/* -*-c-*-
*
- * $Id: checkpath.c,v 1.4 2001/01/25 22:16:02 mdw Exp $
- *
* Check a path for safety
*
* (c) 1999 Mark Wooding
*/
-/*----- Licensing notice --------------------------------------------------*
+/*----- Licensing notice --------------------------------------------------*
*
* This file is part of chkpath.
*
* it under the terms of the GNU General Public License as published by
* the Free Software Foundation; either version 2 of the License, or
* (at your option) any later version.
- *
+ *
* chkpath is distributed in the hope that it will be useful,
* but WITHOUT ANY WARRANTY; without even the implied warranty of
* MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
* GNU General Public License for more details.
- *
+ *
* You should have received a copy of the GNU General Public License
* along with chkpath; if not, write to the Free Software Foundation,
* Inc., 59 Temple Place - Suite 330, Boston, MA 02111-1307, USA.
*/
-/*----- Revision history --------------------------------------------------*
- *
- * $Log: checkpath.c,v $
- * Revision 1.4 2001/01/25 22:16:02 mdw
- * Make flags be unsigned.
- *
- * Revision 1.3 1999/05/21 22:07:20 mdw
- * Take advantage of new dynamic string macros.
- *
- * Revision 1.2 1999/05/18 20:49:12 mdw
- * Use a dynamic string for reading symlinks.
- *
- * Revision 1.1.1.1 1999/04/06 20:12:07 mdw
- * Import new project.
- *
- */
-
/*----- Header files ------------------------------------------------------*/
+#include "config.h"
+
#include <errno.h>
#include <stdarg.h>
#include <stdio.h>
#include <mLib/alloc.h>
#include <mLib/dstr.h>
+#include <mLib/macros.h>
-#include "path.h"
+#include "checkpath.h"
/*----- Data structures ---------------------------------------------------*/
*/
static void popall(void)
-{
- while (sp->e_link)
- pop();
-}
+ { while (sp->e_link) pop(); }
/* --- @push@ --- *
*
/* --- @report@ --- *
*
- * Arguments: @struct chkpath *cp@ = pointer to context
- * @int what@ = what sort of report is this?
+ * Arguments: @const struct checkpath *cp@ = pointer to context
+ * @unsigned what@ = what sort of report is this?
* @int verbose@ = how verbose is this?
* @const char *p@ = what path does it refer to?
* @const char *msg@ = the message to give to the user
* Use: Formats and presents messages to the client.
*/
-static void report(struct chkpath *cp, int what, int verbose,
+static void report(const struct checkpath *cp, unsigned what, int verbose,
const char *p, const char *msg, ...)
{
+ dstr d = DSTR_INIT;
+ va_list ap;
+ const char *q = msg;
+ const char *s;
+ size_t n;
+ int e = errno;
+ uid_t u;
+ struct passwd *pw;
+ gid_t g;
+ struct group *gr;
+
/* --- Decide whether to bin this message --- */
if (!cp->cp_report || verbose > cp->cp_verbose || !(cp->cp_what & what))
return;
+ /* --- If no reporting, do the easy thing --- */
+
+ if (!(cp->cp_what & CP_REPORT)) {
+ cp->cp_report(what, verbose, p, 0, cp->cp_arg);
+ return;
+ }
+
/* --- Format the message nicely --- */
- if (cp->cp_what & CP_REPORT) {
- dstr d = DSTR_INIT;
- va_list ap;
- const char *q = msg;
- size_t n;
- int e = errno;
-
- va_start(ap, msg);
- if (verbose > 1)
- dstr_puts(&d, "[ ");
- if (p)
- dstr_putf(&d, "Path: %s: ", p);
- while (*q) {
- if (*q == '%') {
- q++;
- switch (*q) {
- case 'e':
- dstr_puts(&d, strerror(e));
- break;
- case 'u': {
- uid_t u = (uid_t)va_arg(ap, int);
- struct passwd *pw = getpwuid(u);
- if (pw)
- dstr_putf(&d, "`%s'", pw->pw_name);
- else
- dstr_putf(&d, "%i", (int)u);
- } break;
- case 'g': {
- gid_t g = (gid_t)va_arg(ap, int);
- struct group *gr = getgrgid(g);
- if (gr)
- dstr_putf(&d, "`%s'", gr->gr_name);
- else
- dstr_putf(&d, "%i", (int)g);
- } break;
- case 's': {
- const char *s = va_arg(ap, const char *);
- dstr_puts(&d, s);
- } break;
- case '%':
- dstr_putc(&d, '%');
- break;
- default:
- dstr_putc(&d, '%');
- dstr_putc(&d, *q);
- break;
- }
- q++;
- } else {
- n = strcspn(q, "%");
- DPUTM(&d, q, n);
- q += n;
+ va_start(ap, msg);
+ if (verbose > 1)
+ dstr_puts(&d, "[ ");
+ if (p)
+ dstr_putf(&d, "Path: %s: ", p);
+ while (*q) {
+ if (*q == '%') {
+ q++;
+ switch (*q) {
+ case 'e':
+ dstr_puts(&d, strerror(e));
+ break;
+ case 'u':
+ u = (uid_t)va_arg(ap, int);
+ if ((pw = getpwuid(u)) != 0)
+ dstr_putf(&d, "`%s'", pw->pw_name);
+ else
+ dstr_putf(&d, "%i", (int)u);
+ break;
+ case 'g':
+ g = (gid_t)va_arg(ap, int);
+ if ((gr = getgrgid(g)) != 0)
+ dstr_putf(&d, "`%s'", gr->gr_name);
+ else
+ dstr_putf(&d, "%i", (int)g);
+ break;
+ case 's':
+ s = va_arg(ap, const char *);
+ dstr_puts(&d, s);
+ break;
+ case '%':
+ dstr_putc(&d, '%');
+ break;
+ default:
+ dstr_putc(&d, '%');
+ dstr_putc(&d, *q);
+ break;
}
+ q++;
+ } else {
+ n = strcspn(q, "%");
+ DPUTM(&d, q, n);
+ q += n;
}
- if (verbose > 1)
- dstr_puts(&d, " ]");
- DPUTZ(&d);
- cp->cp_report(what, verbose, p, d.buf, cp->cp_arg);
- dstr_destroy(&d);
- va_end(ap);
- } else
- cp->cp_report(what, verbose, p, 0, cp->cp_arg);
+ }
+ if (verbose > 1)
+ dstr_puts(&d, " ]");
+ DPUTZ(&d);
+ cp->cp_report(what, verbose, p, d.buf, cp->cp_arg);
+ dstr_destroy(&d);
+ va_end(ap);
}
/* --- @sanity@ --- *
*
* Arguments: @const char *p@ = name of directory to check
* @struct stat *st@ = pointer to @stat@(2) block for it
- * @struct chkpath *cp@ = pointer to caller parameters
+ * @const struct checkpath *cp@ = pointer to caller parameters
* @unsigned f@ = various flags
*
* Returns: Zero if everything's OK, else bitmask of problems.
* Use: Performs the main load of sanity-checking on a directory.
*/
-static int sanity(const char *p, struct stat *st,
- struct chkpath *cp, unsigned f)
+static unsigned sanity(const char *p, struct stat *st,
+ const struct checkpath *cp, unsigned f)
{
- int bad = 0;
- int sticky = (cp->cp_what & CP_STICKYOK) || !(f & f_last) ? 01000 : 0;
+ unsigned bad = 0;
+ int stickyok = 0;
+ int i;
+ unsigned b;
+
+ if (S_ISDIR(st->st_mode) &&
+ (!(f & f_last) || (cp->cp_what & CP_STICKYOK)))
+ stickyok = 01000;
/* --- Check for world-writability --- */
if ((cp->cp_what & CP_WRWORLD) &&
- (st->st_mode & (0002 | sticky)) == 0002) {
+ (st->st_mode & (0002 | stickyok)) == 0002) {
bad |= CP_WRWORLD;
report(cp, CP_WRWORLD, 1, p, "** world writable **");
}
/* --- Check for group-writability --- */
if ((cp->cp_what & (CP_WRGRP | CP_WROTHGRP)) &&
- (st->st_mode & (0020 | sticky)) == 0020) {
- if (cp->cp_what & CP_WRGRP) {
- bad |= CP_WRGRP;
- report(cp, CP_WRGRP, 1, p, "writable by group %g", st->st_gid);
- } else {
- int i;
+ (st->st_mode & (0020 | stickyok)) == 0020) {
+ b = CP_WRGRP;
+
+ if (cp->cp_what & CP_WROTHGRP) {
+ b = CP_WROTHGRP;
for (i = 0; i < cp->cp_gids; i++) {
if (st->st_gid == cp->cp_gid[i])
- goto good_gid;
+ b = cp->cp_what & CP_WRGRP;
}
- bad |= CP_WROTHGRP;
- report(cp, CP_WROTHGRP, 1, p, "writable by group %g", st->st_gid);
- good_gid:;
+ }
+ if (b) {
+ bad |= b;
+ report(cp, b, 1, p, "writable by %sgroup %g",
+ (b == CP_WROTHGRP) ? "other " : "", st->st_gid);
}
}
return (bad);
}
-/* --- @path_check@ --- *
+/* --- @checkpath@ --- *
*
* Arguments: @const char *p@ = directory name which needs checking
- * @struct chkpath *cp@ = caller parameters for the check
+ * @const struct checkpath *cp@ = parameters for the check
*
* Returns: Zero if all is well, otherwise bitmask of problems.
*
* users could do to it.
*/
-int path_check(const char *p, struct chkpath *cp)
+unsigned checkpath(const char *p, const struct checkpath *cp)
{
char cwd[PATH_MAX];
struct elt *e, *ee;
struct stat st;
- int bad = 0;
+ unsigned bad = 0;
/* --- Initialize stack pointer and path string --- */
return (bad);
}
-/* --- @path_setids@ --- *
+/* --- @checkpath_addgid@ --- *
*
- * Arguments: @struct chkpath *cp@ = pointer to block to fill in
+ * Arguments: @struct checkpath *cp@ = pointer to block to fill in
+ * @gid_t g@ = group id to add
*
- * Returns: Zero if OK, else @-1@.
+ * Returns: Zero if successful, nonzero if the array is full.
*
- * Use: Fills in the user ids and things in the structure.
+ * Use: Adds the group @g@ to the structure.
*/
-void path_setids(struct chkpath *cp)
+int checkpath_addgid(struct checkpath *cp, gid_t g)
{
- int n, i;
- gid_t g = getgid();
+ int i;
- cp->cp_uid = getuid();
- n = getgroups(sizeof(cp->cp_gid) / sizeof(cp->cp_gid[0]), cp->cp_gid);
-
- for (i = 0; i < n; i++) {
+ for (i = 0; i < cp->cp_gids; i++) {
if (cp->cp_gid[i] == g)
- goto gid_ok;
+ return (0);
+ }
+ if (cp->cp_gids >= N(cp->cp_gid))
+ return (-1);
+ cp->cp_gid[cp->cp_gids++] = g;
+ return (0);
+}
+
+/* --- @checkpath_setuid@ --- *
+ *
+ * Arguments: @struct checkpath *cp@ = pointer to block to fill in
+ *
+ * Returns: ---
+ *
+ * Use: Fills in the @cp_uid@ slot of the structure with the real uid
+ * of the current process.
+ */
+
+void checkpath_setuid(struct checkpath *cp) { cp->cp_uid = getuid(); }
+
+/* --- @checkpath_setgid@ --- *
+ *
+ * Arguments: @struct checkpath *cp@ = pointer to block to fill in
+ *
+ * Returns: Zero if successful, nonzero if the array is full.
+ *
+ * Use: Adds the real gid of the current process to the @cp_gid@
+ * array.
+ */
+
+int checkpath_setgid(struct checkpath *cp)
+ { return (checkpath_addgid(cp, getgid())); }
+
+/* --- @checkpath_setgroups@ --- *
+ *
+ * Arguments: @struct checkpath *cp@ = pointer to block to fill in
+ *
+ * Returns: Zero if successful, nonzero if the array is full.
+ *
+ * Use: Adds the current process's supplementary groups to the
+ * @cp_gid@ table.
+ */
+
+int checkpath_setgroups(struct checkpath *cp)
+{
+ int i, n;
+ gid_t gg[NGROUPS_MAX];
+
+ n = getgroups(N(gg), gg);
+ for (i = 0; i < n; i++) {
+ if (checkpath_addgid(cp, gg[i]))
+ return (-1);
}
- cp->cp_gid[n++] = g;
-gid_ok:
- cp->cp_gids = n;
+ return (0);
+}
+
+/* --- @checkpath_setids@ --- *
+ *
+ * Arguments: @struct checkpath *cp@ = pointer to block to fill in
+ *
+ * Returns: ---
+ *
+ * Use: Fills in the user ids and things in the structure. This is
+ * equivalent to setting @cp_gids = 0@ and then calling
+ * @_setuid@, @_setgid@ and @_setgroups@. It can't fail.
+ */
+
+void checkpath_setids(struct checkpath *cp)
+{
+ cp->cp_gids = 0;
+ checkpath_setuid(cp);
+ checkpath_setgid(cp);
+ checkpath_setgroups(cp);
}
/*----- That's all, folks -------------------------------------------------*/
~mdw / checkpath / blobdiff