1 /*************************************************
2 * Exim - an Internet mail transport agent *
3 *************************************************/
5 /* Copyright (c) University of Cambridge 1995 - 2009 */
6 /* See the file NOTICE for conditions of use and distribution. */
10 #include "lf_functions.h"
14 /*************************************************
15 * Check a file's credentials *
16 *************************************************/
18 /* fstat can normally be expected to work on an open file, but there are some
19 NFS states where it may not.
22 fd an open file descriptor or -1
23 filename a file name if fd is -1
24 s_type type of file (S_IFREG or S_IFDIR)
25 modemask a mask specifying mode bits that must *not* be set
26 owners NULL or a list of of allowable uids, count in the first item
27 owngroups NULL or a list of allowable gids, count in the first item
28 type name of lookup type for putting in error message
29 errmsg where to put an error message
31 Returns: -1 stat() or fstat() failed
33 +1 something didn't match
35 Side effect: sets errno to ERRNO_BADUGID, ERRNO_NOTREGULAR or ERRNO_BADMODE for
36 bad uid/gid, not a regular file, or bad mode; otherwise leaves it
37 to what fstat set it to.
41 lf_check_file(int fd, uschar *filename, int s_type, int modemask, uid_t *owners,
42 gid_t *owngroups, const char *type, uschar **errmsg)
46 if ((fd >= 0 && fstat(fd, &statbuf) != 0) ||
47 (fd < 0 && Ustat(filename, &statbuf) != 0))
49 int save_errno = errno;
50 *errmsg = string_sprintf("%s: stat failed", filename);
55 if ((statbuf.st_mode & S_IFMT) != s_type)
57 if (s_type == S_IFREG)
59 *errmsg = string_sprintf("%s is not a regular file (%s lookup)",
61 errno = ERRNO_NOTREGULAR;
65 *errmsg = string_sprintf("%s is not a directory (%s lookup)",
67 errno = ERRNO_NOTDIRECTORY;
72 if ((statbuf.st_mode & modemask) != 0)
74 *errmsg = string_sprintf("%s (%s lookup): file mode %.4o should not contain "
75 "%.4o", filename, type, statbuf.st_mode & 07777,
76 statbuf.st_mode & modemask);
77 errno = ERRNO_BADMODE;
84 for (int i = 1; i <= (int)owners[0]; i++)
85 if (owners[i] == statbuf.st_uid) { uid_ok = TRUE; break; }
88 *errmsg = string_sprintf("%s (%s lookup): file has wrong owner", filename,
90 errno = ERRNO_BADUGID;
95 if (owngroups != NULL)
98 for (int i = 1; i <= (int)owngroups[0]; i++)
99 if (owngroups[i] == statbuf.st_gid) { gid_ok = TRUE; break; }
102 *errmsg = string_sprintf("%s (%s lookup): file has wrong group", filename,
104 errno = ERRNO_BADUGID;
112 /* End of lf_check_file.c */