diff options
author | Sebastian Huber <sebastian.huber@embedded-brains.de> | 2014-11-17 09:01:53 +0100 |
---|---|---|
committer | Sebastian Huber <sebastian.huber@embedded-brains.de> | 2014-11-20 10:30:23 +0100 |
commit | b8bd90f68fb787cc321365c6de161d6b77c8353f (patch) | |
tree | cd78640ad422bebb2fe5c9a5dcf92f4f00646fa3 /cpukit/libcsupport/src/sup_fs_check_permissions.c | |
parent | samples/fileio: Use unlimited objects (diff) | |
download | rtems-b8bd90f68fb787cc321365c6de161d6b77c8353f.tar.bz2 |
Add supplementary groups to user environment
Diffstat (limited to 'cpukit/libcsupport/src/sup_fs_check_permissions.c')
-rw-r--r-- | cpukit/libcsupport/src/sup_fs_check_permissions.c | 47 |
1 files changed, 34 insertions, 13 deletions
diff --git a/cpukit/libcsupport/src/sup_fs_check_permissions.c b/cpukit/libcsupport/src/sup_fs_check_permissions.c index f6fd0e91c9..394f945b0b 100644 --- a/cpukit/libcsupport/src/sup_fs_check_permissions.c +++ b/cpukit/libcsupport/src/sup_fs_check_permissions.c @@ -70,29 +70,50 @@ RTEMS_STATIC_ASSERT( S_IXOTH ); +static bool equals_supplementary_group( + const rtems_user_env_t *uenv, + gid_t object_gid +) +{ + size_t i; + + for (i = 0; i < uenv->ngroups; ++i) { + if (uenv->groups[i] == object_gid) { + return true; + } + } + + return false; +} + bool rtems_filesystem_check_access( - int eval_flags, - mode_t node_mode, - uid_t node_uid, - gid_t node_gid + int flags, + mode_t object_mode, + uid_t object_uid, + gid_t object_gid ) { - mode_t perm_flags = eval_flags & RTEMS_FS_PERMS_RWX; - uid_t task_uid = geteuid(); + const rtems_user_env_t *uenv = rtems_current_user_env_get(); + mode_t access_flags = flags & RTEMS_FS_PERMS_RWX; + uid_t task_uid = uenv->euid; - if (task_uid == 0 || task_uid == node_uid) { - perm_flags <<= RTEMS_FS_USR_SHIFT; + if (task_uid == 0 || task_uid == object_uid) { + access_flags <<= RTEMS_FS_USR_SHIFT; } else { - gid_t task_gid = getegid(); + gid_t task_gid = uenv->egid; - if (task_gid == 0 || task_gid == node_gid) { - perm_flags <<= RTEMS_FS_GRP_SHIFT; + if ( + task_gid == 0 + || task_gid == object_gid + || equals_supplementary_group(uenv, object_gid) + ) { + access_flags <<= RTEMS_FS_GRP_SHIFT; } else { - perm_flags <<= RTEMS_FS_OTH_SHIFT; + access_flags <<= RTEMS_FS_OTH_SHIFT; } } - return (perm_flags & node_mode) == perm_flags; + return (access_flags & object_mode) == access_flags; } bool rtems_filesystem_eval_path_check_access( |