#include <errno.h> /* EINVAL, ELOOP, ENOTDIR, etc. */
#include <fcntl.h> /* openat() */
#include <libgen.h> /* basename(), dirname() */
+#include <limits.h> /* PATH_MAX */
#include <stdbool.h> /* the "bool" type */
#include <stdio.h> /* perror(), asprintf() */
#include <stdlib.h> /* free() */
/* Prototypes */
int safe_open_ex(int at_fd, char* pathname, int flags);
int safe_open(const char* pathname, int flags);
-int acl_update_entry(acl_t aclp, acl_entry_t entry);
+int acl_update_entry(acl_t aclp, acl_entry_t updated_entry);
int acl_entry_count(acl_t acl);
int acl_is_minimal(acl_t acl);
int acl_execute_masked(acl_t acl);
* @param aclp
* A pointer to the acl_t structure whose entry we want to update.
*
- * @param entry
- * The new entry.
+ * @param updated_entry
+ * An updated copy of an existing entry in @c aclp.
*
* @return
* - @c ACL_SUCCESS - If we update an existing entry.
* - @c ACL_FAILURE - If we don't find an entry to update.
* - @c ACL_ERROR - Unexpected library error.
*/
-int acl_update_entry(acl_t aclp, acl_entry_t entry) {
- if (aclp == NULL || entry == NULL) {
+int acl_update_entry(acl_t aclp, acl_entry_t updated_entry) {
+ if (aclp == NULL || updated_entry == NULL) {
errno = EINVAL;
perror("acl_update_entry (args)");
return ACL_ERROR;
}
- acl_tag_t entry_tag;
- if (acl_get_tag_type(entry, &entry_tag) == ACL_ERROR) {
+ acl_tag_t updated_tag;
+ if (acl_get_tag_type(updated_entry, &updated_tag) == ACL_ERROR) {
perror("acl_update_entry (acl_get_tag_type)");
return ACL_ERROR;
}
- acl_permset_t entry_permset;
- if (acl_get_permset(entry, &entry_permset) == ACL_ERROR) {
+ acl_permset_t updated_permset;
+ if (acl_get_permset(updated_entry, &updated_permset) == ACL_ERROR) {
perror("acl_update_entry (acl_get_permset)");
return ACL_ERROR;
}
/* This can allocate memory, so from here on out we have to jump to
the "cleanup" label to exit. */
- void* entry_qualifier = acl_get_qualifier(entry);
- if (entry_qualifier == NULL &&
- (entry_tag == ACL_USER || entry_tag == ACL_GROUP)) {
+ void* updated_qualifier = acl_get_qualifier(updated_entry);
+ if (updated_qualifier == NULL &&
+ (updated_tag == ACL_USER || updated_tag == ACL_GROUP)) {
/* acl_get_qualifier() can return NULL, but it shouldn't for
ACL_USER or ACL_GROUP entries. */
perror("acl_update_entry (acl_get_qualifier)");
goto cleanup;
}
- if (existing_tag == entry_tag) {
+ if (existing_tag == updated_tag) {
/* Our tag types match, but if we have a named user or group
entry, then we need to check that the user/group (that is,
the qualifier) matches too. */
}
}
- /* Otherwise, we have to have matching UIDs or GIDs. */
- if (entry_tag == ACL_USER) {
+ /* Second, they could have matching UIDs. We don't really need to
+ check both tags here, since we know that they're equal. However,
+ clang-tidy can't figure that out, and the redundant equality
+ check prevents it from complaining about a potential null pointer
+ dereference. */
+ if (updated_tag == ACL_USER && existing_tag == ACL_USER) {
qualifiers_match = ( *((uid_t*)existing_qualifier)
==
- *((uid_t*)entry_qualifier) );
+ *((uid_t*)updated_qualifier) );
}
- else if (entry_tag == ACL_GROUP) {
+
+ /* Third, they could have matching GIDs. See above for why
+ we check the redundant condition existing_tag == ACL_GROUP. */
+ if (updated_tag == ACL_GROUP && existing_tag == ACL_GROUP) {
qualifiers_match = ( *((gid_t*)existing_qualifier)
==
- *((gid_t*)entry_qualifier) );
+ *((gid_t*)updated_qualifier) );
}
/* Be sure to free this inside the loop, where memory is allocated. */
if (qualifiers_match) {
/* If we update something, we're done and return ACL_SUCCESS */
- if (acl_set_permset(existing_entry, entry_permset) == ACL_ERROR) {
+ if (acl_set_permset(existing_entry, updated_permset) == ACL_ERROR) {
perror("acl_update_entry (acl_set_permset)");
result = ACL_ERROR;
goto cleanup;
}
- result = ACL_SUCCESS;
+ result = ACL_SUCCESS;
goto cleanup;
}
}
}
cleanup:
- acl_free(entry_qualifier);
+ acl_free(updated_qualifier);
return result;
}
projects / apply-default-acl.git / blobdiff