[Libsysio-commit] HEAD: libsysio/src access.c

SourceForge Headquarters 225 Broadway Suite 1600 San Diego, CA 92101 +1 (858) 422-6466

Update of /cvsroot/libsysio/libsysio/src
In directory sc8-pr-cvs6.sourceforge.net:/tmp/cvs-serv18240/src

Modified Files:
	access.c 
Log Message:


Bug in permission checking. It would allow the desired access if caller
was owner, in group, or other and proper bit was set.

Now, more in line with what is supposed to happen, it checks owner and
applies mask. If the test fails, it returns failure. Then, it proceeds
to groups checks, and fails there if caller is in one of the groups. Then,
it proceeds to the "other" check.


Index: access.c
===================================================================
RCS file: /cvsroot/libsysio/libsysio/src/access.c,v
retrieving revision 1.13
retrieving revision 1.14
diff -u -w -b -B -p -r1.13 -r1.14

--- access.c	1 Jun 2006 21:28:57 -0000	1.13
+++ access.c	23 Mar 2007 19:05:50 -0000	1.14
@@ -74,6 +74,7 @@ _sysio_check_permission(struct pnode *pn
 	struct intnl_stat *stat;
 	gid_t	*gids;
 	int	ngids;
+	int	group_matched;
 
 	/*
 	 * Check amode.
@@ -95,38 +96,43 @@ _sysio_check_permission(struct pnode *pn
 	ino = pno->p_base->pb_ino;
 	assert(ino);
 
-	err = 0;					/* assume success */
-
+	err = -EACCES;					/* assume error */
+	stat = &ino->i_stbuf;
+	do {
 	/*
 	 * Owner?
 	 */
-	stat = &ino->i_stbuf;
-	if (stat->st_uid == crp->creds_uid &&
-	    (stat->st_mode & mask) == mask)
-		goto out;
+		if (stat->st_uid == crp->creds_uid) {
+			if ((stat->st_mode & mask) == mask)
+				err = 0;
+			break;
+		}
 
 	/*
 	 * Group?
 	 */
 	mask >>= 3;
+		group_matched = 0;
 	gids = crp->creds_gids;
 	ngids = crp->creds_ngids;
 	while (ngids) {
 		ngids--;
-		if (stat->st_gid == *gids++ &&
-		    (stat->st_mode & mask) == mask)
-			goto out;
+			if (stat->st_gid == *gids++) {
+				group_matched = 1;
+				if ((stat->st_mode & mask) == mask)
+					err = 0;
 	}
+		}
+		if (group_matched)
+			break;
 
 	/*
 	 * Other?
 	 */
 	mask >>= 3;
 	if ((stat->st_mode & mask) == mask)
-		goto out;
-
-	err = -EACCES;					/* fail */
-out:
+			err = 0;
+	} while (0);
 	if (err)
 		return err;
 



