/* euidaccess -- check if effective user id can access file
- Copyright (C) 1990, 1991, 1995 Free Software Foundation, Inc.
-This file is part of the GNU C Library.
+ Copyright (C) 1990-1991, 1995, 1998, 2000, 2003-2006, 2008-2013 Free
+ Software Foundation, Inc.
-The GNU C Library is free software; you can redistribute it and/or
-modify it under the terms of the GNU Library General Public License as
-published by the Free Software Foundation; either version 2 of the
-License, or (at your option) any later version.
+ This file is part of the GNU C Library.
-The GNU C Library is distributed in the hope that it will be useful,
-but WITHOUT ANY WARRANTY; without even the implied warranty of
-MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU
-Library General Public License for more details.
+ This program is free software: you can redistribute it and/or modify
+ it under the terms of the GNU General Public License as published by
+ the Free Software Foundation; either version 3 of the License, or
+ (at your option) any later version.
-You should have received a copy of the GNU Library General Public
-License along with the GNU C Library; see the file COPYING.LIB. If
-not, write to the Free Software Foundation, Inc., 59 Temple Place -
-Suite 330, Boston, MA 02111-1307, USA. */
+ This program is distributed in the hope that it will be useful,
+ but WITHOUT ANY WARRANTY; without even the implied warranty of
+ MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
+ GNU General Public License for more details.
+
+ You should have received a copy of the GNU General Public License
+ along with this program. If not, see <http://www.gnu.org/licenses/>. */
/* Written by David MacKenzie and Torbjorn Granlund.
Adapted for GNU C library by Roland McGrath. */
-#if HAVE_CONFIG_H
+#ifndef _LIBC
# include <config.h>
#endif
+#include <fcntl.h>
#include <sys/types.h>
#include <sys/stat.h>
+#include <unistd.h>
-#ifdef S_IEXEC
-# ifndef S_IXUSR
-# define S_IXUSR S_IEXEC
-# endif
-# ifndef S_IXGRP
-# define S_IXGRP (S_IEXEC >> 3)
-# endif
-# ifndef S_IXOTH
-# define S_IXOTH (S_IEXEC >> 6)
-# endif
-#endif /* S_IEXEC */
+#include "root-uid.h"
-#if defined (HAVE_UNISTD_H) || defined (_LIBC)
-# include <unistd.h>
+#if HAVE_LIBGEN_H
+# include <libgen.h>
#endif
-#ifdef _POSIX_VERSION
-# include <limits.h>
-# if !defined(NGROUPS_MAX) || NGROUPS_MAX < 1
-# undef NGROUPS_MAX
-# define NGROUPS_MAX sysconf (_SC_NGROUPS_MAX)
-# endif /* NGROUPS_MAX */
-
-#else /* not _POSIX_VERSION */
-uid_t getuid ();
-gid_t getgid ();
-uid_t geteuid ();
-gid_t getegid ();
-# include <sys/param.h>
-# if !defined(NGROUPS_MAX) && defined(NGROUPS)
-# define NGROUPS_MAX NGROUPS
-# endif /* not NGROUPS_MAX and NGROUPS */
-#endif /* not POSIX_VERSION */
-
#include <errno.h>
-#ifndef errno
-extern int errno;
+#ifndef __set_errno
+# define __set_errno(val) errno = (val)
#endif
-#if defined(EACCES) && !defined(EACCESS)
+#if defined EACCES && !defined EACCESS
# define EACCESS EACCES
#endif
# define R_OK 4
#endif
-#if !defined (S_IROTH) && defined (R_OK)
-# define S_IROTH R_OK
-#endif
-
-#if !defined (S_IWOTH) && defined (W_OK)
-# define S_IWOTH W_OK
-#endif
-
-#if !defined (S_IXOTH) && defined (X_OK)
-# define S_IXOTH X_OK
-#endif
#ifdef _LIBC
+# define access __access
+# define getuid __getuid
+# define getgid __getgid
+# define geteuid __geteuid
+# define getegid __getegid
# define group_member __group_member
+# define euidaccess __euidaccess
+# undef stat
+# define stat stat64
-#else
+#endif
-/* The user's real user id. */
-static uid_t uid;
+/* Return 0 if the user has permission of type MODE on FILE;
+ otherwise, return -1 and set 'errno'.
+ Like access, except that it uses the effective user and group
+ id's instead of the real ones, and it does not always check for read-only
+ file system, text busy, etc. */
-/* The user's real group id. */
-static gid_t gid;
+int
+euidaccess (const char *file, int mode)
+{
+#if HAVE_FACCESSAT /* glibc, AIX 7, Solaris 11, Cygwin 1.7 */
+ return faccessat (AT_FDCWD, file, mode, AT_EACCESS);
+#elif defined EFF_ONLY_OK /* IRIX, OSF/1, Interix */
+ return access (file, mode | EFF_ONLY_OK);
+#elif defined ACC_SELF /* AIX */
+ return accessx (file, mode, ACC_SELF);
+#elif HAVE_EACCESS /* FreeBSD */
+ return eaccess (file, mode);
+#else /* Mac OS X, NetBSD, OpenBSD, HP-UX, Solaris, Cygwin, mingw, BeOS */
+
+ uid_t uid = getuid ();
+ gid_t gid = getgid ();
+ uid_t euid = geteuid ();
+ gid_t egid = getegid ();
+ struct stat stats;
-/* The user's effective user id. */
-static uid_t euid;
+# if HAVE_DECL_SETREGID && PREFER_NONREENTRANT_EUIDACCESS
-/* The user's effective group id. */
-static gid_t egid;
+ /* Define PREFER_NONREENTRANT_EUIDACCESS if you prefer euidaccess to
+ return the correct result even if this would make it
+ nonreentrant. Define this only if your entire application is
+ safe even if the uid or gid might temporarily change. If your
+ application uses signal handlers or threads it is probably not
+ safe. */
-/* Nonzero if UID, GID, EUID, and EGID have valid values. */
-static int have_ids = 0;
+ if (mode == F_OK)
+ return stat (file, &stats);
+ else
+ {
+ int result;
+ int saved_errno;
-# if HAVE_GETGROUPS
-int group_member ();
-# else
-# define group_member(gid) 0
-# endif
+ if (uid != euid)
+ setreuid (euid, uid);
+ if (gid != egid)
+ setregid (egid, gid);
-#endif
+ result = access (file, mode);
+ saved_errno = errno;
+ /* Restore them. */
+ if (uid != euid)
+ setreuid (uid, euid);
+ if (gid != egid)
+ setregid (gid, egid);
-/* Return 0 if the user has permission of type MODE on file PATH;
- otherwise, return -1 and set `errno' to EACCESS.
- Like access, except that it uses the effective user and group
- id's instead of the real ones, and it does not check for read-only
- filesystem, text busy, etc. */
+ errno = saved_errno;
+ return result;
+ }
-int
-euidaccess (path, mode)
- const char *path;
- int mode;
-{
- struct stat stats;
- int granted;
+# else
-#ifdef _LIBC
- uid_t uid = getuid (), euid = geteuid ();
- gid_t gid = getgid (), egid = getegid ();
-#else
- if (have_ids == 0)
- {
- have_ids = 1;
- uid = getuid ();
- gid = getgid ();
- euid = geteuid ();
- egid = getegid ();
- }
-#endif
+ /* The following code assumes the traditional Unix model, and is not
+ correct on systems that have ACLs or the like. However, it's
+ better than nothing, and it is reentrant. */
+ unsigned int granted;
if (uid == euid && gid == egid)
/* If we are not set-uid or set-gid, access does the same. */
- return access (path, mode);
+ return access (file, mode);
- if (stat (path, &stats))
+ if (stat (file, &stats) != 0)
return -1;
- mode &= (X_OK | W_OK | R_OK); /* Clear any bogus bits. */
-#if R_OK != S_IROTH || W_OK != S_IWOTH || X_OK != S_IXOTH
- ?error Oops, portability assumptions incorrect.
-#endif
-
- if (mode == F_OK)
- return 0; /* The file exists. */
-
/* The super-user can read and write any file, and execute any file
- that anyone can execute. */
- if (euid == 0 && ((mode & X_OK) == 0
- || (stats.st_mode & (S_IXUSR | S_IXGRP | S_IXOTH))))
+ that anyone can execute. */
+ if (euid == ROOT_UID
+ && ((mode & X_OK) == 0
+ || (stats.st_mode & (S_IXUSR | S_IXGRP | S_IXOTH))))
return 0;
+ /* Convert the mode to traditional form, clearing any bogus bits. */
+ if (R_OK == 4 && W_OK == 2 && X_OK == 1 && F_OK == 0)
+ mode &= 7;
+ else
+ mode = ((mode & R_OK ? 4 : 0)
+ + (mode & W_OK ? 2 : 0)
+ + (mode & X_OK ? 1 : 0));
+
+ if (mode == 0)
+ return 0; /* The file exists. */
+
+ /* Convert the file's permission bits to traditional form. */
+ if (S_IRUSR == (4 << 6) && S_IWUSR == (2 << 6) && S_IXUSR == (1 << 6)
+ && S_IRGRP == (4 << 3) && S_IWGRP == (2 << 3) && S_IXGRP == (1 << 3)
+ && S_IROTH == (4 << 0) && S_IWOTH == (2 << 0) && S_IXOTH == (1 << 0))
+ granted = stats.st_mode;
+ else
+ granted = ((stats.st_mode & S_IRUSR ? 4 << 6 : 0)
+ + (stats.st_mode & S_IWUSR ? 2 << 6 : 0)
+ + (stats.st_mode & S_IXUSR ? 1 << 6 : 0)
+ + (stats.st_mode & S_IRGRP ? 4 << 3 : 0)
+ + (stats.st_mode & S_IWGRP ? 2 << 3 : 0)
+ + (stats.st_mode & S_IXGRP ? 1 << 3 : 0)
+ + (stats.st_mode & S_IROTH ? 4 << 0 : 0)
+ + (stats.st_mode & S_IWOTH ? 2 << 0 : 0)
+ + (stats.st_mode & S_IXOTH ? 1 << 0 : 0));
+
if (euid == stats.st_uid)
- granted = (unsigned) (stats.st_mode & (mode << 6)) >> 6;
+ granted >>= 6;
else if (egid == stats.st_gid || group_member (stats.st_gid))
- granted = (unsigned) (stats.st_mode & (mode << 3)) >> 3;
- else
- granted = (stats.st_mode & mode);
- if (granted == mode)
+ granted >>= 3;
+
+ if ((mode & ~granted) == 0)
return 0;
- errno = EACCESS;
+ __set_errno (EACCESS);
return -1;
+
+# endif
+#endif
+}
+#undef euidaccess
+#ifdef weak_alias
+weak_alias (__euidaccess, euidaccess)
+#endif
+\f
+#ifdef TEST
+# include <error.h>
+# include <stdio.h>
+# include <stdlib.h>
+
+char *program_name;
+
+int
+main (int argc, char **argv)
+{
+ char *file;
+ int mode;
+ int err;
+
+ program_name = argv[0];
+ if (argc < 3)
+ abort ();
+ file = argv[1];
+ mode = atoi (argv[2]);
+
+ err = euidaccess (file, mode);
+ printf ("%d\n", err);
+ if (err != 0)
+ error (0, errno, "%s", file);
+ exit (0);
}
+#endif