Module: Process::GID
Relationships & Source Files | |
Defined in: | process.c |
Overview
The GID
module contains a collection of module functions which can be used to portably get, set, and switch the current process's real, effective, and saved group IDs.
Class Attribute Summary
-
.re_exchangeable? ⇒ Boolean
readonly
mod_func
Returns
true
if the real and effective group IDs of a process may be exchanged on the current platform. -
.rid ⇒ Integer
readonly
mod_func
Alias for gid.
-
.sid_available? ⇒ Boolean
readonly
mod_func
Returns
true
if the current platform has saved group ID functionality.
Class Method Summary
-
.change_privilege(group) ⇒ Integer
mod_func
Change the current process's real and effective group ID to that specified by group.
-
.eid ⇒ Integer
mod_func
Alias for egid.
-
.from_name(name) ⇒ GID
mod_func
Get the group ID by the name.
-
.grant_privilege(group) ⇒ Integer
mod_func
Set the effective group ID, and if possible, the saved group ID of the process to the given group.
-
.re_exchange ⇒ Integer
mod_func
Exchange real and effective group IDs and return the new effective group ID.
-
.switch ⇒ Integer
mod_func
Switch the effective and real group IDs of the current process.
Class Attribute Details
.re_exchangeable? ⇒ Boolean
(readonly, mod_func)
Returns true
if the real and effective group IDs of a process may be exchanged on the current platform.
# File 'process.c', line 6601
static VALUE p_gid_exchangeable(void) { #if defined(HAVE_SETRESGID) return Qtrue; #elif defined(HAVE_SETREGID) && !defined(OBSOLETE_SETREGID) return Qtrue; #else return Qfalse; #endif }
.rid ⇒ Integer (readonly, mod_func)
Alias for Process.gid.
.sid_available? ⇒ Boolean
(readonly, mod_func)
Returns true
if the current platform has saved group ID functionality.
# File 'process.c', line 6778
static VALUE p_gid_have_saved_id(void) { #if defined(HAVE_SETRESGID) || defined(HAVE_SETEGID) || defined(_POSIX_SAVED_IDS) return Qtrue; #else return Qfalse; #endif }
Class Method Details
.change_privilege(group) ⇒ Integer (mod_func)
# File 'process.c', line 6121
static VALUE p_gid_change_privilege(VALUE obj, VALUE id) { rb_gid_t gid; check_gid_switch(); gid = OBJ2GID(id); if (geteuid() == 0) { /* root-user */ #if defined(HAVE_SETRESGID) if (setresgid(gid, gid, gid) < 0) rb_sys_fail(0); SAVED_GROUP_ID = gid; #elif defined HAVE_SETGID if (setgid(gid) < 0) rb_sys_fail(0); SAVED_GROUP_ID = gid; #elif defined(HAVE_SETREGID) && !defined(OBSOLETE_SETREGID) if (getgid() == gid) { if (SAVED_GROUP_ID == gid) { if (setregid(-1, gid) < 0) rb_sys_fail(0); } else { if (gid == 0) { /* (r,e,s) == (root, y, x) */ if (setregid(-1, SAVED_GROUP_ID) < 0) rb_sys_fail(0); if (setregid(SAVED_GROUP_ID, 0) < 0) rb_sys_fail(0); SAVED_GROUP_ID = 0; /* (r,e,s) == (x, root, root) */ if (setregid(gid, gid) < 0) rb_sys_fail(0); SAVED_GROUP_ID = gid; } else { /* (r,e,s) == (z, y, x) */ if (setregid(0, 0) < 0) rb_sys_fail(0); SAVED_GROUP_ID = 0; if (setregid(gid, gid) < 0) rb_sys_fail(0); SAVED_GROUP_ID = gid; } } } else { if (setregid(gid, gid) < 0) rb_sys_fail(0); SAVED_GROUP_ID = gid; } #elif defined(HAVE_SETRGID) && defined (HAVE_SETEGID) if (getgid() == gid) { if (SAVED_GROUP_ID == gid) { if (setegid(gid) < 0) rb_sys_fail(0); } else { if (gid == 0) { if (setegid(gid) < 0) rb_sys_fail(0); if (setrgid(SAVED_GROUP_ID) < 0) rb_sys_fail(0); SAVED_GROUP_ID = 0; if (setrgid(0) < 0) rb_sys_fail(0); } else { if (setrgid(0) < 0) rb_sys_fail(0); SAVED_GROUP_ID = 0; if (setegid(gid) < 0) rb_sys_fail(0); if (setrgid(gid) < 0) rb_sys_fail(0); SAVED_GROUP_ID = gid; } } } else { if (setegid(gid) < 0) rb_sys_fail(0); if (setrgid(gid) < 0) rb_sys_fail(0); SAVED_GROUP_ID = gid; } #else rb_notimplement(); #endif } else { /* unprivileged user */ #if defined(HAVE_SETRESGID) if (setresgid((getgid() == gid)? (rb_gid_t)-1: gid, (getegid() == gid)? (rb_gid_t)-1: gid, (SAVED_GROUP_ID == gid)? (rb_gid_t)-1: gid) < 0) rb_sys_fail(0); SAVED_GROUP_ID = gid; #elif defined(HAVE_SETREGID) && !defined(OBSOLETE_SETREGID) if (SAVED_GROUP_ID == gid) { if (setregid((getgid() == gid)? (rb_uid_t)-1: gid, (getegid() == gid)? (rb_uid_t)-1: gid) < 0) rb_sys_fail(0); } else if (getgid() != gid) { if (setregid(gid, (getegid() == gid)? (rb_uid_t)-1: gid) < 0) rb_sys_fail(0); SAVED_GROUP_ID = gid; } else if (/* getgid() == gid && */ getegid() != gid) { if (setregid(getegid(), gid) < 0) rb_sys_fail(0); SAVED_GROUP_ID = gid; if (setregid(gid, -1) < 0) rb_sys_fail(0); } else { /* getgid() == gid && getegid() == gid */ if (setregid(-1, SAVED_GROUP_ID) < 0) rb_sys_fail(0); if (setregid(SAVED_GROUP_ID, gid) < 0) rb_sys_fail(0); SAVED_GROUP_ID = gid; if (setregid(gid, -1) < 0) rb_sys_fail(0); } #elif defined(HAVE_SETRGID) && defined(HAVE_SETEGID) if (SAVED_GROUP_ID == gid) { if (getegid() != gid && setegid(gid) < 0) rb_sys_fail(0); if (getgid() != gid && setrgid(gid) < 0) rb_sys_fail(0); } else if (/* SAVED_GROUP_ID != gid && */ getegid() == gid) { if (getgid() != gid) { if (setrgid(gid) < 0) rb_sys_fail(0); SAVED_GROUP_ID = gid; } else { if (setrgid(SAVED_GROUP_ID) < 0) rb_sys_fail(0); SAVED_GROUP_ID = gid; if (setrgid(gid) < 0) rb_sys_fail(0); } } else if (/* getegid() != gid && */ getgid() == gid) { if (setegid(gid) < 0) rb_sys_fail(0); if (setrgid(SAVED_GROUP_ID) < 0) rb_sys_fail(0); SAVED_GROUP_ID = gid; if (setrgid(gid) < 0) rb_sys_fail(0); } else { rb_syserr_fail(EPERM, 0); } #elif defined HAVE_44BSD_SETGID if (getgid() == gid) { /* (r,e,s)==(gid,?,?) ==> (gid,gid,gid) */ if (setgid(gid) < 0) rb_sys_fail(0); SAVED_GROUP_ID = gid; } else { rb_syserr_fail(EPERM, 0); } #elif defined HAVE_SETEGID if (getgid() == gid && SAVED_GROUP_ID == gid) { if (setegid(gid) < 0) rb_sys_fail(0); } else { rb_syserr_fail(EPERM, 0); } #elif defined HAVE_SETGID if (getgid() == gid && SAVED_GROUP_ID == gid) { if (setgid(gid) < 0) rb_sys_fail(0); } else { rb_syserr_fail(EPERM, 0); } #else (void)gid; rb_notimplement(); #endif } return id; }
.eid ⇒ Integer (mod_func)
Alias for Process.egid.
.from_name(name) ⇒ GID
(mod_func)
Get the group ID by the name. If the group is not found, ::ArgumentError will be raised.
Process::GID.from_name("wheel") #=> 0
Process::GID.from_name("nosuchgroup") #=> can't find group for nosuchgroup (ArgumentError)
# File 'process.c', line 5185
static VALUE p_gid_from_name(VALUE self, VALUE id) { return GIDT2NUM(OBJ2GID(id)); }
# File 'process.c', line 6522
static VALUE p_gid_grant_privilege(VALUE obj, VALUE id) { rb_setegid_core(OBJ2GID(id)); return id; }
.re_exchange ⇒ Integer (mod_func)
# File 'process.c', line 6626
static VALUE p_gid_exchange(VALUE obj) { rb_gid_t gid; #if defined(HAVE_SETRESGID) || (defined(HAVE_SETREGID) && !defined(OBSOLETE_SETREGID)) rb_gid_t egid; #endif check_gid_switch(); gid = getgid(); #if defined(HAVE_SETRESGID) || (defined(HAVE_SETREGID) && !defined(OBSOLETE_SETREGID)) egid = getegid(); #endif #if defined(HAVE_SETRESGID) if (setresgid(egid, gid, gid) < 0) rb_sys_fail(0); SAVED_GROUP_ID = gid; #elif defined(HAVE_SETREGID) && !defined(OBSOLETE_SETREGID) if (setregid(egid,gid) < 0) rb_sys_fail(0); SAVED_GROUP_ID = gid; #else rb_notimplement(); #endif return GIDT2NUM(gid); }
Switch the effective and real group IDs of the current process. If a block is given, the group IDs will be switched back after the block is executed. Returns the new effective group ID if called without a block, and the return value of the block if one is given.
# File 'process.c', line 6811
static VALUE p_gid_switch(VALUE obj) { rb_gid_t gid, egid; check_gid_switch(); gid = getgid(); egid = getegid(); if (gid != egid) { proc_setegid(obj, GIDT2NUM(gid)); if (rb_block_given_p()) { under_gid_switch = 1; return rb_ensure(rb_yield, Qnil, p_gid_sw_ensure, SAVED_GROUP_ID); } else { return GIDT2NUM(egid); } } else if (egid != SAVED_GROUP_ID) { proc_setegid(obj, GIDT2NUM(SAVED_GROUP_ID)); if (rb_block_given_p()) { under_gid_switch = 1; return rb_ensure(rb_yield, Qnil, p_gid_sw_ensure, egid); } else { return GIDT2NUM(gid); } } else { rb_syserr_fail(EPERM, 0); } UNREACHABLE; }