Пример #1
0
static int CheckACLSyntax(char *file, Acl acl, Promise *pp)
{
    int valid = true;
    int deny_support = false;
    int mask_support = false;
    char *valid_ops = NULL;
    char *valid_nperms = NULL;
    Rlist *rp;

// set unset fields to defautls
    SetACLDefaults(file, &acl);

// find valid values for op

    switch (acl.acl_method)
    {
    case cfacl_overwrite:
        valid_ops = CF_VALID_OPS_METHOD_OVERWRITE;
        break;

    case cfacl_append:
        valid_ops = CF_VALID_OPS_METHOD_APPEND;
        break;

    default:
        // never executed: should be set to a default value by now
        break;
    }

    switch (acl.acl_type)
    {
    case cfacl_generic:        // generic ACL type: cannot include native or deny-type permissions
        valid_nperms = "";
        deny_support = false;
        mask_support = false;
        break;

    case cfacl_posix:
        valid_nperms = CF_VALID_NPERMS_POSIX;
        deny_support = false;   // posix does not support deny-type permissions
        mask_support = true;    // mask-ACE is allowed in POSIX
        break;

    case cfacl_ntfs:
        valid_nperms = CF_VALID_NPERMS_NTFS;
        deny_support = true;
        mask_support = false;
        break;

    default:
        // never executed: should be set to a default value by now
        break;
    }

// check that acl_directory_inherit is set to a valid value

    if (!CheckDirectoryInherit(file, &acl, pp))
    {
        return false;
    }

    for (rp = acl.acl_entries; rp != NULL; rp = rp->next)
    {
        valid = CheckACESyntax(ScalarValue(rp), valid_ops, valid_nperms, deny_support, mask_support, pp);

        if (!valid)             // wrong syntax in this ace
        {
            CfOut(cf_error, "", "The ACE \"%s\" contains errors", ScalarValue(rp));
            PromiseRef(cf_error, pp);
            break;
        }
    }

    for (rp = acl.acl_inherit_entries; rp != NULL; rp = rp->next)
    {
        valid = CheckACESyntax(rp->item, valid_ops, valid_nperms, deny_support, mask_support, pp);

        if (!valid)             // wrong syntax in this ace
        {
            CfOut(cf_error, "", "The ACE \"%s\" contains errors", ScalarValue(rp));
            PromiseRef(cf_error, pp);
            break;
        }
    }

    return valid;
}
Пример #2
0
static int CheckACLSyntax(char *file, Acl acl, Promise *pp)
{
    int valid = true;
    int deny_support = false;
    int mask_support = false;
    char *valid_ops = NULL;
    char *valid_nperms = NULL;
    Rlist *rp;

// set unset fields to defautls
    SetACLDefaults(file, &acl);

// find valid values for op

    switch (acl.acl_method)
    {
    case ACL_METHOD_OVERWRITE:
        valid_ops = CF_VALID_OPS_METHOD_OVERWRITE;
        break;

    case ACL_METHOD_APPEND:
        valid_ops = CF_VALID_OPS_METHOD_APPEND;
        break;

    default:
        // never executed: should be set to a default value by now
        break;
    }

    switch (acl.acl_type)
    {
    case ACL_TYPE_GENERIC:        // generic ACL type: cannot include native or deny-type permissions
        valid_nperms = "";
        deny_support = false;
        mask_support = false;
        break;

    case ACL_TYPE_POSIX:
        valid_nperms = CF_VALID_NPERMS_POSIX;
        deny_support = false;   // posix does not support deny-type permissions
        mask_support = true;    // mask-ACE is allowed in POSIX
        break;

    case ACL_TYPE_NTFS_:
        valid_nperms = CF_VALID_NPERMS_NTFS;
        deny_support = true;
        mask_support = false;
        break;

    default:
        // never executed: should be set to a default value by now
        break;
    }

// check that acl_default is set to a valid value

    if (!CheckAclDefault(file, &acl, pp))
    {
        return false;
    }

    for (rp = acl.acl_entries; rp != NULL; rp = rp->next)
    {
        valid = CheckACESyntax(RlistScalarValue(rp), valid_ops, valid_nperms, deny_support, mask_support, pp);

        if (!valid)             // wrong syntax in this ace
        {
            Log(LOG_LEVEL_ERR, "The ACE '%s' contains errors", RlistScalarValue(rp));
            PromiseRef(LOG_LEVEL_ERR, pp);
            break;
        }
    }

    for (rp = acl.acl_default_entries; rp != NULL; rp = rp->next)
    {
        valid = CheckACESyntax(rp->item, valid_ops, valid_nperms, deny_support, mask_support, pp);

        if (!valid)             // wrong syntax in this ace
        {
            Log(LOG_LEVEL_ERR, "The ACE '%s' contains errors", RlistScalarValue(rp));
            PromiseRef(LOG_LEVEL_ERR, pp);
            break;
        }
    }

    return valid;
}