source: rtems/cpukit/libcsupport/src/sup_fs_check_permissions.c @ 1c6926c1

5
Last change on this file since 1c6926c1 was b8bd90f6, checked in by Sebastian Huber <sebastian.huber@…>, on 11/17/14 at 08:01:53

Add supplementary groups to user environment
  • Property mode set to 100644
File size: 2.7 KB
Line 
1/**
2 *  @file
3 *
4 *  @brief RTEMS File System Permissions Check Support
5 *  @ingroup LibIOInternal
6 */
7
8/*
9 * Copyright (c) 2012 embedded brains GmbH.  All rights reserved.
10 *
11 *  embedded brains GmbH
12 *  Obere Lagerstr. 30
13 *  82178 Puchheim
14 *  Germany
15 *  <rtems@embedded-brains.de>
16 *
17 * The license and distribution terms for this file may be
18 * found in the file LICENSE in this distribution or at
19 * http://www.rtems.org/license/LICENSE.
20 */
21
22#if HAVE_CONFIG_H
23  #include "config.h"
24#endif
25
26#include <sys/stat.h>
27
28#include <rtems/libio_.h>
29
30#define RTEMS_FS_USR_SHIFT 6
31#define RTEMS_FS_GRP_SHIFT 3
32#define RTEMS_FS_OTH_SHIFT 0
33
34RTEMS_STATIC_ASSERT(
35  (RTEMS_FS_PERMS_READ << RTEMS_FS_USR_SHIFT) == S_IRUSR,
36  S_IRUSR
37);
38RTEMS_STATIC_ASSERT(
39  (RTEMS_FS_PERMS_READ << RTEMS_FS_GRP_SHIFT) == S_IRGRP,
40  S_IRGRP
41);
42RTEMS_STATIC_ASSERT(
43  (RTEMS_FS_PERMS_READ << RTEMS_FS_OTH_SHIFT) == S_IROTH,
44  S_IROTH
45);
46
47RTEMS_STATIC_ASSERT(
48  (RTEMS_FS_PERMS_WRITE << RTEMS_FS_USR_SHIFT) == S_IWUSR,
49  S_IWUSR
50);
51RTEMS_STATIC_ASSERT(
52  (RTEMS_FS_PERMS_WRITE << RTEMS_FS_GRP_SHIFT) == S_IWGRP,
53  S_IWGRP
54);
55RTEMS_STATIC_ASSERT(
56  (RTEMS_FS_PERMS_WRITE << RTEMS_FS_OTH_SHIFT) == S_IWOTH,
57  S_IWOTH
58);
59
60RTEMS_STATIC_ASSERT(
61  (RTEMS_FS_PERMS_EXEC << RTEMS_FS_USR_SHIFT) == S_IXUSR,
62  S_IXUSR
63);
64RTEMS_STATIC_ASSERT(
65  (RTEMS_FS_PERMS_EXEC << RTEMS_FS_GRP_SHIFT) == S_IXGRP,
66  S_IXGRP
67);
68RTEMS_STATIC_ASSERT(
69  (RTEMS_FS_PERMS_EXEC << RTEMS_FS_OTH_SHIFT) == S_IXOTH,
70  S_IXOTH
71);
72
73static bool equals_supplementary_group(
74  const rtems_user_env_t *uenv,
75  gid_t object_gid
76)
77{
78  size_t i;
79
80  for (i = 0; i < uenv->ngroups; ++i) {
81    if (uenv->groups[i] == object_gid) {
82      return true;
83    }
84  }
85
86  return false;
87}
88
89bool rtems_filesystem_check_access(
90  int flags,
91  mode_t object_mode,
92  uid_t object_uid,
93  gid_t object_gid
94)
95{
96  const rtems_user_env_t *uenv = rtems_current_user_env_get();
97  mode_t access_flags = flags & RTEMS_FS_PERMS_RWX;
98  uid_t task_uid = uenv->euid;
99
100  if (task_uid == 0 || task_uid == object_uid) {
101    access_flags <<= RTEMS_FS_USR_SHIFT;
102  } else {
103    gid_t task_gid = uenv->egid;
104
105    if (
106      task_gid == 0
107        || task_gid == object_gid
108        || equals_supplementary_group(uenv, object_gid)
109    ) {
110      access_flags <<= RTEMS_FS_GRP_SHIFT;
111    } else {
112      access_flags <<= RTEMS_FS_OTH_SHIFT;
113    }
114  }
115
116  return (access_flags & object_mode) == access_flags;
117}
118
119bool rtems_filesystem_eval_path_check_access(
120  rtems_filesystem_eval_path_context_t *ctx,
121  int eval_flags,
122  mode_t node_mode,
123  uid_t node_uid,
124  gid_t node_gid
125)
126{
127  bool access_ok = rtems_filesystem_check_access(
128    eval_flags,
129    node_mode,
130    node_uid,
131    node_gid
132  );
133
134  if (!access_ok) {
135    rtems_filesystem_eval_path_error(ctx, EACCES);
136  }
137
138  return access_ok;
139}
Note: See TracBrowser for help on using the repository browser.