ruby-core

So I'm documenting all the new stuff in 1.8, happily adding all the new 
methods by reverse engineering the interpreter, and then suddenly my 
world comes to a total standstill. The blood has left my face. My limbs 
are quivering. My bowels... well, never mind.

The reason? p_uid_change_privilege (copied below for your reading 
pleasure).  I don't think I've ever seen this many 'if' statements 
grouped together before :)

So, could someone do me a big, big favor? Could you point me to a simple 
description of all this real/effective/saved user/group id stuff so I 
can document these classes without going mad. My copy of Stevens doesn't 
cover this stuff.



Thanks


Dave



static VALUE
p_uid_change_privilege(obj, id)
    VALUE obj, id;
{
    extern int errno;
    int uid;

    uid = NUM2INT(id);

    if (geteuid() == 0) { /* root-user */
#if defined(HAVE_SETRESUID)
    if (setresuid(uid, uid, uid) < 0) rb_sys_fail(0);
    SAVED_USER_ID = uid;
#elif defined(HAVE_SETUID)
    if (setuid(uid) < 0) rb_sys_fail(0);
    SAVED_USER_ID = uid;
#elif defined(HAVE_SETREUID) && !defined(OBSOLETE_SETREUID)
    if (getuid() == uid) {
        if (SAVED_USER_ID == uid) {
        if (setreuid(-1, uid) < 0) rb_sys_fail(0);
        } else {
        if (uid == 0) { /* (r,e,s) == (root, root, x) */
            if (setreuid(-1, SAVED_USER_ID) < 0) rb_sys_fail(0);
            if (setreuid(SAVED_USER_ID, 0) < 0) rb_sys_fail(0);
            SAVED_USER_ID = 0; /* (r,e,s) == (x, root, root) */
            if (setreuid(uid, uid) < 0) rb_sys_fail(0);
            SAVED_USER_ID = uid;
        } else {
            if (setreuid(0, -1) < 0) rb_sys_fail(0);
            SAVED_USER_ID = 0;
            if (setreuid(uid, uid) < 0) rb_sys_fail(0);
            SAVED_USER_ID = uid;
        }
        }
    } else {
        if (setreuid(uid, uid) < 0) rb_sys_fail(0);
        SAVED_USER_ID = uid;
    }
#elif defined(HAVE_SETRUID) && defined(HAVE_SETEUID)
    if (getuid() == uid) {
        if (SAVED_USER_ID == uid) {
        if (seteuid(uid) < 0) rb_sys_fail(0);
        } else {
        if (uid == 0) {
            if (setruid(SAVED_USER_ID) < 0) rb_sys_fail(0);
            SAVED_USER_ID = 0;
            if (setruid(0) < 0) rb_sys_fail(0);
        } else {
            if (setruid(0) < 0) rb_sys_fail(0);
            SAVED_USER_ID = 0;
            if (seteuid(uid) < 0) rb_sys_fail(0);
            if (setruid(uid) < 0) rb_sys_fail(0);
            SAVED_USER_ID = uid;
        }
        }
    } else {
        if (seteuid(uid) < 0) rb_sys_fail(0);
        if (setruid(uid) < 0) rb_sys_fail(0);
        SAVED_USER_ID = uid;
    }
#else
    rb_notimplement();
#endif
    } else { /* unprivileged user */
#if defined(HAVE_SETRESUID)
    if (setresuid((getuid() == uid)? -1: uid,
              (geteuid() == uid)? -1: uid,
              (SAVED_USER_ID == uid)? -1: uid) < 0) rb_sys_fail(0);
    SAVED_USER_ID = uid;
#elif defined(HAVE_SETREUID) && !defined(OBSOLETE_SETREUID)
    if (SAVED_USER_ID == uid) {
        if (setreuid((getuid() == uid)? -1: uid,
             (geteuid() == uid)? -1: uid) < 0) rb_sys_fail(0);
    } else if (getuid() != uid) {
        if (setreuid(uid, (geteuid() == uid)? -1: uid) < 0) rb_sys_fail(0);
        SAVED_USER_ID = uid;
    } else if (/* getuid() == uid && */ geteuid() != uid) {
        if (setreuid(geteuid(), uid) < 0) rb_sys_fail(0);
        SAVED_USER_ID = uid;
        if (setreuid(uid, -1) < 0) rb_sys_fail(0);
    } else { /* getuid() == uid && geteuid() == uid */
        if (setreuid(-1, SAVED_USER_ID) < 0) rb_sys_fail(0);
        if (setreuid(SAVED_USER_ID, uid) < 0) rb_sys_fail(0);
        SAVED_USER_ID = uid;
        if (setreuid(uid, -1) < 0) rb_sys_fail(0);
    }
#elif defined(HAVE_SETRUID) && defined(HAVE_SETEUID)
    if (SAVED_USER_ID == uid) {
        if (geteuid() != uid && seteuid(uid) < 0) rb_sys_fail(0);
        if (getuid() != uid && setruid(uid) < 0) rb_sys_fail(0);
    } else if (/* SAVED_USER_ID != uid && */ geteuid() == uid) {
        if (getuid() != uid) {
        if (setruid(uid) < 0) rb_sys_fail(0);
        SAVED_USER_ID = uid;
        } else {
        if (setruid(SAVED_USER_ID) < 0) rb_sys_fail(0);
        SAVED_USER_ID = uid;
        if (setruid(uid) < 0) rb_sys_fail(0);
        }
    } else if (/* geteuid() != uid && */ getuid() == uid) {
        if (seteuid(uid) < 0) rb_sys_fail(0);
        if (setruid(SAVED_USER_ID) < 0) rb_sys_fail(0);
        SAVED_USER_ID = uid;
        if (setruid(uid) < 0) rb_sys_fail(0);
    } else {
        errno = EPERM;
        rb_sys_fail(0);
    }
#elif defined HAVE_44BSD_SETUID
    if (getuid() == uid) {
        /* (r,e,s)==(uid,?,?) ==> (uid,uid,uid) */
        if (setuid(uid) < 0) rb_sys_fail(0);
        SAVED_USER_ID = uid;
    } else {
        errno = EPERM;
        rb_sys_fail(0);
    }
#elif defined HAVE_SETEUID
    if (getuid() == uid && SAVED_USER_ID == uid) {
        if (seteuid(uid) < 0) rb_sys_fail(0);
    } else {
        errno = EPERM;
        rb_sys_fail(0);
    }
#elif defined HAVE_SETUID
    if (getuid() == uid && SAVED_USER_ID == uid) {
        if (setuid(uid) < 0) rb_sys_fail(0);
    } else {
        errno = EPERM;
        rb_sys_fail(0);
    }
#else
    rb_notimplement();
#endif
    }
    return INT2FIX(uid);
}

Thread

Prev Next

In This Thread

Prev Next