1
0
mirror of https://git.savannah.gnu.org/git/emacs.git synced 2024-11-25 07:28:20 +00:00
emacs/lib-src/update-game-score.c
Ulrich Müller 20f6648552 Allow update-game-score to run sgid instead of suid.
* configure.ac (gamegroup): New AC_SUBST.
(--with-gameuser): Allow to specify a group instead of a user.
In the default case, check at configure time if a 'games' user
exists.
* lib-src/update-game-score.c: Allow the program to run sgid
instead of suid, in order to match common practice for most games.
(main): Check if we are running sgid.  Pass appropriate file
permission bits to 'write_scores'.
(write_scores): New 'mode' argument, instead of hardcoding 0644.
(get_prefix): Update error message.
* lib-src/Makefile.in (gamegroup): New variable, set by configure.
($(DESTDIR)${archlibdir}): Handle both suid or sgid when
installing the 'update-game-score' program.
* lisp/play/gamegrid.el (gamegrid-add-score-with-update-game-score):
Allow the 'update-game-score' helper program to run suid or sgid.
2015-01-21 21:33:17 +01:00

509 lines
12 KiB
C

/* update-game-score.c --- Update a score file
Copyright (C) 2002-2015 Free Software Foundation, Inc.
Author: Colin Walters <walters@debian.org>
This file is part of GNU Emacs.
GNU Emacs is free software: you can redistribute it and/or modify
it under the terms of the GNU General Public License as published by
the Free Software Foundation, either version 3 of the License, or
(at your option) any later version.
GNU Emacs is distributed in the hope that it will be useful,
but WITHOUT ANY WARRANTY; without even the implied warranty of
MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
GNU General Public License for more details.
You should have received a copy of the GNU General Public License
along with GNU Emacs. If not, see <http://www.gnu.org/licenses/>. */
/* This program allows a game to securely and atomically update a
score file. It should be installed either setuid or setgid, owned
by an appropriate user or group like `games'.
Alternatively, it can be compiled without HAVE_SHARED_GAME_DIR
defined, and in that case it will store scores in the user's home
directory (it should NOT be setuid).
Created 2002/03/22.
*/
#include <config.h>
#include <unistd.h>
#include <errno.h>
#include <inttypes.h>
#include <limits.h>
#include <stdbool.h>
#include <string.h>
#include <stdlib.h>
#include <stdio.h>
#include <time.h>
#include <pwd.h>
#include <ctype.h>
#include <fcntl.h>
#include <sys/stat.h>
#include <getopt.h>
#ifdef WINDOWSNT
#include "ntlib.h"
#endif
#ifndef min
# define min(a,b) ((a) < (b) ? (a) : (b))
#endif
#define MAX_ATTEMPTS 5
#define MAX_DATA_LEN 1024
static _Noreturn void
usage (int err)
{
fprintf (stdout, "Usage: update-game-score [-m MAX] [-r] [-d DIR] game/scorefile SCORE DATA\n");
fprintf (stdout, " update-game-score -h\n");
fprintf (stdout, " -h\t\tDisplay this help.\n");
fprintf (stdout, " -m MAX\t\tLimit the maximum number of scores to MAX.\n");
fprintf (stdout, " -r\t\tSort the scores in increasing order.\n");
fprintf (stdout, " -d DIR\t\tStore scores in DIR (only if not setuid).\n");
exit (err);
}
static int lock_file (const char *filename, void **state);
static int unlock_file (const char *filename, void *state);
struct score_entry
{
char *score;
char *user_data;
};
#define MAX_SCORES min (PTRDIFF_MAX, SIZE_MAX / sizeof (struct score_entry))
static int read_scores (const char *filename, struct score_entry **scores,
ptrdiff_t *count, ptrdiff_t *alloc);
static int push_score (struct score_entry **scores, ptrdiff_t *count,
ptrdiff_t *size, struct score_entry const *newscore);
static void sort_scores (struct score_entry *scores, ptrdiff_t count,
bool reverse);
static int write_scores (const char *filename, mode_t mode,
const struct score_entry *scores, ptrdiff_t count);
static _Noreturn void
lose (const char *msg)
{
fprintf (stderr, "%s\n", msg);
exit (EXIT_FAILURE);
}
static _Noreturn void
lose_syserr (const char *msg)
{
fprintf (stderr, "%s: %s\n", msg,
errno ? strerror (errno) : "Invalid data in score file");
exit (EXIT_FAILURE);
}
static char *
get_user_id (void)
{
struct passwd *buf = getpwuid (getuid ());
if (!buf || strchr (buf->pw_name, ' ') || strchr (buf->pw_name, '\n'))
{
intmax_t uid = getuid ();
char *name = malloc (sizeof uid * CHAR_BIT / 3 + 4);
if (name)
sprintf (name, "%"PRIdMAX, uid);
return name;
}
return buf->pw_name;
}
static const char *
get_prefix (bool privileged, const char *user_prefix)
{
if (privileged)
{
#ifdef HAVE_SHARED_GAME_DIR
return HAVE_SHARED_GAME_DIR;
#else
lose ("This program was compiled without HAVE_SHARED_GAME_DIR,\n"
"and should not run with elevated privileges.");
#endif
}
if (user_prefix == NULL)
lose ("Not using a shared game directory, and no prefix given.");
return user_prefix;
}
static char *
normalize_integer (char *num)
{
bool neg;
char *p;
while (*num != '\n' && isspace (*num))
num++;
neg = *num == '-';
num += neg || *num == '-';
if (*num == '0')
{
while (*++num == '0')
continue;
neg &= !!*num;
num -= !*num;
}
for (p = num; '0' <= *p && *p <= '9'; p++)
continue;
if (*p || p == num)
{
errno = 0;
return 0;
}
if (neg)
*--num = '-';
return num;
}
int
main (int argc, char **argv)
{
int c;
bool running_suid, running_sgid;
void *lockstate;
char *scorefile;
char *end, *nl, *user, *data;
const char *prefix, *user_prefix = NULL;
struct score_entry *scores;
struct score_entry newscore;
bool reverse = false;
ptrdiff_t scorecount, scorealloc;
ptrdiff_t max_scores = MAX_SCORES;
srand (time (0));
while ((c = getopt (argc, argv, "hrm:d:")) != -1)
switch (c)
{
case 'h':
usage (EXIT_SUCCESS);
break;
case 'd':
user_prefix = optarg;
break;
case 'r':
reverse = 1;
break;
case 'm':
{
intmax_t m = strtoimax (optarg, &end, 10);
if (optarg == end || *end || m < 0)
usage (EXIT_FAILURE);
max_scores = min (m, MAX_SCORES);
}
break;
default:
usage (EXIT_FAILURE);
}
if (argc - optind != 3)
usage (EXIT_FAILURE);
running_suid = (getuid () != geteuid ());
running_sgid = (getgid () != getegid ());
if (running_suid && running_sgid)
lose ("This program can run either suid or sgid, but not both.");
prefix = get_prefix (running_suid || running_sgid, user_prefix);
scorefile = malloc (strlen (prefix) + strlen (argv[optind]) + 2);
if (!scorefile)
lose_syserr ("Couldn't allocate score file");
char *z = stpcpy (scorefile, prefix);
*z++ = '/';
strcpy (z, argv[optind]);
newscore.score = normalize_integer (argv[optind + 1]);
if (! newscore.score)
{
fprintf (stderr, "%s: Invalid score\n", argv[optind + 1]);
return EXIT_FAILURE;
}
user = get_user_id ();
if (! user)
lose_syserr ("Couldn't determine user id");
data = argv[optind + 2];
if (strlen (data) > MAX_DATA_LEN)
data[MAX_DATA_LEN] = '\0';
nl = strchr (data, '\n');
if (nl)
*nl = '\0';
newscore.user_data = malloc (strlen (user) + 1 + strlen (data) + 1);
if (! newscore.user_data
|| sprintf (newscore.user_data, "%s %s", user, data) < 0)
lose_syserr ("Memory exhausted");
if (lock_file (scorefile, &lockstate) < 0)
lose_syserr ("Failed to lock scores file");
if (read_scores (scorefile, &scores, &scorecount, &scorealloc) < 0)
{
unlock_file (scorefile, lockstate);
lose_syserr ("Failed to read scores file");
}
if (push_score (&scores, &scorecount, &scorealloc, &newscore) < 0)
{
unlock_file (scorefile, lockstate);
lose_syserr ("Failed to add score");
}
sort_scores (scores, scorecount, reverse);
/* Limit the number of scores. If we're using reverse sorting, then
also increment the beginning of the array, to skip over the
*smallest* scores. Otherwise, just decrementing the number of
scores suffices, since the smallest is at the end. */
if (scorecount > max_scores)
{
if (reverse)
scores += scorecount - max_scores;
scorecount = max_scores;
}
if (write_scores (scorefile, running_sgid ? 0664 : 0644,
scores, scorecount) < 0)
{
unlock_file (scorefile, lockstate);
lose_syserr ("Failed to write scores file");
}
if (unlock_file (scorefile, lockstate) < 0)
lose_syserr ("Failed to unlock scores file");
exit (EXIT_SUCCESS);
}
static char *
read_score (char *p, struct score_entry *score)
{
score->score = p;
p = strchr (p, ' ');
if (!p)
return p;
*p++ = 0;
score->user_data = p;
p = strchr (p, '\n');
if (!p)
return p;
*p++ = 0;
return p;
}
static int
read_scores (const char *filename, struct score_entry **scores,
ptrdiff_t *count, ptrdiff_t *alloc)
{
char *p, *filedata;
ptrdiff_t filesize, nread;
struct stat st;
FILE *f = fopen (filename, "r");
if (!f)
return -1;
if (fstat (fileno (f), &st) != 0)
return -1;
if (! (0 <= st.st_size && st.st_size < min (PTRDIFF_MAX, SIZE_MAX)))
{
errno = EOVERFLOW;
return -1;
}
filesize = st.st_size;
filedata = malloc (filesize + 1);
if (! filedata)
return -1;
nread = fread (filedata, 1, filesize + 1, f);
if (filesize < nread)
{
errno = 0;
return -1;
}
if (nread < filesize)
filesize = nread;
if (ferror (f) || fclose (f) != 0)
return -1;
filedata[filesize] = 0;
if (strlen (filedata) != filesize)
{
errno = 0;
return -1;
}
*scores = 0;
*count = *alloc = 0;
for (p = filedata; p < filedata + filesize; )
{
struct score_entry entry;
p = read_score (p, &entry);
if (!p)
{
errno = 0;
return -1;
}
if (push_score (scores, count, alloc, &entry) < 0)
return -1;
}
return 0;
}
static int
score_compare (const void *a, const void *b)
{
const struct score_entry *sa = (const struct score_entry *) a;
const struct score_entry *sb = (const struct score_entry *) b;
char *sca = sa->score;
char *scb = sb->score;
size_t lena, lenb;
bool nega = *sca == '-';
bool negb = *scb == '-';
int diff = nega - negb;
if (diff)
return diff;
if (nega)
{
char *tmp = sca;
sca = scb + 1;
scb = tmp + 1;
}
lena = strlen (sca);
lenb = strlen (scb);
if (lena != lenb)
return lenb < lena ? -1 : 1;
return strcmp (scb, sca);
}
static int
score_compare_reverse (const void *a, const void *b)
{
return score_compare (b, a);
}
int
push_score (struct score_entry **scores, ptrdiff_t *count, ptrdiff_t *size,
struct score_entry const *newscore)
{
struct score_entry *newscores = *scores;
if (*count == *size)
{
ptrdiff_t newsize = *size;
if (newsize <= 0)
newsize = 1;
else if (newsize <= MAX_SCORES / 2)
newsize *= 2;
else if (newsize < MAX_SCORES)
newsize = MAX_SCORES;
else
{
errno = ENOMEM;
return -1;
}
newscores = realloc (newscores, sizeof *newscores * newsize);
if (!newscores)
return -1;
*scores = newscores;
*size = newsize;
}
newscores[*count] = *newscore;
(*count) += 1;
return 0;
}
static void
sort_scores (struct score_entry *scores, ptrdiff_t count, bool reverse)
{
qsort (scores, count, sizeof *scores,
reverse ? score_compare_reverse : score_compare);
}
static int
write_scores (const char *filename, mode_t mode,
const struct score_entry *scores, ptrdiff_t count)
{
int fd;
FILE *f;
ptrdiff_t i;
char *tempfile = malloc (strlen (filename) + strlen (".tempXXXXXX") + 1);
if (!tempfile)
return -1;
strcpy (stpcpy (tempfile, filename), ".tempXXXXXX");
fd = mkostemp (tempfile, 0);
if (fd < 0)
return -1;
#ifndef DOS_NT
if (fchmod (fd, mode) != 0)
return -1;
#endif
f = fdopen (fd, "w");
if (! f)
return -1;
for (i = 0; i < count; i++)
if (fprintf (f, "%s %s\n", scores[i].score, scores[i].user_data) < 0)
return -1;
if (fclose (f) != 0)
return -1;
if (rename (tempfile, filename) != 0)
return -1;
return 0;
}
static int
lock_file (const char *filename, void **state)
{
int fd;
struct stat buf;
int attempts = 0;
const char *lockext = ".lockfile";
char *lockpath = malloc (strlen (filename) + strlen (lockext) + 60);
if (!lockpath)
return -1;
strcpy (stpcpy (lockpath, filename), lockext);
*state = lockpath;
while ((fd = open (lockpath, O_CREAT | O_EXCL, 0600)) < 0)
{
if (errno != EEXIST)
return -1;
attempts++;
/* Break the lock if it is over an hour old, or if we've tried
more than MAX_ATTEMPTS times. We won't corrupt the file, but
we might lose some scores. */
if (MAX_ATTEMPTS < attempts
|| (stat (lockpath, &buf) == 0 && 60 * 60 < time (0) - buf.st_ctime))
{
if (unlink (lockpath) != 0 && errno != ENOENT)
return -1;
attempts = 0;
}
sleep ((rand () & 1) + 1);
}
close (fd);
return 0;
}
static int
unlock_file (const char *filename, void *state)
{
char *lockpath = (char *) state;
int saved_errno = errno;
int ret = unlink (lockpath);
int unlink_errno = errno;
free (lockpath);
errno = ret < 0 ? unlink_errno : saved_errno;
return ret;
}
/* update-game-score.c ends here */