|
10142
|
1 #!/bin/sh |
|
|
2 |
|
|
3 # Show all commands when run with environment variable VERBOSE=yes. |
|
|
4 test -z "$VERBOSE" || set -x |
|
|
5 |
|
|
6 # func_tmpdir |
|
|
7 # creates a temporary directory. |
|
|
8 # Sets variable |
|
|
9 # - tmp pathname of freshly created temporary directory |
|
|
10 func_tmpdir () |
|
|
11 { |
|
|
12 # Use the environment variable TMPDIR, falling back to /tmp. This allows |
|
|
13 # users to specify a different temporary directory, for example, if their |
|
|
14 # /tmp is filled up or too small. |
|
|
15 : ${TMPDIR=/tmp} |
|
|
16 { |
|
|
17 # Use the mktemp program if available. If not available, hide the error |
|
|
18 # message. |
|
|
19 tmp=`(umask 077 && mktemp -d "$TMPDIR/glXXXXXX") 2>/dev/null` && |
|
|
20 test -n "$tmp" && test -d "$tmp" |
|
|
21 } || |
|
|
22 { |
|
|
23 # Use a simple mkdir command. It is guaranteed to fail if the directory |
|
|
24 # already exists. $RANDOM is bash specific and expands to empty in shells |
|
|
25 # other than bash, ksh and zsh. Its use does not increase security; |
|
|
26 # rather, it minimizes the probability of failure in a very cluttered /tmp |
|
|
27 # directory. |
|
|
28 tmp=$TMPDIR/gl$$-$RANDOM |
|
|
29 (umask 077 && mkdir "$tmp") |
|
|
30 } || |
|
|
31 { |
|
|
32 echo "$0: cannot create a temporary directory in $TMPDIR" >&2 |
|
|
33 exit 1 |
|
|
34 } |
|
|
35 } |
|
|
36 |
|
|
37 func_tmpdir |
|
|
38 builddir=`pwd` |
|
|
39 cd "$builddir" || |
|
|
40 { |
|
|
41 echo "$0: cannot determine build directory (unreadable parent dir?)" >&2 |
|
|
42 exit 1 |
|
|
43 } |
|
|
44 # Switch to a temporary directory, to increase the likelihood that ACLs are |
|
|
45 # supported on the current file system. (/tmp is usually locally mounted, |
|
|
46 # whereas the build dir is sometimes NFS-mounted.) |
|
|
47 ( cd "$tmp" |
|
|
48 |
|
|
49 # Prepare tmpfile0. |
|
|
50 rm -f tmpfile[0-9] tmp.err |
|
|
51 echo "Simple contents" > tmpfile0 |
|
|
52 chmod 600 tmpfile0 |
|
|
53 |
|
|
54 # Classification of the platform according to the programs available for |
|
|
55 # manipulating ACLs. |
|
|
56 # Possible values are: |
|
|
57 # linux, cygwin, freebsd, solaris, hpux, osf1, aix, macosx, irix, none. |
|
|
58 # TODO: Support also native Win32 platforms (mingw). |
|
|
59 acl_flavor=none |
|
|
60 if (getfacl tmpfile0 >/dev/null) 2>/dev/null; then |
|
|
61 # Platforms with the getfacl and setfacl programs. |
|
|
62 # Linux, FreeBSD, Solaris, Cygwin. |
|
|
63 if (setfacl --help >/dev/null) 2>/dev/null; then |
|
|
64 # Linux, Cygwin. |
|
|
65 if (LC_ALL=C setfacl --help | grep ' --set-file' >/dev/null) 2>/dev/null; then |
|
|
66 # Linux. |
|
|
67 acl_flavor=linux |
|
|
68 else |
|
|
69 acl_flavor=cygwin |
|
|
70 fi |
|
|
71 else |
|
|
72 # FreeBSD, Solaris. |
|
|
73 if (LC_ALL=C setfacl 2>&1 | grep '\-x entries' >/dev/null) 2>/dev/null; then |
|
|
74 # FreeBSD. |
|
|
75 acl_flavor=freebsd |
|
|
76 else |
|
|
77 # Solaris. |
|
|
78 acl_flavor=solaris |
|
|
79 fi |
|
|
80 fi |
|
|
81 else |
|
|
82 if (lsacl / >/dev/null) 2>/dev/null; then |
|
|
83 # Platforms with the lsacl and chacl programs. |
|
|
84 # HP-UX, sometimes also IRIX. |
|
|
85 acl_flavor=hpux |
|
|
86 else |
|
|
87 if (getacl tmpfile0 >/dev/null) 2>/dev/null; then |
|
|
88 # Tru64. |
|
|
89 acl_flavor=osf1 |
|
|
90 else |
|
|
91 if (aclget tmpfile0 >/dev/null) 2>/dev/null; then |
|
|
92 # AIX. |
|
|
93 acl_flavor=aix |
|
|
94 else |
|
|
95 if (fsaclctl -v >/dev/null) 2>/dev/null; then |
|
|
96 # MacOS X. |
|
|
97 acl_flavor=macosx |
|
|
98 else |
|
|
99 if test -f /sbin/chacl; then |
|
|
100 # IRIX. |
|
|
101 acl_flavor=irix |
|
|
102 fi |
|
|
103 fi |
|
|
104 fi |
|
|
105 fi |
|
|
106 fi |
|
|
107 fi |
|
|
108 |
|
|
109 # func_test_has_acl file expected |
|
|
110 # tests the result of the file_has_acl function on file, and checks that it |
|
|
111 # matches the expected value. |
|
|
112 func_test_has_acl () |
|
|
113 { |
|
|
114 res=`"$builddir"/test-file-has-acl${EXEEXT} "$1"` |
|
|
115 test "$res" = "$2" || { |
|
|
116 echo "file_has_acl(\"$1\") returned $res, expected $2" 1>&2 |
|
|
117 exit 1 |
|
|
118 } |
|
|
119 } |
|
|
120 |
|
|
121 # func_test_file_has_acl file expected |
|
|
122 # tests the result of the file_has_acl function on file, and checks that it |
|
|
123 # matches the expected value. |
|
|
124 func_test_file_has_acl () |
|
|
125 { |
|
|
126 res=`"$builddir"/test-file-has-acl${EXEEXT} "$1"` |
|
|
127 test "$res" = "$2" || { |
|
|
128 echo "file_has_acl(\"$1\") returned $res, expected $2" 1>&2 |
|
|
129 exit 1 |
|
|
130 } |
|
|
131 } |
|
|
132 |
|
|
133 # func_test_has_acl file expected |
|
|
134 # tests the result of the file_has_acl function on file, and checks that it |
|
|
135 # matches the expected value, also taking into account the system's 'ls' |
|
|
136 # program. |
|
|
137 case $acl_flavor in |
|
|
138 freebsd | solaris | hpux | macosx) |
|
|
139 case $acl_flavor in |
|
|
140 freebsd | solaris | hpux) acl_ls_option="-ld" ;; |
|
|
141 macosx) acl_ls_option="-lde" ;; |
|
|
142 esac |
|
|
143 func_test_has_acl () |
|
|
144 { |
|
|
145 func_test_file_has_acl "$1" "$2" |
|
|
146 case `/bin/ls $acl_ls_option "$1" | sed 1q` in |
|
|
147 ??????????+*) |
|
|
148 test "$2" = yes || { |
|
|
149 echo "/bin/ls $acl_ls_option $1 shows an ACL, but expected $2" 1>&2 |
|
|
150 exit 1 |
|
|
151 } |
|
|
152 ;; |
|
|
153 ??????????" "*) |
|
|
154 test "$2" = no || { |
|
|
155 echo "/bin/ls $acl_ls_option $1 shows no ACL, but expected $2" 1>&2 |
|
|
156 exit 1 |
|
|
157 } |
|
|
158 ;; |
|
|
159 esac |
|
|
160 } |
|
|
161 ;; |
|
|
162 irix) |
|
|
163 func_test_has_acl () |
|
|
164 { |
|
|
165 func_test_file_has_acl "$1" "$2" |
|
|
166 case `/bin/ls -ldD "$1" | sed 1q` in |
|
|
167 *" []") |
|
|
168 test "$2" = no || { |
|
|
169 echo "/bin/ls -ldD $1 shows no ACL, but expected $2" 1>&2 |
|
|
170 exit 1 |
|
|
171 } |
|
|
172 ;; |
|
|
173 *) |
|
|
174 test "$2" = yes || { |
|
|
175 echo "/bin/ls -ldD $1 shows an ACL, but expected $2" 1>&2 |
|
|
176 exit 1 |
|
|
177 } |
|
|
178 ;; |
|
|
179 esac |
|
|
180 } |
|
|
181 ;; |
|
|
182 *) |
|
|
183 func_test_has_acl () |
|
|
184 { |
|
|
185 func_test_file_has_acl "$1" "$2" |
|
|
186 } |
|
|
187 ;; |
|
|
188 esac |
|
|
189 |
|
|
190 func_test_has_acl tmpfile0 no |
|
|
191 |
|
|
192 if test $acl_flavor != none; then |
|
|
193 # Use a user and group id different from the current one, to avoid |
|
|
194 # redundant/ambiguous ACLs. |
|
|
195 myuid=`id -u` |
|
|
196 mygid=`id -g` |
|
|
197 auid=1 |
|
|
198 if test "$auid" = "$myuid"; then auid=2; fi |
|
|
199 agid=1 |
|
|
200 if test "$agid" = "$mygid"; then agid=2; fi |
|
|
201 |
|
|
202 case $acl_flavor in |
|
|
203 linux | cygwin | freebsd | solaris) |
|
|
204 |
|
|
205 # Set an ACL for a user. |
|
|
206 if setfacl -m user:$auid:1 tmpfile0; then |
|
|
207 |
|
|
208 func_test_has_acl tmpfile0 yes |
|
|
209 |
|
|
210 # Remove the ACL for the user. |
|
|
211 case $acl_flavor in |
|
|
212 linux) setfacl -x user:$auid tmpfile0 ;; |
|
|
213 freebsd) setfacl -x user:$auid:1 tmpfile0 ;; |
|
|
214 *) setfacl -d user:$auid:1 tmpfile0 ;; |
|
|
215 esac |
|
|
216 |
|
|
217 # On Linux, the ACL for the mask is implicitly added. |
|
|
218 # On Solaris, it is always there. |
|
|
219 case $acl_flavor in |
|
|
220 linux) func_test_has_acl tmpfile0 yes ;; |
|
|
221 *) func_test_has_acl tmpfile0 no ;; |
|
|
222 esac |
|
|
223 |
|
|
224 # Remove the ACL for the mask, if it was implicitly added. |
|
|
225 case $acl_flavor in |
|
|
226 linux | freebsd) setfacl -x mask: tmpfile0 ;; |
|
|
227 *) setfacl -d mask: tmpfile0 ;; |
|
|
228 esac |
|
|
229 |
|
|
230 func_test_has_acl tmpfile0 no |
|
|
231 |
|
|
232 fi |
|
|
233 ;; |
|
|
234 |
|
|
235 hpux) |
|
|
236 |
|
|
237 # Set an ACL for a user. |
|
|
238 orig=`lsacl tmpfile0 | sed -e 's/ tmpfile0$//'` |
|
|
239 if chacl -r "${orig}($auid.%,--x)" tmpfile0; then |
|
|
240 |
|
|
241 func_test_has_acl tmpfile0 yes |
|
|
242 |
|
|
243 # Remove the ACL for the user. |
|
|
244 chacl -d "($auid.%,--x)" tmpfile0 |
|
|
245 |
|
|
246 func_test_has_acl tmpfile0 no |
|
|
247 |
|
|
248 fi |
|
|
249 ;; |
|
|
250 |
|
|
251 osf1) |
|
|
252 |
|
|
253 # Set an ACL for a user. |
|
|
254 setacl -u user:$auid:1 tmpfile0 2> tmp.err |
|
|
255 cat tmp.err 1>&2 |
|
|
256 if grep 'Error:' tmp.err > /dev/null \ |
|
|
257 || grep 'Operation not supported' tmp.err > /dev/null; then |
|
|
258 : |
|
|
259 else |
|
|
260 |
|
|
261 func_test_has_acl tmpfile0 yes |
|
|
262 |
|
|
263 # Remove the ACL for the user. |
|
|
264 setacl -x user:$auid:1 tmpfile0 |
|
|
265 |
|
|
266 func_test_has_acl tmpfile0 no |
|
|
267 |
|
|
268 fi |
|
|
269 ;; |
|
|
270 |
|
|
271 aix) |
|
|
272 |
|
|
273 # Set an ACL for a user. |
|
|
274 { aclget tmpfile0 | sed -e 's/disabled$/enabled/'; echo " permit --x u:$auid"; } | aclput tmpfile0 |
|
|
275 if aclget tmpfile0 | grep enabled > /dev/null; then |
|
|
276 |
|
|
277 func_test_has_acl tmpfile0 yes |
|
|
278 |
|
|
279 # Remove the ACL for the user. |
|
|
280 aclget tmpfile0 | grep -v ' u:[^ ]*$' | aclput tmpfile0 |
|
|
281 |
|
|
282 func_test_has_acl tmpfile0 no |
|
|
283 |
|
|
284 fi |
|
|
285 ;; |
|
|
286 |
|
|
287 macosx) |
|
|
288 |
|
|
289 # Set an ACL for a user. |
|
|
290 /bin/chmod +a "user:daemon allow execute" tmpfile0 |
|
|
291 |
|
|
292 func_test_has_acl tmpfile0 yes |
|
|
293 |
|
|
294 # Remove the ACL for the user. |
|
|
295 /bin/chmod -a "user:daemon allow execute" tmpfile0 |
|
|
296 |
|
|
297 func_test_has_acl tmpfile0 no |
|
|
298 |
|
|
299 ;; |
|
|
300 |
|
|
301 irix) |
|
|
302 |
|
|
303 # Set an ACL for a user. |
|
|
304 /sbin/chacl user::rw-,group::---,other::---,user:$auid:--x tmpfile0 2> tmp.err |
|
|
305 cat tmp.err 1>&2 |
|
|
306 if test -s tmp.err; then :; else |
|
|
307 |
|
|
308 func_test_has_acl tmpfile0 yes |
|
|
309 |
|
|
310 # Remove the ACL for the user. |
|
|
311 /sbin/chacl user::rw-,group::---,other::--- tmpfile0 |
|
|
312 |
|
|
313 func_test_has_acl tmpfile0 no |
|
|
314 |
|
|
315 fi |
|
|
316 ;; |
|
|
317 |
|
|
318 esac |
|
|
319 fi |
|
|
320 |
|
|
321 rm -f tmpfile[0-9] tmp.err |
|
|
322 ) || exit 1 |
|
|
323 |
|
|
324 rm -rf "$tmp" |
|
|
325 exit 0 |
