forked from enlightenment/enlightenment
793 lines
20 KiB
C
793 lines
20 KiB
C
#include "config.h"
|
|
|
|
#define __USE_MISC
|
|
#define _SVID_SOURCE
|
|
#define _DEFAULT_SOURCE
|
|
|
|
#ifdef HAVE_FEATURES_H
|
|
# include <features.h>
|
|
#endif
|
|
|
|
#include <stdio.h>
|
|
#include <stdlib.h>
|
|
#ifdef HAVE_ENVIRON
|
|
# define _GNU_SOURCE 1
|
|
#endif
|
|
#include <unistd.h>
|
|
#include <string.h>
|
|
#include <sys/types.h>
|
|
#include <sys/stat.h>
|
|
#include <sys/wait.h>
|
|
#include <pwd.h>
|
|
#include <grp.h>
|
|
#include <fnmatch.h>
|
|
#include <ctype.h>
|
|
#ifdef HAVE_ALLOCA_H
|
|
#include <alloca.h>
|
|
#endif
|
|
#include <Eina.h>
|
|
|
|
#ifdef HAVE_ENVIRON
|
|
extern char **environ;
|
|
#endif
|
|
|
|
double e_sys_l2ping(const char *bluetooth_mac);
|
|
|
|
/* local subsystem functions */
|
|
#ifdef HAVE_EEZE_MOUNT
|
|
static Eina_Bool mountopts_check(const char *opts);
|
|
static Eina_Bool mount_args_check(int argc, char **argv, const char *action);
|
|
#endif
|
|
static int auth_action_ok(char *a,
|
|
gid_t gid,
|
|
gid_t *gl,
|
|
int gn,
|
|
gid_t egid);
|
|
static int auth_etc_enlightenment_sysactions(char *a,
|
|
char *u,
|
|
char **g);
|
|
static void auth_etc_enlightenment_sysactions_perm(char *path);
|
|
static char *get_word(char *s,
|
|
char *d);
|
|
#if defined(__OpenBSD__)
|
|
|
|
static void
|
|
_exit_backoff(void)
|
|
{
|
|
sleep(3);
|
|
exit(1 << 7);
|
|
}
|
|
|
|
static int
|
|
_check_auth(const char *guess)
|
|
{
|
|
struct passwd *pw_ent;
|
|
uid_t uid = getuid();
|
|
|
|
pw_ent = getpwuid_shadow(uid);
|
|
if (!pw_ent)
|
|
_exit_backoff();
|
|
|
|
return crypt_checkpass(guess, pw_ent->pw_passwd);
|
|
}
|
|
|
|
static int
|
|
auth_generic_enlightenment_desklock(void)
|
|
{
|
|
char buf[4096];
|
|
char byte[1];
|
|
int res = -1;
|
|
int i = 0;
|
|
|
|
while (read(STDIN_FILENO, byte, sizeof(byte)) > 0)
|
|
{
|
|
if (byte[0] == '\n') break;
|
|
buf[i++] = byte[0];
|
|
if (i == sizeof(buf) -1) break;
|
|
}
|
|
|
|
buf[i] = '\0';
|
|
|
|
if (!i)
|
|
_exit_backoff();
|
|
|
|
res = _check_auth(buf);
|
|
|
|
if (res) _exit_backoff();
|
|
|
|
return res;
|
|
}
|
|
|
|
#endif
|
|
|
|
/* local subsystem globals */
|
|
static Eina_Hash *actions = NULL;
|
|
static uid_t uid = -1;
|
|
|
|
/* externally accessible functions */
|
|
int
|
|
main(int argc,
|
|
char **argv)
|
|
{
|
|
int i, gn;
|
|
int test = 0;
|
|
char *action = NULL, *cmd;
|
|
char *output = NULL;
|
|
#ifdef HAVE_EEZE_MOUNT
|
|
Eina_Bool mnt = EINA_FALSE;
|
|
const char *act = NULL;
|
|
#endif
|
|
gid_t gid, gl[65536], egid;
|
|
|
|
for (i = 1; i < argc; i++)
|
|
{
|
|
if ((!strcmp(argv[i], "-h")) ||
|
|
(!strcmp(argv[i], "-help")) ||
|
|
(!strcmp(argv[i], "--help")))
|
|
{
|
|
printf(
|
|
"This is an internal tool for Enlightenment.\n"
|
|
"do not use it.\n"
|
|
);
|
|
exit(0);
|
|
}
|
|
}
|
|
#if defined(__OpenBSD__)
|
|
if (argc >= 2)
|
|
{
|
|
if (!strcmp(argv[1], "-z"))
|
|
{
|
|
exit(auth_generic_enlightenment_desklock());
|
|
}
|
|
}
|
|
#endif
|
|
if (argc >= 3)
|
|
{
|
|
if ((argc == 3) && (!strcmp(argv[1], "-t")))
|
|
{
|
|
test = 1;
|
|
action = argv[2];
|
|
}
|
|
else if (!strcmp(argv[1], "l2ping"))
|
|
{
|
|
action = argv[1];
|
|
output = argv[2];
|
|
}
|
|
#ifdef HAVE_EEZE_MOUNT
|
|
else
|
|
{
|
|
const char *s;
|
|
|
|
s = strrchr(argv[1], '/');
|
|
if ((!s) || (!s[1])) exit(1); /* eeze always uses complete path */
|
|
s++;
|
|
if (strcmp(s, "mount") && strcmp(s, "umount") && strcmp(s, "eject")) exit(1);
|
|
mnt = EINA_TRUE;
|
|
act = s;
|
|
action = argv[1];
|
|
}
|
|
#endif
|
|
}
|
|
else if (argc == 2)
|
|
{
|
|
action = argv[1];
|
|
}
|
|
else
|
|
{
|
|
exit(1);
|
|
}
|
|
if (!action) exit(1);
|
|
fprintf(stderr, "action %s %i\n", action, argc);
|
|
|
|
eina_init();
|
|
|
|
uid = getuid();
|
|
gid = getgid();
|
|
egid = getegid();
|
|
gn = getgroups(65536, gl);
|
|
if (gn < 0)
|
|
{
|
|
printf("ERROR: MEMBER OF MORE THAN 65536 GROUPS\n");
|
|
exit(3);
|
|
}
|
|
if (setuid(0) != 0)
|
|
{
|
|
printf("ERROR: UNABLE TO ASSUME ROOT PRIVILEGES\n");
|
|
exit(5);
|
|
}
|
|
if (setgid(0) != 0)
|
|
{
|
|
printf("ERROR: UNABLE TO ASSUME ROOT GROUP PRIVILEGES\n");
|
|
exit(7);
|
|
}
|
|
|
|
if (!auth_action_ok(action, gid, gl, gn, egid))
|
|
{
|
|
printf("ERROR: ACTION NOT ALLOWED: %s\n", action);
|
|
exit(10);
|
|
}
|
|
/* we can add more levels of auth here */
|
|
|
|
/* when mounting, this will match the exact path to the exe,
|
|
* as required in sysactions.conf
|
|
* this is intentionally pedantic for security
|
|
*/
|
|
cmd = eina_hash_find(actions, action);
|
|
if (!cmd)
|
|
{
|
|
printf("ERROR: UNDEFINED ACTION: %s\n", action);
|
|
exit(20);
|
|
}
|
|
|
|
if (!test && !strcmp(action, "l2ping"))
|
|
{
|
|
char tmp[128];
|
|
double latency;
|
|
|
|
latency = e_sys_l2ping(output);
|
|
|
|
eina_convert_dtoa(latency, tmp);
|
|
fputs(tmp, stdout);
|
|
|
|
return (latency < 0) ? 1 : 0;
|
|
}
|
|
/* sanitize environment */
|
|
#ifdef HAVE_UNSETENV
|
|
# define NOENV(x) unsetenv(x)
|
|
/* pass 1 - just nuke known dangerous env vars brutally if possible via
|
|
* unsetenv(). if you don't have unsetenv... there's pass 2 and 3 */
|
|
NOENV("IFS");
|
|
NOENV("CDPATH");
|
|
NOENV("LOCALDOMAIN");
|
|
NOENV("RES_OPTIONS");
|
|
NOENV("HOSTALIASES");
|
|
NOENV("NLSPATH");
|
|
NOENV("PATH_LOCALE");
|
|
NOENV("COLORTERM");
|
|
NOENV("LANG");
|
|
NOENV("LANGUAGE");
|
|
NOENV("LINGUAS");
|
|
NOENV("TERM");
|
|
NOENV("LD_PRELOAD");
|
|
NOENV("LD_LIBRARY_PATH");
|
|
NOENV("SHLIB_PATH");
|
|
NOENV("LIBPATH");
|
|
NOENV("AUTHSTATE");
|
|
NOENV("DYLD_*");
|
|
NOENV("KRB_CONF*");
|
|
NOENV("KRBCONFDIR");
|
|
NOENV("KRBTKFILE");
|
|
NOENV("KRB5_CONFIG*");
|
|
NOENV("KRB5_KTNAME");
|
|
NOENV("VAR_ACE");
|
|
NOENV("USR_ACE");
|
|
NOENV("DLC_ACE");
|
|
NOENV("TERMINFO");
|
|
NOENV("TERMINFO_DIRS");
|
|
NOENV("TERMPATH");
|
|
NOENV("TERMCAP");
|
|
NOENV("ENV");
|
|
NOENV("BASH_ENV");
|
|
NOENV("PS4");
|
|
NOENV("GLOBIGNORE");
|
|
NOENV("SHELLOPTS");
|
|
NOENV("JAVA_TOOL_OPTIONS");
|
|
NOENV("PERLIO_DEBUG");
|
|
NOENV("PERLLIB");
|
|
NOENV("PERL5LIB");
|
|
NOENV("PERL5OPT");
|
|
NOENV("PERL5DB");
|
|
NOENV("FPATH");
|
|
NOENV("NULLCMD");
|
|
NOENV("READNULLCMD");
|
|
NOENV("ZDOTDIR");
|
|
NOENV("TMPPREFIX");
|
|
NOENV("PYTHONPATH");
|
|
NOENV("PYTHONHOME");
|
|
NOENV("PYTHONINSPECT");
|
|
NOENV("RUBYLIB");
|
|
NOENV("RUBYOPT");
|
|
# ifdef HAVE_ENVIRON
|
|
if (environ)
|
|
{
|
|
int again;
|
|
char *tmp, *p;
|
|
|
|
/* go over environment array again and again... safely */
|
|
do
|
|
{
|
|
again = 0;
|
|
|
|
/* walk through and find first entry that we don't like */
|
|
for (i = 0; environ[i]; i++)
|
|
{
|
|
/* if it begins with any of these, it's possibly nasty */
|
|
if ((!strncmp(environ[i], "LD_", 3)) ||
|
|
(!strncmp(environ[i], "_RLD_", 5)) ||
|
|
(!strncmp(environ[i], "LC_", 3)) ||
|
|
(!strncmp(environ[i], "LDR_", 3)))
|
|
{
|
|
/* unset it */
|
|
tmp = strdup(environ[i]);
|
|
if (!tmp) abort();
|
|
p = strchr(tmp, '=');
|
|
if (!p) abort();
|
|
*p = 0;
|
|
NOENV(tmp);
|
|
free(tmp);
|
|
/* and mark our do to try again from the start in case
|
|
* unsetenv changes environ ptr */
|
|
again = 1;
|
|
break;
|
|
}
|
|
}
|
|
}
|
|
while (again);
|
|
}
|
|
# endif
|
|
#endif
|
|
|
|
/* pass 2 - clear entire environment so it doesn't exist at all. if you
|
|
* can't do this... you're possibly in trouble... but the worst is still
|
|
* fixed in pass 3 */
|
|
#ifdef HAVE_CLEARENV
|
|
clearenv();
|
|
#else
|
|
# ifdef HAVE_ENVIRON
|
|
environ = NULL;
|
|
# endif
|
|
#endif
|
|
|
|
/* pass 3 - set path and ifs to minimal defaults */
|
|
putenv("PATH=/bin:/usr/bin:/sbin:/usr/sbin");
|
|
putenv("IFS= \t\n");
|
|
|
|
if ((!test)
|
|
#ifdef HAVE_EEZE_MOUNT
|
|
&& (!mnt)
|
|
#endif
|
|
)
|
|
return system(cmd);
|
|
#ifdef HAVE_EEZE_MOUNT
|
|
if (mnt)
|
|
{
|
|
int ret = 0;
|
|
const char *mp = NULL;
|
|
Eina_Strbuf *buf = NULL;
|
|
|
|
if (!act) exit(40);
|
|
if (!mount_args_check(argc, argv, act)) exit(40);
|
|
/* all options are deemed safe at this point, so away we go! */
|
|
if (!strcmp(act, "mount"))
|
|
{
|
|
struct stat s;
|
|
|
|
mp = argv[5];
|
|
if (stat("/media", &s))
|
|
{
|
|
mode_t um;
|
|
|
|
um = umask(0);
|
|
if (mkdir("/media", S_IRWXU | S_IRGRP | S_IXGRP | S_IROTH | S_IXOTH))
|
|
{
|
|
printf("ERROR: COULD NOT CREATE DIRECTORY /media\n");
|
|
exit(40);
|
|
}
|
|
umask(um);
|
|
}
|
|
else if (!S_ISDIR(s.st_mode))
|
|
{
|
|
printf("ERROR: NOT A DIRECTORY: /media\n");
|
|
exit(40);
|
|
}
|
|
|
|
if (stat(mp, &s))
|
|
{
|
|
mode_t um;
|
|
|
|
um = umask(0);
|
|
if (mkdir(mp, S_IRWXU | S_IRGRP | S_IXGRP | S_IROTH | S_IXOTH))
|
|
{
|
|
printf("ERROR: COULD NOT CREATE DIRECTORY %s\n", mp);
|
|
exit(40);
|
|
}
|
|
umask(um);
|
|
}
|
|
else if (!S_ISDIR(s.st_mode))
|
|
{
|
|
printf("ERROR: NOT A DIRECTORY: %s\n", mp);
|
|
exit(40);
|
|
}
|
|
}
|
|
buf = eina_strbuf_new();
|
|
if (!buf) exit(30);
|
|
for (i = 1; i < argc; i++)
|
|
eina_strbuf_append_printf(buf, "%s ", argv[i]);
|
|
ret = system(eina_strbuf_string_get(buf));
|
|
if ((!strcmp(act, "umount")) && (!ret))
|
|
{
|
|
Eina_Iterator *it;
|
|
char path[PATH_MAX];
|
|
const char *s;
|
|
struct stat st;
|
|
Eina_Bool rm = EINA_TRUE;
|
|
|
|
mp = strrchr(argv[2], '/');
|
|
if (!mp) return ret;
|
|
snprintf(path, sizeof(path), "/media%s", mp);
|
|
if (stat(path, &st)) return ret;
|
|
if (!S_ISDIR(st.st_mode)) return ret;
|
|
it = eina_file_ls(path);
|
|
EINA_ITERATOR_FOREACH(it, s)
|
|
{
|
|
/* don't delete any directories with files in them */
|
|
rm = EINA_FALSE;
|
|
eina_stringshare_del(s);
|
|
}
|
|
if (rm)
|
|
{
|
|
if (rmdir(path))
|
|
printf("ERROR: COULD NOT UNLINK MOUNT POINT %s\n", path);
|
|
}
|
|
}
|
|
return ret;
|
|
}
|
|
#endif
|
|
eina_shutdown();
|
|
|
|
return 0;
|
|
}
|
|
|
|
/* local subsystem functions */
|
|
#ifdef HAVE_EEZE_MOUNT
|
|
static Eina_Bool
|
|
mountopts_check(const char *opts)
|
|
{
|
|
char buf[64];
|
|
const char *p;
|
|
char *end;
|
|
unsigned long muid;
|
|
Eina_Bool nosuid, nodev, noexec, nuid;
|
|
|
|
nosuid = nodev = noexec = nuid = EINA_FALSE;
|
|
|
|
/* these are the only possible options which can be present here; check them strictly */
|
|
if (eina_strlcpy(buf, opts, sizeof(buf)) >= sizeof(buf)) return EINA_FALSE;
|
|
for (p = buf; p && p[1]; p = strchr(p + 1, ','))
|
|
{
|
|
if (p[0] == ',') p++;
|
|
#define CMP(OPT) \
|
|
if (!strncmp(p, OPT, sizeof(OPT) - 1))
|
|
|
|
CMP("nosuid,")
|
|
{
|
|
nosuid = EINA_TRUE;
|
|
continue;
|
|
}
|
|
CMP("nodev,")
|
|
{
|
|
nodev = EINA_TRUE;
|
|
continue;
|
|
}
|
|
CMP("noexec,")
|
|
{
|
|
noexec = EINA_TRUE;
|
|
continue;
|
|
}
|
|
CMP("utf8,") continue;
|
|
CMP("utf8=0,") continue;
|
|
CMP("utf8=1,") continue;
|
|
CMP("iocharset=utf8,") continue;
|
|
CMP("uid=")
|
|
{
|
|
p += 4;
|
|
errno = 0;
|
|
muid = strtoul(p, &end, 10);
|
|
if (muid == ULONG_MAX) return EINA_FALSE;
|
|
if (errno) return EINA_FALSE;
|
|
if (end[0] != ',') return EINA_FALSE;
|
|
if (muid != uid) return EINA_FALSE;
|
|
nuid = EINA_TRUE;
|
|
continue;
|
|
}
|
|
return EINA_FALSE;
|
|
}
|
|
if ((!nosuid) || (!nodev) || (!noexec) || (!nuid)) return EINA_FALSE;
|
|
return EINA_TRUE;
|
|
}
|
|
|
|
static Eina_Bool
|
|
check_uuid(const char *uuid)
|
|
{
|
|
const char *p;
|
|
|
|
for (p = uuid; p[0]; p++)
|
|
if ((!isalnum(*p)) && (*p != '-')) return EINA_FALSE;
|
|
return EINA_TRUE;
|
|
}
|
|
|
|
static Eina_Bool
|
|
mount_args_check(int argc, char **argv, const char *action)
|
|
{
|
|
Eina_Bool opts = EINA_FALSE;
|
|
struct stat st;
|
|
const char *node;
|
|
char buf[PATH_MAX];
|
|
|
|
if (!strcmp(action, "mount"))
|
|
{
|
|
/* will ALWAYS be:
|
|
/path/to/mount -o nosuid,uid=XYZ,[utf8,] UUID=XXXX-XXXX[-XXXX-XXXX] /media/$devnode
|
|
*/
|
|
if (argc != 6) return EINA_FALSE;
|
|
if (argv[2][0] == '-')
|
|
{
|
|
/* disallow any -options other than -o */
|
|
if (strcmp(argv[2], "-o")) return EINA_FALSE;
|
|
opts = mountopts_check(argv[3]);
|
|
}
|
|
if (!opts) return EINA_FALSE;
|
|
if (!strncmp(argv[4], "UUID=", sizeof("UUID=") - 1))
|
|
{
|
|
if (!check_uuid(argv[4] + 5)) return EINA_FALSE;
|
|
}
|
|
else
|
|
{
|
|
if (strncmp(argv[4], "/dev/", 5)) return EINA_FALSE;
|
|
if (stat(argv[4], &st)) return EINA_FALSE;
|
|
}
|
|
|
|
node = strrchr(argv[5], '/');
|
|
if (!node) return EINA_FALSE;
|
|
if (!node[1]) return EINA_FALSE;
|
|
if (node - argv[5] != 6) return EINA_FALSE;
|
|
snprintf(buf, sizeof(buf), "/dev%s", node);
|
|
if (stat(buf, &st)) return EINA_FALSE;
|
|
}
|
|
else if (!strcmp(action, "umount"))
|
|
{
|
|
/* will ALWAYS be:
|
|
/path/to/umount /dev/$devnode
|
|
*/
|
|
if (argc != 3) return EINA_FALSE;
|
|
if (strncmp(argv[2], "/dev/", 5)) return EINA_FALSE;
|
|
if (stat(argv[2], &st)) return EINA_FALSE;
|
|
node = strrchr(argv[2], '/');
|
|
if (!node) return EINA_FALSE;
|
|
if (!node[1]) return EINA_FALSE;
|
|
if (node - argv[2] != 4) return EINA_FALSE;
|
|
/* this is good, but it prevents umounting user-mounted removable media;
|
|
* need to figure out a better way...
|
|
*
|
|
snprintf(buf, sizeof(buf), "/media%s", node);
|
|
if (stat(buf, &st)) return EINA_FALSE;
|
|
if (!S_ISDIR(st.st_mode)) return EINA_FALSE;
|
|
*/
|
|
}
|
|
else if (!strcmp(action, "eject"))
|
|
{
|
|
/* will ALWAYS be:
|
|
/path/to/eject /dev/$devnode
|
|
*/
|
|
if (argc != 3) return EINA_FALSE;
|
|
if (strncmp(argv[2], "/dev/", 5)) return EINA_FALSE;
|
|
if (stat(argv[2], &st)) return EINA_FALSE;
|
|
node = strrchr(argv[2], '/');
|
|
if (!node) return EINA_FALSE;
|
|
if (!node[1]) return EINA_FALSE;
|
|
if (node - argv[2] != 4) return EINA_FALSE;
|
|
}
|
|
else return EINA_FALSE;
|
|
return EINA_TRUE;
|
|
}
|
|
|
|
#endif
|
|
|
|
static int
|
|
auth_action_ok(char *a,
|
|
gid_t gid,
|
|
gid_t *gl,
|
|
int gn,
|
|
gid_t egid)
|
|
{
|
|
struct passwd *pw;
|
|
struct group *gp;
|
|
char *usr = NULL, **grp, *g;
|
|
int ret, i, j;
|
|
|
|
pw = getpwuid(uid);
|
|
if (!pw) return 0;
|
|
usr = pw->pw_name;
|
|
if (!usr) return 0;
|
|
grp = alloca(sizeof(char *) * (gn + 1 + 1));
|
|
j = 0;
|
|
gp = getgrgid(gid);
|
|
if (gp)
|
|
{
|
|
grp[j] = gp->gr_name;
|
|
j++;
|
|
}
|
|
for (i = 0; i < gn; i++)
|
|
{
|
|
if (gl[i] != egid)
|
|
{
|
|
gp = getgrgid(gl[i]);
|
|
if (gp)
|
|
{
|
|
g = alloca(strlen(gp->gr_name) + 1);
|
|
strcpy(g, gp->gr_name);
|
|
grp[j] = g;
|
|
j++;
|
|
}
|
|
}
|
|
}
|
|
grp[j] = NULL;
|
|
/* first stage - check:
|
|
* PREFIX/etc/enlightenment/sysactions.conf
|
|
*/
|
|
ret = auth_etc_enlightenment_sysactions(a, usr, grp);
|
|
if (ret == 1) return 1;
|
|
else if (ret == -1)
|
|
return 0;
|
|
/* the DEFAULT - allow */
|
|
return 1;
|
|
}
|
|
|
|
static int
|
|
auth_etc_enlightenment_sysactions(char *a,
|
|
char *u,
|
|
char **g)
|
|
{
|
|
FILE *f;
|
|
char file[4096], buf[4096], id[4096], ugname[4096], perm[4096], act[4096];
|
|
char *p, *pp, *s, **gp;
|
|
int ok = 0;
|
|
size_t len, line = 0;
|
|
int allow = 0;
|
|
int deny = 0;
|
|
|
|
snprintf(file, sizeof(file), "/etc/enlightenment/sysactions.conf");
|
|
f = fopen(file, "r");
|
|
if (!f)
|
|
{
|
|
snprintf(file, sizeof(file), PACKAGE_SYSCONF_DIR "/enlightenment/sysactions.conf");
|
|
f = fopen(file, "r");
|
|
if (!f) return 0;
|
|
}
|
|
|
|
auth_etc_enlightenment_sysactions_perm(file);
|
|
|
|
while (fgets(buf, sizeof(buf), f))
|
|
{
|
|
line++;
|
|
len = strlen(buf);
|
|
if (len < 1) continue;
|
|
if (buf[len - 1] == '\n') buf[len - 1] = 0;
|
|
/* format:
|
|
*
|
|
* # comment
|
|
* user: username [allow:|deny:] halt reboot ...
|
|
* group: groupname [allow:|deny:] suspend ...
|
|
*/
|
|
if (buf[0] == '#') continue;
|
|
p = buf;
|
|
p = get_word(p, id);
|
|
p = get_word(p, ugname);
|
|
pp = p;
|
|
p = get_word(p, perm);
|
|
allow = 0;
|
|
deny = 0;
|
|
if (!strcmp(id, "user:"))
|
|
{
|
|
if (!fnmatch(ugname, u, 0))
|
|
{
|
|
if (!strcmp(perm, "allow:")) allow = 1;
|
|
else if (!strcmp(perm, "deny:"))
|
|
deny = 1;
|
|
else
|
|
goto malformed;
|
|
}
|
|
else
|
|
continue;
|
|
}
|
|
else if (!strcmp(id, "group:"))
|
|
{
|
|
Eina_Bool matched = EINA_FALSE;
|
|
|
|
for (gp = g; *gp; gp++)
|
|
{
|
|
if (!fnmatch(ugname, *gp, 0))
|
|
{
|
|
matched = EINA_TRUE;
|
|
if (!strcmp(perm, "allow:")) allow = 1;
|
|
else if (!strcmp(perm, "deny:"))
|
|
deny = 1;
|
|
else
|
|
goto malformed;
|
|
}
|
|
}
|
|
if (!matched) continue;
|
|
}
|
|
else if (!strcmp(id, "action:"))
|
|
{
|
|
while ((*pp) && (isspace(*pp)))
|
|
pp++;
|
|
s = eina_hash_find(actions, ugname);
|
|
if (s) eina_hash_del(actions, ugname, s);
|
|
if (!actions) actions = eina_hash_string_superfast_new(free);
|
|
eina_hash_add(actions, ugname, strdup(pp));
|
|
continue;
|
|
}
|
|
else if (id[0] == 0)
|
|
continue;
|
|
else
|
|
goto malformed;
|
|
|
|
for (;; )
|
|
{
|
|
p = get_word(p, act);
|
|
if (act[0] == 0) break;
|
|
if (!fnmatch(act, a, 0))
|
|
{
|
|
if (allow) ok = 1;
|
|
else if (deny)
|
|
ok = -1;
|
|
goto done;
|
|
}
|
|
}
|
|
|
|
continue;
|
|
malformed:
|
|
printf("WARNING: %s:%zu\n"
|
|
"LINE: '%s'\n"
|
|
"MALFORMED LINE. SKIPPED.\n",
|
|
file, line, buf);
|
|
}
|
|
done:
|
|
fclose(f);
|
|
return ok;
|
|
}
|
|
|
|
static void
|
|
auth_etc_enlightenment_sysactions_perm(char *path)
|
|
{
|
|
struct stat st;
|
|
if (stat(path, &st) == -1)
|
|
return;
|
|
|
|
if ((st.st_mode & S_IWGRP) || (st.st_mode & S_IXGRP) ||
|
|
(st.st_mode & S_IWOTH) || (st.st_mode & S_IXOTH))
|
|
{
|
|
printf("ERROR: CONFIGURATION FILE HAS BAD PERMISSIONS (writable by group and/or others)\n");
|
|
exit(10);
|
|
}
|
|
}
|
|
|
|
static char *
|
|
get_word(char *s,
|
|
char *d)
|
|
{
|
|
char *p1, *p2;
|
|
|
|
p1 = s;
|
|
p2 = d;
|
|
while (*p1)
|
|
{
|
|
if (p2 == d)
|
|
{
|
|
if (isspace(*p1))
|
|
{
|
|
p1++;
|
|
continue;
|
|
}
|
|
}
|
|
if (isspace(*p1)) break;
|
|
*p2 = *p1;
|
|
p1++;
|
|
p2++;
|
|
}
|
|
*p2 = 0;
|
|
return p1;
|
|
}
|
|
|