X-Git-Url: http://gitweb.michael.orlitzky.com/?p=apply-default-acl.git;a=blobdiff_plain;f=src%2Flibadacl.c;h=a21aa709ba842bc7bd21aa672b99b4e3cb750cf0;hp=d2462c816f49420aaa2a09aff1fe2c2144f466ef;hb=HEAD;hpb=8ec2f2bde7c53834a304bcdc68e84d8c7a748ca4

diff --git a/src/libadacl.c b/src/libadacl.c
index d2462c8..a21aa70 100644
--- a/src/libadacl.c
+++ b/src/libadacl.c
@@ -14,6 +14,7 @@
 #include <errno.h>      /* EINVAL, ELOOP, ENOTDIR, etc. */
 #include <fcntl.h>      /* openat() */
 #include <libgen.h>     /* basename(), dirname() */
+#include <limits.h>     /* PATH_MAX */
 #include <stdbool.h>    /* the "bool" type */
 #include <stdio.h>      /* perror(), asprintf() */
 #include <stdlib.h>     /* free() */
@@ -45,7 +46,7 @@
 /* Prototypes */
 int safe_open_ex(int at_fd, char* pathname, int flags);
 int safe_open(const char* pathname, int flags);
-int acl_update_entry(acl_t aclp, acl_entry_t entry);
+int acl_update_entry(acl_t aclp, acl_entry_t updated_entry);
 int acl_entry_count(acl_t acl);
 int acl_is_minimal(acl_t acl);
 int acl_execute_masked(acl_t acl);
@@ -232,66 +233,131 @@ int safe_open(const char* pathname, int flags) {
  * @param aclp
  *   A pointer to the acl_t structure whose entry we want to update.
  *
- * @param entry
- *   The new entry.
+ * @param updated_entry
+ *   An updated copy of an existing entry in @c aclp.
  *
  * @return
  *   - @c ACL_SUCCESS - If we update an existing entry.
  *   - @c ACL_FAILURE - If we don't find an entry to update.
  *   - @c ACL_ERROR - Unexpected library error.
  */
-int acl_update_entry(acl_t aclp, acl_entry_t entry) {
-  if (aclp == NULL || entry == NULL) {
+int acl_update_entry(acl_t aclp, acl_entry_t updated_entry) {
+  if (aclp == NULL || updated_entry == NULL) {
     errno = EINVAL;
     perror("acl_update_entry (args)");
     return ACL_ERROR;
   }
 
-  acl_tag_t entry_tag;
-  if (acl_get_tag_type(entry, &entry_tag) == ACL_ERROR) {
+  acl_tag_t updated_tag;
+  if (acl_get_tag_type(updated_entry, &updated_tag) == ACL_ERROR) {
     perror("acl_update_entry (acl_get_tag_type)");
     return ACL_ERROR;
   }
 
-  acl_permset_t entry_permset;
-  if (acl_get_permset(entry, &entry_permset) == ACL_ERROR) {
+  acl_permset_t updated_permset;
+  if (acl_get_permset(updated_entry, &updated_permset) == ACL_ERROR) {
     perror("acl_update_entry (acl_get_permset)");
     return ACL_ERROR;
   }
 
+  /* This can allocate memory, so from here on out we have to jump to
+     the "cleanup" label to exit. */
+  void* updated_qualifier = acl_get_qualifier(updated_entry);
+  if (updated_qualifier == NULL &&
+      (updated_tag == ACL_USER || updated_tag == ACL_GROUP)) {
+    /* acl_get_qualifier() can return NULL, but it shouldn't for
+       ACL_USER or ACL_GROUP entries. */
+    perror("acl_update_entry (acl_get_qualifier)");
+    return ACL_ERROR;
+  }
+
+  /* Our return value. Default to failure, and change to success if we
+     actually update something. */
+  int result = ACL_FAILURE;
+
   acl_entry_t existing_entry;
   /* Loop through the given ACL looking for matching entries. */
-  int result = acl_get_entry(aclp, ACL_FIRST_ENTRY, &existing_entry);
+  int get_entry_result = acl_get_entry(aclp, ACL_FIRST_ENTRY, &existing_entry);
 
-  while (result == ACL_SUCCESS) {
+  while (get_entry_result == ACL_SUCCESS) {
     acl_tag_t existing_tag = ACL_UNDEFINED_TAG;
 
     if (acl_get_tag_type(existing_entry, &existing_tag) == ACL_ERROR) {
        perror("set_acl_tag_permset (acl_get_tag_type)");
-       return ACL_ERROR;
+       result = ACL_ERROR;
+       goto cleanup;
     }
 
-    if (existing_tag == entry_tag) {
-      /* If we update something, we're done and return ACL_SUCCESS */
-      if (acl_set_permset(existing_entry, entry_permset) == ACL_ERROR) {
-        perror("acl_update_entry (acl_set_permset)");
-        return ACL_ERROR;
+    if (existing_tag == updated_tag) {
+      /* Our tag types match, but if we have a named user or group
+         entry, then we need to check that the user/group (that is,
+         the qualifier) matches too. */
+      bool qualifiers_match = false;
+
+      /* There are three ways the qualifiers can match... */
+      void* existing_qualifier = acl_get_qualifier(existing_entry);
+      if (existing_qualifier == NULL) {
+        if (existing_tag == ACL_USER || existing_tag == ACL_GROUP) {
+          perror("acl_update_entry (acl_get_qualifier)");
+          result = ACL_ERROR;
+          goto cleanup;
+        }
+        else {
+          /* First, we could be dealing with an entry that isn't a
+             named user or group, in which case they "match
+             vacuously." */
+          qualifiers_match = true;
+        }
+      }
+
+      /* Second, they could have matching UIDs. We don't really need to
+         check both tags here, since we know that they're equal. However,
+         clang-tidy can't figure that out, and the redundant equality
+         check prevents it from complaining about a potential null pointer
+         dereference. */
+      if (updated_tag == ACL_USER && existing_tag == ACL_USER) {
+        qualifiers_match = ( *((uid_t*)existing_qualifier)
+                             ==
+                             *((uid_t*)updated_qualifier) );
       }
 
-      return ACL_SUCCESS;
+      /* Third, they could have matching GIDs. See above for why
+         we check the redundant condition existing_tag == ACL_GROUP. */
+      if (updated_tag == ACL_GROUP && existing_tag == ACL_GROUP) {
+        qualifiers_match = ( *((gid_t*)existing_qualifier)
+                             ==
+                             *((gid_t*)updated_qualifier) );
+      }
+
+      /* Be sure to free this inside the loop, where memory is allocated. */
+      acl_free(existing_qualifier);
+
+      if (qualifiers_match) {
+        /* If we update something, we're done and return ACL_SUCCESS */
+        if (acl_set_permset(existing_entry, updated_permset) == ACL_ERROR) {
+          perror("acl_update_entry (acl_set_permset)");
+          result = ACL_ERROR;
+          goto cleanup;
+        }
+
+        result = ACL_SUCCESS;
+        goto cleanup;
+      }
     }
 
-    result = acl_get_entry(aclp, ACL_NEXT_ENTRY, &existing_entry);
+    get_entry_result = acl_get_entry(aclp, ACL_NEXT_ENTRY, &existing_entry);
   }
 
   /* This catches both the initial acl_get_entry and the ones at the
      end of the loop. */
-  if (result == ACL_ERROR) {
+  if (get_entry_result == ACL_ERROR) {
     perror("acl_update_entry (acl_get_entry)");
-    return ACL_ERROR;
+    result = ACL_ERROR;
   }
 
-  return ACL_FAILURE;
+ cleanup:
+  acl_free(updated_qualifier);
+  return result;
 }
 
 
@@ -1020,7 +1086,9 @@ int apply_default_acl(const char* path, bool recursive) {
   bool path_is_dots = strcmp(child, ".") == 0 || strcmp(child, "..") == 0;
   char dots_parent[6] = "../";
   if (path_is_dots) {
-    parent = strcat(dots_parent, child);
+    /* We know that "child" contains no more than two characters here, and
+       using strncat to enforce that belief keeps clang-tidy happy. */
+    parent = strncat(dots_parent, child, 2);
   }
 
   parent_fd = safe_open(parent, O_DIRECTORY | O_NOFOLLOW);