diff options
author | Jakub Hrozek <jhrozek@redhat.com> | 2015-08-12 12:41:44 +0200 |
---|---|---|
committer | Jakub Hrozek <jhrozek@redhat.com> | 2015-08-14 23:44:09 +0200 |
commit | d95bcfe23c574de7b6b7b44b52a0d4db5cc8529a (patch) | |
tree | a2429446ec26e8a5fa71561800b2c369360af39a | |
parent | 619e21ed9c7a71e35e53f38867b53ed974f1d36a (diff) | |
download | sssd-d95bcfe23c574de7b6b7b44b52a0d4db5cc8529a.tar.gz sssd-d95bcfe23c574de7b6b7b44b52a0d4db5cc8529a.tar.xz sssd-d95bcfe23c574de7b6b7b44b52a0d4db5cc8529a.zip |
UTIL: Provide a common interface to safely create temporary files
Reviewed-by: Pavel Březina <pbrezina@redhat.com>
-rw-r--r-- | src/tests/cmocka/test_utils.c | 175 | ||||
-rw-r--r-- | src/util/util.c | 127 | ||||
-rw-r--r-- | src/util/util.h | 21 |
3 files changed, 323 insertions, 0 deletions
diff --git a/src/tests/cmocka/test_utils.c b/src/tests/cmocka/test_utils.c index d3d00feda..c7ebe0997 100644 --- a/src/tests/cmocka/test_utils.c +++ b/src/tests/cmocka/test_utils.c @@ -1212,6 +1212,168 @@ void test_fix_domain_in_name_list(void **state) talloc_free(dom); } +struct unique_file_test_ctx { + char *filename; +}; + +static int unique_file_test_setup(void **state) +{ + struct unique_file_test_ctx *test_ctx; + + assert_true(leak_check_setup()); + check_leaks_push(global_talloc_context); + + test_ctx = talloc_zero(global_talloc_context, struct unique_file_test_ctx); + assert_non_null(test_ctx); + + test_ctx->filename = talloc_strdup(test_ctx, "test_unique_file_XXXXXX"); + assert_non_null(test_ctx); + + *state = test_ctx; + return 0; +} + +static int unique_file_test_teardown(void **state) +{ + struct unique_file_test_ctx *test_ctx; + errno_t ret; + + test_ctx = talloc_get_type(*state, struct unique_file_test_ctx); + + errno = 0; + ret = unlink(test_ctx->filename); + if (ret != 0 && errno != ENOENT) { + fail(); + } + + talloc_free(test_ctx); + assert_true(check_leaks_pop(global_talloc_context) == true); + assert_true(leak_check_teardown()); + return 0; +} + +static void assert_destructor(TALLOC_CTX *owner, + struct unique_file_test_ctx *test_ctx) +{ + int fd; + errno_t ret; + char *check_filename; + + /* Test that the destructor works */ + if (owner == NULL) { + return; + } + + check_filename = talloc_strdup(test_ctx, test_ctx->filename); + assert_non_null(check_filename); + + talloc_free(owner); + + ret = check_and_open_readonly(test_ctx->filename, &fd, + geteuid(), getegid(), + (S_IRUSR | S_IWUSR | S_IFREG), 0); + close(fd); + assert_int_not_equal(ret, EOK); +} + +static void sss_unique_file_test(struct unique_file_test_ctx *test_ctx, + bool test_destructor) +{ + int fd; + errno_t ret; + struct stat sb; + TALLOC_CTX *owner = NULL; + + if (test_destructor) { + owner = talloc_new(test_ctx); + assert_non_null(owner); + } + + fd = sss_unique_file(owner, test_ctx->filename, &ret); + assert_int_not_equal(fd, -1); + assert_int_equal(ret, EOK); + + ret = check_fd(fd, geteuid(), getegid(), + (S_IRUSR | S_IWUSR | S_IFREG), 0, &sb); + close(fd); + assert_int_equal(ret, EOK); + + assert_destructor(owner, test_ctx); +} + +static void test_sss_unique_file(void **state) +{ + struct unique_file_test_ctx *test_ctx; + test_ctx = talloc_get_type(*state, struct unique_file_test_ctx); + sss_unique_file_test(test_ctx, false); +} + +static void test_sss_unique_file_destruct(void **state) +{ + struct unique_file_test_ctx *test_ctx; + test_ctx = talloc_get_type(*state, struct unique_file_test_ctx); + sss_unique_file_test(test_ctx, true); +} + +static void test_sss_unique_file_neg(void **state) +{ + int fd; + errno_t ret; + + fd = sss_unique_file(NULL, discard_const("badpattern"), &ret); + assert_int_equal(fd, -1); + assert_int_equal(ret, EINVAL); +} + +static void sss_unique_filename_test(struct unique_file_test_ctx *test_ctx, + bool test_destructor) +{ + int fd; + errno_t ret; + char *tmp_filename; + TALLOC_CTX *owner = NULL; + + tmp_filename = talloc_strdup(test_ctx, test_ctx->filename); + assert_non_null(tmp_filename); + + if (test_destructor) { + owner = talloc_new(test_ctx); + assert_non_null(owner); + } + + ret = sss_unique_filename(owner, test_ctx->filename); + assert_int_equal(ret, EOK); + + assert_int_equal(strncmp(test_ctx->filename, + tmp_filename, + strlen(tmp_filename) - sizeof("XXXXXX")), + 0); + + ret = check_and_open_readonly(test_ctx->filename, &fd, + geteuid(), getegid(), + (S_IRUSR | S_IWUSR | S_IFREG), 0); + close(fd); + assert_int_equal(ret, EOK); + + assert_destructor(owner, test_ctx); +} + +static void test_sss_unique_filename(void **state) +{ + struct unique_file_test_ctx *test_ctx; + + test_ctx = talloc_get_type(*state, struct unique_file_test_ctx); + sss_unique_filename_test(test_ctx, false); +} + +static void test_sss_unique_filename_destruct(void **state) +{ + struct unique_file_test_ctx *test_ctx; + + test_ctx = talloc_get_type(*state, struct unique_file_test_ctx); + sss_unique_filename_test(test_ctx, true); +} + int main(int argc, const char *argv[]) { poptContext pc; @@ -1275,6 +1437,19 @@ int main(int argc, const char *argv[]) cmocka_unit_test_setup_teardown(test_fix_domain_in_name_list, confdb_test_setup, confdb_test_teardown), + cmocka_unit_test_setup_teardown(test_sss_unique_file, + unique_file_test_setup, + unique_file_test_teardown), + cmocka_unit_test_setup_teardown(test_sss_unique_file_destruct, + unique_file_test_setup, + unique_file_test_teardown), + cmocka_unit_test(test_sss_unique_file_neg), + cmocka_unit_test_setup_teardown(test_sss_unique_filename, + unique_file_test_setup, + unique_file_test_teardown), + cmocka_unit_test_setup_teardown(test_sss_unique_filename_destruct, + unique_file_test_setup, + unique_file_test_teardown), }; /* Set debug level to invalid value so we can deside if -d 0 was used. */ diff --git a/src/util/util.c b/src/util/util.c index 782cd026b..f0925051a 100644 --- a/src/util/util.c +++ b/src/util/util.c @@ -979,3 +979,130 @@ errno_t sss_utc_to_time_t(const char *str, const char *format, time_t *_unix_tim *_unix_time = ut; return EOK; } + +struct tmpfile_watch { + const char *filename; +}; + +static int unlink_dbg(const char *filename) +{ + errno_t ret; + + ret = unlink(filename); + if (ret != 0) { + if (errno == 2) { + DEBUG(SSSDBG_TRACE_INTERNAL, + "File already removed: [%s]\n", filename); + return 0; + } else { + DEBUG(SSSDBG_CRIT_FAILURE, + "Cannot remove temporary file [%s]\n", filename); + return -1; + } + } + + return 0; +} + +static int unique_filename_destructor(void *memptr) +{ + struct tmpfile_watch *tw = talloc_get_type(memptr, struct tmpfile_watch); + + if (tw == NULL || tw->filename == NULL) { + DEBUG(SSSDBG_CRIT_FAILURE, "BUG: Wrong private pointer\n"); + return -1; + } + + DEBUG(SSSDBG_TRACE_INTERNAL, "Unlinking [%s]\n", tw->filename); + + return unlink_dbg(tw->filename); +} + +static struct tmpfile_watch *tmpfile_watch_set(TALLOC_CTX *owner, + const char *filename) +{ + struct tmpfile_watch *tw = NULL; + + tw = talloc_zero(owner, struct tmpfile_watch); + if (tw == NULL) { + return NULL; + } + + tw->filename = talloc_strdup(tw, filename); + if (tw->filename == NULL) { + talloc_free(tw); + return NULL; + } + + talloc_set_destructor((TALLOC_CTX *) tw, + unique_filename_destructor); + return tw; +} + +int sss_unique_file_ex(TALLOC_CTX *owner, + char *path_tmpl, + mode_t file_umask, + errno_t *_err) +{ + size_t tmpl_len; + errno_t ret; + int fd = -1; + mode_t old_umask; + struct tmpfile_watch *tw = NULL; + + tmpl_len = strlen(path_tmpl); + if (tmpl_len < 6 || strcmp(path_tmpl + (tmpl_len - 6), "XXXXXX") != 0) { + DEBUG(SSSDBG_OP_FAILURE, + "Template too short or doesn't end with XXXXXX!\n"); + ret = EINVAL; + goto done; + } + + old_umask = umask(file_umask); + fd = mkstemp(path_tmpl); + umask(old_umask); + if (fd == -1) { + ret = errno; + DEBUG(SSSDBG_OP_FAILURE, + "mkstemp(\"%s\") failed [%d]: %s!\n", + path_tmpl, ret, strerror(ret)); + goto done; + } + + if (owner != NULL) { + tw = tmpfile_watch_set(owner, path_tmpl); + if (tw == NULL) { + unlink_dbg(path_tmpl); + ret = ENOMEM; + goto done; + } + } + + ret = EOK; +done: + if (_err) { + *_err = ret; + } + return fd; +} + +int sss_unique_file(TALLOC_CTX *owner, + char *path_tmpl, + errno_t *_err) +{ + return sss_unique_file_ex(owner, path_tmpl, 077, _err); +} + +errno_t sss_unique_filename(TALLOC_CTX *owner, char *path_tmpl) +{ + int fd; + errno_t ret; + + fd = sss_unique_file(owner, path_tmpl, &ret); + /* We only care about a unique file name */ + if (fd >= 0) { + close(fd); + } + + return ret; +} diff --git a/src/util/util.h b/src/util/util.h index 426fd8b86..e20501cbb 100644 --- a/src/util/util.h +++ b/src/util/util.h @@ -659,4 +659,25 @@ int get_seuser(TALLOC_CTX *mem_ctx, const char *login_name, /* convert time from generalized form to unix time */ errno_t sss_utc_to_time_t(const char *str, const char *format, time_t *unix_time); +/* Creates a unique file using mkstemp with provided umask. The template + * must end with XXXXXX. Returns the fd, sets _err to an errno value on error. + * + * Prefer using sss_unique_file() as it uses a secure umask internally. + */ +int sss_unique_file_ex(TALLOC_CTX *mem_ctx, + char *path_tmpl, + mode_t file_umask, + errno_t *_err); +int sss_unique_file(TALLOC_CTX *owner, + char *path_tmpl, + errno_t *_err); + +/* Creates a unique filename using mkstemp with secure umask. The template + * must end with XXXXXX + * + * path_tmpl must be a talloc context. Destructor would be set on the filename + * so that it's guaranteed the file is removed. + */ +int sss_unique_filename(TALLOC_CTX *owner, char *path_tmpl); + #endif /* __SSSD_UTIL_H__ */ |