int SetRestrictedUserHomeDirectories()

in src/common/commonutils/UserUtils.c [1729:1795]

• 59 lines of code
• 18 McCabe index (conditional complexity)

int SetRestrictedUserHomeDirectories(unsigned int* modes, unsigned int numberOfModes, unsigned int modeForRoot, unsigned int modeForOthers, OsConfigLogHandle log)
{
    SimplifiedUser* userList = NULL;
    unsigned int userListSize = 0, i = 0, j = 0;
    bool oneGoodMode = false;
    int status = 0, _status = 0;

    if ((NULL == modes) || (0 == numberOfModes))
    {
        OsConfigLogError(log, "SetRestrictedUserHomeDirectories: invalid arguments (%p, %u)", modes, numberOfModes);
        return EINVAL;
    }

    if (0 == (status = EnumerateUsers(&userList, &userListSize, NULL, log)))
    {
        for (i = 0; i < userListSize; i++)
        {
            if (userList[i].noLogin || userList[i].cannotLogin || userList[i].isLocked)
            {
                continue;
            }
            else if (DirectoryExists(userList[i].home))
            {
                oneGoodMode = false;

                for (j = 0; j < numberOfModes; j++)
                {
                    if (0 == CheckDirectoryAccess(userList[i].home, userList[i].userId, userList[i].groupId, modes[j], true, NULL, log))
                    {
                        OsConfigLogInfo(log, "SetRestrictedUserHomeDirectories: user %u already has proper restricted access (%03o) for their assigned home directory",
                            userList[i].userId, modes[j]);
                        oneGoodMode = true;
                        break;
                    }
                }

                if (false == oneGoodMode)
                {
                    if (0 == (_status = SetDirectoryAccess(userList[i].home, userList[i].userId, userList[i].groupId, userList[i].isRoot ? modeForRoot : modeForOthers, log)))
                    {
                        OsConfigLogInfo(log, "SetRestrictedUserHomeDirectories: user %u has now proper restricted access (%03o) for their assigned home directory",
                            userList[i].userId, userList[i].isRoot ? modeForRoot : modeForOthers);
                    }
                    else
                    {
                        OsConfigLogInfo(log, "SetRestrictedUserHomeDirectories: cannot set restricted access (%03o) for user %u assigned home directory (%d, %s)",
                            userList[i].userId, userList[i].isRoot ? modeForRoot : modeForOthers, _status, strerror(_status));

                        if (0 == status)
                        {
                            status = _status;
                        }
                    }
                }
            }
        }
    }

    FreeUsersList(&userList, userListSize);

    if (0 == status)
    {
        OsConfigLogInfo(log, "SetRestrictedUserHomeDirectories: all users who can login have proper restricted access for their home directories");
    }

    return status;
}