Commit 0e9ba92d authored by Darin Adler's avatar Darin Adler
Browse files

Made the permission check match the Unix access model. Maciej points out

	* libnautilus-extensions/nautilus-file.c:
	(nautilus_file_denies_access_permission),
	(nautilus_file_can_set_permissions): Made the permission check
	match the Unix access model. Maciej points out that this is
	still not good enough, and Pavel points out that bug 458 is
	about just this problem.

	* libnautilus-extensions/nautilus-gnome-extensions.c:
	(turn_on_line_wrap_flag): Got rid of a bad g_free that was
	trashing memory when locating the label for line wrapping.

	* src/ntl-app.c: (display_caveat): Used line wrapping, now that
	I know wrapping wasn't the cause of the bug before.
parent 8cbb5d30
2000-05-25 Darin Adler <darin@eazel.com>
* libnautilus-extensions/nautilus-file.c:
(nautilus_file_denies_access_permission),
(nautilus_file_can_set_permissions): Made the permission check
match the Unix access model. Maciej points out that this is
still not good enough, and Pavel points out that bug 458 is
about just this problem.
* libnautilus-extensions/nautilus-gnome-extensions.c:
(turn_on_line_wrap_flag): Got rid of a bad g_free that was
trashing memory when locating the label for line wrapping.
* src/ntl-app.c: (display_caveat): Used line wrapping, now that
I know wrapping wasn't the cause of the bug before.
2000-05-25 Ramiro Estrugo <ramiro@eazel.com>
Cleanup cut-n-paste code for dealing the sidebar panels.
......
......@@ -317,6 +317,9 @@ nautilus_file_denies_access_permission (NautilusFile *file,
GnomeVFSFilePermissions group_permission,
GnomeVFSFilePermissions other_permission)
{
uid_t user_id;
struct passwd *password_info;
g_assert (NAUTILUS_IS_FILE (file));
/* Once the file is gone, you can't do much of anything. */
......@@ -324,40 +327,46 @@ nautilus_file_denies_access_permission (NautilusFile *file,
return TRUE;
}
if (!nautilus_file_can_get_permissions (file)) {
/*
* File's permissions field is not valid.
* Can't access specific permissions, so return FALSE.
/* File system does not provide permission bits.
* Can't determine specific permissions, so return FALSE.
*/
if (!nautilus_file_can_get_permissions (file)) {
return FALSE;
}
/* Check whether anyone at all has permission. */
if (file->details->info->permissions & other_permission) {
return FALSE;
/* Check the user. */
user_id = geteuid ();
/* Root can do anything. */
if (user_id == 0) {
return TRUE;
}
/* Check whether user's ID matches file's. */
/* File owner's access is governed by the owner bits. */
/* FIXME bugzilla.eazel.com 644:
* Can we trust the uid in the file info? Might
* there be garbage there? What will it do for non-local files?
*/
if ((file->details->info->permissions & owner_permission)
&& getuid() == file->details->info->uid) {
return FALSE;
if (user_id == file->details->info->uid) {
return (file->details->info->permissions & owner_permission) != 0;
}
/* Check whether user's group ID matches file's. */
/* No need to free result of getpwuid. */
password_info = getpwuid (user_id);
/* Group member's access is governed by the group bits. */
/* FIXME bugzilla.eazel.com 644:
* Can we trust the gid in the file info? Might
* there be garbage there? What will it do for non-local files?
*/
if ((file->details->info->permissions & group_permission)
&& getpwuid (getuid())->pw_gid == file->details->info->gid) {
if (password_info != NULL
&& password_info->pw_gid == file->details->info->gid) {
(file->details->info->permissions & group_permission)
return FALSE;
}
return TRUE;
/* Other users' access is governed by the other bits. */
return (file->details->info->permissions & other_permission) != 0;
}
/**
......@@ -377,7 +386,8 @@ nautilus_file_can_read (NautilusFile *file)
{
g_return_val_if_fail (NAUTILUS_IS_FILE (file), FALSE);
return !nautilus_file_denies_access_permission (file,
return !nautilus_file_denies_access_permission
(file,
GNOME_VFS_PERM_USER_READ,
GNOME_VFS_PERM_GROUP_READ,
GNOME_VFS_PERM_OTHER_READ);
......@@ -400,7 +410,8 @@ nautilus_file_can_write (NautilusFile *file)
{
g_return_val_if_fail (NAUTILUS_IS_FILE (file), FALSE);
return !nautilus_file_denies_access_permission (file,
return !nautilus_file_denies_access_permission
(file,
GNOME_VFS_PERM_USER_WRITE,
GNOME_VFS_PERM_GROUP_WRITE,
GNOME_VFS_PERM_OTHER_WRITE);
......@@ -423,7 +434,8 @@ nautilus_file_can_execute (NautilusFile *file)
{
g_return_val_if_fail (NAUTILUS_IS_FILE (file), FALSE);
return !nautilus_file_denies_access_permission (file,
return !nautilus_file_denies_access_permission
(file,
GNOME_VFS_PERM_USER_EXEC,
GNOME_VFS_PERM_GROUP_EXEC,
GNOME_VFS_PERM_OTHER_EXEC);
......@@ -1342,11 +1354,14 @@ nautilus_file_can_get_permissions (NautilusFile *file)
* @file: The file in question.
*
* Return value: TRUE if the current user can change the
* permissions of @file, FALSE otherwise.
* permissions of @file, FALSE otherwise. It's always possible
* that when you actually try to do it, you will fail.
*/
gboolean
nautilus_file_can_set_permissions (NautilusFile *file)
{
uid_t user_id;
/* Not allowed to set the permissions if we can't
* even read them. This can happen on non-UNIX file
* systems.
......@@ -1355,19 +1370,20 @@ nautilus_file_can_set_permissions (NautilusFile *file)
return FALSE;
}
user_id = geteuid();
/* Owner is allowed to set permissions. */
if (getuid() == file->details->info->uid) {
if (user_id == file->details->info->uid) {
return TRUE;
}
/* Root is also allowed to set permissions. */
if (getuid() == 0) {
if (user_id == 0) {
return TRUE;
}
/* Nobody else is allowed. */
return FALSE;
}
GnomeVFSFilePermissions
......
......@@ -265,7 +265,6 @@ turn_on_line_wrap_flag (GtkWidget *widget, const char *message)
if (strcmp (text, message) == 0) {
gtk_label_set_line_wrap (GTK_LABEL (widget), TRUE);
}
g_free (text);
}
/* Recurse for children. */
......
......@@ -317,6 +317,9 @@ nautilus_file_denies_access_permission (NautilusFile *file,
GnomeVFSFilePermissions group_permission,
GnomeVFSFilePermissions other_permission)
{
uid_t user_id;
struct passwd *password_info;
g_assert (NAUTILUS_IS_FILE (file));
/* Once the file is gone, you can't do much of anything. */
......@@ -324,40 +327,46 @@ nautilus_file_denies_access_permission (NautilusFile *file,
return TRUE;
}
if (!nautilus_file_can_get_permissions (file)) {
/*
* File's permissions field is not valid.
* Can't access specific permissions, so return FALSE.
/* File system does not provide permission bits.
* Can't determine specific permissions, so return FALSE.
*/
if (!nautilus_file_can_get_permissions (file)) {
return FALSE;
}
/* Check whether anyone at all has permission. */
if (file->details->info->permissions & other_permission) {
return FALSE;
/* Check the user. */
user_id = geteuid ();
/* Root can do anything. */
if (user_id == 0) {
return TRUE;
}
/* Check whether user's ID matches file's. */
/* File owner's access is governed by the owner bits. */
/* FIXME bugzilla.eazel.com 644:
* Can we trust the uid in the file info? Might
* there be garbage there? What will it do for non-local files?
*/
if ((file->details->info->permissions & owner_permission)
&& getuid() == file->details->info->uid) {
return FALSE;
if (user_id == file->details->info->uid) {
return (file->details->info->permissions & owner_permission) != 0;
}
/* Check whether user's group ID matches file's. */
/* No need to free result of getpwuid. */
password_info = getpwuid (user_id);
/* Group member's access is governed by the group bits. */
/* FIXME bugzilla.eazel.com 644:
* Can we trust the gid in the file info? Might
* there be garbage there? What will it do for non-local files?
*/
if ((file->details->info->permissions & group_permission)
&& getpwuid (getuid())->pw_gid == file->details->info->gid) {
if (password_info != NULL
&& password_info->pw_gid == file->details->info->gid) {
(file->details->info->permissions & group_permission)
return FALSE;
}
return TRUE;
/* Other users' access is governed by the other bits. */
return (file->details->info->permissions & other_permission) != 0;
}
/**
......@@ -377,7 +386,8 @@ nautilus_file_can_read (NautilusFile *file)
{
g_return_val_if_fail (NAUTILUS_IS_FILE (file), FALSE);
return !nautilus_file_denies_access_permission (file,
return !nautilus_file_denies_access_permission
(file,
GNOME_VFS_PERM_USER_READ,
GNOME_VFS_PERM_GROUP_READ,
GNOME_VFS_PERM_OTHER_READ);
......@@ -400,7 +410,8 @@ nautilus_file_can_write (NautilusFile *file)
{
g_return_val_if_fail (NAUTILUS_IS_FILE (file), FALSE);
return !nautilus_file_denies_access_permission (file,
return !nautilus_file_denies_access_permission
(file,
GNOME_VFS_PERM_USER_WRITE,
GNOME_VFS_PERM_GROUP_WRITE,
GNOME_VFS_PERM_OTHER_WRITE);
......@@ -423,7 +434,8 @@ nautilus_file_can_execute (NautilusFile *file)
{
g_return_val_if_fail (NAUTILUS_IS_FILE (file), FALSE);
return !nautilus_file_denies_access_permission (file,
return !nautilus_file_denies_access_permission
(file,
GNOME_VFS_PERM_USER_EXEC,
GNOME_VFS_PERM_GROUP_EXEC,
GNOME_VFS_PERM_OTHER_EXEC);
......@@ -1342,11 +1354,14 @@ nautilus_file_can_get_permissions (NautilusFile *file)
* @file: The file in question.
*
* Return value: TRUE if the current user can change the
* permissions of @file, FALSE otherwise.
* permissions of @file, FALSE otherwise. It's always possible
* that when you actually try to do it, you will fail.
*/
gboolean
nautilus_file_can_set_permissions (NautilusFile *file)
{
uid_t user_id;
/* Not allowed to set the permissions if we can't
* even read them. This can happen on non-UNIX file
* systems.
......@@ -1355,19 +1370,20 @@ nautilus_file_can_set_permissions (NautilusFile *file)
return FALSE;
}
user_id = geteuid();
/* Owner is allowed to set permissions. */
if (getuid() == file->details->info->uid) {
if (user_id == file->details->info->uid) {
return TRUE;
}
/* Root is also allowed to set permissions. */
if (getuid() == 0) {
if (user_id == 0) {
return TRUE;
}
/* Nobody else is allowed. */
return FALSE;
}
GnomeVFSFilePermissions
......
......@@ -265,7 +265,6 @@ turn_on_line_wrap_flag (GtkWidget *widget, const char *message)
if (strcmp (text, message) == 0) {
gtk_label_set_line_wrap (GTK_LABEL (widget), TRUE);
}
g_free (text);
}
/* Recurse for children. */
......
......@@ -298,27 +298,26 @@ display_caveat (GtkWindow *parent_window)
gtk_frame_set_shadow_type (GTK_FRAME (frame), GTK_SHADOW_IN);
gtk_box_pack_start (GTK_BOX (hbox), frame, FALSE, FALSE, 0);
file_name = gnome_pixmap_file ("nautilus/About_Image.png");
pixmap = gnome_pixmap_new_from_file (file_name);
g_free (file_name);
gtk_widget_show (pixmap);
gtk_container_add (GTK_CONTAINER (frame), pixmap);
text = gtk_label_new (
_("The Nautilus shell is under development; it's not"
"\nready for daily use. Many features, including some"
"\nof the best ones, are not yet done, partly done, or"
"\nunstable. The program doesn't look or act the way"
"\nit will in version 1.0."
"\n"
"\nIf you do decide to test this version of Nautilus,"
"\nbeware. The program could do something"
"\nunpredictable and may even delete or overwrite"
"\nfiles on your computer."
"\n"
"\nFor more information, visit http://nautilus.eazel.com."));
gtk_label_set_justify (GTK_LABEL (text), GTK_JUSTIFY_LEFT);
text = gtk_label_new
(_("The Nautilus shell is under development; it's not "
"ready for daily use. Many features, including some "
"of the best ones, are not yet done, partly done, or "
"unstable. The program doesn't look or act the way "
"it will in version 1.0."
"\n\n"
"If you do decide to test this version of Nautilus, "
"beware. The program could do something "
"unpredictable and may even delete or overwrite"
"files on your computer."
"\n\n"
"For more information, visit http://nautilus.eazel.com."));
gtk_label_set_line_wrap (GTK_LABEL (text), TRUE);
gtk_widget_show (text);
gtk_box_pack_start (GTK_BOX (hbox), text, FALSE, FALSE, 0);
......@@ -327,6 +326,8 @@ display_caveat (GtkWindow *parent_window)
gnome_dialog_set_parent (GNOME_DIALOG (dialog), parent_window);
gtk_widget_show (GTK_WIDGET (dialog));
nautilus_warning_dialog ("This is a long test of the very long dialog which is longer than you can believe I say.");
}
void
......
......@@ -298,27 +298,26 @@ display_caveat (GtkWindow *parent_window)
gtk_frame_set_shadow_type (GTK_FRAME (frame), GTK_SHADOW_IN);
gtk_box_pack_start (GTK_BOX (hbox), frame, FALSE, FALSE, 0);
file_name = gnome_pixmap_file ("nautilus/About_Image.png");
pixmap = gnome_pixmap_new_from_file (file_name);
g_free (file_name);
gtk_widget_show (pixmap);
gtk_container_add (GTK_CONTAINER (frame), pixmap);
text = gtk_label_new (
_("The Nautilus shell is under development; it's not"
"\nready for daily use. Many features, including some"
"\nof the best ones, are not yet done, partly done, or"
"\nunstable. The program doesn't look or act the way"
"\nit will in version 1.0."
"\n"
"\nIf you do decide to test this version of Nautilus,"
"\nbeware. The program could do something"
"\nunpredictable and may even delete or overwrite"
"\nfiles on your computer."
"\n"
"\nFor more information, visit http://nautilus.eazel.com."));
gtk_label_set_justify (GTK_LABEL (text), GTK_JUSTIFY_LEFT);
text = gtk_label_new
(_("The Nautilus shell is under development; it's not "
"ready for daily use. Many features, including some "
"of the best ones, are not yet done, partly done, or "
"unstable. The program doesn't look or act the way "
"it will in version 1.0."
"\n\n"
"If you do decide to test this version of Nautilus, "
"beware. The program could do something "
"unpredictable and may even delete or overwrite"
"files on your computer."
"\n\n"
"For more information, visit http://nautilus.eazel.com."));
gtk_label_set_line_wrap (GTK_LABEL (text), TRUE);
gtk_widget_show (text);
gtk_box_pack_start (GTK_BOX (hbox), text, FALSE, FALSE, 0);
......@@ -327,6 +326,8 @@ display_caveat (GtkWindow *parent_window)
gnome_dialog_set_parent (GNOME_DIALOG (dialog), parent_window);
gtk_widget_show (GTK_WIDGET (dialog));
nautilus_warning_dialog ("This is a long test of the very long dialog which is longer than you can believe I say.");
}
void
......
Markdown is supported
0% or .
You are about to add 0 people to the discussion. Proceed with caution.
Finish editing this message first!
Please register or to comment