1
0
mirror of https://git.savannah.gnu.org/git/emacs.git synced 2024-12-25 10:47:00 +00:00
emacs/lib-src/update-game-score.c
Paul Eggert bc511a64f6 Prefer HTTPS to FTP and HTTP in documentation
Most of this change is to boilerplate commentary such as license URLs.
This change was prompted by ftp://ftp.gnu.org's going-away party,
planned for November.  Change these FTP URLs to https://ftp.gnu.org
instead.  Make similar changes for URLs to other organizations moving
away from FTP.  Also, change HTTP to HTTPS for URLs to gnu.org and
fsf.org when this works, as this will further help defend against
man-in-the-middle attacks (for this part I omitted the MS-DOS and
MS-Windows sources and the test tarballs to keep the workload down).
HTTPS is not fully working to lists.gnu.org so I left those URLs alone
for now.
2017-09-13 15:54:37 -07:00

509 lines
12 KiB
C

/* update-game-score.c --- Update a score file
Copyright (C) 2002-2017 Free Software Foundation, Inc.
Author: Colin Walters <walters@debian.org>
This file is part of GNU Emacs.
GNU Emacs is free software: you can redistribute it and/or modify
it under the terms of the GNU General Public License as published by
the Free Software Foundation, either version 3 of the License, or (at
your option) any later version.
GNU Emacs is distributed in the hope that it will be useful,
but WITHOUT ANY WARRANTY; without even the implied warranty of
MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
GNU General Public License for more details.
You should have received a copy of the GNU General Public License
along with GNU Emacs. If not, see <https://www.gnu.org/licenses/>. */
/* This program allows a game to securely and atomically update a
score file. It should be installed either setuid or setgid, owned
by an appropriate user or group like `games'.
Alternatively, it can be compiled without HAVE_SHARED_GAME_DIR
defined, and in that case it will store scores in the user's home
directory (it should NOT be setuid).
Created 2002/03/22.
*/
#include <config.h>
#include <unistd.h>
#include <errno.h>
#include <inttypes.h>
#include <limits.h>
#include <string.h>
#include <stdlib.h>
#include <time.h>
#include <pwd.h>
#include <ctype.h>
#include <fcntl.h>
#include <sys/stat.h>
#include <getopt.h>
#include <unlocked-io.h>
#ifdef WINDOWSNT
#include "ntlib.h"
#endif
#ifndef min
# define min(a,b) ((a) < (b) ? (a) : (b))
#endif
#define MAX_ATTEMPTS 5
#define MAX_DATA_LEN 1024
static _Noreturn void
usage (int err)
{
fprintf (stdout, "Usage: update-game-score [-m MAX] [-r] [-d DIR] game/scorefile SCORE DATA\n");
fprintf (stdout, " update-game-score -h\n");
fprintf (stdout, " -h\t\tDisplay this help.\n");
fprintf (stdout, " -m MAX\t\tLimit the maximum number of scores to MAX.\n");
fprintf (stdout, " -r\t\tSort the scores in increasing order.\n");
fprintf (stdout, " -d DIR\t\tStore scores in DIR (only if not setuid).\n");
exit (err);
}
static int lock_file (const char *filename, void **state);
static int unlock_file (const char *filename, void *state);
struct score_entry
{
char *score;
char *user_data;
};
#define MAX_SCORES min (PTRDIFF_MAX, SIZE_MAX / sizeof (struct score_entry))
static int read_scores (const char *filename, struct score_entry **scores,
ptrdiff_t *count, ptrdiff_t *alloc);
static int push_score (struct score_entry **scores, ptrdiff_t *count,
ptrdiff_t *size, struct score_entry const *newscore);
static void sort_scores (struct score_entry *scores, ptrdiff_t count,
bool reverse);
static int write_scores (const char *filename, mode_t mode,
const struct score_entry *scores, ptrdiff_t count);
static _Noreturn void
lose (const char *msg)
{
fprintf (stderr, "%s\n", msg);
exit (EXIT_FAILURE);
}
static _Noreturn void
lose_syserr (const char *msg)
{
fprintf (stderr, "%s: %s\n", msg,
errno ? strerror (errno) : "Invalid data in score file");
exit (EXIT_FAILURE);
}
static char *
get_user_id (void)
{
struct passwd *buf = getpwuid (getuid ());
if (!buf || strchr (buf->pw_name, ' ') || strchr (buf->pw_name, '\n'))
{
intmax_t uid = getuid ();
char *name = malloc (sizeof uid * CHAR_BIT / 3 + 4);
if (name)
sprintf (name, "%"PRIdMAX, uid);
return name;
}
return buf->pw_name;
}
static const char *
get_prefix (bool privileged, const char *user_prefix)
{
if (privileged)
{
#ifdef HAVE_SHARED_GAME_DIR
return HAVE_SHARED_GAME_DIR;
#else
lose ("This program was compiled without HAVE_SHARED_GAME_DIR,\n"
"and should not run with elevated privileges.");
#endif
}
if (user_prefix == NULL)
lose ("Not using a shared game directory, and no prefix given.");
return user_prefix;
}
static char *
normalize_integer (char *num)
{
bool neg;
char *p;
while (*num != '\n' && isspace (*num))
num++;
neg = *num == '-';
num += neg || *num == '-';
if (*num == '0')
{
while (*++num == '0')
continue;
neg &= !!*num;
num -= !*num;
}
for (p = num; '0' <= *p && *p <= '9'; p++)
continue;
if (*p || p == num)
{
errno = 0;
return 0;
}
if (neg)
*--num = '-';
return num;
}
int
main (int argc, char **argv)
{
int c;
bool running_suid, running_sgid;
void *lockstate;
char *scorefile;
char *end, *nl, *user, *data;
const char *prefix, *user_prefix = NULL;
struct score_entry *scores;
struct score_entry newscore;
bool reverse = false;
ptrdiff_t scorecount, scorealloc;
ptrdiff_t max_scores = MAX_SCORES;
srand (time (0));
while ((c = getopt (argc, argv, "hrm:d:")) != -1)
switch (c)
{
case 'h':
usage (EXIT_SUCCESS);
break;
case 'd':
user_prefix = optarg;
break;
case 'r':
reverse = 1;
break;
case 'm':
{
intmax_t m = strtoimax (optarg, &end, 10);
if (optarg == end || *end || m < 0)
usage (EXIT_FAILURE);
max_scores = min (m, MAX_SCORES);
}
break;
default:
usage (EXIT_FAILURE);
}
if (argc - optind != 3)
usage (EXIT_FAILURE);
running_suid = (getuid () != geteuid ());
running_sgid = (getgid () != getegid ());
if (running_suid && running_sgid)
lose ("This program can run either suid or sgid, but not both.");
prefix = get_prefix (running_suid || running_sgid, user_prefix);
scorefile = malloc (strlen (prefix) + strlen (argv[optind]) + 2);
if (!scorefile)
lose_syserr ("Couldn't allocate score file");
char *z = stpcpy (scorefile, prefix);
*z++ = '/';
strcpy (z, argv[optind]);
newscore.score = normalize_integer (argv[optind + 1]);
if (! newscore.score)
{
fprintf (stderr, "%s: Invalid score\n", argv[optind + 1]);
return EXIT_FAILURE;
}
user = get_user_id ();
if (! user)
lose_syserr ("Couldn't determine user id");
data = argv[optind + 2];
if (strlen (data) > MAX_DATA_LEN)
data[MAX_DATA_LEN] = '\0';
nl = strchr (data, '\n');
if (nl)
*nl = '\0';
newscore.user_data = malloc (strlen (user) + 1 + strlen (data) + 1);
if (! newscore.user_data
|| sprintf (newscore.user_data, "%s %s", user, data) < 0)
lose_syserr ("Memory exhausted");
if (lock_file (scorefile, &lockstate) < 0)
lose_syserr ("Failed to lock scores file");
if (read_scores (scorefile, &scores, &scorecount, &scorealloc) < 0)
{
unlock_file (scorefile, lockstate);
lose_syserr ("Failed to read scores file");
}
if (push_score (&scores, &scorecount, &scorealloc, &newscore) < 0)
{
unlock_file (scorefile, lockstate);
lose_syserr ("Failed to add score");
}
sort_scores (scores, scorecount, reverse);
/* Limit the number of scores. If we're using reverse sorting, then
also increment the beginning of the array, to skip over the
*smallest* scores. Otherwise, just decrementing the number of
scores suffices, since the smallest is at the end. */
if (scorecount > max_scores)
{
if (reverse)
scores += scorecount - max_scores;
scorecount = max_scores;
}
if (write_scores (scorefile, running_sgid ? 0664 : 0644,
scores, scorecount) < 0)
{
unlock_file (scorefile, lockstate);
lose_syserr ("Failed to write scores file");
}
if (unlock_file (scorefile, lockstate) < 0)
lose_syserr ("Failed to unlock scores file");
exit (EXIT_SUCCESS);
}
static char *
read_score (char *p, struct score_entry *score)
{
score->score = p;
p = strchr (p, ' ');
if (!p)
return p;
*p++ = 0;
score->user_data = p;
p = strchr (p, '\n');
if (!p)
return p;
*p++ = 0;
return p;
}
static int
read_scores (const char *filename, struct score_entry **scores,
ptrdiff_t *count, ptrdiff_t *alloc)
{
char *p, *filedata;
ptrdiff_t filesize, nread;
struct stat st;
FILE *f = fopen (filename, "r");
if (!f)
return -1;
if (fstat (fileno (f), &st) != 0)
return -1;
if (! (0 <= st.st_size && st.st_size < min (PTRDIFF_MAX, SIZE_MAX)))
{
errno = EOVERFLOW;
return -1;
}
filesize = st.st_size;
filedata = malloc (filesize + 1);
if (! filedata)
return -1;
nread = fread (filedata, 1, filesize + 1, f);
if (filesize < nread)
{
errno = 0;
return -1;
}
if (nread < filesize)
filesize = nread;
if (ferror (f) || fclose (f) != 0)
return -1;
filedata[filesize] = 0;
if (strlen (filedata) != filesize)
{
errno = 0;
return -1;
}
*scores = 0;
*count = *alloc = 0;
for (p = filedata; p < filedata + filesize; )
{
struct score_entry entry;
p = read_score (p, &entry);
if (!p)
{
errno = 0;
return -1;
}
if (push_score (scores, count, alloc, &entry) < 0)
return -1;
}
return 0;
}
static int
score_compare (const void *a, const void *b)
{
const struct score_entry *sa = (const struct score_entry *) a;
const struct score_entry *sb = (const struct score_entry *) b;
char *sca = sa->score;
char *scb = sb->score;
size_t lena, lenb;
bool nega = *sca == '-';
bool negb = *scb == '-';
int diff = nega - negb;
if (diff)
return diff;
if (nega)
{
char *tmp = sca;
sca = scb + 1;
scb = tmp + 1;
}
lena = strlen (sca);
lenb = strlen (scb);
if (lena != lenb)
return lenb < lena ? -1 : 1;
return strcmp (scb, sca);
}
static int
score_compare_reverse (const void *a, const void *b)
{
return score_compare (b, a);
}
int
push_score (struct score_entry **scores, ptrdiff_t *count, ptrdiff_t *size,
struct score_entry const *newscore)
{
struct score_entry *newscores = *scores;
if (*count == *size)
{
ptrdiff_t newsize = *size;
if (newsize <= 0)
newsize = 1;
else if (newsize <= MAX_SCORES / 2)
newsize *= 2;
else if (newsize < MAX_SCORES)
newsize = MAX_SCORES;
else
{
errno = ENOMEM;
return -1;
}
newscores = realloc (newscores, sizeof *newscores * newsize);
if (!newscores)
return -1;
*scores = newscores;
*size = newsize;
}
newscores[*count] = *newscore;
(*count) += 1;
return 0;
}
static void
sort_scores (struct score_entry *scores, ptrdiff_t count, bool reverse)
{
qsort (scores, count, sizeof *scores,
reverse ? score_compare_reverse : score_compare);
}
static int
write_scores (const char *filename, mode_t mode,
const struct score_entry *scores, ptrdiff_t count)
{
int fd;
FILE *f;
ptrdiff_t i;
char *tempfile = malloc (strlen (filename) + strlen (".tempXXXXXX") + 1);
if (!tempfile)
return -1;
strcpy (stpcpy (tempfile, filename), ".tempXXXXXX");
fd = mkostemp (tempfile, 0);
if (fd < 0)
return -1;
#ifndef DOS_NT
if (fchmod (fd, mode) != 0)
return -1;
#endif
f = fdopen (fd, "w");
if (! f)
return -1;
for (i = 0; i < count; i++)
if (fprintf (f, "%s %s\n", scores[i].score, scores[i].user_data) < 0)
return -1;
if (fclose (f) != 0)
return -1;
if (rename (tempfile, filename) != 0)
return -1;
return 0;
}
static int
lock_file (const char *filename, void **state)
{
int fd;
struct stat buf;
int attempts = 0;
const char *lockext = ".lockfile";
char *lockpath = malloc (strlen (filename) + strlen (lockext) + 60);
if (!lockpath)
return -1;
strcpy (stpcpy (lockpath, filename), lockext);
*state = lockpath;
while ((fd = open (lockpath, O_CREAT | O_EXCL, 0600)) < 0)
{
if (errno != EEXIST)
return -1;
attempts++;
/* Break the lock if it is over an hour old, or if we've tried
more than MAX_ATTEMPTS times. We won't corrupt the file, but
we might lose some scores. */
if (MAX_ATTEMPTS < attempts
|| (stat (lockpath, &buf) == 0 && 60 * 60 < time (0) - buf.st_ctime))
{
if (unlink (lockpath) != 0 && errno != ENOENT)
return -1;
attempts = 0;
}
sleep ((rand () & 1) + 1);
}
close (fd);
return 0;
}
static int
unlock_file (const char *filename, void *state)
{
char *lockpath = (char *) state;
int saved_errno = errno;
int ret = unlink (lockpath);
int unlink_errno = errno;
free (lockpath);
errno = ret < 0 ? unlink_errno : saved_errno;
return ret;
}
/* update-game-score.c ends here */