From e910005b1a337093109af29c7bf21b32c343ab56 Mon Sep 17 00:00:00 2001
From: Laurent Bercot <ska-skaware@skarnet.org>
Date: Mon, 4 Feb 2019 19:04:05 +0000
Subject:  Revert -I, but add uid/self and gid/self to uidgid accessrules
 checking

---
 src/libs6/s6_accessrules_keycheck_uidgid.c | 22 ++++++++++++++++++----
 1 file changed, 18 insertions(+), 4 deletions(-)

(limited to 'src/libs6')

diff --git a/src/libs6/s6_accessrules_keycheck_uidgid.c b/src/libs6/s6_accessrules_keycheck_uidgid.c
index 61a6229..573382c 100644
--- a/src/libs6/s6_accessrules_keycheck_uidgid.c
+++ b/src/libs6/s6_accessrules_keycheck_uidgid.c
@@ -1,16 +1,30 @@
 /* ISC license. */
 
+#include <unistd.h>
+
 #include <skalibs/uint64.h>
 #include <skalibs/types.h>
 #include <s6/accessrules.h>
 
 s6_accessrules_result_t s6_accessrules_keycheck_uidgid (void const *key, void *data, s6_accessrules_params_t *params, s6_accessrules_backend_func_t_ref check1)
 {
+  uidgid_t const *uidgid = key ;
   char fmt[4 + UINT64_FMT] = "uid/" ;
-  s6_accessrules_result_t r = (*check1)(fmt, 4 + uid_fmt(fmt+4, ((uidgid_t const *)key)->left), data, params) ;
+  s6_accessrules_result_t r ;
+  if (uidgid->left == geteuid())
+  {
+    r = (*check1)("uid/self", 8, data, params) ;
+    if (r != S6_ACCESSRULES_NOTFOUND) return r ;
+  }
+  r = (*check1)(fmt, 4 + uid_fmt(fmt+4, uidgid->left), data, params) ;
   if (r != S6_ACCESSRULES_NOTFOUND) return r ;
+  if (uidgid->right == getegid())
+  {
+    r = (*check1)("gid/self", 8, data, params) ;
+    if (r != S6_ACCESSRULES_NOTFOUND) return r ;
+  }
   fmt[0] = 'g' ;
-  r = (*check1)(fmt, 4 + gid_fmt(fmt+4, ((uidgid_t const *)key)->right), data, params) ;
-  return (r != S6_ACCESSRULES_NOTFOUND) ? r :
-   (*check1)("uid/default", 11, data, params) ;
+  r = (*check1)(fmt, 4 + gid_fmt(fmt+4, uidgid->right), data, params) ;
+  if (r != S6_ACCESSRULES_NOTFOUND) return r ;
+  return (*check1)("uid/default", 11, data, params) ;
 }
-- 
cgit v1.2.3