From 51cb2c0b9a9e057bb1909115956490e667b42f06 Mon Sep 17 00:00:00 2001 From: "Scott E. Graves" Date: Fri, 27 Sep 2024 14:07:13 -0500 Subject: [PATCH] refactor --- .../src/drives/fuse/fuse_drive_base.cpp | 108 +++++++++--------- 1 file changed, 56 insertions(+), 52 deletions(-) diff --git a/repertory/librepertory/src/drives/fuse/fuse_drive_base.cpp b/repertory/librepertory/src/drives/fuse/fuse_drive_base.cpp index 2c9d32c6..507f1720 100644 --- a/repertory/librepertory/src/drives/fuse/fuse_drive_base.cpp +++ b/repertory/librepertory/src/drives/fuse/fuse_drive_base.cpp @@ -43,68 +43,72 @@ auto fuse_drive_base::check_access(const std::string &api_path, // Always allow root auto current_uid = get_current_uid(); - if (current_uid != 0) { - // Always allow forced user - if (not forced_uid_.has_value() || (current_uid != get_effective_uid())) { - // Always allow if checking file exists - if (F_OK != mask) { - const auto effective_uid = - (forced_uid_.has_value() ? forced_uid_.value() - : get_uid_from_meta(meta)); - const auto effective_gid = - (forced_gid_.has_value() ? forced_gid_.value() - : get_gid_from_meta(meta)); + if (current_uid == 0) { + return api_error::success; + } - // Create file mode - mode_t effective_mode = - forced_umask_.has_value() - ? ((S_IRWXU | S_IRWXG | S_IRWXO) & (~forced_umask_.value())) - : get_mode_from_meta(meta); + // Always allow forced user + if (forced_uid_.has_value() || (current_uid == get_effective_uid())) { + return api_error::success; + } - // Create access mask - mode_t active_mask = S_IRWXO; - if (current_uid == effective_uid) { - active_mask |= S_IRWXU; - } - if (get_current_gid() == effective_gid) { - active_mask |= S_IRWXG; - } - if (utils::is_uid_member_of_group(current_uid, effective_gid)) { - active_mask |= S_IRWXG; - } + // Always allow if checking file exists + if (F_OK == mask) { + return api_error::success; + } - // Calculate effective file mode - effective_mode &= active_mask; + const auto effective_uid = + (forced_uid_.has_value() ? forced_uid_.value() : get_uid_from_meta(meta)); + const auto effective_gid = + (forced_gid_.has_value() ? forced_gid_.value() : get_gid_from_meta(meta)); - // Check allow execute - if ((mask & X_OK) == X_OK) { - if ((effective_mode & (S_IXUSR | S_IXGRP | S_IXOTH)) == 0) { - return api_error::permission_denied; - } - } + // Create file mode + mode_t effective_mode = + forced_umask_.has_value() + ? ((S_IRWXU | S_IRWXG | S_IRWXO) & (~forced_umask_.value())) + : get_mode_from_meta(meta); - // Check allow write - if ((mask & W_OK) == W_OK) { - if ((effective_mode & (S_IWUSR | S_IWGRP | S_IWOTH)) == 0) { - return api_error::access_denied; - } - } + // Create access mask + mode_t active_mask = S_IRWXO; + if (current_uid == effective_uid) { + active_mask |= S_IRWXU; + } + if (get_current_gid() == effective_gid) { + active_mask |= S_IRWXG; + } + if (utils::is_uid_member_of_group(current_uid, effective_gid)) { + active_mask |= S_IRWXG; + } - // Check allow read - if ((mask & R_OK) == R_OK) { - if ((effective_mode & (S_IRUSR | S_IRGRP | S_IROTH)) == 0) { - return api_error::access_denied; - } - } + // Calculate effective file mode + effective_mode &= active_mask; - if (effective_mode == 0) { - // Deny access if effective mode is 0 - return api_error::access_denied; - } - } + // Check allow execute + if ((mask & X_OK) == X_OK) { + if ((effective_mode & (S_IXUSR | S_IXGRP | S_IXOTH)) == 0) { + return api_error::permission_denied; } } + // Check allow write + if ((mask & W_OK) == W_OK) { + if ((effective_mode & (S_IWUSR | S_IWGRP | S_IWOTH)) == 0) { + return api_error::access_denied; + } + } + + // Check allow read + if ((mask & R_OK) == R_OK) { + if ((effective_mode & (S_IRUSR | S_IRGRP | S_IROTH)) == 0) { + return api_error::access_denied; + } + } + + if (effective_mode == 0) { + // Deny access if effective mode is 0 + return api_error::access_denied; + } + return api_error::success; }