Skip to content

GitLab

Commit f0a80175 authored by Paul Eggert's avatar Paul Eggert
Browse files

Undo faccessat change.

parent 8e808318
Hide whitespace changes
Inline Side-by-side
Showing with 146 additions and 1705 deletions
ChangeLog
View file @ f0a80175
2012-10-19 Paul Eggert <eggert@cs.ucla.edu>
Use faccessat, not access, when checking file permissions (Bug#12632).
* .bzrignore: Add lib/fcntl.h.
* configure.ac (euidaccess): Remove check; gnulib does this for us now.
(gl_FCNTL_O_FLAGS): Define a dummy version.
* lib/at-func.c, lib/euidaccess.c, lib/faccessat.c, lib/fcntl.in.h:
* lib/getgroups.c, lib/group-member.c, lib/root-uid.h:
* lib/xalloc-oversized.h, m4/euidaccess.m4, m4/faccessat.m4:
* m4/fcntl_h.m4, m4/getgroups.m4, m4/group-member.m4:
New files, from gnulib.
* lib/gnulib.mk, m4/gnulib-comp.m4: Regenerate.
2012-10-18 Stefan Monnier <monnier@iro.umontreal.ca>
* Makefile.in ($(MAKEFILE_NAME)): Depend on src/lisp.mk as well.
......
admin/ChangeLog
View file @ f0a80175
2012-10-19 Paul Eggert <eggert@cs.ucla.edu>
Use faccessat, not access, when checking file permissions (Bug#12632).
* merge-gnulib (GNULIB_MODULES): Add faccessat.
(GNULIB_TOOL_FLAGS): Avoid at-internal, fchdir, malloc-posix,
openat-die, openat-h, save-cwd. Do not avoid fcntl-h.
Omit gnulib's m4/fcntl-o.m4.
2012-10-12 Kenichi Handa <handa@gnu.org>
* charsets/Makefile (JISC6226.map): Add missing mappings.
......
admin/merge-gnulib
View file @ f0a80175
......@@ -28,7 +28,7 @@ GNULIB_URL=git://git.savannah.gnu.org/gnulib.git
GNULIB_MODULES='
alloca-opt c-ctype c-strcase
careadlinkat crypto/md5 crypto/sha1 crypto/sha256 crypto/sha512
dtoastr dtotimespec dup2 environ execinfo faccessat
dtoastr dtotimespec dup2 environ execinfo
filemode getloadavg getopt-gnu gettime gettimeofday
ignore-value intprops largefile lstat
manywarnings mktime pselect pthread_sigmask readlink
......@@ -39,12 +39,9 @@ GNULIB_MODULES='
'
GNULIB_TOOL_FLAGS='
--avoid=at-internal
--avoid=errno --avoid=fchdir --avoid=fcntl --avoid=fstat
--avoid=malloc-posix --avoid=msvc-inval --avoid=msvc-nothrow
--avoid=openat-die --avoid=openat-h
--avoid=raise
--avoid=save-cwd --avoid=select --avoid=sigprocmask --avoid=sys_types
--avoid=errno --avoid=fcntl --avoid=fcntl-h --avoid=fstat
--avoid=msvc-inval --avoid=msvc-nothrow
--avoid=raise --avoid=select --avoid=sigprocmask --avoid=sys_types
--avoid=threadlib
--conditional-dependencies --import --no-changelog --no-vc-files
--makefile-name=gnulib.mk
......@@ -88,7 +85,7 @@ test -x "$gnulib_srcdir"/gnulib-tool || {
}
"$gnulib_srcdir"/gnulib-tool --dir="$src" $GNULIB_TOOL_FLAGS $GNULIB_MODULES &&
rm -- "$src"m4/fcntl-o.m4 "$src"m4/gnulib-cache.m4 "$src"m4/warn-on-use.m4 &&
rm -- "$src"m4/gnulib-cache.m4 "$src"m4/warn-on-use.m4 &&
cp -- "$gnulib_srcdir"/build-aux/texinfo.tex "$src"doc/misc &&
cp -- "$gnulib_srcdir"/build-aux/move-if-change "$src"build-aux &&
autoreconf -i -I m4 -- ${src:+"$src"}
configure.ac
View file @ f0a80175
......@@ -572,8 +572,6 @@ else
test "x$NON_GCC_TEST_OPTIONS" != x && CC="$CC $NON_GCC_TEST_OPTIONS"
fi
# Avoid gnulib's tests for O_NOATIME and O_NOFOLLOW, as we don't use them.
AC_DEFUN([gl_FCNTL_O_FLAGS])
# Avoid gnulib's threadlib module, as we do threads our own way.
AC_DEFUN([gl_THREADLIB])
......@@ -2874,7 +2872,7 @@ AC_SUBST(BLESSMAIL_TARGET)
AC_CHECK_FUNCS(gethostname \
closedir getrusage get_current_dir_name \
lrand48 setsid \
fpathconf select getpagesize setlocale \
fpathconf select euidaccess getpagesize setlocale \
utimes getrlimit setrlimit setpgid getcwd shutdown getaddrinfo \
__fpending strsignal setitimer \
sendto recvfrom getsockname getpeername getifaddrs freeifaddrs \
......
lib/at-func.c deleted 100644 → 0
View file @ 8e808318
/* Define at-style functions like fstatat, unlinkat, fchownat, etc.
Copyright (C) 2006, 2009-2012 Free Software Foundation, Inc.
This program is free software: you can redistribute it and/or modify
it under the terms of the GNU General Public License as published by
the Free Software Foundation; either version 3 of the License, or
(at your option) any later version.
This program is distributed in the hope that it will be useful,
but WITHOUT ANY WARRANTY; without even the implied warranty of
MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
GNU General Public License for more details.
You should have received a copy of the GNU General Public License
along with this program. If not, see <http://www.gnu.org/licenses/>. */
/* written by Jim Meyering */
#include "dosname.h" /* solely for definition of IS_ABSOLUTE_FILE_NAME */
#ifdef GNULIB_SUPPORT_ONLY_AT_FDCWD
# include <errno.h>
# ifndef ENOTSUP
# define ENOTSUP EINVAL
# endif
#else
# include "openat.h"
# include "openat-priv.h"
# include "save-cwd.h"
#endif
#ifdef AT_FUNC_USE_F1_COND
# define CALL_FUNC(F) \
(flag == AT_FUNC_USE_F1_COND \
? AT_FUNC_F1 (F AT_FUNC_POST_FILE_ARGS) \
: AT_FUNC_F2 (F AT_FUNC_POST_FILE_ARGS))
# define VALIDATE_FLAG(F) \
if (flag & ~AT_FUNC_USE_F1_COND) \
{ \
errno = EINVAL; \
return FUNC_FAIL; \
}
#else
# define CALL_FUNC(F) (AT_FUNC_F1 (F AT_FUNC_POST_FILE_ARGS))
# define VALIDATE_FLAG(F) /* empty */
#endif
#ifdef AT_FUNC_RESULT
# define FUNC_RESULT AT_FUNC_RESULT
#else
# define FUNC_RESULT int
#endif
#ifdef AT_FUNC_FAIL
# define FUNC_FAIL AT_FUNC_FAIL
#else
# define FUNC_FAIL -1
#endif
/* Call AT_FUNC_F1 to operate on FILE, which is in the directory
open on descriptor FD. If AT_FUNC_USE_F1_COND is defined to a value,
AT_FUNC_POST_FILE_PARAM_DECLS must include a parameter named flag;
call AT_FUNC_F2 if FLAG is 0 or fail if FLAG contains more bits than
AT_FUNC_USE_F1_COND. Return int and fail with -1 unless AT_FUNC_RESULT
or AT_FUNC_FAIL are defined. If possible, do it without changing the
working directory. Otherwise, resort to using save_cwd/fchdir,
then AT_FUNC_F?/restore_cwd. If either the save_cwd or the restore_cwd
fails, then give a diagnostic and exit nonzero. */
FUNC_RESULT
AT_FUNC_NAME (int fd, char const *file AT_FUNC_POST_FILE_PARAM_DECLS)
{
VALIDATE_FLAG (flag);
if (fd == AT_FDCWD || IS_ABSOLUTE_FILE_NAME (file))
return CALL_FUNC (file);
#ifdef GNULIB_SUPPORT_ONLY_AT_FDCWD
errno = ENOTSUP;
return FUNC_FAIL;
#else
{
/* Be careful to choose names unlikely to conflict with
AT_FUNC_POST_FILE_PARAM_DECLS. */
struct saved_cwd saved_cwd;
int saved_errno;
FUNC_RESULT err;
{
char proc_buf[OPENAT_BUFFER_SIZE];
char *proc_file = openat_proc_name (proc_buf, fd, file);
if (proc_file)
{
FUNC_RESULT proc_result = CALL_FUNC (proc_file);
int proc_errno = errno;
if (proc_file != proc_buf)
free (proc_file);
/* If the syscall succeeds, or if it fails with an unexpected
errno value, then return right away. Otherwise, fall through
and resort to using save_cwd/restore_cwd. */
if (FUNC_FAIL != proc_result)
return proc_result;
if (! EXPECTED_ERRNO (proc_errno))
{
errno = proc_errno;
return proc_result;
}
}
}
if (save_cwd (&saved_cwd) != 0)
openat_save_fail (errno);
if (0 <= fd && fd == saved_cwd.desc)
{
/* If saving the working directory collides with the user's
requested fd, then the user's fd must have been closed to
begin with. */
free_cwd (&saved_cwd);
errno = EBADF;
return FUNC_FAIL;
}
if (fchdir (fd) != 0)
{
saved_errno = errno;
free_cwd (&saved_cwd);
errno = saved_errno;
return FUNC_FAIL;
}
err = CALL_FUNC (file);
saved_errno = (err == FUNC_FAIL ? errno : 0);
if (restore_cwd (&saved_cwd) != 0)
openat_restore_fail (errno);
free_cwd (&saved_cwd);
if (saved_errno)
errno = saved_errno;
return err;
}
#endif
}
#undef CALL_FUNC
#undef FUNC_RESULT
#undef FUNC_FAIL
lib/euidaccess.c deleted 100644 → 0
View file @ 8e808318
/* euidaccess -- check if effective user id can access file
Copyright (C) 1990-1991, 1995, 1998, 2000, 2003-2006, 2008-2012 Free
Software Foundation, Inc.
This file is part of the GNU C Library.
This program is free software: you can redistribute it and/or modify
it under the terms of the GNU General Public License as published by
the Free Software Foundation; either version 3 of the License, or
(at your option) any later version.
This program is distributed in the hope that it will be useful,
but WITHOUT ANY WARRANTY; without even the implied warranty of
MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
GNU General Public License for more details.
You should have received a copy of the GNU General Public License
along with this program. If not, see <http://www.gnu.org/licenses/>. */
/* Written by David MacKenzie and Torbjorn Granlund.
Adapted for GNU C library by Roland McGrath. */
#ifndef _LIBC
# include <config.h>
#endif
#include <fcntl.h>
#include <sys/types.h>
#include <sys/stat.h>
#include <unistd.h>
#include "root-uid.h"
#if HAVE_LIBGEN_H
# include <libgen.h>
#endif
#include <errno.h>
#ifndef __set_errno
# define __set_errno(val) errno = (val)
#endif
#if defined EACCES && !defined EACCESS
# define EACCESS EACCES
#endif
#ifndef F_OK
# define F_OK 0
# define X_OK 1
# define W_OK 2
# define R_OK 4
#endif
#ifdef _LIBC
# define access __access
# define getuid __getuid
# define getgid __getgid
# define geteuid __geteuid
# define getegid __getegid
# define group_member __group_member
# define euidaccess __euidaccess
# undef stat
# define stat stat64
#endif
/* Return 0 if the user has permission of type MODE on FILE;
otherwise, return -1 and set 'errno'.
Like access, except that it uses the effective user and group
id's instead of the real ones, and it does not always check for read-only
file system, text busy, etc. */
int
euidaccess (const char *file, int mode)
{
#if HAVE_FACCESSAT /* glibc, AIX 7, Solaris 11, Cygwin 1.7 */
return faccessat (AT_FDCWD, file, mode, AT_EACCESS);
#elif defined EFF_ONLY_OK /* IRIX, OSF/1, Interix */
return access (file, mode | EFF_ONLY_OK);
#elif defined ACC_SELF /* AIX */
return accessx (file, mode, ACC_SELF);
#elif HAVE_EACCESS /* FreeBSD */
return eaccess (file, mode);
#else /* Mac OS X, NetBSD, OpenBSD, HP-UX, Solaris, Cygwin, mingw, BeOS */
uid_t uid = getuid ();
gid_t gid = getgid ();
uid_t euid = geteuid ();
gid_t egid = getegid ();
struct stat stats;
# if HAVE_DECL_SETREGID && PREFER_NONREENTRANT_EUIDACCESS
/* Define PREFER_NONREENTRANT_EUIDACCESS if you prefer euidaccess to
return the correct result even if this would make it
nonreentrant. Define this only if your entire application is
safe even if the uid or gid might temporarily change. If your
application uses signal handlers or threads it is probably not
safe. */
if (mode == F_OK)
return stat (file, &stats);
else
{
int result;
int saved_errno;
if (uid != euid)
setreuid (euid, uid);
if (gid != egid)
setregid (egid, gid);
result = access (file, mode);
saved_errno = errno;
/* Restore them. */
if (uid != euid)
setreuid (uid, euid);
if (gid != egid)
setregid (gid, egid);
errno = saved_errno;
return result;
}
# else
/* The following code assumes the traditional Unix model, and is not
correct on systems that have ACLs or the like. However, it's
better than nothing, and it is reentrant. */
unsigned int granted;
if (uid == euid && gid == egid)
/* If we are not set-uid or set-gid, access does the same. */
return access (file, mode);
if (stat (file, &stats) != 0)
return -1;
/* The super-user can read and write any file, and execute any file
that anyone can execute. */
if (euid == ROOT_UID
&& ((mode & X_OK) == 0
|| (stats.st_mode & (S_IXUSR | S_IXGRP | S_IXOTH))))
return 0;
/* Convert the mode to traditional form, clearing any bogus bits. */
if (R_OK == 4 && W_OK == 2 && X_OK == 1 && F_OK == 0)
mode &= 7;
else
mode = ((mode & R_OK ? 4 : 0)
+ (mode & W_OK ? 2 : 0)
+ (mode & X_OK ? 1 : 0));
if (mode == 0)
return 0; /* The file exists. */
/* Convert the file's permission bits to traditional form. */
if (S_IRUSR == (4 << 6) && S_IWUSR == (2 << 6) && S_IXUSR == (1 << 6)
&& S_IRGRP == (4 << 3) && S_IWGRP == (2 << 3) && S_IXGRP == (1 << 3)
&& S_IROTH == (4 << 0) && S_IWOTH == (2 << 0) && S_IXOTH == (1 << 0))
granted = stats.st_mode;
else
granted = ((stats.st_mode & S_IRUSR ? 4 << 6 : 0)
+ (stats.st_mode & S_IWUSR ? 2 << 6 : 0)
+ (stats.st_mode & S_IXUSR ? 1 << 6 : 0)
+ (stats.st_mode & S_IRGRP ? 4 << 3 : 0)
+ (stats.st_mode & S_IWGRP ? 2 << 3 : 0)
+ (stats.st_mode & S_IXGRP ? 1 << 3 : 0)
+ (stats.st_mode & S_IROTH ? 4 << 0 : 0)
+ (stats.st_mode & S_IWOTH ? 2 << 0 : 0)
+ (stats.st_mode & S_IXOTH ? 1 << 0 : 0));
if (euid == stats.st_uid)
granted >>= 6;
else if (egid == stats.st_gid || group_member (stats.st_gid))
granted >>= 3;
if ((mode & ~granted) == 0)
return 0;
__set_errno (EACCESS);
return -1;
# endif
#endif
}
#undef euidaccess
#ifdef weak_alias
weak_alias (__euidaccess, euidaccess)
#endif
#ifdef TEST
# include <error.h>
# include <stdio.h>
# include <stdlib.h>
char *program_name;
int
main (int argc, char **argv)
{
char *file;
int mode;
int err;
program_name = argv[0];
if (argc < 3)
abort ();
file = argv[1];
mode = atoi (argv[2]);
err = euidaccess (file, mode);
printf ("%d\n", err);
if (err != 0)
error (0, errno, "%s", file);
exit (0);
}
#endif
lib/faccessat.c deleted 100644 → 0
View file @ 8e808318
/* Check the access rights of a file relative to an open directory.
Copyright (C) 2009-2012 Free Software Foundation, Inc.
This program is free software: you can redistribute it and/or modify
it under the terms of the GNU General Public License as published by
the Free Software Foundation; either version 3 of the License, or
(at your option) any later version.
This program is distributed in the hope that it will be useful,
but WITHOUT ANY WARRANTY; without even the implied warranty of
MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
GNU General Public License for more details.
You should have received a copy of the GNU General Public License
along with this program. If not, see <http://www.gnu.org/licenses/>. */
/* written by Eric Blake */
#include <config.h>
#include <unistd.h>
#include <fcntl.h>
#ifndef HAVE_ACCESS
/* Mingw lacks access, but it also lacks real vs. effective ids, so
the gnulib euidaccess module is good enough. */
# undef access
# define access euidaccess
#endif
/* Invoke access or euidaccess on file, FILE, using mode MODE, in the directory
open on descriptor FD. If possible, do it without changing the
working directory. Otherwise, resort to using save_cwd/fchdir, then
(access|euidaccess)/restore_cwd. If either the save_cwd or the
restore_cwd fails, then give a diagnostic and exit nonzero.
Note that this implementation only supports AT_EACCESS, although some
native versions also support AT_SYMLINK_NOFOLLOW. */
#define AT_FUNC_NAME faccessat
#define AT_FUNC_F1 euidaccess
#define AT_FUNC_F2 access
#define AT_FUNC_USE_F1_COND AT_EACCESS
#define AT_FUNC_POST_FILE_PARAM_DECLS , int mode, int flag
#define AT_FUNC_POST_FILE_ARGS , mode
#include "at-func.c"
lib/fcntl.in.h deleted 100644 → 0
View file @ 8e808318
/* Like <fcntl.h>, but with non-working flags defined to 0.
Copyright (C) 2006-2012 Free Software Foundation, Inc.
This program is free software: you can redistribute it and/or modify
it under the terms of the GNU General Public License as published by
the Free Software Foundation; either version 3 of the License, or
(at your option) any later version.
This program is distributed in the hope that it will be useful,
but WITHOUT ANY WARRANTY; without even the implied warranty of
MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
GNU General Public License for more details.
You should have received a copy of the GNU General Public License
along with this program. If not, see <http://www.gnu.org/licenses/>. */
/* written by Paul Eggert */
#if __GNUC__ >= 3
@PRAGMA_SYSTEM_HEADER@
#endif
@PRAGMA_COLUMNS@
#if defined __need_system_fcntl_h
/* Special invocation convention. */
/* Needed before <sys/stat.h>.
May also define off_t to a 64-bit type on native Windows. */
#include <sys/types.h>
/* On some systems other than glibc, <sys/stat.h> is a prerequisite of
<fcntl.h>. On glibc systems, we would like to avoid namespace pollution.
But on glibc systems, <fcntl.h> includes <sys/stat.h> inside an
extern "C" { ... } block, which leads to errors in C++ mode with the
overridden <sys/stat.h> from gnulib. These errors are known to be gone
with g++ version >= 4.3. */
#if !(defined __GLIBC__ || defined __UCLIBC__) || (defined __cplusplus && defined GNULIB_NAMESPACE && !(__GNUC__ > 4 || (__GNUC__ == 4 && __GNUC_MINOR__ >= 3)))
# include <sys/stat.h>
#endif
#@INCLUDE_NEXT@ @NEXT_FCNTL_H@
#else
/* Normal invocation convention. */
#ifndef _@GUARD_PREFIX@_FCNTL_H
/* Needed before <sys/stat.h>.
May also define off_t to a 64-bit type on native Windows. */
#include <sys/types.h>
/* On some systems other than glibc, <sys/stat.h> is a prerequisite of
<fcntl.h>. On glibc systems, we would like to avoid namespace pollution.
But on glibc systems, <fcntl.h> includes <sys/stat.h> inside an
extern "C" { ... } block, which leads to errors in C++ mode with the
overridden <sys/stat.h> from gnulib. These errors are known to be gone
with g++ version >= 4.3. */
#if !(defined __GLIBC__ || defined __UCLIBC__) || (defined __cplusplus && defined GNULIB_NAMESPACE && !(__GNUC__ > 4 || (__GNUC__ == 4 && __GNUC_MINOR__ >= 3)))
# include <sys/stat.h>
#endif
/* The include_next requires a split double-inclusion guard. */
#@INCLUDE_NEXT@ @NEXT_FCNTL_H@
#ifndef _@GUARD_PREFIX@_FCNTL_H
#define _@GUARD_PREFIX@_FCNTL_H
#ifndef __GLIBC__ /* Avoid namespace pollution on glibc systems. */
# include <unistd.h>
#endif
/* Native Windows platforms declare open(), creat() in <io.h>. */
#if (@GNULIB_OPEN@ || defined GNULIB_POSIXCHECK) \
&& ((defined _WIN32 || defined __WIN32__) && ! defined __CYGWIN__)
# include <io.h>
#endif
/* The definitions of _GL_FUNCDECL_RPL etc. are copied here. */
/* The definition of _GL_ARG_NONNULL is copied here. */
/* The definition of _GL_WARN_ON_USE is copied here. */
/* Declare overridden functions. */
#if @GNULIB_FCNTL@
# if @REPLACE_FCNTL@
# if !(defined __cplusplus && defined GNULIB_NAMESPACE)
# undef fcntl
# define fcntl rpl_fcntl
# endif
_GL_FUNCDECL_RPL (fcntl, int, (int fd, int action, ...));
_GL_CXXALIAS_RPL (fcntl, int, (int fd, int action, ...));
# else
# if !@HAVE_FCNTL@
_GL_FUNCDECL_SYS (fcntl, int, (int fd, int action, ...));
# endif
_GL_CXXALIAS_SYS (fcntl, int, (int fd, int action, ...));
# endif
_GL_CXXALIASWARN (fcntl);
#elif defined GNULIB_POSIXCHECK
# undef fcntl
# if HAVE_RAW_DECL_FCNTL
_GL_WARN_ON_USE (fcntl, "fcntl is not always POSIX compliant - "
"use gnulib module fcntl for portability");
# endif
#endif
#if @GNULIB_OPEN@
# if @REPLACE_OPEN@
# if !(defined __cplusplus && defined GNULIB_NAMESPACE)
# undef open
# define open rpl_open
# endif
_GL_FUNCDECL_RPL (open, int, (const char *filename, int flags, ...)
_GL_ARG_NONNULL ((1)));
_GL_CXXALIAS_RPL (open, int, (const char *filename, int flags, ...));
# else
_GL_CXXALIAS_SYS (open, int, (const char *filename, int flags, ...));
# endif
/* On HP-UX 11, in C++ mode, open() is defined as an inline function with a
default argument. _GL_CXXALIASWARN does not work in this case. */
# if !defined __hpux
_GL_CXXALIASWARN (open);
# endif
#elif defined GNULIB_POSIXCHECK
# undef open
/* Assume open is always declared. */
_GL_WARN_ON_USE (open, "open is not always POSIX compliant - "
"use gnulib module open for portability");
#endif
#if @GNULIB_OPENAT@
# if @REPLACE_OPENAT@
# if !(defined __cplusplus && defined GNULIB_NAMESPACE)
# undef openat
# define openat rpl_openat
# endif