sysdeps/mach/hurd/access.c

   1 /* Copyright (C) 1991-2016 Free Software Foundation, Inc.
   2    This file is part of the GNU C Library.
   3
   4    The GNU C Library is free software; you can redistribute it and/or
   5    modify it under the terms of the GNU Lesser General Public
   6    License as published by the Free Software Foundation; either
   7    version 2.1 of the License, or (at your option) any later version.
   8
   9    The GNU C Library is distributed in the hope that it will be useful,
  10    but WITHOUT ANY WARRANTY; without even the implied warranty of
  11    MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the GNU
  12    Lesser General Public License for more details.
  13
  14    You should have received a copy of the GNU Lesser General Public
  15    License along with the GNU C Library; if not, see
  16    <http://www.gnu.org/licenses/>.  */
  17
  18 #include <unistd.h>
  19 #include <hurd.h>
  20 #include <hurd/port.h>
  21 #include <hurd/id.h>
  22 #include <hurd/lookup.h>
  23 #include <fcntl.h>
  24
  25 /* Test for access to FILE by our real user and group IDs.  */
  26 int
  27 __access (const char *file, int type)
  28 {
  29   error_t err;
  30   file_t rcrdir, rcwdir, io;
  31   int flags, allowed;
  32
  33   error_t reauthenticate (int which, file_t *result)
  34     {
  35       /* Get a port to our root directory, authenticated with the real IDs.  */
  36       error_t err;
  37       mach_port_t ref;
  38       ref = __mach_reply_port ();
  39       err = HURD_PORT_USE
  40         (&_hurd_ports[which],
  41          ({
  42            err = __io_reauthenticate (port, ref, MACH_MSG_TYPE_MAKE_SEND);
  43            if (!err)
  44              err = __auth_user_authenticate (_hurd_id.rid_auth,
  45                                              ref, MACH_MSG_TYPE_MAKE_SEND,
  46                                              result);
  47            err;
  48          }));
  49       __mach_port_destroy (__mach_task_self (), ref);
  50       return err;
  51     }
  52
  53   error_t init_port (int which, error_t (*operate) (mach_port_t))
  54     {
  55       switch (which)
  56         {
  57         case INIT_PORT_AUTH:
  58           return (*operate) (_hurd_id.rid_auth);
  59         case INIT_PORT_CRDIR:
  60           return (reauthenticate (INIT_PORT_CRDIR, &rcrdir) ?:
  61                   (*operate) (rcrdir));
  62         case INIT_PORT_CWDIR:
  63           return (reauthenticate (INIT_PORT_CWDIR, &rcwdir) ?:
  64                   (*operate) (rcwdir));
  65         default:
  66           return _hurd_ports_use (which, operate);
  67         }
  68     }
  69
  70   rcrdir = rcwdir = MACH_PORT_NULL;
  71
  72   HURD_CRITICAL_BEGIN;
  73
  74   __mutex_lock (&_hurd_id.lock);
  75   /* Get _hurd_id up to date.  */
  76   if (err = _hurd_check_ids ())
  77     goto lose;
  78
  79   if (_hurd_id.rid_auth == MACH_PORT_NULL)
  80     {
  81       /* Set up _hurd_id.rid_auth.  This is a special auth server port
  82          which uses the real uid and gid (the first aux uid and gid) as
  83          the only effective uid and gid.  */
  84
  85       if (_hurd_id.aux.nuids < 1 || _hurd_id.aux.ngids < 1)
  86         {
  87           /* We do not have a real UID and GID.  Lose, lose, lose!  */
  88           err = EGRATUITOUS;
  89           goto lose;
  90         }
  91
  92       /* Create a new auth port using our real UID and GID (the first
  93          auxiliary UID and GID) as the only effective IDs.  */
  94       if (err = __USEPORT (AUTH,
  95                            __auth_makeauth (port,
  96                                             NULL, MACH_MSG_TYPE_COPY_SEND, 0,
  97                                             _hurd_id.aux.uids, 1,
  98                                             _hurd_id.aux.uids,
  99                                             _hurd_id.aux.nuids,
 100                                             _hurd_id.aux.gids, 1,
 101                                             _hurd_id.aux.gids,
 102                                             _hurd_id.aux.ngids,
 103                                             &_hurd_id.rid_auth)))
 104         goto lose;
 105     }
 106
 107   if (!err)
 108     /* Look up the file name using the modified init ports.  */
 109     err = __hurd_file_name_lookup (&init_port, &__getdport, 0,
 110                                    file, 0, 0, &io);
 111
 112   /* We are done with _hurd_id.rid_auth now.  */
 113  lose:
 114   __mutex_unlock (&_hurd_id.lock);
 115
 116   HURD_CRITICAL_END;
 117
 118   if (rcrdir != MACH_PORT_NULL)
 119     __mach_port_deallocate (__mach_task_self (), rcrdir);
 120   if (rcwdir != MACH_PORT_NULL)
 121     __mach_port_deallocate (__mach_task_self (), rcwdir);
 122   if (err)
 123     return __hurd_fail (err);
 124
 125   /* Find out what types of access we are allowed to this file.  */
 126   err = __file_check_access (io, &allowed);
 127   __mach_port_deallocate (__mach_task_self (), io);
 128   if (err)
 129     return __hurd_fail (err);
 130
 131   flags = 0;
 132   if (type & R_OK)
 133     flags |= O_READ;
 134   if (type & W_OK)
 135     flags |= O_WRITE;
 136   if (type & X_OK)
 137     flags |= O_EXEC;
 138
 139   if (flags & ~allowed)
 140     /* We are not allowed all the requested types of access.  */
 141     return __hurd_fail (EACCES);
 142
 143   return 0;
 144 }
 145
 146 weak_alias (__access, access)