mirror of git://sourceware.org/git/glibc.git
				
				
				
			
		
			
				
	
	
		
			261 lines
		
	
	
		
			6.6 KiB
		
	
	
	
		
			C
		
	
	
	
			
		
		
	
	
			261 lines
		
	
	
		
			6.6 KiB
		
	
	
	
		
			C
		
	
	
	
| /* Copyright (C) 1998-2018 Free Software Foundation, Inc.
 | |
|    This file is part of the GNU C Library.
 | |
|    Contributed by Zack Weinberg <zack@rabi.phys.columbia.edu>, 1998.
 | |
| 
 | |
|    The GNU C Library is free software; you can redistribute it and/or
 | |
|    modify it under the terms of the GNU Lesser General Public
 | |
|    License as published by the Free Software Foundation; either
 | |
|    version 2.1 of the License, or (at your option) any later version.
 | |
| 
 | |
|    The GNU C Library is distributed in the hope that it will be useful,
 | |
|    but WITHOUT ANY WARRANTY; without even the implied warranty of
 | |
|    MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the GNU
 | |
|    Lesser General Public License for more details.
 | |
| 
 | |
|    You should have received a copy of the GNU Lesser General Public
 | |
|    License along with the GNU C Library; if not, see
 | |
|    <http://www.gnu.org/licenses/>.  */
 | |
| 
 | |
| #include <assert.h>
 | |
| #include <errno.h>
 | |
| #include <fcntl.h>
 | |
| #include <grp.h>
 | |
| #include <limits.h>
 | |
| #include <stdlib.h>
 | |
| #include <string.h>
 | |
| #include <sys/resource.h>
 | |
| #include <sys/stat.h>
 | |
| #include <sys/types.h>
 | |
| #include <sys/wait.h>
 | |
| #include <unistd.h>
 | |
| 
 | |
| #include "pty-private.h"
 | |
| 
 | |
| 
 | |
| /* Return the result of ptsname_r in the buffer pointed to by PTS,
 | |
|    which should be of length BUF_LEN.  If it is too long to fit in
 | |
|    this buffer, a sufficiently long buffer is allocated using malloc,
 | |
|    and returned in PTS.  0 is returned upon success, -1 otherwise.  */
 | |
| static int
 | |
| pts_name (int fd, char **pts, size_t buf_len, struct stat64 *stp)
 | |
| {
 | |
|   int rv;
 | |
|   char *buf = *pts;
 | |
| 
 | |
|   for (;;)
 | |
|     {
 | |
|       char *new_buf;
 | |
| 
 | |
|       if (buf_len)
 | |
| 	{
 | |
| 	  rv = __ptsname_internal (fd, buf, buf_len, stp);
 | |
| 	  if (rv != 0)
 | |
| 	    {
 | |
| 	      if (rv == ENOTTY)
 | |
| 		/* ptsname_r returns with ENOTTY to indicate
 | |
| 		   a descriptor not referring to a pty master.
 | |
| 		   For this condition, grantpt must return EINVAL.  */
 | |
| 		rv = EINVAL;
 | |
| 	      errno = rv;	/* Not necessarily set by __ptsname_r.  */
 | |
| 	      break;
 | |
| 	    }
 | |
| 
 | |
| 	  if (memchr (buf, '\0', buf_len))
 | |
| 	    /* We succeeded and the returned name fit in the buffer.  */
 | |
| 	    break;
 | |
| 
 | |
| 	  /* Try again with a longer buffer.  */
 | |
| 	  buf_len += buf_len;	/* Double it */
 | |
| 	}
 | |
|       else
 | |
| 	/* No initial buffer; start out by mallocing one.  */
 | |
| 	buf_len = 128;		/* First time guess.  */
 | |
| 
 | |
|       if (buf != *pts)
 | |
| 	/* We've already malloced another buffer at least once.  */
 | |
| 	new_buf = (char *) realloc (buf, buf_len);
 | |
|       else
 | |
| 	new_buf = (char *) malloc (buf_len);
 | |
|       if (! new_buf)
 | |
| 	{
 | |
| 	  rv = -1;
 | |
| 	  __set_errno (ENOMEM);
 | |
| 	  break;
 | |
| 	}
 | |
|       buf = new_buf;
 | |
|     }
 | |
| 
 | |
|   if (rv == 0)
 | |
|     *pts = buf;		/* Return buffer to the user.  */
 | |
|   else if (buf != *pts)
 | |
|     free (buf);		/* Free what we malloced when returning an error.  */
 | |
| 
 | |
|   return rv;
 | |
| }
 | |
| 
 | |
| /* Change the ownership and access permission of the slave pseudo
 | |
|    terminal associated with the master pseudo terminal specified
 | |
|    by FD.  */
 | |
| int
 | |
| grantpt (int fd)
 | |
| {
 | |
|   int retval = -1;
 | |
| #ifdef PATH_MAX
 | |
|   char _buf[PATH_MAX];
 | |
| #else
 | |
|   char _buf[512];
 | |
| #endif
 | |
|   char *buf = _buf;
 | |
|   struct stat64 st;
 | |
| 
 | |
|   if (__glibc_unlikely (pts_name (fd, &buf, sizeof (_buf), &st)))
 | |
|     {
 | |
|       int save_errno = errno;
 | |
| 
 | |
|       /* Check, if the file descriptor is valid.  pts_name returns the
 | |
| 	 wrong errno number, so we cannot use that.  */
 | |
|       if (__libc_fcntl (fd, F_GETFD) == -1 && errno == EBADF)
 | |
| 	return -1;
 | |
| 
 | |
|        /* If the filedescriptor is no TTY, grantpt has to set errno
 | |
| 	  to EINVAL.  */
 | |
|        if (save_errno == ENOTTY)
 | |
| 	 __set_errno (EINVAL);
 | |
|        else
 | |
| 	 __set_errno (save_errno);
 | |
| 
 | |
|        return -1;
 | |
|     }
 | |
| 
 | |
|   /* Make sure that we own the device.  */
 | |
|   uid_t uid = __getuid ();
 | |
|   if (st.st_uid != uid)
 | |
|     {
 | |
|       if (__chown (buf, uid, st.st_gid) < 0)
 | |
| 	goto helper;
 | |
|     }
 | |
| 
 | |
|   static int tty_gid = -1;
 | |
|   if (__glibc_unlikely (tty_gid == -1))
 | |
|     {
 | |
|       char *grtmpbuf;
 | |
|       struct group grbuf;
 | |
|       size_t grbuflen = __sysconf (_SC_GETGR_R_SIZE_MAX);
 | |
|       struct group *p;
 | |
| 
 | |
|       /* Get the group ID of the special `tty' group.  */
 | |
|       if (grbuflen == (size_t) -1L)
 | |
| 	/* `sysconf' does not support _SC_GETGR_R_SIZE_MAX.
 | |
| 	   Try a moderate value.  */
 | |
| 	grbuflen = 1024;
 | |
|       grtmpbuf = (char *) __alloca (grbuflen);
 | |
|       __getgrnam_r (TTY_GROUP, &grbuf, grtmpbuf, grbuflen, &p);
 | |
|       if (p != NULL)
 | |
| 	tty_gid = p->gr_gid;
 | |
|     }
 | |
|   gid_t gid = tty_gid == -1 ? __getgid () : tty_gid;
 | |
| 
 | |
| #if HAVE_PT_CHOWN
 | |
|   /* Make sure the group of the device is that special group.  */
 | |
|   if (st.st_gid != gid)
 | |
|     {
 | |
|       if (__chown (buf, uid, gid) < 0)
 | |
| 	goto helper;
 | |
|     }
 | |
| 
 | |
|   /* Make sure the permission mode is set to readable and writable by
 | |
|      the owner, and writable by the group.  */
 | |
|   mode_t mode = S_IRUSR|S_IWUSR|S_IWGRP;
 | |
| #else
 | |
|   /* When built without pt_chown, we have delegated the creation of the
 | |
|      pty node with the right group and permission mode to the kernel, and
 | |
|      non-root users are unlikely to be able to change it. Therefore let's
 | |
|      consider that POSIX enforcement is the responsibility of the whole
 | |
|      system and not only the GNU libc. Thus accept different group or
 | |
|      permission mode.  */
 | |
| 
 | |
|   /* Make sure the permission is set to readable and writable by the
 | |
|      owner.  For security reasons, make it writable by the group only
 | |
|      when originally writable and when the group of the device is that
 | |
|      special group.  */
 | |
|   mode_t mode = S_IRUSR|S_IWUSR|
 | |
| 	        ((st.st_gid == gid) ? (st.st_mode & S_IWGRP) : 0);
 | |
| #endif
 | |
| 
 | |
|   if ((st.st_mode & ACCESSPERMS) != mode)
 | |
|     {
 | |
|       if (__chmod (buf, mode) < 0)
 | |
| 	goto helper;
 | |
|     }
 | |
| 
 | |
|   retval = 0;
 | |
|   goto cleanup;
 | |
| 
 | |
|   /* We have to use the helper program if it is available.  */
 | |
|  helper:;
 | |
| 
 | |
| #if HAVE_PT_CHOWN
 | |
|   pid_t pid = __fork ();
 | |
|   if (pid == -1)
 | |
|     goto cleanup;
 | |
|   else if (pid == 0)
 | |
|     {
 | |
|       /* Disable core dumps.  */
 | |
|       struct rlimit rl = { 0, 0 };
 | |
|       __setrlimit (RLIMIT_CORE, &rl);
 | |
| 
 | |
|       /* We pass the master pseudo terminal as file descriptor PTY_FILENO.  */
 | |
|       if (fd != PTY_FILENO)
 | |
| 	if (__dup2 (fd, PTY_FILENO) < 0)
 | |
| 	  _exit (FAIL_EBADF);
 | |
| 
 | |
| # ifdef CLOSE_ALL_FDS
 | |
|       CLOSE_ALL_FDS ();
 | |
| # endif
 | |
| 
 | |
|       execle (_PATH_PT_CHOWN, __basename (_PATH_PT_CHOWN), NULL, NULL);
 | |
|       _exit (FAIL_EXEC);
 | |
|     }
 | |
|   else
 | |
|     {
 | |
|       int w;
 | |
| 
 | |
|       if (__waitpid (pid, &w, 0) == -1)
 | |
| 	goto cleanup;
 | |
|       if (!WIFEXITED (w))
 | |
| 	__set_errno (ENOEXEC);
 | |
|       else
 | |
| 	switch (WEXITSTATUS (w))
 | |
| 	  {
 | |
| 	  case 0:
 | |
| 	    retval = 0;
 | |
| 	    break;
 | |
| 	  case FAIL_EBADF:
 | |
| 	    __set_errno (EBADF);
 | |
| 	    break;
 | |
| 	  case FAIL_EINVAL:
 | |
| 	    __set_errno (EINVAL);
 | |
| 	    break;
 | |
| 	  case FAIL_EACCES:
 | |
| 	    __set_errno (EACCES);
 | |
| 	    break;
 | |
| 	  case FAIL_EXEC:
 | |
| 	    __set_errno (ENOEXEC);
 | |
| 	    break;
 | |
| 	  case FAIL_ENOMEM:
 | |
| 	    __set_errno (ENOMEM);
 | |
| 	    break;
 | |
| 
 | |
| 	  default:
 | |
| 	    assert(! "grantpt: internal error: invalid exit code from pt_chown");
 | |
| 	  }
 | |
|     }
 | |
| #endif
 | |
| 
 | |
|  cleanup:
 | |
|   if (buf != _buf)
 | |
|     free (buf);
 | |
| 
 | |
|   return retval;
 | |
| }
 |