blocxx
|
00001 /******************************************************************************* 00002 * Copyright (C) 2005, Vintela, Inc. All rights reserved. 00003 * Copyright (C) 2006, Novell, Inc. All rights reserved. 00004 * 00005 * Redistribution and use in source and binary forms, with or without 00006 * modification, are permitted provided that the following conditions are met: 00007 * 00008 * * Redistributions of source code must retain the above copyright notice, 00009 * this list of conditions and the following disclaimer. 00010 * * Redistributions in binary form must reproduce the above copyright 00011 * notice, this list of conditions and the following disclaimer in the 00012 * documentation and/or other materials provided with the distribution. 00013 * * Neither the name of 00014 * Vintela, Inc., 00015 * nor Novell, Inc., 00016 * nor the names of its contributors or employees may be used to 00017 * endorse or promote products derived from this software without 00018 * specific prior written permission. 00019 * 00020 * THIS SOFTWARE IS PROVIDED BY THE COPYRIGHT HOLDERS AND CONTRIBUTORS "AS IS" 00021 * AND ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE 00022 * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE 00023 * ARE DISCLAIMED. IN NO EVENT SHALL THE COPYRIGHT OWNER OR CONTRIBUTORS BE 00024 * LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR 00025 * CONSEQUENTIAL DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF 00026 * SUBSTITUTE GOODS OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS 00027 * INTERRUPTION) HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN 00028 * CONTRACT, STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) 00029 * ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE 00030 * POSSIBILITY OF SUCH DAMAGE. 00031 *******************************************************************************/ 00032 00037 #include "blocxx/BLOCXX_config.h" 00038 #include "blocxx/PathSecurity.hpp" 00039 00040 namespace BLOCXX_NAMESPACE 00041 { 00042 00043 inline bool group_ok(::gid_t gid) 00044 { 00045 #ifdef BLOCXX_SOLARIS 00046 return gid == 0 /* root */ || gid == 3 /* sys */; 00047 #elif defined(BLOCXX_DARWIN) 00048 return gid == 0 /* root */ || gid == 80 /* admin */; 00049 #else 00050 return gid == 0 /* root */; 00051 #endif 00052 } 00053 00054 inline bool check_grp_oth(struct stat const & x) 00055 { 00056 ::mode_t badmsk = group_ok(x.st_gid) ? S_IWOTH : (S_IWGRP | S_IWOTH); 00057 return !(x.st_mode & badmsk); 00058 } 00059 00060 EFileStatusReturn file_ok(struct stat const & x, ::uid_t uid, bool full_path) 00061 { 00062 // Note: originally this disallowed multiple hard links to a file, 00063 // but that restriction is not necessary, as the permissions for a 00064 // file are associated with its inode, and not with its directory 00065 // entries. Note also that it's not a problem if someone does an 00066 // unlink of an alternate path to the file, as this just removes 00067 // the alternate directory entry -- the file itself is not actually 00068 // deleted until there are no hard links at all to it. 00069 EFileStatusReturn retval(E_FILE_OK); 00070 if (x.st_uid == 0 || 00071 #if defined(BLOCXX_HPUX) || defined(BLOCXX_AIX) 00072 // on HP-UX & AIX, many system dirs & files are owned by the bin user, which has a uid of 2. 00073 x.st_uid == 2 || 00074 #endif 00075 x.st_uid == uid) 00076 { 00077 if (!(S_ISLNK(x.st_mode) || check_grp_oth(x) || S_ISDIR(x.st_mode) && !full_path && (x.st_mode & S_ISVTX))) 00078 { 00079 retval = E_FILE_BAD_OTHER; 00080 } 00081 } 00082 else 00083 { 00084 retval = E_FILE_BAD_OWNER; 00085 } 00086 return retval; 00087 } 00088 00089 EFileStatusReturn getFileStatus(struct stat const & x, uid_t uid, bool is_full_path, const String& path) 00090 { 00091 return file_ok(x, uid, is_full_path); 00092 } 00093 00094 bool isPathAbsolute(String const & path) 00095 { 00096 return path.startsWith("/") ? true : false; 00097 } 00098 00099 } // end namespace BLOCXX_NAMESPACE