X-Git-Url: http://erislabs.net/gitweb/?a=blobdiff_plain;f=lib%2Feuidaccess.c;h=e0fdf9de2ea18c645dc423bb1dfed128e528c31a;hb=b832246eea3bab34518fedf439ca6fe2f08af4e4;hp=8b0027009206ec5a851419dee58efc347f610865;hpb=da3b26cb6100672d6a21b79218b5aa818fcb7ad0;p=gnulib.git diff --git a/lib/euidaccess.c b/lib/euidaccess.c index 8b0027009..e0fdf9de2 100644 --- a/lib/euidaccess.c +++ b/lib/euidaccess.c @@ -1,152 +1,128 @@ /* euidaccess -- check if effective user id can access file - Copyright (C) 1990, 1991 Free Software Foundation, Inc. + Copyright (C) 1990, 1991, 1995, 1998, 2000 Free Software Foundation, Inc. - This program is free software; you can redistribute it and/or modify - it under the terms of the GNU General Public License as published by - the Free Software Foundation; either version 2, or (at your option) - any later version. +This file is part of the GNU C Library. - This program is distributed in the hope that it will be useful, - but WITHOUT ANY WARRANTY; without even the implied warranty of - MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the - GNU General Public License for more details. +The GNU C Library is free software; you can redistribute it and/or +modify it under the terms of the GNU Library General Public License as +published by the Free Software Foundation; either version 2 of the +License, or (at your option) any later version. - You should have received a copy of the GNU General Public License - along with this program; if not, write to the Free Software - Foundation, Inc., 675 Mass Ave, Cambridge, MA 02139, USA. */ +The GNU C Library is distributed in the hope that it will be useful, +but WITHOUT ANY WARRANTY; without even the implied warranty of +MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU +Library General Public License for more details. -/* Written by David MacKenzie and Torbjorn Granlund. */ +You should have received a copy of the GNU Library General Public +License along with the GNU C Library; see the file COPYING.LIB. If +not, write to the Free Software Foundation, Inc., 59 Temple Place - +Suite 330, Boston, MA 02111-1307, USA. */ -#ifdef HAVE_CONFIG_H -#include +/* Written by David MacKenzie and Torbjorn Granlund. + Adapted for GNU C library by Roland McGrath. */ + +#if HAVE_CONFIG_H +# include #endif #include #include #ifdef S_IEXEC -#ifndef S_IXUSR -#define S_IXUSR S_IEXEC -#endif -#ifndef S_IXGRP -#define S_IXGRP (S_IEXEC >> 3) -#endif -#ifndef S_IXOTH -#define S_IXOTH (S_IEXEC >> 6) -#endif +# ifndef S_IXUSR +# define S_IXUSR S_IEXEC +# endif +# ifndef S_IXGRP +# define S_IXGRP (S_IEXEC >> 3) +# endif +# ifndef S_IXOTH +# define S_IXOTH (S_IEXEC >> 6) +# endif #endif /* S_IEXEC */ -#ifdef HAVE_UNISTD_H -#include +#if defined (HAVE_UNISTD_H) || defined (_LIBC) +# include #endif #ifdef _POSIX_VERSION -#include -#if !defined(NGROUPS_MAX) || NGROUPS_MAX < 1 -#undef NGROUPS_MAX -#define NGROUPS_MAX sysconf (_SC_NGROUPS_MAX) -#endif /* NGROUPS_MAX */ +# include +# if !defined(NGROUPS_MAX) || NGROUPS_MAX < 1 +# undef NGROUPS_MAX +# define NGROUPS_MAX sysconf (_SC_NGROUPS_MAX) +# endif /* NGROUPS_MAX */ #else /* not _POSIX_VERSION */ uid_t getuid (); gid_t getgid (); uid_t geteuid (); gid_t getegid (); -#include -#if !defined(NGROUPS_MAX) && defined(NGROUPS) -#define NGROUPS_MAX NGROUPS -#endif /* not NGROUPS_MAX and NGROUPS */ +# include +# if !defined(NGROUPS_MAX) && defined(NGROUPS) +# define NGROUPS_MAX NGROUPS +# endif /* not NGROUPS_MAX and NGROUPS */ #endif /* not POSIX_VERSION */ #include #ifndef errno extern int errno; #endif +#ifndef __set_errno +# define __set_errno(val) errno = (val) +#endif #if defined(EACCES) && !defined(EACCESS) -#define EACCESS EACCES +# define EACCESS EACCES #endif #ifndef F_OK -#define F_OK 0 -#define X_OK 1 -#define W_OK 2 -#define R_OK 4 +# define F_OK 0 +# define X_OK 1 +# define W_OK 2 +# define R_OK 4 +#endif + +#if !defined (S_IROTH) && defined (R_OK) +# define S_IROTH R_OK +#endif + +#if !defined (S_IWOTH) && defined (W_OK) +# define S_IWOTH W_OK +#endif + +#if !defined (S_IXOTH) && defined (X_OK) +# define S_IXOTH X_OK #endif +#ifdef _LIBC + +# define group_member __group_member +# define euidaccess __euidaccess + +#else + /* The user's real user id. */ static uid_t uid; /* The user's real group id. */ static gid_t gid; +# if HAVE_GETGROUPS +int group_member (); +# else +# define group_member(gid) 0 +# endif + +#endif + /* The user's effective user id. */ static uid_t euid; /* The user's effective group id. */ static gid_t egid; -int group_member (); - /* Nonzero if UID, GID, EUID, and EGID have valid values. */ -static int have_ids = 0; - -/* Like euidaccess, except that a pointer to a filled-in stat structure - describing the file is provided instead of a filename. - Because this function is almost guaranteed to fail on systems that - use ACLs, a third argument *PATH may be used. If it is non-NULL, - it is assumed to be the name of the file corresponding to STATP. - Then, if the user is not running set-uid or set-gid, use access - instead of attempting a manual and non-portable comparison. */ - -static int -eaccess_stat (statp, mode, path) - const struct stat *statp; - int mode; - const char *path; -{ - int granted; - - mode &= (X_OK | W_OK | R_OK); /* Clear any bogus bits. */ - - if (mode == F_OK) - return 0; /* The file exists. */ - - if (have_ids == 0) - { - have_ids = 1; - uid = getuid (); - gid = getgid (); - euid = geteuid (); - egid = getegid (); - } +static int have_ids; - if (path && uid == euid && gid == egid) - { - return access (path, mode); - } - - /* The super-user can read and write any file, and execute any file - that anyone can execute. */ - if (euid == 0 && ((mode & X_OK) == 0 - || (statp->st_mode & (S_IXUSR | S_IXGRP | S_IXOTH)))) - return 0; - - if (euid == statp->st_uid) - granted = (unsigned) (statp->st_mode & (mode << 6)) >> 6; - else if (egid == statp->st_gid -#ifdef HAVE_GETGROUPS - || group_member (statp->st_gid) -#endif - ) - granted = (unsigned) (statp->st_mode & (mode << 3)) >> 3; - else - granted = (statp->st_mode & mode); - if (granted == mode) - return 0; - errno = EACCESS; - return -1; -} /* Return 0 if the user has permission of type MODE on file PATH; otherwise, return -1 and set `errno' to EACCESS. @@ -155,12 +131,16 @@ eaccess_stat (statp, mode, path) filesystem, text busy, etc. */ int -euidaccess (path, mode) - const char *path; - int mode; +euidaccess (const char *path, int mode) { struct stat stats; + int granted; +#ifdef _LIBC + if (! __libc_enable_secure) + /* If we are not set-uid or set-gid, access does the same. */ + return __access (path, mode); +#else if (have_ids == 0) { have_ids = 1; @@ -171,21 +151,57 @@ euidaccess (path, mode) } if (uid == euid && gid == egid) - { - return access (path, mode); - } + /* If we are not set-uid or set-gid, access does the same. */ + return access (path, mode); +#endif if (stat (path, &stats)) return -1; - return eaccess_stat (&stats, mode, path); -} + mode &= (X_OK | W_OK | R_OK); /* Clear any bogus bits. */ +#if R_OK != S_IROTH || W_OK != S_IWOTH || X_OK != S_IXOTH + ?error Oops, portability assumptions incorrect. +#endif -#ifdef TEST -#include -#include + if (mode == F_OK) + return 0; /* The file exists. */ + +#ifdef _LIBC + /* Now we need the IDs. */ + if (have_ids == 0) + { + have_ids = 1; + euid = __geteuid (); + egid = __getegid (); + } +#endif -void error (); + /* The super-user can read and write any file, and execute any file + that anyone can execute. */ + if (euid == 0 && ((mode & X_OK) == 0 + || (stats.st_mode & (S_IXUSR | S_IXGRP | S_IXOTH)))) + return 0; + + if (euid == stats.st_uid) + granted = (unsigned) (stats.st_mode & (mode << 6)) >> 6; + else if (egid == stats.st_gid || group_member (stats.st_gid)) + granted = (unsigned) (stats.st_mode & (mode << 3)) >> 3; + else + granted = (stats.st_mode & mode); + if (granted == mode) + return 0; + __set_errno (EACCESS); + return -1; +} +#undef euidaccess +#ifdef weak_alias +weak_alias (__euidaccess, euidaccess) +#endif + +#ifdef TEST +# include +# include +# include "error.h" char *program_name;