[cvsacl-users] Problems in code?

SourceForge Headquarters 225 Broadway Suite 1600 San Diego, CA 92101 +1 (858) 422-6466

The acl code as distributed always gives read permission to anyone who 
has write permission, and for our purpose, we needed read permission to 
be unrelated to write permission. I changed a few lines of code in the 
valid_permissions() function to do this, and in the aclconfig set the 
default permissions to n, and now I've been trying to figure out why 
things aren't working. As I have examined the code, I found some parts 
that appear to be problems in acl.c

=== access_allowed(): Use of accessfilecount: ===

The routine contains a loop

    for (accessfilecount; accessfilecount >= 0 && !oneaccessfile; 
accessfilecount--)

It looks like there is code missing here, and either the statement 
should assign an initial value to accessfilecount.

    for (accessfilecount = ...... ;

or the variable should get an initial value earlier. Before this "for" 
statement, accessfilecount is assigned an initial value only if the file 
parameter to this routine is non-null. If file is null, you enter the 
loop with a random number in accessfilecount.

I changed the code to give accessfilecount an initial value of 0. Seems ok.

==== access_allowed(): retval overwritten ====

One of the main loops of this routine is a while statement that get 
calls getline() to get a line from the access file and process it. In 
this loop, it assigns retval a value of 1 or 0 depending upon whether 
access to the file is allowed or not. The problem is that each iteration 
of the loop overwrites the retval from the previous iteration, which 
means that the only line in the access file that counts is last line.

In my case, the access file looks like this and I am wrk.

d:ALL:ALL:cvsca!p:
d:ALL:ALL:configwriter!wc:
d:ALL:ALL:ALL!n,wrk!p:
d:ALL:ALL:jjohnson!p:

If I try to list the permissions on a directory (cvs -d 
/data/local/cvsca racl -l -d Practice) permission is denied. As the code 
iterates thorugh the file, retval is set to 0 for the first 2 lines, set 
to 1 for the 3rd line, and set to 0 again for the 4th line, and which 
point the loop ends and I am denied access.

I changed the code so it terminates the main while loop when retval is 
nonzero, and that seems to be working ok.

    while (getline (&line, &line_allocated, accessfp) >= 0 && retval == 0)

==== Can't set permissions ===

I have a directory Practice containing a file Test3.txt. I wanted to 
give a user "configwriter" read permission on this, and so I tried the 
following command and it didn't work.

[jjohnson@foo jjohnson]$ cvs -d /data/local/cvsca racl configwriter:+r 
-f Practice/Test3.txt
cvs racl: Practice/Test3.txt user is not given any permissions to remove/add

Am I doing something incorrectly? Tracing through the code, I don't see 
how it will ever work, so I am certainly missing something. The command 
invokes acl_fileproc, which in turn invokes access_allowed, then 
make_perm. Make_perm depends on having some line, I think the line for 
the user configwriter, returned by access_allowed. However, 
access_allowed will never return the line because it contains a 
comparison "strcmp (dirs[x], part_object)", where the values are:

  dirs[0]  = Practice
  dirs[1]  = Practice/Test3.txt
   part_object = ALL

The comparsion always fails. Should the statment actually be:

    if (strcmp("ALL", part_object) == 0 || strcmp (dirs[x], part_object) 
== 0)

Trying that makes the code fail in other ways, so I am surely twisted 
around and confused. Can anyone help?

Willard