Пример #1
0
/*
 * copy_dir - copy a directory
 *
 *	Copy a directory (recursively) from src to dst.
 *
 *	statp, mt, uid, gid are used to set the access and modification and the
 *	access rights.
 *
 *	Return 0 on success, -1 on error.
 */
static int copy_dir (const char *src, const char *dst,
                     const struct stat *statp, const struct timeval mt[],
                     long int uid, long int gid)
{
	int err = 0;

	/*
	 * Create a new target directory, make it owned by
	 * the user and then recursively copy that directory.
	 */

#ifdef WITH_SELINUX
	selinux_file_context (dst);
#endif
	if (   (mkdir (dst, statp->st_mode) != 0)
	    || (chown (dst,
	               (uid == - 1) ? statp->st_uid : (uid_t) uid,
	               (gid == - 1) ? statp->st_gid : (gid_t) gid) != 0)
	    || (chmod (dst, statp->st_mode) != 0)
	    || (copy_tree (src, dst, uid, gid) != 0)
	    || (utimes (dst, mt) != 0)) {
		err = -1;
	}

	return err;
}
Пример #2
0
/*
 * copy_file - copy a file
 *
 *	Copy a file from src to dst.
 *
 *	statp, mt, uid, gid are used to set the access and modification and the
 *	access rights.
 *
 *	Return 0 on success, -1 on error.
 */
static int copy_file (const char *src, const char *dst,
                      const struct stat *statp, const struct timeval mt[],
                      long int uid, long int gid)
{
	int err = 0;
	int ifd;
	int ofd;
	char buf[1024];
	ssize_t cnt;

	ifd = open (src, O_RDONLY);
	if (ifd < 0) {
		return -1;
	}
#ifdef WITH_SELINUX
	selinux_file_context (dst);
#endif
	ofd = open (dst, O_WRONLY | O_CREAT | O_TRUNC, statp->st_mode & 07777);
	if (   (ofd < 0)
	    || (fchown (ofd,
	                (uid == -1) ? statp->st_uid : (uid_t) uid,
	                (gid == -1) ? statp->st_gid : (gid_t) gid) != 0)
	    || (fchmod (ofd, statp->st_mode & 07777) != 0)) {
		(void) close (ifd);
		return -1;
	}

	while ((cnt = read (ifd, buf, sizeof buf)) > 0) {
		if (write (ofd, buf, (size_t)cnt) != cnt) {
			return -1;
		}
	}

	(void) close (ifd);

#ifdef HAVE_FUTIMES
	if (futimes (ofd, mt) != 0) {
		return -1;
	}
#endif

	if (close (ofd) != 0) {
		return -1;
	}

#ifndef HAVE_FUTIMES
	if (utimes(dst, mt) != 0) {
		return -1;
	}
#endif

	return err;
}
Пример #3
0
int create_homedir(TALLOC_CTX *mem_ctx,
                   const char *skeldir,
                   const char *homedir,
                   const char *username,
                   uid_t uid,
                   gid_t gid,
                   mode_t default_umask)
{
    int ret;

    selinux_file_context(homedir);

    ret = mkdir(homedir, 0);
    if (ret != 0) {
        ret = errno;
        DEBUG(1, ("Cannot create user's home directory: [%d][%s].\n",
                  ret, strerror(ret)));
        goto done;
    }

    ret = chown(homedir, uid, gid);
    if (ret != 0) {
        ret = errno;
        DEBUG(1, ("Cannot chown user's home directory: [%d][%s].\n",
                  ret, strerror(ret)));
        goto done;
    }

    ret = chmod(homedir, 0777 & ~default_umask);
    if (ret != 0) {
        ret = errno;
        DEBUG(1, ("Cannot chmod user's home directory: [%d][%s].\n",
                  ret, strerror(ret)));
        goto done;
    }

    reset_selinux_file_context();

    ret = copy_tree(skeldir, homedir, uid, gid);
    if (ret != EOK) {
        DEBUG(1, ("Cannot populate user's home directory: [%d][%s].\n",
                  ret, strerror(ret)));
        goto done;
    }

done:
    reset_selinux_file_context();
    return ret;
}
Пример #4
0
int create_homedir(const char *skeldir,
                   const char *homedir,
                   uid_t uid,
                   gid_t gid,
                   mode_t default_umask)
{
    int ret;

    selinux_file_context(homedir);

    ret = copy_tree(skeldir, homedir, 0777 & ~default_umask, uid, gid);
    if (ret != EOK) {
        DEBUG(1, ("Cannot populate user's home directory: [%d][%s].\n",
                  ret, strerror(ret)));
        goto done;
    }

done:
    reset_selinux_file_context();
    return ret;
}
Пример #5
0
/*
 * copy_special - copy a special file
 *
 *	Copy a special file from src to dst.
 *
 *	statp, mt, uid, gid are used to set the access and modification and the
 *	access rights.
 *
 *	Return 0 on success, -1 on error.
 */
static int copy_special (const char *dst,
                         const struct stat *statp, const struct timeval mt[],
                         long int uid, long int gid)
{
	int err = 0;

#ifdef WITH_SELINUX
	selinux_file_context (dst);
#endif

	if (   (mknod (dst, statp->st_mode & ~07777, statp->st_rdev) != 0)
	    || (chown (dst,
	               (uid == -1) ? statp->st_uid : (uid_t) uid,
	               (gid == -1) ? statp->st_gid : (gid_t) gid) != 0)
	    || (chmod (dst, statp->st_mode & 07777) != 0)
	    || (utimes (dst, mt) != 0)) {
		err = -1;
	}

	return err;
}
Пример #6
0
int copy_tree (const char *src_root, const char *dst_root, uid_t uid, gid_t gid)
{
	char src_name[1024];
	char dst_name[1024];
	char buf[1024];
	int ifd;
	int ofd;
	int err = 0;
	int cnt;
	int set_orig = 0;
	struct DIRECT *ent;
	struct stat sb;
	struct link_name *lp;
	DIR *dir;

	/*
	 * Make certain both directories exist.  This routine is called
	 * after the home directory is created, or recursively after the
	 * target is created.  It assumes the target directory exists.
	 */

	if (access (src_root, F_OK) != 0 || access (dst_root, F_OK) != 0)
		return -1;

	/*
	 * Open the source directory and read each entry.  Every file
	 * entry in the directory is copied with the UID and GID set
	 * to the provided values.  As an added security feature only
	 * regular files (and directories ...) are copied, and no file
	 * is made set-ID.
	 */

	if (!(dir = opendir (src_root)))
		return -1;

	if (src_orig == 0) {
		src_orig = src_root;
		dst_orig = dst_root;
		set_orig++;
	}
	while ((ent = readdir (dir))) {

		/*
		 * Skip the "." and ".." entries
		 */

		if (strcmp (ent->d_name, ".") == 0 ||
		    strcmp (ent->d_name, "..") == 0)
			continue;

		/*
		 * Make the filename for both the source and the
		 * destination files.
		 */

		if (strlen (src_root) + strlen (ent->d_name) + 2 >
		    sizeof src_name) {
			err++;
			break;
		}
		snprintf (src_name, sizeof src_name, "%s/%s", src_root,
			  ent->d_name);

		if (strlen (dst_root) + strlen (ent->d_name) + 2 >
		    sizeof dst_name) {
			err++;
			break;
		}
		snprintf (dst_name, sizeof dst_name, "%s/%s", dst_root,
			  ent->d_name);

		if (LSTAT (src_name, &sb) == -1)
			continue;

		if (S_ISDIR (sb.st_mode)) {

			/*
			 * Create a new target directory, make it owned by
			 * the user and then recursively copy that directory.
			 */

#ifdef WITH_SELINUX
			selinux_file_context (dst_name);
#endif
			mkdir (dst_name, sb.st_mode & 0777);
			chown (dst_name,
			       uid == (uid_t) - 1 ? sb.st_uid : uid,
			       gid == (gid_t) - 1 ? sb.st_gid : gid);

			if (copy_tree (src_name, dst_name, uid, gid)) {
				err++;
				break;
			}
			continue;
		}
#ifdef	S_IFLNK
		/*
		 * Copy any symbolic links
		 */

		if (S_ISLNK (sb.st_mode)) {
			char oldlink[1024];
			char dummy[1024];
			int len;

			/*
			 * Get the name of the file which the link points
			 * to.  If that name begins with the original
			 * source directory name, that part of the link
			 * name will be replaced with the original
			 * destinateion directory name.
			 */

			if ((len =
			     readlink (src_name, oldlink,
				       sizeof (oldlink) - 1)) < 0) {
				err++;
				break;
			}
			oldlink[len] = '\0';	/* readlink() does not NUL-terminate */
			if (!strncmp (oldlink, src_orig, strlen (src_orig))) {
				snprintf (dummy, sizeof dummy, "%s%s",
					  dst_orig,
					  oldlink + strlen (src_orig));
				strcpy (oldlink, dummy);
			}
#ifdef WITH_SELINUX
			selinux_file_context (dst_name);
#endif
			if (symlink (oldlink, dst_name) ||
			    lchown (dst_name,
				    uid == (uid_t) - 1 ? sb.st_uid : uid,
				    gid == (gid_t) - 1 ? sb.st_gid : gid)) {
				err++;
				break;
			}
			continue;
		}
#endif

		/*
		 * See if this is a previously copied link
		 */

		if ((lp = check_link (src_name, &sb))) {
			if (link (lp->ln_name, dst_name)) {
				err++;
				break;
			}
			if (unlink (src_name)) {
				err++;
				break;
			}
			if (--lp->ln_count <= 0)
				remove_link (lp);

			continue;
		}

		/*
		 * Deal with FIFOs and special files.  The user really
		 * shouldn't have any of these, but it seems like it
		 * would be nice to copy everything ...
		 */

		if (!S_ISREG (sb.st_mode)) {
#ifdef WITH_SELINUX
			selinux_file_context (dst_name);
#endif
			if (mknod (dst_name, sb.st_mode & ~07777, sb.st_rdev)
			    || chown (dst_name,
				      uid == (uid_t) - 1 ? sb.st_uid : uid,
				      gid == (gid_t) - 1 ? sb.st_gid : gid)
			    || chmod (dst_name, sb.st_mode & 07777)) {
				err++;
				break;
			}
			continue;
		}

		/*
		 * Create the new file and copy the contents.  The new
		 * file will be owned by the provided UID and GID values.
		 */

		if ((ifd = open (src_name, O_RDONLY)) < 0) {
			err++;
			break;
		}
#ifdef WITH_SELINUX
		selinux_file_context (dst_name);
#endif
		if ((ofd =
		     open (dst_name, O_WRONLY | O_CREAT | O_TRUNC, 0)) < 0
		    || chown (dst_name,
			      uid == (uid_t) - 1 ? sb.st_uid : uid,
			      gid == (gid_t) - 1 ? sb.st_gid : gid)
		    || chmod (dst_name, sb.st_mode & 07777)) {
			close (ifd);
			err++;
			break;
		}
		while ((cnt = read (ifd, buf, sizeof buf)) > 0) {
			if (write (ofd, buf, cnt) != cnt) {
				cnt = -1;
				break;
			}
		}
		close (ifd);
		close (ofd);

		if (cnt == -1) {
			err++;
			break;
		}
	}
	closedir (dir);

	if (set_orig) {
		src_orig = 0;
		dst_orig = 0;
	}
	return err ? -1 : 0;
}
Пример #7
0
/* The reason for not putting this into create_homedir
 * is better granularity when it comes to reporting error
 * messages and tracebacks in pysss
 */
int create_mail_spool(TALLOC_CTX *mem_ctx,
                      const char *username,
                      const char *maildir,
                      uid_t uid, gid_t gid)
{
    char *spool_file = NULL;
    int fd = -1;
    int ret;

    spool_file = talloc_asprintf(mem_ctx, "%s/%s", maildir, username);
    if (spool_file == NULL) {
        ret = ENOMEM;
        goto fail;
    }

    selinux_file_context(spool_file);

    fd = open(spool_file, O_CREAT | O_WRONLY | O_EXCL, 0);
    if (fd < 0) {
        ret = errno;
        DEBUG(1, ("Cannot open() the spool file: [%d][%s]\n",
                  ret, strerror(ret)));
        goto fail;
    }

    ret = fchmod(fd, 0600);
    if (ret != 0) {
        ret = errno;
        DEBUG(1, ("Cannot fchmod() the spool file: [%d][%s]\n",
                  ret, strerror(ret)));
        goto fail;
    }

    ret = fchown(fd, uid, gid);
    if (ret != 0) {
        ret = errno;
        DEBUG(1, ("Cannot fchown() the spool file: [%d][%s]\n",
                  ret, strerror(ret)));
        goto fail;
    }

    ret = fsync(fd);
    if (ret != 0) {
        ret = errno;
        DEBUG(1, ("Cannot fsync() the spool file: [%d][%s]\n",
                  ret, strerror(ret)));
    }

fail:
    if (fd >= 0) {
        ret = close(fd);
        if (ret != 0) {
            ret = errno;
            DEBUG(1, ("Cannot close() the spool file: [%d][%s]\n",
                      ret, strerror(ret)));
        }
    }

    reset_selinux_file_context();
    talloc_free(spool_file);
    return ret;
}
Пример #8
0
/*
 * copy_symlink - copy a symlink
 *
 *	Copy a symlink from src to dst.
 *
 *	statp, mt, uid, gid are used to set the access and modification and the
 *	access rights.
 *
 *	Return 0 on success, -1 on error.
 */
static int copy_symlink (const char *src, const char *dst,
                         const struct stat *statp, const struct timeval mt[],
                         long int uid, long int gid)
{
	char *oldlink;

	/* copy_tree () must be the entry point */
	assert (NULL != src_orig);
	assert (NULL != dst_orig);

	/*
	 * Get the name of the file which the link points
	 * to.  If that name begins with the original
	 * source directory name, that part of the link
	 * name will be replaced with the original
	 * destination directory name.
	 */

	oldlink = readlink_malloc (src);
	if (NULL == oldlink) {
		return -1;
	}

	/* If src was a link to an entry of the src_orig directory itself,
	 * create a link to the corresponding entry in the dst_orig
	 * directory.
	 * FIXME: This may change a relative link to an absolute link
	 */
	if (strncmp (oldlink, src_orig, strlen (src_orig)) == 0) {
		size_t len = strlen (dst_orig) + strlen (oldlink) - strlen (src_orig) + 1;
		char *dummy = (char *) malloc (len);
		snprintf (dummy, len, "%s%s",
		          dst_orig,
		          oldlink + strlen (src_orig));
		free (oldlink);
		oldlink = dummy;
	}

#ifdef WITH_SELINUX
	selinux_file_context (dst);
#endif
	if (   (symlink (oldlink, dst) != 0)
	    || (lchown (dst,
	                (uid == -1) ? statp->st_uid : (uid_t) uid,
	                (gid == -1) ? statp->st_gid : (gid_t) gid) != 0)) {
		free (oldlink);
		return -1;
	}
	free (oldlink);

#ifdef HAVE_LUTIMES
	/* 2007-10-18: We don't care about
	 *  exit status of lutimes because
	 *  it returns ENOSYS on many system
	 *  - not implemented
	 */
	lutimes (dst, mt);
#endif

	return 0;
}