source: trunk/src/slib.c@ 453

Last change on this file since 453 was 412, checked in by katerina, 13 years ago

Enhancements for ticket #312 (logrotate) and #313 (--enable-suid).
File size: 71.0 KB
Line 
1#include "config_xor.h"
2
3#if defined(HAVE_POSIX_FADVISE) && defined(HAVE_MINCORE)
4#define _XOPEN_SOURCE 600
5#define _BSD_SOURCE
6#endif
7
8#include <stdio.h>
9#include <stdlib.h>
10#include <stdarg.h>
11#include <string.h>
12#include <limits.h>
13#ifdef HAVE_STDINT_H
14/* for SIZE_MAX */
15#include <stdint.h>
16#endif
17
18#include <sys/types.h>
19#include <sys/stat.h>
20#include <unistd.h>
21#include <fcntl.h>
22#include <signal.h>
23
24#if defined(HAVE_POSIX_FADVISE) && defined(HAVE_MINCORE)
25#include <sys/mman.h>
26#endif
27
28#if TIME_WITH_SYS_TIME
29#include <sys/time.h>
30#include <time.h>
31#else
32#if HAVE_SYS_TIME_H
33#include <sys/time.h>
34#else
35#include <time.h>
36#endif
37#endif
38
39#ifdef HAVE_MEMORY_H
40#include <memory.h>
41#endif
42#ifdef HAVE_SYS_SELECT_H
43#include <sys/select.h>
44#endif
45
46#ifndef FD_SET
47#define NFDBITS 32
48#define FD_SET(n, p) ((p)->fds_bits[(n)/NFDBITS] |= (1 << ((n) % NFDBITS)))
49#define FD_CLR(n, p) ((p)->fds_bits[(n)/NFDBITS] &= ~(1 << ((n) % NFDBITS)))
50#define FD_ISSET(n, p) ((p)->fds_bits[(n)/NFDBITS] & (1 << ((n) % NFDBITS)))
51#endif /* !FD_SET */
52#ifndef FD_SETSIZE
53#define FD_SETSIZE 32
54#endif
55#ifndef FD_ZERO
56#define FD_ZERO(p) memset((char *)(p), '\0', sizeof(*(p)))
57#endif
58
59#define SH_REAL_SET
60
61#include "slib.h"
62#include "sh_calls.h"
63#define SH_NEED_PWD_GRP 1
64#include "sh_static.h"
65#include "sh_pthread.h"
66#include "sh_string.h"
67
68#undef FIL__
69#define FIL__ _("slib.c")
70
71const uid_t sh_uid_neg = ((uid_t) -1);
72const gid_t sh_gid_neg = ((gid_t) -1);
73
74#undef BREAKEXIT
75#if defined(SCREW_IT_UP) && defined(__linux__) && defined(__i386__)
76
77#ifdef SH_DEBUG
78#define BREAKEXIT(expr) \
79 do { \
80 int ixi; \
81 for (ixi = 0; ixi < 8; ++ixi) { \
82 if ((*(volatile unsigned *)((unsigned) expr + ixi) & 0xff) == 0xcc) \
83 { dlog(0, FIL__, __LINE__, _("BREAKEXIT")); _exit(EXIT_FAILURE); } \
84 } \
85 } \
86 while (1 == 0)
87#else
88#define BREAKEXIT(expr) \
89 do { \
90 int ixi; \
91 for (ixi = 0; ixi < 8; ++ixi) { \
92 if ((*(volatile unsigned *)((unsigned) expr + ixi) & 0xff) == 0xcc) \
93 _exit(EXIT_FAILURE); \
94 } \
95 } \
96 while (1 == 0)
97#endif
98
99#else
100#define BREAKEXIT(expr)
101#endif
102
103/****************************************************************
104 *
105 * The debug/trace subsystem
106 *
107 ****************************************************************/
108
109int slib_do_trace = 0;
110int slib_trace_fd = -1;
111
112static char trace_log[256] = { '\0' };
113static int trace_level = 0;
114static FILE * trace_fp = NULL;
115
116int sl_trace_use (const char * dummy)
117{
118 (void) dummy;
119 slib_do_trace = 1;
120 return 0;
121}
122
123int sl_trace_file (const char * str)
124{
125 if (!str)
126 return -1;
127 if (str[0] != '/')
128 return -1;
129 sl_strlcpy(trace_log, str, 256);
130 return 0;
131}
132
133FILE * sl_tracefile_open(const char * file, const char * mode)
134{
135 FILE * xp = NULL;
136 slib_trace_fd = open(file, O_WRONLY|O_CREAT|O_APPEND, 0600);
137 if (slib_trace_fd >= 0)
138 xp = fdopen(slib_trace_fd, mode);
139 return xp;
140}
141
142void sl_trace_in(const char * str, const char * file, int line)
143{
144 int i;
145 if (trace_log[0] == '\0')
146 {
147 fprintf(stderr, "++ ");
148 for (i = 0; i < trace_level; ++i)
149 fprintf(stderr, ". ");
150 fprintf(stderr, "[%2d] %s \t - File %c%s%c at line %d\n",
151 trace_level, str, 0x22, file, 0x22, line);
152 }
153 else if (!sl_is_suid())
154 {
155 if (!trace_fp)
156 trace_fp = sl_tracefile_open(trace_log, "a");
157 if (trace_fp)
158 {
159 fprintf(trace_fp, "++ ");
160 for (i = 0; i < trace_level; ++i)
161 fprintf(trace_fp, ". ");
162 fprintf(trace_fp, "[%2d] %s \t - File %c%s%c at line %d\n",
163 trace_level, str, 0x22, file, 0x22, line);
164 fflush(trace_fp);
165 }
166 else
167 {
168 perror(_("sl_trace_in: fopen"));
169 _exit(1);
170 }
171 }
172 ++trace_level;
173}
174
175void sl_trace_out(const char * str, const char * file, int line)
176{
177 int i;
178
179 --trace_level; if (trace_level < 0) trace_level = 0;
180
181 if (trace_log[0] == '\0')
182 {
183 fprintf(stderr, "-- ");
184 for (i = 0; i < trace_level; ++i)
185 fprintf(stderr, ". ");
186 fprintf(stderr, _("[%2d] %s \t - File %c%s%c at line %d\n"),
187 trace_level, str, 0x22, file, 0x22, line);
188 }
189 else if (!sl_is_suid())
190 {
191 if (!trace_fp)
192 trace_fp = sl_tracefile_open(trace_log, "a");
193 if (trace_fp)
194 {
195 fprintf(trace_fp, "-- ");
196 for (i = 0; i < trace_level; ++i)
197 fprintf(trace_fp, ". ");
198 fprintf(trace_fp, _("[%2d] %s \t - File %c%s%c at line %d\n"),
199 trace_level, str, 0x22, file, 0x22, line);
200 fflush(trace_fp);
201 }
202 else
203 {
204 perror(_("sl_trace_out: fopen"));
205 _exit(1);
206 }
207 }
208}
209
210extern int sh_log_console (const char * msg);
211
212static int dlogActive = 0;
213
214/* this is called from sh_error_setprint()
215 */
216void dlog_set_active(int flag)
217{
218 dlogActive = flag;
219}
220
221/* flag = 0 debug messages
222 * = 1 descriptive error messages
223 * = 3 backtrace
224 */
225int dlog (int flag, const char * file, int line, const char *fmt, ...)
226{
227 va_list ap;
228 char val[81];
229 char msg[512];
230 char tmp[512];
231 int retval = 0;
232 int i;
233
234#ifdef SH_STEALTH
235 /*
236 * do not even print descriptive failure messages in stealth mode
237 */
238 if (dlogActive == 0)
239 return 0;
240 if (dlogActive == 1 && flag == 0) /* debug requires debug level */
241 return 0;
242#else
243 if (dlogActive <= 1 && flag == 0) /* debug requires debug level */
244 return 0;
245#endif
246
247 if (flag == 1)
248 {
249 sl_snprintf (val, 81, _("\n--------- %10s "), file);
250 sl_strlcpy (msg, val, 80);
251 sl_snprintf (val, 81, _(" --- %6d ---------\n"), line);
252 sl_strlcat (msg, val, 80);
253 sh_log_console (msg);
254 }
255
256 va_start (ap, fmt);
257 if (flag == 1)
258 sl_strlcpy(tmp, fmt, 512);
259 else
260 sl_strlcpy(tmp, fmt, 256);
261 retval = strlen(tmp);
262 if (retval > 0 && tmp[retval-1] == '\n')
263 tmp[retval-1] = '\0';
264 retval = 0;
265 if (flag == 1)
266 {
267 sl_vsnprintf (msg, 511, tmp, ap);
268 }
269 else
270 {
271 sl_strlcpy (msg, "## ", 256);
272 for (i = 0; i < trace_level; ++i)
273 sl_strlcat (msg, ". ", 256);
274 sprintf (val, _("[%2d] "), trace_level);
275 sl_strlcat (msg, val, 256);
276 sl_vsnprintf (&msg[strlen(msg)], 255, tmp, ap);
277 sl_snprintf (tmp, 255, _(" \t - File %c%s%c at line %d"),
278 0x22, file, 0x22, line);
279 sl_strlcat (msg, tmp, 512);
280 }
281 va_end (ap);
282 if (flag != 0 || sl_is_suid())
283 retval = sh_log_console (msg);
284 else
285 {
286 if (trace_log[0] == '\0')
287 {
288 /* sh_log_console (msg); */
289 fprintf(stderr, "%s\n", msg);
290 }
291 else
292 {
293 if (!trace_fp)
294 trace_fp = sl_tracefile_open(trace_log, "a");
295 if (trace_fp)
296 {
297 fprintf(trace_fp, "%s\n", msg);
298 }
299 else
300 {
301 perror(_("dlog: fopen"));
302 _exit(1);
303 }
304 }
305 }
306 if (flag == 1)
307 sh_log_console (_("\n----------------------------------------------\n"));
308 return retval;
309}
310
311extern char aud_err_message[64];
312static char alt_err_message[64];
313char * sl_get_errmsg()
314{
315 if (aud_err_message[0] == '\0')
316 {
317 sl_strlcpy(alt_err_message, sl_error_string(sl_errno), 64);
318 return &alt_err_message[0];
319 }
320 return &aud_err_message[0];
321}
322
323
324#if defined(SL_DEBUG)
325#define SL_MAX_MYSTACK 128
326
327static char sl_mystack[SL_MAX_MYSTACK][32];
328static int sl_mystack_count = 0;
329
330void sl_stack_push(char * c, char * file, int line )
331{
332 if (slib_do_trace)
333 sl_trace_in(c, file, line);
334 if (c && sl_mystack_count < SL_MAX_MYSTACK)
335 {
336 strncpy(sl_mystack[sl_mystack_count], c, 31);
337 sl_mystack[sl_mystack_count][31] = '\0';
338 ++sl_mystack_count;
339 /*
340 fprintf(stderr, "#%03d %s\n", sl_mystack_count,
341 sl_mystack[sl_mystack_count-1]);
342 */
343 }
344 return;
345}
346
347void sl_stack_pop(char * c, char * file, int line)
348{
349 if (slib_do_trace)
350 sl_trace_out(c, file, line);
351 if (sl_mystack_count > 0)
352 {
353 /*
354 fprintf(stderr, " <- #%03d %s\n", sl_mystack_count,
355 sl_mystack[sl_mystack_count-1]);
356 */
357 --sl_mystack_count;
358 }
359 return;
360}
361
362void sl_stack_print()
363{
364 int i;
365 /* FILE * dfile; */
366
367 if (sl_mystack_count > 0)
368 {
369 sh_log_console(_("\nBacktrace:\n"));
370 /* dlog(3, FIL__, __LINE__, _("\nBacktrace:\n")); */
371 for (i = 0; i < sl_mystack_count; ++i)
372 sh_log_console(sl_mystack[i]);
373 /* dlog(3, FIL__, __LINE__, _("#%03d %s\n"), i, sl_mystack[i]); */
374 }
375 return;
376}
377
378#endif
379
380
381/*
382 * The global errno.
383 * On error, this is set to the return value of the function.
384 */
385long int sl_errno;
386
387
388/* ----------------------------------------------------------------
389 *
390 * Capability routines
391 *
392 * ---------------------------------------------------------------- */
393
394int sl_useCaps = 0;
395
396#ifdef FANCY_LIBCAP
397#include <sys/capability.h>
398
399/*
400 * While these routines are tested and work, we don't use POSIX
401 * capabilities, as they don't seem to be useful (root can write
402 * to root-owned files anyway). Things would be more interesting
403 * if we could switch to a non-root UID with just a few capabilities
404 * enabled.
405 */
406int sl_drop_cap ()
407{
408 int error;
409 cap_t caps;
410 cap_flag_t capflag;
411 cap_flag_value_t capfval = CAP_CLEAR;
412 cap_value_t capvals_e[] =
413 {
414 CAP_CHOWN, CAP_FOWNER, CAP_FSETID,
415 CAP_LINUX_IMMUTABLE, CAP_MKNOD, CAP_NET_ADMIN,
416 CAP_NET_BIND_SERVICE, CAP_NET_BROADCAST, CAP_NET_RAW,
417 CAP_SYS_ADMIN, CAP_SYS_BOOT, CAP_SYS_CHROOT,
418 CAP_SYS_PACCT, CAP_SYS_PTRACE, CAP_SYS_RAWIO,
419 CAP_SYS_RESOURCE, CAP_SYS_TIME, CAP_SYS_TTY_CONFIG,
420 CAP_SETGID, CAP_SETUID, CAP_KILL,
421 CAP_DAC_OVERRIDE,
422#if !defined(WITH_MESSAGE_QUEUE)
423 CAP_IPC_OWNER,
424#endif
425 CAP_SYS_MODULE, CAP_LEASE
426 };
427 cap_value_t capvals_p[] =
428 {
429 CAP_CHOWN, CAP_LEASE, CAP_FSETID,
430 CAP_LINUX_IMMUTABLE, CAP_MKNOD, CAP_NET_ADMIN,
431 CAP_NET_BIND_SERVICE, CAP_NET_BROADCAST, CAP_NET_RAW,
432 CAP_SYS_ADMIN, CAP_SYS_BOOT, CAP_SYS_CHROOT,
433 CAP_SYS_PACCT, CAP_SYS_PTRACE, CAP_SYS_RAWIO,
434 CAP_SYS_RESOURCE, CAP_SYS_TIME, CAP_SYS_TTY_CONFIG,
435#if !defined(WITH_EXTERNAL) && !defined(HAVE_UNIX_RANDOM)
436 CAP_SETGID, CAP_SETUID, CAP_KILL,
437#endif
438#if !defined(SH_USE_SUIDCHK)
439 CAP_DAC_OVERRIDE, CAP_FOWNER,
440#endif
441#if !defined(WITH_MESSAGE_QUEUE)
442 CAP_IPC_OWNER,
443#endif
444 CAP_SYS_MODULE
445 };
446
447 if (0 == sl_useCaps) /* 0 = S_FALSE */
448 {
449 return 0;
450 }
451
452 if(NULL == (caps = cap_get_proc()))
453 {
454 return errno;
455 }
456
457 capflag = CAP_EFFECTIVE;
458 if (0 != cap_set_flag(caps, capflag, sizeof(capvals_e)/sizeof(cap_value_t),
459 capvals_e, capfval))
460 {
461 error = errno;
462 cap_free(caps);
463 return error;
464 }
465 if (0 != cap_set_proc(caps))
466 {
467 error = errno;
468 cap_free(caps);
469 return error;
470 }
471
472 capflag = CAP_PERMITTED;
473 if (0 != cap_set_flag(caps, capflag, sizeof(capvals_p)/sizeof(cap_value_t),
474 capvals_p, capfval))
475 {
476 error = errno;
477 cap_free(caps);
478 return error;
479 }
480 if (0 != cap_set_proc(caps))
481 {
482 error = errno;
483 cap_free(caps);
484 return error;
485 }
486 cap_free(caps);
487 return 0;
488}
489
490int sl_drop_cap_int(int what)
491{
492#if defined(SL_DEBUG)
493 char * captext;
494#endif
495 cap_flag_t capflag = CAP_EFFECTIVE;
496 cap_flag_value_t capfval = CAP_CLEAR;
497 cap_value_t capvals_a[] = { CAP_SETGID, CAP_SETUID, CAP_KILL };
498 cap_value_t capvals_b[] = { CAP_DAC_OVERRIDE, CAP_FOWNER };
499 cap_value_t * capvals;
500 int nvals;
501 int error = 0;
502 cap_t caps = cap_get_proc();
503
504 if (0 == sl_useCaps) /* 0 = S_FALSE */
505 {
506 return 0;
507 }
508
509 if (caps == NULL)
510 {
511 return errno;
512 }
513
514 switch (what) {
515 case 1:
516 capvals = capvals_a;
517 nvals = 3;
518 capfval = CAP_CLEAR;
519 break;
520 case 2:
521 capvals = capvals_a;
522 nvals = 3;
523 capfval = CAP_SET;
524 break;
525 case 3:
526 capvals = capvals_b;
527 nvals = 2;
528 capfval = CAP_CLEAR;
529 break;
530 case 4:
531 capvals = capvals_b;
532 nvals = 2;
533 capfval = CAP_SET;
534 break;
535 default:
536 return (0);
537 }
538
539 if (0 != cap_set_flag(caps, capflag, nvals, capvals, capfval))
540 {
541 error = errno;
542 cap_free(caps);
543 return error;
544 }
545 if (0 != cap_set_proc(caps))
546 {
547 error = errno;
548 cap_free(caps);
549 return error;
550 }
551#if defined(SL_DEBUG)
552 captext = cap_to_text(caps, NULL);
553 TPT(( 0, FIL__, __LINE__, _("msg=<cap_int %d: %s>\n"), what, captext));
554 cap_free(captext);
555#endif
556 cap_free(caps);
557 return 0;
558}
559
560int sl_drop_cap_sub() { return sl_drop_cap_int(1); }
561int sl_get_cap_sub() { return sl_drop_cap_int(2); }
562int sl_drop_cap_qdel() { return sl_drop_cap_int(3); }
563int sl_get_cap_qdel() { return sl_drop_cap_int(4); }
564
565#else
566int sl_drop_cap () { return 0; }
567int sl_drop_cap_sub() { return 0; }
568int sl_get_cap_sub() { return 0; }
569int sl_drop_cap_qdel() { return 0; }
570int sl_get_cap_qdel() { return 0; }
571#endif
572
573/* ----------------------------------------------------------------
574 *
575 * String handling routines
576 *
577 * ---------------------------------------------------------------- */
578
579/*
580 * Have memset in a different translation unit (i.e. this) to prevent
581 * it to get optimized away
582 */
583void *sl_memset(void *s, int c, size_t n)
584{
585 return memset(s, c,n);
586}
587
588
589#if !defined (VA_COPY)
590#if defined (__GNUC__) && defined (__PPC__) && (defined (_CALL_SYSV) || defined (_WIN32))
591#define VA_COPY(ap1, ap2) (*(ap1) = *(ap2))
592#elif defined (VA_COPY_AS_ARRAY)
593#define VA_COPY(ap1, ap2) memmove ((ap1), (ap2), sizeof (va_list))
594#else /* va_list is a pointer */
595#define VA_COPY(ap1, ap2) ((ap1) = (ap2))
596#endif
597#endif
598
599#if !defined(HAVE_VSNPRINTF) || defined(HAVE_BROKEN_VSNPRINTF)
600static
601size_t sl_printf_count (const char * fmt, va_list vl)
602{
603 size_t length = 1;
604 int fini = 0;
605 int islong = 0;
606 int islonglong = 0;
607 int islongdouble = 0;
608 char * string_arg;
609
610 SL_ENTER(_("sl_printf_count"));
611
612 if (fmt == NULL)
613 SL_IRETURN(SL_ENULL, _("sl_printf_count"));
614
615 while (*fmt) {
616
617 if ( (*fmt) == '%' ) { /* a format specifier */
618
619 fmt++; /* point to first char after '%' */
620
621 fini = 0;
622 islong = 0;
623 islongdouble = 0;
624
625 while (*fmt && (fini == 0) ) {
626
627 switch (*fmt) {
628
629 case '*': /* field width supplied by an integer */
630 length = length + va_arg (vl, int);
631 ++fmt;
632 break;
633 case '1':
634 case '2':
635 case '3':
636 case '4':
637 case '5':
638 case '6':
639 case '7':
640 case '8':
641 case '9':
642 length = length + strtol (fmt, (char**) &fmt, 10);
643 /* strtol makes FastForward to first invalid char */
644 break;
645
646 case 'l': /* 'long' modifier */
647 if (islong == 0)
648 islong = 1;
649 else
650 {
651 islonglong = 1;
652 islong = 0;
653 }
654 ++fmt;
655 break;
656
657 case 'L': /* 'long double' modifier */
658#ifdef HAVE_LONG_DOUBLE
659 islongdouble = 1;
660#else
661 islong = 1;
662#endif
663 ++fmt;
664 break;
665
666 case 'd':
667 case 'i':
668 case 'o':
669 case 'u':
670 case 'x':
671 case 'X':
672 if (islonglong == 1)
673#ifdef HAVE_LONG_LONG
674 (void) va_arg (vl, long long);
675#else
676 (void) va_arg (vl, long);
677#endif
678 else if (islong == 1)
679 (void) va_arg (vl, long);
680 else
681 (void) va_arg (vl, int);
682 islong = 0;
683 islonglong = 0;
684 length = length + 24;
685 ++fmt;
686 fini = 1;
687 break;
688
689 case 'D':
690 case 'O':
691 case 'U':
692 (void) va_arg (vl, long);
693 length = length + 24;
694 fmt++;
695 fini = 1;
696 break;
697
698 case 'e':
699 case 'E':
700 case 'f':
701 case 'g':
702#ifdef HAVE_LONG_DOUBLE
703 if (islongdouble == 1) {
704 (void) va_arg (vl, long double);
705 islongdouble = 0;
706 length = length + 20;
707 }
708 else
709#endif
710 (void) va_arg (vl, double);
711 length = length + 20;
712 fini = 1;
713 ++fmt;
714 break;
715
716 case 's':
717 string_arg = va_arg (vl, char *);
718 if (string_arg != NULL)
719 length = length + sl_strlen (string_arg);
720 else
721 length = length + 16;
722 fini = 1;
723 ++fmt;
724 break;
725
726 case 'c':
727 (void) va_arg (vl, int);
728 length = length + 1;
729 fini = 1;
730 ++fmt;
731 break;
732
733 case 'p':
734 case 'n':
735 (void) va_arg (vl, void * );
736 length = length + 32;
737 fini = 1;
738 ++fmt;
739 break;
740
741 case '%': /* %% will print '%' */
742 length = length + 1;
743 fini = 1;
744 ++fmt;
745 break;
746
747 default:
748 length = length + 1;
749 ++fmt;
750 break;
751
752 } /* end switch */
753 }
754 /* end parsing a single format specifier */
755 } else {
756 length = length + 1;
757 fmt++;
758 }
759 }
760 SL_IRETURN(length, _("sl_printf_count"));
761}
762#endif /* #ifndef HAVE_VSNPRINTF */
763
764/*
765 * An implementation of vsnprintf. va_start/va_end are in the caller
766 * function.
767 * Returns C99 (#bytes that would heve been written) on success.
768 */
769int sl_vsnprintf(char *str, size_t n,
770 const char *format, va_list vl )
771{
772 int len = 0;
773#if !defined(HAVE_VSNPRINTF) || defined(HAVE_BROKEN_VSNPRINTF)
774 size_t total;
775 va_list vl2;
776#endif
777
778 SL_ENTER(_("sl_vsnprintf"));
779 if (str == NULL || format == NULL)
780 SL_IRETURN(0, _("sl_vsnprintf"));
781
782#if defined(HAVE_VSNPRINTF) && !defined(HAVE_BROKEN_VSNPRINTF)
783 len = vsnprintf (str, n, format, vl); /* flawfinder: ignore */
784 str[n-1] = '\0';
785#else
786 VA_COPY (vl2, vl); /* save the argument list */
787 total = sl_printf_count (format, vl);
788 len = (int) total;
789 if (total < n)
790 {
791 /* flawfinder: ignore */
792 vsprintf (str, format, vl2); /* program has checked that it fits */
793 str[n-1] = '\0';
794 }
795 else
796 {
797 sl_strlcpy (str, format, n);
798 va_end(vl2);
799 SL_IRETURN(len, _("sl_vsnprintf"));
800 }
801 va_end(vl2);
802#endif
803 SL_IRETURN(len, _("sl_vsnprintf"));
804}
805
806/*
807 * An implementation of snprintf.
808 * Returns SL_ENONE on success.
809 * ENULL: src || format == NULL
810 * ERANGE: n out of range
811 * ETRUNC: truncated (unimplemented)
812 */
813int sl_snprintf(char *str, size_t n,
814 const char *format, ... )
815{
816 va_list vl;
817#if !defined(HAVE_VSNPRINTF) || defined(HAVE_BROKEN_VSNPRINTF)
818 size_t total = 0;
819 va_list vl2;
820#endif
821
822 SL_ENTER(_("sl_snprintf"));
823 if (str == NULL || format == NULL)
824 SL_IRETURN(SL_ENULL, _("sl_snprintf"));
825
826 va_start (vl, format);
827#if defined(HAVE_VSNPRINTF) && !defined(HAVE_BROKEN_VSNPRINTF)
828 /* flawfinder: ignore */
829 vsnprintf (str, n, format, vl);
830 str[n-1] = '\0';
831#else
832 VA_COPY (vl2, vl); /* save the argument list */
833 total = sl_printf_count (format, vl);
834 if (total < n)
835 {
836 /* flawfinder: ignore */
837 vsprintf (str, format, vl2); /* program has checked that it fits */
838 str[n-1] = '\0';
839 }
840 else
841 {
842 sl_strlcpy (str, format, n);
843 va_end(vl2);
844 va_end(vl);
845 SL_IRETURN(SL_ETRUNC, _("sl_snprintf"));
846 }
847 va_end(vl2);
848#endif
849 va_end(vl);
850 SL_IRETURN(SL_ENONE, _("sl_snprintf"));
851}
852
853/*
854 * Appends src to string dst of size siz (unlike strncat, siz is the
855 * full size of dst, not space left). At most siz-1 characters
856 * will be copied. Always NUL terminates (unless siz == 0).
857 * Returns SL_NONE on success, errcode on failure.
858 *
859 * ENULL: dst == NULL
860 * ERANGE: siz out of range
861 * ETRUNC: src truncated
862 */
863int sl_strlcat(char * dst, /*@null@*/const char *src, size_t siz)
864{
865 register size_t dst_end;
866 register size_t dst_free;
867
868 register char * p;
869 register const char * q;
870
871 if (!(dst == NULL || src == NULL || *src == '\0'))
872 {
873 if (siz > 0)
874 {
875
876 /* How much free space do we have ?
877 */
878 dst_end = strlen(dst);
879 dst_free = siz - dst_end - 1;
880
881 p = &dst[dst_end];
882 q = src;
883
884 while (dst_free > 0 && *q != '\0')
885 {
886 *p++ = *q++;
887 --dst_free;
888 }
889
890 /* NULL terminate dst.
891 */
892 *p = '\0';
893
894 if (*q == '\0')
895 return SL_ENONE;
896 else
897 return SL_ETRUNC;
898 }
899 }
900 return SL_ENONE;
901}
902
903/*
904 * An alternative implementation of the OpenBSD strlcpy() function.
905 *
906 * Copy src to string dst of size siz. At most siz-1 characters
907 * will be copied. Always NUL terminates (unless siz == 0).
908 * Returns SL_NONE on success, errcode on failure.
909 *
910 * ENULL: dst == NULL
911 * ERANGE: siz out of range
912 * ETRUNC: src truncated
913 */
914int sl_strlcpy(char * dst, /*@null@*/const char * src, size_t siz)
915{
916 /* SL_ENTER(_("sl_strlcpy")); */
917
918 if (!((dst == NULL) || (src == NULL)))
919 {
920 if (siz > 0) {
921 /* copy siz-1 characters
922 */
923 (void) strncpy(dst, src, siz-1);
924
925 /* NULL terminate
926 */
927 dst[siz-1] = '\0';
928 }
929 return SL_ENONE;
930 }
931 else if (src == NULL)
932 {
933 if (dst && siz > 0)
934 dst[0] = '\0';
935 return SL_ENONE;
936 }
937 else
938 {
939 return SL_ENULL;
940 }
941}
942
943/*
944 * A robust drop-in replacement of strncpy. strlcpy is preferable.
945 */
946char * sl_strncpy(char *dst, const char *src, size_t size)
947{
948
949#ifdef SL_FAIL_ON_ERROR
950 SL_REQUIRE(dst != NULL, _("dst != NULL"));
951 SL_REQUIRE(src != NULL, _("src != NULL"));
952 SL_REQUIRE(size > 0, _("size > 0"));
953#endif
954
955 if (dst == NULL)
956 {
957 sl_errno = SL_ENULL;
958 return (NULL);
959 }
960 if (size < 1)
961 {
962 sl_errno = SL_ERANGE;
963 return (dst);
964 }
965 if (!src)
966 {
967 sl_errno = SL_ENULL;
968 dst[0] = '\0';
969 }
970 else if (src[0] == '\0')
971 dst[0] = '\0';
972 else
973 strncpy(dst, src, size);
974
975 if (sl_strlen(src) >= size)
976 {
977 errno = ENOSPC;
978 dst[size-1] = '\0';
979 }
980 return (dst);
981}
982
983/*
984 * A robust drop-in replacement of strncat. strlcat is preferable.
985 */
986char * sl_strncat(char *dst, const char *src, size_t n)
987{
988#ifdef SL_FAIL_ON_ERROR
989 SL_REQUIRE(dst != NULL, _("dst != NULL"));
990 SL_REQUIRE(src != NULL, _("src != NULL"));
991 SL_REQUIRE(n > 0, _("n > 0"));
992#endif
993
994 if (dst == NULL)
995 {
996 sl_errno = SL_ENULL;
997 return (NULL);
998 }
999 if (n < 1)
1000 {
1001 sl_errno = SL_ERANGE;
1002 return (dst);
1003 }
1004 if (!src)
1005 {
1006 sl_errno = SL_ENULL;
1007 return (dst);
1008 }
1009 else if (src[0] == '\0')
1010 dst[0] = '\0';
1011 else
1012 strncat(dst, src, n);
1013
1014 return (dst);
1015}
1016
1017#include <ctype.h>
1018int sl_strcasecmp(const char * one, const char * two)
1019{
1020#ifdef SL_FAIL_ON_ERROR
1021 SL_REQUIRE (one != NULL, _("one != NULL"));
1022 SL_REQUIRE (two != NULL, _("two != NULL"));
1023#endif
1024
1025 if (one && two)
1026 {
1027 do {
1028 if (*one && *two)
1029 {
1030 if (tolower((int) *one) == tolower((int) *two))
1031 {
1032 ++one; ++two;
1033 }
1034 else if (tolower((int) *one) < tolower((int) *two))
1035 return -1;
1036 else
1037 return 1;
1038 }
1039 else if (*one == '\0' && *two == '\0')
1040 return 0;
1041 else if (*one == '\0')
1042 return -1;
1043 else
1044 return 1;
1045 } while (1 == 1);
1046 }
1047 else if (one == NULL && two != NULL)
1048 return -1;
1049 else if (one != NULL && two == NULL)
1050 return 1;
1051 else
1052 return -7; /* default to not equal */
1053}
1054
1055int sl_strcmp(const char * a, const char * b)
1056{
1057#ifdef SL_FAIL_ON_ERROR
1058 SL_REQUIRE (a != NULL, _("a != NULL"));
1059 SL_REQUIRE (b != NULL, _("b != NULL"));
1060#endif
1061
1062 if (a != NULL && b != NULL)
1063 return (strcmp(a, b));
1064 else if (a == NULL && b != NULL)
1065 return (-1);
1066 else if (a != NULL && b == NULL)
1067 return (1);
1068 else
1069 return (-7); /* default to not equal */
1070}
1071
1072int sl_strncmp(const char * a, const char * b, size_t n)
1073{
1074#ifdef SL_FAIL_ON_ERROR
1075 SL_REQUIRE (a != NULL, _("a != NULL"));
1076 SL_REQUIRE (b != NULL, _("b != NULL"));
1077 SL_REQUIRE (n > 0, _("n > 0"));
1078#endif
1079
1080 if (a != NULL && b != NULL)
1081 return (strncmp(a, b, n));
1082 else if (a == NULL && b != NULL)
1083 return (-1);
1084 else if (a != NULL && b == NULL)
1085 return (1);
1086 else
1087 return (-7); /* default to not equal */
1088}
1089
1090int sl_strncasecmp(const char * a, const char * b, size_t n)
1091{
1092#ifdef SL_FAIL_ON_ERROR
1093 SL_REQUIRE (a != NULL, _("a != NULL"));
1094 SL_REQUIRE (b != NULL, _("b != NULL"));
1095 SL_REQUIRE (n > 0, _("n > 0"));
1096#endif
1097
1098 if (a != NULL && b != NULL)
1099 return (strncasecmp(a, b, n));
1100 else if (a == NULL && b != NULL)
1101 return (-1);
1102 else if (a != NULL && b == NULL)
1103 return (1);
1104 else
1105 return (-7); /* default to not equal */
1106}
1107
1108/* string searching
1109 */
1110
1111char * sl_strstr (const char * haystack, const char * needle)
1112{
1113#ifndef HAVE_STRSTR
1114 unsigned int i;
1115 size_t needle_len;
1116 size_t haystack_len;
1117#endif
1118
1119 if (haystack == NULL || needle == NULL)
1120 return NULL;
1121 if (*needle == '\0' || *haystack == '\0')
1122 return NULL;
1123
1124#if defined(HAVE_STRSTR)
1125 return (strstr(haystack, needle));
1126#else
1127 needle_len = strlen(needle);
1128 haystack_len = strlen(haystack);
1129
1130 for (i = 0; i <= (haystack_len-needle_len); ++i)
1131 if (0 == sl_strncmp(&haystack[i], needle, needle_len))
1132 return (needle);
1133 return NULL;
1134#endif
1135}
1136
1137
1138/* ----------------------------------------------------------------
1139 *
1140 * Privilege handling routines
1141 *
1142 * ---------------------------------------------------------------- */
1143
1144
1145
1146static uid_t euid;
1147static uid_t ruid;
1148static uid_t ruid_orig;
1149static gid_t egid;
1150static gid_t rgid;
1151static gid_t rgid_orig;
1152
1153static int uids_are_stored = SL_FALSE;
1154static int suid_is_set = SL_TRUE;
1155
1156#ifdef HAVE_SETRESUID
1157extern int setresuid (uid_t truid, uid_t teuid, uid_t tsuid);
1158extern int setresgid (gid_t trgid, gid_t tegid, gid_t tsgid);
1159#endif
1160
1161
1162/*
1163 * This function returns true if the program is SUID.
1164 * It calls abort() if the uid's are not saved already.
1165 */
1166int sl_is_suid()
1167{
1168 if (uids_are_stored == SL_FALSE)
1169 {
1170 if (getuid() == geteuid() && getgid() == getegid())
1171 return (0); /* FALSE */
1172 else
1173 return (1); /* TRUE */
1174 }
1175 else
1176 {
1177 if (euid == ruid && egid == rgid)
1178 return (0); /* FALSE */
1179 else
1180 return (1); /* TRUE */
1181 }
1182}
1183
1184/*
1185 * This function returns the saved euid.
1186 * It calls abort() if the uid's are not saved already.
1187 */
1188int sl_get_euid(uid_t * ret)
1189{
1190 SL_ENTER(_("sl_get_euid"));
1191 /* SL_REQUIRE(uids_are_stored == SL_TRUE, _("uids_are_stored == SL_TRUE"));*/
1192 if (uids_are_stored == SL_TRUE)
1193 *ret = euid;
1194 else
1195 *ret = geteuid();
1196 SL_IRETURN (SL_ENONE, _("sl_get_euid"));
1197}
1198
1199uid_t sl_ret_euid()
1200{
1201 /* SL_REQUIRE(uids_are_stored == SL_TRUE, _("uids_are_stored == SL_TRUE"));*/
1202 if (uids_are_stored == SL_TRUE)
1203 return (euid);
1204 else
1205 return (geteuid());
1206}
1207
1208/*
1209 * This function returns the saved egid.
1210 * It calls abort() if the uid's are not saved already.
1211 */
1212int sl_get_egid(gid_t * ret)
1213{
1214 SL_ENTER(_("sl_get_egid"));
1215 /* SL_REQUIRE(uids_are_stored == SL_TRUE, _("uids_are_stored == SL_TRUE"));*/
1216 if (uids_are_stored == SL_TRUE)
1217 *ret = egid;
1218 else
1219 *ret = getegid();
1220 SL_IRETURN (SL_ENONE, _("sl_get_egid"));
1221}
1222
1223/*
1224 * This function returns the saved ruid.
1225 * It calls abort() if the uid's are not saved already.
1226 */
1227int sl_get_ruid(uid_t * ret)
1228{
1229 SL_ENTER(_("sl_get_ruid"));
1230 /* SL_REQUIRE(uids_are_stored == SL_TRUE, _("uids_are_stored == SL_TRUE"));*/
1231 if (uids_are_stored == SL_TRUE)
1232 *ret = ruid;
1233 else
1234 *ret = getuid();
1235 SL_IRETURN (SL_ENONE, _("sl_get_ruid"));
1236}
1237
1238/*
1239 * This function returns the saved rgid.
1240 * It calls abort() if the uid's are not saved already.
1241 */
1242int sl_get_rgid(gid_t * ret)
1243{
1244 SL_ENTER(_("sl_get_rgid"));
1245 /* SL_REQUIRE(uids_are_stored == SL_TRUE, _("uids_are_stored == SL_TRUE"));*/
1246 if (uids_are_stored == SL_TRUE)
1247 *ret = rgid;
1248 else
1249 *ret = getgid();
1250 SL_IRETURN (SL_ENONE, _("sl_get_rgid"));
1251}
1252
1253/*
1254 * This function returns the saved original ruid.
1255 * It calls abort() if the uid's are not saved already.
1256 */
1257int sl_get_ruid_orig(uid_t * ret)
1258{
1259 SL_ENTER(_("sl_get_ruid_orig"));
1260 /* SL_REQUIRE(uids_are_stored == SL_TRUE, _("uids_are_stored == SL_TRUE"));*/
1261 if (uids_are_stored == SL_TRUE)
1262 *ret = ruid_orig;
1263 else
1264 *ret = getuid();
1265 SL_IRETURN (SL_ENONE, _("sl_get_ruid_orig"));
1266}
1267
1268/*
1269 * This function returns the saved original rgid.
1270 * It calls abort() if the uid's are not saved already.
1271 */
1272int sl_get_rgid_orig(gid_t * ret)
1273{
1274 SL_ENTER(_("sl_get_rgid_orig"));
1275 /* SL_REQUIRE(uids_are_stored == SL_TRUE, _("uids_are_stored == SL_TRUE"));*/
1276 if (uids_are_stored == SL_TRUE)
1277 *ret = rgid_orig;
1278 else
1279 *ret = getgid();
1280 SL_IRETURN (SL_ENONE, _("sl_get_rgid_orig"));
1281}
1282
1283static int suid_warn_flag = 1;
1284static void suid_warn(int a)
1285{
1286 fprintf(stderr, _("ERROR: open set/unset suid !!! %d\n"), a);
1287 return;
1288}
1289
1290/*
1291 * This function sets the effective uid
1292 * to the saved effective uid.
1293 * It will abort on failure.
1294 */
1295int sl_set_suid ()
1296{
1297 int retval;
1298
1299 SL_ENTER(_("sl_set_suid"));
1300
1301 if (uids_are_stored == SL_FALSE)
1302 {
1303 SL_IRETURN(SL_ENONE, _("sl_set_suid"));
1304 }
1305
1306 SL_REQUIRE(uids_are_stored == SL_TRUE, _("uids_are_stored == SL_TRUE"));
1307
1308 if (ruid == euid && rgid == egid)
1309 {
1310 suid_is_set = SL_TRUE;
1311 SL_IRETURN(SL_ENONE, _("sl_set_suid"));
1312 }
1313 SL_REQUIRE(suid_is_set == SL_FALSE, _("suid_is_set == SL_FALSE"));
1314
1315#if defined(HAVE_SETRESUID)
1316 retval = setresuid (sh_uid_neg, euid, sh_uid_neg);
1317 if (retval == 0)
1318 retval = setresgid (sh_gid_neg, egid, sh_gid_neg);
1319
1320#elif defined(HAVE_SETEUID)
1321 retval = seteuid (egid);
1322 if (retval == 0)
1323 retval = setegid (euid);
1324
1325 /* on AIX, setreuid does not behave well for non-root users.
1326 */
1327#elif defined(HAVE_SETREUID)
1328 retval = setreuid (ruid, euid);
1329 if (retval == 0)
1330 retval = setregid (rgid, egid);
1331
1332#else
1333 retval = setuid (euid);
1334 if (retval == 0)
1335 retval = setgid (egid);
1336#endif
1337 if (suid_warn_flag == 1)
1338 suid_warn(1);
1339 suid_warn_flag = 1;
1340
1341 SL_REQUIRE(retval == 0, _("retval == 0"));
1342 suid_is_set = SL_TRUE;
1343 SL_IRETURN(SL_ENONE, _("sl_set_suid"));
1344}
1345
1346/*
1347 * This function sets the effective uid to the real uid.
1348 * It will abort on failure.
1349 */
1350int sl_unset_suid ()
1351{
1352 register int retval;
1353
1354 SL_ENTER(_("sl_unset_suid"));
1355
1356 if (uids_are_stored == SL_FALSE)
1357 {
1358 SL_IRETURN(SL_ENONE, _("sl_unset_suid"));
1359 }
1360
1361 SL_REQUIRE(uids_are_stored == SL_TRUE, _("uids_are_stored == SL_TRUE"));
1362
1363 if (ruid == euid && rgid == egid)
1364 {
1365 suid_is_set = SL_FALSE;
1366 SL_IRETURN(SL_ENONE, _("sl_unset_suid"));
1367 }
1368 SL_REQUIRE(suid_is_set == SL_TRUE, _("suid_is_set == SL_TRUE"));
1369
1370#if defined(HAVE_SETRESUID)
1371 retval = setresgid (sh_gid_neg, rgid, sh_gid_neg);
1372 if (retval == 0)
1373 retval = setresuid (sh_uid_neg, ruid, sh_uid_neg);
1374
1375#elif defined(HAVE_SETEUID)
1376 retval = setegid (rgid);
1377 if (retval == 0)
1378 retval = seteuid (ruid);
1379
1380#elif defined(HAVE_SETREUID)
1381 retval = setregid (egid, rgid);
1382 if (retval == 0)
1383 retval = setreuid (euid, ruid);
1384
1385#else
1386 retval = setgid (rgid);
1387 if (retval == 0)
1388 retval = setuid (ruid);
1389#endif
1390
1391 if (suid_warn_flag == 0)
1392 suid_warn(0);
1393 suid_warn_flag = 0;
1394
1395 SL_REQUIRE(retval == 0, _("retval == 0"));
1396 suid_is_set = SL_FALSE;
1397 SL_IRETURN(SL_ENONE, _("sl_unset_suid"));
1398}
1399
1400
1401/*
1402 * This function saves the uid's.
1403 */
1404int sl_save_uids()
1405{
1406 SL_ENTER(_("sl_save_uids"));
1407 if (uids_are_stored == SL_TRUE)
1408 SL_IRETURN(SL_EREPEAT, _("sl_save_uids"));
1409
1410 ruid_orig = getuid();
1411 rgid_orig = getgid();
1412 egid = getegid();
1413 euid = geteuid();
1414 ruid = ruid_orig;
1415 rgid = rgid_orig;
1416 uids_are_stored = SL_TRUE;
1417
1418 SL_IRETURN(SL_ENONE, _("sl_save_uids"));
1419}
1420
1421/*
1422 * This function drops SUID privileges irrevocably.
1423 * It set the effective uid to the original real uid.
1424 */
1425extern int sh_unix_initgroups2 (uid_t in_pid, gid_t in_gid);
1426int sl_drop_privileges()
1427{
1428 SL_ENTER(_("sl_drop_privileges"));
1429 SL_REQUIRE(uids_are_stored == SL_TRUE, _("uids_are_stored == SL_TRUE"));
1430
1431 SL_REQUIRE(setgid(rgid_orig) == 0, _("setgid(rgid_orig) == 0"));
1432 SL_REQUIRE(sh_unix_initgroups2(ruid_orig, rgid_orig) == 0, _("sh_unix_initgroups2(ruid_orig,rgid_orig) == 0"));
1433 SL_REQUIRE(setuid(ruid_orig) == 0, _("setuid(ruid_orig) == 0"));
1434
1435 /* make sure that setuid(0) fails
1436 */
1437 SL_REQUIRE(setuid(0) < 0, _("setuid(0) < 0"));
1438
1439 euid = ruid_orig;
1440 egid = rgid_orig;
1441 ruid = ruid_orig;
1442 rgid = rgid_orig;
1443
1444 SL_IRETURN(SL_ENONE, _("sl_drop_privileges"));
1445}
1446
1447/*
1448 * Define a policy: Stay root.
1449 * Do nothing if not SUID.
1450 */
1451int sl_policy_get_root()
1452{
1453 SL_ENTER(_("sl_policy_get_root"));
1454 SL_REQUIRE(uids_are_stored == SL_FALSE, _("uids_are_stored == SL_FALSE"));
1455
1456 SL_REQUIRE (sl_save_uids() == SL_ENONE, _("sl_save_uids() == SL_ENONE"));
1457
1458 if (euid != ruid || egid != rgid)
1459 {
1460 SL_REQUIRE(setgid(egid) == 0, _("setgid(egid) == 0"));
1461 SL_REQUIRE(setuid(euid) == 0, _("setuid(euid) == 0"));
1462 SL_REQUIRE(ruid == getuid() && rgid == getgid(),
1463 _("ruid == getuid() && rgid == getgid()"));
1464 ruid = euid;
1465 rgid = egid;
1466 }
1467 suid_is_set = SL_TRUE;
1468 if (euid == 0)
1469 {
1470 SL_REQUIRE(sh_unix_initgroups2(euid, egid) == 0, _("sh_unix_initgroups2(euid,egid) == 0"));
1471 }
1472 SL_IRETURN(SL_ENONE, _("sl_policy_get_root"));
1473}
1474
1475#include <pwd.h>
1476
1477/*
1478 * Define a policy: Get real (irrevocably).
1479 * This function drops SUID privileges irrevocably.
1480 * Do nothing if not SUID (? not true - drops if root).
1481 */
1482
1483int sl_policy_get_real(char * user)
1484{
1485 SL_ENTER(_("sl_policy_get_real"));
1486 SL_REQUIRE(uids_are_stored == SL_FALSE, _("uids_are_stored == SL_FALSE"));
1487 SL_REQUIRE (sl_save_uids() == SL_ENONE, _("sl_save_uids() == SL_ENONE"));
1488
1489 if (euid == 0 || ruid == 0)
1490 {
1491#if defined(HAVE_PTHREAD) && defined (_POSIX_THREAD_SAFE_FUNCTIONS) && defined(HAVE_GETPWNAM_R)
1492 struct passwd pwd;
1493 char * buffer;
1494 struct passwd * tempres;
1495 buffer = malloc(SH_PWBUF_SIZE);
1496 SL_REQUIRE (buffer != NULL, _("buffer != NULL"));
1497 sh_getpwnam_r(user, &pwd, buffer, SH_PWBUF_SIZE, &tempres);
1498#else
1499 struct passwd * tempres = sh_getpwnam(user);
1500#endif
1501
1502 SL_REQUIRE (NULL != tempres, _("tempres != NULL"));
1503
1504 rgid_orig = tempres->pw_gid;
1505 ruid_orig = tempres->pw_uid;
1506#if defined(HAVE_PTHREAD) && defined (_POSIX_THREAD_SAFE_FUNCTIONS) && defined(HAVE_GETPWNAM_R)
1507 free(buffer);
1508#endif
1509 }
1510 else
1511 {
1512 rgid_orig = rgid;
1513 ruid_orig = ruid;
1514 }
1515
1516 SL_REQUIRE (sl_drop_privileges() == SL_ENONE,
1517 _("sl_drop_privileges() == SL_ENONE"));
1518
1519 suid_is_set = SL_TRUE;
1520 SL_IRETURN(SL_ENONE, _("sl_policy_get_real"));
1521}
1522
1523
1524/*
1525 * Define a policy: Get user.
1526 * Drops privileges.
1527 * Do nothing if not SUID.
1528 */
1529int sl_policy_get_user(const char * user)
1530{
1531 SL_ENTER(_("sl_policy_get_user"));
1532
1533 SL_REQUIRE(user != NULL, _("user != NULL"));
1534 SL_REQUIRE(uids_are_stored == SL_FALSE, _("uids_are_stored == SL_FALSE"));
1535 SL_REQUIRE (sl_save_uids() == SL_ENONE, _("sl_save_uids() == SL_ENONE"));
1536
1537#ifndef SH_ALLOW_SUID
1538 if (euid != ruid || egid != rgid)
1539 {
1540#if defined(HAVE_PTHREAD) && defined (_POSIX_THREAD_SAFE_FUNCTIONS) && defined(HAVE_GETPWNAM_R)
1541 struct passwd pwd;
1542 char * buffer;
1543 struct passwd * tempres;
1544 buffer = malloc(SH_PWBUF_SIZE);
1545 SL_REQUIRE (buffer != NULL, _("buffer != NULL"));
1546 sh_getpwnam_r(user, &pwd, buffer, SH_PWBUF_SIZE, &tempres);
1547#else
1548 struct passwd * tempres = sh_getpwnam(user);
1549#endif
1550
1551 SL_REQUIRE (NULL != tempres, _("tempres != NULL"));
1552
1553 SL_REQUIRE (sl_drop_privileges() == SL_ENONE,
1554 _("sl_drop_privileges() == SL_ENONE"));
1555#if defined(HAVE_PTHREAD) && defined (_POSIX_THREAD_SAFE_FUNCTIONS) && defined(HAVE_GETPWNAM_R)
1556 free(buffer);
1557#endif
1558 }
1559#endif
1560 SL_IRETURN(SL_ENONE, _("sl_policy_get_user"));
1561}
1562
1563
1564
1565/* ----------------------------------------------------------------
1566 *
1567 * File access routines
1568 *
1569 * ---------------------------------------------------------------- */
1570
1571#define TOFFSET 0x1234
1572
1573/* this would prevent opening files if the first 16 fds are open :( */
1574/* #define MAXFD FOPEN_MAX */
1575
1576#define MAXFD 1024
1577
1578typedef struct openfiles {
1579 SL_TICKET ticket; /* The unique ID. */
1580 int fd; /* The file descriptor. */
1581 FILE * stream; /* The file descriptor. */
1582 char * path; /* The file path. */
1583 int flush; /* Whether we want to flush the cache */
1584 char ofile[SL_OFILE_SIZE]; /* origin file */
1585 int oline; /* origin line */
1586 sh_string * content; /* The file content */
1587} SL_OFILE;
1588
1589static SL_OFILE * ofiles[MAXFD];
1590
1591static char stale_orig_file[64] = { '\0' };
1592static int stale_orig_line = -1;
1593static char stale_orig_mesg[128];
1594
1595static char badfd_orig_file[64] = { '\0' };
1596static int badfd_orig_line = -1;
1597static char badfd_orig_mesg[128];
1598
1599
1600char * sl_check_stale()
1601{
1602 if (stale_orig_line == -1)
1603 return NULL;
1604 sl_snprintf(stale_orig_mesg, sizeof(stale_orig_mesg),
1605 _("stale handle, %s, %d"), stale_orig_file, stale_orig_line);
1606 stale_orig_file[0] = '\0';
1607 stale_orig_line = -1;
1608 return stale_orig_mesg;
1609}
1610
1611char * sl_check_badfd()
1612{
1613 if (badfd_orig_line == -1)
1614 return NULL;
1615 sl_snprintf(badfd_orig_mesg, sizeof(badfd_orig_mesg),
1616 _("close on file descriptor with allocated handle, %s, %d"),
1617 badfd_orig_file, badfd_orig_line);
1618 badfd_orig_file[0] = '\0';
1619 badfd_orig_line = -1;
1620 return badfd_orig_mesg;
1621}
1622
1623typedef struct { volatile unsigned int atom; } atomic_t;
1624static atomic_t nonce_counter = { TOFFSET };
1625
1626#if defined(__GNUC__) && (defined(__i486__) || defined(__x86_64__))
1627/* from linux/include/asm-i386/atomic.h */
1628static unsigned int atomic_add ( unsigned int i, atomic_t *var)
1629{
1630 unsigned int j = i;
1631
1632 __asm__ __volatile__ ("lock; xaddl %0, %1"
1633 : "+r" (i), "+m" (var->atom)
1634 : : "memory");
1635 return j+i;
1636}
1637#else
1638SH_MUTEX_STATIC(mutex_ticket, PTHREAD_MUTEX_INITIALIZER);
1639
1640static unsigned int atomic_add ( unsigned int i, atomic_t *var)
1641{
1642 volatile unsigned int j;
1643
1644 SH_MUTEX_LOCK_UNSAFE(mutex_ticket);
1645 var->atom += i;
1646 j = var->atom;
1647 SH_MUTEX_UNLOCK_UNSAFE(mutex_ticket);
1648
1649 return j;
1650}
1651#endif
1652
1653static
1654SL_TICKET sl_create_ticket (unsigned int myindex)
1655{
1656 unsigned int high; /* index */
1657 unsigned int low; /* nonce */
1658 SL_TICKET retval = SL_EINTERNAL;
1659 unsigned int nonce;/* nonce */
1660
1661 SL_ENTER(_("sl_create_ticket"));
1662
1663 if (myindex >= MAXFD)
1664 {
1665 retval = SL_EINTERNAL01;
1666 goto out_ticket;
1667 }
1668
1669 /* mask out the high bit and check that it is not used
1670 * -> verify that it fits into 16 bits as positive
1671 */
1672 high = (myindex + TOFFSET) & 0x7fff;
1673
1674 if (high != myindex + TOFFSET)
1675 {
1676 retval = SL_EINTERNAL02;
1677 goto out_ticket;
1678 }
1679
1680 nonce = atomic_add(1, &nonce_counter);
1681
1682 /* Wrap around the nonce counter.
1683 * This is a dirty trick.
1684 */
1685 if (nonce > 0x7fff)
1686 {
1687 nonce_counter.atom = TOFFSET;
1688 nonce = atomic_add(1, &nonce_counter);
1689 }
1690
1691 low = nonce & 0xffff;
1692
1693 /* Overflow -> nonce too big.
1694 */
1695 if ((low != nonce) || low == 0)
1696 {
1697 retval = SL_EINTERNAL03;
1698 goto out_ticket;
1699 }
1700
1701 retval = (SL_TICKET) ((high << 16) | low);
1702
1703 out_ticket:
1704 SL_RETURN (retval, _("sl_create_ticket"));
1705}
1706
1707static
1708int sl_read_ticket (SL_TICKET fno)
1709{
1710 register unsigned myindex;
1711 register SL_OFILE *of;
1712
1713 myindex = ((fno >> 16) & 0xffff) - TOFFSET;
1714 if (myindex >= MAXFD)
1715 return (SL_ETICKET);
1716
1717 if (ofiles[myindex] == NULL)
1718 return (SL_ETICKET);
1719
1720 if (ofiles[myindex]->ticket != fno)
1721 return (SL_ETICKET);
1722
1723 if ((of = ofiles[myindex])->fd < 0 || of->fd >= MAXFD )
1724 return (SL_EINTERNAL04);
1725
1726 if (((of->ticket) & 0xffff) == 0)
1727 return (SL_EINTERNAL05);
1728
1729 return (myindex);
1730}
1731
1732SL_TICKET sl_make_ticket (const char * ofile, int oline,
1733 int fd, const char * filename, FILE * stream)
1734{
1735 size_t len;
1736 SL_TICKET ticket;
1737 SL_ENTER(_("sl_make_ticket"));
1738 /* Make entry.
1739 */
1740 if (fd >= MAXFD || fd < 0)
1741 {
1742 SL_IRETURN(SL_TOOMANY, _("sl_make_ticket"));
1743 }
1744
1745 if (ofiles[fd] != NULL) /* stale entry */
1746 {
1747 /* SL_IRETURN(SL_EINTERNAL06, _("sl_make_ticket")); */
1748 sl_strlcpy(stale_orig_file, ofiles[fd]->ofile, sizeof(stale_orig_file));
1749 stale_orig_line = ofiles[fd]->oline;
1750
1751 if (ofiles[fd]->content)
1752 sh_string_destroy(&(ofiles[fd]->content));
1753 (void) free (ofiles[fd]->path);
1754 (void) free (ofiles[fd]);
1755 ofiles[fd] = NULL;
1756 }
1757
1758 if ( (ofiles[fd] = (SL_OFILE *) malloc(sizeof(SL_OFILE))) == NULL)
1759 {
1760 SL_IRETURN(SL_EMEM, _("sl_make_ticket"));
1761 }
1762
1763 len = sl_strlen(filename)+1;
1764
1765 if ( (ofiles[fd]->path = (char *) malloc(len) ) == NULL)
1766 {
1767 free (ofiles[fd]);
1768 ofiles[fd] = NULL;
1769 SL_IRETURN(SL_EMEM, _("sl_make_ticket"));
1770 }
1771
1772 /* Get a ticket.
1773 */
1774 ticket = sl_create_ticket((unsigned int)fd);
1775
1776 if (SL_ISERROR(ticket))
1777 {
1778 (void) free (ofiles[fd]->path);
1779 (void) free (ofiles[fd]);
1780 ofiles[fd] = NULL;
1781 SL_IRETURN(ticket, _("sl_make_ticket"));
1782 }
1783
1784 sl_strlcpy (ofiles[fd]->path, filename, len);
1785 ofiles[fd]->ticket = ticket;
1786 ofiles[fd]->fd = fd;
1787 ofiles[fd]->content = NULL;
1788 ofiles[fd]->stream = stream;
1789 ofiles[fd]->flush = SL_FALSE;
1790
1791 sl_strlcpy(ofiles[fd]->ofile, ofile, SL_OFILE_SIZE);
1792 ofiles[fd]->oline = oline;
1793
1794 SL_IRETURN(ticket, _("sl_make_ticket"));
1795}
1796
1797#define SL_OPEN_MIN 113
1798#define SL_OPEN_FOR_READ 113
1799#define SL_OPEN_FOR_WRITE 114
1800#define SL_OPEN_FOR_RDWR 115
1801#define SL_OPEN_FOR_WTRUNC 116
1802#define SL_OPEN_FOR_RWTRUNC 117
1803#define SL_OPEN_SAFE_RDWR 118
1804#define SL_OPEN_FOR_FASTREAD 119
1805#define SL_OPEN_MAX 119
1806
1807#if !defined(O_NOATIME)
1808#if defined(__linux__) && (defined(__i386__) || defined(__x86_64__) || defined(__PPC__))
1809#define O_NOATIME 01000000
1810#else
1811 /*
1812 * bitwise 'or' with zero does not modify any bit
1813 */
1814#define O_NOATIME 0
1815#endif
1816#endif
1817
1818static int o_noatime = O_NOATIME;
1819static mode_t open_mode = (S_IWUSR|S_IRUSR|S_IRGRP);
1820
1821
1822static
1823int sl_open_file (const char * ofile, int oline,
1824 const char *filename, int mode, int priv)
1825{
1826 struct stat lbuf;
1827 struct stat buf;
1828 int errval = 0;
1829 int lstat_return;
1830 int stat_return;
1831 int fd;
1832 int sflags;
1833 size_t len;
1834 SL_TICKET ticket;
1835
1836#if !defined(O_NONBLOCK)
1837#if defined(O_NDELAY)
1838#define O_NONBLOCK O_NDELAY
1839#else
1840#define O_NONBLOCK 0
1841#endif
1842#endif
1843
1844 SL_ENTER(_("sl_open_file"));
1845
1846 if (filename == NULL)
1847 SL_IRETURN(SL_ENULL, _("sl_open_file"));
1848 if (mode < SL_OPEN_MIN || mode > SL_OPEN_MAX)
1849 SL_IRETURN(SL_EINTERNAL07, _("sl_open_file"));
1850
1851 /* "This system call always succeeds and the previous value of
1852 * the mask is returned."
1853 */
1854 (void) umask (0);
1855
1856 if (mode == SL_OPEN_FOR_FASTREAD)
1857 {
1858 fd = aud_open_noatime (FIL__, __LINE__, priv, filename,
1859 O_RDONLY|O_NONBLOCK, 0, &o_noatime);
1860 /*
1861 if (fd >= 0) {
1862 sflags = retry_fcntl(FIL__, __LINE__, fd, F_GETFL, 0);
1863 retry_fcntl(FIL__, __LINE__, fd, F_SETFL, sflags & ~O_NONBLOCK);
1864 }
1865 */
1866 if (fd < 0)
1867 SL_IRETURN(SL_EBADFILE, _("sl_open_file"));
1868 goto createTicket;
1869 }
1870
1871#ifdef USE_SUID
1872 if (priv == SL_YESPRIV)
1873 sl_set_suid();
1874#endif
1875 if (mode == SL_OPEN_FOR_READ)
1876 lstat_return = retry_stat (FIL__, __LINE__, filename, &lbuf);
1877 else
1878 lstat_return = retry_lstat(FIL__, __LINE__, filename, &lbuf);
1879 errval = errno;
1880#ifdef USE_SUID
1881 if (priv == SL_YESPRIV)
1882 sl_unset_suid();
1883#endif
1884
1885 if (lstat_return == -1)
1886 {
1887 lstat_return = ENOENT;
1888 if ( (mode == SL_OPEN_FOR_READ && lstat_return == ENOENT) ||
1889 (errval != ENOENT))
1890 {
1891 TPT(( 0, FIL__, __LINE__, _("msg=<lstat: %s> errno=<%d>\n"),
1892 filename, errval));
1893 errno = errval;
1894 SL_IRETURN(SL_ESTAT, _("sl_open_file"));
1895 }
1896 }
1897
1898 if ( (mode != SL_OPEN_FOR_READ) && (lstat_return != ENOENT) &&
1899 ( S_ISDIR(lbuf.st_mode) || (S_IWOTH & lbuf.st_mode) )
1900 )
1901 {
1902 int retval = S_ISDIR(lbuf.st_mode) ? SL_EISDIR : SL_EBADOTH;
1903 errno = 0;
1904 SL_IRETURN(retval, _("sl_open_file"));
1905 }
1906
1907 /* O_NOATIME has an effect for read(). But write() ?.
1908 */
1909 switch (mode)
1910 {
1911 case SL_OPEN_FOR_READ:
1912 fd = aud_open_noatime (FIL__, __LINE__, priv, filename,
1913 O_RDONLY|O_NONBLOCK, 0, &o_noatime);
1914 errval = errno;
1915 if (fd >= 0) {
1916 sflags = retry_fcntl(FIL__, __LINE__, fd, F_GETFL, 0);
1917 retry_fcntl(FIL__, __LINE__, fd, F_SETFL, sflags & ~O_NONBLOCK);
1918 }
1919 break;
1920 case SL_OPEN_FOR_WRITE:
1921 if (lstat_return == ENOENT)
1922 fd = aud_open (FIL__, __LINE__, priv, filename,
1923 O_WRONLY|O_CREAT|O_EXCL, open_mode);
1924 else
1925 fd = aud_open (FIL__, __LINE__, priv, filename,
1926 O_WRONLY, open_mode);
1927 errval = errno;
1928 break;
1929 case SL_OPEN_SAFE_RDWR:
1930 if (lstat_return == ENOENT)
1931 {
1932 fd = aud_open (FIL__, __LINE__, priv, filename,
1933 O_RDWR|O_CREAT|O_EXCL, open_mode);
1934 errval = errno;
1935 }
1936 else
1937 {
1938 errno = errval;
1939 SL_IRETURN(SL_EBADFILE, _("sl_open_file"));
1940 }
1941 break;
1942 case SL_OPEN_FOR_RDWR:
1943 if (lstat_return == ENOENT)
1944 fd = aud_open (FIL__, __LINE__, priv, filename,
1945 O_RDWR|O_CREAT|O_EXCL, open_mode);
1946 else
1947 fd = aud_open (FIL__, __LINE__, priv, filename,
1948 O_RDWR, open_mode);
1949 errval = errno;
1950 break;
1951 case SL_OPEN_FOR_WTRUNC:
1952 if (lstat_return == ENOENT)
1953 fd = aud_open (FIL__, __LINE__, priv, filename,
1954 O_WRONLY|O_CREAT|O_EXCL, open_mode);
1955 else
1956 fd = aud_open (FIL__, __LINE__, priv, filename,
1957 O_WRONLY|O_TRUNC, open_mode);
1958 errval = errno;
1959 break;
1960 case SL_OPEN_FOR_RWTRUNC:
1961 if (lstat_return == ENOENT)
1962 fd = aud_open (FIL__, __LINE__, priv, filename,
1963 O_RDWR|O_CREAT|O_EXCL, open_mode);
1964 else
1965 fd = aud_open (FIL__, __LINE__, priv, filename,
1966 O_RDWR|O_TRUNC, open_mode);
1967 errval = errno;
1968 break;
1969 default:
1970 errno = 0;
1971 SL_IRETURN(SL_EINTERNAL08, _("sl_open_file"));
1972 }
1973
1974 if (fd < 0)
1975 {
1976 TPT(( 0, FIL__, __LINE__, _("msg=<Error opening: %s> errno=<%d>\n"),
1977 filename, errval));
1978 errno = errval;
1979 SL_IRETURN(SL_EBADFILE, _("sl_open_file"));
1980 }
1981
1982#ifdef USE_SUID
1983 if (priv == SL_YESPRIV)
1984 sl_set_suid();
1985#endif
1986 stat_return = retry_fstat(FIL__, __LINE__, fd, &buf);
1987 errval = errno;
1988#ifdef USE_SUID
1989 if (priv == SL_YESPRIV)
1990 sl_unset_suid();
1991#endif
1992
1993 if (stat_return < 0)
1994 {
1995 sl_close_fd (FIL__, __LINE__, fd);
1996 errno = errval;
1997 SL_IRETURN(SL_EFSTAT, _("sl_open_file"));
1998 }
1999
2000 errno = 0;
2001
2002 if (lstat_return != ENOENT && buf.st_ino != lbuf.st_ino)
2003 {
2004 sl_close_fd (FIL__, __LINE__, fd);
2005 SL_IRETURN(SL_EBOGUS, _("sl_open_file"));
2006 }
2007
2008 createTicket:
2009
2010 /* Make entry.
2011 */
2012 if (fd >= MAXFD)
2013 {
2014 sl_close_fd(FIL__, __LINE__, fd);
2015 SL_IRETURN(SL_TOOMANY, _("sl_open_file"));
2016 }
2017
2018 if (ofiles[fd] != NULL) /* stale entry */
2019 {
2020 /*
2021 sl_close_fd(FIL__, __LINE__, fd);
2022 SL_IRETURN(SL_EINTERNAL09, _("sl_open_file"));
2023 */
2024 sl_strlcpy(stale_orig_file, ofiles[fd]->ofile, sizeof(stale_orig_file));
2025 stale_orig_line = ofiles[fd]->oline;
2026
2027 if (ofiles[fd]->content)
2028 sh_string_destroy(&(ofiles[fd]->content));
2029 (void) free (ofiles[fd]->path);
2030 (void) free (ofiles[fd]);
2031 ofiles[fd] = NULL;
2032 }
2033
2034 if ( (ofiles[fd] = (SL_OFILE *) malloc(sizeof(SL_OFILE))) == NULL)
2035 {
2036 sl_close_fd(FIL__, __LINE__, fd);
2037 SL_IRETURN(SL_EMEM, _("sl_open_file"));
2038 }
2039
2040 len = sl_strlen(filename)+1;
2041
2042 if ( (ofiles[fd]->path = (char *) malloc(len) ) == NULL)
2043 {
2044 free (ofiles[fd]);
2045 ofiles[fd] = NULL;
2046 sl_close_fd(FIL__, __LINE__, fd);
2047 SL_IRETURN(SL_EMEM, _("sl_open_file"));
2048 }
2049
2050 /* Get a ticket.
2051 */
2052 ticket = sl_create_ticket(fd);
2053
2054 if (SL_ISERROR(ticket))
2055 {
2056 (void) free (ofiles[fd]->path);
2057 (void) free (ofiles[fd]);
2058 ofiles[fd] = NULL;
2059 sl_close_fd(FIL__, __LINE__, fd);
2060 SL_IRETURN(ticket, _("sl_open_file"));
2061 }
2062
2063 sl_strlcpy (ofiles[fd]->path, filename, len);
2064 ofiles[fd]->ticket = ticket;
2065 ofiles[fd]->fd = fd;
2066 ofiles[fd]->content = NULL;
2067 ofiles[fd]->stream = NULL;
2068 ofiles[fd]->flush = SL_FALSE;
2069
2070 sl_strlcpy(ofiles[fd]->ofile, ofile, SL_OFILE_SIZE);
2071 ofiles[fd]->oline = oline;
2072
2073 SL_IRETURN(ticket, _("sl_open_file"));
2074}
2075
2076FILE * sl_stream (SL_TICKET ticket, char * mode)
2077{
2078 int fd;
2079
2080 if (SL_ISERROR(fd = sl_read_ticket(ticket)))
2081 return (NULL);
2082
2083 if (ofiles[fd] == NULL || fd != ofiles[fd]->fd ||
2084 ticket != ofiles[fd]->ticket || fd < 0)
2085 return (NULL);
2086
2087 if (!ofiles[fd]->stream)
2088 ofiles[fd]->stream = fdopen(fd, mode);
2089
2090 return ofiles[fd]->stream;
2091}
2092
2093int get_the_fd (SL_TICKET ticket)
2094{
2095 int fd;
2096
2097 if (SL_ISERROR(fd = sl_read_ticket(ticket)))
2098 return (fd);
2099
2100 if (ofiles[fd] == NULL || fd != ofiles[fd]->fd ||
2101 ticket != ofiles[fd]->ticket || fd < 0)
2102 return (SL_EINTERNAL10);
2103
2104 return (fd);
2105}
2106
2107static
2108int check_fname_priv (const char * fname, int priv)
2109{
2110 SL_ENTER(_("check_fname_priv"));
2111 if (fname == NULL)
2112 SL_IRETURN(SL_ENULL, _("check_fname_priv"));
2113 if (priv != SL_YESPRIV && priv != SL_NOPRIV)
2114 SL_IRETURN(SL_EINTERNAL11, _("check_fname_priv"));
2115 SL_IRETURN(SL_ENONE, _("check_fname_priv"));
2116}
2117
2118SL_TICKET sl_open_write (const char * ofile, int oline,
2119 const char * fname, int priv)
2120{
2121 long status;
2122 SL_ENTER(_("sl_open_write"));
2123
2124 if (SL_ENONE != (status = check_fname_priv (fname, priv)))
2125 SL_IRETURN(status, _("sl_open_write"));
2126
2127 status = sl_open_file(ofile, oline, fname, SL_OPEN_FOR_WRITE, priv);
2128 SL_IRETURN(status, _("sl_open_write"));
2129}
2130
2131SL_TICKET sl_open_read (const char * ofile, int oline,
2132 const char * fname, int priv)
2133{
2134 long status;
2135 SL_ENTER(_("sl_open_read"));
2136
2137 if (SL_ENONE != (status = check_fname_priv (fname, priv)))
2138 {
2139 TPT(( 0, FIL__, __LINE__,
2140 _("msg=<Error in check_fname_priv.> status=<%ld>\n"),
2141 status));
2142 SL_IRETURN(status, _("sl_open_read"));
2143 }
2144
2145 status = sl_open_file(ofile, oline, fname, SL_OPEN_FOR_READ, priv);
2146 SL_IRETURN(status, _("sl_open_read"));
2147}
2148
2149#if defined(HAVE_POSIX_FADVISE) && defined(HAVE_MINCORE) && defined(POSIX_FADV_DONTNEED)
2150static int sl_check_mincore(int fd)
2151{
2152 /* Idea from Tobias Oetiker (http://insights.oetiker.ch/linux/fadvise.html)
2153 */
2154 struct stat fbuf;
2155 int retval = -1;
2156
2157 if (0 == fstat(fd, &fbuf))
2158 {
2159 void *f_map;
2160
2161 f_map = mmap((void *)0, fbuf.st_size, PROT_NONE, MAP_SHARED, fd, 0);
2162 if (MAP_FAILED != f_map)
2163 {
2164 extern int sh_unix_pagesize(void);
2165 size_t i;
2166 size_t page_size = sh_unix_pagesize();
2167 size_t vec_size = (fbuf.st_size+page_size-1)/page_size;
2168 unsigned char * vec = calloc(1, vec_size);
2169
2170 if (vec)
2171 {
2172 mincore(f_map, fbuf.st_size, vec);
2173 /* imax = fbuf.st_size/page_size; */
2174 for (i = 0; i <= vec_size; ++i)
2175 {
2176 if (vec[i]&1)
2177 {
2178 goto incore;
2179 }
2180 }
2181 retval = 0;
2182 incore:
2183 free(vec);
2184 }
2185 munmap(f_map, fbuf.st_size);
2186 }
2187 }
2188 return retval;
2189}
2190#endif
2191
2192static int sl_drop_cache = SL_FALSE;
2193
2194int sl_set_drop_cache(const char * str)
2195{
2196 extern int sh_util_flagval(const char * c, int * fval);
2197 return sh_util_flagval(str, &sl_drop_cache);
2198}
2199
2200SL_TICKET sl_open_fastread (const char * ofile, int oline,
2201 const char * fname, int priv)
2202{
2203 long status;
2204 SL_ENTER(_("sl_open_fastread"));
2205
2206 if (SL_ENONE != (status = check_fname_priv (fname, priv)))
2207 SL_IRETURN(status, _("sl_open_read"));
2208
2209 status = sl_open_file(ofile, oline, fname, SL_OPEN_FOR_FASTREAD, priv);
2210
2211#if defined(HAVE_POSIX_FADVISE) && defined(HAVE_MINCORE) && defined(POSIX_FADV_DONTNEED)
2212
2213 if (SL_FALSE != sl_drop_cache && !SL_ISERROR(status))
2214 {
2215 int fd = get_the_fd(status);
2216 if (fd >= 0)
2217 {
2218 if (0 == sl_check_mincore(fd))
2219 ofiles[fd]->flush = SL_TRUE;
2220 }
2221 }
2222
2223#endif
2224
2225 SL_IRETURN(status, _("sl_open_fastread"));
2226}
2227
2228SL_TICKET sl_open_rdwr (const char * ofile, int oline,
2229 const char * fname, int priv)
2230{
2231 long status;
2232 SL_ENTER(_("sl_open_rdwr"));
2233
2234 if (SL_ENONE != (status = check_fname_priv (fname, priv)))
2235 SL_IRETURN(status, _("sl_open_rdwr"));
2236
2237 status = sl_open_file(ofile, oline, fname, SL_OPEN_FOR_RDWR, priv);
2238 SL_IRETURN(status, _("sl_open_rdwr"));
2239}
2240
2241SL_TICKET sl_open_safe_rdwr (const char * ofile, int oline,
2242 const char * fname, int priv)
2243{
2244 long status;
2245 SL_ENTER(_("sl_open_safe_rdwr"));
2246
2247 if (SL_ENONE != (status = check_fname_priv (fname, priv)))
2248 SL_IRETURN(status, _("sl_open_safe_rdwr"));
2249
2250 status = sl_open_file(ofile, oline, fname, SL_OPEN_SAFE_RDWR, priv);
2251 SL_IRETURN(status, _("sl_open_safe_rdwr"));
2252}
2253
2254SL_TICKET sl_open_write_trunc (const char * ofile, int oline,
2255 const char * fname, int priv)
2256{
2257 long status;
2258 SL_ENTER(_("sl_open_write_trunc"));
2259
2260 if (SL_ENONE != (status = check_fname_priv (fname, priv)))
2261 SL_IRETURN(status, _("sl_open_write_trunc"));
2262
2263 status = sl_open_file(ofile, oline, fname, SL_OPEN_FOR_WTRUNC, priv);
2264 SL_IRETURN(status, _("sl_open_write_trunc"));
2265}
2266
2267SL_TICKET sl_open_rdwr_trunc (const char * ofile, int oline,
2268 const char * fname, int priv)
2269{
2270 long status;
2271 SL_ENTER(_("sl_open_rdwr_trunc"));
2272
2273 if (SL_ENONE != (status = check_fname_priv (fname, priv)))
2274 SL_IRETURN(status, _("sl_open_rdwr_trunc"));
2275
2276 status = sl_open_file(ofile, oline, fname, SL_OPEN_FOR_RWTRUNC, priv);
2277 SL_IRETURN(status, _("sl_open_rdwr_trunc"));
2278}
2279
2280
2281int sl_init_content (SL_TICKET ticket, size_t size)
2282{
2283 int fd;
2284
2285 if (SL_ISERROR(fd = sl_read_ticket(ticket)))
2286 return (fd);
2287
2288 if (ofiles[fd] == NULL || fd != ofiles[fd]->fd ||
2289 ticket != ofiles[fd]->ticket || fd < 0)
2290 return (SL_EINTERNAL12);
2291
2292 if (ofiles[fd]->content)
2293 sh_string_destroy(&(ofiles[fd]->content));
2294 ofiles[fd]->content = sh_string_new(size);
2295
2296 return SL_ENONE;
2297}
2298
2299sh_string * sl_get_content (SL_TICKET ticket)
2300{
2301 int fd;
2302
2303 if (SL_ISERROR(fd = sl_read_ticket(ticket)))
2304 return (NULL);
2305
2306 if (ofiles[fd] == NULL || fd != ofiles[fd]->fd ||
2307 ticket != ofiles[fd]->ticket || fd < 0)
2308 return (NULL);
2309
2310 return (ofiles[fd]->content);
2311}
2312
2313int sl_lock (SL_TICKET ticket)
2314{
2315 int fd;
2316 struct flock lock;
2317 int retval;
2318
2319 SL_ENTER(_("sl_lock"));
2320
2321 if (SL_ISERROR(fd = get_the_fd (ticket)))
2322 SL_IRETURN(fd, _("sl_lock"));
2323
2324 lock.l_type = F_WRLCK;
2325 lock.l_whence = SEEK_SET;
2326 lock.l_start = 0;
2327 lock.l_len = 0;
2328
2329 /* F_SETLK returns if the lock cannot be obtained */
2330 do {
2331 retval = fcntl(fd, F_SETLK, &lock);
2332 } while (retval < 0 && errno == EINTR);
2333
2334 if (retval < 0 && errno == EBADF)
2335 SL_IRETURN(SL_ETICKET, _("sl_lock"));
2336 else if (retval < 0)
2337 SL_IRETURN(SL_EBADFILE, _("sl_lock"));
2338 else
2339 SL_IRETURN(SL_ENONE, _("sl_lock"));
2340 }
2341
2342int sl_close (SL_TICKET ticket)
2343{
2344 register int fd;
2345 FILE * fp = NULL;
2346
2347 SL_ENTER(_("sl_close"));
2348
2349 if (SL_ISERROR(fd = get_the_fd (ticket)))
2350 SL_IRETURN(fd, _("sl_close"));
2351
2352 if (ofiles[fd] != NULL)
2353 {
2354#if defined(HAVE_POSIX_FADVISE) && defined(HAVE_MINCORE) && defined(POSIX_FADV_DONTNEED)
2355 if (ofiles[fd]->flush == SL_TRUE)
2356 {
2357 posix_fadvise(fd, 0, 0, POSIX_FADV_DONTNEED);
2358 }
2359#endif
2360 if (ofiles[fd]->content)
2361 sh_string_destroy(&(ofiles[fd]->content));
2362 (void) free (ofiles[fd]->path);
2363 fp = ofiles[fd]->stream;
2364 (void) free (ofiles[fd]);
2365 ofiles[fd] = NULL;
2366 }
2367
2368 /* This may fail, but what to do then ?
2369 */
2370 if (fp)
2371 {
2372 if (0 != fclose (fp)) /* within sl_close */
2373 {
2374 TPT((0, FIL__, __LINE__,
2375 _("msg=<Error fclosing file.>, fd=<%d>, err=<%s>\n"),
2376 fd, strerror(errno)));
2377 }
2378 }
2379 else
2380 {
2381 if (0 != close(fd)) /* within sl_close */
2382 {
2383 TPT((0, FIL__, __LINE__,
2384 _("msg=<Error closing file.>, fd=<%d>, err=<%s>\n"),
2385 fd, strerror(errno)));
2386 }
2387 }
2388
2389 SL_IRETURN(SL_ENONE, _("sl_close"));
2390}
2391
2392int sl_close_fd (const char * file, int line, int fd)
2393{
2394 int ret = -1;
2395
2396 SL_ENTER(_("sl_close_fd"));
2397
2398 if (fd >= 0 && fd < MAXFD && ofiles[fd] != NULL) /* stale ofiles[fd] handle */
2399 {
2400 sl_strlcpy(badfd_orig_file, file, sizeof(badfd_orig_file));
2401 badfd_orig_line = line;
2402 }
2403
2404 ret = close(fd); /* within sl_close_fd wrapper */
2405
2406 SL_IRETURN(ret, _("sl_close_fd"));
2407}
2408
2409int sl_fclose (const char * file, int line, FILE * fp)
2410{
2411 int ret = -1;
2412 int fd;
2413
2414 SL_ENTER(_("sl_fclose"));
2415
2416 fd = fileno(fp);
2417
2418 if (fd >= 0 && fd < MAXFD && ofiles[fd] != NULL) /* stale ofiles[fd] handle */
2419 {
2420 sl_strlcpy(badfd_orig_file, file, sizeof(badfd_orig_file));
2421 badfd_orig_line = line;
2422 }
2423
2424 ret = fclose(fp); /* within sl_fclose wrapper */
2425
2426 SL_IRETURN(ret, _("sl_fclose"));
2427}
2428
2429int sl_dropall(int fd, int except)
2430{
2431 while (fd < MAXFD)
2432 {
2433 if (ofiles[fd] != NULL && fd != except)
2434 {
2435 if (ofiles[fd]->content)
2436 sh_string_destroy(&(ofiles[fd]->content));
2437 if (ofiles[fd]->path != NULL)
2438 (void) free (ofiles[fd]->path);
2439 (void) free (ofiles[fd]);
2440 ofiles[fd] = NULL;
2441 }
2442 ++fd;
2443 }
2444 return 0;
2445}
2446
2447int sl_dropall_dirty(int fd, int except)
2448{
2449 while (fd < MAXFD)
2450 {
2451 if (ofiles[fd] != NULL && fd != except)
2452 {
2453 ofiles[fd] = NULL;
2454 }
2455 ++fd;
2456 }
2457 return 0;
2458}
2459
2460
2461int sl_unlink (SL_TICKET ticket)
2462{
2463 register int fd;
2464
2465 SL_ENTER(_("sl_unlink"));
2466
2467 if (SL_ISERROR(fd = get_the_fd(ticket)))
2468 SL_IRETURN(fd, _("sl_unlink"));
2469
2470 if (retry_aud_unlink(FIL__, __LINE__, ofiles[fd]->path) < 0)
2471 SL_IRETURN(SL_EUNLINK, _("sl_unlink"));
2472
2473 SL_IRETURN(SL_ENONE, _("sl_unlink"));
2474}
2475
2476
2477int sl_seek (SL_TICKET ticket, off_t off_data)
2478{
2479 register int fd;
2480
2481 SL_ENTER(_("sl_seek"));
2482
2483 if (SL_ISERROR(fd = get_the_fd(ticket)))
2484 SL_IRETURN(fd, _("sl_seek"));
2485
2486 if (lseek(fd, off_data, SEEK_SET) == (off_t)-1)
2487 SL_IRETURN(SL_EREWIND, _("sl_seek"));
2488
2489 SL_IRETURN(SL_ENONE, _("sl_seek"));
2490}
2491
2492int sl_rewind (SL_TICKET ticket)
2493{
2494 register int fd;
2495
2496 SL_ENTER(_("sl_rewind"));
2497
2498 if (SL_ISERROR(fd = get_the_fd(ticket)))
2499 SL_IRETURN(fd, _("sl_rewind"));
2500
2501 if (lseek (fd, 0L, SEEK_SET) == (off_t)-1)
2502 SL_IRETURN(SL_EREWIND, _("sl_rewind"));
2503
2504 SL_IRETURN(SL_ENONE, _("sl_rewind"));
2505}
2506
2507int sl_forward (SL_TICKET ticket)
2508{
2509 register int fd;
2510
2511 SL_ENTER(_("sl_forward"));
2512
2513 if (SL_ISERROR(fd = get_the_fd(ticket)))
2514 SL_IRETURN(fd, _("sl_forward"));
2515
2516 if (lseek (fd, 0L, SEEK_END) == (off_t)-1)
2517 SL_IRETURN(SL_EFORWARD, _("sl_forward"));
2518
2519 SL_IRETURN(SL_ENONE, _("sl_forward"));
2520}
2521
2522
2523int sl_sync (SL_TICKET ticket)
2524{
2525 register int fd;
2526
2527 SL_ENTER(_("sl_sync"));
2528
2529 if (SL_ISERROR(fd = get_the_fd(ticket)))
2530 SL_IRETURN(fd, _("sl_sync"));
2531
2532 if (fsync (fd) == -1)
2533 SL_IRETURN(SL_ESYNC, _("sl_sync"));
2534
2535 SL_IRETURN(SL_ENONE, _("sl_sync"));
2536}
2537
2538int sl_read_timeout_prep (SL_TICKET ticket)
2539{
2540 int fd;
2541 int sflags;
2542
2543 SL_ENTER(_("sl_read_timeout_prep"));
2544
2545 if (SL_ISERROR(fd = get_the_fd(ticket)))
2546 {
2547 TPT(( 0, FIL__, __LINE__, _("msg=<ticket error> errno=<%d>"), fd));
2548 SL_IRETURN(fd, _("sl_read_timeout_prep"));
2549 }
2550
2551 /* set to non-blocking mode
2552 */
2553 sflags = retry_fcntl(FIL__, __LINE__, fd, F_GETFL, 0);
2554 retry_fcntl(FIL__, __LINE__, fd, F_SETFL, sflags | O_NONBLOCK);
2555
2556 SL_IRETURN(SL_ENONE, _("sl_read_timeout_prep"));
2557}
2558
2559
2560int sl_read_timeout_fd (int fd, void * buf_in, size_t count,
2561 int timeout, int is_nonblocking)
2562{
2563 int sflags = 0;
2564 fd_set readfds;
2565 struct timeval tv;
2566 /* int sflags; */
2567 int retval;
2568 int error;
2569
2570 int byteread = 0;
2571 int bytes = 0;
2572 char * buf;
2573
2574 time_t tnow;
2575 time_t tstart;
2576 time_t tdiff;
2577 extern volatile int sig_termfast;
2578
2579 if (is_nonblocking == SL_FALSE)
2580 {
2581 /* set to non-blocking mode
2582 */
2583 sflags = retry_fcntl(FIL__, __LINE__, fd, F_GETFL, 0);
2584 retry_fcntl(FIL__, __LINE__, fd, F_SETFL, sflags | O_NONBLOCK);
2585 }
2586
2587 buf = (char *) buf_in;
2588
2589 tstart = time(NULL);
2590 tdiff = 0;
2591
2592 while (count > 0)
2593 {
2594 FD_ZERO(&readfds);
2595 FD_SET(fd, &readfds);
2596
2597 tv.tv_sec = timeout - tdiff;
2598 tv.tv_usec = 0;
2599
2600 retval = select (fd+1, &readfds, NULL, NULL, &tv);
2601
2602 if (retval > 0)
2603 {
2604 byteread = read (fd, buf, count);
2605
2606 if (byteread > 0)
2607 {
2608 bytes += byteread; count -= byteread;
2609 buf += byteread;
2610 if (count == 0)
2611 break;
2612 }
2613 else if (byteread == 0)
2614 {
2615 /* zero indicates end of file */
2616 break;
2617 }
2618 else
2619 {
2620 if (errno == EINTR || errno == EAGAIN)
2621 {
2622 retry_msleep(1, 0);
2623 tnow = time(NULL);
2624 tdiff = tnow - tstart;
2625 continue;
2626 }
2627 else
2628 {
2629 error = errno;
2630 if (is_nonblocking == SL_FALSE)
2631 retry_fcntl(FIL__, __LINE__, fd, F_SETFL, sflags);
2632 TPT(( 0, FIL__, __LINE__, _("msg=<read error>")));
2633 errno = error;
2634 return (SL_EREAD);
2635 }
2636 }
2637 }
2638 else if ((retval == -1) && (errno == EINTR || errno == EAGAIN))
2639 {
2640 retry_msleep(1, 0);
2641 tnow = time(NULL);
2642 tdiff = tnow - tstart;
2643 continue;
2644 }
2645 else if (retval == 0)
2646 {
2647 if (is_nonblocking == SL_FALSE)
2648 retry_fcntl(FIL__, __LINE__, fd, F_SETFL, sflags);
2649 TPT(( 0, FIL__, __LINE__, _("msg=<timeout>")));
2650 errno = 0;
2651 if (bytes > 0)
2652 return ((int) bytes);
2653 return (SL_TIMEOUT);
2654 }
2655 else
2656 {
2657 error = errno;
2658 if (is_nonblocking == SL_FALSE)
2659 retry_fcntl(FIL__, __LINE__, fd, F_SETFL, sflags);
2660 TPT(( 0, FIL__, __LINE__, _("msg=<timeout>")));
2661 errno = error;
2662 return (SL_EREAD);
2663 }
2664
2665 if (sig_termfast == 1)
2666 {
2667 if (is_nonblocking == SL_FALSE)
2668 retry_fcntl(FIL__, __LINE__, fd, F_SETFL, sflags);
2669 TPT(( 0, FIL__, __LINE__, _("msg=<terminated>")));
2670 errno = 0;
2671 return (SL_EREAD);
2672 }
2673
2674 tnow = time(NULL);
2675 tdiff = tnow - tstart;
2676
2677 if (tdiff > timeout)
2678 {
2679 if (is_nonblocking == SL_FALSE)
2680 retry_fcntl(FIL__, __LINE__, fd, F_SETFL, sflags);
2681 TPT(( 0, FIL__, __LINE__, _("msg=<timeout>")));
2682 errno = 0;
2683 if (bytes > 0)
2684 return ((int) bytes);
2685 return (SL_TIMEOUT);
2686 }
2687 }
2688
2689 if (is_nonblocking == SL_FALSE)
2690 retry_fcntl(FIL__, __LINE__, fd, F_SETFL, sflags);
2691 return ((int) bytes);
2692}
2693
2694int sl_read_timeout (SL_TICKET ticket, void * buf_in, size_t count,
2695 int timeout, int is_nonblocking)
2696{
2697 int fd, retval;
2698
2699 SL_ENTER(_("sl_read_timeout"));
2700
2701 if (buf_in == NULL || SL_ISERROR(fd = get_the_fd(ticket)))
2702 {
2703 if (buf_in == NULL)
2704 {
2705 TPT(( 0, FIL__, __LINE__, _("msg=<null buffer>")));
2706 SL_IRETURN((SL_ENULL), _("sl_read_timeout"));
2707 }
2708 if (SL_ISERROR(fd = get_the_fd(ticket)))
2709 {
2710 TPT(( 0, FIL__, __LINE__, _("msg=<ticket error> errno=<%d>"), fd));
2711 SL_IRETURN((fd), _("sl_read_timeout"));
2712 }
2713 }
2714
2715 retval = sl_read_timeout_fd (fd, buf_in, count, timeout, is_nonblocking);
2716 SL_IRETURN((retval), _("sl_read_timeout"));
2717}
2718
2719
2720int sl_read (SL_TICKET ticket, void * buf_in, size_t count)
2721{
2722 int fd;
2723 int byteread = 0;
2724 int bytes = 0;
2725
2726 char * buf;
2727
2728 SL_ENTER(_("sl_read"));
2729
2730 if (count < 1)
2731 {
2732 TPT(( 0, FIL__, __LINE__, _("msg=<range error>")));
2733 SL_IRETURN((SL_ERANGE), _("sl_read"));
2734 }
2735 if (buf_in == NULL)
2736 {
2737 TPT(( 0, FIL__, __LINE__, _("msg=<null buffer>")));
2738 SL_IRETURN((SL_ENULL), _("sl_read"));
2739 }
2740
2741 if (SL_ISERROR(fd = get_the_fd(ticket)))
2742 {
2743 TPT(( 0, FIL__, __LINE__, _("msg=<ticket error> errno=<%d>"), fd));
2744 SL_IRETURN((fd), _("sl_read"));
2745 }
2746
2747 buf = (char *) buf_in;
2748
2749 do
2750 {
2751 byteread = read (fd, buf, count);
2752 if (byteread > 0)
2753 {
2754 bytes += byteread; count -= byteread;
2755 buf += byteread;
2756 }
2757 } while ( byteread > 0 ||
2758 ( byteread == -1 && (errno == EINTR || errno == EAGAIN))
2759 );
2760
2761
2762 if (byteread == (-1))
2763 {
2764 TPT(( 0, FIL__, __LINE__, _("msg=<read error> errno=<%d>\n"), errno));
2765 SL_IRETURN((SL_EREAD), _("sl_read"));
2766 }
2767 SL_IRETURN((bytes), _("sl_read"));
2768}
2769
2770int sl_read_fast (SL_TICKET ticket, void * buf_in, size_t count)
2771{
2772 int fd;
2773 int byteread = 0;
2774
2775 char * buf;
2776
2777 SL_ENTER(_("sl_read_fast"));
2778
2779 if (count < 1)
2780 {
2781 TPT(( 0, FIL__, __LINE__, _("msg=<range error>")));
2782 SL_IRETURN((SL_ERANGE), _("sl_read_fast"));
2783 }
2784 if (buf_in == NULL)
2785 {
2786 TPT(( 0, FIL__, __LINE__, _("msg=<null buffer>")));
2787 SL_IRETURN((SL_ENULL), _("sl_read_fast"));
2788 }
2789
2790 if (SL_ISERROR(fd = get_the_fd(ticket)))
2791 {
2792 TPT(( 0, FIL__, __LINE__, _("msg=<ticket error> errno=<%d>"), fd));
2793 SL_IRETURN((fd), _("sl_read_fast"));
2794 }
2795
2796 buf = (char *) buf_in;
2797
2798 do
2799 {
2800 byteread = read (fd, buf, count);
2801 if (byteread >= 0)
2802 {
2803 SL_IRETURN((byteread), _("sl_read_fast"));
2804 }
2805 } while ( byteread == -1 && (errno == EINTR || errno == EAGAIN));
2806
2807
2808 if (byteread == (-1))
2809 {
2810 TPT(( 0, FIL__, __LINE__, _("msg=<read error> errno=<%d>\n"), errno));
2811 SL_IRETURN((SL_EREAD), _("sl_read_fast"));
2812 }
2813 SL_IRETURN((0), _("sl_read_fast"));
2814}
2815
2816
2817int sl_write (SL_TICKET ticket, const void * msg_in, long nbytes)
2818{
2819 long bytewritten;
2820 long bytecount;
2821 int fd;
2822
2823 const char * msg;
2824
2825 SL_ENTER(_("sl_write"));
2826
2827 if (nbytes < 1)
2828 SL_IRETURN(SL_ERANGE, _("sl_write"));
2829 if (msg_in == NULL)
2830 SL_IRETURN(SL_ENULL, _("sl_write"));
2831 if (SL_ISERROR(fd = get_the_fd(ticket)))
2832 SL_IRETURN(fd, _("sl_write"));
2833
2834 msg = (const char *) msg_in;
2835
2836 /* write
2837 */
2838 bytecount = 0;
2839
2840 while (bytecount < nbytes)
2841 {
2842 bytewritten = write (fd, msg, nbytes-bytecount);
2843
2844 if (bytewritten > 0)
2845 {
2846 bytecount += bytewritten;
2847 msg += bytewritten; /* move buffer pointer forward */
2848 }
2849 else if (bytewritten <= 0)
2850 {
2851 if ( errno == EINTR || errno == EAGAIN) /* try again */
2852 continue;
2853 else
2854 SL_IRETURN(SL_EWRITE, _("sl_write"));
2855 }
2856 }
2857 SL_IRETURN(SL_ENONE, _("sl_write"));
2858}
2859
2860int sl_write_line (SL_TICKET ticket, const void * msg, long nbytes)
2861{
2862 int status;
2863
2864 SL_ENTER(_("sl_write_line"));
2865
2866 status = sl_write(ticket, msg, nbytes);
2867 if (!SL_ISERROR(status))
2868 status = sl_write(ticket, "\n", 1);
2869
2870 SL_IRETURN(status, _("sl_write_line"));
2871}
2872
2873int sl_write_line_fast (SL_TICKET ticket, void * msg, long nbytes)
2874{
2875 int status;
2876 char * p = (char *) msg;
2877
2878 SL_ENTER(_("sl_write_line_fast"));
2879
2880 /* Here nbytes is strlen(msg), so p[nbytes] is the terminating '\0'
2881 * Overwrite the terminator, write out, then write back the terminator.
2882 */
2883 p[nbytes] = '\n';
2884 status = sl_write(ticket, msg, nbytes+1);
2885 p[nbytes] = '\0';
2886
2887 SL_IRETURN(status, _("sl_write_line_fast"));
2888}
2889
2890
2891/* ----------------------------------------------------------------
2892 *
2893 * Trustfile interface
2894 *
2895 * ---------------------------------------------------------------- */
2896
2897extern uid_t rootonly[];
2898extern int EUIDSLOT;
2899extern int ORIG_EUIDSLOT;
2900
2901extern char tf_path[MAXFILENAME]; /* Error path for trust function. */
2902extern uid_t tf_euid; /* Space for EUID of process. */
2903
2904char * sl_error_string(int errorcode)
2905{
2906
2907 switch (errorcode)
2908 {
2909 case SL_EBOGUS:
2910 return _("Bogus file, modified during access");
2911 case SL_EWRITE:
2912 return _("Write error");
2913 case SL_EREAD:
2914 return _("Read error");
2915 case SL_ESYNC:
2916 return _("Error in fsync()");
2917 case SL_EFORWARD:
2918 return _("Error in lseek()");
2919 case SL_EREWIND:
2920 return _("Error in lseek()");
2921 case SL_EUNLINK:
2922 return _("Error in unlink()");
2923 case SL_EMEM:
2924 return _("Out of memory");
2925 case SL_EINTERNAL:
2926 return _("Internal error");
2927 case SL_EINTERNAL01:
2928 return _("Internal error 01");
2929 case SL_EINTERNAL02:
2930 return _("Internal error 02");
2931 case SL_EINTERNAL03:
2932 return _("Internal error 03");
2933 case SL_EINTERNAL04:
2934 return _("Internal error 04");
2935 case SL_EINTERNAL05:
2936 return _("Internal error 05");
2937 case SL_EINTERNAL06:
2938 return _("Internal error 06");
2939 case SL_EINTERNAL07:
2940 return _("Internal error 07");
2941 case SL_EINTERNAL08:
2942 return _("Internal error 08");
2943 case SL_EINTERNAL09:
2944 return _("Internal error 09");
2945 case SL_EINTERNAL10:
2946 return _("Internal error 10");
2947 case SL_EINTERNAL11:
2948 return _("Internal error 11");
2949 case SL_EINTERNAL12:
2950 return _("Internal error 12");
2951 case SL_ETICKET:
2952 return _("Bad ticket");
2953 case SL_EREPEAT:
2954 return _("Illegal repeated use of function");
2955 case SL_ERANGE:
2956 return _("Argument out of range");
2957 case SL_ENULL:
2958 return _("Dereferenced NULL pointer");
2959
2960 case SL_EBADUID:
2961 return _("Owner not trustworthy");
2962 case SL_EBADGID:
2963 return _("Group writeable and member not trustworthy");
2964 case SL_EBADOTH:
2965 return _("World writeable");
2966 case SL_EISDIR:
2967 return _("Is a directory");
2968 case SL_EBADFILE:
2969 return _("File access error");
2970 case SL_EBADNAME:
2971 return _("Invalid filename (prob. too long or null)");
2972
2973 case SL_ETRUNC:
2974 return _("Truncation occured");
2975 case SL_ESTAT:
2976 return _("stat() failed");
2977 case SL_EFSTAT:
2978 return _("fstat() failed");
2979 default:
2980 return _("Unknown error");
2981 }
2982}
2983
2984
2985
2986char * sl_trust_errfile(void)
2987{
2988 return &tf_path[0];
2989}
2990
2991extern uid_t tf_baduid;
2992uid_t sl_trust_baduid(void)
2993{
2994 return tf_baduid;
2995}
2996
2997extern gid_t tf_badgid;
2998gid_t sl_trust_badgid(void)
2999{
3000 return tf_badgid;
3001}
3002
3003
3004static int trust_count = 0;
3005
3006int sl_trust_purge_user (void)
3007{
3008 int i;
3009
3010 EUIDSLOT = ORIG_EUIDSLOT;
3011 trust_count = 0;
3012
3013 for (i = EUIDSLOT; i < (EUIDSLOT + 15); ++i)
3014 rootonly[i] = sh_uid_neg;
3015 return 0;
3016}
3017
3018int sl_trust_add_user (uid_t pwid)
3019{
3020 SL_ENTER(_("sl_trust_add_user"));
3021
3022 if (trust_count == 15)
3023 SL_IRETURN(SL_ERANGE, _("sl_trust_add_user"));
3024
3025 rootonly[EUIDSLOT] = pwid;
3026 ++EUIDSLOT;
3027 ++trust_count;
3028
3029 SL_IRETURN(SL_ENONE, _("sl_trust_add_user"));
3030}
3031
3032#include "sh_mem.h"
3033extern char * sh_util_strdup (const char * str);
3034
3035struct sl_trustfile_store {
3036 char * filename;
3037 uid_t teuid;
3038 struct sl_trustfile_store * next;
3039};
3040
3041static struct sl_trustfile_store * sl_trusted_files = NULL;
3042
3043static void sl_add_trusted_file(const char * filename, uid_t teuid)
3044{
3045 struct sl_trustfile_store *new = SH_ALLOC(sizeof(struct sl_trustfile_store));
3046
3047 new->filename = sh_util_strdup (filename);
3048 new->teuid = teuid;
3049 new->next = sl_trusted_files;
3050
3051 sl_trusted_files = new;
3052 return;
3053}
3054
3055static const char * sl_check_trusted_file(const char * filename, uid_t teuid)
3056{
3057 struct sl_trustfile_store *new = sl_trusted_files;
3058
3059 while (new)
3060 {
3061 if ((new->teuid == teuid) && (0 == strcmp(new->filename, filename)))
3062 return filename;
3063 new = new->next;
3064 }
3065
3066 return NULL;
3067}
3068
3069static void sl_clear_trusted_file(struct sl_trustfile_store * file)
3070{
3071 if (file)
3072 {
3073 if (file->next != NULL)
3074 sl_clear_trusted_file(file->next);
3075 SH_FREE(file->filename);
3076 SH_FREE(file);
3077 }
3078 return;
3079}
3080
3081int sl_trustfile_euid(const char * filename, uid_t teuid)
3082{
3083 long status;
3084 static time_t old = 0;
3085 static time_t now;
3086
3087 SL_ENTER(_("sl_trustfile_euid"));
3088
3089 tf_path[0] = '\0';
3090 if (filename == NULL || filename[0] == '\0')
3091 SL_IRETURN(SL_EBADNAME, _("sl_trustfile_euid"));
3092
3093 now = time(NULL);
3094 if (now < (old + 300))
3095 {
3096 if (NULL != sl_check_trusted_file(filename, teuid))
3097 {
3098 sl_strlcpy(tf_path, filename, sizeof(tf_path));
3099 SL_IRETURN(SL_ENONE, _("sl_trustfile_euid"));
3100 }
3101 }
3102 else
3103 {
3104 sl_clear_trusted_file(sl_trusted_files);
3105 sl_trusted_files = NULL;
3106 old = now;
3107 }
3108
3109 tf_euid = teuid;
3110 status = sl_trustfile(filename, NULL, NULL);
3111 if (status == SL_ENONE)
3112 sl_add_trusted_file(filename, teuid);
3113 SL_IRETURN(status, _("sl_trustfile_euid"));
3114}
3115
3116/* ----------------------------------------------------------------
3117 *
3118 * Overflow tests
3119 *
3120 * ---------------------------------------------------------------- */
3121
3122#ifndef SIZE_MAX
3123#define SIZE_MAX (4294967295U)
3124#endif
3125
3126int sl_ok_muli (int a, int b) /* a*b */
3127{
3128 if ((b == 0) || (a >= (INT_MIN / b) && a <= (INT_MAX / b)))
3129 return SL_TRUE; /* no overflow */
3130 return SL_FALSE;
3131}
3132
3133int sl_ok_muls (size_t a, size_t b) /* a*b */
3134{
3135 if ((b == 0) || (a <= (SIZE_MAX / b)))
3136 return SL_TRUE; /* no overflow */
3137 return SL_FALSE;
3138}
3139
3140int sl_ok_divi (int a, int b) /* a/b */
3141{
3142 (void) a;
3143 if (b != 0)
3144 return SL_TRUE; /* no overflow */
3145 return SL_FALSE;
3146}
3147
3148int sl_ok_addi (int a, int b) /* a+b */
3149{
3150 if (a >= 0 && b >= 0)
3151 {
3152 if (a <= (INT_MAX - b))
3153 return SL_TRUE; /* no overflow */
3154 else
3155 return SL_FALSE;
3156 }
3157 else if (a < 0 && b < 0)
3158 {
3159 if (a >= (INT_MIN - b))
3160 return SL_TRUE; /* no overflow */
3161 else
3162 return SL_FALSE;
3163 }
3164 return SL_TRUE;
3165}
3166
3167int sl_ok_adds (size_t a, size_t b) /* a+b */
3168{
3169 if (a <= (SIZE_MAX - b))
3170 return SL_TRUE; /* no overflow */
3171 else
3172 return SL_FALSE;
3173}
3174
3175int sl_ok_subi (int a, int b) /* a-b */
3176{
3177 if (a >= 0 && b < 0)
3178 {
3179 if (a <= (INT_MAX + b))
3180 return SL_TRUE; /* no overflow */
3181 else
3182 return SL_FALSE;
3183 }
3184 else if (a < 0 && b >= 0)
3185 {
3186 if (a >= (INT_MIN + b))
3187 return SL_TRUE; /* no overflow */
3188 else
3189 return SL_FALSE;
3190 }
3191 return SL_TRUE;
3192}
Note: See TracBrowser for help on using the repository browser.