mirror of
https://git.savannah.gnu.org/git/emacs.git
synced 2024-11-25 07:28:20 +00:00
20f6648552
* configure.ac (gamegroup): New AC_SUBST. (--with-gameuser): Allow to specify a group instead of a user. In the default case, check at configure time if a 'games' user exists. * lib-src/update-game-score.c: Allow the program to run sgid instead of suid, in order to match common practice for most games. (main): Check if we are running sgid. Pass appropriate file permission bits to 'write_scores'. (write_scores): New 'mode' argument, instead of hardcoding 0644. (get_prefix): Update error message. * lib-src/Makefile.in (gamegroup): New variable, set by configure. ($(DESTDIR)${archlibdir}): Handle both suid or sgid when installing the 'update-game-score' program. * lisp/play/gamegrid.el (gamegrid-add-score-with-update-game-score): Allow the 'update-game-score' helper program to run suid or sgid.
509 lines
12 KiB
C
509 lines
12 KiB
C
/* update-game-score.c --- Update a score file
|
|
|
|
Copyright (C) 2002-2015 Free Software Foundation, Inc.
|
|
|
|
Author: Colin Walters <walters@debian.org>
|
|
|
|
This file is part of GNU Emacs.
|
|
|
|
GNU Emacs is free software: you can redistribute it and/or modify
|
|
it under the terms of the GNU General Public License as published by
|
|
the Free Software Foundation, either version 3 of the License, or
|
|
(at your option) any later version.
|
|
|
|
GNU Emacs is distributed in the hope that it will be useful,
|
|
but WITHOUT ANY WARRANTY; without even the implied warranty of
|
|
MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
|
|
GNU General Public License for more details.
|
|
|
|
You should have received a copy of the GNU General Public License
|
|
along with GNU Emacs. If not, see <http://www.gnu.org/licenses/>. */
|
|
|
|
|
|
/* This program allows a game to securely and atomically update a
|
|
score file. It should be installed either setuid or setgid, owned
|
|
by an appropriate user or group like `games'.
|
|
|
|
Alternatively, it can be compiled without HAVE_SHARED_GAME_DIR
|
|
defined, and in that case it will store scores in the user's home
|
|
directory (it should NOT be setuid).
|
|
|
|
Created 2002/03/22.
|
|
*/
|
|
|
|
#include <config.h>
|
|
|
|
#include <unistd.h>
|
|
#include <errno.h>
|
|
#include <inttypes.h>
|
|
#include <limits.h>
|
|
#include <stdbool.h>
|
|
#include <string.h>
|
|
#include <stdlib.h>
|
|
#include <stdio.h>
|
|
#include <time.h>
|
|
#include <pwd.h>
|
|
#include <ctype.h>
|
|
#include <fcntl.h>
|
|
#include <sys/stat.h>
|
|
#include <getopt.h>
|
|
|
|
#ifdef WINDOWSNT
|
|
#include "ntlib.h"
|
|
#endif
|
|
|
|
#ifndef min
|
|
# define min(a,b) ((a) < (b) ? (a) : (b))
|
|
#endif
|
|
|
|
#define MAX_ATTEMPTS 5
|
|
#define MAX_DATA_LEN 1024
|
|
|
|
static _Noreturn void
|
|
usage (int err)
|
|
{
|
|
fprintf (stdout, "Usage: update-game-score [-m MAX] [-r] [-d DIR] game/scorefile SCORE DATA\n");
|
|
fprintf (stdout, " update-game-score -h\n");
|
|
fprintf (stdout, " -h\t\tDisplay this help.\n");
|
|
fprintf (stdout, " -m MAX\t\tLimit the maximum number of scores to MAX.\n");
|
|
fprintf (stdout, " -r\t\tSort the scores in increasing order.\n");
|
|
fprintf (stdout, " -d DIR\t\tStore scores in DIR (only if not setuid).\n");
|
|
exit (err);
|
|
}
|
|
|
|
static int lock_file (const char *filename, void **state);
|
|
static int unlock_file (const char *filename, void *state);
|
|
|
|
struct score_entry
|
|
{
|
|
char *score;
|
|
char *user_data;
|
|
};
|
|
|
|
#define MAX_SCORES min (PTRDIFF_MAX, SIZE_MAX / sizeof (struct score_entry))
|
|
|
|
static int read_scores (const char *filename, struct score_entry **scores,
|
|
ptrdiff_t *count, ptrdiff_t *alloc);
|
|
static int push_score (struct score_entry **scores, ptrdiff_t *count,
|
|
ptrdiff_t *size, struct score_entry const *newscore);
|
|
static void sort_scores (struct score_entry *scores, ptrdiff_t count,
|
|
bool reverse);
|
|
static int write_scores (const char *filename, mode_t mode,
|
|
const struct score_entry *scores, ptrdiff_t count);
|
|
|
|
static _Noreturn void
|
|
lose (const char *msg)
|
|
{
|
|
fprintf (stderr, "%s\n", msg);
|
|
exit (EXIT_FAILURE);
|
|
}
|
|
|
|
static _Noreturn void
|
|
lose_syserr (const char *msg)
|
|
{
|
|
fprintf (stderr, "%s: %s\n", msg,
|
|
errno ? strerror (errno) : "Invalid data in score file");
|
|
exit (EXIT_FAILURE);
|
|
}
|
|
|
|
static char *
|
|
get_user_id (void)
|
|
{
|
|
struct passwd *buf = getpwuid (getuid ());
|
|
if (!buf || strchr (buf->pw_name, ' ') || strchr (buf->pw_name, '\n'))
|
|
{
|
|
intmax_t uid = getuid ();
|
|
char *name = malloc (sizeof uid * CHAR_BIT / 3 + 4);
|
|
if (name)
|
|
sprintf (name, "%"PRIdMAX, uid);
|
|
return name;
|
|
}
|
|
return buf->pw_name;
|
|
}
|
|
|
|
static const char *
|
|
get_prefix (bool privileged, const char *user_prefix)
|
|
{
|
|
if (privileged)
|
|
{
|
|
#ifdef HAVE_SHARED_GAME_DIR
|
|
return HAVE_SHARED_GAME_DIR;
|
|
#else
|
|
lose ("This program was compiled without HAVE_SHARED_GAME_DIR,\n"
|
|
"and should not run with elevated privileges.");
|
|
#endif
|
|
}
|
|
if (user_prefix == NULL)
|
|
lose ("Not using a shared game directory, and no prefix given.");
|
|
return user_prefix;
|
|
}
|
|
|
|
static char *
|
|
normalize_integer (char *num)
|
|
{
|
|
bool neg;
|
|
char *p;
|
|
while (*num != '\n' && isspace (*num))
|
|
num++;
|
|
neg = *num == '-';
|
|
num += neg || *num == '-';
|
|
|
|
if (*num == '0')
|
|
{
|
|
while (*++num == '0')
|
|
continue;
|
|
neg &= !!*num;
|
|
num -= !*num;
|
|
}
|
|
|
|
for (p = num; '0' <= *p && *p <= '9'; p++)
|
|
continue;
|
|
|
|
if (*p || p == num)
|
|
{
|
|
errno = 0;
|
|
return 0;
|
|
}
|
|
|
|
if (neg)
|
|
*--num = '-';
|
|
return num;
|
|
}
|
|
|
|
int
|
|
main (int argc, char **argv)
|
|
{
|
|
int c;
|
|
bool running_suid, running_sgid;
|
|
void *lockstate;
|
|
char *scorefile;
|
|
char *end, *nl, *user, *data;
|
|
const char *prefix, *user_prefix = NULL;
|
|
struct score_entry *scores;
|
|
struct score_entry newscore;
|
|
bool reverse = false;
|
|
ptrdiff_t scorecount, scorealloc;
|
|
ptrdiff_t max_scores = MAX_SCORES;
|
|
|
|
srand (time (0));
|
|
|
|
while ((c = getopt (argc, argv, "hrm:d:")) != -1)
|
|
switch (c)
|
|
{
|
|
case 'h':
|
|
usage (EXIT_SUCCESS);
|
|
break;
|
|
case 'd':
|
|
user_prefix = optarg;
|
|
break;
|
|
case 'r':
|
|
reverse = 1;
|
|
break;
|
|
case 'm':
|
|
{
|
|
intmax_t m = strtoimax (optarg, &end, 10);
|
|
if (optarg == end || *end || m < 0)
|
|
usage (EXIT_FAILURE);
|
|
max_scores = min (m, MAX_SCORES);
|
|
}
|
|
break;
|
|
default:
|
|
usage (EXIT_FAILURE);
|
|
}
|
|
|
|
if (argc - optind != 3)
|
|
usage (EXIT_FAILURE);
|
|
|
|
running_suid = (getuid () != geteuid ());
|
|
running_sgid = (getgid () != getegid ());
|
|
if (running_suid && running_sgid)
|
|
lose ("This program can run either suid or sgid, but not both.");
|
|
|
|
prefix = get_prefix (running_suid || running_sgid, user_prefix);
|
|
|
|
scorefile = malloc (strlen (prefix) + strlen (argv[optind]) + 2);
|
|
if (!scorefile)
|
|
lose_syserr ("Couldn't allocate score file");
|
|
|
|
char *z = stpcpy (scorefile, prefix);
|
|
*z++ = '/';
|
|
strcpy (z, argv[optind]);
|
|
|
|
newscore.score = normalize_integer (argv[optind + 1]);
|
|
if (! newscore.score)
|
|
{
|
|
fprintf (stderr, "%s: Invalid score\n", argv[optind + 1]);
|
|
return EXIT_FAILURE;
|
|
}
|
|
|
|
user = get_user_id ();
|
|
if (! user)
|
|
lose_syserr ("Couldn't determine user id");
|
|
data = argv[optind + 2];
|
|
if (strlen (data) > MAX_DATA_LEN)
|
|
data[MAX_DATA_LEN] = '\0';
|
|
nl = strchr (data, '\n');
|
|
if (nl)
|
|
*nl = '\0';
|
|
newscore.user_data = malloc (strlen (user) + 1 + strlen (data) + 1);
|
|
if (! newscore.user_data
|
|
|| sprintf (newscore.user_data, "%s %s", user, data) < 0)
|
|
lose_syserr ("Memory exhausted");
|
|
|
|
if (lock_file (scorefile, &lockstate) < 0)
|
|
lose_syserr ("Failed to lock scores file");
|
|
|
|
if (read_scores (scorefile, &scores, &scorecount, &scorealloc) < 0)
|
|
{
|
|
unlock_file (scorefile, lockstate);
|
|
lose_syserr ("Failed to read scores file");
|
|
}
|
|
if (push_score (&scores, &scorecount, &scorealloc, &newscore) < 0)
|
|
{
|
|
unlock_file (scorefile, lockstate);
|
|
lose_syserr ("Failed to add score");
|
|
}
|
|
sort_scores (scores, scorecount, reverse);
|
|
/* Limit the number of scores. If we're using reverse sorting, then
|
|
also increment the beginning of the array, to skip over the
|
|
*smallest* scores. Otherwise, just decrementing the number of
|
|
scores suffices, since the smallest is at the end. */
|
|
if (scorecount > max_scores)
|
|
{
|
|
if (reverse)
|
|
scores += scorecount - max_scores;
|
|
scorecount = max_scores;
|
|
}
|
|
if (write_scores (scorefile, running_sgid ? 0664 : 0644,
|
|
scores, scorecount) < 0)
|
|
{
|
|
unlock_file (scorefile, lockstate);
|
|
lose_syserr ("Failed to write scores file");
|
|
}
|
|
if (unlock_file (scorefile, lockstate) < 0)
|
|
lose_syserr ("Failed to unlock scores file");
|
|
exit (EXIT_SUCCESS);
|
|
}
|
|
|
|
static char *
|
|
read_score (char *p, struct score_entry *score)
|
|
{
|
|
score->score = p;
|
|
p = strchr (p, ' ');
|
|
if (!p)
|
|
return p;
|
|
*p++ = 0;
|
|
score->user_data = p;
|
|
p = strchr (p, '\n');
|
|
if (!p)
|
|
return p;
|
|
*p++ = 0;
|
|
return p;
|
|
}
|
|
|
|
static int
|
|
read_scores (const char *filename, struct score_entry **scores,
|
|
ptrdiff_t *count, ptrdiff_t *alloc)
|
|
{
|
|
char *p, *filedata;
|
|
ptrdiff_t filesize, nread;
|
|
struct stat st;
|
|
FILE *f = fopen (filename, "r");
|
|
if (!f)
|
|
return -1;
|
|
if (fstat (fileno (f), &st) != 0)
|
|
return -1;
|
|
if (! (0 <= st.st_size && st.st_size < min (PTRDIFF_MAX, SIZE_MAX)))
|
|
{
|
|
errno = EOVERFLOW;
|
|
return -1;
|
|
}
|
|
filesize = st.st_size;
|
|
filedata = malloc (filesize + 1);
|
|
if (! filedata)
|
|
return -1;
|
|
nread = fread (filedata, 1, filesize + 1, f);
|
|
if (filesize < nread)
|
|
{
|
|
errno = 0;
|
|
return -1;
|
|
}
|
|
if (nread < filesize)
|
|
filesize = nread;
|
|
if (ferror (f) || fclose (f) != 0)
|
|
return -1;
|
|
filedata[filesize] = 0;
|
|
if (strlen (filedata) != filesize)
|
|
{
|
|
errno = 0;
|
|
return -1;
|
|
}
|
|
|
|
*scores = 0;
|
|
*count = *alloc = 0;
|
|
for (p = filedata; p < filedata + filesize; )
|
|
{
|
|
struct score_entry entry;
|
|
p = read_score (p, &entry);
|
|
if (!p)
|
|
{
|
|
errno = 0;
|
|
return -1;
|
|
}
|
|
if (push_score (scores, count, alloc, &entry) < 0)
|
|
return -1;
|
|
}
|
|
return 0;
|
|
}
|
|
|
|
static int
|
|
score_compare (const void *a, const void *b)
|
|
{
|
|
const struct score_entry *sa = (const struct score_entry *) a;
|
|
const struct score_entry *sb = (const struct score_entry *) b;
|
|
char *sca = sa->score;
|
|
char *scb = sb->score;
|
|
size_t lena, lenb;
|
|
bool nega = *sca == '-';
|
|
bool negb = *scb == '-';
|
|
int diff = nega - negb;
|
|
if (diff)
|
|
return diff;
|
|
if (nega)
|
|
{
|
|
char *tmp = sca;
|
|
sca = scb + 1;
|
|
scb = tmp + 1;
|
|
}
|
|
lena = strlen (sca);
|
|
lenb = strlen (scb);
|
|
if (lena != lenb)
|
|
return lenb < lena ? -1 : 1;
|
|
return strcmp (scb, sca);
|
|
}
|
|
|
|
static int
|
|
score_compare_reverse (const void *a, const void *b)
|
|
{
|
|
return score_compare (b, a);
|
|
}
|
|
|
|
int
|
|
push_score (struct score_entry **scores, ptrdiff_t *count, ptrdiff_t *size,
|
|
struct score_entry const *newscore)
|
|
{
|
|
struct score_entry *newscores = *scores;
|
|
if (*count == *size)
|
|
{
|
|
ptrdiff_t newsize = *size;
|
|
if (newsize <= 0)
|
|
newsize = 1;
|
|
else if (newsize <= MAX_SCORES / 2)
|
|
newsize *= 2;
|
|
else if (newsize < MAX_SCORES)
|
|
newsize = MAX_SCORES;
|
|
else
|
|
{
|
|
errno = ENOMEM;
|
|
return -1;
|
|
}
|
|
newscores = realloc (newscores, sizeof *newscores * newsize);
|
|
if (!newscores)
|
|
return -1;
|
|
*scores = newscores;
|
|
*size = newsize;
|
|
}
|
|
newscores[*count] = *newscore;
|
|
(*count) += 1;
|
|
return 0;
|
|
}
|
|
|
|
static void
|
|
sort_scores (struct score_entry *scores, ptrdiff_t count, bool reverse)
|
|
{
|
|
qsort (scores, count, sizeof *scores,
|
|
reverse ? score_compare_reverse : score_compare);
|
|
}
|
|
|
|
static int
|
|
write_scores (const char *filename, mode_t mode,
|
|
const struct score_entry *scores, ptrdiff_t count)
|
|
{
|
|
int fd;
|
|
FILE *f;
|
|
ptrdiff_t i;
|
|
char *tempfile = malloc (strlen (filename) + strlen (".tempXXXXXX") + 1);
|
|
if (!tempfile)
|
|
return -1;
|
|
strcpy (stpcpy (tempfile, filename), ".tempXXXXXX");
|
|
fd = mkostemp (tempfile, 0);
|
|
if (fd < 0)
|
|
return -1;
|
|
#ifndef DOS_NT
|
|
if (fchmod (fd, mode) != 0)
|
|
return -1;
|
|
#endif
|
|
f = fdopen (fd, "w");
|
|
if (! f)
|
|
return -1;
|
|
for (i = 0; i < count; i++)
|
|
if (fprintf (f, "%s %s\n", scores[i].score, scores[i].user_data) < 0)
|
|
return -1;
|
|
if (fclose (f) != 0)
|
|
return -1;
|
|
if (rename (tempfile, filename) != 0)
|
|
return -1;
|
|
return 0;
|
|
}
|
|
|
|
static int
|
|
lock_file (const char *filename, void **state)
|
|
{
|
|
int fd;
|
|
struct stat buf;
|
|
int attempts = 0;
|
|
const char *lockext = ".lockfile";
|
|
char *lockpath = malloc (strlen (filename) + strlen (lockext) + 60);
|
|
if (!lockpath)
|
|
return -1;
|
|
strcpy (stpcpy (lockpath, filename), lockext);
|
|
*state = lockpath;
|
|
|
|
while ((fd = open (lockpath, O_CREAT | O_EXCL, 0600)) < 0)
|
|
{
|
|
if (errno != EEXIST)
|
|
return -1;
|
|
attempts++;
|
|
|
|
/* Break the lock if it is over an hour old, or if we've tried
|
|
more than MAX_ATTEMPTS times. We won't corrupt the file, but
|
|
we might lose some scores. */
|
|
if (MAX_ATTEMPTS < attempts
|
|
|| (stat (lockpath, &buf) == 0 && 60 * 60 < time (0) - buf.st_ctime))
|
|
{
|
|
if (unlink (lockpath) != 0 && errno != ENOENT)
|
|
return -1;
|
|
attempts = 0;
|
|
}
|
|
|
|
sleep ((rand () & 1) + 1);
|
|
}
|
|
|
|
close (fd);
|
|
return 0;
|
|
}
|
|
|
|
static int
|
|
unlock_file (const char *filename, void *state)
|
|
{
|
|
char *lockpath = (char *) state;
|
|
int saved_errno = errno;
|
|
int ret = unlink (lockpath);
|
|
int unlink_errno = errno;
|
|
free (lockpath);
|
|
errno = ret < 0 ? unlink_errno : saved_errno;
|
|
return ret;
|
|
}
|
|
|
|
/* update-game-score.c ends here */
|