Commit | Line | Data |
---|---|---|
73dcdb9f PE |
1 | /* euidaccess -- check if effective user id can access file |
2 | ||
9ff99d22 | 3 | Copyright (C) 1990-1991, 1995, 1998, 2000, 2003-2006, 2008-2013 Free |
73dcdb9f PE |
4 | Software Foundation, Inc. |
5 | ||
6 | This file is part of the GNU C Library. | |
7 | ||
8 | This program is free software: you can redistribute it and/or modify | |
9 | it under the terms of the GNU General Public License as published by | |
10 | the Free Software Foundation; either version 3 of the License, or | |
11 | (at your option) any later version. | |
12 | ||
13 | This program is distributed in the hope that it will be useful, | |
14 | but WITHOUT ANY WARRANTY; without even the implied warranty of | |
15 | MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the | |
16 | GNU General Public License for more details. | |
17 | ||
18 | You should have received a copy of the GNU General Public License | |
19 | along with this program. If not, see <http://www.gnu.org/licenses/>. */ | |
20 | ||
21 | /* Written by David MacKenzie and Torbjorn Granlund. | |
22 | Adapted for GNU C library by Roland McGrath. */ | |
23 | ||
24 | #ifndef _LIBC | |
25 | # include <config.h> | |
26 | #endif | |
27 | ||
28 | #include <fcntl.h> | |
29 | #include <sys/types.h> | |
30 | #include <sys/stat.h> | |
31 | #include <unistd.h> | |
32 | ||
33 | #include "root-uid.h" | |
34 | ||
35 | #if HAVE_LIBGEN_H | |
36 | # include <libgen.h> | |
37 | #endif | |
38 | ||
39 | #include <errno.h> | |
40 | #ifndef __set_errno | |
41 | # define __set_errno(val) errno = (val) | |
42 | #endif | |
43 | ||
44 | #if defined EACCES && !defined EACCESS | |
45 | # define EACCESS EACCES | |
46 | #endif | |
47 | ||
48 | #ifndef F_OK | |
49 | # define F_OK 0 | |
50 | # define X_OK 1 | |
51 | # define W_OK 2 | |
52 | # define R_OK 4 | |
53 | #endif | |
54 | ||
55 | ||
56 | #ifdef _LIBC | |
57 | ||
58 | # define access __access | |
59 | # define getuid __getuid | |
60 | # define getgid __getgid | |
61 | # define geteuid __geteuid | |
62 | # define getegid __getegid | |
63 | # define group_member __group_member | |
64 | # define euidaccess __euidaccess | |
65 | # undef stat | |
66 | # define stat stat64 | |
67 | ||
68 | #endif | |
69 | ||
70 | /* Return 0 if the user has permission of type MODE on FILE; | |
71 | otherwise, return -1 and set 'errno'. | |
72 | Like access, except that it uses the effective user and group | |
73 | id's instead of the real ones, and it does not always check for read-only | |
74 | file system, text busy, etc. */ | |
75 | ||
76 | int | |
77 | euidaccess (const char *file, int mode) | |
78 | { | |
79 | #if HAVE_FACCESSAT /* glibc, AIX 7, Solaris 11, Cygwin 1.7 */ | |
80 | return faccessat (AT_FDCWD, file, mode, AT_EACCESS); | |
81 | #elif defined EFF_ONLY_OK /* IRIX, OSF/1, Interix */ | |
82 | return access (file, mode | EFF_ONLY_OK); | |
83 | #elif defined ACC_SELF /* AIX */ | |
84 | return accessx (file, mode, ACC_SELF); | |
85 | #elif HAVE_EACCESS /* FreeBSD */ | |
86 | return eaccess (file, mode); | |
87 | #else /* Mac OS X, NetBSD, OpenBSD, HP-UX, Solaris, Cygwin, mingw, BeOS */ | |
88 | ||
89 | uid_t uid = getuid (); | |
90 | gid_t gid = getgid (); | |
91 | uid_t euid = geteuid (); | |
92 | gid_t egid = getegid (); | |
93 | struct stat stats; | |
94 | ||
95 | # if HAVE_DECL_SETREGID && PREFER_NONREENTRANT_EUIDACCESS | |
96 | ||
97 | /* Define PREFER_NONREENTRANT_EUIDACCESS if you prefer euidaccess to | |
98 | return the correct result even if this would make it | |
99 | nonreentrant. Define this only if your entire application is | |
100 | safe even if the uid or gid might temporarily change. If your | |
101 | application uses signal handlers or threads it is probably not | |
102 | safe. */ | |
103 | ||
104 | if (mode == F_OK) | |
105 | return stat (file, &stats); | |
106 | else | |
107 | { | |
108 | int result; | |
109 | int saved_errno; | |
110 | ||
111 | if (uid != euid) | |
112 | setreuid (euid, uid); | |
113 | if (gid != egid) | |
114 | setregid (egid, gid); | |
115 | ||
116 | result = access (file, mode); | |
117 | saved_errno = errno; | |
118 | ||
119 | /* Restore them. */ | |
120 | if (uid != euid) | |
121 | setreuid (uid, euid); | |
122 | if (gid != egid) | |
123 | setregid (gid, egid); | |
124 | ||
125 | errno = saved_errno; | |
126 | return result; | |
127 | } | |
128 | ||
129 | # else | |
130 | ||
131 | /* The following code assumes the traditional Unix model, and is not | |
132 | correct on systems that have ACLs or the like. However, it's | |
133 | better than nothing, and it is reentrant. */ | |
134 | ||
135 | unsigned int granted; | |
136 | if (uid == euid && gid == egid) | |
137 | /* If we are not set-uid or set-gid, access does the same. */ | |
138 | return access (file, mode); | |
139 | ||
140 | if (stat (file, &stats) != 0) | |
141 | return -1; | |
142 | ||
143 | /* The super-user can read and write any file, and execute any file | |
144 | that anyone can execute. */ | |
145 | if (euid == ROOT_UID | |
146 | && ((mode & X_OK) == 0 | |
147 | || (stats.st_mode & (S_IXUSR | S_IXGRP | S_IXOTH)))) | |
148 | return 0; | |
149 | ||
150 | /* Convert the mode to traditional form, clearing any bogus bits. */ | |
151 | if (R_OK == 4 && W_OK == 2 && X_OK == 1 && F_OK == 0) | |
152 | mode &= 7; | |
153 | else | |
154 | mode = ((mode & R_OK ? 4 : 0) | |
155 | + (mode & W_OK ? 2 : 0) | |
156 | + (mode & X_OK ? 1 : 0)); | |
157 | ||
158 | if (mode == 0) | |
159 | return 0; /* The file exists. */ | |
160 | ||
161 | /* Convert the file's permission bits to traditional form. */ | |
162 | if (S_IRUSR == (4 << 6) && S_IWUSR == (2 << 6) && S_IXUSR == (1 << 6) | |
163 | && S_IRGRP == (4 << 3) && S_IWGRP == (2 << 3) && S_IXGRP == (1 << 3) | |
164 | && S_IROTH == (4 << 0) && S_IWOTH == (2 << 0) && S_IXOTH == (1 << 0)) | |
165 | granted = stats.st_mode; | |
166 | else | |
167 | granted = ((stats.st_mode & S_IRUSR ? 4 << 6 : 0) | |
168 | + (stats.st_mode & S_IWUSR ? 2 << 6 : 0) | |
169 | + (stats.st_mode & S_IXUSR ? 1 << 6 : 0) | |
170 | + (stats.st_mode & S_IRGRP ? 4 << 3 : 0) | |
171 | + (stats.st_mode & S_IWGRP ? 2 << 3 : 0) | |
172 | + (stats.st_mode & S_IXGRP ? 1 << 3 : 0) | |
173 | + (stats.st_mode & S_IROTH ? 4 << 0 : 0) | |
174 | + (stats.st_mode & S_IWOTH ? 2 << 0 : 0) | |
175 | + (stats.st_mode & S_IXOTH ? 1 << 0 : 0)); | |
176 | ||
177 | if (euid == stats.st_uid) | |
178 | granted >>= 6; | |
179 | else if (egid == stats.st_gid || group_member (stats.st_gid)) | |
180 | granted >>= 3; | |
181 | ||
182 | if ((mode & ~granted) == 0) | |
183 | return 0; | |
184 | __set_errno (EACCESS); | |
185 | return -1; | |
186 | ||
187 | # endif | |
188 | #endif | |
189 | } | |
190 | #undef euidaccess | |
191 | #ifdef weak_alias | |
192 | weak_alias (__euidaccess, euidaccess) | |
193 | #endif | |
194 | \f | |
195 | #ifdef TEST | |
196 | # include <error.h> | |
197 | # include <stdio.h> | |
198 | # include <stdlib.h> | |
199 | ||
200 | char *program_name; | |
201 | ||
202 | int | |
203 | main (int argc, char **argv) | |
204 | { | |
205 | char *file; | |
206 | int mode; | |
207 | int err; | |
208 | ||
209 | program_name = argv[0]; | |
210 | if (argc < 3) | |
211 | abort (); | |
212 | file = argv[1]; | |
213 | mode = atoi (argv[2]); | |
214 | ||
215 | err = euidaccess (file, mode); | |
216 | printf ("%d\n", err); | |
217 | if (err != 0) | |
218 | error (0, errno, "%s", file); | |
219 | exit (0); | |
220 | } | |
221 | #endif |