3 * Choose and check temporary directories
5 * (c) 1999 Mark Wooding
8 /*----- Licensing notice --------------------------------------------------*
10 * This file is part of chkpath.
12 * chkpath is free software; you can redistribute it and/or modify
13 * it under the terms of the GNU General Public License as published by
14 * the Free Software Foundation; either version 2 of the License, or
15 * (at your option) any later version.
17 * chkpath is distributed in the hope that it will be useful,
18 * but WITHOUT ANY WARRANTY; without even the implied warranty of
19 * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
20 * GNU General Public License for more details.
22 * You should have received a copy of the GNU General Public License
23 * along with chkpath; if not, write to the Free Software Foundation,
24 * Inc., 59 Temple Place - Suite 330, Boston, MA 02111-1307, USA.
27 /*----- Header files ------------------------------------------------------*/
37 #include <sys/types.h>
43 #include <mLib/alloc.h>
44 #include <mLib/dstr.h>
45 #include <mLib/macros.h>
46 #include <mLib/mdwopt.h>
47 #include <mLib/quis.h>
48 #include <mLib/report.h>
50 #include "checkpath.h"
52 /*----- Static variables --------------------------------------------------*/
55 static struct checkpath cp
;
56 static struct passwd
*pw
;
58 /*----- Main code ---------------------------------------------------------*/
62 * Arguments: @const char *p@ = pathname to check
63 * @int *f@ = try-to-create flag
65 * Returns: Nonzero if the directory is OK
67 * Use: Ensures that a directory is OK. If @f@ is a real pointer,
68 * and @*f@ is set, then try to create the directory.
71 static int ok(const char *p
, int *f
)
75 /* --- Read the directory status --- */
79 /* --- Maybe create it if it doesn't exist --- */
81 if (errno
!= ENOENT
|| !f
|| !*f
)
88 /* --- Now read the new status --- *
90 * This fixes a race condition between the previous @lstat@ call and
98 /* --- Make sure the directory is good --- *
100 * It must be a genuine directory (not a link); it must be readable
101 * and writable only by its owner, and that owner must be me.
104 if (S_ISDIR(st
.st_mode
) && (st
.st_mode
& 0777) == 0700 && st
.st_uid
== me
)
109 /* --- @trytmp@ --- *
111 * Arguments: @const char *parent@ = parent directory name
112 * @const char *base@ = subdirectory base name
114 * Returns: Pointer to directory name, or null. (String needs freeing.)
116 * Use: Tries to find or create an appropriate temporary directory.
119 static char *trytmp(const char *parent
, const char *base
)
121 static char c
[] = { "0123456789"
122 "abcdefghijklmnopqrstuvwxyz"
123 "ABCDEFGHIJKLMNOPQRSTUVWXYZ" };
129 /* --- Make sure the parent directory is sane --- *
131 * Must make sure that all the lead-up to the temporary directory is safe.
132 * Otherwise other people can play with symlinks or rename directories
133 * after I've done all this careful work to make the endpoint directory
137 if (checkpath(parent
, &cp
))
140 /* --- See whether the trivial version will work --- */
142 dstr_putf(&d
, "%s/%s", parent
, base
);
143 if (ok(d
.buf
, &createflag
))
146 /* --- Now try with various suffixes --- */
152 for (p
= c
; *p
; p
++) {
155 if (ok(d
.buf
, &createflag
))
157 for (q
= c
; *q
; q
++) {
160 if (ok(d
.buf
, &createflag
))
176 /* --- @fullcheck@ --- *
178 * Arguments: @const char *p@ = pointer to path to check
180 * Returns: Zero if it's a bad directory.
182 * Use: Runs a thorough check on a directory.
185 static int fullcheck(const char *p
)
186 { return (checkpath(p
, &cp
) == 0 && ok(p
, 0)); }
188 /* --- @goodtmp@ --- *
192 * Returns: Pointer to a known-good secure temporary directory, or
195 * Use: Finds a good place to store temporary files.
198 static char *goodtmp(void)
202 /* --- First of all, try the user's current choice --- */
204 if ((p
= getenv("TMPDIR")) != 0 && fullcheck(p
))
207 /* --- Try making a directory in `/tmp' --- */
209 if ((q
= trytmp("/tmp", pw
->pw_name
)) != 0)
212 /* --- That failed: try a directory in the user's home --- */
214 if ((q
= trytmp(pw
->pw_dir
, "tmp")) != 0)
217 /* --- Still no joy: give up --- *
219 * To be fair, if the user can't find a safe place in his own home
220 * directory then he's pretty stuffed.
226 /* --- @report@ --- */
228 static void report(unsigned what
, int verbose
,
229 const char *p
, const char *msg
,
233 /* --- @usage@ --- */
235 static void usage(FILE *fp
)
236 { fprintf(fp
, "Usage: %s [-bc] [-v PATH]\n", QUIS
); }
238 /* --- @version@ --- */
240 static void version(FILE *fp
)
241 { fprintf(fp
, "%s version %s\n", QUIS
, VERSION
); }
245 static void help(FILE *fp
)
251 Sets a suitable and secure temporary directory, or checks that a given\n\
252 directory is suitable for use with temporary files. A directory is\n\
253 considered good for a particular user if it's readable and writable only\n\
254 by that user, and if all its parents are modifiable only by the user or\n\
257 Options supported:\n\
259 -h, --help Display this help text.\n\
260 -V, --version Display the program's version number.\n\
261 -u, --usage Display a terse usage summary.\n\
263 -b, --bourne Output a `TMPDIR' setting for Bourne shell users.\n\
264 -c, --cshell Output a `TMPDIR' setting for C shell users.\n\
265 -v, --verbose Report problems to standard error.\n\
266 -g, --group NAME Trust group NAME to be honest and true.\n\
267 -C, --check PATH Check whether PATH is good, setting exit status.\n\
269 The default action is to examine the caller's shell and output a suitable\n\
270 setting for that shell type.\n\
275 /* --- @allowgroup@ --- *
277 * Arguments: @const char *gname@ = trust group @gname@
281 * Use: Adds the gid corresponding to @gname@ (which may be a number)
282 * to the list of things we trust.
285 static void allowgroup(const char *gname
)
291 /* --- Check for numeric group spec --- */
293 for (p
= gname
; *p
; p
++) {
294 if (!isdigit((unsigned char)*p
))
300 /* --- Look up a group by name --- */
303 if ((gr
= getgrnam(gname
)) == 0)
304 die(1, "group %s not found", gname
);
307 /* --- Insert the group into the table --- */
310 if (cp
.cp_gids
>= N(cp
.cp_gid
))
311 die(1, "too many groups");
312 cp
.cp_gid
[cp
.cp_gids
++] = g
;
317 * Arguments: @int argc@ = number of command line arguments
318 * @char *argv[]@ = the actual argument strings
320 * Returns: Zero if all went well, else nonzero.
322 * Use: Performs helpful operations on temporary directories.
325 int main(int argc
, char *argv
[])
337 /* --- Initialize variables --- */
341 cp
.cp_what
= (CP_WRWORLD
| CP_WROTHGRP
| CP_WROTHUSR
|
342 CP_STICKYOK
| CP_REPORT
);
344 cp
.cp_report
= report
;
345 checkpath_setids(&cp
);
346 cp
.cp_gids
= 0; /* ignore group membership */
349 die(1, "you don't exist");
351 /* --- Parse arguments --- */
354 static struct option opts
[] = {
355 { "help", 0, 0, 'h' },
356 { "version", 0, 0, 'V' },
357 { "usage", 0, 0, 'u' },
358 { "bourne", 0, 0, 'b' },
359 { "cshell", 0, 0, 'c' },
360 { "check", OPTF_ARGREQ
, 0, 'C' },
361 { "verify", OPTF_ARGREQ
, 0, 'C' },
362 { "verbose", 0, 0, 'v' },
363 { "trust-groups", 0, 0, 't' },
364 { "group", OPTF_ARGREQ
, 0, 'g' },
367 int i
= mdwopt(argc
, argv
, "hVu" "bcvtg:c:", opts
, 0, 0, 0);
388 return (!fullcheck(optarg
));
402 if (duff
|| optind
!= argc
) {
407 /* --- Choose a shell --- */
410 if (!(p
= getenv("SHELL")))
412 if (strstr(p
, "csh"))
418 /* --- Start the checking --- */
420 if ((p
= goodtmp()) == 0)
421 die(1, "no good tmp directory");
424 printf("TMPDIR=\"%s\"; export TMPDIR\n", p
);
427 printf("setenv TMPDIR \"%s\"\n", p
);
434 /*----- That's all, folks -------------------------------------------------*/
~mdw / checkpath / blob