[checkpath] / tmpdir.c

/* -*-c-*-
 *
 * $Id: tmpdir.c,v 1.4 2003/01/25 23:58:44 mdw Exp $
 *
 * Choose and check temporary directories
 *
 * (c) 1999 Mark Wooding
 */

/*----- Licensing notice --------------------------------------------------* 
 *
 * This file is part of chkpath.
 *
 * chkpath is free software; you can redistribute it and/or modify
 * it under the terms of the GNU General Public License as published by
 * the Free Software Foundation; either version 2 of the License, or
 * (at your option) any later version.
 * 
 * chkpath is distributed in the hope that it will be useful,
 * but WITHOUT ANY WARRANTY; without even the implied warranty of
 * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the
 * GNU General Public License for more details.
 * 
 * You should have received a copy of the GNU General Public License
 * along with chkpath; if not, write to the Free Software Foundation,
 * Inc., 59 Temple Place - Suite 330, Boston, MA 02111-1307, USA.
 */

/*----- Revision history --------------------------------------------------* 
 *
 * $Log: tmpdir.c,v $
 * Revision 1.4  2003/01/25 23:58:44  mdw
 * Make guts into official library.
 *
 * Revision 1.3  1999/05/21 22:07:20  mdw
 * Take advantage of new dynamic string macros.
 *
 * Revision 1.2  1999/05/19 20:37:28  mdw
 * Track gratuitous change in mdwopt interface.
 *
 * Revision 1.1.1.1  1999/04/06 20:12:07  mdw
 * Import new project.
 *
 */

/*----- Header files ------------------------------------------------------*/

#include <errno.h>
#include <stdio.h>
#include <stdlib.h>
#include <string.h>

#include <sys/types.h>
#include <sys/stat.h>
#include <unistd.h>
#include <pwd.h>

#include <mLib/alloc.h>
#include <mLib/dstr.h>
#include <mLib/mdwopt.h>
#include <mLib/quis.h>
#include <mLib/report.h>

#include "checkpath.h"

/*----- Static variables --------------------------------------------------*/

static uid_t me;
static struct checkpath cp;
static struct passwd *pw;

/*----- Main code ---------------------------------------------------------*/

/* --- @ok@ --- *
 *
 * Arguments:	@const char *p@ = pathname to check
 *		@int *f@ = try-to-create flag
 *
 * Returns:	Nonzero if the directory is OK
 *
 * Use:		Ensures that a directory is OK.  If @f@ is a real pointer,
 *		and @*f@ is set, then try to create the directory.
 */

static int ok(const char *p, int *f)
{
  struct stat st;

  /* --- Read the directory status --- */

  if (lstat(p, &st)) {

    /* --- Maybe create it if it doesn't exist --- */

    if (errno != ENOENT || !f || !*f)
      return (0);
    if (mkdir(p, 0700)) {
      *f = 0;
      return (0);
    }

    /* --- Now read the new status --- *
     *
     * This fixes a race condition between the previous @lstat@ call and
     * the @mkdir@.
     */

    if (lstat(p, &st))
      return (0);
  }

  /* --- Make sure the directory is good --- *
   *
   * It must be a genuine directory (not a link); it must be readable
   * and writable only by its owner, and that owner must be me.
   */

  if (S_ISDIR(st.st_mode) && (st.st_mode & 0777) == 0700 && st.st_uid == me)
    return (1);
  return (0);
}

/* --- @trytmp@ --- *
 *
 * Arguments:	@const char *parent@ = parent directory name
 *		@const char *base@ = subdirectory base name
 *
 * Returns:	Pointer to directory name, or null.  (String needs freeing.)
 *
 * Use:		Tries to find or create an appropriate temporary directory.
 */

static char *trytmp(const char *parent, const char *base)
{
  static char c[] = { "0123456789"
		      "abcdefghijklmnopqrstuvwxyz"
		      "ABCDEFGHIJKLMNOPQRSTUVWXYZ" };
  char *p, *q;
  char *qq;
  dstr d = DSTR_INIT;
  int createflag = 1;

  /* --- Make sure the parent directory is sane --- *
   *
   * Must make sure that all the lead-up to the temporary directory is safe.
   * Otherwise other people can play with symlinks or rename directories
   * after I've done all this careful work to make the endpoint directory
   * safe.
   */

  if (checkpath(parent, &cp))
    return (0);

  /* --- See whether the trivial version will work --- */

  dstr_putf(&d, "%s/%s", parent, base);
  if (ok(d.buf, &createflag))
    goto good;

  /* --- Now try with various suffixes --- */

  DENSURE(&d, 4);
  qq = d.buf + d.len;
  *qq++ = '-';

  for (p = c; *p; p++) {
    qq[0] = *p;
    qq[1] = 0;
    if (ok(d.buf, &createflag))
      goto good;
    for (q = c; *q; q++) {
      qq[1] = *q;
      qq[2] = 0;
      if (ok(d.buf, &createflag))
	goto good;
    }
  }

  /* --- No joy --- */

  dstr_destroy(&d);
  return (0);

good:
  p = xstrdup(d.buf);
  dstr_destroy(&d);
  return (p);
}

/* --- @fullcheck@ --- *
 *
 * Arguments:	@const char *p@ = pointer to path to check
 *
 * Returns:	Zero if it's a bad directory.
 *
 * Use:		Runs a thorough check on a directory.
 */

static int fullcheck(const char *p)
{
  return (checkpath(p, &cp) == 0 && ok(p, 0));
}

/* --- @goodtmp@ --- *
 *
 * Arguments:	---
 *
 * Returns:	Pointer to a known-good secure temporary directory, or
 *		null.
 *
 * Use:		Finds a good place to store temporary files.
 */

static char *goodtmp(void)
{
  char *p, *q;

  /* --- First of all, try the user's current choice --- */

  if ((p = getenv("TMPDIR")) != 0 && fullcheck(p))
    return (p);

  /* --- Try making a directory in `/tmp' --- */

  if (!(q = getenv("USER")) && !(q = getenv("LOGNAME")))
    q = pw->pw_name;
  if ((q = trytmp("/tmp", q)) != 0)
    return (q);

  /* --- That failed: try a directory in the user's home --- */

  if (!(q = getenv("HOME")))
    q = pw->pw_dir;
  if ((q = trytmp(q, "tmp")) != 0)
    return (q);

  /* --- Still no joy: give up --- *
   *
   * To be fair, if the user can't find a safe place in his own home
   * directory then he's pretty stuffed.
   */

  return (0);
}

/* --- @usage@ --- */

static void usage(FILE *fp)
{
  fprintf(fp, "Usage: %s [-bc] [-v PATH]\n", QUIS);
}

/* --- @version@ --- */

static void version(FILE *fp)
{
  fprintf(fp, "%s version %s\n", QUIS, VERSION);
}

/* --- @help@ --- */

static void help(FILE *fp)
{
  version(fp);
  putc('\n', fp);
  usage(fp);
  fputs("\n\
Sets a suitable and secure temporary directory, or checks that a given\n\
directory is suitable for use with temporary files.  A directory is\n\
considered good for a particular user if it's readable and writable only\n\
by that user, and if all its parents are modifiable only by the user or\n\
root.\n\
\n\
Options supported:\n\
\n\
-h, --help		Display this help text.\n\
-V, --version		Display the program's version number.\n\
-u, --usage		Display a terse usage summary.\n\
\n\
-b, --bourne		Output a `TMPDIR' setting for Bourne shell users.\n\
-c, --cshell		Output a `TMPDIR' setting for C shell users.\n\
-v, --verify PATH	Check whether PATH is good, setting exit status.\n\
\n\
The default action is to examine the caller's shell and output a suitable\n\
setting for that shell type.\n\
",
	fp);
}

/* --- @main@ --- *
 *
 * Arguments:	@int argc@ = number of command line arguments
 *		@char *argv[]@ = the actual argument strings
 *
 * Returns:	Zero if all went well, else nonzero.
 *
 * Use:		Performs helpful operations on temporary directories.
 */

int main(int argc, char *argv[])
{
  int shell = 0;
  int duff = 0;

  enum {
    sh_unknown,
    sh_bourne,
    sh_csh
  };

  /* --- Initialize variables --- */

  ego(argv[0]);
  me = getuid();
  cp.cp_what = CP_WRWORLD | CP_WRGRP | CP_WROTHUSR | CP_STICKYOK;
  cp.cp_verbose = 0;
  cp.cp_report = 0;
  checkpath_setids(&cp);
  pw = getpwuid(me);
  if (!pw)
    die(1, "you don't exist");

  /* --- Parse arguments --- */

  for (;;) {
    static struct option opts[] = {
      { "help",		0,		0,	'h' },
      { "version", 	0, 		0,	'V' },
      { "usage",	0,		0,	'u' },
      { "bourne",	0,		0,	'b' },
      { "cshell",	0,		0,	'c' },
      { "verify",	OPTF_ARGREQ,	0,	'v' },
      { 0,		0,		0,	0 }
    };
    int i = mdwopt(argc, argv, "hVu bcv:", opts, 0, 0, 0);

    if (i < 0)
      break;
    switch (i) {
      case 'h':
	help(stdout);
	exit(0);
      case 'V':
	version(stdout);
	exit(0);
      case 'u':
	usage(stdout);
	exit(0);
      case 'b':
	shell = sh_bourne;
	break;
      case 'c':
	shell = sh_csh;
	break;
      case 'v':
	return (!fullcheck(optarg));
	break;
      default:
	duff = 1;
	break;
    }
  }

  if (duff || optind != argc) {
    usage(stderr);
    exit(1);
  }

  /* --- Choose a shell --- */

  if (!shell) {
    char *p;
    if (!(p = getenv("SHELL")))
      p = pw->pw_shell;
    if (strstr(p, "csh"))
      shell = sh_csh;
    else
      shell = sh_bourne;
  }

  /* --- Start the checking --- */

  {
    char *p = goodtmp();
    if (!p)
      die(1, "no good tmp directory");
    switch (shell) {
      case sh_bourne:
	printf("TMPDIR=\"%s\"; export TMPDIR\n", p);
	break;
      case sh_csh:
	printf("setenv TMPDIR \"%s\"\n", p);
	break;
    }
  }

  return (0);
}

/*----- That's all, folks -------------------------------------------------*/
Commit	Line	Data
efa7a97b	1	/* --c--
efa7a97b	2	*
d7b5ee0c	3	* $Id: tmpdir.c,v 1.4 2003/01/25 23:58:44 mdw Exp $
efa7a97b	4	*
	5	* Choose and check temporary directories
	6	*
	7	* (c) 1999 Mark Wooding
	8	*/
	9
	10	/----- Licensing notice --------------------------------------------------
	11	*
	12	* This file is part of chkpath.
	13	*
	14	* chkpath is free software; you can redistribute it and/or modify
	15	* it under the terms of the GNU General Public License as published by
	16	* the Free Software Foundation; either version 2 of the License, or
	17	* (at your option) any later version.
	18	*
	19	* chkpath is distributed in the hope that it will be useful,
	20	* but WITHOUT ANY WARRANTY; without even the implied warranty of
	21	* MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
	22	* GNU General Public License for more details.
	23	*
	24	* You should have received a copy of the GNU General Public License
	25	* along with chkpath; if not, write to the Free Software Foundation,
	26	* Inc., 59 Temple Place - Suite 330, Boston, MA 02111-1307, USA.
	27	*/
	28
	29	/----- Revision history --------------------------------------------------
	30	*
	31	* $Log: tmpdir.c,v $
d7b5ee0c	32	* Revision 1.4 2003/01/25 23:58:44 mdw
	33	* Make guts into official library.
	34	*
72462155	35	* Revision 1.3 1999/05/21 22:07:20 mdw
	36	* Take advantage of new dynamic string macros.
	37	*
cef4f797	38	* Revision 1.2 1999/05/19 20:37:28 mdw
	39	* Track gratuitous change in mdwopt interface.
	40	*
	41	* Revision 1.1.1.1 1999/04/06 20:12:07 mdw
	42	* Import new project.
efa7a97b	43	*
	44	*/
	45
	46	/----- Header files ------------------------------------------------------/
	47
	48	#include <errno.h>
	49	#include <stdio.h>
	50	#include <stdlib.h>
	51	#include <string.h>
	52
	53	#include <sys/types.h>
	54	#include <sys/stat.h>
	55	#include <unistd.h>
	56	#include <pwd.h>
	57
	58	#include <mLib/alloc.h>
	59	#include <mLib/dstr.h>
	60	#include <mLib/mdwopt.h>
	61	#include <mLib/quis.h>
	62	#include <mLib/report.h>
	63
d7b5ee0c	64	#include "checkpath.h"
efa7a97b	65
	66	/----- Static variables --------------------------------------------------/
	67
	68	static uid_t me;
d7b5ee0c	69	static struct checkpath cp;
efa7a97b	70	static struct passwd *pw;
	71
	72	/----- Main code ---------------------------------------------------------/
	73
	74	/* --- @ok@ --- *
	75	*
	76	* Arguments: @const char *p@ = pathname to check
	77	* @int *f@ = try-to-create flag
	78	*
	79	* Returns: Nonzero if the directory is OK
	80	*
	81	* Use: Ensures that a directory is OK. If @f@ is a real pointer,
	82	* and @*f@ is set, then try to create the directory.
	83	*/
	84
	85	static int ok(const char p, int f)
	86	{
	87	struct stat st;
	88
	89	/* --- Read the directory status --- */
	90
	91	if (lstat(p, &st)) {
	92
	93	/* --- Maybe create it if it doesn't exist --- */
	94
	95	if (errno != ENOENT \|\| !f \|\| !*f)
	96	return (0);
	97	if (mkdir(p, 0700)) {
	98	*f = 0;
	99	return (0);
	100	}
	101
	102	/* --- Now read the new status --- *
	103	*
	104	* This fixes a race condition between the previous @lstat@ call and
	105	* the @mkdir@.
	106	*/
	107
	108	if (lstat(p, &st))
	109	return (0);
	110	}
	111
	112	/* --- Make sure the directory is good --- *
	113	*
	114	* It must be a genuine directory (not a link); it must be readable
	115	* and writable only by its owner, and that owner must be me.
	116	*/
	117
	118	if (S_ISDIR(st.st_mode) && (st.st_mode & 0777) == 0700 && st.st_uid == me)
	119	return (1);
	120	return (0);
	121	}
	122
	123	/* --- @trytmp@ --- *
	124	*
	125	* Arguments: @const char *parent@ = parent directory name
	126	* @const char *base@ = subdirectory base name
	127	*
	128	* Returns: Pointer to directory name, or null. (String needs freeing.)
	129	*
	130	* Use: Tries to find or create an appropriate temporary directory.
	131	*/
	132
	133	static char trytmp(const char parent, const char *base)
134	{
135	static char c[] = { "0123456789"
136	"abcdefghijklmnopqrstuvwxyz"
137	"ABCDEFGHIJKLMNOPQRSTUVWXYZ" };
138	char p, q;
139	char *qq;
72462155	140	dstr d = DSTR_INIT;
efa7a97b	141	int createflag = 1;
	142
	143	/* --- Make sure the parent directory is sane --- *
	144	*
	145	* Must make sure that all the lead-up to the temporary directory is safe.
	146	* Otherwise other people can play with symlinks or rename directories
	147	* after I've done all this careful work to make the endpoint directory
	148	* safe.
	149	*/
	150
d7b5ee0c	151	if (checkpath(parent, &cp))
efa7a97b	152	return (0);
	153
	154	/* --- See whether the trivial version will work --- */
	155
efa7a97b	156	dstr_putf(&d, "%s/%s", parent, base);
	157	if (ok(d.buf, &createflag))
	158	goto good;
	159
	160	/* --- Now try with various suffixes --- */
	161
	162	DENSURE(&d, 4);
	163	qq = d.buf + d.len;
	164	*qq++ = '-';
	165
	166	for (p = c; *p; p++) {
	167	qq[0] = *p;
	168	qq[1] = 0;
	169	if (ok(d.buf, &createflag))
	170	goto good;
	171	for (q = c; *q; q++) {
	172	qq[1] = *q;
	173	qq[2] = 0;
	174	if (ok(d.buf, &createflag))
	175	goto good;
	176	}
	177	}
	178
	179	/* --- No joy --- */
	180
	181	dstr_destroy(&d);
	182	return (0);
	183
	184	good:
	185	p = xstrdup(d.buf);
	186	dstr_destroy(&d);
	187	return (p);
	188	}
	189
	190	/* --- @fullcheck@ --- *
	191	*
	192	* Arguments: @const char *p@ = pointer to path to check
	193	*
	194	* Returns: Zero if it's a bad directory.
	195	*
	196	* Use: Runs a thorough check on a directory.
	197	*/
	198
	199	static int fullcheck(const char *p)
	200	{
d7b5ee0c	201	return (checkpath(p, &cp) == 0 && ok(p, 0));
efa7a97b	202	}
	203
	204	/* --- @goodtmp@ --- *
	205	*
	206	* Arguments: ---
	207	*
	208	* Returns: Pointer to a known-good secure temporary directory, or
	209	* null.
	210	*
	211	* Use: Finds a good place to store temporary files.
	212	*/
	213
	214	static char *goodtmp(void)
	215	{
	216	char p, q;
	217
	218	/* --- First of all, try the user's current choice --- */
	219
	220	if ((p = getenv("TMPDIR")) != 0 && fullcheck(p))
	221	return (p);
	222
	223	/* --- Try making a directory in `/tmp' --- */
	224
	225	if (!(q = getenv("USER")) && !(q = getenv("LOGNAME")))
	226	q = pw->pw_name;
	227	if ((q = trytmp("/tmp", q)) != 0)
	228	return (q);
	229
	230	/* --- That failed: try a directory in the user's home --- */
	231
	232	if (!(q = getenv("HOME")))
	233	q = pw->pw_dir;
	234	if ((q = trytmp(q, "tmp")) != 0)
	235	return (q);
	236
	237	/* --- Still no joy: give up --- *
	238	*
	239	* To be fair, if the user can't find a safe place in his own home
	240	* directory then he's pretty stuffed.
	241	*/
	242
	243	return (0);
	244	}
	245
	246	/* --- @usage@ --- */
	247
	248	static void usage(FILE *fp)
	249	{
	250	fprintf(fp, "Usage: %s [-bc] [-v PATH]\n", QUIS);
	251	}
	252
	253	/* --- @version@ --- */
	254
	255	static void version(FILE *fp)
	256	{
	257	fprintf(fp, "%s version %s\n", QUIS, VERSION);
	258	}
	259
	260	/* --- @help@ --- */
	261
	262	static void help(FILE *fp)
	263	{
	264	version(fp);
	265	putc('\n', fp);
266	usage(fp);
267	fputs("\n\
268	Sets a suitable and secure temporary directory, or checks that a given\n\
269	directory is suitable for use with temporary files. A directory is\n\
270	considered good for a particular user if it's readable and writable only\n\
271	by that user, and if all its parents are modifiable only by the user or\n\
272	root.\n\
273	\n\
274	Options supported:\n\
275	\n\
276	-h, --help Display this help text.\n\
277	-V, --version Display the program's version number.\n\
278	-u, --usage Display a terse usage summary.\n\
279	\n\
280	-b, --bourne Output a `TMPDIR' setting for Bourne shell users.\n\
281	-c, --cshell Output a `TMPDIR' setting for C shell users.\n\
282	-v, --verify PATH Check whether PATH is good, setting exit status.\n\
283	\n\
284	The default action is to examine the caller's shell and output a suitable\n\
285	setting for that shell type.\n\
286	",
287	fp);
288	}
289
290	/* --- @main@ --- *
291	*
292	* Arguments: @int argc@ = number of command line arguments
293	* @char *argv[]@ = the actual argument strings
294	*
295	* Returns: Zero if all went well, else nonzero.
296	*
297	* Use: Performs helpful operations on temporary directories.
298	*/
299
300	int main(int argc, char *argv[])
301	{
302	int shell = 0;
303	int duff = 0;
304
305	enum {
306	sh_unknown,
307	sh_bourne,
308	sh_csh
309	};
310
311	/* --- Initialize variables --- */
312
313	ego(argv[0]);
314	me = getuid();
315	cp.cp_what = CP_WRWORLD \| CP_WRGRP \| CP_WROTHUSR \| CP_STICKYOK;
316	cp.cp_verbose = 0;
317	cp.cp_report = 0;
d7b5ee0c	318	checkpath_setids(&cp);
efa7a97b	319	pw = getpwuid(me);
	320	if (!pw)
	321	die(1, "you don't exist");
	322
	323	/* --- Parse arguments --- */
	324
	325	for (;;) {
	326	static struct option opts[] = {
	327	{ "help", 0, 0, 'h' },
	328	{ "version", 0, 0, 'V' },
	329	{ "usage", 0, 0, 'u' },
	330	{ "bourne", 0, 0, 'b' },
	331	{ "cshell", 0, 0, 'c' },
cef4f797	332	{ "verify", OPTF_ARGREQ, 0, 'v' },
efa7a97b	333	{ 0, 0, 0, 0 }
	334	};
	335	int i = mdwopt(argc, argv, "hVu bcv:", opts, 0, 0, 0);
	336
	337	if (i < 0)
	338	break;
	339	switch (i) {
	340	case 'h':
	341	help(stdout);
	342	exit(0);
	343	case 'V':
	344	version(stdout);
	345	exit(0);
	346	case 'u':
	347	usage(stdout);
	348	exit(0);
	349	case 'b':
	350	shell = sh_bourne;
	351	break;
	352	case 'c':
	353	shell = sh_csh;
	354	break;
	355	case 'v':
	356	return (!fullcheck(optarg));
	357	break;
	358	default:
	359	duff = 1;
	360	break;
	361	}
	362	}
	363
	364	if (duff \|\| optind != argc) {
	365	usage(stderr);
	366	exit(1);
	367	}
	368
	369	/* --- Choose a shell --- */
	370
	371	if (!shell) {
	372	char *p;
	373	if (!(p = getenv("SHELL")))
	374	p = pw->pw_shell;
	375	if (strstr(p, "csh"))
	376	shell = sh_csh;
	377	else
	378	shell = sh_bourne;
	379	}
	380
	381	/* --- Start the checking --- */
	382
	383	{
	384	char *p = goodtmp();
	385	if (!p)
	386	die(1, "no good tmp directory");
	387	switch (shell) {
	388	case sh_bourne:
	389	printf("TMPDIR=\"%s\"; export TMPDIR\n", p);
	390	break;
	391	case sh_csh:
	392	printf("setenv TMPDIR \"%s\"\n", p);
	393	break;
	394	}
	395	}
	396
397	return (0);
398	}
399
400	/----- That's all, folks -------------------------------------------------/