source: trunk/src/slib.c@ 249

Last change on this file since 249 was 248, checked in by katerina, 15 years ago

Code to track down originating site for ticket #163.

File size: 67.7 KB
RevLine 
[1]1#include "config_xor.h"
2
[196]3#if defined(HAVE_POSIX_FADVISE) && defined(HAVE_MINCORE)
4#define _XOPEN_SOURCE 600
5#define _BSD_SOURCE
6#endif
[1]7
8#include <stdio.h>
9#include <stdlib.h>
10#include <stdarg.h>
11#include <string.h>
[20]12#include <limits.h>
[34]13#ifdef HAVE_STDINT_H
14/* for SIZE_MAX */
15#include <stdint.h>
16#endif
[1]17
18#include <unistd.h>
19#include <sys/stat.h>
20#include <sys/types.h>
21#include <fcntl.h>
22#include <signal.h>
23
[196]24#if defined(HAVE_POSIX_FADVISE) && defined(HAVE_MINCORE)
25#include <sys/mman.h>
26#endif
27
[1]28#if TIME_WITH_SYS_TIME
29#include <sys/time.h>
30#include <time.h>
31#else
32#if HAVE_SYS_TIME_H
33#include <sys/time.h>
34#else
35#include <time.h>
36#endif
37#endif
38
39#ifdef HAVE_MEMORY_H
40#include <memory.h>
41#endif
42#ifdef HAVE_SYS_SELECT_H
43#include <sys/select.h>
44#endif
45
46#ifndef FD_SET
47#define NFDBITS 32
48#define FD_SET(n, p) ((p)->fds_bits[(n)/NFDBITS] |= (1 << ((n) % NFDBITS)))
49#define FD_CLR(n, p) ((p)->fds_bits[(n)/NFDBITS] &= ~(1 << ((n) % NFDBITS)))
50#define FD_ISSET(n, p) ((p)->fds_bits[(n)/NFDBITS] & (1 << ((n) % NFDBITS)))
51#endif /* !FD_SET */
52#ifndef FD_SETSIZE
53#define FD_SETSIZE 32
54#endif
55#ifndef FD_ZERO
56#define FD_ZERO(p) memset((char *)(p), '\0', sizeof(*(p)))
57#endif
58
[76]59#define SH_REAL_SET
60
[1]61#include "slib.h"
62#include "sh_calls.h"
63#define SH_NEED_PWD_GRP 1
64#include "sh_static.h"
[144]65#include "sh_pthread.h"
[167]66#include "sh_string.h"
[1]67
68#undef FIL__
69#define FIL__ _("slib.c")
70
71const uid_t sh_uid_neg = ((uid_t) -1);
72const gid_t sh_gid_neg = ((gid_t) -1);
73
74#undef BREAKEXIT
75#if defined(SCREW_IT_UP) && defined(__linux__) && defined(__i386__)
76
77#ifdef SH_DEBUG
78#define BREAKEXIT(expr) \
79 do { \
80 int ixi; \
81 for (ixi = 0; ixi < 8; ++ixi) { \
82 if ((*(volatile unsigned *)((unsigned) expr + ixi) & 0xff) == 0xcc) \
83 { dlog(0, FIL__, __LINE__, _("BREAKEXIT")); _exit(EXIT_FAILURE); } \
84 } \
85 } \
86 while (1 == 0)
87#else
88#define BREAKEXIT(expr) \
89 do { \
90 int ixi; \
91 for (ixi = 0; ixi < 8; ++ixi) { \
92 if ((*(volatile unsigned *)((unsigned) expr + ixi) & 0xff) == 0xcc) \
93 _exit(EXIT_FAILURE); \
94 } \
95 } \
96 while (1 == 0)
97#endif
98
99#else
100#define BREAKEXIT(expr)
101#endif
102
103/****************************************************************
104 *
105 * The debug/trace subsystem
106 *
107 ****************************************************************/
108
109int slib_do_trace = 0;
110int slib_trace_fd = -1;
111
112static char trace_log[256] = { '\0' };
113static int trace_level = 0;
114static FILE * trace_fp = NULL;
115
[20]116int sl_trace_use (const char * dummy)
[1]117{
[169]118 (void) dummy;
119 slib_do_trace = 1;
[1]120 return 0;
121}
122
[20]123int sl_trace_file (const char * str)
[1]124{
125 if (!str)
126 return -1;
127 if (str[0] != '/')
128 return -1;
129 sl_strlcpy(trace_log, str, 256);
130 return 0;
131}
132
[170]133FILE * sl_tracefile_open(const char * file, const char * mode)
[1]134{
135 FILE * xp = NULL;
136 slib_trace_fd = open(file, O_WRONLY|O_CREAT|O_APPEND, 0600);
137 if (slib_trace_fd >= 0)
138 xp = fdopen(slib_trace_fd, mode);
139 return xp;
140}
141
[170]142void sl_trace_in(const char * str, const char * file, int line)
[1]143{
144 int i;
145 if (trace_log[0] == '\0')
146 {
147 fprintf(stderr, "++ ");
148 for (i = 0; i < trace_level; ++i)
149 fprintf(stderr, ". ");
150 fprintf(stderr, "[%2d] %s \t - File %c%s%c at line %d\n",
151 trace_level, str, 0x22, file, 0x22, line);
152 }
153 else if (!sl_is_suid())
154 {
155 if (!trace_fp)
156 trace_fp = sl_tracefile_open(trace_log, "a");
157 if (trace_fp)
158 {
159 fprintf(trace_fp, "++ ");
160 for (i = 0; i < trace_level; ++i)
161 fprintf(trace_fp, ". ");
162 fprintf(trace_fp, "[%2d] %s \t - File %c%s%c at line %d\n",
163 trace_level, str, 0x22, file, 0x22, line);
[169]164 fflush(trace_fp);
[1]165 }
166 else
167 {
168 perror(_("sl_trace_in: fopen"));
169 _exit(1);
170 }
171 }
172 ++trace_level;
173}
174
[170]175void sl_trace_out(const char * str, const char * file, int line)
[1]176{
177 int i;
178
179 --trace_level; if (trace_level < 0) trace_level = 0;
180
181 if (trace_log[0] == '\0')
182 {
183 fprintf(stderr, "-- ");
184 for (i = 0; i < trace_level; ++i)
185 fprintf(stderr, ". ");
186 fprintf(stderr, _("[%2d] %s \t - File %c%s%c at line %d\n"),
187 trace_level, str, 0x22, file, 0x22, line);
188 }
189 else if (!sl_is_suid())
190 {
191 if (!trace_fp)
192 trace_fp = sl_tracefile_open(trace_log, "a");
193 if (trace_fp)
194 {
195 fprintf(trace_fp, "-- ");
196 for (i = 0; i < trace_level; ++i)
197 fprintf(trace_fp, ". ");
198 fprintf(trace_fp, _("[%2d] %s \t - File %c%s%c at line %d\n"),
199 trace_level, str, 0x22, file, 0x22, line);
[169]200 fflush(trace_fp);
[1]201 }
202 else
203 {
204 perror(_("sl_trace_out: fopen"));
205 _exit(1);
206 }
207 }
208}
209
[170]210extern int sh_log_console (const char * msg);
[1]211
212static int dlogActive = 0;
213
214/* this is called from sh_error_setprint()
215 */
216void dlog_set_active(int flag)
217{
218 dlogActive = flag;
219}
220
221/* flag = 0 debug messages
222 * = 1 descriptive error messages
223 * = 3 backtrace
224 */
[170]225int dlog (int flag, const char * file, int line, const char *fmt, ...)
[1]226{
227 va_list ap;
228 char val[81];
229 char msg[512];
230 char tmp[512];
231 int retval = 0;
232 int i;
233
234#ifdef SH_STEALTH
235 /*
236 * do not even print descriptive failure messages in stealth mode
237 */
238 if (dlogActive == 0)
239 return 0;
240 if (dlogActive == 1 && flag == 0) /* debug requires debug level */
241 return 0;
242#else
243 if (dlogActive <= 1 && flag == 0) /* debug requires debug level */
244 return 0;
245#endif
246
247 if (flag == 1)
248 {
[22]249 sl_snprintf (val, 81, _("\n--------- %10s "), file);
[1]250 sl_strlcpy (msg, val, 80);
[22]251 sl_snprintf (val, 81, _(" --- %6d ---------\n"), line);
[1]252 sl_strlcat (msg, val, 80);
253 sh_log_console (msg);
254 }
255
256 va_start (ap, fmt);
257 if (flag == 1)
258 sl_strlcpy(tmp, fmt, 512);
259 else
260 sl_strlcpy(tmp, fmt, 256);
261 retval = sl_strlen(tmp);
262 if (retval > 0 && tmp[retval-1] == '\n')
263 tmp[retval-1] = '\0';
264 retval = 0;
265 if (flag == 1)
266 {
267 sl_vsnprintf (msg, 511, tmp, ap);
268 }
269 else
270 {
271 sl_strlcpy (msg, "## ", 256);
272 for (i = 0; i < trace_level; ++i)
273 sl_strlcat (msg, ". ", 256);
274 sprintf (val, _("[%2d] "), trace_level);
275 sl_strlcat (msg, val, 256);
276 sl_vsnprintf (&msg[sl_strlen(msg)], 255, tmp, ap);
277 sl_snprintf (tmp, 255, _(" \t - File %c%s%c at line %d"),
278 0x22, file, 0x22, line);
279 sl_strlcat (msg, tmp, 512);
280 }
281 va_end (ap);
282 if (flag != 0 || sl_is_suid())
283 retval = sh_log_console (msg);
284 else
285 {
286 if (trace_log[0] == '\0')
287 {
288 /* sh_log_console (msg); */
289 fprintf(stderr, "%s\n", msg);
290 }
291 else
292 {
293 if (!trace_fp)
294 trace_fp = sl_tracefile_open(trace_log, "a");
295 if (trace_fp)
296 {
297 fprintf(trace_fp, "%s\n", msg);
298 }
299 else
300 {
301 perror(_("dlog: fopen"));
302 _exit(1);
303 }
304 }
305 }
306 if (flag == 1)
307 sh_log_console (_("\n----------------------------------------------\n"));
308 return retval;
309}
310
311extern char aud_err_message[64];
312static char alt_err_message[64];
313char * sl_get_errmsg()
314{
315 if (aud_err_message[0] == '\0')
316 {
317 sl_strlcpy(alt_err_message, sl_error_string(sl_errno), 64);
318 return &alt_err_message[0];
319 }
320 return &aud_err_message[0];
321}
322
323
324#if defined(SL_DEBUG)
325#define SL_MAX_MYSTACK 128
326
327static char sl_mystack[SL_MAX_MYSTACK][32];
328static int sl_mystack_count = 0;
329
330void sl_stack_push(char * c, char * file, int line )
331{
332 if (slib_do_trace)
333 sl_trace_in(c, file, line);
334 if (c && sl_mystack_count < SL_MAX_MYSTACK)
335 {
336 strncpy(sl_mystack[sl_mystack_count], c, 31);
337 sl_mystack[sl_mystack_count][31] = '\0';
338 ++sl_mystack_count;
339 /*
340 fprintf(stderr, "#%03d %s\n", sl_mystack_count,
341 sl_mystack[sl_mystack_count-1]);
342 */
343 }
344 return;
345}
346
347void sl_stack_pop(char * c, char * file, int line)
348{
349 if (slib_do_trace)
350 sl_trace_out(c, file, line);
351 if (sl_mystack_count > 0)
352 {
353 /*
354 fprintf(stderr, " <- #%03d %s\n", sl_mystack_count,
355 sl_mystack[sl_mystack_count-1]);
356 */
357 --sl_mystack_count;
358 }
359 return;
360}
361
362void sl_stack_print()
363{
364 int i;
365 /* FILE * dfile; */
366
367 if (sl_mystack_count > 0)
368 {
369 sh_log_console(_("\nBacktrace:\n"));
370 /* dlog(3, FIL__, __LINE__, _("\nBacktrace:\n")); */
371 for (i = 0; i < sl_mystack_count; ++i)
372 sh_log_console(sl_mystack[i]);
373 /* dlog(3, FIL__, __LINE__, _("#%03d %s\n"), i, sl_mystack[i]); */
374 }
375 return;
376}
377
378#endif
379
380
381/*
382 * The global errno.
383 * On error, this is set to the return value of the function.
384 */
385long int sl_errno;
386
387
388/* ----------------------------------------------------------------
389 *
390 * Capability routines
391 *
392 * ---------------------------------------------------------------- */
393
394int sl_useCaps = 0;
395
396#ifdef FANCY_LIBCAP
397#include <sys/capability.h>
398
399/*
400 * While these routines are tested and work, we don't use POSIX
401 * capabilities, as they don't seem to be useful (root can write
402 * to root-owned files anyway). Things would be more interesting
403 * if we could switch to a non-root UID with just a few capabilities
404 * enabled.
405 */
406int sl_drop_cap ()
407{
408 int error;
409 cap_t caps;
410 cap_flag_t capflag;
411 cap_flag_value_t capfval = CAP_CLEAR;
412 cap_value_t capvals_e[] =
413 {
414 CAP_CHOWN, CAP_FOWNER, CAP_FSETID,
415 CAP_LINUX_IMMUTABLE, CAP_MKNOD, CAP_NET_ADMIN,
416 CAP_NET_BIND_SERVICE, CAP_NET_BROADCAST, CAP_NET_RAW,
417 CAP_SYS_ADMIN, CAP_SYS_BOOT, CAP_SYS_CHROOT,
418 CAP_SYS_PACCT, CAP_SYS_PTRACE, CAP_SYS_RAWIO,
419 CAP_SYS_RESOURCE, CAP_SYS_TIME, CAP_SYS_TTY_CONFIG,
420 CAP_SETGID, CAP_SETUID, CAP_KILL,
421 CAP_DAC_OVERRIDE,
422#if !defined(WITH_MESSAGE_QUEUE)
423 CAP_IPC_OWNER,
424#endif
425 CAP_SYS_MODULE, CAP_LEASE
426 };
427 cap_value_t capvals_p[] =
428 {
429 CAP_CHOWN, CAP_LEASE, CAP_FSETID,
430 CAP_LINUX_IMMUTABLE, CAP_MKNOD, CAP_NET_ADMIN,
431 CAP_NET_BIND_SERVICE, CAP_NET_BROADCAST, CAP_NET_RAW,
432 CAP_SYS_ADMIN, CAP_SYS_BOOT, CAP_SYS_CHROOT,
433 CAP_SYS_PACCT, CAP_SYS_PTRACE, CAP_SYS_RAWIO,
434 CAP_SYS_RESOURCE, CAP_SYS_TIME, CAP_SYS_TTY_CONFIG,
435#if !defined(WITH_EXTERNAL) && !defined(HAVE_UNIX_RANDOM)
436 CAP_SETGID, CAP_SETUID, CAP_KILL,
437#endif
438#if !defined(SH_USE_SUIDCHK)
439 CAP_DAC_OVERRIDE, CAP_FOWNER,
440#endif
441#if !defined(WITH_MESSAGE_QUEUE)
442 CAP_IPC_OWNER,
443#endif
444 CAP_SYS_MODULE
445 };
446
447 if (0 == sl_useCaps) /* 0 = S_FALSE */
448 {
449 return 0;
450 }
451
452 if(NULL == (caps = cap_get_proc()))
453 {
454 return errno;
455 }
456
457 capflag = CAP_EFFECTIVE;
458 if (0 != cap_set_flag(caps, capflag, sizeof(capvals_e)/sizeof(cap_value_t),
459 capvals_e, capfval))
460 {
461 error = errno;
462 cap_free(caps);
463 return error;
464 }
465 if (0 != cap_set_proc(caps))
466 {
467 error = errno;
468 cap_free(caps);
469 return error;
470 }
471
472 capflag = CAP_PERMITTED;
473 if (0 != cap_set_flag(caps, capflag, sizeof(capvals_p)/sizeof(cap_value_t),
474 capvals_p, capfval))
475 {
476 error = errno;
477 cap_free(caps);
478 return error;
479 }
480 if (0 != cap_set_proc(caps))
481 {
482 error = errno;
483 cap_free(caps);
484 return error;
485 }
486 cap_free(caps);
487 return 0;
488}
489
490int sl_drop_cap_int(int what)
491{
492#if defined(SL_DEBUG)
493 char * captext;
494#endif
495 cap_flag_t capflag = CAP_EFFECTIVE;
496 cap_flag_value_t capfval = CAP_CLEAR;
497 cap_value_t capvals_a[] = { CAP_SETGID, CAP_SETUID, CAP_KILL };
498 cap_value_t capvals_b[] = { CAP_DAC_OVERRIDE, CAP_FOWNER };
499 cap_value_t * capvals;
500 int nvals;
501 int error = 0;
502 cap_t caps = cap_get_proc();
503
504 if (0 == sl_useCaps) /* 0 = S_FALSE */
505 {
506 return 0;
507 }
508
509 if (caps == NULL)
510 {
511 return errno;
512 }
513
514 switch (what) {
515 case 1:
516 capvals = capvals_a;
517 nvals = 3;
518 capfval = CAP_CLEAR;
519 break;
520 case 2:
521 capvals = capvals_a;
522 nvals = 3;
523 capfval = CAP_SET;
524 break;
525 case 3:
526 capvals = capvals_b;
527 nvals = 2;
528 capfval = CAP_CLEAR;
529 break;
530 case 4:
531 capvals = capvals_b;
532 nvals = 2;
533 capfval = CAP_SET;
534 break;
535 default:
536 return (0);
537 }
538
539 if (0 != cap_set_flag(caps, capflag, nvals, capvals, capfval))
540 {
541 error = errno;
542 cap_free(caps);
543 return error;
544 }
545 if (0 != cap_set_proc(caps))
546 {
547 error = errno;
548 cap_free(caps);
549 return error;
550 }
551#if defined(SL_DEBUG)
552 captext = cap_to_text(caps, NULL);
553 TPT(( 0, FIL__, __LINE__, _("msg=<cap_int %d: %s>\n"), what, captext));
554 cap_free(captext);
555#endif
556 cap_free(caps);
557 return 0;
558}
559
560int sl_drop_cap_sub() { return sl_drop_cap_int(1); }
561int sl_get_cap_sub() { return sl_drop_cap_int(2); }
562int sl_drop_cap_qdel() { return sl_drop_cap_int(3); }
563int sl_get_cap_qdel() { return sl_drop_cap_int(4); }
564
565#else
566int sl_drop_cap () { return 0; }
567int sl_drop_cap_sub() { return 0; }
568int sl_get_cap_sub() { return 0; }
569int sl_drop_cap_qdel() { return 0; }
570int sl_get_cap_qdel() { return 0; }
571#endif
572
573/* ----------------------------------------------------------------
574 *
575 * String handling routines
576 *
577 * ---------------------------------------------------------------- */
578
579/*
[76]580 * Have memset in a different translation unit (i.e. this) to prevent
581 * it to get optimized away
[1]582 */
583void *sl_memset(void *s, int c, size_t n)
584{
[76]585 return memset(s, c,n);
[1]586}
587
588
589#if !defined (VA_COPY)
590#if defined (__GNUC__) && defined (__PPC__) && (defined (_CALL_SYSV) || defined (_WIN32))
591#define VA_COPY(ap1, ap2) (*(ap1) = *(ap2))
592#elif defined (VA_COPY_AS_ARRAY)
593#define VA_COPY(ap1, ap2) memmove ((ap1), (ap2), sizeof (va_list))
594#else /* va_list is a pointer */
595#define VA_COPY(ap1, ap2) ((ap1) = (ap2))
596#endif
597#endif
598
599#if !defined(HAVE_VSNPRINTF) || defined(HAVE_BROKEN_VSNPRINTF)
600static
601size_t sl_printf_count (const char * fmt, va_list vl)
602{
603 size_t length = 1;
604 int fini = 0;
605 int islong = 0;
606 int islonglong = 0;
607 int islongdouble = 0;
608 char * string_arg;
609
610 SL_ENTER(_("sl_printf_count"));
611
612 if (fmt == NULL)
613 SL_IRETURN(SL_ENULL, _("sl_printf_count"));
614
615 while (*fmt) {
616
617 if ( (*fmt) == '%' ) { /* a format specifier */
618
619 fmt++; /* point to first char after '%' */
620
621 fini = 0;
622 islong = 0;
623 islongdouble = 0;
624
625 while (*fmt && (fini == 0) ) {
626
627 switch (*fmt) {
628
629 case '*': /* field width supplied by an integer */
630 length = length + va_arg (vl, int);
631 ++fmt;
632 break;
633 case '1':
634 case '2':
635 case '3':
636 case '4':
637 case '5':
638 case '6':
639 case '7':
640 case '8':
641 case '9':
642 length = length + strtol (fmt, (char**) &fmt, 10);
643 /* strtol makes FastForward to first invalid char */
644 break;
645
646 case 'l': /* 'long' modifier */
647 if (islong == 0)
648 islong = 1;
649 else
650 {
651 islonglong = 1;
652 islong = 0;
653 }
654 ++fmt;
655 break;
656
657 case 'L': /* 'long double' modifier */
658#ifdef HAVE_LONG_DOUBLE
659 islongdouble = 1;
660#else
661 islong = 1;
662#endif
663 ++fmt;
664 break;
665
666 case 'd':
667 case 'i':
668 case 'o':
669 case 'u':
670 case 'x':
671 case 'X':
672 if (islonglong == 1)
673#ifdef HAVE_LONG_LONG
674 (void) va_arg (vl, long long);
675#else
676 (void) va_arg (vl, long);
677#endif
678 else if (islong == 1)
679 (void) va_arg (vl, long);
680 else
681 (void) va_arg (vl, int);
682 islong = 0;
683 islonglong = 0;
684 length = length + 24;
685 ++fmt;
686 fini = 1;
687 break;
688
689 case 'D':
690 case 'O':
691 case 'U':
692 (void) va_arg (vl, long);
693 length = length + 24;
694 fmt++;
695 fini = 1;
696 break;
697
698 case 'e':
699 case 'E':
700 case 'f':
701 case 'g':
702#ifdef HAVE_LONG_DOUBLE
703 if (islongdouble == 1) {
704 (void) va_arg (vl, long double);
705 islongdouble = 0;
706 length = length + 20;
707 }
708 else
709#endif
710 (void) va_arg (vl, double);
711 length = length + 20;
712 fini = 1;
713 ++fmt;
714 break;
715
716 case 's':
717 string_arg = va_arg (vl, char *);
718 if (string_arg != NULL)
719 length = length + sl_strlen (string_arg);
720 else
721 length = length + 16;
722 fini = 1;
723 ++fmt;
724 break;
725
726 case 'c':
727 (void) va_arg (vl, int);
728 length = length + 1;
729 fini = 1;
730 ++fmt;
731 break;
732
733 case 'p':
734 case 'n':
735 (void) va_arg (vl, void * );
736 length = length + 32;
737 fini = 1;
738 ++fmt;
739 break;
740
741 case '%': /* %% will print '%' */
742 length = length + 1;
743 fini = 1;
744 ++fmt;
745 break;
746
747 default:
748 length = length + 1;
749 ++fmt;
750 break;
751
752 } /* end switch */
753 }
754 /* end parsing a single format specifier */
755 } else {
756 length = length + 1;
757 fmt++;
758 }
759 }
760 SL_IRETURN(length, _("sl_printf_count"));
761}
762#endif /* #ifndef HAVE_VSNPRINTF */
763
764/*
765 * An implementation of vsnprintf. va_start/va_end are in the caller
766 * function.
767 * Returns C99 (#bytes that would heve been written) on success.
768 */
769int sl_vsnprintf(char *str, size_t n,
770 const char *format, va_list vl )
771{
772 int len = 0;
773#if !defined(HAVE_VSNPRINTF) || defined(HAVE_BROKEN_VSNPRINTF)
774 size_t total;
775 va_list vl2;
776#endif
777
778 SL_ENTER(_("sl_vsnprintf"));
779 if (str == NULL || format == NULL)
780 SL_IRETURN(0, _("sl_vsnprintf"));
781
782#if defined(HAVE_VSNPRINTF) && !defined(HAVE_BROKEN_VSNPRINTF)
[22]783 len = vsnprintf (str, n, format, vl); /* flawfinder: ignore */
[1]784 str[n-1] = '\0';
785#else
[22]786 VA_COPY (vl2, vl); /* save the argument list */
[1]787 total = sl_printf_count (format, vl);
[22]788 len = (int) total;
[1]789 if (total < n)
790 {
[22]791 /* flawfinder: ignore */
[1]792 vsprintf (str, format, vl2); /* program has checked that it fits */
793 str[n-1] = '\0';
794 }
795 else
796 {
797 sl_strlcpy (str, format, n);
798 va_end(vl2);
799 SL_IRETURN(len, _("sl_vsnprintf"));
800 }
801 va_end(vl2);
802#endif
803 SL_IRETURN(len, _("sl_vsnprintf"));
804}
805
806/*
807 * An implementation of snprintf.
808 * Returns SL_ENONE on success.
809 * ENULL: src || format == NULL
810 * ERANGE: n out of range
[22]811 * ETRUNC: truncated (unimplemented)
[1]812 */
813int sl_snprintf(char *str, size_t n,
814 const char *format, ... )
815{
816 va_list vl;
817#if !defined(HAVE_VSNPRINTF) || defined(HAVE_BROKEN_VSNPRINTF)
818 size_t total = 0;
819 va_list vl2;
820#endif
821
822 SL_ENTER(_("sl_snprintf"));
823 if (str == NULL || format == NULL)
824 SL_IRETURN(SL_ENULL, _("sl_snprintf"));
825
826 va_start (vl, format);
827#if defined(HAVE_VSNPRINTF) && !defined(HAVE_BROKEN_VSNPRINTF)
[22]828 /* flawfinder: ignore */
[1]829 vsnprintf (str, n, format, vl);
830 str[n-1] = '\0';
831#else
832 VA_COPY (vl2, vl); /* save the argument list */
833 total = sl_printf_count (format, vl);
834 if (total < n)
835 {
[22]836 /* flawfinder: ignore */
[1]837 vsprintf (str, format, vl2); /* program has checked that it fits */
838 str[n-1] = '\0';
839 }
840 else
841 {
842 sl_strlcpy (str, format, n);
843 va_end(vl2);
844 va_end(vl);
845 SL_IRETURN(SL_ETRUNC, _("sl_snprintf"));
846 }
847 va_end(vl2);
848#endif
849 va_end(vl);
850 SL_IRETURN(SL_ENONE, _("sl_snprintf"));
851}
852
853/*
854 * Appends src to string dst of size siz (unlike strncat, siz is the
855 * full size of dst, not space left). At most siz-1 characters
856 * will be copied. Always NUL terminates (unless siz == 0).
857 * Returns SL_NONE on success, errcode on failure.
858 *
859 * ENULL: dst == NULL
860 * ERANGE: siz out of range
861 * ETRUNC: src truncated
862 */
863int sl_strlcat(char * dst, /*@null@*/const char *src, size_t siz)
864{
865 register size_t dst_end;
866 register size_t dst_free;
867
868 register char * p;
869 register const char * q;
870
[76]871 if (!(dst == NULL || src == NULL || *src == '\0'))
872 {
873 if (siz > 0)
874 {
[1]875
[76]876 /* How much free space do we have ?
877 */
878 dst_end = strlen(dst);
879 dst_free = siz - dst_end - 1;
880
881 p = &dst[dst_end];
882 q = src;
883
884 while (dst_free > 0 && *q != '\0')
885 {
886 *p++ = *q++;
887 --dst_free;
888 }
889
890 /* NULL terminate dst.
891 */
892 *p = '\0';
893
894 if (*q == '\0')
895 return SL_ENONE;
896 else
897 return SL_ETRUNC;
898 }
899 }
[1]900 return SL_ENONE;
901}
902
903/*
904 * An alternative implementation of the OpenBSD strlcpy() function.
905 *
906 * Copy src to string dst of size siz. At most siz-1 characters
907 * will be copied. Always NUL terminates (unless siz == 0).
908 * Returns SL_NONE on success, errcode on failure.
909 *
910 * ENULL: dst == NULL
911 * ERANGE: siz out of range
912 * ETRUNC: src truncated
913 */
914int sl_strlcpy(char * dst, /*@null@*/const char * src, size_t siz)
915{
916 /* SL_ENTER(_("sl_strlcpy")); */
917
[76]918 if (!((dst == NULL) || (src == NULL)))
919 {
920 if (siz > 0) {
921 /* copy siz-1 characters
922 */
923 (void) strncpy(dst, src, siz-1);
924
925 /* NULL terminate
926 */
927 dst[siz-1] = '\0';
928 }
929 return SL_ENONE;
930 }
931 else if (src == NULL)
932 {
[1]933 if (siz > 0)
934 dst[0] = '\0';
935 return SL_ENONE;
936 }
[76]937 else
938 {
939 return SL_ENULL;
940 }
[1]941}
942
943/*
944 * A robust drop-in replacement of strncpy. strlcpy is preferable.
945 */
946char * sl_strncpy(char *dst, const char *src, size_t size)
947{
948
949#ifdef SL_FAIL_ON_ERROR
950 SL_REQUIRE(dst != NULL, _("dst != NULL"));
951 SL_REQUIRE(src != NULL, _("src != NULL"));
952 SL_REQUIRE(size > 0, _("size > 0"));
953#endif
954
955 if (dst == NULL)
956 {
957 sl_errno = SL_ENULL;
958 return (NULL);
959 }
960 if (size < 1)
961 {
962 sl_errno = SL_ERANGE;
963 return (dst);
964 }
965 if (!src)
966 {
967 sl_errno = SL_ENULL;
968 dst[0] = '\0';
969 }
970 else if (src[0] == '\0')
971 dst[0] = '\0';
972 else
973 strncpy(dst, src, size);
974
975 if (sl_strlen(src) >= size)
976 {
977 errno = ENOSPC;
978 dst[size-1] = '\0';
979 }
980 return (dst);
981}
982
983/*
984 * A robust drop-in replacement of strncat. strlcat is preferable.
985 */
986char * sl_strncat(char *dst, const char *src, size_t n)
987{
988#ifdef SL_FAIL_ON_ERROR
989 SL_REQUIRE(dst != NULL, _("dst != NULL"));
990 SL_REQUIRE(src != NULL, _("src != NULL"));
991 SL_REQUIRE(n > 0, _("n > 0"));
992#endif
993
994 if (dst == NULL)
995 {
996 sl_errno = SL_ENULL;
997 return (NULL);
998 }
999 if (n < 1)
1000 {
1001 sl_errno = SL_ERANGE;
1002 return (dst);
1003 }
1004 if (!src)
1005 {
1006 sl_errno = SL_ENULL;
1007 return (dst);
1008 }
1009 else if (src[0] == '\0')
1010 dst[0] = '\0';
1011 else
1012 strncat(dst, src, n);
1013
1014 return (dst);
1015}
1016
[169]1017#include <ctype.h>
1018int sl_strcasecmp(const char * one, const char * two)
1019{
1020#ifdef SL_FAIL_ON_ERROR
1021 SL_REQUIRE (one != NULL, _("one != NULL"));
1022 SL_REQUIRE (two != NULL, _("two != NULL"));
1023#endif
[1]1024
[169]1025 if (one && two)
1026 {
1027 do {
1028 if (*one && *two)
1029 {
1030 if (tolower(*one) == tolower(*two))
1031 {
1032 ++one; ++two;
1033 }
1034 else if (tolower(*one) < tolower(*two))
1035 return -1;
1036 else
1037 return 1;
1038 }
1039 else if (*one == '\0' && *two == '\0')
1040 return 0;
1041 else if (*one == '\0')
1042 return -1;
1043 else
1044 return 1;
1045 } while (1 == 1);
1046 }
1047 else if (one == NULL && two != NULL)
1048 return -1;
1049 else if (one != NULL && two == NULL)
1050 return 1;
1051 else
1052 return -7; /* default to not equal */
1053}
1054
[1]1055int sl_strcmp(const char * a, const char * b)
1056{
1057#ifdef SL_FAIL_ON_ERROR
1058 SL_REQUIRE (a != NULL, _("a != NULL"));
1059 SL_REQUIRE (b != NULL, _("b != NULL"));
1060#endif
1061
1062 if (a != NULL && b != NULL)
1063 return (strcmp(a, b));
1064 else if (a == NULL && b != NULL)
1065 return (-1);
1066 else if (a != NULL && b == NULL)
1067 return (1);
1068 else
[169]1069 return (-7); /* default to not equal */
[1]1070}
1071
1072int sl_strncmp(const char * a, const char * b, size_t n)
1073{
1074#ifdef SL_FAIL_ON_ERROR
1075 SL_REQUIRE (a != NULL, _("a != NULL"));
1076 SL_REQUIRE (b != NULL, _("b != NULL"));
1077 SL_REQUIRE (n > 0, _("n > 0"));
1078#endif
1079
1080 if (a != NULL && b != NULL)
1081 return (strncmp(a, b, n));
1082 else if (a == NULL && b != NULL)
1083 return (-1);
1084 else if (a != NULL && b == NULL)
1085 return (1);
1086 else
[169]1087 return (-7); /* default to not equal */
[1]1088}
1089
1090/* string searching
1091 */
1092
[214]1093char * sl_strstr (const char * haystack, const char * needle)
[1]1094{
1095#ifndef HAVE_STRSTR
[203]1096 unsigned int i;
[1]1097 size_t needle_len;
1098 size_t haystack_len;
1099#endif
1100
1101 if (haystack == NULL || needle == NULL)
1102 return NULL;
1103 if (*needle == '\0' || *haystack == '\0')
1104 return NULL;
1105
1106#if defined(HAVE_STRSTR)
1107 return (strstr(haystack, needle));
1108#else
1109 needle_len = strlen(needle);
1110 haystack_len = strlen(haystack);
1111
1112 for (i = 0; i <= (haystack_len-needle_len); ++i)
1113 if (0 == sl_strncmp(&haystack[i], needle, needle_len))
1114 return (needle);
1115 return NULL;
1116#endif
1117}
1118
1119
1120/* ----------------------------------------------------------------
1121 *
1122 * Privilege handling routines
1123 *
1124 * ---------------------------------------------------------------- */
1125
1126
1127
1128static uid_t euid;
1129static uid_t ruid;
1130static uid_t ruid_orig;
1131static gid_t egid;
1132static gid_t rgid;
1133static gid_t rgid_orig;
1134
1135static int uids_are_stored = SL_FALSE;
1136static int suid_is_set = SL_TRUE;
1137
1138#ifdef HAVE_SETRESUID
1139extern int setresuid (uid_t truid, uid_t teuid, uid_t tsuid);
1140extern int setresgid (gid_t trgid, gid_t tegid, gid_t tsgid);
1141#endif
1142
1143
1144/*
1145 * This function returns true if the program is SUID.
1146 * It calls abort() if the uid's are not saved already.
1147 */
1148int sl_is_suid()
1149{
1150 if (uids_are_stored == SL_FALSE)
1151 {
1152 if (getuid() == geteuid() && getgid() == getegid())
1153 return (0); /* FALSE */
1154 else
1155 return (1); /* TRUE */
1156 }
1157 else
1158 {
1159 if (euid == ruid && egid == rgid)
1160 return (0); /* FALSE */
1161 else
1162 return (1); /* TRUE */
1163 }
1164}
1165
1166/*
1167 * This function returns the saved euid.
1168 * It calls abort() if the uid's are not saved already.
1169 */
1170int sl_get_euid(uid_t * ret)
1171{
1172 SL_ENTER(_("sl_get_euid"));
1173 /* SL_REQUIRE(uids_are_stored == SL_TRUE, _("uids_are_stored == SL_TRUE"));*/
1174 if (uids_are_stored == SL_TRUE)
1175 *ret = euid;
1176 else
1177 *ret = geteuid();
1178 SL_IRETURN (SL_ENONE, _("sl_get_euid"));
1179}
1180
1181uid_t sl_ret_euid()
1182{
1183 /* SL_REQUIRE(uids_are_stored == SL_TRUE, _("uids_are_stored == SL_TRUE"));*/
1184 if (uids_are_stored == SL_TRUE)
1185 return (euid);
1186 else
1187 return (geteuid());
1188}
1189
1190/*
1191 * This function returns the saved egid.
1192 * It calls abort() if the uid's are not saved already.
1193 */
1194int sl_get_egid(gid_t * ret)
1195{
1196 SL_ENTER(_("sl_get_egid"));
1197 /* SL_REQUIRE(uids_are_stored == SL_TRUE, _("uids_are_stored == SL_TRUE"));*/
1198 if (uids_are_stored == SL_TRUE)
1199 *ret = egid;
1200 else
1201 *ret = getegid();
1202 SL_IRETURN (SL_ENONE, _("sl_get_egid"));
1203}
1204
1205/*
1206 * This function returns the saved ruid.
1207 * It calls abort() if the uid's are not saved already.
1208 */
1209int sl_get_ruid(uid_t * ret)
1210{
1211 SL_ENTER(_("sl_get_ruid"));
1212 /* SL_REQUIRE(uids_are_stored == SL_TRUE, _("uids_are_stored == SL_TRUE"));*/
1213 if (uids_are_stored == SL_TRUE)
1214 *ret = ruid;
1215 else
1216 *ret = getuid();
1217 SL_IRETURN (SL_ENONE, _("sl_get_ruid"));
1218}
1219
1220/*
1221 * This function returns the saved rgid.
1222 * It calls abort() if the uid's are not saved already.
1223 */
1224int sl_get_rgid(gid_t * ret)
1225{
1226 SL_ENTER(_("sl_get_rgid"));
1227 /* SL_REQUIRE(uids_are_stored == SL_TRUE, _("uids_are_stored == SL_TRUE"));*/
1228 if (uids_are_stored == SL_TRUE)
1229 *ret = rgid;
1230 else
1231 *ret = getgid();
1232 SL_IRETURN (SL_ENONE, _("sl_get_rgid"));
1233}
1234
1235/*
1236 * This function returns the saved original ruid.
1237 * It calls abort() if the uid's are not saved already.
1238 */
1239int sl_get_ruid_orig(uid_t * ret)
1240{
1241 SL_ENTER(_("sl_get_ruid_orig"));
1242 /* SL_REQUIRE(uids_are_stored == SL_TRUE, _("uids_are_stored == SL_TRUE"));*/
1243 if (uids_are_stored == SL_TRUE)
1244 *ret = ruid_orig;
1245 else
1246 *ret = getuid();
1247 SL_IRETURN (SL_ENONE, _("sl_get_ruid_orig"));
1248}
1249
1250/*
1251 * This function returns the saved original rgid.
1252 * It calls abort() if the uid's are not saved already.
1253 */
1254int sl_get_rgid_orig(gid_t * ret)
1255{
1256 SL_ENTER(_("sl_get_rgid_orig"));
1257 /* SL_REQUIRE(uids_are_stored == SL_TRUE, _("uids_are_stored == SL_TRUE"));*/
1258 if (uids_are_stored == SL_TRUE)
1259 *ret = rgid_orig;
1260 else
1261 *ret = getgid();
1262 SL_IRETURN (SL_ENONE, _("sl_get_rgid_orig"));
1263}
1264
1265static int suid_warn_flag = 1;
1266static void suid_warn(int a)
1267{
1268 fprintf(stderr, _("ERROR: open set/unset suid !!! %d\n"), a);
1269 return;
1270}
1271
1272/*
1273 * This function sets the effective uid
1274 * to the saved effective uid.
1275 * It will abort on failure.
1276 */
1277int sl_set_suid ()
1278{
1279 int retval;
1280
1281 SL_ENTER(_("sl_set_suid"));
1282
1283 if (uids_are_stored == SL_FALSE)
1284 {
1285 SL_IRETURN(SL_ENONE, _("sl_set_suid"));
1286 }
1287
1288 SL_REQUIRE(uids_are_stored == SL_TRUE, _("uids_are_stored == SL_TRUE"));
1289
1290 if (ruid == euid && rgid == egid)
1291 {
1292 suid_is_set = SL_TRUE;
1293 SL_IRETURN(SL_ENONE, _("sl_set_suid"));
1294 }
1295 SL_REQUIRE(suid_is_set == SL_FALSE, _("suid_is_set == SL_FALSE"));
1296
1297#if defined(HAVE_SETRESUID)
1298 retval = setresuid (sh_uid_neg, euid, sh_uid_neg);
1299 if (retval == 0)
1300 retval = setresgid (sh_gid_neg, egid, sh_gid_neg);
1301
1302#elif defined(HAVE_SETEUID)
1303 retval = seteuid (egid);
1304 if (retval == 0)
1305 retval = setegid (euid);
1306
1307 /* on AIX, setreuid does not behave well for non-root users.
1308 */
1309#elif defined(HAVE_SETREUID)
1310 retval = setreuid (ruid, euid);
1311 if (retval == 0)
1312 retval = setregid (rgid, egid);
1313
1314#else
1315 retval = setuid (euid);
1316 if (retval == 0)
1317 retval = setgid (egid);
1318#endif
1319 if (suid_warn_flag == 1)
1320 suid_warn(1);
1321 suid_warn_flag = 1;
1322
1323 SL_REQUIRE(retval == 0, _("retval == 0"));
1324 suid_is_set = SL_TRUE;
1325 SL_IRETURN(SL_ENONE, _("sl_set_suid"));
1326}
1327
1328/*
1329 * This function sets the effective uid to the real uid.
1330 * It will abort on failure.
1331 */
1332int sl_unset_suid ()
1333{
1334 register int retval;
1335
1336 SL_ENTER(_("sl_unset_suid"));
1337
1338 if (uids_are_stored == SL_FALSE)
1339 {
1340 SL_IRETURN(SL_ENONE, _("sl_unset_suid"));
1341 }
1342
1343 SL_REQUIRE(uids_are_stored == SL_TRUE, _("uids_are_stored == SL_TRUE"));
1344
1345 if (ruid == euid && rgid == egid)
1346 {
1347 suid_is_set = SL_FALSE;
1348 SL_IRETURN(SL_ENONE, _("sl_unset_suid"));
1349 }
1350 SL_REQUIRE(suid_is_set == SL_TRUE, _("suid_is_set == SL_TRUE"));
1351
1352#if defined(HAVE_SETRESUID)
1353 retval = setresgid (sh_gid_neg, rgid, sh_gid_neg);
1354 if (retval == 0)
1355 retval = setresuid (sh_uid_neg, ruid, sh_uid_neg);
1356
1357#elif defined(HAVE_SETEUID)
1358 retval = setegid (rgid);
1359 if (retval == 0)
1360 retval = seteuid (ruid);
1361
1362#elif defined(HAVE_SETREUID)
1363 retval = setregid (egid, rgid);
1364 if (retval == 0)
1365 retval = setreuid (euid, ruid);
1366
1367#else
1368 retval = setgid (rgid);
1369 if (retval == 0)
1370 retval = setuid (ruid);
1371#endif
1372
1373 if (suid_warn_flag == 0)
1374 suid_warn(0);
1375 suid_warn_flag = 0;
1376
1377 SL_REQUIRE(retval == 0, _("retval == 0"));
1378 suid_is_set = SL_FALSE;
1379 SL_IRETURN(SL_ENONE, _("sl_unset_suid"));
1380}
1381
1382
1383/*
1384 * This function saves the uid's.
1385 */
1386int sl_save_uids()
1387{
1388 SL_ENTER(_("sl_save_uids"));
1389 if (uids_are_stored == SL_TRUE)
1390 SL_IRETURN(SL_EREPEAT, _("sl_save_uids"));
1391
1392 ruid_orig = getuid();
1393 rgid_orig = getgid();
1394 egid = getegid();
1395 euid = geteuid();
1396 ruid = ruid_orig;
1397 rgid = rgid_orig;
1398 uids_are_stored = SL_TRUE;
1399
1400 SL_IRETURN(SL_ENONE, _("sl_save_uids"));
1401}
1402
1403/*
1404 * This function drops SUID privileges irrevocably.
1405 * It set the effective uid to the original real uid.
1406 */
1407extern int sh_unix_initgroups2 (uid_t in_pid, gid_t in_gid);
1408int sl_drop_privileges()
1409{
1410 SL_ENTER(_("sl_drop_privileges"));
1411 SL_REQUIRE(uids_are_stored == SL_TRUE, _("uids_are_stored == SL_TRUE"));
1412
1413 SL_REQUIRE(setgid(rgid_orig) == 0, _("setgid(rgid_orig) == 0"));
1414 SL_REQUIRE(sh_unix_initgroups2(ruid_orig, rgid_orig) == 0, _("sh_unix_initgroups2(ruid_orig,rgid_orig) == 0"));
1415 SL_REQUIRE(setuid(ruid_orig) == 0, _("setuid(ruid_orig) == 0"));
1416
1417 /* make sure that setuid(0) fails
1418 */
1419 SL_REQUIRE(setuid(0) < 0, _("setuid(0) < 0"));
1420
1421 euid = ruid_orig;
1422 egid = rgid_orig;
1423 ruid = ruid_orig;
1424 rgid = rgid_orig;
1425
1426 SL_IRETURN(SL_ENONE, _("sl_drop_privileges"));
1427}
1428
1429/*
1430 * Define a policy: Stay root.
1431 * Do nothing if not SUID.
1432 */
1433int sl_policy_get_root()
1434{
1435 SL_ENTER(_("sl_policy_get_root"));
1436 SL_REQUIRE(uids_are_stored == SL_FALSE, _("uids_are_stored == SL_FALSE"));
1437
1438 SL_REQUIRE (sl_save_uids() == SL_ENONE, _("sl_save_uids() == SL_ENONE"));
1439
1440 if (euid != ruid || egid != rgid)
1441 {
1442 SL_REQUIRE(setgid(egid) == 0, _("setgid(egid) == 0"));
1443 SL_REQUIRE(setuid(euid) == 0, _("setuid(euid) == 0"));
1444 SL_REQUIRE(ruid == getuid() && rgid == getgid(),
1445 _("ruid == getuid() && rgid == getgid()"));
1446 ruid = euid;
1447 rgid = egid;
1448 }
1449 suid_is_set = SL_TRUE;
1450 if (euid == 0)
1451 {
1452 SL_REQUIRE(sh_unix_initgroups2(euid, egid) == 0, _("sh_unix_initgroups2(euid,egid) == 0"));
1453 }
1454 SL_IRETURN(SL_ENONE, _("sl_policy_get_root"));
1455}
1456
1457#include <pwd.h>
1458
1459/*
1460 * Define a policy: Get real (irrevocably).
1461 * This function drops SUID privileges irrevocably.
1462 * Do nothing if not SUID (? not true - drops if root).
1463 */
1464
1465int sl_policy_get_real(char * user)
1466{
1467 SL_ENTER(_("sl_policy_get_real"));
1468 SL_REQUIRE(uids_are_stored == SL_FALSE, _("uids_are_stored == SL_FALSE"));
1469 SL_REQUIRE (sl_save_uids() == SL_ENONE, _("sl_save_uids() == SL_ENONE"));
1470
1471 if (euid == 0 || ruid == 0)
1472 {
[131]1473#if defined(HAVE_PTHREAD) && defined (_POSIX_THREAD_SAFE_FUNCTIONS) && defined(HAVE_GETPWNAM_R)
1474 struct passwd pwd;
[227]1475 char * buffer;
[131]1476 struct passwd * tempres;
[227]1477 buffer = malloc(SH_PWBUF_SIZE);
1478 SL_REQUIRE (buffer != NULL, _("buffer != NULL"));
1479 sh_getpwnam_r(user, &pwd, buffer, SH_PWBUF_SIZE, &tempres);
[131]1480#else
1481 struct passwd * tempres = sh_getpwnam(user);
1482#endif
[1]1483
1484 SL_REQUIRE (NULL != tempres, _("tempres != NULL"));
1485
1486 rgid_orig = tempres->pw_gid;
1487 ruid_orig = tempres->pw_uid;
[227]1488#if defined(HAVE_PTHREAD) && defined (_POSIX_THREAD_SAFE_FUNCTIONS) && defined(HAVE_GETPWNAM_R)
1489 free(buffer);
1490#endif
[1]1491 }
1492 else
1493 {
1494 rgid_orig = rgid;
1495 ruid_orig = ruid;
1496 }
1497
1498 SL_REQUIRE (sl_drop_privileges() == SL_ENONE,
1499 _("sl_drop_privileges() == SL_ENONE"));
1500
1501 suid_is_set = SL_TRUE;
1502 SL_IRETURN(SL_ENONE, _("sl_policy_get_real"));
1503}
1504
1505
1506/*
1507 * Define a policy: Get user.
1508 * Drops privileges.
1509 * Do nothing if not SUID.
1510 */
[170]1511int sl_policy_get_user(const char * user)
[1]1512{
1513 SL_ENTER(_("sl_policy_get_user"));
1514
1515 SL_REQUIRE(user != NULL, _("user != NULL"));
1516 SL_REQUIRE(uids_are_stored == SL_FALSE, _("uids_are_stored == SL_FALSE"));
1517 SL_REQUIRE (sl_save_uids() == SL_ENONE, _("sl_save_uids() == SL_ENONE"));
1518
1519 if (euid != ruid || egid != rgid)
1520 {
[131]1521#if defined(HAVE_PTHREAD) && defined (_POSIX_THREAD_SAFE_FUNCTIONS) && defined(HAVE_GETPWNAM_R)
1522 struct passwd pwd;
[227]1523 char * buffer;
[131]1524 struct passwd * tempres;
[227]1525 buffer = malloc(SH_PWBUF_SIZE);
1526 SL_REQUIRE (buffer != NULL, _("buffer != NULL"));
1527 sh_getpwnam_r(user, &pwd, buffer, SH_PWBUF_SIZE, &tempres);
[131]1528#else
1529 struct passwd * tempres = sh_getpwnam(user);
1530#endif
[1]1531
1532 SL_REQUIRE (NULL != tempres, _("tempres != NULL"));
1533
1534 SL_REQUIRE (sl_drop_privileges() == SL_ENONE,
1535 _("sl_drop_privileges() == SL_ENONE"));
[227]1536#if defined(HAVE_PTHREAD) && defined (_POSIX_THREAD_SAFE_FUNCTIONS) && defined(HAVE_GETPWNAM_R)
1537 free(buffer);
1538#endif
[1]1539 }
1540 SL_IRETURN(SL_ENONE, _("sl_policy_get_user"));
1541}
1542
1543
1544
1545/* ----------------------------------------------------------------
1546 *
1547 * File access routines
1548 *
1549 * ---------------------------------------------------------------- */
1550
1551#define TOFFSET 0x1234
1552
1553/* this would prevent opening files if the first 16 fds are open :( */
1554/* #define MAXFD FOPEN_MAX */
1555
1556#define MAXFD 1024
1557
1558typedef struct openfiles {
[248]1559 SL_TICKET ticket; /* The unique ID. */
1560 int fd; /* The file descriptor. */
1561 char * path; /* The file path. */
1562 int flush; /* Whether we want to flush the cache */
1563 char ofile[SL_OFILE_SIZE]; /* origin file */
1564 int oline; /* origin line */
1565 sh_string * content; /* The file content */
[1]1566} SL_OFILE;
1567
1568static SL_OFILE * ofiles[MAXFD];
1569
[248]1570static char stale_orig_file[64] = { '\0' };
1571static int stale_orig_line = -1;
1572static char stale_orig_mesg[128];
1573
[144]1574SH_MUTEX_STATIC(mutex_ticket, PTHREAD_MUTEX_INITIALIZER);
[1]1575
1576static unsigned int nonce_counter = TOFFSET;
1577
[248]1578char * sl_check_stale()
1579{
1580 if (stale_orig_line == -1)
1581 return NULL;
1582 sl_snprintf(stale_orig_mesg, sizeof(stale_orig_mesg),
1583 _("stale handle, %s, %d"), stale_orig_file, stale_orig_line);
1584 stale_orig_file[0] = '\0';
1585 stale_orig_line = -1;
1586 return stale_orig_mesg;
1587}
1588
[1]1589static
1590SL_TICKET sl_create_ticket (unsigned int myindex)
1591{
1592 unsigned int high; /* index */
1593 unsigned int low; /* nonce */
[144]1594 SL_TICKET retval = SL_EINTERNAL;
[1]1595
1596 SL_ENTER(_("sl_create_ticket"));
1597
[144]1598 if (myindex >= MAXFD)
[243]1599 {
1600 retval = SL_EINTERNAL01;
1601 goto out_ticket;
1602 }
[1]1603
1604 /* mask out the high bit and check that it is not used
1605 * -> verify that it fits into 16 bits as positive
1606 */
1607 high = (myindex + TOFFSET) & 0x7fff;
1608
[243]1609 if (high != myindex + TOFFSET)
1610 {
1611 retval = SL_EINTERNAL02;
1612 goto out_ticket;
1613 }
[1]1614
[144]1615 SH_MUTEX_LOCK_UNSAFE(mutex_ticket);
1616
[1]1617 low = nonce_counter & 0xffff;
1618
1619 /* Overflow -> nonce too big.
1620 */
1621 if ((low != nonce_counter++) || low == 0)
[243]1622 {
1623 retval = SL_EINTERNAL03;
1624 goto out_ticket;
1625 }
[1]1626
1627 /* Wrap around the nonce counter.
1628 * This is a dirty trick.
1629 */
1630 if (nonce_counter > 0x7fff)
1631 nonce_counter = TOFFSET;
1632
[144]1633 retval = (SL_TICKET) ((high << 16) | low);
1634
1635 out_ticket:
1636 ;
1637
1638 SH_MUTEX_UNLOCK_UNSAFE(mutex_ticket);
1639 SL_RETURN (retval, _("sl_create_ticket"));
[1]1640}
1641
1642static
1643int sl_read_ticket (SL_TICKET fno)
1644{
1645 register unsigned myindex;
1646 register SL_OFILE *of;
1647
1648 myindex = ((fno >> 16) & 0xffff) - TOFFSET;
1649 if (myindex >= MAXFD)
1650 return (SL_ETICKET);
1651
1652 if (ofiles[myindex] == NULL)
1653 return (SL_ETICKET);
1654
1655 if (ofiles[myindex]->ticket != fno)
1656 return (SL_ETICKET);
1657
1658 if ((of = ofiles[myindex])->fd < 0 || of->fd >= MAXFD )
[243]1659 return (SL_EINTERNAL04);
[1]1660
1661 if (((of->ticket) & 0xffff) == 0)
[243]1662 return (SL_EINTERNAL05);
[1]1663
1664 return (myindex);
1665}
1666
[248]1667SL_TICKET sl_make_ticket (const char * ofile, int oline,
1668 int fd, const char * filename)
[1]1669{
[22]1670 size_t len;
[1]1671 SL_TICKET ticket;
1672 SL_ENTER(_("sl_make_ticket"));
1673 /* Make entry.
1674 */
1675 if (fd >= MAXFD || fd < 0)
1676 {
1677 SL_IRETURN(SL_TOOMANY, _("sl_make_ticket"));
1678 }
1679
[248]1680 if (ofiles[fd] != NULL) /* stale entry */
[1]1681 {
[248]1682 /* SL_IRETURN(SL_EINTERNAL06, _("sl_make_ticket")); */
1683 sl_strlcpy(stale_orig_file, ofiles[fd]->ofile, sizeof(stale_orig_file));
1684 stale_orig_line = ofiles[fd]->oline;
1685
1686 if (ofiles[fd]->content)
1687 sh_string_destroy(&(ofiles[fd]->content));
1688 (void) free (ofiles[fd]->path);
1689 (void) free (ofiles[fd]);
1690 ofiles[fd] = NULL;
[1]1691 }
1692
1693 if ( (ofiles[fd] = (SL_OFILE *) malloc(sizeof(SL_OFILE))) == NULL)
1694 {
1695 SL_IRETURN(SL_EMEM, _("sl_make_ticket"));
1696 }
1697
[22]1698 len = sl_strlen(filename)+1;
1699
1700 if ( (ofiles[fd]->path = (char *) malloc(len) ) == NULL)
[1]1701 {
[247]1702 free (ofiles[fd]);
[1]1703 ofiles[fd] = NULL;
1704 SL_IRETURN(SL_EMEM, _("sl_make_ticket"));
1705 }
1706
1707 /* Get a ticket.
1708 */
1709 ticket = sl_create_ticket((unsigned int)fd);
1710
1711 if (SL_ISERROR(ticket))
1712 {
1713 (void) free (ofiles[fd]->path);
1714 (void) free (ofiles[fd]);
[247]1715 ofiles[fd] = NULL;
[1]1716 SL_IRETURN(ticket, _("sl_make_ticket"));
1717 }
1718
[22]1719 sl_strlcpy (ofiles[fd]->path, filename, len);
[167]1720 ofiles[fd]->ticket = ticket;
1721 ofiles[fd]->fd = fd;
1722 ofiles[fd]->content = NULL;
[196]1723 ofiles[fd]->flush = SL_FALSE;
[1]1724
[248]1725 sl_strlcpy(ofiles[fd]->ofile, ofile, SL_OFILE_SIZE);
1726 ofiles[fd]->oline = oline;
1727
[1]1728 SL_IRETURN(ticket, _("sl_make_ticket"));
1729}
1730
1731#define SL_OPEN_MIN 113
1732#define SL_OPEN_FOR_READ 113
1733#define SL_OPEN_FOR_WRITE 114
1734#define SL_OPEN_FOR_RDWR 115
1735#define SL_OPEN_FOR_WTRUNC 116
1736#define SL_OPEN_FOR_RWTRUNC 117
1737#define SL_OPEN_SAFE_RDWR 118
1738#define SL_OPEN_FOR_FASTREAD 119
1739#define SL_OPEN_MAX 119
1740
1741#if !defined(O_NOATIME)
1742#if defined(__linux__) && (defined(__i386__) || defined(__PPC__))
1743#define O_NOATIME 01000000
1744#else
1745 /*
1746 * bitwise 'or' with zero does not modify any bit
1747 */
1748#define O_NOATIME 0
1749#endif
1750#endif
1751
1752static int o_noatime = O_NOATIME;
1753static mode_t open_mode = (S_IWUSR|S_IRUSR|S_IRGRP);
1754
1755
1756static
[248]1757int sl_open_file (const char * ofile, int oline,
1758 const char *filename, int mode, int priv)
[1]1759{
1760 struct stat lbuf;
1761 struct stat buf;
[192]1762 int errval = 0;
[1]1763 int lstat_return;
1764 int stat_return;
1765 int fd;
1766 int sflags;
[22]1767 size_t len;
[1]1768 SL_TICKET ticket;
1769
1770#if !defined(O_NONBLOCK)
1771#if defined(O_NDELAY)
1772#define O_NONBLOCK O_NDELAY
1773#else
1774#define O_NONBLOCK 0
1775#endif
1776#endif
1777
1778 SL_ENTER(_("sl_open_file"));
1779
1780 if (filename == NULL)
1781 SL_IRETURN(SL_ENULL, _("sl_open_file"));
1782 if (mode < SL_OPEN_MIN || mode > SL_OPEN_MAX)
[243]1783 SL_IRETURN(SL_EINTERNAL07, _("sl_open_file"));
[1]1784
1785 /* "This system call always succeeds and the previous value of
1786 * the mask is returned."
1787 */
1788 (void) umask (0);
1789
1790 if (mode == SL_OPEN_FOR_FASTREAD)
1791 {
1792 fd = aud_open_noatime (FIL__, __LINE__, priv, filename,
1793 O_RDONLY|O_NONBLOCK, 0, &o_noatime);
[8]1794 /*
[1]1795 if (fd >= 0) {
1796 sflags = retry_fcntl(FIL__, __LINE__, fd, F_GETFL, 0);
1797 retry_fcntl(FIL__, __LINE__, fd, F_SETFL, sflags & ~O_NONBLOCK);
1798 }
[8]1799 */
[1]1800 if (fd < 0)
1801 SL_IRETURN(SL_EBADFILE, _("sl_open_file"));
1802 goto createTicket;
1803 }
1804
1805#ifdef USE_SUID
1806 if (priv == SL_YESPRIV)
1807 sl_set_suid();
1808#endif
1809 if (mode == SL_OPEN_FOR_READ)
1810 lstat_return = retry_stat (FIL__, __LINE__, filename, &lbuf);
1811 else
1812 lstat_return = retry_lstat(FIL__, __LINE__, filename, &lbuf);
[192]1813 errval = errno;
[1]1814#ifdef USE_SUID
1815 if (priv == SL_YESPRIV)
1816 sl_unset_suid();
1817#endif
1818
1819 if (lstat_return == -1)
1820 {
1821 lstat_return = ENOENT;
1822 if ( (mode == SL_OPEN_FOR_READ && lstat_return == ENOENT) ||
[192]1823 (errval != ENOENT))
[1]1824 {
1825 TPT(( 0, FIL__, __LINE__, _("msg=<lstat: %s> errno=<%d>\n"),
[192]1826 filename, errval));
1827 errno = errval;
1828 SL_IRETURN(SL_ESTAT, _("sl_open_file"));
[1]1829 }
1830 }
1831
1832 if ( (mode != SL_OPEN_FOR_READ) && (lstat_return != ENOENT) &&
1833 ( S_ISDIR(lbuf.st_mode) || (S_IWOTH & lbuf.st_mode) )
1834 )
[192]1835 {
1836 int retval = S_ISDIR(lbuf.st_mode) ? SL_EISDIR : SL_EBADOTH;
1837 errno = 0;
1838 SL_IRETURN(retval, _("sl_open_file"));
1839 }
[1]1840
1841 /* O_NOATIME has an effect for read(). But write() ?.
1842 */
1843 switch (mode)
1844 {
1845 case SL_OPEN_FOR_READ:
1846 fd = aud_open_noatime (FIL__, __LINE__, priv, filename,
1847 O_RDONLY|O_NONBLOCK, 0, &o_noatime);
[192]1848 errval = errno;
[1]1849 if (fd >= 0) {
1850 sflags = retry_fcntl(FIL__, __LINE__, fd, F_GETFL, 0);
1851 retry_fcntl(FIL__, __LINE__, fd, F_SETFL, sflags & ~O_NONBLOCK);
1852 }
1853 break;
1854 case SL_OPEN_FOR_WRITE:
1855 if (lstat_return == ENOENT)
1856 fd = aud_open (FIL__, __LINE__, priv, filename,
1857 O_WRONLY|O_CREAT|O_EXCL, open_mode);
1858 else
1859 fd = aud_open (FIL__, __LINE__, priv, filename,
1860 O_WRONLY, open_mode);
[192]1861 errval = errno;
[1]1862 break;
1863 case SL_OPEN_SAFE_RDWR:
1864 if (lstat_return == ENOENT)
[192]1865 {
1866 fd = aud_open (FIL__, __LINE__, priv, filename,
1867 O_RDWR|O_CREAT|O_EXCL, open_mode);
1868 errval = errno;
1869 }
[1]1870 else
[192]1871 {
1872 errno = errval;
1873 SL_IRETURN(SL_EBADFILE, _("sl_open_file"));
1874 }
[1]1875 break;
1876 case SL_OPEN_FOR_RDWR:
1877 if (lstat_return == ENOENT)
[192]1878 fd = aud_open (FIL__, __LINE__, priv, filename,
1879 O_RDWR|O_CREAT|O_EXCL, open_mode);
[1]1880 else
1881 fd = aud_open (FIL__, __LINE__, priv, filename,
1882 O_RDWR, open_mode);
[192]1883 errval = errno;
[1]1884 break;
1885 case SL_OPEN_FOR_WTRUNC:
1886 if (lstat_return == ENOENT)
1887 fd = aud_open (FIL__, __LINE__, priv, filename,
1888 O_WRONLY|O_CREAT|O_EXCL, open_mode);
1889 else
1890 fd = aud_open (FIL__, __LINE__, priv, filename,
1891 O_WRONLY|O_TRUNC, open_mode);
[192]1892 errval = errno;
[1]1893 break;
1894 case SL_OPEN_FOR_RWTRUNC:
1895 if (lstat_return == ENOENT)
1896 fd = aud_open (FIL__, __LINE__, priv, filename,
1897 O_RDWR|O_CREAT|O_EXCL, open_mode);
1898 else
1899 fd = aud_open (FIL__, __LINE__, priv, filename,
1900 O_RDWR|O_TRUNC, open_mode);
[192]1901 errval = errno;
[1]1902 break;
1903 default:
[192]1904 errno = 0;
[243]1905 SL_IRETURN(SL_EINTERNAL08, _("sl_open_file"));
[1]1906 }
1907
1908 if (fd < 0)
1909 {
1910 TPT(( 0, FIL__, __LINE__, _("msg=<Error opening: %s> errno=<%d>\n"),
[192]1911 filename, errval));
1912 errno = errval;
[1]1913 SL_IRETURN(SL_EBADFILE, _("sl_open_file"));
1914 }
1915
1916#ifdef USE_SUID
1917 if (priv == SL_YESPRIV)
1918 sl_set_suid();
1919#endif
1920 stat_return = retry_fstat(FIL__, __LINE__, fd, &buf);
[192]1921 errval = errno;
[1]1922#ifdef USE_SUID
1923 if (priv == SL_YESPRIV)
1924 sl_unset_suid();
1925#endif
1926
1927 if (stat_return < 0)
1928 {
1929 close (fd);
[192]1930 errno = errval;
1931 SL_IRETURN(SL_EFSTAT, _("sl_open_file"));
[1]1932 }
1933
[192]1934 errno = 0;
1935
[1]1936 if (lstat_return != ENOENT && buf.st_ino != lbuf.st_ino)
1937 {
1938 close (fd);
1939 SL_IRETURN(SL_EBOGUS, _("sl_open_file"));
1940 }
1941
1942 createTicket:
1943
1944 /* Make entry.
1945 */
1946 if (fd >= MAXFD)
1947 {
1948 close(fd);
1949 SL_IRETURN(SL_TOOMANY, _("sl_open_file"));
1950 }
1951
[248]1952 if (ofiles[fd] != NULL) /* stale entry */
[1]1953 {
[248]1954 /*
[1]1955 close(fd);
[243]1956 SL_IRETURN(SL_EINTERNAL09, _("sl_open_file"));
[248]1957 */
1958 sl_strlcpy(stale_orig_file, ofiles[fd]->ofile, sizeof(stale_orig_file));
1959 stale_orig_line = ofiles[fd]->oline;
1960
1961 if (ofiles[fd]->content)
1962 sh_string_destroy(&(ofiles[fd]->content));
1963 (void) free (ofiles[fd]->path);
1964 (void) free (ofiles[fd]);
1965 ofiles[fd] = NULL;
[1]1966 }
1967
1968 if ( (ofiles[fd] = (SL_OFILE *) malloc(sizeof(SL_OFILE))) == NULL)
1969 {
1970 close(fd);
1971 SL_IRETURN(SL_EMEM, _("sl_open_file"));
1972 }
1973
[22]1974 len = sl_strlen(filename)+1;
1975
1976 if ( (ofiles[fd]->path = (char *) malloc(len) ) == NULL)
[1]1977 {
[247]1978 free (ofiles[fd]);
[1]1979 ofiles[fd] = NULL;
1980 close(fd);
1981 SL_IRETURN(SL_EMEM, _("sl_open_file"));
1982 }
1983
1984 /* Get a ticket.
1985 */
1986 ticket = sl_create_ticket(fd);
1987
1988 if (SL_ISERROR(ticket))
1989 {
1990 (void) free (ofiles[fd]->path);
1991 (void) free (ofiles[fd]);
[247]1992 ofiles[fd] = NULL;
[1]1993 close(fd);
1994 SL_IRETURN(ticket, _("sl_open_file"));
1995 }
1996
[22]1997 sl_strlcpy (ofiles[fd]->path, filename, len);
[167]1998 ofiles[fd]->ticket = ticket;
1999 ofiles[fd]->fd = fd;
2000 ofiles[fd]->content = NULL;
[196]2001 ofiles[fd]->flush = SL_FALSE;
[1]2002
[248]2003 sl_strlcpy(ofiles[fd]->ofile, ofile, SL_OFILE_SIZE);
2004 ofiles[fd]->oline = oline;
2005
[1]2006 SL_IRETURN(ticket, _("sl_open_file"));
2007}
2008
[196]2009int get_the_fd (SL_TICKET ticket)
2010{
2011 int fd;
2012
2013 if (SL_ISERROR(fd = sl_read_ticket(ticket)))
2014 return (fd);
2015
[248]2016 if (ofiles[fd] == NULL || fd != ofiles[fd]->fd ||
2017 ticket != ofiles[fd]->ticket || fd < 0)
[243]2018 return (SL_EINTERNAL10);
[248]2019
[196]2020 return (fd);
2021}
2022
[1]2023static
[20]2024int check_fname_priv (const char * fname, int priv)
[1]2025{
2026 SL_ENTER(_("check_fname_priv"));
2027 if (fname == NULL)
2028 SL_IRETURN(SL_ENULL, _("check_fname_priv"));
2029 if (priv != SL_YESPRIV && priv != SL_NOPRIV)
[243]2030 SL_IRETURN(SL_EINTERNAL11, _("check_fname_priv"));
[1]2031 SL_IRETURN(SL_ENONE, _("check_fname_priv"));
2032}
2033
[248]2034SL_TICKET sl_open_write (const char * ofile, int oline,
2035 const char * fname, int priv)
[1]2036{
2037 long status;
2038 SL_ENTER(_("sl_open_write"));
2039
2040 if (SL_ENONE != (status = check_fname_priv (fname, priv)))
2041 SL_IRETURN(status, _("sl_open_write"));
2042
[248]2043 status = sl_open_file(ofile, oline, fname, SL_OPEN_FOR_WRITE, priv);
[1]2044 SL_IRETURN(status, _("sl_open_write"));
2045}
2046
[248]2047SL_TICKET sl_open_read (const char * ofile, int oline,
2048 const char * fname, int priv)
[1]2049{
2050 long status;
2051 SL_ENTER(_("sl_open_read"));
2052
2053 if (SL_ENONE != (status = check_fname_priv (fname, priv)))
2054 {
2055 TPT(( 0, FIL__, __LINE__,
2056 _("msg=<Error in check_fname_priv.> status=<%ld>\n"),
2057 status));
2058 SL_IRETURN(status, _("sl_open_read"));
2059 }
2060
[248]2061 status = sl_open_file(ofile, oline, fname, SL_OPEN_FOR_READ, priv);
[1]2062 SL_IRETURN(status, _("sl_open_read"));
2063}
2064
[196]2065#if defined(HAVE_POSIX_FADVISE) && defined(HAVE_MINCORE) && defined(POSIX_FADV_DONTNEED)
2066static int sl_check_mincore(int fd)
2067{
2068 /* Idea from Tobias Oetiker (http://insights.oetiker.ch/linux/fadvise.html)
2069 */
2070 struct stat fbuf;
2071 int retval = -1;
2072
2073 if (0 == fstat(fd, &fbuf))
2074 {
2075 void *f_map;
2076
2077 f_map = mmap((void *)0, fbuf.st_size, PROT_NONE, MAP_SHARED, fd, 0);
2078 if (MAP_FAILED != f_map)
2079 {
2080 extern int sh_unix_pagesize(void);
2081 size_t i;
2082 size_t page_size = sh_unix_pagesize();
2083 size_t vec_size = (fbuf.st_size+page_size-1)/page_size;
2084 unsigned char * vec = calloc(1, vec_size);
2085
2086 if (vec)
2087 {
2088 mincore(f_map, fbuf.st_size, vec);
[237]2089 /* imax = fbuf.st_size/page_size; */
[196]2090 for (i = 0; i <= vec_size; ++i)
2091 {
2092 if (vec[i]&1)
2093 {
2094 goto incore;
2095 }
2096 }
2097 retval = 0;
2098 incore:
2099 free(vec);
2100 }
2101 munmap(f_map, fbuf.st_size);
2102 }
2103 }
2104 return retval;
2105}
2106#endif
2107
2108static int sl_drop_cache = SL_FALSE;
2109
2110int sl_set_drop_cache(const char * str)
2111{
2112 extern int sh_util_flagval(const char * c, int * fval);
2113 return sh_util_flagval(str, &sl_drop_cache);
2114}
2115
[248]2116SL_TICKET sl_open_fastread (const char * ofile, int oline,
2117 const char * fname, int priv)
[1]2118{
2119 long status;
2120 SL_ENTER(_("sl_open_fastread"));
2121
2122 if (SL_ENONE != (status = check_fname_priv (fname, priv)))
2123 SL_IRETURN(status, _("sl_open_read"));
2124
[248]2125 status = sl_open_file(ofile, oline, fname, SL_OPEN_FOR_FASTREAD, priv);
[196]2126
2127#if defined(HAVE_POSIX_FADVISE) && defined(HAVE_MINCORE) && defined(POSIX_FADV_DONTNEED)
2128
2129 if (SL_FALSE != sl_drop_cache && !SL_ISERROR(status))
2130 {
2131 int fd = get_the_fd(status);
2132 if (fd >= 0)
2133 {
2134 if (0 == sl_check_mincore(fd))
2135 ofiles[fd]->flush = SL_TRUE;
2136 }
2137 }
2138
2139#endif
2140
[1]2141 SL_IRETURN(status, _("sl_open_fastread"));
2142}
2143
[248]2144SL_TICKET sl_open_rdwr (const char * ofile, int oline,
2145 const char * fname, int priv)
[1]2146{
2147 long status;
2148 SL_ENTER(_("sl_open_rdwr"));
2149
2150 if (SL_ENONE != (status = check_fname_priv (fname, priv)))
2151 SL_IRETURN(status, _("sl_open_rdwr"));
2152
[248]2153 status = sl_open_file(ofile, oline, fname, SL_OPEN_FOR_RDWR, priv);
[1]2154 SL_IRETURN(status, _("sl_open_rdwr"));
2155}
2156
[248]2157SL_TICKET sl_open_safe_rdwr (const char * ofile, int oline,
2158 const char * fname, int priv)
[1]2159{
2160 long status;
2161 SL_ENTER(_("sl_open_safe_rdwr"));
2162
2163 if (SL_ENONE != (status = check_fname_priv (fname, priv)))
2164 SL_IRETURN(status, _("sl_open_safe_rdwr"));
2165
[248]2166 status = sl_open_file(ofile, oline, fname, SL_OPEN_SAFE_RDWR, priv);
[1]2167 SL_IRETURN(status, _("sl_open_safe_rdwr"));
2168}
2169
[248]2170SL_TICKET sl_open_write_trunc (const char * ofile, int oline,
2171 const char * fname, int priv)
[1]2172{
2173 long status;
2174 SL_ENTER(_("sl_open_write_trunc"));
2175
2176 if (SL_ENONE != (status = check_fname_priv (fname, priv)))
2177 SL_IRETURN(status, _("sl_open_write_trunc"));
2178
[248]2179 status = sl_open_file(ofile, oline, fname, SL_OPEN_FOR_WTRUNC, priv);
[1]2180 SL_IRETURN(status, _("sl_open_write_trunc"));
2181}
2182
[248]2183SL_TICKET sl_open_rdwr_trunc (const char * ofile, int oline,
2184 const char * fname, int priv)
[1]2185{
2186 long status;
2187 SL_ENTER(_("sl_open_rdwr_trunc"));
2188
2189 if (SL_ENONE != (status = check_fname_priv (fname, priv)))
2190 SL_IRETURN(status, _("sl_open_rdwr_trunc"));
2191
[248]2192 status = sl_open_file(ofile, oline, fname, SL_OPEN_FOR_RWTRUNC, priv);
[1]2193 SL_IRETURN(status, _("sl_open_rdwr_trunc"));
2194}
2195
2196
[167]2197int sl_init_content (SL_TICKET ticket, size_t size)
2198{
2199 int fd;
2200
2201 if (SL_ISERROR(fd = sl_read_ticket(ticket)))
2202 return (fd);
2203
[248]2204 if (ofiles[fd] == NULL || fd != ofiles[fd]->fd ||
2205 ticket != ofiles[fd]->ticket || fd < 0)
[243]2206 return (SL_EINTERNAL12);
[167]2207
2208 if (ofiles[fd]->content)
2209 sh_string_destroy(&(ofiles[fd]->content));
2210 ofiles[fd]->content = sh_string_new(size);
2211
2212 return SL_ENONE;
2213}
2214
2215sh_string * sl_get_content (SL_TICKET ticket)
2216{
2217 int fd;
2218
2219 if (SL_ISERROR(fd = sl_read_ticket(ticket)))
2220 return (NULL);
2221
[248]2222 if (ofiles[fd] == NULL || fd != ofiles[fd]->fd ||
2223 ticket != ofiles[fd]->ticket || fd < 0)
[167]2224 return (NULL);
2225
2226 return (ofiles[fd]->content);
2227}
2228
[212]2229int sl_lock (SL_TICKET ticket)
2230{
2231 int fd;
2232 struct flock lock;
2233 int retval;
2234
2235 SL_ENTER(_("sl_lock"));
2236
2237 if (SL_ISERROR(fd = get_the_fd (ticket)))
2238 SL_IRETURN(fd, _("sl_lock"));
2239
2240 lock.l_type = F_WRLCK;
2241 lock.l_whence = SEEK_SET;
2242 lock.l_start = 0;
2243 lock.l_len = 0;
2244
2245 /* F_SETLK returns if the lock cannot be obtained */
2246 do {
2247 retval = fcntl(fd, F_SETLK, &lock);
2248 } while (retval < 0 && errno == EINTR);
2249
2250 if (retval < 0 && errno == EBADF)
2251 SL_IRETURN(SL_ETICKET, _("sl_lock"));
2252 else if (retval < 0)
2253 SL_IRETURN(SL_EBADFILE, _("sl_lock"));
2254 else
2255 SL_IRETURN(SL_ENONE, _("sl_lock"));
2256 }
2257
[1]2258int sl_close (SL_TICKET ticket)
2259{
2260 register int fd;
2261
2262 SL_ENTER(_("sl_close"));
2263
2264 if (SL_ISERROR(fd = get_the_fd (ticket)))
2265 SL_IRETURN(fd, _("sl_close"));
2266
[247]2267 if (ofiles[fd] != NULL)
2268 {
[196]2269#if defined(HAVE_POSIX_FADVISE) && defined(HAVE_MINCORE) && defined(POSIX_FADV_DONTNEED)
[247]2270 if (ofiles[fd]->flush == SL_TRUE)
2271 {
2272 posix_fadvise(fd, 0, 0, POSIX_FADV_DONTNEED);
2273 }
2274#endif
2275 if (ofiles[fd]->content)
2276 sh_string_destroy(&(ofiles[fd]->content));
2277 (void) free (ofiles[fd]->path);
2278 (void) free (ofiles[fd]);
2279 ofiles[fd] = NULL;
[196]2280 }
2281
[1]2282 /* This may fail, but what to do then ?
2283 */
[247]2284 if (0 != close(fd))
[1]2285 {
2286 TPT((0, FIL__, __LINE__,
[247]2287 _("msg=<Error closing file.>, fd=<%d>, err=<%s>\n"),
2288 fd, strerror(errno)));
[1]2289 }
2290
2291 SL_IRETURN(SL_ENONE, _("sl_close"));
2292}
2293
2294int sl_dropall(int fd, int except)
2295{
2296 while (fd < MAXFD)
2297 {
2298 if (ofiles[fd] != NULL && fd != except)
2299 {
[167]2300 if (ofiles[fd]->content)
2301 sh_string_destroy(&(ofiles[fd]->content));
[1]2302 if (ofiles[fd]->path != NULL)
[247]2303 (void) free (ofiles[fd]->path);
2304 (void) free (ofiles[fd]);
[1]2305 ofiles[fd] = NULL;
2306 }
2307 ++fd;
2308 }
2309 return 0;
2310}
2311
[174]2312int sl_dropall_dirty(int fd, int except)
2313{
2314 while (fd < MAXFD)
2315 {
2316 if (ofiles[fd] != NULL && fd != except)
2317 {
2318 ofiles[fd] = NULL;
2319 }
2320 ++fd;
2321 }
2322 return 0;
2323}
[1]2324
[174]2325
[1]2326int sl_unlink (SL_TICKET ticket)
2327{
2328 register int fd;
2329
2330 SL_ENTER(_("sl_unlink"));
2331
2332 if (SL_ISERROR(fd = get_the_fd(ticket)))
2333 SL_IRETURN(fd, _("sl_unlink"));
2334
2335 if (retry_aud_unlink(FIL__, __LINE__, ofiles[fd]->path) < 0)
2336 SL_IRETURN(SL_EUNLINK, _("sl_unlink"));
2337
2338 SL_IRETURN(SL_ENONE, _("sl_unlink"));
2339}
2340
2341
2342int sl_seek (SL_TICKET ticket, off_t off_data)
2343{
2344 register int fd;
2345
2346 SL_ENTER(_("sl_seek"));
2347
2348 if (SL_ISERROR(fd = get_the_fd(ticket)))
2349 SL_IRETURN(fd, _("sl_seek"));
2350
2351 if (lseek(fd, off_data, SEEK_SET) == (off_t)-1)
2352 SL_IRETURN(SL_EREWIND, _("sl_seek"));
2353
2354 SL_IRETURN(SL_ENONE, _("sl_seek"));
2355}
2356
2357int sl_rewind (SL_TICKET ticket)
2358{
2359 register int fd;
2360
2361 SL_ENTER(_("sl_rewind"));
2362
2363 if (SL_ISERROR(fd = get_the_fd(ticket)))
2364 SL_IRETURN(fd, _("sl_rewind"));
2365
2366 if (lseek (fd, 0L, SEEK_SET) == (off_t)-1)
2367 SL_IRETURN(SL_EREWIND, _("sl_rewind"));
2368
2369 SL_IRETURN(SL_ENONE, _("sl_rewind"));
2370}
2371
2372int sl_forward (SL_TICKET ticket)
2373{
2374 register int fd;
2375
2376 SL_ENTER(_("sl_forward"));
2377
2378 if (SL_ISERROR(fd = get_the_fd(ticket)))
2379 SL_IRETURN(fd, _("sl_forward"));
2380
2381 if (lseek (fd, 0L, SEEK_END) == (off_t)-1)
2382 SL_IRETURN(SL_EFORWARD, _("sl_forward"));
2383
2384 SL_IRETURN(SL_ENONE, _("sl_forward"));
2385}
2386
2387
2388int sl_sync (SL_TICKET ticket)
2389{
2390 register int fd;
2391
2392 SL_ENTER(_("sl_sync"));
2393
2394 if (SL_ISERROR(fd = get_the_fd(ticket)))
2395 SL_IRETURN(fd, _("sl_sync"));
2396
2397 if (fsync (fd) == -1)
2398 SL_IRETURN(SL_ESYNC, _("sl_sync"));
2399
2400 SL_IRETURN(SL_ENONE, _("sl_sync"));
2401}
2402
[8]2403int sl_read_timeout_prep (SL_TICKET ticket)
2404{
2405 int fd;
2406 int sflags;
[1]2407
[8]2408 SL_ENTER(_("sl_read_timeout_prep"));
2409
2410 if (SL_ISERROR(fd = get_the_fd(ticket)))
2411 {
2412 TPT(( 0, FIL__, __LINE__, _("msg=<ticket error> errno=<%d>"), fd));
2413 SL_IRETURN(fd, _("sl_read_timeout_prep"));
2414 }
2415
2416 /* set to non-blocking mode
2417 */
2418 sflags = retry_fcntl(FIL__, __LINE__, fd, F_GETFL, 0);
2419 retry_fcntl(FIL__, __LINE__, fd, F_SETFL, sflags | O_NONBLOCK);
2420
2421 SL_IRETURN(SL_ENONE, _("sl_read_timeout_prep"));
2422}
2423
[131]2424
2425int sl_read_timeout_fd (int fd, void * buf_in, size_t count,
2426 int timeout, int is_nonblocking)
[1]2427{
[137]2428 int sflags = 0;
[1]2429 fd_set readfds;
2430 struct timeval tv;
[8]2431 /* int sflags; */
[1]2432 int retval;
[192]2433 int error;
[1]2434
2435 int byteread = 0;
2436 int bytes = 0;
2437 char * buf;
2438
2439 time_t tnow;
2440 time_t tstart;
2441 time_t tdiff;
2442 extern volatile int sig_termfast;
2443
[131]2444 if (is_nonblocking == SL_FALSE)
[1]2445 {
[131]2446 /* set to non-blocking mode
2447 */
2448 sflags = retry_fcntl(FIL__, __LINE__, fd, F_GETFL, 0);
2449 retry_fcntl(FIL__, __LINE__, fd, F_SETFL, sflags | O_NONBLOCK);
[1]2450 }
2451
2452 buf = (char *) buf_in;
2453
2454 tstart = time(NULL);
2455 tdiff = 0;
2456
2457 while (count > 0)
2458 {
2459 FD_ZERO(&readfds);
2460 FD_SET(fd, &readfds);
2461
2462 tv.tv_sec = timeout - tdiff;
2463 tv.tv_usec = 0;
2464
2465 retval = select (fd+1, &readfds, NULL, NULL, &tv);
2466
2467 if (retval > 0)
2468 {
2469 byteread = read (fd, buf, count);
[8]2470
2471 if (byteread > 0)
[1]2472 {
2473 bytes += byteread; count -= byteread;
2474 buf += byteread;
2475 if (count == 0)
2476 break;
2477 }
2478 else if (byteread == 0)
2479 {
2480 break;
2481 }
2482 else
2483 {
2484 if (errno == EINTR || errno == EAGAIN)
2485 {
2486 retry_msleep(1, 0);
2487 tnow = time(NULL);
2488 tdiff = tnow - tstart;
2489 continue;
2490 }
2491 else
2492 {
[192]2493 error = errno;
[131]2494 if (is_nonblocking == SL_FALSE)
2495 retry_fcntl(FIL__, __LINE__, fd, F_SETFL, sflags);
[169]2496 TPT(( 0, FIL__, __LINE__, _("msg=<read error>")));
[192]2497 errno = error;
[1]2498 return (SL_EREAD);
2499 }
2500 }
2501 }
2502 else if ((retval == -1) && (errno == EINTR || errno == EAGAIN))
2503 {
2504 retry_msleep(1, 0);
2505 tnow = time(NULL);
2506 tdiff = tnow - tstart;
2507 continue;
2508 }
2509 else if (retval == 0)
2510 {
[131]2511 if (is_nonblocking == SL_FALSE)
2512 retry_fcntl(FIL__, __LINE__, fd, F_SETFL, sflags);
[169]2513 TPT(( 0, FIL__, __LINE__, _("msg=<timeout>")));
[192]2514 errno = 0;
[1]2515 return (SL_TIMEOUT);
2516 }
2517 else
2518 {
[192]2519 error = errno;
[131]2520 if (is_nonblocking == SL_FALSE)
2521 retry_fcntl(FIL__, __LINE__, fd, F_SETFL, sflags);
[169]2522 TPT(( 0, FIL__, __LINE__, _("msg=<timeout>")));
[192]2523 errno = error;
[1]2524 return (SL_EREAD);
2525 }
[8]2526
2527 if (sig_termfast == 1)
2528 {
[131]2529 if (is_nonblocking == SL_FALSE)
2530 retry_fcntl(FIL__, __LINE__, fd, F_SETFL, sflags);
[169]2531 TPT(( 0, FIL__, __LINE__, _("msg=<terminated>")));
[192]2532 errno = 0;
[8]2533 return (SL_EREAD);
2534 }
2535
[1]2536 tnow = time(NULL);
2537 tdiff = tnow - tstart;
[8]2538
2539 if (tdiff > timeout)
2540 {
[131]2541 if (is_nonblocking == SL_FALSE)
2542 retry_fcntl(FIL__, __LINE__, fd, F_SETFL, sflags);
[169]2543 TPT(( 0, FIL__, __LINE__, _("msg=<timeout>")));
[192]2544 errno = 0;
[8]2545 return (SL_TIMEOUT);
2546 }
[1]2547 }
2548
[131]2549 if (is_nonblocking == SL_FALSE)
2550 retry_fcntl(FIL__, __LINE__, fd, F_SETFL, sflags);
[1]2551 return ((int) bytes);
2552}
2553
[131]2554int sl_read_timeout (SL_TICKET ticket, void * buf_in, size_t count,
2555 int timeout, int is_nonblocking)
2556{
[169]2557 int fd, retval;
[131]2558
[169]2559 SL_ENTER(_("sl_read_timeout"));
2560
[131]2561 if (buf_in == NULL || SL_ISERROR(fd = get_the_fd(ticket)))
2562 {
2563 if (buf_in == NULL)
2564 {
2565 TPT(( 0, FIL__, __LINE__, _("msg=<null buffer>")));
[169]2566 SL_IRETURN((SL_ENULL), _("sl_read_timeout"));
[131]2567 }
2568 if (SL_ISERROR(fd = get_the_fd(ticket)))
2569 {
2570 TPT(( 0, FIL__, __LINE__, _("msg=<ticket error> errno=<%d>"), fd));
[169]2571 SL_IRETURN((fd), _("sl_read_timeout"));
[131]2572 }
2573 }
[1]2574
[169]2575 retval = sl_read_timeout_fd (fd, buf_in, count, timeout, is_nonblocking);
2576 SL_IRETURN((retval), _("sl_read_timeout"));
[131]2577}
2578
2579
[1]2580int sl_read (SL_TICKET ticket, void * buf_in, size_t count)
2581{
2582 int fd;
2583 int byteread = 0;
2584 int bytes = 0;
2585
2586 char * buf;
2587
[169]2588 SL_ENTER(_("sl_read"));
2589
[1]2590 if (count < 1)
2591 {
2592 TPT(( 0, FIL__, __LINE__, _("msg=<range error>")));
[169]2593 SL_IRETURN((SL_ERANGE), _("sl_read"));
[1]2594 }
2595 if (buf_in == NULL)
2596 {
2597 TPT(( 0, FIL__, __LINE__, _("msg=<null buffer>")));
[169]2598 SL_IRETURN((SL_ENULL), _("sl_read"));
[1]2599 }
2600
2601 if (SL_ISERROR(fd = get_the_fd(ticket)))
2602 {
2603 TPT(( 0, FIL__, __LINE__, _("msg=<ticket error> errno=<%d>"), fd));
[169]2604 SL_IRETURN((fd), _("sl_read"));
[1]2605 }
2606
2607 buf = (char *) buf_in;
2608
2609 do
2610 {
2611 byteread = read (fd, buf, count);
2612 if (byteread > 0)
2613 {
2614 bytes += byteread; count -= byteread;
2615 buf += byteread;
2616 }
2617 } while ( byteread > 0 ||
[5]2618 ( byteread == -1 && (errno == EINTR || errno == EAGAIN))
[1]2619 );
2620
2621
2622 if (byteread == (-1))
2623 {
2624 TPT(( 0, FIL__, __LINE__, _("msg=<read error> errno=<%d>\n"), errno));
[169]2625 SL_IRETURN((SL_EREAD), _("sl_read"));
[1]2626 }
[169]2627 SL_IRETURN((bytes), _("sl_read"));
[1]2628}
2629
2630int sl_read_fast (SL_TICKET ticket, void * buf_in, size_t count)
2631{
2632 int fd;
2633 int byteread = 0;
2634
2635 char * buf;
2636
[169]2637 SL_ENTER(_("sl_read_fast"));
2638
[1]2639 if (count < 1)
2640 {
2641 TPT(( 0, FIL__, __LINE__, _("msg=<range error>")));
[169]2642 SL_IRETURN((SL_ERANGE), _("sl_read_fast"));
[1]2643 }
2644 if (buf_in == NULL)
2645 {
2646 TPT(( 0, FIL__, __LINE__, _("msg=<null buffer>")));
[169]2647 SL_IRETURN((SL_ENULL), _("sl_read_fast"));
[1]2648 }
2649
2650 if (SL_ISERROR(fd = get_the_fd(ticket)))
2651 {
2652 TPT(( 0, FIL__, __LINE__, _("msg=<ticket error> errno=<%d>"), fd));
[169]2653 SL_IRETURN((fd), _("sl_read_fast"));
[1]2654 }
2655
2656 buf = (char *) buf_in;
2657
2658 do
2659 {
2660 byteread = read (fd, buf, count);
2661 if (byteread >= 0)
2662 {
[169]2663 SL_IRETURN((byteread), _("sl_read_fast"));
[1]2664 }
[5]2665 } while ( byteread == -1 && (errno == EINTR || errno == EAGAIN));
[1]2666
2667
2668 if (byteread == (-1))
2669 {
2670 TPT(( 0, FIL__, __LINE__, _("msg=<read error> errno=<%d>\n"), errno));
[169]2671 SL_IRETURN((SL_EREAD), _("sl_read_fast"));
[1]2672 }
[169]2673 SL_IRETURN((0), _("sl_read_fast"));
[1]2674}
2675
2676
[170]2677int sl_write (SL_TICKET ticket, const void * msg_in, long nbytes)
[1]2678{
2679 long bytewritten;
2680 long bytecount;
2681 int fd;
2682
[170]2683 const char * msg;
[1]2684
2685 SL_ENTER(_("sl_write"));
2686
2687 if (nbytes < 1)
2688 SL_IRETURN(SL_ERANGE, _("sl_write"));
2689 if (msg_in == NULL)
2690 SL_IRETURN(SL_ENULL, _("sl_write"));
2691 if (SL_ISERROR(fd = get_the_fd(ticket)))
2692 SL_IRETURN(fd, _("sl_write"));
2693
[170]2694 msg = (const char *) msg_in;
[1]2695
2696 /* write
2697 */
2698 bytecount = 0;
2699 bytewritten = 0;
2700 while (bytecount < nbytes)
2701 {
2702 if ((bytewritten = write (fd, msg, nbytes-bytecount)) > 0)
2703 {
2704 bytecount += bytewritten;
2705 msg += bytewritten; /* move buffer pointer forward */
2706 }
2707 else if (bytewritten <= 0)
2708 {
2709 if ( errno == EINTR || errno == EAGAIN) /* try again */
2710 continue;
2711 else
2712 SL_IRETURN(SL_EWRITE, _("sl_write"));
2713 }
2714 }
2715 SL_IRETURN(SL_ENONE, _("sl_write"));
2716}
2717
[170]2718int sl_write_line (SL_TICKET ticket, const void * msg, long nbytes)
[1]2719{
2720 int status;
2721
2722 SL_ENTER(_("sl_write_line"));
2723
2724 status = sl_write(ticket, msg, nbytes);
2725 if (!SL_ISERROR(status))
2726 status = sl_write(ticket, "\n", 1);
2727
2728 SL_IRETURN(status, _("sl_write_line"));
2729}
2730
[76]2731int sl_write_line_fast (SL_TICKET ticket, void * msg, long nbytes)
2732{
2733 int status;
2734 char * p = (char *) msg;
[1]2735
[76]2736 SL_ENTER(_("sl_write_line_fast"));
2737
2738 /* Here nbytes is strlen(msg), so p[nbytes] is the terminating '\0'
2739 * Overwrite the terminator, write out, then write back the terminator.
2740 */
2741 p[nbytes] = '\n';
2742 status = sl_write(ticket, msg, nbytes+1);
2743 p[nbytes] = '\0';
2744
2745 SL_IRETURN(status, _("sl_write_line_fast"));
2746}
2747
2748
[1]2749/* ----------------------------------------------------------------
2750 *
2751 * Trustfile interface
2752 *
2753 * ---------------------------------------------------------------- */
2754
2755extern uid_t rootonly[];
2756extern int EUIDSLOT;
2757extern int ORIG_EUIDSLOT;
2758
2759extern char tf_path[MAXFILENAME]; /* Error path for trust function. */
2760extern uid_t tf_euid; /* Space for EUID of process. */
2761
2762char * sl_error_string(int errorcode)
2763{
[192]2764
[1]2765 switch (errorcode)
2766 {
2767 case SL_EBOGUS:
[214]2768 return _("Bogus file, modified during access");
[1]2769 case SL_EWRITE:
[200]2770 return _("Write error");
[1]2771 case SL_EREAD:
[200]2772 return _("Read error");
[1]2773 case SL_ESYNC:
[200]2774 return _("Error in fsync()");
[1]2775 case SL_EFORWARD:
[200]2776 return _("Error in lseek()");
[1]2777 case SL_EREWIND:
[200]2778 return _("Error in lseek()");
[1]2779 case SL_EUNLINK:
[200]2780 return _("Error in unlink()");
[1]2781 case SL_EMEM:
[200]2782 return _("Out of memory");
[1]2783 case SL_EINTERNAL:
[200]2784 return _("Internal error");
[243]2785 case SL_EINTERNAL01:
2786 return _("Internal error 01");
2787 case SL_EINTERNAL02:
2788 return _("Internal error 02");
2789 case SL_EINTERNAL03:
2790 return _("Internal error 03");
2791 case SL_EINTERNAL04:
2792 return _("Internal error 04");
2793 case SL_EINTERNAL05:
2794 return _("Internal error 05");
2795 case SL_EINTERNAL06:
2796 return _("Internal error 06");
2797 case SL_EINTERNAL07:
2798 return _("Internal error 07");
2799 case SL_EINTERNAL08:
2800 return _("Internal error 08");
2801 case SL_EINTERNAL09:
2802 return _("Internal error 09");
2803 case SL_EINTERNAL10:
2804 return _("Internal error 10");
2805 case SL_EINTERNAL11:
2806 return _("Internal error 11");
2807 case SL_EINTERNAL12:
2808 return _("Internal error 12");
[1]2809 case SL_ETICKET:
[200]2810 return _("Bad ticket");
[1]2811 case SL_EREPEAT:
[200]2812 return _("Illegal repeated use of function");
[1]2813 case SL_ERANGE:
[200]2814 return _("Argument out of range");
[1]2815 case SL_ENULL:
[200]2816 return _("Dereferenced NULL pointer");
[1]2817
2818 case SL_EBADUID:
[200]2819 return _("Owner not trustworthy");
[1]2820 case SL_EBADGID:
[200]2821 return _("Group writeable and member not trustworthy");
[1]2822 case SL_EBADOTH:
[200]2823 return _("World writeable");
[192]2824 case SL_EISDIR:
[200]2825 return _("Is a directory");
[1]2826 case SL_EBADFILE:
[200]2827 return _("File access error");
[1]2828 case SL_EBADNAME:
[200]2829 return _("Invalid filename (prob. too long or null)");
[1]2830
2831 case SL_ETRUNC:
[200]2832 return _("Truncation occured");
[1]2833 case SL_ESTAT:
[200]2834 return _("stat() failed");
[192]2835 case SL_EFSTAT:
[200]2836 return _("fstat() failed");
[1]2837 default:
[200]2838 return _("Unknown error");
[1]2839 }
2840}
2841
2842
2843
[170]2844char * sl_trust_errfile(void)
[1]2845{
2846 return &tf_path[0];
2847}
2848
2849extern uid_t tf_baduid;
[170]2850uid_t sl_trust_baduid(void)
[1]2851{
2852 return tf_baduid;
2853}
2854
2855extern gid_t tf_badgid;
[170]2856gid_t sl_trust_badgid(void)
[1]2857{
2858 return tf_badgid;
2859}
2860
2861
2862static int trust_count = 0;
2863
[170]2864int sl_trust_purge_user (void)
[1]2865{
2866 int i;
2867
2868 EUIDSLOT = ORIG_EUIDSLOT;
2869 trust_count = 0;
2870
2871 for (i = EUIDSLOT; i < (EUIDSLOT + 15); ++i)
2872 rootonly[i] = sh_uid_neg;
2873 return 0;
2874}
2875
2876int sl_trust_add_user (uid_t pwid)
2877{
2878 SL_ENTER(_("sl_trust_add_user"));
2879
2880 if (trust_count == 15)
2881 SL_IRETURN(SL_ERANGE, _("sl_trust_add_user"));
2882
2883 rootonly[EUIDSLOT] = pwid;
2884 ++EUIDSLOT;
2885 ++trust_count;
2886
2887 SL_IRETURN(SL_ENONE, _("sl_trust_add_user"));
2888}
2889
[76]2890#include "sh_mem.h"
2891extern char * sh_util_strdup (const char * str);
2892
2893struct sl_trustfile_store {
2894 char * filename;
2895 uid_t teuid;
2896 struct sl_trustfile_store * next;
2897};
2898
2899static struct sl_trustfile_store * sl_trusted_files = NULL;
2900
[183]2901static void sl_add_trusted_file(const char * filename, uid_t teuid)
[76]2902{
2903 struct sl_trustfile_store *new = SH_ALLOC(sizeof(struct sl_trustfile_store));
2904
2905 new->filename = sh_util_strdup (filename);
2906 new->teuid = teuid;
2907 new->next = sl_trusted_files;
2908
2909 sl_trusted_files = new;
2910 return;
2911}
2912
[183]2913static const char * sl_check_trusted_file(const char * filename, uid_t teuid)
[76]2914{
2915 struct sl_trustfile_store *new = sl_trusted_files;
2916
2917 while (new)
2918 {
2919 if ((new->teuid == teuid) && (0 == strcmp(new->filename, filename)))
2920 return filename;
2921 new = new->next;
2922 }
2923
2924 return NULL;
2925}
2926
[183]2927static void sl_clear_trusted_file(struct sl_trustfile_store * file)
[76]2928{
2929 if (file)
2930 {
2931 if (file->next != NULL)
2932 sl_clear_trusted_file(file->next);
2933 SH_FREE(file->filename);
2934 SH_FREE(file);
2935 }
2936 return;
2937}
2938
[183]2939int sl_trustfile_euid(const char * filename, uid_t teuid)
[1]2940{
[76]2941 long status;
2942 static time_t old = 0;
2943 static time_t now;
2944
[1]2945 SL_ENTER(_("sl_trustfile_euid"));
2946
2947 tf_path[0] = '\0';
2948 if (filename == NULL || filename[0] == '\0')
2949 SL_IRETURN(SL_EBADNAME, _("sl_trustfile_euid"));
2950
[76]2951 now = time(NULL);
2952 if (now < (old + 300))
2953 {
2954 if (NULL != sl_check_trusted_file(filename, teuid))
2955 {
2956 sl_strlcpy(tf_path, filename, sizeof(tf_path));
2957 SL_IRETURN(SL_ENONE, _("sl_trustfile_euid"));
2958 }
2959 }
2960 else
2961 {
2962 sl_clear_trusted_file(sl_trusted_files);
2963 sl_trusted_files = NULL;
2964 old = now;
2965 }
2966
[1]2967 tf_euid = teuid;
2968 status = sl_trustfile(filename, NULL, NULL);
[76]2969 if (status == SL_ENONE)
2970 sl_add_trusted_file(filename, teuid);
[1]2971 SL_IRETURN(status, _("sl_trustfile_euid"));
2972}
2973
[20]2974/* ----------------------------------------------------------------
2975 *
2976 * Overflow tests
2977 *
2978 * ---------------------------------------------------------------- */
[1]2979
[34]2980#ifndef SIZE_MAX
2981#define SIZE_MAX (4294967295U)
2982#endif
2983
[20]2984int sl_ok_muli (int a, int b) /* a*b */
2985{
[34]2986 if ((b == 0) || (a >= (INT_MIN / b) && a <= (INT_MAX / b)))
[20]2987 return SL_TRUE; /* no overflow */
2988 return SL_FALSE;
2989}
2990
[34]2991int sl_ok_muls (size_t a, size_t b) /* a*b */
2992{
2993 if ((b == 0) || (a <= (SIZE_MAX / b)))
2994 return SL_TRUE; /* no overflow */
2995 return SL_FALSE;
2996}
2997
[20]2998int sl_ok_divi (int a, int b) /* a/b */
2999{
3000 (void) a;
3001 if (b != 0)
3002 return SL_TRUE; /* no overflow */
3003 return SL_FALSE;
3004}
3005
3006int sl_ok_addi (int a, int b) /* a+b */
3007{
3008 if (a >= 0 && b >= 0)
3009 {
3010 if (a <= (INT_MAX - b))
3011 return SL_TRUE; /* no overflow */
3012 else
3013 return SL_FALSE;
3014 }
3015 else if (a < 0 && b < 0)
3016 {
3017 if (a >= (INT_MIN - b))
3018 return SL_TRUE; /* no overflow */
3019 else
3020 return SL_FALSE;
3021 }
3022 return SL_TRUE;
3023}
3024
[34]3025int sl_ok_adds (size_t a, size_t b) /* a+b */
3026{
3027 if (a <= (SIZE_MAX - b))
3028 return SL_TRUE; /* no overflow */
3029 else
3030 return SL_FALSE;
3031}
3032
[20]3033int sl_ok_subi (int a, int b) /* a-b */
3034{
3035 if (a >= 0 && b < 0)
3036 {
3037 if (a <= (INT_MAX + b))
3038 return SL_TRUE; /* no overflow */
3039 else
3040 return SL_FALSE;
3041 }
3042 else if (a < 0 && b >= 0)
3043 {
3044 if (a >= (INT_MIN + b))
3045 return SL_TRUE; /* no overflow */
3046 else
3047 return SL_FALSE;
3048 }
3049 return SL_TRUE;
3050}
Note: See TracBrowser for help on using the repository browser.