lib/euidaccess.c

   1 /* euidaccess -- check if effective user id can access file
   2
   3    Copyright (C) 1990-1991, 1995, 1998, 2000, 2003-2006, 2008-2024 Free
   4    Software Foundation, Inc.
   5
   6    This file is part of the GNU C Library.
   7
   8    This file is free software: you can redistribute it and/or modify
   9    it under the terms of the GNU Lesser General Public License as
  10    published by the Free Software Foundation; either version 2.1 of the
  11    License, or (at your option) any later version.
  12
  13    This file is distributed in the hope that it will be useful,
  14    but WITHOUT ANY WARRANTY; without even the implied warranty of
  15    MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the
  16    GNU Lesser General Public License for more details.
  17
  18    You should have received a copy of the GNU Lesser General Public License
  19    along with this program.  If not, see <https://www.gnu.org/licenses/>.  */
  20
  21 /* Written by David MacKenzie and Torbjorn Granlund.
  22    Adapted for GNU C library by Roland McGrath.  */
  23
  24 #ifndef _LIBC
  25 # include <config.h>
  26 #endif
  27
  28 #include <fcntl.h>
  29 #include <sys/types.h>
  30 #include <sys/stat.h>
  31 #include <unistd.h>
  32 #if defined _WIN32 && ! defined __CYGWIN__
  33 # include <io.h>
  34 #else
  35 # include "root-uid.h"
  36 #endif
  37
  38 #if HAVE_LIBGEN_H
  39 # include <libgen.h>
  40 #endif
  41
  42 #include <errno.h>
  43 #ifndef __set_errno
  44 # define __set_errno(val) errno = (val)
  45 #endif
  46
  47 #if defined EACCES && !defined EACCESS
  48 # define EACCESS EACCES
  49 #endif
  50
  51 #ifndef F_OK
  52 # define F_OK 0
  53 # define X_OK 1
  54 # define W_OK 2
  55 # define R_OK 4
  56 #endif
  57
  58
  59 #ifdef _LIBC
  60
  61 # define access __access
  62 # define getuid __getuid
  63 # define getgid __getgid
  64 # define geteuid __geteuid
  65 # define getegid __getegid
  66 # define group_member __group_member
  67 # define euidaccess __euidaccess
  68 # undef stat
  69 # define stat stat64
  70
  71 #endif
  72
  73 /* Return 0 if the user has permission of type MODE on FILE;
  74    otherwise, return -1 and set 'errno'.
  75    Like access, except that it uses the effective user and group
  76    id's instead of the real ones, and it does not always check for read-only
  77    file system, text busy, etc.  */
  78
  79 int
  80 euidaccess (const char *file, int mode)
  81 {
  82 #if HAVE_FACCESSAT                   /* glibc, AIX 7, Solaris 11, Cygwin 1.7 */
  83   return faccessat (AT_FDCWD, file, mode, AT_EACCESS);
  84 #elif defined EFF_ONLY_OK               /* IRIX, OSF/1, Interix */
  85   return access (file, mode | EFF_ONLY_OK);
  86 #elif defined ACC_SELF                  /* AIX */
  87   return accessx (file, mode, ACC_SELF);
  88 #elif HAVE_EACCESS                      /* FreeBSD */
  89   return eaccess (file, mode);
  90 #elif defined _WIN32 && ! defined __CYGWIN__  /* mingw */
  91   return _access (file, mode);
  92 #else              /* Mac OS X, NetBSD, OpenBSD, HP-UX, Solaris, Cygwin, BeOS */
  93
  94   uid_t uid = getuid ();
  95   gid_t gid = getgid ();
  96   uid_t euid = geteuid ();
  97   gid_t egid = getegid ();
  98   struct stat stats;
  99
 100 # if HAVE_DECL_SETREGID && PREFER_NONREENTRANT_EUIDACCESS
 101
 102   /* Define PREFER_NONREENTRANT_EUIDACCESS if you prefer euidaccess to
 103      return the correct result even if this would make it
 104      nonreentrant.  Define this only if your entire application is
 105      safe even if the uid or gid might temporarily change.  If your
 106      application uses signal handlers or threads it is probably not
 107      safe.  */
 108
 109   if (mode == F_OK)
 110     {
 111       int result = stat (file, &stats);
 112       return result != 0 && errno == EOVERFLOW ? 0 : result;
 113     }
 114   else
 115     {
 116       int result;
 117       int saved_errno;
 118
 119       if (uid != euid)
 120         setreuid (euid, uid);
 121       if (gid != egid)
 122         setregid (egid, gid);
 123
 124       result = access (file, mode);
 125       saved_errno = errno;
 126
 127       /* Restore them.  */
 128       if (uid != euid)
 129         setreuid (uid, euid);
 130       if (gid != egid)
 131         setregid (gid, egid);
 132
 133       errno = saved_errno;
 134       return result;
 135     }
 136
 137 # else
 138
 139   /* The following code assumes the traditional Unix model, and is not
 140      correct on systems that have ACLs or the like.  However, it's
 141      better than nothing, and it is reentrant.  */
 142
 143   unsigned int granted;
 144   if (uid == euid && gid == egid)
 145     /* If we are not set-uid or set-gid, access does the same.  */
 146     return access (file, mode);
 147
 148   if (stat (file, &stats) == -1)
 149     return mode == F_OK && errno == EOVERFLOW ? 0 : -1;
 150
 151   /* The super-user can read and write any file, and execute any file
 152      that anyone can execute.  */
 153   if (euid == ROOT_UID
 154       && ((mode & X_OK) == 0
 155           || (stats.st_mode & (S_IXUSR | S_IXGRP | S_IXOTH))))
 156     return 0;
 157
 158   /* Convert the mode to traditional form, clearing any bogus bits.  */
 159   if (R_OK == 4 && W_OK == 2 && X_OK == 1 && F_OK == 0)
 160     mode &= 7;
 161   else
 162     mode = ((mode & R_OK ? 4 : 0)
 163             + (mode & W_OK ? 2 : 0)
 164             + (mode & X_OK ? 1 : 0));
 165
 166   if (mode == 0)
 167     return 0;                   /* The file exists.  */
 168
 169   /* Convert the file's permission bits to traditional form.  */
 170   if (S_IRUSR == (4 << 6) && S_IWUSR == (2 << 6) && S_IXUSR == (1 << 6)
 171       && S_IRGRP == (4 << 3) && S_IWGRP == (2 << 3) && S_IXGRP == (1 << 3)
 172       && S_IROTH == (4 << 0) && S_IWOTH == (2 << 0) && S_IXOTH == (1 << 0))
 173     granted = stats.st_mode;
 174   else
 175     granted = ((stats.st_mode & S_IRUSR ? 4 << 6 : 0)
 176                + (stats.st_mode & S_IWUSR ? 2 << 6 : 0)
 177                + (stats.st_mode & S_IXUSR ? 1 << 6 : 0)
 178                + (stats.st_mode & S_IRGRP ? 4 << 3 : 0)
 179                + (stats.st_mode & S_IWGRP ? 2 << 3 : 0)
 180                + (stats.st_mode & S_IXGRP ? 1 << 3 : 0)
 181                + (stats.st_mode & S_IROTH ? 4 << 0 : 0)
 182                + (stats.st_mode & S_IWOTH ? 2 << 0 : 0)
 183                + (stats.st_mode & S_IXOTH ? 1 << 0 : 0));
 184
 185   if (euid == stats.st_uid)
 186     granted >>= 6;
 187   else if (egid == stats.st_gid || group_member (stats.st_gid))
 188     granted >>= 3;
 189
 190   if ((mode & ~granted) == 0)
 191     return 0;
 192   __set_errno (EACCESS);
 193   return -1;
 194
 195 # endif
 196 #endif
 197 }
 198 #undef euidaccess
 199 #ifdef weak_alias
 200 weak_alias (__euidaccess, euidaccess)
 201 #endif
 202 \f
 203 #ifdef TEST
 204 # include <error.h>
 205 # include <stdio.h>
 206 # include <stdlib.h>
 207
 208 int
 209 main (int argc, char **argv)
 210 {
 211   char *file;
 212   int mode;
 213   int err;
 214
 215   if (argc < 3)
 216     abort ();
 217   file = argv[1];
 218   mode = atoi (argv[2]);
 219
 220   err = euidaccess (file, mode);
 221   printf ("%d\n", err);
 222   if (err != 0)
 223     error (0, errno, "%s", file);
 224   exit (0);
 225 }
 226 #endif