/* -*-c-*-
*
- * $Id: checkpath.h,v 1.2 2001/01/25 22:16:02 mdw Exp $
- *
* Check a path for safety
*
* (c) 1999 Mark Wooding
*/
-/*----- Licensing notice --------------------------------------------------*
+/*----- Licensing notice --------------------------------------------------*
*
* This file is part of chkpath.
*
* it under the terms of the GNU General Public License as published by
* the Free Software Foundation; either version 2 of the License, or
* (at your option) any later version.
- *
+ *
* chkpath is distributed in the hope that it will be useful,
* but WITHOUT ANY WARRANTY; without even the implied warranty of
* MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
* GNU General Public License for more details.
- *
+ *
* You should have received a copy of the GNU General Public License
* along with chkpath; if not, write to the Free Software Foundation,
* Inc., 59 Temple Place - Suite 330, Boston, MA 02111-1307, USA.
*/
-/*----- Revision history --------------------------------------------------*
- *
- * $Log: checkpath.h,v $
- * Revision 1.2 2001/01/25 22:16:02 mdw
- * Make flags be unsigned.
- *
- * Revision 1.1.1.1 1999/04/06 20:12:07 mdw
- * Import new project.
- *
- */
-
-#ifndef PATH_H
-#define PATH_H
+#ifndef CHECKPATH_H
+#define CHECKPATH_H
#ifdef __cplusplus
extern "C" {
* looked for, and what to do when they're found.
*/
-struct chkpath {
+struct checkpath {
uid_t cp_uid; /* Uid that's considered OK */
gid_t cp_gid[NGROUPS_MAX + 1]; /* Array of groups that are OK */
int cp_gids; /* Number of groups in the array */
int cp_verbose; /* Verbosity level to spit up */
unsigned cp_what; /* What things to check for */
- void (*cp_report)(int /*what*/, int /*verb*/,
+ void (*cp_report)(unsigned /*what*/, int /*verb*/,
const char */*dir*/, const char */*msg*/,
void */*p*/);
void *cp_arg; /* Argument for cp_report */
/* --- Flags for `@what@' fields in the above --- */
-#define CP_ERROR 1u /* Error report */
-#define CP_WRWORLD 2u /* Check write by world */
-#define CP_WRGRP 4u /* Check write by any group */
-#define CP_WROTHGRP 8u /* Check write by other group */
-#define CP_WROTHUSR 16u /* Check write by other user */
-#define CP_SYMLINK 32u /* Report symbolic links */
-#define CP_REPORT 64u /* Make user-readable reports */
-#define CP_STICKYOK 128u /* Don't care if sticky is set */
+/* Problem types */
+#define CP_PROBLEMS 0x1fu /* Mask of problem bits */
+#define CP_ERROR 0x01u /* Error report */
+#define CP_WRWORLD 0x02u /* Check write by world */
+#define CP_WRGRP 0x04u /* Check write by any group */
+#define CP_WROTHGRP 0x08u /* Check write by other group */
+#define CP_WROTHUSR 0x10u /* Check write by other user */
+
+/* Other flags */
+#define CP_SYMLINK 0x100u /* Report symbolic links */
+#define CP_REPORT 0x200u /* Make user-readable reports */
+#define CP_STICKYOK 0x400u /* Don't care if sticky is set */
/*----- Functions provided ------------------------------------------------*/
-/* --- @path_check@ --- *
+/* --- @checkpath@ --- *
*
* Arguments: @const char *p@ = directory name which needs checking
- * @struct chkpath *cp@ = caller parameters for the check
+ * @const struct checkpath *cp@ = parameters for the check
*
* Returns: Zero if all is well, otherwise bitmask of problems.
*
* users could do to it.
*/
-extern int path_check(const char */*p*/, struct chkpath */*cp*/);
+extern unsigned checkpath(const char */*p*/, const struct checkpath */*cp*/);
+
+/* --- @checkpath_addgid@ --- *
+ *
+ * Arguments: @struct checkpath *cp@ = pointer to block to fill in
+ * @gid_t g@ = group id to add
+ *
+ * Returns: Zero if successful, nonzero if the array is full.
+ *
+ * Use: Adds the group @g@ to the structure.
+ */
+
+extern int checkpath_addgid(struct checkpath */*cp*/, gid_t /*g*/);
+
+/* --- @checkpath_setuid@ --- *
+ *
+ * Arguments: @struct checkpath *cp@ = pointer to block to fill in
+ *
+ * Returns: ---
+ *
+ * Use: Fills in the @cp_uid@ slot of the structure with the real uid
+ * of the current process.
+ */
+
+extern void checkpath_setuid(struct checkpath */*cp*/);
+
+/* --- @checkpath_setgid@ --- *
+ *
+ * Arguments: @struct checkpath *cp@ = pointer to block to fill in
+ *
+ * Returns: Zero if successful, nonzero if the array is full.
+ *
+ * Use: Adds the real gid of the current process to the @cp_gid@
+ * array.
+ */
+
+extern int checkpath_setgid(/*cp*/);
+
+/* --- @checkpath_setgroups@ --- *
+ *
+ * Arguments: @struct checkpath *cp@ = pointer to block to fill in
+ *
+ * Returns: Zero if successful, nonzero if the array is full.
+ *
+ * Use: Adds the current process's supplementary groups to the
+ * @cp_gid@ table.
+ */
+
+extern int checkpath_setgroups(struct checkpath */*cp*/);
-/* --- @path_setids@ --- *
+/* --- @checkpath_setids@ --- *
*
- * Arguments: @struct chkpath *cp@ = pointer to block to fill in
+ * Arguments: @struct checkpath *cp@ = pointer to block to fill in
*
* Returns: ---
*
- * Use: Fills in the user ids and things in the structure.
+ * Use: Fills in the user ids and things in the structure. This is
+ * equivalent to setting @cp_gids = 0@ and then calling
+ * @_setuid@, @_setgid@ and @_setgroups@. It can't fail.
*/
-extern void path_setids(struct chkpath */*cp*/);
+extern void checkpath_setids(struct checkpath */*cp*/);
/*----- That's all, folks -------------------------------------------------*/