X-Git-Url: http://ncurses.scripts.mit.edu/?a=blobdiff_plain;f=ncurses%2Ftinfo%2Faccess.c;h=a735db26eee600c5fb218c83224de4324aeb75bf;hb=HEAD;hp=6fbe9217604556aec637c048d8d66825c20b1100;hpb=c633e5103a29a38532cf1925257b91cea33fd090;p=ncurses.git

diff --git a/ncurses/tinfo/access.c b/ncurses/tinfo/access.c
index 6fbe9217..50a5769c 100644
--- a/ncurses/tinfo/access.c
+++ b/ncurses/tinfo/access.c
@@ -1,5 +1,6 @@
 /****************************************************************************
- * Copyright (c) 1998,2000 Free Software Foundation, Inc.                   *
+ * Copyright 2019-2021,2023 Thomas E. Dickey                                *
+ * Copyright 1998-2011,2012 Free Software Foundation, Inc.                  *
  *                                                                          *
  * Permission is hereby granted, free of charge, to any person obtaining a  *
  * copy of this software and associated documentation files (the            *
@@ -27,68 +28,257 @@
  ****************************************************************************/
 
 /****************************************************************************
- *  Author: Thomas E. Dickey <dickey@clark.net> 1998,2000                   *
+ *  Author: Thomas E. Dickey                                                *
  ****************************************************************************/
 
 #include <curses.priv.h>
+
+#include <ctype.h>
+
+#ifndef USE_ROOT_ACCESS
+#if HAVE_SETFSUID
+#include <sys/fsuid.h>
+#else
+#include <sys/stat.h>
+#endif
+#endif
+
+#if HAVE_GETAUXVAL && HAVE_SYS_AUXV_H && defined(__GLIBC__) && (__GLIBC__ == 2 && __GLIBC_MINOR__ >= 19)
+#include <sys/auxv.h>
+#define USE_GETAUXVAL 1
+#else
+#define USE_GETAUXVAL 0
+#endif
+
 #include <tic.h>
 
-MODULE_ID("$Id: access.c,v 1.4 2000/10/08 01:25:06 tom Exp $")
+MODULE_ID("$Id: access.c,v 1.37 2023/06/24 21:55:09 tom Exp $")
 
-char *
-_nc_basename(char *path)
+#define LOWERCASE(c) ((isalpha(UChar(c)) && isupper(UChar(c))) ? tolower(UChar(c)) : (c))
+
+#ifdef _NC_MSC
+# define ACCESS(FN, MODE) access((FN), (MODE)&(R_OK|W_OK))
+#else
+# define ACCESS access
+#endif
+
+NCURSES_EXPORT(char *)
+_nc_rootname(char *path)
+{
+    char *result = _nc_basename(path);
+#if !MIXEDCASE_FILENAMES || defined(PROG_EXT)
+    static char *temp;
+    char *s;
+
+    if ((temp = strdup(result)) != 0)
+	result = temp;
+#if !MIXEDCASE_FILENAMES
+    for (s = result; *s != '\0'; ++s) {
+	*s = (char) LOWERCASE(*s);
+    }
+#endif
+#if defined(PROG_EXT)
+    if ((s = strrchr(result, '.')) != 0) {
+	if (!strcmp(s, PROG_EXT))
+	    *s = '\0';
+    }
+#endif
+#endif
+    return result;
+}
+
+/*
+ * Check if a string appears to be an absolute pathname.
+ */
+NCURSES_EXPORT(bool)
+_nc_is_abs_path(const char *path)
+{
+#if defined(__EMX__) || defined(__DJGPP__)
+#define is_pathname(s) ((((s) != 0) && ((s)[0] == '/')) \
+		  || (((s)[0] != 0) && ((s)[1] == ':')))
+#else
+#define is_pathname(s) ((s) != 0 && (s)[0] == '/')
+#endif
+    return is_pathname(path);
+}
+
+/*
+ * Return index of the basename
+ */
+NCURSES_EXPORT(unsigned)
+_nc_pathlast(const char *path)
 {
-    char *result = strrchr(path, '/');
+    const char *test = strrchr(path, '/');
 #ifdef __EMX__
-    if (result == 0)
-	result = strrchr(path, '\\');
+    if (test == 0)
+	test = strrchr(path, '\\');
 #endif
-    if (result == 0)
-	result = path;
+    if (test == 0)
+	test = path;
     else
-	result++;
-    return result;
+	test++;
+    return (unsigned) (test - path);
+}
+
+NCURSES_EXPORT(char *)
+_nc_basename(char *path)
+{
+    return path + _nc_pathlast(path);
 }
 
-int
+NCURSES_EXPORT(int)
 _nc_access(const char *path, int mode)
 {
-    if (access(path, mode) < 0) {
+    int result;
+
+    if (path == 0) {
+	result = -1;
+    } else if (ACCESS(path, mode) < 0) {
 	if ((mode & W_OK) != 0
 	    && errno == ENOENT
 	    && strlen(path) < PATH_MAX) {
 	    char head[PATH_MAX];
-	    char *leaf = _nc_basename(strcpy(head, path));
+	    char *leaf;
 
+	    _nc_STRCPY(head, path, sizeof(head));
+	    leaf = _nc_basename(head);
 	    if (leaf == 0)
 		leaf = head;
 	    *leaf = '\0';
 	    if (head == leaf)
-		(void) strcpy(head, ".");
+		_nc_STRCPY(head, ".", sizeof(head));
 
-	    return access(head, R_OK | W_OK | X_OK);
+	    result = ACCESS(head, R_OK | W_OK | X_OK);
+	} else {
+	    result = -1;
 	}
-	return -1;
+    } else {
+	result = 0;
     }
-    return 0;
+    return result;
 }
 
-#ifndef USE_ROOT_ENVIRON
+NCURSES_EXPORT(bool)
+_nc_is_dir_path(const char *path)
+{
+    bool result = FALSE;
+    struct stat sb;
+
+    if (stat(path, &sb) == 0
+	&& S_ISDIR(sb.st_mode)) {
+	result = TRUE;
+    }
+    return result;
+}
+
+NCURSES_EXPORT(bool)
+_nc_is_file_path(const char *path)
+{
+    bool result = FALSE;
+    struct stat sb;
+
+    if (stat(path, &sb) == 0
+	&& S_ISREG(sb.st_mode)) {
+	result = TRUE;
+    }
+    return result;
+}
+
+#if HAVE_GETEUID && HAVE_GETEGID
+#define is_posix_elevated() \
+	(getuid() != geteuid() \
+	 || getgid() != getegid())
+#else
+#define is_posix_elevated() FALSE
+#endif
+
+#if HAVE_ISSETUGID
+#define is_elevated() issetugid()
+#elif USE_GETAUXVAL && defined(AT_SECURE)
+#define is_elevated() \
+	(getauxval(AT_SECURE) \
+	 ? TRUE \
+	 : (errno != ENOENT \
+	    ? FALSE \
+	    : is_posix_elevated()))
+#else
+#define is_elevated() is_posix_elevated()
+#endif
+
+#if HAVE_SETFSUID
+#define lower_privileges() \
+	    int save_err = errno; \
+	    setfsuid(getuid()); \
+	    setfsgid(getgid()); \
+	    errno = save_err
+#define resume_elevation() \
+	    save_err = errno; \
+	    setfsuid(geteuid()); \
+	    setfsgid(getegid()); \
+	    errno = save_err
+#else
+#define lower_privileges()	/* nothing */
+#define resume_elevation()	/* nothing */
+#endif
+
 /*
- * Returns true if we allow application to use environment variables that are
- * used for searching lists of directories, etc.
+ * Returns true if not running as root or setuid.  We use this check to allow
+ * applications to use environment variables that are used for searching lists
+ * of directories, etc.
  */
-int
+NCURSES_EXPORT(int)
 _nc_env_access(void)
 {
-#if HAVE_ISSETUGID
-    if (issetugid())
-	return FALSE;
-#elif HAVE_GETEUID && HAVE_GETEGID
-    if (getuid() != geteuid()
-     || getgid() != getegid())
-	return FALSE;
-#endif
-    return getuid() != 0;	/* ...finally, disallow root */
+    int result = TRUE;
+
+#if HAVE_GETUID && HAVE_GETEUID
+#if !defined(USE_SETUID_ENVIRON)
+    if (is_elevated()) {
+	result = FALSE;
+    }
+#endif
+#if !defined(USE_ROOT_ENVIRON)
+    if ((getuid() == ROOT_UID) || (geteuid() == ROOT_UID)) {
+	result = FALSE;
+    }
+#endif
+#endif /* HAVE_GETUID && HAVE_GETEUID */
+    return result;
+}
+
+#ifndef USE_ROOT_ACCESS
+/*
+ * Limit privileges if possible; otherwise disallow access for updating files.
+ */
+NCURSES_EXPORT(FILE *)
+_nc_safe_fopen(const char *path, const char *mode)
+{
+    FILE *result = NULL;
+#if HAVE_SETFSUID
+    lower_privileges();
+    result = fopen(path, mode);
+    resume_elevation();
+#else
+    if (!is_elevated() || *mode == 'r') {
+	result = fopen(path, mode);
+    }
+#endif
+    return result;
 }
+
+NCURSES_EXPORT(int)
+_nc_safe_open3(const char *path, int flags, mode_t mode)
+{
+    int result = -1;
+#if HAVE_SETFSUID
+    lower_privileges();
+    result = open(path, flags, mode);
+    resume_elevation();
+#else
+    if (!is_elevated() || (flags & O_RDONLY)) {
+	result = open(path, flags, mode);
+    }
 #endif
+    return result;
+}
+#endif /* USE_ROOT_ACCESS */