journal: move the gist of server_fix_perms to acl-util.[hc]

Most of the function is moved to acl-util.c to make it possible to
add tests in subsequent commit.

Setting of the mode in server_fix_perms is removed:
- we either just created the file ourselves, and the permission be better right,
- or the file was already there, and we should not modify the permissions.

server_fix_perms is renamed to server_fix_acls to better reflect new
meaning, and made static because it is only used in one file.

1 files changed, 31 insertions, 0 deletions

diff --git a/src/shared/acl-util.c b/src/shared/acl-util.c
index 35f2e1b67d..9f3b1ff51c 100644
--- a/src/shared/acl-util.c
+++ b/src/shared/acl-util.c
@@ -398,3 +398,34 @@ int acls_for_file(const char *path, acl_type_t type, acl_t new, acl_t *acl) {
         old = NULL;
         return 0;
 }
+
+int add_acls_for_user(int fd, uid_t uid) {
+        _cleanup_(acl_freep) acl_t acl = NULL;
+        acl_entry_t entry;
+        acl_permset_t permset;
+        int r;
+
+        acl = acl_get_fd(fd);
+        if (!acl)
+                return -errno;
+
+        r = acl_find_uid(acl, uid, &entry);
+        if (r <= 0) {
+                if (acl_create_entry(&acl, &entry) < 0 ||
+                    acl_set_tag_type(entry, ACL_USER) < 0 ||
+                    acl_set_qualifier(entry, &uid) < 0)
+                        return -errno;
+        }
+
+        /* We do not recalculate the mask unconditionally here,
+         * so that the fchmod() mask above stays intact. */
+        if (acl_get_permset(entry, &permset) < 0 ||
+            acl_add_perm(permset, ACL_READ) < 0)
+                return -errno;
+
+        r = calc_acl_mask_if_needed(&acl);
+        if (r < 0)
+                return r;
+
+        return acl_set_fd(fd, acl);
+}