[checkpath] / tmpdir.c

/* -*-c-*-
 *
 * $Id: tmpdir.c,v 1.2 1999/05/19 20:37:28 mdw Exp $
 *
 * Choose and check temporary directories
 *
 * (c) 1999 Mark Wooding
 */

/*----- Licensing notice --------------------------------------------------* 
 *
 * This file is part of chkpath.
 *
 * chkpath is free software; you can redistribute it and/or modify
 * it under the terms of the GNU General Public License as published by
 * the Free Software Foundation; either version 2 of the License, or
 * (at your option) any later version.
 * 
 * chkpath is distributed in the hope that it will be useful,
 * but WITHOUT ANY WARRANTY; without even the implied warranty of
 * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the
 * GNU General Public License for more details.
 * 
 * You should have received a copy of the GNU General Public License
 * along with chkpath; if not, write to the Free Software Foundation,
 * Inc., 59 Temple Place - Suite 330, Boston, MA 02111-1307, USA.
 */

/*----- Revision history --------------------------------------------------* 
 *
 * $Log: tmpdir.c,v $
 * Revision 1.2  1999/05/19 20:37:28  mdw
 * Track gratuitous change in mdwopt interface.
 *
 * Revision 1.1.1.1  1999/04/06 20:12:07  mdw
 * Import new project.
 *
 */

/*----- Header files ------------------------------------------------------*/

#include <errno.h>
#include <stdio.h>
#include <stdlib.h>
#include <string.h>

#include <sys/types.h>
#include <sys/stat.h>
#include <unistd.h>
#include <pwd.h>

#include <mLib/alloc.h>
#include <mLib/dstr.h>
#include <mLib/mdwopt.h>
#include <mLib/quis.h>
#include <mLib/report.h>

#include "path.h"

/*----- Static variables --------------------------------------------------*/

static uid_t me;
static struct chkpath cp;
static struct passwd *pw;

/*----- Main code ---------------------------------------------------------*/

/* --- @ok@ --- *
 *
 * Arguments:	@const char *p@ = pathname to check
 *		@int *f@ = try-to-create flag
 *
 * Returns:	Nonzero if the directory is OK
 *
 * Use:		Ensures that a directory is OK.  If @f@ is a real pointer,
 *		and @*f@ is set, then try to create the directory.
 */

static int ok(const char *p, int *f)
{
  struct stat st;

  /* --- Read the directory status --- */

  if (lstat(p, &st)) {

    /* --- Maybe create it if it doesn't exist --- */

    if (errno != ENOENT || !f || !*f)
      return (0);
    if (mkdir(p, 0700)) {
      *f = 0;
      return (0);
    }

    /* --- Now read the new status --- *
     *
     * This fixes a race condition between the previous @lstat@ call and
     * the @mkdir@.
     */

    if (lstat(p, &st))
      return (0);
  }

  /* --- Make sure the directory is good --- *
   *
   * It must be a genuine directory (not a link); it must be readable
   * and writable only by its owner, and that owner must be me.
   */

  if (S_ISDIR(st.st_mode) && (st.st_mode & 0777) == 0700 && st.st_uid == me)
    return (1);
  return (0);
}

/* --- @trytmp@ --- *
 *
 * Arguments:	@const char *parent@ = parent directory name
 *		@const char *base@ = subdirectory base name
 *
 * Returns:	Pointer to directory name, or null.  (String needs freeing.)
 *
 * Use:		Tries to find or create an appropriate temporary directory.
 */

static char *trytmp(const char *parent, const char *base)
{
  static char c[] = { "0123456789"
		      "abcdefghijklmnopqrstuvwxyz"
		      "ABCDEFGHIJKLMNOPQRSTUVWXYZ" };
  char *p, *q;
  char *qq;
  dstr d;
  int createflag = 1;

  /* --- Make sure the parent directory is sane --- *
   *
   * Must make sure that all the lead-up to the temporary directory is safe.
   * Otherwise other people can play with symlinks or rename directories
   * after I've done all this careful work to make the endpoint directory
   * safe.
   */

  if (path_check(parent, &cp))
    return (0);

  /* --- See whether the trivial version will work --- */

  dstr_create(&d);
  dstr_putf(&d, "%s/%s", parent, base);
  if (ok(d.buf, &createflag))
    goto good;

  /* --- Now try with various suffixes --- */

  DENSURE(&d, 4);
  qq = d.buf + d.len;
  *qq++ = '-';

  for (p = c; *p; p++) {
    qq[0] = *p;
    qq[1] = 0;
    if (ok(d.buf, &createflag))
      goto good;
    for (q = c; *q; q++) {
      qq[1] = *q;
      qq[2] = 0;
      if (ok(d.buf, &createflag))
	goto good;
    }
  }

  /* --- No joy --- */

  dstr_destroy(&d);
  return (0);

good:
  p = xstrdup(d.buf);
  dstr_destroy(&d);
  return (p);
}

/* --- @fullcheck@ --- *
 *
 * Arguments:	@const char *p@ = pointer to path to check
 *
 * Returns:	Zero if it's a bad directory.
 *
 * Use:		Runs a thorough check on a directory.
 */

static int fullcheck(const char *p)
{
  return (path_check(p, &cp) == 0 && ok(p, 0));
}

/* --- @goodtmp@ --- *
 *
 * Arguments:	---
 *
 * Returns:	Pointer to a known-good secure temporary directory, or
 *		null.
 *
 * Use:		Finds a good place to store temporary files.
 */

static char *goodtmp(void)
{
  char *p, *q;

  /* --- First of all, try the user's current choice --- */

  if ((p = getenv("TMPDIR")) != 0 && fullcheck(p))
    return (p);

  /* --- Try making a directory in `/tmp' --- */

  if (!(q = getenv("USER")) && !(q = getenv("LOGNAME")))
    q = pw->pw_name;
  if ((q = trytmp("/tmp", q)) != 0)
    return (q);

  /* --- That failed: try a directory in the user's home --- */

  if (!(q = getenv("HOME")))
    q = pw->pw_dir;
  if ((q = trytmp(q, "tmp")) != 0)
    return (q);

  /* --- Still no joy: give up --- *
   *
   * To be fair, if the user can't find a safe place in his own home
   * directory then he's pretty stuffed.
   */

  return (0);
}

/* --- @usage@ --- */

static void usage(FILE *fp)
{
  fprintf(fp, "Usage: %s [-bc] [-v PATH]\n", QUIS);
}

/* --- @version@ --- */

static void version(FILE *fp)
{
  fprintf(fp, "%s version %s\n", QUIS, VERSION);
}

/* --- @help@ --- */

static void help(FILE *fp)
{
  version(fp);
  putc('\n', fp);
  usage(fp);
  fputs("\n\
Sets a suitable and secure temporary directory, or checks that a given\n\
directory is suitable for use with temporary files.  A directory is\n\
considered good for a particular user if it's readable and writable only\n\
by that user, and if all its parents are modifiable only by the user or\n\
root.\n\
\n\
Options supported:\n\
\n\
-h, --help		Display this help text.\n\
-V, --version		Display the program's version number.\n\
-u, --usage		Display a terse usage summary.\n\
\n\
-b, --bourne		Output a `TMPDIR' setting for Bourne shell users.\n\
-c, --cshell		Output a `TMPDIR' setting for C shell users.\n\
-v, --verify PATH	Check whether PATH is good, setting exit status.\n\
\n\
The default action is to examine the caller's shell and output a suitable\n\
setting for that shell type.\n\
",
	fp);
}

/* --- @main@ --- *
 *
 * Arguments:	@int argc@ = number of command line arguments
 *		@char *argv[]@ = the actual argument strings
 *
 * Returns:	Zero if all went well, else nonzero.
 *
 * Use:		Performs helpful operations on temporary directories.
 */

int main(int argc, char *argv[])
{
  int shell = 0;
  int duff = 0;

  enum {
    sh_unknown,
    sh_bourne,
    sh_csh
  };

  /* --- Initialize variables --- */

  ego(argv[0]);
  me = getuid();
  cp.cp_what = CP_WRWORLD | CP_WRGRP | CP_WROTHUSR | CP_STICKYOK;
  cp.cp_verbose = 0;
  cp.cp_report = 0;
  path_setids(&cp);
  pw = getpwuid(me);
  if (!pw)
    die(1, "you don't exist");

  /* --- Parse arguments --- */

  for (;;) {
    static struct option opts[] = {
      { "help",		0,		0,	'h' },
      { "version", 	0, 		0,	'V' },
      { "usage",	0,		0,	'u' },
      { "bourne",	0,		0,	'b' },
      { "cshell",	0,		0,	'c' },
      { "verify",	OPTF_ARGREQ,	0,	'v' },
      { 0,		0,		0,	0 }
    };
    int i = mdwopt(argc, argv, "hVu bcv:", opts, 0, 0, 0);

    if (i < 0)
      break;
    switch (i) {
      case 'h':
	help(stdout);
	exit(0);
      case 'V':
	version(stdout);
	exit(0);
      case 'u':
	usage(stdout);
	exit(0);
      case 'b':
	shell = sh_bourne;
	break;
      case 'c':
	shell = sh_csh;
	break;
      case 'v':
	return (!fullcheck(optarg));
	break;
      default:
	duff = 1;
	break;
    }
  }

  if (duff || optind != argc) {
    usage(stderr);
    exit(1);
  }

  /* --- Choose a shell --- */

  if (!shell) {
    char *p;
    if (!(p = getenv("SHELL")))
      p = pw->pw_shell;
    if (strstr(p, "csh"))
      shell = sh_csh;
    else
      shell = sh_bourne;
  }

  /* --- Start the checking --- */

  {
    char *p = goodtmp();
    if (!p)
      die(1, "no good tmp directory");
    switch (shell) {
      case sh_bourne:
	printf("TMPDIR=\"%s\"; export TMPDIR\n", p);
	break;
      case sh_csh:
	printf("setenv TMPDIR \"%s\"\n", p);
	break;
    }
  }

  return (0);
}

/*----- That's all, folks -------------------------------------------------*/
Commit	Line	Data
efa7a97b	1	/* --c--
efa7a97b	2	*
cef4f797	3	* $Id: tmpdir.c,v 1.2 1999/05/19 20:37:28 mdw Exp $
efa7a97b	4	*
	5	* Choose and check temporary directories
	6	*
	7	* (c) 1999 Mark Wooding
	8	*/
	9
	10	/----- Licensing notice --------------------------------------------------
	11	*
	12	* This file is part of chkpath.
	13	*
	14	* chkpath is free software; you can redistribute it and/or modify
	15	* it under the terms of the GNU General Public License as published by
	16	* the Free Software Foundation; either version 2 of the License, or
	17	* (at your option) any later version.
	18	*
	19	* chkpath is distributed in the hope that it will be useful,
	20	* but WITHOUT ANY WARRANTY; without even the implied warranty of
	21	* MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
	22	* GNU General Public License for more details.
	23	*
	24	* You should have received a copy of the GNU General Public License
	25	* along with chkpath; if not, write to the Free Software Foundation,
	26	* Inc., 59 Temple Place - Suite 330, Boston, MA 02111-1307, USA.
	27	*/
	28
	29	/----- Revision history --------------------------------------------------
	30	*
	31	* $Log: tmpdir.c,v $
cef4f797	32	* Revision 1.2 1999/05/19 20:37:28 mdw
	33	* Track gratuitous change in mdwopt interface.
	34	*
	35	* Revision 1.1.1.1 1999/04/06 20:12:07 mdw
	36	* Import new project.
efa7a97b	37	*
	38	*/
	39
	40	/----- Header files ------------------------------------------------------/
	41
	42	#include <errno.h>
	43	#include <stdio.h>
	44	#include <stdlib.h>
	45	#include <string.h>
	46
	47	#include <sys/types.h>
	48	#include <sys/stat.h>
	49	#include <unistd.h>
	50	#include <pwd.h>
	51
	52	#include <mLib/alloc.h>
	53	#include <mLib/dstr.h>
	54	#include <mLib/mdwopt.h>
	55	#include <mLib/quis.h>
	56	#include <mLib/report.h>
	57
	58	#include "path.h"
	59
	60	/----- Static variables --------------------------------------------------/
	61
	62	static uid_t me;
	63	static struct chkpath cp;
	64	static struct passwd *pw;
	65
	66	/----- Main code ---------------------------------------------------------/
	67
	68	/* --- @ok@ --- *
	69	*
	70	* Arguments: @const char *p@ = pathname to check
	71	* @int *f@ = try-to-create flag
	72	*
	73	* Returns: Nonzero if the directory is OK
	74	*
	75	* Use: Ensures that a directory is OK. If @f@ is a real pointer,
	76	* and @*f@ is set, then try to create the directory.
	77	*/
	78
	79	static int ok(const char p, int f)
	80	{
	81	struct stat st;
	82
	83	/* --- Read the directory status --- */
	84
	85	if (lstat(p, &st)) {
	86
	87	/* --- Maybe create it if it doesn't exist --- */
	88
	89	if (errno != ENOENT \|\| !f \|\| !*f)
	90	return (0);
	91	if (mkdir(p, 0700)) {
	92	*f = 0;
	93	return (0);
	94	}
	95
	96	/* --- Now read the new status --- *
	97	*
	98	* This fixes a race condition between the previous @lstat@ call and
	99	* the @mkdir@.
	100	*/
101
102	if (lstat(p, &st))
103	return (0);
104	}
105
106	/* --- Make sure the directory is good --- *
107	*
108	* It must be a genuine directory (not a link); it must be readable
109	* and writable only by its owner, and that owner must be me.
110	*/
111
112	if (S_ISDIR(st.st_mode) && (st.st_mode & 0777) == 0700 && st.st_uid == me)
113	return (1);
114	return (0);
115	}
116
117	/* --- @trytmp@ --- *
118	*
119	* Arguments: @const char *parent@ = parent directory name
120	* @const char *base@ = subdirectory base name
121	*
122	* Returns: Pointer to directory name, or null. (String needs freeing.)
123	*
124	* Use: Tries to find or create an appropriate temporary directory.
125	*/
126
127	static char trytmp(const char parent, const char *base)
128	{
129	static char c[] = { "0123456789"
130	"abcdefghijklmnopqrstuvwxyz"
131	"ABCDEFGHIJKLMNOPQRSTUVWXYZ" };
132	char p, q;
133	char *qq;
134	dstr d;
135	int createflag = 1;
136
137	/* --- Make sure the parent directory is sane --- *
138	*
139	* Must make sure that all the lead-up to the temporary directory is safe.
140	* Otherwise other people can play with symlinks or rename directories
141	* after I've done all this careful work to make the endpoint directory
142	* safe.
143	*/
144
145	if (path_check(parent, &cp))
146	return (0);
147
148	/* --- See whether the trivial version will work --- */
149
150	dstr_create(&d);
151	dstr_putf(&d, "%s/%s", parent, base);
152	if (ok(d.buf, &createflag))
153	goto good;
154
155	/* --- Now try with various suffixes --- */
156
157	DENSURE(&d, 4);
158	qq = d.buf + d.len;
159	*qq++ = '-';
160
161	for (p = c; *p; p++) {
162	qq[0] = *p;
163	qq[1] = 0;
164	if (ok(d.buf, &createflag))
165	goto good;
166	for (q = c; *q; q++) {
167	qq[1] = *q;
168	qq[2] = 0;
169	if (ok(d.buf, &createflag))
170	goto good;
171	}
172	}
173
174	/* --- No joy --- */
175
176	dstr_destroy(&d);
177	return (0);
178
179	good:
180	p = xstrdup(d.buf);
181	dstr_destroy(&d);
182	return (p);
183	}
184
185	/* --- @fullcheck@ --- *
186	*
187	* Arguments: @const char *p@ = pointer to path to check
188	*
189	* Returns: Zero if it's a bad directory.
190	*
191	* Use: Runs a thorough check on a directory.
192	*/
193
194	static int fullcheck(const char *p)
195	{
196	return (path_check(p, &cp) == 0 && ok(p, 0));
197	}
198
199	/* --- @goodtmp@ --- *
200	*
201	* Arguments: ---
202	*
203	* Returns: Pointer to a known-good secure temporary directory, or
204	* null.
205	*
206	* Use: Finds a good place to store temporary files.
207	*/
208
209	static char *goodtmp(void)
210	{
211	char p, q;
212
213	/* --- First of all, try the user's current choice --- */
214
215	if ((p = getenv("TMPDIR")) != 0 && fullcheck(p))
216	return (p);
217
218	/* --- Try making a directory in `/tmp' --- */
219
220	if (!(q = getenv("USER")) && !(q = getenv("LOGNAME")))
221	q = pw->pw_name;
222	if ((q = trytmp("/tmp", q)) != 0)
223	return (q);
224
225	/* --- That failed: try a directory in the user's home --- */
226
227	if (!(q = getenv("HOME")))
228	q = pw->pw_dir;
229	if ((q = trytmp(q, "tmp")) != 0)
230	return (q);
231
232	/* --- Still no joy: give up --- *
233	*
234	* To be fair, if the user can't find a safe place in his own home
235	* directory then he's pretty stuffed.
236	*/
237
238	return (0);
239	}
240
241	/* --- @usage@ --- */
242
243	static void usage(FILE *fp)
244	{
245	fprintf(fp, "Usage: %s [-bc] [-v PATH]\n", QUIS);
246	}
247
248	/* --- @version@ --- */
249
250	static void version(FILE *fp)
251	{
252	fprintf(fp, "%s version %s\n", QUIS, VERSION);
253	}
254
255	/* --- @help@ --- */
256
257	static void help(FILE *fp)
258	{
259	version(fp);
260	putc('\n', fp);
261	usage(fp);
262	fputs("\n\
263	Sets a suitable and secure temporary directory, or checks that a given\n\
264	directory is suitable for use with temporary files. A directory is\n\
265	considered good for a particular user if it's readable and writable only\n\
266	by that user, and if all its parents are modifiable only by the user or\n\
267	root.\n\
268	\n\
269	Options supported:\n\
270	\n\
271	-h, --help Display this help text.\n\
272	-V, --version Display the program's version number.\n\
273	-u, --usage Display a terse usage summary.\n\
274	\n\
275	-b, --bourne Output a `TMPDIR' setting for Bourne shell users.\n\
276	-c, --cshell Output a `TMPDIR' setting for C shell users.\n\
277	-v, --verify PATH Check whether PATH is good, setting exit status.\n\
278	\n\
279	The default action is to examine the caller's shell and output a suitable\n\
280	setting for that shell type.\n\
281	",
282	fp);
283	}
284
285	/* --- @main@ --- *
286	*
287	* Arguments: @int argc@ = number of command line arguments
288	* @char *argv[]@ = the actual argument strings
289	*
290	* Returns: Zero if all went well, else nonzero.
291	*
292	* Use: Performs helpful operations on temporary directories.
293	*/
294
295	int main(int argc, char *argv[])
296	{
297	int shell = 0;
298	int duff = 0;
299
300	enum {
301	sh_unknown,
302	sh_bourne,
303	sh_csh
304	};
305
306	/* --- Initialize variables --- */
307
308	ego(argv[0]);
309	me = getuid();
310	cp.cp_what = CP_WRWORLD \| CP_WRGRP \| CP_WROTHUSR \| CP_STICKYOK;
311	cp.cp_verbose = 0;
312	cp.cp_report = 0;
313	path_setids(&cp);
314	pw = getpwuid(me);
315	if (!pw)
316	die(1, "you don't exist");
317
318	/* --- Parse arguments --- */
319
320	for (;;) {
321	static struct option opts[] = {
322	{ "help", 0, 0, 'h' },
323	{ "version", 0, 0, 'V' },
324	{ "usage", 0, 0, 'u' },
325	{ "bourne", 0, 0, 'b' },
326	{ "cshell", 0, 0, 'c' },
cef4f797	327	{ "verify", OPTF_ARGREQ, 0, 'v' },
efa7a97b	328	{ 0, 0, 0, 0 }
	329	};
	330	int i = mdwopt(argc, argv, "hVu bcv:", opts, 0, 0, 0);
	331
	332	if (i < 0)
	333	break;
	334	switch (i) {
	335	case 'h':
	336	help(stdout);
	337	exit(0);
	338	case 'V':
	339	version(stdout);
	340	exit(0);
	341	case 'u':
	342	usage(stdout);
	343	exit(0);
	344	case 'b':
	345	shell = sh_bourne;
	346	break;
	347	case 'c':
	348	shell = sh_csh;
	349	break;
	350	case 'v':
	351	return (!fullcheck(optarg));
	352	break;
	353	default:
	354	duff = 1;
	355	break;
	356	}
	357	}
	358
	359	if (duff \|\| optind != argc) {
	360	usage(stderr);
	361	exit(1);
	362	}
	363
	364	/* --- Choose a shell --- */
	365
	366	if (!shell) {
	367	char *p;
	368	if (!(p = getenv("SHELL")))
	369	p = pw->pw_shell;
	370	if (strstr(p, "csh"))
	371	shell = sh_csh;
	372	else
	373	shell = sh_bourne;
	374	}
	375
	376	/* --- Start the checking --- */
	377
	378	{
	379	char *p = goodtmp();
	380	if (!p)
	381	die(1, "no good tmp directory");
	382	switch (shell) {
	383	case sh_bourne:
	384	printf("TMPDIR=\"%s\"; export TMPDIR\n", p);
	385	break;
	386	case sh_csh:
	387	printf("setenv TMPDIR \"%s\"\n", p);
	388	break;
	389	}
	390	}
	391
392	return (0);
393	}
394
395	/----- That's all, folks -------------------------------------------------/