-/* Copyright (C) 1998 Free Software Foundation, Inc.
+/* Copyright (C) 1998-2014 Free Software Foundation, Inc.
This file is part of the GNU C Library.
Contributed by Zack Weinberg <zack@rabi.phys.columbia.edu>, 1998.
The GNU C Library is free software; you can redistribute it and/or
- modify it under the terms of the GNU Library General Public License as
- published by the Free Software Foundation; either version 2 of the
- License, or (at your option) any later version.
+ modify it under the terms of the GNU Lesser General Public
+ License as published by the Free Software Foundation; either
+ version 2.1 of the License, or (at your option) any later version.
The GNU C Library is distributed in the hope that it will be useful,
but WITHOUT ANY WARRANTY; without even the implied warranty of
MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU
- Library General Public License for more details.
+ Lesser General Public License for more details.
- You should have received a copy of the GNU Library General Public
- License along with the GNU C Library; see the file COPYING.LIB. If not,
- write to the Free Software Foundation, Inc., 59 Temple Place - Suite 330,
- Boston, MA 02111-1307, USA. */
+ You should have received a copy of the GNU Lesser General Public
+ License along with the GNU C Library; if not, see
+ <http://www.gnu.org/licenses/>. */
+#include <assert.h>
#include <errno.h>
+#include <fcntl.h>
+#include <grp.h>
+#include <limits.h>
#include <stdlib.h>
-#include <unistd.h>
+#include <string.h>
#include <sys/resource.h>
#include <sys/stat.h>
#include <sys/types.h>
#include <sys/wait.h>
+#include <unistd.h>
-#include <assert.h>
+#include "pty-private.h"
+
+
+/* Return the result of ptsname_r in the buffer pointed to by PTS,
+ which should be of length BUF_LEN. If it is too long to fit in
+ this buffer, a sufficiently long buffer is allocated using malloc,
+ and returned in PTS. 0 is returned upon success, -1 otherwise. */
+static int
+pts_name (int fd, char **pts, size_t buf_len, struct stat64 *stp)
+{
+ int rv;
+ char *buf = *pts;
+
+ for (;;)
+ {
+ char *new_buf;
+
+ if (buf_len)
+ {
+ rv = __ptsname_internal (fd, buf, buf_len, stp);
+ if (rv != 0)
+ {
+ if (rv == ENOTTY)
+ /* ptsname_r returns with ENOTTY to indicate
+ a descriptor not referring to a pty master.
+ For this condition, grantpt must return EINVAL. */
+ rv = EINVAL;
+ errno = rv; /* Not necessarily set by __ptsname_r. */
+ break;
+ }
+
+ if (memchr (buf, '\0', buf_len))
+ /* We succeeded and the returned name fit in the buffer. */
+ break;
-#include "pty-internal.h"
+ /* Try again with a longer buffer. */
+ buf_len += buf_len; /* Double it */
+ }
+ else
+ /* No initial buffer; start out by mallocing one. */
+ buf_len = 128; /* First time guess. */
+
+ if (buf != *pts)
+ /* We've already malloced another buffer at least once. */
+ new_buf = (char *) realloc (buf, buf_len);
+ else
+ new_buf = (char *) malloc (buf_len);
+ if (! new_buf)
+ {
+ rv = -1;
+ __set_errno (ENOMEM);
+ break;
+ }
+ buf = new_buf;
+ }
-/* Given a fd on a master pseudoterminal, chown the file associated
- with the slave to the calling process, and set its group and
- mode appropriately. Note that this is an unprivileged operation. */
+ if (rv == 0)
+ *pts = buf; /* Return buffer to the user. */
+ else if (buf != *pts)
+ free (buf); /* Free what we malloced when returning an error. */
-/* This "generic Unix" implementation works because we provide the program
- /usr/libexec/pt_chown, and it only depends on ptsname() working. */
-static const char helper[] = LIBEXECDIR "/pt_chown";
-static const char *argv[] = { "pt_chown", NULL };
+ return rv;
+}
+/* Change the ownership and access permission of the slave pseudo
+ terminal associated with the master pseudo terminal specified
+ by FD. */
int
-grantpt (fd)
- int fd;
+grantpt (int fd)
{
- struct stat st;
- int w, pid;
- char namebuf[PTYNAMELEN];
+ int retval = -1;
+#ifdef PATH_MAX
+ char _buf[PATH_MAX];
+#else
+ char _buf[512];
+#endif
+ char *buf = _buf;
+ struct stat64 st;
+
+ if (__glibc_unlikely (pts_name (fd, &buf, sizeof (_buf), &st)))
+ {
+ int save_errno = errno;
+
+ /* Check, if the file descriptor is valid. pts_name returns the
+ wrong errno number, so we cannot use that. */
+ if (__libc_fcntl (fd, F_GETFD) == -1 && errno == EBADF)
+ return -1;
+
+ /* If the filedescriptor is no TTY, grantpt has to set errno
+ to EINVAL. */
+ if (save_errno == ENOTTY)
+ __set_errno (EINVAL);
+ else
+ __set_errno (save_errno);
- /* Some systems do it for us. */
- if (ptsname_r (fd, namebuf, PTYNAMELEN) == NULL)
- return -1;
- if (stat (namebuf, &st))
- return -1;
+ return -1;
+ }
+
+ /* Make sure that we own the device. */
+ uid_t uid = __getuid ();
+ if (st.st_uid != uid)
+ {
+ if (__chown (buf, uid, st.st_gid) < 0)
+ goto helper;
+ }
+
+ static int tty_gid = -1;
+ if (__glibc_unlikely (tty_gid == -1))
+ {
+ char *grtmpbuf;
+ struct group grbuf;
+ size_t grbuflen = __sysconf (_SC_GETGR_R_SIZE_MAX);
+ struct group *p;
+
+ /* Get the group ID of the special `tty' group. */
+ if (grbuflen == (size_t) -1L)
+ /* `sysconf' does not support _SC_GETGR_R_SIZE_MAX.
+ Try a moderate value. */
+ grbuflen = 1024;
+ grtmpbuf = (char *) __alloca (grbuflen);
+ __getgrnam_r (TTY_GROUP, &grbuf, grtmpbuf, grbuflen, &p);
+ if (p != NULL)
+ tty_gid = p->gr_gid;
+ }
+ gid_t gid = tty_gid == -1 ? __getgid () : tty_gid;
+
+ /* Make sure the group of the device is that special group. */
+ if (st.st_gid != gid)
+ {
+ if (__chown (buf, uid, gid) < 0)
+ goto helper;
+ }
+
+ /* Make sure the permission mode is set to readable and writable by
+ the owner, and writable by the group. */
+ if ((st.st_mode & ACCESSPERMS) != (S_IRUSR|S_IWUSR|S_IWGRP))
+ {
+ if (__chmod (buf, S_IRUSR|S_IWUSR|S_IWGRP) < 0)
+ goto helper;
+ }
- if (st.st_uid == getuid ())
- return 0;
+ retval = 0;
+ goto cleanup;
- /* We have to do it in user space. */
+ /* We have to use the helper program if it is available. */
+ helper:;
- pid = fork ();
+#ifdef HAVE_PT_CHOWN
+ pid_t pid = __fork ();
if (pid == -1)
- return -1;
+ goto cleanup;
else if (pid == 0)
{
- /* Disable core dumps in the child. */
- struct rlimit off = { 0, 0 };
- setrlimit (RLIMIT_CORE, &off);
+ /* Disable core dumps. */
+ struct rlimit rl = { 0, 0 };
+ __setrlimit (RLIMIT_CORE, &rl);
- /* The helper does its thing on fd PTY_FD. */
- if (fd != PTY_FD)
- if (dup2 (fd, PTY_FD) == -1)
+ /* We pass the master pseudo terminal as file descriptor PTY_FILENO. */
+ if (fd != PTY_FILENO)
+ if (__dup2 (fd, PTY_FILENO) < 0)
_exit (FAIL_EBADF);
- execve (helper, (char *const *) argv, 0);
+# ifdef CLOSE_ALL_FDS
+ CLOSE_ALL_FDS ();
+# endif
+
+ execle (_PATH_PT_CHOWN, basename (_PATH_PT_CHOWN), NULL, NULL);
_exit (FAIL_EXEC);
}
else
{
- if (waitpid (pid, &w, 0) == -1)
- return -1;
+ int w;
+
+ if (__waitpid (pid, &w, 0) == -1)
+ goto cleanup;
if (!WIFEXITED (w))
- {
- __set_errno (ENOEXEC);
- return -1;
- }
+ __set_errno (ENOEXEC);
else
- switch (WEXITSTATUS(w))
+ switch (WEXITSTATUS (w))
{
case 0:
+ retval = 0;
break;
case FAIL_EBADF:
__set_errno (EBADF);
- return -1;
+ break;
case FAIL_EINVAL:
__set_errno (EINVAL);
- return -1;
+ break;
case FAIL_EACCES:
__set_errno (EACCES);
- return -1;
+ break;
case FAIL_EXEC:
__set_errno (ENOEXEC);
- return -1;
+ break;
+ case FAIL_ENOMEM:
+ __set_errno (ENOMEM);
+ break;
default:
assert(! "getpt: internal error: invalid exit code from pt_chown");
}
}
+#endif
+
+ cleanup:
+ if (buf != _buf)
+ free (buf);
- /* Success. */
- return 0;
+ return retval;
}