lib/euidaccess.c

   1 /* euidaccess -- check if effective user id can access file
   2
   3    Copyright (C) 1990-1991, 1995, 1998, 2000, 2003-2006, 2008-2016 Free
   4    Software Foundation, Inc.
   5
   6    This file is part of the GNU C Library.
   7
   8    This program is free software: you can redistribute it and/or modify
   9    it under the terms of the GNU General Public License as published by
  10    the Free Software Foundation; either version 3 of the License, or
  11    (at your option) any later version.
  12
  13    This program is distributed in the hope that it will be useful,
  14    but WITHOUT ANY WARRANTY; without even the implied warranty of
  15    MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the
  16    GNU General Public License for more details.
  17
  18    You should have received a copy of the GNU General Public License
  19    along with this program.  If not, see <http://www.gnu.org/licenses/>.  */
  20
  21 /* Written by David MacKenzie and Torbjorn Granlund.
  22    Adapted for GNU C library by Roland McGrath.  */
  23
  24 #ifndef _LIBC
  25 # include <config.h>
  26 #endif
  27
  28 #include <fcntl.h>
  29 #include <sys/types.h>
  30 #include <sys/stat.h>
  31 #include <unistd.h>
  32
  33 #include "root-uid.h"
  34
  35 #if HAVE_LIBGEN_H
  36 # include <libgen.h>
  37 #endif
  38
  39 #include <errno.h>
  40 #ifndef __set_errno
  41 # define __set_errno(val) errno = (val)
  42 #endif
  43
  44 #if defined EACCES && !defined EACCESS
  45 # define EACCESS EACCES
  46 #endif
  47
  48 #ifndef F_OK
  49 # define F_OK 0
  50 # define X_OK 1
  51 # define W_OK 2
  52 # define R_OK 4
  53 #endif
  54
  55
  56 #ifdef _LIBC
  57
  58 # define access __access
  59 # define getuid __getuid
  60 # define getgid __getgid
  61 # define geteuid __geteuid
  62 # define getegid __getegid
  63 # define group_member __group_member
  64 # define euidaccess __euidaccess
  65 # undef stat
  66 # define stat stat64
  67
  68 #endif
  69
  70 /* Return 0 if the user has permission of type MODE on FILE;
  71    otherwise, return -1 and set 'errno'.
  72    Like access, except that it uses the effective user and group
  73    id's instead of the real ones, and it does not always check for read-only
  74    file system, text busy, etc.  */
  75
  76 int
  77 euidaccess (const char *file, int mode)
  78 {
  79 #if HAVE_FACCESSAT                   /* glibc, AIX 7, Solaris 11, Cygwin 1.7 */
  80   return faccessat (AT_FDCWD, file, mode, AT_EACCESS);
  81 #elif defined EFF_ONLY_OK               /* IRIX, OSF/1, Interix */
  82   return access (file, mode | EFF_ONLY_OK);
  83 #elif defined ACC_SELF                  /* AIX */
  84   return accessx (file, mode, ACC_SELF);
  85 #elif HAVE_EACCESS                      /* FreeBSD */
  86   return eaccess (file, mode);
  87 #else       /* Mac OS X, NetBSD, OpenBSD, HP-UX, Solaris, Cygwin, mingw, BeOS */
  88
  89   uid_t uid = getuid ();
  90   gid_t gid = getgid ();
  91   uid_t euid = geteuid ();
  92   gid_t egid = getegid ();
  93   struct stat stats;
  94
  95 # if HAVE_DECL_SETREGID && PREFER_NONREENTRANT_EUIDACCESS
  96
  97   /* Define PREFER_NONREENTRANT_EUIDACCESS if you prefer euidaccess to
  98      return the correct result even if this would make it
  99      nonreentrant.  Define this only if your entire application is
 100      safe even if the uid or gid might temporarily change.  If your
 101      application uses signal handlers or threads it is probably not
 102      safe.  */
 103
 104   if (mode == F_OK)
 105     return stat (file, &stats);
 106   else
 107     {
 108       int result;
 109       int saved_errno;
 110
 111       if (uid != euid)
 112         setreuid (euid, uid);
 113       if (gid != egid)
 114         setregid (egid, gid);
 115
 116       result = access (file, mode);
 117       saved_errno = errno;
 118
 119       /* Restore them.  */
 120       if (uid != euid)
 121         setreuid (uid, euid);
 122       if (gid != egid)
 123         setregid (gid, egid);
 124
 125       errno = saved_errno;
 126       return result;
 127     }
 128
 129 # else
 130
 131   /* The following code assumes the traditional Unix model, and is not
 132      correct on systems that have ACLs or the like.  However, it's
 133      better than nothing, and it is reentrant.  */
 134
 135   unsigned int granted;
 136   if (uid == euid && gid == egid)
 137     /* If we are not set-uid or set-gid, access does the same.  */
 138     return access (file, mode);
 139
 140   if (stat (file, &stats) != 0)
 141     return -1;
 142
 143   /* The super-user can read and write any file, and execute any file
 144      that anyone can execute.  */
 145   if (euid == ROOT_UID
 146       && ((mode & X_OK) == 0
 147           || (stats.st_mode & (S_IXUSR | S_IXGRP | S_IXOTH))))
 148     return 0;
 149
 150   /* Convert the mode to traditional form, clearing any bogus bits.  */
 151   if (R_OK == 4 && W_OK == 2 && X_OK == 1 && F_OK == 0)
 152     mode &= 7;
 153   else
 154     mode = ((mode & R_OK ? 4 : 0)
 155             + (mode & W_OK ? 2 : 0)
 156             + (mode & X_OK ? 1 : 0));
 157
 158   if (mode == 0)
 159     return 0;                   /* The file exists.  */
 160
 161   /* Convert the file's permission bits to traditional form.  */
 162   if (S_IRUSR == (4 << 6) && S_IWUSR == (2 << 6) && S_IXUSR == (1 << 6)
 163       && S_IRGRP == (4 << 3) && S_IWGRP == (2 << 3) && S_IXGRP == (1 << 3)
 164       && S_IROTH == (4 << 0) && S_IWOTH == (2 << 0) && S_IXOTH == (1 << 0))
 165     granted = stats.st_mode;
 166   else
 167     granted = ((stats.st_mode & S_IRUSR ? 4 << 6 : 0)
 168                + (stats.st_mode & S_IWUSR ? 2 << 6 : 0)
 169                + (stats.st_mode & S_IXUSR ? 1 << 6 : 0)
 170                + (stats.st_mode & S_IRGRP ? 4 << 3 : 0)
 171                + (stats.st_mode & S_IWGRP ? 2 << 3 : 0)
 172                + (stats.st_mode & S_IXGRP ? 1 << 3 : 0)
 173                + (stats.st_mode & S_IROTH ? 4 << 0 : 0)
 174                + (stats.st_mode & S_IWOTH ? 2 << 0 : 0)
 175                + (stats.st_mode & S_IXOTH ? 1 << 0 : 0));
 176
 177   if (euid == stats.st_uid)
 178     granted >>= 6;
 179   else if (egid == stats.st_gid || group_member (stats.st_gid))
 180     granted >>= 3;
 181
 182   if ((mode & ~granted) == 0)
 183     return 0;
 184   __set_errno (EACCESS);
 185   return -1;
 186
 187 # endif
 188 #endif
 189 }
 190 #undef euidaccess
 191 #ifdef weak_alias
 192 weak_alias (__euidaccess, euidaccess)
 193 #endif
 194 \f
 195 #ifdef TEST
 196 # include <error.h>
 197 # include <stdio.h>
 198 # include <stdlib.h>
 199
 200 int
 201 main (int argc, char **argv)
 202 {
 203   char *file;
 204   int mode;
 205   int err;
 206
 207   if (argc < 3)
 208     abort ();
 209   file = argv[1];
 210   mode = atoi (argv[2]);
 211
 212   err = euidaccess (file, mode);
 213   printf ("%d\n", err);
 214   if (err != 0)
 215     error (0, errno, "%s", file);
 216   exit (0);
 217 }
 218 #endif