Check and set permissions on SBUS sockets

author: Sumit Bose <sbose@redhat.com> 2010-02-16 15:53:56 +0100
committer: Stephen Gallagher <sgallagh@redhat.com> 2010-02-23 16:16:23 -0500
commit: 978bea5902ece9b9f01d1d6525dbe0889a410ffc (patch)
tree: d83a94851cb6e3fe10fdbfcee1757190c15ab4eb /src/util
parent: e0bb119bdc1549d731f371202428c0cb667d3388 (diff)
download: sssd-978bea5902ece9b9f01d1d6525dbe0889a410ffc.tar.gz
sssd-978bea5902ece9b9f01d1d6525dbe0889a410ffc.tar.xz
sssd-978bea5902ece9b9f01d1d6525dbe0889a410ffc.zip
2 files changed, 89 insertions, 15 deletions
diff --git a/src/util/check_and_open.c b/src/util/check_and_open.c
index 5d5b57993..d010670ba 100644
--- a/src/util/check_and_open.c
+++ b/src/util/check_and_open.c
@@ -29,39 +29,98 @@
 
 #include "util/util.h"
 
-errno_t check_and_open_readonly(const char *filename, int *fd, const uid_t uid,
-                               const gid_t gid, const mode_t mode)
+errno_t check_file(const char *filename, const int uid, const int gid,
+                   const int mode, enum check_file_type type,
+                   struct stat *caller_stat_buf)
 {
     int ret;
-    struct stat stat_buf;
-    struct stat fd_stat_buf;
-
-    *fd = -1;
+    struct stat local_stat_buf;
+    struct stat *stat_buf;
+    bool type_check;
+
+    if (caller_stat_buf == NULL) {
+        stat_buf = &local_stat_buf;
+    } else {
+        stat_buf = caller_stat_buf;
+    }
 
-    ret = lstat(filename, &stat_buf);
+    ret = lstat(filename, stat_buf);
     if (ret == -1) {
         DEBUG(1, ("lstat for [%s] failed: [%d][%s].\n", filename, errno,
                                                         strerror(errno)));
         return errno;
     }
 
-    if (!S_ISREG(stat_buf.st_mode)) {
-        DEBUG(1, ("File [%s] is not a regular file.\n", filename));
+    switch (type) {
+        case CHECK_DONT_CHECK_FILE_TYPE:
+            type_check = true;
+            break;
+        case CHECK_REG:
+            type_check = S_ISREG(stat_buf->st_mode);
+            break;
+        case CHECK_DIR:
+            type_check = S_ISDIR(stat_buf->st_mode);
+            break;
+        case CHECK_CHR:
+            type_check = S_ISCHR(stat_buf->st_mode);
+            break;
+        case CHECK_BLK:
+            type_check = S_ISBLK(stat_buf->st_mode);
+            break;
+        case CHECK_FIFO:
+            type_check = S_ISFIFO(stat_buf->st_mode);
+            break;
+        case CHECK_LNK:
+            type_check = S_ISLNK(stat_buf->st_mode);
+            break;
+        case CHECK_SOCK:
+            type_check = S_ISSOCK(stat_buf->st_mode);
+            break;
+        default:
+            DEBUG(1, ("Unsupprted file type.\n"));
+            return EINVAL;
+    }
+
+    if (!type_check) {
+        DEBUG(1, ("File [%s] is not the right type.\n", filename));
         return EINVAL;
     }
 
-    if ((stat_buf.st_mode & ~S_IFMT) != mode) {
+    if (mode >= 0 && (stat_buf->st_mode & ~S_IFMT) != mode) {
         DEBUG(1, ("File [%s] has the wrong mode [%.7o], expected [%.7o].\n",
-                  filename, (stat_buf.st_mode & ~S_IFMT), mode));
+                  filename, (stat_buf->st_mode & ~S_IFMT), mode));
+        return EINVAL;
+    }
+
+    if (uid >= 0 && stat_buf->st_uid != uid) {
+        DEBUG(1, ("File [%s] must be owned by uid [%d].\n", filename, uid));
         return EINVAL;
     }
 
-    if (stat_buf.st_uid != uid || stat_buf.st_gid != gid) {
-        DEBUG(1, ("File [%s] must be owned by uid [%d] and gid [%d].\n",
-                  filename, uid, gid));
+    if (gid >= 0 && stat_buf->st_gid != gid) {
+        DEBUG(1, ("File [%s] must be owned by gid [%d].\n", filename, gid));
         return EINVAL;
     }
 
+    return EOK;
+}
+
+errno_t check_and_open_readonly(const char *filename, int *fd, const uid_t uid,
+                               const gid_t gid, const mode_t mode,
+                               enum check_file_type type)
+{
+    int ret;
+    struct stat stat_buf;
+    struct stat fd_stat_buf;
+
+    *fd = -1;
+
+    ret = check_file(filename, uid, gid, mode, type, &stat_buf);
+    if (ret != EOK) {
+        DEBUG(1, ("check_file failed.\n"));
+        return ret;
+    }
+
     *fd = open(filename, O_RDONLY);
     if (*fd == -1) {
         DEBUG(1, ("open [%s] failed: [%d][%s].\n", filename, errno,
diff --git a/src/util/util.h b/src/util/util.h
index 945e20d00..5d2dff28f 100644
--- a/src/util/util.h
+++ b/src/util/util.h
@@ -33,6 +33,7 @@
 #include <time.h>
 #include <pcre.h>
 #include <sys/types.h>
+#include <sys/stat.h>
 
 #include "config.h"
 
@@ -247,8 +248,22 @@ int sss_parse_name(TALLOC_CTX *memctx,
 int backup_file(const char *src, int dbglvl);
 
 /* from check_and_open.c */
+enum check_file_type {
+    CHECK_DONT_CHECK_FILE_TYPE = -1,
+    CHECK_REG,
+    CHECK_DIR,
+    CHECK_CHR,
+    CHECK_BLK,
+    CHECK_FIFO,
+    CHECK_LNK,
+    CHECK_SOCK
+};
+errno_t check_file(const char *filename, const int uid, const int gid,
+                   const int mode, enum check_file_type type,
+                   struct stat *caller_stat_buf);
 errno_t check_and_open_readonly(const char *filename, int *fd, const uid_t uid,
-                               const gid_t gid, const mode_t mode);
+                               const gid_t gid, const mode_t mode,
+                               enum check_file_type type);
 
 /* from util.c */
 int split_on_separator(TALLOC_CTX *mem_ctx, const char *str,
author	Sumit Bose <sbose@redhat.com>	2010-02-16 15:53:56 +0100
committer	Stephen Gallagher <sgallagh@redhat.com>	2010-02-23 16:16:23 -0500
commit	978bea5902ece9b9f01d1d6525dbe0889a410ffc (patch)
tree	d83a94851cb6e3fe10fdbfcee1757190c15ab4eb /src/util
parent	e0bb119bdc1549d731f371202428c0cb667d3388 (diff)
download	sssd-978bea5902ece9b9f01d1d6525dbe0889a410ffc.tar.gz sssd-978bea5902ece9b9f01d1d6525dbe0889a410ffc.tar.xz sssd-978bea5902ece9b9f01d1d6525dbe0889a410ffc.zip