static int
do_test (void)
{
if (getenv ("PATH") == NULL)
{
printf ("PATH not set\n");
exit (1);
}
if (secure_getenv ("PATH") == NULL)
{
printf ("PATH not set according to secure_getenv\n");
exit (1);
}
if (strcmp (getenv ("PATH"), secure_getenv ("PATH")) != 0)
{
printf ("PATH mismatch (%s, %s)\n",
getenv ("PATH"), secure_getenv ("PATH"));
exit (1);
}
gid_t target = choose_gid ();
if (target == 0)
{
fprintf (stderr,
"Could not find a suitable GID for user %jd, skipping test\n",
(intmax_t) getuid ());
exit (0);
}
return run_executable_sgid (target);
}
int main(int argc, char *argv[])
{
// printf("NULL??###%c$$$\n",argv[argc]);
while(*environ != NULL)
printf("%s\n", *environ++);
for(int i = 0; i <18; i++)
environ--;
printf("%s\n", secure_getenv("HOME"));
printf("%s\n", secure_getenv("PWD"));
}
/*
* this function is called after fork in the parent
*/
static void
at_fork_check (void)
{
char *out_env;
char *err_env;
out_env = secure_getenv (MPX_RT_OUT);
err_env = secure_getenv (MPX_RT_ERR);
if (add_pid == 0 && (out_env != 0 || err_env != 0))
files_overwritten = 1;
}
static const char *
xkb_context_get_default_variant(struct xkb_context *ctx)
{
const char *env = NULL;
const char *layout = secure_getenv("XKB_DEFAULT_LAYOUT");
/* We don't want to inherit the variant if they haven't also set a
* layout, since they're so closely paired. */
if (layout && ctx->use_environment_names)
env = secure_getenv("XKB_DEFAULT_VARIANT");
return env ? env : DEFAULT_XKB_VARIANT;
}
/*****************************************************************************
* get_color_terminal()
*****************************************************************************/
char *
get_color_terminal(void)
{
char *term = secure_getenv("TERM");
char *colorterm = secure_getenv("COLORTERM");
if ((colorterm != NULL) && (colorterm[0] != '\0')) {
return colorterm;
}
if ((term != NULL) && (term[0] != '\0')) {
return term;
}
return NULL;
}
static void
alternative_main (int argc, char **argv)
{
if (argc == 2 && strcmp (argv[1], MAGIC_ARGUMENT) == 0)
{
if (getgid () == getegid ())
{
/* This can happen if the file system is mounted nosuid. */
fprintf (stderr, "SGID failed: GID and EGID match (%jd)\n",
(intmax_t) getgid ());
exit (MAGIC_STATUS);
}
if (getenv ("PATH") == NULL)
{
printf ("PATH variable not present\n");
exit (3);
}
if (secure_getenv ("PATH") != NULL)
{
printf ("PATH variable not filtered out\n");
exit (4);
}
exit (MAGIC_STATUS);
}
}
PR_IMPLEMENT(char*) PR_GetEnvSecure(const char *var)
{
#ifdef HAVE_SECURE_GETENV
char *ev;
if (!_pr_initialized) _PR_ImplicitInitialization();
_PR_LOCK_ENV();
ev = secure_getenv(var);
_PR_UNLOCK_ENV();
return ev;
#else
#ifdef XP_UNIX
/*
** Fall back to checking uids and gids. This won't detect any other
** privilege-granting mechanisms the platform may have. This also
** can't detect the case where the process already called
** setuid(geteuid()) and/or setgid(getegid()).
*/
if (getuid() != geteuid() || getgid() != getegid()) {
return NULL;
}
#endif /* XP_UNIX */
return PR_GetEnv(var);
#endif /* HAVE_SECURE_GETENV */
}
ROKEN_LIB_FUNCTION char * ROKEN_LIB_CALL
pid_file_write(const char *progname)
{
const char *pidfile_dir = NULL;
char *ret = NULL;
FILE *fp;
/*
* Maybe we could have a version of this function (and pidfile())
* where we get a directory from the caller. That would allow us to
* have command-line options for the daemons for this.
*
* For now we use an environment variable.
*/
pidfile_dir = secure_getenv("HEIM_PIDFILE_DIR");
if (pidfile_dir == NULL)
pidfile_dir = _PATH_VARRUN;
if (asprintf(&ret, "%s%s.pid", pidfile_dir, progname) < 0 || ret == NULL)
return NULL;
fp = fopen(ret, "w");
if (fp == NULL) {
free(ret);
return NULL;
}
fprintf(fp, "%lu\n", (unsigned long)getpid());
fclose(fp);
return ret;
}
static char *
expand_tempdir (const char *name)
{
const char *env;
env = secure_getenv ("TMPDIR");
if (env && env[0]) {
return p11_path_build (env, name, NULL);
} else {
#ifdef OS_UNIX
#ifdef _PATH_TMP
return p11_path_build (_PATH_TMP, name, NULL);
#else
return p11_path_build ("/tmp", name, NULL);
#endif
#else /* OS_WIN32 */
char directory[MAX_PATH + 1];
if (!GetTempPathA (MAX_PATH + 1, directory)) {
printf ("# couldn't lookup temp directory\n");
errno = ENOTDIR;
return NULL;
}
return p11_path_build (directory, name, NULL);
#endif /* OS_WIN32 */
}
}
char *gpr_getenv(const char *name) {
#if defined(GPR_BACKWARDS_COMPATIBILITY_MODE)
typedef char *(*getenv_type)(const char *);
static getenv_type getenv_func = NULL;
/* Check to see which getenv variant is supported (go from most
* to least secure) */
const char *names[] = {"secure_getenv", "__secure_getenv", "getenv"};
for (size_t i = 0; getenv_func == NULL && i < GPR_ARRAY_SIZE(names); i++) {
getenv_func = (getenv_type)dlsym(RTLD_DEFAULT, names[i]);
if (getenv_func != NULL && strstr(names[i], "secure") == NULL) {
gpr_log(GPR_DEBUG,
"Warning: insecure environment read function '%s' used",
names[i]);
}
}
char *result = getenv_func(name);
return result == NULL ? result : gpr_strdup(result);
#elif __GLIBC__ > 2 || (__GLIBC__ == 2 && __GLIBC_MINOR__ >= 17)
char *result = secure_getenv(name);
return result == NULL ? result : gpr_strdup(result);
#else
gpr_log(GPR_DEBUG, "Warning: insecure environment read function '%s' used",
"getenv");
char *result = getenv(name);
return result == NULL ? result : gpr_strdup(result);
#endif
}
netresolve_query_t
netresolve_query_new(netresolve_t context, enum netresolve_request_type type)
{
struct netresolve_query *queries = &context->queries;
netresolve_query_t query;
if (!(query = calloc(1, sizeof *query)))
return NULL;
query->previous = queries->previous;
query->next = queries;
query->previous->next = query->next->previous = query;
query->context = context;
query->watches.previous = query->watches.next = &query->watches;
if (!context->backends)
netresolve_set_backend_string(context, secure_getenv("NETRESOLVE_BACKENDS"));
if (!context->backends || !*context->backends)
abort();
query->backend = context->backends;
memcpy(&query->request, &context->request, sizeof context->request);
query->request.type = type;
debug_query(query, "created", type);
return query;
}
static int by_file_ctrl(X509_LOOKUP *ctx, int cmd, const char *argp,
long argl, char **ret)
{
int ok = 0;
char *file;
switch (cmd) {
case X509_L_FILE_LOAD:
if (argl == X509_FILETYPE_DEFAULT) {
file = (char *)secure_getenv(X509_get_default_cert_file_env());
if (file)
ok = (X509_load_cert_crl_file(ctx, file,
X509_FILETYPE_PEM) != 0);
else
ok = (X509_load_cert_crl_file
(ctx, X509_get_default_cert_file(),
X509_FILETYPE_PEM) != 0);
if (!ok) {
X509err(X509_F_BY_FILE_CTRL, X509_R_LOADING_DEFAULTS);
}
} else {
if (argl == X509_FILETYPE_PEM)
ok = (X509_load_cert_crl_file(ctx, argp,
X509_FILETYPE_PEM) != 0);
else
ok = (X509_load_cert_file(ctx, argp, (int)argl) != 0);
}
break;
}
return (ok);
}
static char *
get_config_file_for_user(void)
{
char *fn;
int ret;
fn = secure_getenv("SOFTPKCS11RC");
if (fn)
fn = strdup(fn);
if (fn == NULL) {
char homebuf[MAX_PATH];
const char *home = roken_get_appdatadir(homebuf, sizeof(homebuf));
if (home) {
ret = asprintf(&fn, "%s/.soft-token.rc", home);
if (ret == -1)
fn = NULL;
} else {
#ifndef WIN32
fn = strdup("/etc/soft-token.rc");
#endif
}
}
return fn;
}
void
find_addr2line (void)
{
#ifdef HAVE_ACCESS
#define A2L_LEN 10
char *path = secure_getenv ("PATH");
if (!path)
return;
size_t n = strlen (path);
char ap[n + 1 + A2L_LEN];
size_t ai = 0;
for (size_t i = 0; i < n; i++)
{
if (path[i] != ':')
ap[ai++] = path[i];
else
{
ap[ai++] = '/';
memcpy (ap + ai, "addr2line", A2L_LEN);
if (access (ap, R_OK|X_OK) == 0)
{
addr2line_path = strdup (ap);
return;
}
else
ai = 0;
}
}
#endif
}
char* _prisma_trytogettermname() {
static char _prisma_termname[_PRISMA_TERMNAME_LENGTH];
#ifdef _PRISMA_LINUX
char *tmp = getnameof(getppidof(getsid(getpid())));
if(tmp) {
strncpy(_prisma_termname, tmp, _PRISMA_TERMNAME_LENGTH);
if(!strncmp(_prisma_termname, "initdline", _PRISMA_TERMNAME_LENGTH)
|| !strncmp(_prisma_termname, "konsole", _PRISMA_TERMNAME_LENGTH))
return _prisma_termname;
}
#ifdef _GNU_SOURCE
strncpy(_prisma_termname, secure_getenv("TERM"), _PRISMA_TERMNAME_LENGTH);
#else
strncpy(_prisma_termname, getenv("TERM"), _PRISMA_TERMNAME_LENGTH);
#endif
#elif defined _PRISMA_WINDOWS
if(GetConsoleOriginalTitleA(&_prisma_termname[9],
_PRISMA_TERMNAME_LENGTH-9)) {
strncpy(_prisma_termname, "windows, ", 9);
} else
strncpy(_prisma_termname, "windows, unknown", _PRISMA_TERMNAME_LENGTH);
#else
strncpy(_prisma_termname, "unknown", _PRISMA_TERMNAME_LENGTH);
#endif
return _prisma_termname;
}
Settings::Settings()
{
auto lk = getLocker();
set(ZMKW_LOGPORT, ZCSTR("59000"), lk);
set(ZMKW_LOGSERVER, ZCSTR("127.0.0.1"), lk);
set(ZMKW_LOGPROTO, ZCSTR("ZMG_PUB"), lk);
ZConstString home_str((const char*)secure_getenv("HOME"));
set(ZMB::ZMKW_USER_HOME, home_str, lk);
char* temp = (char*)alloca(ZMB::max<unsigned>(1024u, (unsigned)(4 * home_str.len)));
ZUnsafeBuf buf(temp, 1024); buf.fill(0);
buf.read(0, home_str, 0);
char* origin = buf.begin();
buf.str += home_str.len;//advance to point after the user home location
buf.len -= home_str.len;
auto __set_value = [&](ZConstString str, ZConstString key) mutable
{
char* end = 0;
buf.read(&end, str, 0);
*end = '\0';
set(key, ZConstString(origin, end), lk);
};
__set_value(ZCSTR("/zmbaq_config.json"), ZMKW_CFG_LOCATION);
/** TODO: platform-dependent temporary storage. **/
__set_value(ZCSTR("/tmp/video_temp"), ZMKW_FS_TEMP_LOCATION);
__set_value(ZCSTR("/tmp/video_perm"), ZMKW_FS_PERM_LOCATION);
__set_value(ZCSTR("/tmp/test_db"), ZMKW_TESTDB_LOCATION);
__set_value(ZCSTR("/tmp/test_blob_db"), ZMKW_TESTDBBLOB_LOCATION);
}
static int igetenv(const char* name) {
char* ret = secure_getenv(name);
if(ret == NULL) return 0;
else {
return max(atoi(ret), 0); // Prevent negative number
}
}
static void write_nss_key_log(gnutls_session_t session, const gnutls_datum_t *premaster)
{
char buf[512];
char buf2[512];
FILE *fp;
static const char *keylogfile = NULL;
static unsigned checked_env = 0;
if (!checked_env) {
checked_env = 1;
keylogfile = secure_getenv("SSLKEYLOGFILE");
}
if (keylogfile == NULL)
return;
fp = fopen(keylogfile, "a");
if (fp == NULL)
return;
fprintf(fp, "CLIENT_RANDOM %s %s\n",
_gnutls_bin2hex(session->security_parameters.
client_random, 32, buf,
sizeof(buf), NULL),
_gnutls_bin2hex(session->security_parameters.
master_secret, GNUTLS_MASTER_SIZE,
buf2, sizeof(buf2), NULL));
fclose(fp);
}
char *wgethomedir()
{
static char *home = NULL;
char *tmp;
struct passwd *user;
if (home)
return home;
#ifdef HAVE_SECURE_GETENV
tmp = secure_getenv("HOME");
#else
tmp = getenv("HOME");
#endif
if (tmp) {
home = wstrdup(tmp);
return home;
}
user = getpwuid(getuid());
if (!user) {
werror(_("could not get password entry for UID %i"), getuid());
home = "/";
return home;
}
if (!user->pw_dir)
home = "/";
else
home = wstrdup(user->pw_dir);
return home;
}
int bus_open_user_systemd(sd_bus **_bus) {
_cleanup_bus_unref_ sd_bus *bus = NULL;
_cleanup_free_ char *ee = NULL;
const char *e;
int r;
/* Try via kdbus first, and then directly */
assert(_bus);
#ifdef ENABLE_KDBUS
r = sd_bus_new(&bus);
if (r < 0)
return r;
if (asprintf(&bus->address, KERNEL_USER_BUS_FMT, getuid()) < 0)
return -ENOMEM;
bus->bus_client = true;
r = sd_bus_start(bus);
if (r >= 0) {
*_bus = bus;
bus = NULL;
return 0;
}
bus = sd_bus_unref(bus);
#endif
e = secure_getenv("XDG_RUNTIME_DIR");
if (!e)
return sd_bus_open_user(_bus);
ee = bus_address_escape(e);
if (!ee)
return -ENOMEM;
r = sd_bus_new(&bus);
if (r < 0)
return r;
bus->address = strjoin("unix:path=", ee, "/systemd/private", NULL);
if (!bus->address)
return -ENOMEM;
r = sd_bus_start(bus);
if (r < 0)
return sd_bus_open_user(_bus);
r = bus_check_peercred(bus);
if (r < 0)
return r;
*_bus = bus;
bus = NULL;
return 0;
}
const char *
get_xlocaledir_path(void)
{
const char *dir = secure_getenv("XLOCALEDIR");
if (!dir)
dir = XLOCALEDIR;
return dir;
}
static void init(void)
{
/* Most file systems limit the size of filenames to 255 octets */
char *home_env, game_dir[256];
mode_t mode = S_IRUSR | S_IWUSR | S_IXUSR;
/* Get user HOME environment variable. Fail if we can't trust the
* environment, like if the setuid bit is set on the executable.
*/
if ((home_env = secure_getenv("HOME")) != NULL) {
strlcpy(game_dir, home_env, sizeof game_dir);
} else {
fprintf(stderr, "Environment variable $HOME does not exist, "
"or it is not what you think it is.\n");
exit(EXIT_FAILURE);
}
char *dirs[] = {
"/.local",
"/share",
"/tetris",
NULL,
};
int i;
for (i = 0; dirs[i]; i++) {
strlcat(game_dir, dirs[i], sizeof game_dir);
if (try_mkdir(game_dir, mode) < 0)
goto err_subdir;
}
/* open for writing in append mode ~/.local/share/tetris/logs */
strlcat(game_dir, "/logs", sizeof game_dir);
if (freopen(game_dir, "a", stderr) == NULL) {
fprintf(stderr, "Could not open: %s\n", game_dir);
exit(EXIT_FAILURE);
}
srand(time(NULL));
/* Create game context */
if (blocks_init() > 0) {
printf("Game successfully initialized\n");
printf("Appending logs to file: %s.\n", game_dir);
} else {
printf("Failed to initialize game\n");
exit(EXIT_FAILURE);
}
/* create ncurses display */
screen_init();
return;
err_subdir:
fprintf(stderr, "Unable to create sub directories. Cannot continue\n");
exit(EXIT_FAILURE);
}
static char *
getenvdup (const char *varname)
{
char *envvar = secure_getenv (varname);
if (envvar == NULL || envvar[0] == 0) // identical for our purposes
return NULL;
else
return strdup (envvar);
}
void
__mpxrt_init_env_vars (int* bndpreserve)
{
char *out_env;
char *err_env;
char *env;
pthread_mutex_init (&lock, NULL);
out_env = secure_getenv (MPX_RT_OUT);
env_var_list_add (MPX_RT_OUT, out_env);
err_env = secure_getenv (MPX_RT_ERR);
env_var_list_add (MPX_RT_ERR, err_env);
env = secure_getenv (MPX_RT_ADDPID);
env_var_list_add (MPX_RT_ADDPID, env);
add_pid = check_yes (env);
set_file_stream (&out, out_name, out_env, stdout);
if (out_env == 0 || err_env == 0 || (strcmp (out_env, err_env) != 0))
set_file_stream (&err, err_name, err_env, stderr);
else
/* in case we get the same file name for err and out */
err = out;
env = secure_getenv (MPX_RT_VERBOSE);
env_var_list_add (MPX_RT_VERBOSE, env);
verbose_val = init_verbose_val (env);
env = secure_getenv (MPX_RT_MODE);
env_var_list_add (MPX_RT_MODE, env);
mode = set_mpx_rt_mode (env);
env = secure_getenv (MPX_RT_BNDPRESERVE);
env_var_list_add (MPX_RT_BNDPRESERVE, env);
validate_bndpreserve (env, bndpreserve);
env = secure_getenv (MPX_RT_PRINT_SUMMARY);
env_var_list_add (MPX_RT_PRINT_SUMMARY, env);
summary = check_yes (env);
env = secure_getenv (MPX_RT_HELP);
if (check_yes (env))
print_help ();
/*
* at fork - create new files for output and err according
* to the env vars.
*/
pthread_atfork (NULL, at_fork_check, open_child_files);
env_var_print_summary ();
}
static const char *
xkb_context_get_default_layout(struct xkb_context *ctx)
{
const char *env = NULL;
if (ctx->use_environment_names)
env = secure_getenv("XKB_DEFAULT_LAYOUT");
return env ? env : DEFAULT_XKB_LAYOUT;
}
static const char *
xkb_context_get_default_model(struct xkb_context *ctx)
{
const char *env = NULL;
if (ctx->use_environment_names)
env = secure_getenv("XKB_DEFAULT_MODEL");
return env ? env : DEFAULT_XKB_MODEL;
}
static const char *
xkb_context_get_default_options(struct xkb_context *ctx)
{
const char *env = NULL;
if (ctx->use_environment_names)
env = secure_getenv("XKB_DEFAULT_OPTIONS");
return env ? env : DEFAULT_XKB_OPTIONS;
}
static int print_debug_info ()
{
static int __print_debug_info = -1;
if (__print_debug_info == -1) {
__print_debug_info = secure_getenv ("HASKELL_GI_DEBUG_MEM") != NULL;
}
return __print_debug_info;
}
void register_aarch64_crypto(void)
{
unsigned capabilities = 0;
char *p;
p = secure_getenv("GNUTLS_CPUID_OVERRIDE");
if (p) {
capabilities = strtol(p, NULL, 0);
}
_register_aarch64_crypto(capabilities);
}
// Initialize library parameters from environment.
// We don't have main(), so we have to call it in every callback.
static inline void init_env()
{
char *t;
if (mem_threshold == 0) {
t = secure_getenv("MR_THRESHOLD");
if (t)
mem_threshold = strtol(t, NULL, 0);
else
mem_threshold = DEFAULT_MEM_THRESHOLD;
}
if (DEBUG == -1) {
t = secure_getenv("MR_DEBUG");
if (t)
DEBUG = strtol(t, NULL, 0);
else
DEBUG = 0;
}
}