CVE-2013-4476: lib-util: add file_check_permissions()

Bug: https://bugzilla.samba.org/show_bug.cgi?id=10234

Signed-off-by: Björn Baumbach <bb@sernet.de>
Reviewed-by: Stefan Metzmacher <metze@samba.org>

lib/util/samba_util.h

@@ -622,6 +622,15 @@ _PUBLIC_ time_t file_modtime(const char *fname);
 **/
 _PUBLIC_ bool directory_exist(const char *dname);
 
+/**
+ Check file permissions.
+**/
+struct stat;
+_PUBLIC_ bool file_check_permissions(const char *fname,
+				     uid_t uid,
+				     mode_t file_perms,
+				     struct stat *pst);
+
 /**
  * Try to create the specified directory if it didn't exist.
  *

lib/util/util.c

@@ -121,6 +121,50 @@ _PUBLIC_ time_t file_modtime(const char *fname)
 	return(st.st_mtime);
 }
 
+/**
+ Check file permissions.
+**/
+
+_PUBLIC_ bool file_check_permissions(const char *fname,
+				     uid_t uid,
+				     mode_t file_perms,
+				     struct stat *pst)
+{
+	int ret;
+	struct stat st;
+
+	if (pst == NULL) {
+		pst = &st;
+	}
+
+	ZERO_STRUCTP(pst);
+
+	ret = stat(fname, pst);
+	if (ret != 0) {
+		DEBUG(0, ("stat failed on file '%s': %s\n",
+			 fname, strerror(errno)));
+		return false;
+	}
+
+	if (pst->st_uid != uid && !uwrap_enabled()) {
+		DEBUG(0, ("invalid ownership of file '%s': "
+			 "owned by uid %u, should be %u\n",
+			 fname, (unsigned int)pst->st_uid,
+			 (unsigned int)uid));
+		return false;
+	}
+
+	if ((pst->st_mode & 0777) != file_perms) {
+		DEBUG(0, ("invalid permissions on file "
+			 "'%s': has 0%o should be 0%o\n", fname,
+			 (unsigned int)(pst->st_mode & 0777),
+			 (unsigned int)file_perms));
+		return false;
+	}
+
+	return true;
+}
+
 /**
  Check if a directory exists.
 **/