2018-06-07 12:07:00 +00:00
|
|
|
#!/bin/sh -e
|
|
|
|
#
|
|
|
|
# 2018 Ander Punnar (ander-at-kvlt-dot-ee)
|
|
|
|
#
|
|
|
|
# This file is part of cdist.
|
|
|
|
#
|
|
|
|
# cdist is free software: you can redistribute it and/or modify
|
|
|
|
# it under the terms of the GNU General Public License as published by
|
|
|
|
# the Free Software Foundation, either version 3 of the License, or
|
|
|
|
# (at your option) any later version.
|
|
|
|
#
|
|
|
|
# cdist is distributed in the hope that it will be useful,
|
|
|
|
# but WITHOUT ANY WARRANTY; without even the implied warranty of
|
|
|
|
# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
|
|
|
|
# GNU General Public License for more details.
|
|
|
|
#
|
|
|
|
# You should have received a copy of the GNU General Public License
|
|
|
|
# along with cdist. If not, see <http://www.gnu.org/licenses/>.
|
|
|
|
#
|
|
|
|
|
2019-04-19 10:48:24 +00:00
|
|
|
file_is="$( cat "$__object/explorer/file_is" )"
|
2019-04-16 11:44:32 +00:00
|
|
|
|
2019-05-19 20:22:02 +00:00
|
|
|
[ "$file_is" = 'missing' ] && [ -z "$__cdist_dry_run" ] && exit 0
|
2018-06-07 12:07:00 +00:00
|
|
|
|
2019-04-19 10:48:24 +00:00
|
|
|
os="$( cat "$__global/explorer/os" )"
|
2019-04-16 11:39:45 +00:00
|
|
|
|
2019-05-30 20:04:46 +00:00
|
|
|
acl_path="/$__object_id"
|
|
|
|
|
2018-06-07 12:07:00 +00:00
|
|
|
acl_is="$( cat "$__object/explorer/acl_is" )"
|
|
|
|
|
2020-01-04 15:43:57 +00:00
|
|
|
if [ -f "$__object/parameter/entry" ]
|
|
|
|
then
|
|
|
|
acl_should="$( cat "$__object/parameter/entry" )"
|
|
|
|
elif [ -f "$__object/parameter/acl" ]
|
2019-06-16 12:18:39 +00:00
|
|
|
then
|
|
|
|
acl_should="$( cat "$__object/parameter/acl" )"
|
|
|
|
elif
|
|
|
|
[ -f "$__object/parameter/user" ] \
|
|
|
|
|| [ -f "$__object/parameter/group" ] \
|
|
|
|
|| [ -f "$__object/parameter/mask" ] \
|
|
|
|
|| [ -f "$__object/parameter/other" ]
|
|
|
|
then
|
|
|
|
acl_should="$( for param in user group mask other
|
|
|
|
do
|
|
|
|
[ ! -f "$__object/parameter/$param" ] && continue
|
|
|
|
|
|
|
|
echo "$param" | grep -Eq 'mask|other' && sep=:: || sep=:
|
|
|
|
|
|
|
|
echo "$param$sep$( cat "$__object/parameter/$param" )"
|
|
|
|
done )"
|
|
|
|
else
|
|
|
|
echo 'no parameters set' >&2
|
|
|
|
exit 1
|
|
|
|
fi
|
2019-04-16 15:09:47 +00:00
|
|
|
|
2019-05-30 20:04:46 +00:00
|
|
|
if [ -f "$__object/parameter/default" ]
|
2019-04-19 10:30:50 +00:00
|
|
|
then
|
2019-05-30 20:04:46 +00:00
|
|
|
acl_should="$( echo "$acl_should" \
|
|
|
|
| sed 's/^default://' \
|
|
|
|
| sort -u \
|
|
|
|
| sed 's/\(.*\)/default:\1\n\1/' )"
|
2019-04-19 10:30:50 +00:00
|
|
|
fi
|
|
|
|
|
2019-05-30 20:04:46 +00:00
|
|
|
if [ "$file_is" = 'regular' ] \
|
|
|
|
&& echo "$acl_should" | grep -Eq '^default:'
|
|
|
|
then
|
|
|
|
# only directories can have default ACLs,
|
|
|
|
# but instead of error,
|
|
|
|
# let's just remove default entries
|
|
|
|
acl_should="$( echo "$acl_should" | grep -Ev '^default:' )"
|
|
|
|
fi
|
2019-04-16 16:24:38 +00:00
|
|
|
|
2019-05-30 20:04:46 +00:00
|
|
|
if echo "$acl_should" | awk -F: '{ print $NF }' | grep -Fq 'X'
|
|
|
|
then
|
|
|
|
[ "$file_is" = 'directory' ] && rep=x || rep=-
|
2018-06-07 12:07:00 +00:00
|
|
|
|
2019-05-30 20:04:46 +00:00
|
|
|
acl_should="$( echo "$acl_should" | sed "s/\\(.*\\)X/\\1$rep/" )"
|
|
|
|
fi
|
2018-06-07 12:07:00 +00:00
|
|
|
|
|
|
|
setfacl_exec='setfacl'
|
|
|
|
|
|
|
|
if [ -f "$__object/parameter/recursive" ]
|
|
|
|
then
|
2019-04-23 21:39:54 +00:00
|
|
|
if echo "$os" | grep -Fq 'freebsd'
|
2018-06-07 12:07:00 +00:00
|
|
|
then
|
|
|
|
echo "$os setfacl do not support recursive operations" >&2
|
|
|
|
else
|
|
|
|
setfacl_exec="$setfacl_exec -R"
|
|
|
|
fi
|
|
|
|
fi
|
|
|
|
|
|
|
|
if [ -f "$__object/parameter/remove" ]
|
|
|
|
then
|
2019-04-23 21:36:53 +00:00
|
|
|
echo "$acl_is" | while read -r acl
|
|
|
|
do
|
2019-05-30 20:04:46 +00:00
|
|
|
# skip wanted ACL entries which already exist
|
2019-04-23 21:36:53 +00:00
|
|
|
# and skip mask and other entries, because we
|
|
|
|
# can't actually remove them, but only change.
|
|
|
|
if echo "$acl_should" | grep -Eq "^$acl" \
|
|
|
|
|| echo "$acl" | grep -Eq '^(default:)?(mask|other)'
|
|
|
|
then continue
|
|
|
|
fi
|
|
|
|
|
2019-04-23 21:39:54 +00:00
|
|
|
if echo "$os" | grep -Fq 'freebsd'
|
2019-04-23 21:36:53 +00:00
|
|
|
then
|
|
|
|
remove="$acl"
|
|
|
|
else
|
|
|
|
remove="$( echo "$acl" | sed 's/:...$//' )"
|
|
|
|
fi
|
|
|
|
|
|
|
|
echo "$setfacl_exec -x \"$remove\" \"$acl_path\""
|
|
|
|
echo "removed '$remove'" >> "$__messages_out"
|
|
|
|
done
|
2018-06-07 12:07:00 +00:00
|
|
|
fi
|
|
|
|
|
|
|
|
for acl in $acl_should
|
|
|
|
do
|
|
|
|
if ! echo "$acl_is" | grep -Eq "^$acl"
|
2019-04-19 10:16:35 +00:00
|
|
|
then
|
2019-04-23 21:39:54 +00:00
|
|
|
if echo "$os" | grep -Fq 'freebsd' \
|
2019-04-19 10:16:35 +00:00
|
|
|
&& echo "$acl" | grep -Eq '^default:'
|
|
|
|
then
|
2019-05-30 20:04:46 +00:00
|
|
|
echo "setting default ACL in $os is currently not supported" >&2
|
2019-04-19 10:16:35 +00:00
|
|
|
else
|
|
|
|
echo "$setfacl_exec -m \"$acl\" \"$acl_path\""
|
2019-04-19 11:58:44 +00:00
|
|
|
echo "added '$acl'" >> "$__messages_out"
|
2019-04-19 10:16:35 +00:00
|
|
|
fi
|
2018-06-07 12:07:00 +00:00
|
|
|
fi
|
|
|
|
done
|