add the inherited flag if requested by the user*/
if (modifier && (optflags & ACL_INHERIT_FLAG)) {
acl_flagset_t mflags;
acl_get_flagset_np(modifier, &mflags);
acl_add_flag_np(mflags, ACL_ENTRY_INHERITED);
acl_set_flagset_np(modifier, mflags);
}
if (optflags & ACL_SET_FLAG) {
if (position != -1) {
if (0 != acl_create_entry_np(&oacl, &newent, position)) {
// err(1, "acl_create_entry() failed");
fprintf(stderr, "chmod: acl_create_entry() failed: %s\n", strerror(errno));
pthread_exit(NULL);
}
acl_copy_entry(newent, modifier);
} else {
/* If an entry exists, add the new permissions to it, else add an
* entry in the canonical position.
*/
/* First, check for a matching entry - if one exists, merge flags */
dmatch = find_matching_entry(oacl, modifier, &rentry, 1);
if (dmatch != MATCH_NONE) {
if (dmatch == MATCH_EXACT)
/* Nothing to be done */
goto ma_exit;
if (dmatch == MATCH_PARTIAL) {
merge_entry_perms(rentry, modifier);
goto ma_exit;
}
}
/* Insert the entry in canonical order */
cpos = find_canonical_position(oacl, modifier);
if (0!= acl_create_entry_np(&oacl, &newent, cpos)) {
// err(1, "acl_create_entry() failed");
fprintf(stderr, "chmod: acl_create_entry() failed: %s\n", strerror(errno));
pthread_exit(NULL);
}
acl_copy_entry(newent, modifier);
}
} else if (optflags & ACL_DELETE_FLAG) {
if (flag_new_acl) {
fprintf(stderr, "chmod: No ACL present '%s'\n", path);
// warnx("No ACL present '%s'", path);
retval = 1;
} else if (position != -1 ) {
if (0 != acl_get_entry(oacl, position, &rentry)) {
fprintf(stderr, "chmod: Invalid entry number '%s'\n", path);
// warnx("Invalid entry number '%s'", path);
retval = 1;
} else {
acl_delete_entry(oacl, rentry);
}
} else {
unsigned match_found = 0, aindex;
for (aindex = 0;
acl_get_entry(oacl, rentry == NULL ?
ACL_FIRST_ENTRY :
ACL_NEXT_ENTRY, &rentry) == 0;
aindex++) {
unsigned cmp;
cmp = compare_acl_entries(rentry, modifier);
if ((cmp == MATCH_EXACT) ||
(cmp == MATCH_PARTIAL)) {
match_found++;
if (cmp == MATCH_EXACT)
acl_delete_entry(oacl, rentry);
else {
int valid_perms;
/* In the event of a partial match, remove the specified perms from the
* entry */
subtract_from_entry(rentry, modifier, &valid_perms);
/* if no perms survived then delete the entry */
if (valid_perms == 0)
acl_delete_entry(oacl, rentry);
}
}
}
if (0 == match_found) {
fprintf(stderr, "chmod: Entry not found when attempting delete '%s'\n",path);
// warnx("Entry not found when attempting delete '%s'",path);
retval = 1;
}
}
} else if (optflags & ACL_REWRITE_FLAG) {
acl_entry_t rentry;
if (-1 == position) {
chmod_usage();
}
if (0 == flag_new_acl) {
if (0 != acl_get_entry(oacl, position,
&rentry)) {
// err(1, "Invalid entry number '%s'", path);
fprintf(stderr, "chmod: Invalid entry number '%s': %s\n", path, strerror(errno));
pthread_exit(NULL);
}
if (0 != acl_delete_entry(oacl, rentry)) {
// err(1, "Unable to delete entry '%s'", path);
fprintf(stderr, "chmod: Unable to delete entry '%s': %s\n", path, strerror(errno));
pthread_exit(NULL);
}
}
if (0!= acl_create_entry_np(&oacl, &newent, position)) {
// err(1, "acl_create_entry() failed");
fprintf(stderr, "chmod: acl_create_entry() failed: %s\n", strerror(errno));
pthread_exit(NULL);
}
acl_copy_entry(newent, modifier);
}
ma_exit:
*oaclp = oacl;
return retval;
}
