Subversion Repositories public

Rev

Rev 63 | Rev 67 | Go to most recent revision | Show entire file | Ignore whitespace | Details | Blame | Last modification | View Log | RSS feed

Rev 63 Rev 65
Line 16... Line 16...
16
16
17
#include <pwd.h>
17
#include <pwd.h>
18
#include <syslog.h>
18
#include <syslog.h>
19
#include <errno.h>
19
#include <errno.h>
20
#include <sys/wait.h>
20
#include <sys/wait.h>
-
 
21
#include <unistd.h>
-
 
22
#include <grp.h>
-
 
23
#include <sys/stat.h>
21
24
22
#include "usertable.h"
25
#include "usertable.h"
23
26
-
 
27
#ifdef IN_DONT_FOLLOW
-
 
28
#define NO_FOLLOW(mask) InotifyEvent::IsType(mask, IN_DONT_FOLLOW)
-
 
29
#else // IN_DONT_FOLLOW
-
 
30
#define NO_FOLLOW(mask) (false)
-
 
31
#endif // IN_DONT_FOLLOW
-
 
32
24
33
25
PROC_LIST UserTable::s_procList;
34
PROC_LIST UserTable::s_procList;
26
35
27
36
28
void on_proc_done(InotifyWatch* pW)
37
void on_proc_done(InotifyWatch* pW)
Line 110... Line 119...
110
 
119
 
111
  int cnt = m_tab.GetCount();
120
  int cnt = m_tab.GetCount();
112
  for (int i=0; i<cnt; i++) {
121
  for (int i=0; i<cnt; i++) {
113
    InCronTabEntry& rE = m_tab.GetEntry(i);
122
    InCronTabEntry& rE = m_tab.GetEntry(i);
114
    InotifyWatch* pW = new InotifyWatch(rE.GetPath(), rE.GetMask());
123
    InotifyWatch* pW = new InotifyWatch(rE.GetPath(), rE.GetMask());
-
 
124
   
-
 
125
    // warning only - permissions may change later
-
 
126
    if (!MayAccess(rE.GetPath(), NO_FOLLOW(rE.GetMask())))
-
 
127
      syslog(LOG_WARNING, "access denied on %s - events will be discarded silently", rE.GetPath().c_str());
-
 
128
   
115
    try {
129
    try {
116
      m_pIn->Add(pW);
130
      m_pIn->Add(pW);
117
      m_pEd->Register(pW, this);
131
      m_pEd->Register(pW, this);
118
      m_map.insert(IWCE_MAP::value_type(pW, &rE));
132
      m_map.insert(IWCE_MAP::value_type(pW, &rE));
119
    } catch (InotifyException e) {
133
    } catch (InotifyException e) {
Line 140... Line 154...
140
void UserTable::OnEvent(InotifyEvent& rEvt)
154
void UserTable::OnEvent(InotifyEvent& rEvt)
141
{
155
{
142
  InotifyWatch* pW = rEvt.GetWatch();
156
  InotifyWatch* pW = rEvt.GetWatch();
143
  InCronTabEntry* pE = FindEntry(pW);
157
  InCronTabEntry* pE = FindEntry(pW);
144
 
158
 
-
 
159
  // no entry found - this shouldn't occur
145
  if (pE == NULL)
160
  if (pE == NULL)
146
    return;
161
    return;
147
 
162
 
-
 
163
  // discard event if user has no access rights to watch path
-
 
164
  if (!MayAccess(pW->GetPath(), NO_FOLLOW(rEvt.GetMask())))
-
 
165
    return;
-
 
166
 
148
  std::string cmd;
167
  std::string cmd;
149
  const std::string& cs = pE->GetCmd();
168
  const std::string& cs = pE->GetCmd();
150
  size_t pos = 0;
169
  size_t pos = 0;
151
  size_t oldpos = 0;
170
  size_t oldpos = 0;
152
  size_t len = cs.length();
171
  size_t len = cs.length();
Line 302... Line 321...
302
      it++;
321
      it++;
303
    }
322
    }
304
  }  
323
  }  
305
}
324
}
306
325
-
 
326
bool UserTable::MayAccess(const std::string& rPath, bool fNoFollow) const
-
 
327
{
-
 
328
  // first, retrieve file permissions
-
 
329
  struct stat st;
-
 
330
  int res = fNoFollow
-
 
331
      ? lstat(rPath.c_str(), &st) // don't follow symlink
-
 
332
      : stat(rPath.c_str(), &st);
-
 
333
  if (res != 0)
-
 
334
    return false; // retrieving permissions failed
-
 
335
 
-
 
336
  // file accessible to everyone
-
 
337
  if (st.st_mode & S_IRWXO)
-
 
338
    return true;
-
 
339
 
-
 
340
  // retrieve user data
-
 
341
  struct passwd* pwd = getpwnam(m_user.c_str());
-
 
342
 
-
 
343
  // file accesible to group
-
 
344
  if (st.st_mode & S_IRWXG) {
-
 
345
   
-
 
346
    // user's primary group
-
 
347
    if (pwd != NULL && pwd->pw_gid == st.st_gid)
-
 
348
        return true;
-
 
349
   
-
 
350
    // now check group database
-
 
351
    struct group *gr = getgrgid(st.st_gid);
-
 
352
    if (gr != NULL) {
-
 
353
      int pos = 0;
-
 
354
      const char* un;
-
 
355
      while ((un = gr->gr_mem[pos]) != NULL) {
-
 
356
        if (strcmp(un, m_user.c_str()) == 0)
-
 
357
          return true;
-
 
358
        pos++;
-
 
359
      }
-
 
360
    }
-
 
361
  }
-
 
362
 
-
 
363
  // file accessible to owner
-
 
364
  if (st.st_mode & S_IRWXU) {  
-
 
365
    if (pwd != NULL && pwd->pw_uid == st.st_uid)
-
 
366
      return true;
-
 
367
  }
-
 
368
 
-
 
369
  return false; // no access right found
-
 
370
}
-
 
371
-
 
372
307
373