/[pdpsoft]/trunk/grid-mw-security/cgul/fileutil/fileutil.c
ViewVC logotype

Diff of /trunk/grid-mw-security/cgul/fileutil/fileutil.c

Parent Directory Parent Directory | Revision Log Revision Log | View Patch Patch

revision 1828 by msalle, Tue Jun 22 10:15:54 2010 UTC revision 1829 by msalle, Wed Jun 30 12:58:45 2010 UTC
# Line 286  int cgul_read_config(const char *path, c Line 286  int cgul_read_config(const char *path, c
286          target_gid=trust_gid==0 ? gid : trust_gid;          target_gid=trust_gid==0 ? gid : trust_gid;
287          /* when target_uid!=0 then set privileges */          /* when target_uid!=0 then set privileges */
288          if (target_uid!=0 && priv_drop(target_uid,target_gid))          if (target_uid!=0 && priv_drop(target_uid,target_gid))
289              return -2;              return -2; /* privdrop error */
290      } else  {      } else  {
291          /* Nothing to switch, trust_uid/trust_gid will be used to check the file          /* Nothing to switch, trust_uid/trust_gid will be used to check the file
292           * permissions only. */           * permissions only. */
# Line 304  int cgul_read_config(const char *path, c Line 304  int cgul_read_config(const char *path, c
304           safe_add_id_to_list(&ulist,target_uid) || /* ignored (0) when           safe_add_id_to_list(&ulist,target_uid) || /* ignored (0) when
305                                                        non-switching */                                                        non-switching */
306           safe_add_id_to_list(&glist,trust_gid) )    {           safe_add_id_to_list(&glist,trust_gid) )    {
307          raise_priv(euid,egid); return -4;          raise_priv(euid,egid); return -4; /* out-of-memory */
308      }      }
309      /* Do an stat so that we can compare modes etc. before/after, note we use      /* Do an stat so that we can compare modes etc. before/after, note we use
310       * stat and not lstat, because we want to know information about the target,       * stat and not lstat, because we want to know information about the target,
311       * not the symlink. In particular we need the size of the target! */       * not the symlink. In particular we need the size of the target! */
312      if (stat(path,&st_before))  {      if (stat(path,&st_before))  {
313          raise_priv(euid,egid); return -2;          raise_priv(euid,egid); return -1; /* I/O error */
314      }      }
315    
316      /* Check trust */      /* Check trust */
# Line 322  int cgul_read_config(const char *path, c Line 322  int cgul_read_config(const char *path, c
322      switch (trust)  {      switch (trust)  {
323          case SAFE_PATH_ERROR:          case SAFE_PATH_ERROR:
324              /* checking failed */              /* checking failed */
325              raise_priv(euid,egid); return -5;              raise_priv(euid,egid); return -5; /* unknown error */
326          case SAFE_PATH_UNTRUSTED:          case SAFE_PATH_UNTRUSTED:
327              /* Perms are wrong */              /* Perms are wrong */
328              raise_priv(euid,egid); return -3;              raise_priv(euid,egid); return -3; /* perm error */
329          case SAFE_PATH_TRUSTED:          case SAFE_PATH_TRUSTED:
330          case SAFE_PATH_TRUSTED_STICKY_DIR:          case SAFE_PATH_TRUSTED_STICKY_DIR:
331              /* Only good in non-switching mode: */              /* Only good in non-switching mode: */
332              if (switching)  { /* perms are wrong */              if (switching)  { /* perms are wrong */
333                  raise_priv(euid,egid); return -3;                  raise_priv(euid,egid); return -3; /* perm error */
334              }              }
335              /* not-switching, perms are ok */              /* not-switching, perms are ok */
336              break;              break;
# Line 339  int cgul_read_config(const char *path, c Line 339  int cgul_read_config(const char *path, c
339              break;              break;
340          default:          default:
341              /* Unknown state, should not be reached */              /* Unknown state, should not be reached */
342              raise_priv(euid,egid); return -5;              raise_priv(euid,egid); return -5; /* unknown error */
343      }      }
344      /* Open file and stat the file (latter for size) */      /* Open file and stat the file (latter for size) */
345      if ((fd=open(path,O_RDONLY))==-1)   {      if ((fd=open(path,O_RDONLY))==-1)   {
346          raise_priv(euid,egid); return -1;          raise_priv(euid,egid); return -1; /* I/O error */
347      }      }
348      /* Get expected space, don't forget trailing '\0' */      /* Get expected space, don't forget trailing '\0' */
349      if ( (buf=(char *)malloc((size_t)(st_before.st_size+sizeof(char))))==NULL)      if ( (buf=(char *)malloc((size_t)(st_before.st_size+sizeof(char))))==NULL)
350      {      {
351          close(fd); raise_priv(euid,egid); return -4;          close(fd); raise_priv(euid,egid); return -4; /* out-of-memory */
352      }      }
353      /* Read the file, check we get right size */      /* Read the file, check we get right size */
354      if ( read(fd,buf,st_before.st_size)!=(ssize_t)st_before.st_size ||      if ( read(fd,buf,st_before.st_size)!=(ssize_t)st_before.st_size ||
# Line 364  int cgul_read_config(const char *path, c Line 364  int cgul_read_config(const char *path, c
364          /* something changed or went wrong: classify all as I/O error, because          /* something changed or went wrong: classify all as I/O error, because
365           * we were reading a trusted or confidential file.           * we were reading a trusted or confidential file.
366           * Don't return yet, we want to free the memory centrally */           * Don't return yet, we want to free the memory centrally */
367          rc=-1;          rc=-1; /* I/O error */
368      else    {      else    {
369          /* add trailing '\0' */          /* add trailing '\0' */
370          buf[st_after.st_size]='\0';          buf[st_after.st_size]='\0';

Legend:
Removed from v.1828  
changed lines
  Added in v.1829

grid.support@nikhef.nl
ViewVC Help
Powered by ViewVC 1.1.28