sysdeps/mach/hurd/faccessat.c

   1 /* Test for access to file, relative to open directory.  Hurd version.
   2    Copyright (C) 2006-2018 Free Software Foundation, Inc.
   3    This file is part of the GNU C Library.
   4
   5    The GNU C Library is free software; you can redistribute it and/or
   6    modify it under the terms of the GNU Lesser General Public
   7    License as published by the Free Software Foundation; either
   8    version 2.1 of the License, or (at your option) any later version.
   9
  10    The GNU C Library is distributed in the hope that it will be useful,
  11    but WITHOUT ANY WARRANTY; without even the implied warranty of
  12    MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the GNU
  13    Lesser General Public License for more details.
  14
  15    You should have received a copy of the GNU Lesser General Public
  16    License along with the GNU C Library; if not, see
  17    <http://www.gnu.org/licenses/>.  */
  18
  19 #include <errno.h>
  20 #include <fcntl.h>
  21 #include <stddef.h>
  22 #include <unistd.h>
  23 #include <sys/types.h>
  24 #include <hurd.h>
  25 #include <hurd/fd.h>
  26 #include <hurd/port.h>
  27 #include <hurd/id.h>
  28 #include <hurd/lookup.h>
  29
  30 static int
  31 hurd_fail_seterrno (error_t err)
  32 {
  33   return __hurd_fail (err);
  34 }
  35
  36 static int
  37 hurd_fail_noerrno (error_t err)
  38 {
  39   return -1;
  40 }
  41
  42 static int
  43 __faccessat_common (int fd, const char *file, int type, int at_flags,
  44                     int (*errfunc) (error_t))
  45 {
  46   error_t err;
  47   file_t rcrdir, rcwdir, io;
  48   int flags, allowed;
  49
  50   if ((at_flags & AT_EACCESS) == AT_EACCESS)
  51     {
  52       /* Use effective permissions.  */
  53       io = __file_name_lookup_at (fd, at_flags &~ AT_EACCESS, file, 0, 0);
  54       if (io == MACH_PORT_NULL)
  55         return -1;
  56     }
  57   else
  58     {
  59       /* We have to use real permissions instead of the
  60          usual effective permissions.  */
  61
  62       int hurd_flags = 0;
  63       __hurd_at_flags (&at_flags, &hurd_flags);
  64
  65       error_t reauthenticate_cwdir_at (file_t *result)
  66         {
  67           /* Get a port to the FD directory, authenticated with the real IDs.  */
  68           error_t err;
  69           mach_port_t ref;
  70           ref = __mach_reply_port ();
  71           err = HURD_DPORT_USE
  72             (fd,
  73              ({
  74                err = __io_reauthenticate (port, ref, MACH_MSG_TYPE_MAKE_SEND);
  75                if (!err)
  76                  err = __auth_user_authenticate (_hurd_id.rid_auth,
  77                                                  ref, MACH_MSG_TYPE_MAKE_SEND,
  78                                                  result);
  79                err;
  80              }));
  81           __mach_port_destroy (__mach_task_self (), ref);
  82           return err;
  83         }
  84
  85       error_t reauthenticate (int which, file_t *result)
  86         {
  87           /* Get a port to our root directory, authenticated with the real IDs.  */
  88           error_t err;
  89           mach_port_t ref;
  90           ref = __mach_reply_port ();
  91           err = HURD_PORT_USE
  92             (&_hurd_ports[which],
  93              ({
  94                err = __io_reauthenticate (port, ref, MACH_MSG_TYPE_MAKE_SEND);
  95                if (!err)
  96                  err = __auth_user_authenticate (_hurd_id.rid_auth,
  97                                                  ref, MACH_MSG_TYPE_MAKE_SEND,
  98                                                  result);
  99                err;
 100              }));
 101           __mach_port_destroy (__mach_task_self (), ref);
 102           return err;
 103         }
 104
 105       error_t init_port (int which, error_t (*operate) (mach_port_t))
 106         {
 107           switch (which)
 108             {
 109             case INIT_PORT_AUTH:
 110               return (*operate) (_hurd_id.rid_auth);
 111             case INIT_PORT_CRDIR:
 112               return (reauthenticate (INIT_PORT_CRDIR, &rcrdir) ?:
 113                       (*operate) (rcrdir));
 114             case INIT_PORT_CWDIR:
 115               if (fd == AT_FDCWD || file[0] == '/')
 116                 return (reauthenticate (INIT_PORT_CWDIR, &rcwdir) ?:
 117                         (*operate) (rcwdir));
 118               else
 119                 return (reauthenticate_cwdir_at (&rcwdir) ?:
 120                         (*operate) (rcwdir));
 121             default:
 122               return _hurd_ports_use (which, operate);
 123             }
 124         }
 125
 126       rcrdir = rcwdir = MACH_PORT_NULL;
 127
 128       HURD_CRITICAL_BEGIN;
 129
 130       __mutex_lock (&_hurd_id.lock);
 131       /* Get _hurd_id up to date.  */
 132       if (err = _hurd_check_ids ())
 133         goto lose;
 134
 135       if (_hurd_id.rid_auth == MACH_PORT_NULL)
 136         {
 137           /* Set up _hurd_id.rid_auth.  This is a special auth server port
 138              which uses the real uid and gid (the first aux uid and gid) as
 139              the only effective uid and gid.  */
 140
 141           if (_hurd_id.aux.nuids < 1 || _hurd_id.aux.ngids < 1)
 142             {
 143               /* We do not have a real UID and GID.  Lose, lose, lose!  */
 144               err = EGRATUITOUS;
 145               goto lose;
 146             }
 147
 148           /* Create a new auth port using our real UID and GID (the first
 149              auxiliary UID and GID) as the only effective IDs.  */
 150           if (err = __USEPORT (AUTH,
 151                                __auth_makeauth (port,
 152                                                 NULL, MACH_MSG_TYPE_COPY_SEND, 0,
 153                                                 _hurd_id.aux.uids, 1,
 154                                                 _hurd_id.aux.uids,
 155                                                 _hurd_id.aux.nuids,
 156                                                 _hurd_id.aux.gids, 1,
 157                                                 _hurd_id.aux.gids,
 158                                                 _hurd_id.aux.ngids,
 159                                                 &_hurd_id.rid_auth)))
 160             goto lose;
 161         }
 162
 163       if (!err)
 164         /* Look up the file name using the modified init ports.  */
 165         err = __hurd_file_name_lookup (&init_port, &__getdport, 0,
 166                                        file, hurd_flags, 0, &io);
 167
 168       /* We are done with _hurd_id.rid_auth now.  */
 169      lose:
 170       __mutex_unlock (&_hurd_id.lock);
 171
 172       HURD_CRITICAL_END;
 173
 174       if (rcrdir != MACH_PORT_NULL)
 175         __mach_port_deallocate (__mach_task_self (), rcrdir);
 176       if (rcwdir != MACH_PORT_NULL)
 177         __mach_port_deallocate (__mach_task_self (), rcwdir);
 178       if (err)
 179         return errfunc (err);
 180     }
 181
 182   /* Find out what types of access we are allowed to this file.  */
 183   err = __file_check_access (io, &allowed);
 184   __mach_port_deallocate (__mach_task_self (), io);
 185   if (err)
 186     return errfunc (err);
 187
 188   flags = 0;
 189   if (type & R_OK)
 190     flags |= O_READ;
 191   if (type & W_OK)
 192     flags |= O_WRITE;
 193   if (type & X_OK)
 194     flags |= O_EXEC;
 195
 196   if (flags & ~allowed)
 197     /* We are not allowed all the requested types of access.  */
 198     return errfunc (EACCES);
 199
 200   return 0;
 201 }
 202
 203 int
 204 __faccessat_noerrno (int fd, const char *file, int type, int at_flags)
 205 {
 206   return __faccessat_common (fd, file, type, at_flags, hurd_fail_noerrno);
 207 }
 208
 209 int
 210 __faccessat (int fd, const char *file, int type, int at_flags)
 211 {
 212   return __faccessat_common (fd, file, type, at_flags, hurd_fail_seterrno);
 213 }
 214 weak_alias (__faccessat, faccessat)