![[BACK]](/cvsweb/icons/back.gif){kind=icon}
Return to uacces.c CVS log ![[TXT]](/cvsweb/icons/text.gif){kind=icon}
![[DIR]](/cvsweb/icons/dir.gif){kind=icon}
Up to [MW Coherent from dump] / coherent / g / usr / lib / uucp / tay104 / unix|
Return to uacces.c CVS log | Up to [MW Coherent from dump] / coherent / g / usr / lib / uucp / tay104 / unix |
1.1 root 1: /* uacces.c
2: Check access to a file by user name.
3:
4: Copyright (C) 1992 Ian Lance Taylor
5:
6: This file is part of the Taylor UUCP package.
7:
8: This program is free software; you can redistribute it and/or
9: modify it under the terms of the GNU General Public License as
10: published by the Free Software Foundation; either version 2 of the
11: License, or (at your option) any later version.
12:
13: This program is distributed in the hope that it will be useful, but
14: WITHOUT ANY WARRANTY; without even the implied warranty of
15: MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU
16: General Public License for more details.
17:
18: You should have received a copy of the GNU General Public License
19: along with this program; if not, write to the Free Software
20: Foundation, Inc., 675 Mass Ave, Cambridge, MA 02139, USA.
21:
22: The author of the program may be contacted at [email protected] or
23: c/o Infinity Development Systems, P.O. Box 520, Waltham, MA 02254.
24: */
25:
26: #include "uucp.h"
27:
28: #include "uudefs.h"
29: #include "sysdep.h"
30:
31: #include <pwd.h>
32: #include <errno.h>
33:
34: #if HAVE_GETGRENT
35: #include <grp.h>
36: #if GETGRENT_DECLARATION_OK
37: #ifndef getgrent
38: extern struct group *getgrent ();
39: #endif
40: #endif
41: #endif /* HAVE_GETGRENT */
42:
43: #if GETPWNAM_DECLARATION_OK
44: #ifndef getpwnam
45: extern struct passwd *getpwnam ();
46: #endif
47: #endif
48:
49: /* Do access(2) on a stat structure, except that the user name is
50: provided. If the user name in zuser is NULL, require the file to
51: be accessible to the world. Return TRUE if access is permitted,
52: FALSE otherwise. This does not log an error message. */
53:
54: boolean
55: fsuser_access (q, imode, zuser)
56: const struct stat *q;
57: int imode;
58: const char *zuser;
59: {
60: static char *zuser_hold;
61: static uid_t iuid_hold;
62: static gid_t igid_hold;
63: static int cgroups_hold;
64: static gid_t *paigroups_hold;
65: int ir, iw, ix, iand;
66:
67: if (imode == F_OK)
68: return TRUE;
69:
70: if (zuser != NULL)
71: {
72: /* We keep static variables around for the last user we did, to
73: avoid looking up a user multiple times. */
74: if (zuser_hold == NULL || strcmp (zuser_hold, zuser) != 0)
75: {
76: struct passwd *qpwd;
77:
78: if (zuser_hold != NULL)
79: {
80: ubuffree (zuser_hold);
81: zuser_hold = NULL;
82: cgroups_hold = 0;
83: xfree ((pointer) paigroups_hold);
84: paigroups_hold = NULL;
85: }
86:
87: qpwd = getpwnam ((char *) zuser);
88: if (qpwd == NULL)
89: {
90: /* Check this as a remote request. */
91: zuser = NULL;
92: }
93: else
94: {
95: #if HAVE_GETGRENT
96: struct group *qg;
97: #endif
98:
99: zuser_hold = zbufcpy (zuser);
100:
101: iuid_hold = qpwd->pw_uid;
102: igid_hold = qpwd->pw_gid;
103:
104: #if HAVE_GETGRENT
105: /* Get the list of groups for this user. This is
106: definitely more appropriate for BSD than for System
107: V. It may just be a waste of time, and perhaps it
108: should be configurable. */
109: setgrent ();
110: while ((qg = getgrent ()) != NULL)
111: {
112: const char **pz;
113:
114: if (qg->gr_gid == igid_hold)
115: continue;
116: for (pz = (const char **) qg->gr_mem; *pz != NULL; pz++)
117: {
118: if ((*pz)[0] == *zuser
119: && strcmp (*pz, zuser) == 0)
120: {
121: paigroups_hold = ((gid_t *)
122: (xrealloc
123: ((pointer) paigroups_hold,
124: ((cgroups_hold + 1)
125: * sizeof (gid_t)))));
126: paigroups_hold[cgroups_hold] = qg->gr_gid;
127: ++cgroups_hold;
128: break;
129: }
130: }
131: }
132: endgrent ();
133: #endif
134: }
135: }
136: }
137:
138:
139: /* Now do the actual access check. */
140:
141: if (zuser != NULL)
142: {
143: /* The superuser can do anything. */
144: if (iuid_hold == 0)
145: return TRUE;
146:
147: /* If this is the uid we're running under, there's no point to
148: checking access further, because when we actually try the
149: operation the system will do the checking for us. */
150: if (iuid_hold == geteuid ())
151: return TRUE;
152: }
153:
154: ir = S_IROTH;
155: iw = S_IWOTH;
156: ix = S_IXOTH;
157:
158: if (zuser != NULL)
159: {
160: if (iuid_hold == q->st_uid)
161: {
162: ir = S_IRUSR;
163: iw = S_IWUSR;
164: ix = S_IXUSR;
165: }
166: else
167: {
168: boolean fgroup;
169:
170: fgroup = FALSE;
171: if (igid_hold == q->st_gid)
172: fgroup = TRUE;
173: else
174: {
175: int i;
176:
177: for (i = 0; i < cgroups_hold; i++)
178: {
179: if (paigroups_hold[i] == q->st_gid)
180: {
181: fgroup = TRUE;
182: break;
183: }
184: }
185: }
186:
187: if (fgroup)
188: {
189: ir = S_IRGRP;
190: iw = S_IWGRP;
191: ix = S_IXGRP;
192: }
193: }
194: }
195:
196: iand = 0;
197: if ((imode & R_OK) != 0)
198: iand |= ir;
199: if ((imode & W_OK) != 0)
200: iand |= iw;
201: if ((imode & X_OK) != 0)
202: iand |= ix;
203:
204: return (q->st_mode & iand) == iand;
205: }
This archive runs on limited infrastructure. Preserving old code on modern bandwidth. Automated agents are requested to crawl responsibly.