| 1 | /* $Id: kbuild_protection.c 2019 2008-11-02 00:21:05Z bird $ */
|
|---|
| 2 | /** @file
|
|---|
| 3 | * Simple File Protection.
|
|---|
| 4 | */
|
|---|
| 5 |
|
|---|
| 6 | /*
|
|---|
| 7 | * Copyright (c) 2008 knut st. osmundsen <bird-src-spam@anduin.net>
|
|---|
| 8 | *
|
|---|
| 9 | * This file is part of kBuild.
|
|---|
| 10 | *
|
|---|
| 11 | * kBuild is free software; you can redistribute it and/or modify
|
|---|
| 12 | * it under the terms of the GNU General Public License as published by
|
|---|
| 13 | * the Free Software Foundation; either version 3 of the License, or
|
|---|
| 14 | * (at your option) any later version.
|
|---|
| 15 | *
|
|---|
| 16 | * kBuild is distributed in the hope that it will be useful,
|
|---|
| 17 | * but WITHOUT ANY WARRANTY; without even the implied warranty of
|
|---|
| 18 | * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
|
|---|
| 19 | * GNU General Public License for more details.
|
|---|
| 20 | *
|
|---|
| 21 | * You should have received a copy of the GNU General Public License
|
|---|
| 22 | * along with kBuild. If not, see <http://www.gnu.org/licenses/>
|
|---|
| 23 | *
|
|---|
| 24 | */
|
|---|
| 25 |
|
|---|
| 26 | /*******************************************************************************
|
|---|
| 27 | * Header Files *
|
|---|
| 28 | *******************************************************************************/
|
|---|
| 29 | #include <sys/types.h>
|
|---|
| 30 | #include <stdlib.h>
|
|---|
| 31 | #include <string.h>
|
|---|
| 32 | #include <ctype.h>
|
|---|
| 33 | #include <assert.h>
|
|---|
| 34 | #if defined(_MSC_VER) || defined(__OS2__)
|
|---|
| 35 | # include <limits.h>
|
|---|
| 36 | # include <direct.h>
|
|---|
| 37 | #else
|
|---|
| 38 | # include <unistd.h>
|
|---|
| 39 | #endif
|
|---|
| 40 | #include "kbuild_protection.h"
|
|---|
| 41 | #include "err.h"
|
|---|
| 42 |
|
|---|
| 43 |
|
|---|
| 44 | /*******************************************************************************
|
|---|
| 45 | * Defined Constants And Macros *
|
|---|
| 46 | *******************************************************************************/
|
|---|
| 47 | #define KBUILD_PROTECTION_MAGIC 0x00111100
|
|---|
| 48 |
|
|---|
| 49 | #if defined(__EMX__) || defined(_MSC_VER)
|
|---|
| 50 | # define IS_SLASH(ch) ( (ch) == '/' || (ch) == '\\' )
|
|---|
| 51 | # define DEFAULT_PROTECTION_DEPTH 1
|
|---|
| 52 | #else
|
|---|
| 53 | # define IS_SLASH(ch) ( (ch) == '/' )
|
|---|
| 54 | # define DEFAULT_PROTECTION_DEPTH 2
|
|---|
| 55 | #endif
|
|---|
| 56 |
|
|---|
| 57 |
|
|---|
| 58 |
|
|---|
| 59 | /**
|
|---|
| 60 | * Counts the components in the specified sub path.
|
|---|
| 61 | * This is a helper for count_path_components.
|
|---|
| 62 | *
|
|---|
| 63 | * etc = 1
|
|---|
| 64 | * etc/ = 1
|
|---|
| 65 | * etc/x11 = 2
|
|---|
| 66 | * and so and and so forth.
|
|---|
| 67 | */
|
|---|
| 68 | static int countSubPathComponents(const char *pszPath, int cDepth)
|
|---|
| 69 | {
|
|---|
| 70 | for (;;)
|
|---|
| 71 | {
|
|---|
| 72 | const char *pszEnd;
|
|---|
| 73 | size_t cch;
|
|---|
| 74 |
|
|---|
| 75 | /* skip slashes. */
|
|---|
| 76 | while (IS_SLASH(*pszPath))
|
|---|
| 77 | pszPath++;
|
|---|
| 78 | if (!*pszPath)
|
|---|
| 79 | break;
|
|---|
| 80 |
|
|---|
| 81 | /* find end of component. */
|
|---|
| 82 | pszEnd = pszPath;
|
|---|
| 83 | while (!IS_SLASH(*pszEnd) && *pszEnd)
|
|---|
| 84 | pszEnd++;
|
|---|
| 85 |
|
|---|
| 86 | /* count it, checking for '..' and '.'. */
|
|---|
| 87 | cch = pszEnd - pszPath;
|
|---|
| 88 | if (cch == 2 && pszPath[0] == '.' && pszPath[1] == '.')
|
|---|
| 89 | {
|
|---|
| 90 | if (cDepth > 0)
|
|---|
| 91 | cDepth--;
|
|---|
| 92 | }
|
|---|
| 93 | else if (cch != 1 || pszPath[0] != '.')
|
|---|
| 94 | cDepth++;
|
|---|
| 95 |
|
|---|
| 96 | /* advance */
|
|---|
| 97 | if (!*pszEnd)
|
|---|
| 98 | break;
|
|---|
| 99 | pszPath = pszEnd + 1;
|
|---|
| 100 | }
|
|---|
| 101 | return cDepth;
|
|---|
| 102 | }
|
|---|
| 103 |
|
|---|
| 104 |
|
|---|
| 105 | /**
|
|---|
| 106 | * Parses the specified path counting the number of components
|
|---|
| 107 | * relative to root.
|
|---|
| 108 | *
|
|---|
| 109 | * We don't check symbolic links and such, just some simple and cheap
|
|---|
| 110 | * path parsing.
|
|---|
| 111 | *
|
|---|
| 112 | * @param pszPath The path to process.
|
|---|
| 113 | *
|
|---|
| 114 | * @returns 0 or higher on success.
|
|---|
| 115 | * On failure an error is printed, eval is set and -1 is returned.
|
|---|
| 116 | */
|
|---|
| 117 | static int countPathComponents(const char *pszPath)
|
|---|
| 118 | {
|
|---|
| 119 | int cComponents = 0;
|
|---|
| 120 |
|
|---|
| 121 | /*
|
|---|
| 122 | * Deal with root, UNC, drive letter.
|
|---|
| 123 | */
|
|---|
| 124 | #if defined(_MSC_VER) || defined(__OS2__)
|
|---|
| 125 | if (IS_SLASH(pszPath[0]) && IS_SLASH(pszPath[1]) && !IS_SLASH(pszPath[2]))
|
|---|
| 126 | {
|
|---|
| 127 | /* skip the root - UNC */
|
|---|
| 128 | pszPath += 3;
|
|---|
| 129 | while (!IS_SLASH(*pszPath) && *pszPath) /* server name */
|
|---|
| 130 | pszPath++;
|
|---|
| 131 | while (IS_SLASH(*pszPath))
|
|---|
| 132 | pszPath++;
|
|---|
| 133 | while (!IS_SLASH(*pszPath) && *pszPath) /* share name */
|
|---|
| 134 | pszPath++;
|
|---|
| 135 | while (IS_SLASH(*pszPath))
|
|---|
| 136 | pszPath++;
|
|---|
| 137 | }
|
|---|
| 138 | else
|
|---|
| 139 | {
|
|---|
| 140 | unsigned uDriveLetter = (unsigned)toupper(pszPath[0]) - (unsigned)'A';
|
|---|
| 141 | if (uDriveLetter <= (unsigned)('Z' - 'A') && pszPath[1] == ':')
|
|---|
| 142 | uDriveLetter++; /* A == 1 */
|
|---|
| 143 | else
|
|---|
| 144 | uDriveLetter = 0; /* 0 == default */
|
|---|
| 145 |
|
|---|
| 146 | if (!IS_SLASH(pszPath[uDriveLetter ? 2 : 0]))
|
|---|
| 147 | {
|
|---|
| 148 | /*
|
|---|
| 149 | * Relative path, must count cwd depth first.
|
|---|
| 150 | */
|
|---|
| 151 | #ifdef __OS2__ /** @todo remove when ticket 194 has been fixed */
|
|---|
| 152 | char *pszCwd = _getdcwd(uDriveLetter, NULL, PATH_MAX);
|
|---|
| 153 | #else
|
|---|
| 154 | char *pszCwd = _getdcwd(uDriveLetter, NULL, 0);
|
|---|
| 155 | #endif
|
|---|
| 156 | char *pszTmp = pszCwd;
|
|---|
| 157 | if (!pszTmp)
|
|---|
| 158 | {
|
|---|
| 159 | err(1, "_getdcwd");
|
|---|
| 160 | return -1;
|
|---|
| 161 | }
|
|---|
| 162 |
|
|---|
| 163 | if (IS_SLASH(pszTmp[0]) && IS_SLASH(pszTmp[1]))
|
|---|
| 164 | {
|
|---|
| 165 | /* skip the root - UNC */
|
|---|
| 166 | pszTmp += 2;
|
|---|
| 167 | while (!IS_SLASH(*pszTmp) && *pszTmp) /* server name */
|
|---|
| 168 | pszTmp++;
|
|---|
| 169 | while (IS_SLASH(*pszTmp))
|
|---|
| 170 | pszTmp++;
|
|---|
| 171 | while (!IS_SLASH(*pszTmp) && *pszTmp) /* share name */
|
|---|
| 172 | pszTmp++;
|
|---|
| 173 | }
|
|---|
| 174 | else
|
|---|
| 175 | {
|
|---|
| 176 | /* skip the drive letter and while we're at it, the root slash too. */
|
|---|
| 177 | pszTmp += 1 + (pszTmp[1] == ':');
|
|---|
| 178 | }
|
|---|
| 179 | cComponents = countSubPathComponents(pszTmp, 0);
|
|---|
| 180 | free(pszCwd);
|
|---|
| 181 | }
|
|---|
| 182 | else
|
|---|
| 183 | {
|
|---|
| 184 | /* skip the drive letter and while we're at it, the root slash too. */
|
|---|
| 185 | pszPath += uDriveLetter ? 3 : 1;
|
|---|
| 186 | }
|
|---|
| 187 | }
|
|---|
| 188 | #else /* !WIN && !OS2 */
|
|---|
| 189 | if (!IS_SLASH(pszPath[0]))
|
|---|
| 190 | {
|
|---|
| 191 | /*
|
|---|
| 192 | * Relative path, must count cwd depth first.
|
|---|
| 193 | */
|
|---|
| 194 | char szCwd[4096];
|
|---|
| 195 | if (!getcwd(szCwd, sizeof(szCwd)))
|
|---|
| 196 | {
|
|---|
| 197 | err(1, "getcwd");
|
|---|
| 198 | return -1;
|
|---|
| 199 | }
|
|---|
| 200 | cComponents = countSubPathComponents(szCwd, 0);
|
|---|
| 201 | }
|
|---|
| 202 | #endif /* !WIN && !OS2 */
|
|---|
| 203 |
|
|---|
| 204 | /*
|
|---|
| 205 | * We're now past any UNC or drive letter crap, possibly positioned
|
|---|
| 206 | * at the root slash or at the start of a path component at the
|
|---|
| 207 | * given depth. Count the remainder.
|
|---|
| 208 | */
|
|---|
| 209 | return countSubPathComponents(pszPath, cComponents);
|
|---|
| 210 | }
|
|---|
| 211 |
|
|---|
| 212 |
|
|---|
| 213 | /**
|
|---|
| 214 | * Initializes the instance data.
|
|---|
| 215 | *
|
|---|
| 216 | * @param pThis Pointer to the instance data.
|
|---|
| 217 | */
|
|---|
| 218 | void kBuildProtectionInit(PKBUILDPROTECTION pThis)
|
|---|
| 219 | {
|
|---|
| 220 | pThis->uMagic = KBUILD_PROTECTION_MAGIC;
|
|---|
| 221 | pThis->afTypes[KBUILDPROTECTIONTYPE_FULL] = 0;
|
|---|
| 222 | pThis->afTypes[KBUILDPROTECTIONTYPE_RECURSIVE] = 1;
|
|---|
| 223 | pThis->cProtectionDepth = DEFAULT_PROTECTION_DEPTH;
|
|---|
| 224 | }
|
|---|
| 225 |
|
|---|
| 226 |
|
|---|
| 227 | /**
|
|---|
| 228 | * Destroys the instance data.
|
|---|
| 229 | *
|
|---|
| 230 | * @param pThis Pointer to the instance data.
|
|---|
| 231 | */
|
|---|
| 232 | void kBuildProtectionTerm(PKBUILDPROTECTION pThis)
|
|---|
| 233 | {
|
|---|
| 234 | pThis->uMagic = 0;
|
|---|
| 235 | }
|
|---|
| 236 |
|
|---|
| 237 |
|
|---|
| 238 | void kBuildProtectionEnable(PKBUILDPROTECTION pThis, KBUILDPROTECTIONTYPE enmType)
|
|---|
| 239 | {
|
|---|
| 240 | assert(pThis->uMagic == KBUILD_PROTECTION_MAGIC);
|
|---|
| 241 | assert(enmType < KBUILDPROTECTIONTYPE_MAX && enmType >= KBUILDPROTECTIONTYPE_FIRST);
|
|---|
| 242 | pThis->afTypes[enmType] |= 1;
|
|---|
| 243 | }
|
|---|
| 244 |
|
|---|
| 245 |
|
|---|
| 246 | void kBuildProtectionDisable(PKBUILDPROTECTION pThis, KBUILDPROTECTIONTYPE enmType)
|
|---|
| 247 | {
|
|---|
| 248 | assert(pThis->uMagic == KBUILD_PROTECTION_MAGIC);
|
|---|
| 249 | assert(enmType < KBUILDPROTECTIONTYPE_MAX && enmType >= KBUILDPROTECTIONTYPE_FIRST);
|
|---|
| 250 | pThis->afTypes[enmType] &= ~1U;
|
|---|
| 251 | }
|
|---|
| 252 |
|
|---|
| 253 |
|
|---|
| 254 | /**
|
|---|
| 255 | * Sets the protection depth according to the option argument.
|
|---|
| 256 | *
|
|---|
| 257 | * @param pszValue The value.
|
|---|
| 258 | *
|
|---|
| 259 | * @returns 0 on success, -1 and errx on failure.
|
|---|
| 260 | */
|
|---|
| 261 | int kBuildProtectionSetDepth(PKBUILDPROTECTION pThis, const char *pszValue)
|
|---|
| 262 | {
|
|---|
| 263 | /* skip leading blanks, they don't count either way. */
|
|---|
| 264 | while (isspace(*pszValue))
|
|---|
| 265 | pszValue++;
|
|---|
| 266 |
|
|---|
| 267 | /* number or path? */
|
|---|
| 268 | if (!isdigit(*pszValue) || strpbrk(pszValue, ":/\\"))
|
|---|
| 269 | pThis->cProtectionDepth = countPathComponents(pszValue);
|
|---|
| 270 | else
|
|---|
| 271 | {
|
|---|
| 272 | char *pszMore = 0;
|
|---|
| 273 | pThis->cProtectionDepth = strtol(pszValue, &pszMore, 0);
|
|---|
| 274 | if (pThis->cProtectionDepth != 0 && pszMore)
|
|---|
| 275 | {
|
|---|
| 276 | /* trailing space is harmless. */
|
|---|
| 277 | while (isspace(*pszMore))
|
|---|
| 278 | pszMore++;
|
|---|
| 279 | }
|
|---|
| 280 | if (!pThis->cProtectionDepth || pszValue == pszMore || *pszMore)
|
|---|
| 281 | return errx(1, "bogus protection depth: %s", pszValue);
|
|---|
| 282 | }
|
|---|
| 283 |
|
|---|
| 284 | if (pThis->cProtectionDepth < 1)
|
|---|
| 285 | return errx(1, "bogus protection depth: %s", pszValue);
|
|---|
| 286 | return 0;
|
|---|
| 287 | }
|
|---|
| 288 |
|
|---|
| 289 |
|
|---|
| 290 | /**
|
|---|
| 291 | * Scans the environment for option overrides.
|
|---|
| 292 | *
|
|---|
| 293 | * @param pThis Pointer to the instance data.
|
|---|
| 294 | * @param papszEnv The environment array.
|
|---|
| 295 | * @param pszPrefix The variable prefix.
|
|---|
| 296 | *
|
|---|
| 297 | * @returns 0 on success, -1 and err*() on failure.
|
|---|
| 298 | */
|
|---|
| 299 | int kBuildProtectionScanEnv(PKBUILDPROTECTION pThis, char **papszEnv, const char *pszPrefix)
|
|---|
| 300 | {
|
|---|
| 301 | unsigned i;
|
|---|
| 302 | const size_t cchPrefix = strlen(pszPrefix);
|
|---|
| 303 |
|
|---|
| 304 | for (i = 0; papszEnv[i]; i++)
|
|---|
| 305 | {
|
|---|
| 306 | const char *pszVar = papszEnv[i];
|
|---|
| 307 | if (!strncmp(pszVar, pszPrefix, cchPrefix))
|
|---|
| 308 | {
|
|---|
| 309 | pszVar += cchPrefix;
|
|---|
| 310 | if (!strncmp(pszVar, "PROTECTION_DEPTH=", sizeof("PROTECTION_DEPTH=") - 1))
|
|---|
| 311 | {
|
|---|
| 312 | const char *pszVal = pszVar + sizeof("PROTECTION_DEPTH=") - 1;
|
|---|
| 313 | if (kBuildProtectionSetDepth(pThis, pszVal))
|
|---|
| 314 | return -1;
|
|---|
| 315 | }
|
|---|
| 316 | else if (!strncmp(pszVar, "DISABLE_PROTECTION=", sizeof("DISABLE_PROTECTION=") - 1))
|
|---|
| 317 | pThis->afTypes[KBUILDPROTECTIONTYPE_RECURSIVE] &= ~1U;
|
|---|
| 318 | else if (!strncmp(pszVar, "ENABLE_PROTECTION=", sizeof("ENABLE_PROTECTION=") - 1))
|
|---|
| 319 | pThis->afTypes[KBUILDPROTECTIONTYPE_RECURSIVE] |= 3;
|
|---|
| 320 | else if (!strncmp(pszVar, "DISABLE_FULL_PROTECTION=", sizeof("DISABLE_FULL_PROTECTION=") - 1))
|
|---|
| 321 | pThis->afTypes[KBUILDPROTECTIONTYPE_FULL] &= ~1U;
|
|---|
| 322 | else if (!strncmp(pszVar, "ENABLE_FULL_PROTECTION=", sizeof("ENABLE_FULL_PROTECTION=") - 1))
|
|---|
| 323 | pThis->afTypes[KBUILDPROTECTIONTYPE_FULL] |= 3;
|
|---|
| 324 | }
|
|---|
| 325 | }
|
|---|
| 326 | return 0;
|
|---|
| 327 | }
|
|---|
| 328 |
|
|---|
| 329 |
|
|---|
| 330 | /**
|
|---|
| 331 | * Protect the upper layers of the file system against accidental
|
|---|
| 332 | * or malicious deletetion attempt from within a makefile.
|
|---|
| 333 | *
|
|---|
| 334 | * @param pszPath The path to check.
|
|---|
| 335 | * @param required_depth The minimum number of components in the
|
|---|
| 336 | * path counting from the root.
|
|---|
| 337 | *
|
|---|
| 338 | * @returns 0 on success.
|
|---|
| 339 | * On failure an error is printed and -1 is returned.
|
|---|
| 340 | */
|
|---|
| 341 | int kBuildProtectionEnforce(PCKBUILDPROTECTION pThis, KBUILDPROTECTIONTYPE enmType, const char *pszPath)
|
|---|
| 342 | {
|
|---|
| 343 | assert(pThis->uMagic == KBUILD_PROTECTION_MAGIC);
|
|---|
| 344 | assert(enmType < KBUILDPROTECTIONTYPE_MAX && enmType >= KBUILDPROTECTIONTYPE_FIRST);
|
|---|
| 345 |
|
|---|
| 346 | if ( (pThis->afTypes[enmType] & 3)
|
|---|
| 347 | || (pThis->afTypes[KBUILDPROTECTIONTYPE_FULL] & 3))
|
|---|
| 348 | {
|
|---|
| 349 | /*
|
|---|
| 350 | * Count the path and compare it with the required depth.
|
|---|
| 351 | */
|
|---|
| 352 | int cComponents = countPathComponents(pszPath);
|
|---|
| 353 | if (cComponents < 0)
|
|---|
| 354 | return -1;
|
|---|
| 355 | if ((unsigned int)cComponents <= pThis->cProtectionDepth)
|
|---|
| 356 | {
|
|---|
| 357 | errx(1, "%s: protected", pszPath);
|
|---|
| 358 | return -1;
|
|---|
| 359 | }
|
|---|
| 360 | }
|
|---|
| 361 | return 0;
|
|---|
| 362 | }
|
|---|
| 363 |
|
|---|
| 364 |
|
|---|
| 365 | /**
|
|---|
| 366 | * Retrieve the default path protection depth.
|
|---|
| 367 | *
|
|---|
| 368 | * @returns the default value.
|
|---|
| 369 | */
|
|---|
| 370 | int kBuildProtectionDefaultDepth(void)
|
|---|
| 371 | {
|
|---|
| 372 | return DEFAULT_PROTECTION_DEPTH;
|
|---|
| 373 | }
|
|---|
| 374 |
|
|---|