valitydev/salt
14
0
Fork 0
mirror of https://github.com/valitydev/salt.git synced 2024-11-07 17:09:03 +00:00
Code Issues Actions Packages Projects Releases Wiki Activity

Fix acl.present/acl.absent changing default ACLs

Browse Source 
The behaviour of the acl.present and acl.absent is to check the data
structure returned by getfacl contains a key by the name of acl_type.

However, this data structure does not contain any default ACLs if none
exist, so this check will fail. We omit the check if a default ACL was
passed into the state functions.

Unfortunately, the call to modfacl may fail if the user passes in an
acl_type such as 'default:random'. In this case the state will appear to
succeed, but do nothing.

This fixes the state module to allow setting default ACLs on files which
have none.
This commit is contained in:
Dylan Frese 2016-03-09 08:48:40 -06:00
parent f3139d001a
commit 71d48a489a
No known key found for this signature in database
GPG Key ID: 91CF545A5F6F9B10
1 changed files with 8 additions and 4 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

12
salt/states/linux_acl.py
View File

@ -63,9 +63,11 @@ def present(name, acl_type, acl_name='', perms='', recurse=False):
if acl_type.startswith(('d:', 'default:')):
_acl_type = ':'.join(acl_type.split(':')[1:])
_current_perms = __current_perms[name].get('defaults', {})
_default = True
else:
_acl_type = acl_type
_current_perms = __current_perms[name]
_default = False
# The getfacl execution module lists default with empty names as being
# applied to the user/group that owns the file, e.g.,
@ -79,10 +81,10 @@ def present(name, acl_type, acl_name='', perms='', recurse=False):
else:
_search_name = acl_name
if _current_perms.get(_acl_type, None):
if _current_perms.get(_acl_type, None) or _default:
try:
user = [i for i in _current_perms[_acl_type] if next(six.iterkeys(i)) == _search_name].pop()
except (AttributeError, IndexError, StopIteration):
except (AttributeError, IndexError, StopIteration, KeyError):
user = None
if user:
@ -131,9 +133,11 @@ def absent(name, acl_type, acl_name='', perms='', recurse=False):
if acl_type.startswith(('d:', 'default:')):
_acl_type = ':'.join(acl_type.split(':')[1:])
_current_perms = __current_perms[name].get('defaults', {})
_default = True
else:
_acl_type = acl_type
_current_perms = __current_perms[name]
_default = False
# The getfacl execution module lists default with empty names as being
# applied to the user/group that owns the file, e.g.,
@ -147,10 +151,10 @@ def absent(name, acl_type, acl_name='', perms='', recurse=False):
else:
_search_name = acl_name
if _current_perms.get(_acl_type, None):
if _current_perms.get(_acl_type, None) or _default:
try:
user = [i for i in _current_perms[_acl_type] if next(six.iterkeys(i)) == _search_name].pop()
except IndexError:
except (AttributeError, IndexError, StopIteration, KeyError):
user = None
if user: