X-Git-Url: https://git.distorted.org.uk/~mdw/checkpath/blobdiff_plain/7868d789c2b2f6a074b7fc14cd4dc482957c90b5..HEAD:/checkpath.h diff --git a/checkpath.h b/checkpath.h index 74cd0f5..5b2e938 100644 --- a/checkpath.h +++ b/checkpath.h @@ -1,13 +1,11 @@ /* -*-c-*- * - * $Id: checkpath.h,v 1.2 2001/01/25 22:16:02 mdw Exp $ - * * Check a path for safety * * (c) 1999 Mark Wooding */ -/*----- Licensing notice --------------------------------------------------* +/*----- Licensing notice --------------------------------------------------* * * This file is part of chkpath. * @@ -15,30 +13,19 @@ * it under the terms of the GNU General Public License as published by * the Free Software Foundation; either version 2 of the License, or * (at your option) any later version. - * + * * chkpath is distributed in the hope that it will be useful, * but WITHOUT ANY WARRANTY; without even the implied warranty of * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the * GNU General Public License for more details. - * + * * You should have received a copy of the GNU General Public License * along with chkpath; if not, write to the Free Software Foundation, * Inc., 59 Temple Place - Suite 330, Boston, MA 02111-1307, USA. */ -/*----- Revision history --------------------------------------------------* - * - * $Log: checkpath.h,v $ - * Revision 1.2 2001/01/25 22:16:02 mdw - * Make flags be unsigned. - * - * Revision 1.1.1.1 1999/04/06 20:12:07 mdw - * Import new project. - * - */ - -#ifndef PATH_H -#define PATH_H +#ifndef CHECKPATH_H +#define CHECKPATH_H #ifdef __cplusplus extern "C" { @@ -57,13 +44,13 @@ * looked for, and what to do when they're found. */ -struct chkpath { +struct checkpath { uid_t cp_uid; /* Uid that's considered OK */ gid_t cp_gid[NGROUPS_MAX + 1]; /* Array of groups that are OK */ int cp_gids; /* Number of groups in the array */ int cp_verbose; /* Verbosity level to spit up */ unsigned cp_what; /* What things to check for */ - void (*cp_report)(int /*what*/, int /*verb*/, + void (*cp_report)(unsigned /*what*/, int /*verb*/, const char */*dir*/, const char */*msg*/, void */*p*/); void *cp_arg; /* Argument for cp_report */ @@ -71,21 +58,25 @@ struct chkpath { /* --- Flags for `@what@' fields in the above --- */ -#define CP_ERROR 1u /* Error report */ -#define CP_WRWORLD 2u /* Check write by world */ -#define CP_WRGRP 4u /* Check write by any group */ -#define CP_WROTHGRP 8u /* Check write by other group */ -#define CP_WROTHUSR 16u /* Check write by other user */ -#define CP_SYMLINK 32u /* Report symbolic links */ -#define CP_REPORT 64u /* Make user-readable reports */ -#define CP_STICKYOK 128u /* Don't care if sticky is set */ +/* Problem types */ +#define CP_PROBLEMS 0x1fu /* Mask of problem bits */ +#define CP_ERROR 0x01u /* Error report */ +#define CP_WRWORLD 0x02u /* Check write by world */ +#define CP_WRGRP 0x04u /* Check write by any group */ +#define CP_WROTHGRP 0x08u /* Check write by other group */ +#define CP_WROTHUSR 0x10u /* Check write by other user */ + +/* Other flags */ +#define CP_SYMLINK 0x100u /* Report symbolic links */ +#define CP_REPORT 0x200u /* Make user-readable reports */ +#define CP_STICKYOK 0x400u /* Don't care if sticky is set */ /*----- Functions provided ------------------------------------------------*/ -/* --- @path_check@ --- * +/* --- @checkpath@ --- * * * Arguments: @const char *p@ = directory name which needs checking - * @struct chkpath *cp@ = caller parameters for the check + * @const struct checkpath *cp@ = parameters for the check * * Returns: Zero if all is well, otherwise bitmask of problems. * @@ -93,18 +84,68 @@ struct chkpath { * users could do to it. */ -extern int path_check(const char */*p*/, struct chkpath */*cp*/); +extern unsigned checkpath(const char */*p*/, const struct checkpath */*cp*/); + +/* --- @checkpath_addgid@ --- * + * + * Arguments: @struct checkpath *cp@ = pointer to block to fill in + * @gid_t g@ = group id to add + * + * Returns: Zero if successful, nonzero if the array is full. + * + * Use: Adds the group @g@ to the structure. + */ + +extern int checkpath_addgid(struct checkpath */*cp*/, gid_t /*g*/); + +/* --- @checkpath_setuid@ --- * + * + * Arguments: @struct checkpath *cp@ = pointer to block to fill in + * + * Returns: --- + * + * Use: Fills in the @cp_uid@ slot of the structure with the real uid + * of the current process. + */ + +extern void checkpath_setuid(struct checkpath */*cp*/); + +/* --- @checkpath_setgid@ --- * + * + * Arguments: @struct checkpath *cp@ = pointer to block to fill in + * + * Returns: Zero if successful, nonzero if the array is full. + * + * Use: Adds the real gid of the current process to the @cp_gid@ + * array. + */ + +extern int checkpath_setgid(/*cp*/); + +/* --- @checkpath_setgroups@ --- * + * + * Arguments: @struct checkpath *cp@ = pointer to block to fill in + * + * Returns: Zero if successful, nonzero if the array is full. + * + * Use: Adds the current process's supplementary groups to the + * @cp_gid@ table. + */ + +extern int checkpath_setgroups(struct checkpath */*cp*/); -/* --- @path_setids@ --- * +/* --- @checkpath_setids@ --- * * - * Arguments: @struct chkpath *cp@ = pointer to block to fill in + * Arguments: @struct checkpath *cp@ = pointer to block to fill in * * Returns: --- * - * Use: Fills in the user ids and things in the structure. + * Use: Fills in the user ids and things in the structure. This is + * equivalent to setting @cp_gids = 0@ and then calling + * @_setuid@, @_setgid@ and @_setgroups@. It can't fail. */ -extern void path_setids(struct chkpath */*cp*/); +extern void checkpath_setids(struct checkpath */*cp*/); /*----- That's all, folks -------------------------------------------------*/