模組 Process::UID

Process::UID 模組包含一組模組函數,可用於攜帶取得、設定和切換目前程序的真實、有效和已儲存使用者 ID。

公開類別方法

Process::UID.change_privilege(user) → integer 按一下以切換來源

將目前程序的真實和有效使用者 ID 變更為 user 指定的使用者 ID。傳回新的使用者 ID。並非所有平台都可用。

[Process.uid, Process.euid]          #=> [0, 0]
Process::UID.change_privilege(31)    #=> 31
[Process.uid, Process.euid]          #=> [31, 31]
static VALUE
p_uid_change_privilege(VALUE obj, VALUE id)
{
    rb_uid_t uid;

    check_uid_switch();

    uid = OBJ2UID(id);

    if (geteuid() == 0) { /* root-user */
#if defined(HAVE_SETRESUID)
        if (setresuid(uid, uid, uid) < 0) rb_sys_fail(0);
        SAVED_USER_ID = uid;
#elif defined(HAVE_SETUID)
        if (setuid(uid) < 0) rb_sys_fail(0);
        SAVED_USER_ID = uid;
#elif defined(HAVE_SETREUID) && !defined(OBSOLETE_SETREUID)
        if (getuid() == uid) {
            if (SAVED_USER_ID == uid) {
                if (setreuid(-1, uid) < 0) rb_sys_fail(0);
            }
            else {
                if (uid == 0) { /* (r,e,s) == (root, root, x) */
                    if (setreuid(-1, SAVED_USER_ID) < 0) rb_sys_fail(0);
                    if (setreuid(SAVED_USER_ID, 0) < 0) rb_sys_fail(0);
                    SAVED_USER_ID = 0; /* (r,e,s) == (x, root, root) */
                    if (setreuid(uid, uid) < 0) rb_sys_fail(0);
                    SAVED_USER_ID = uid;
                }
                else {
                    if (setreuid(0, -1) < 0) rb_sys_fail(0);
                    SAVED_USER_ID = 0;
                    if (setreuid(uid, uid) < 0) rb_sys_fail(0);
                    SAVED_USER_ID = uid;
                }
            }
        }
        else {
            if (setreuid(uid, uid) < 0) rb_sys_fail(0);
            SAVED_USER_ID = uid;
        }
#elif defined(HAVE_SETRUID) && defined(HAVE_SETEUID)
        if (getuid() == uid) {
            if (SAVED_USER_ID == uid) {
                if (seteuid(uid) < 0) rb_sys_fail(0);
            }
            else {
                if (uid == 0) {
                    if (setruid(SAVED_USER_ID) < 0) rb_sys_fail(0);
                    SAVED_USER_ID = 0;
                    if (setruid(0) < 0) rb_sys_fail(0);
                }
                else {
                    if (setruid(0) < 0) rb_sys_fail(0);
                    SAVED_USER_ID = 0;
                    if (seteuid(uid) < 0) rb_sys_fail(0);
                    if (setruid(uid) < 0) rb_sys_fail(0);
                    SAVED_USER_ID = uid;
                }
            }
        }
        else {
            if (seteuid(uid) < 0) rb_sys_fail(0);
            if (setruid(uid) < 0) rb_sys_fail(0);
            SAVED_USER_ID = uid;
        }
#else
        (void)uid;
        rb_notimplement();
#endif
    }
    else { /* unprivileged user */
#if defined(HAVE_SETRESUID)
        if (setresuid((getuid() == uid)? (rb_uid_t)-1: uid,
                      (geteuid() == uid)? (rb_uid_t)-1: uid,
                      (SAVED_USER_ID == uid)? (rb_uid_t)-1: uid) < 0) rb_sys_fail(0);
        SAVED_USER_ID = uid;
#elif defined(HAVE_SETREUID) && !defined(OBSOLETE_SETREUID)
        if (SAVED_USER_ID == uid) {
            if (setreuid((getuid() == uid)? (rb_uid_t)-1: uid,
                         (geteuid() == uid)? (rb_uid_t)-1: uid) < 0)
                rb_sys_fail(0);
        }
        else if (getuid() != uid) {
            if (setreuid(uid, (geteuid() == uid)? (rb_uid_t)-1: uid) < 0)
                rb_sys_fail(0);
            SAVED_USER_ID = uid;
        }
        else if (/* getuid() == uid && */ geteuid() != uid) {
            if (setreuid(geteuid(), uid) < 0) rb_sys_fail(0);
            SAVED_USER_ID = uid;
            if (setreuid(uid, -1) < 0) rb_sys_fail(0);
        }
        else { /* getuid() == uid && geteuid() == uid */
            if (setreuid(-1, SAVED_USER_ID) < 0) rb_sys_fail(0);
            if (setreuid(SAVED_USER_ID, uid) < 0) rb_sys_fail(0);
            SAVED_USER_ID = uid;
            if (setreuid(uid, -1) < 0) rb_sys_fail(0);
        }
#elif defined(HAVE_SETRUID) && defined(HAVE_SETEUID)
        if (SAVED_USER_ID == uid) {
            if (geteuid() != uid && seteuid(uid) < 0) rb_sys_fail(0);
            if (getuid() != uid && setruid(uid) < 0) rb_sys_fail(0);
        }
        else if (/* SAVED_USER_ID != uid && */ geteuid() == uid) {
            if (getuid() != uid) {
                if (setruid(uid) < 0) rb_sys_fail(0);
                SAVED_USER_ID = uid;
            }
            else {
                if (setruid(SAVED_USER_ID) < 0) rb_sys_fail(0);
                SAVED_USER_ID = uid;
                if (setruid(uid) < 0) rb_sys_fail(0);
            }
        }
        else if (/* geteuid() != uid && */ getuid() == uid) {
            if (seteuid(uid) < 0) rb_sys_fail(0);
            if (setruid(SAVED_USER_ID) < 0) rb_sys_fail(0);
            SAVED_USER_ID = uid;
            if (setruid(uid) < 0) rb_sys_fail(0);
        }
        else {
            rb_syserr_fail(EPERM, 0);
        }
#elif defined HAVE_44BSD_SETUID
        if (getuid() == uid) {
            /* (r,e,s)==(uid,?,?) ==> (uid,uid,uid) */
            if (setuid(uid) < 0) rb_sys_fail(0);
            SAVED_USER_ID = uid;
        }
        else {
            rb_syserr_fail(EPERM, 0);
        }
#elif defined HAVE_SETEUID
        if (getuid() == uid && SAVED_USER_ID == uid) {
            if (seteuid(uid) < 0) rb_sys_fail(0);
        }
        else {
            rb_syserr_fail(EPERM, 0);
        }
#elif defined HAVE_SETUID
        if (getuid() == uid && SAVED_USER_ID == uid) {
            if (setuid(uid) < 0) rb_sys_fail(0);
        }
        else {
            rb_syserr_fail(EPERM, 0);
        }
#else
        rb_notimplement();
#endif
    }
    return id;
}
euid → integer 按一下以切換來源
Process::UID.eid → integer
Process::Sys.geteuid → integer

傳回目前程序的有效使用者 ID。

Process.euid # => 501
static VALUE
proc_geteuid(VALUE obj)
{
    rb_uid_t euid = geteuid();
    return UIDT2NUM(euid);
}
Process::UID.from_name(name) → uid 按一下以切換來源

根據 name 取得使用者 ID。如果找不到使用者,將會引發 ArgumentError

Process::UID.from_name("root") #=> 0
Process::UID.from_name("nosuchuser") #=> can't find user for nosuchuser (ArgumentError)
static VALUE
p_uid_from_name(VALUE self, VALUE id)
{
    return UIDT2NUM(OBJ2UID(id));
}
Process::UID.grant_privilege(user) → integer 按一下以切換來源
Process::UID.eid= user → integer

設定有效使用者 ID,如果可能,將程序的已儲存使用者 ID 設定為指定的 user。傳回新的有效使用者 ID。並非所有平台都可用。

[Process.uid, Process.euid]          #=> [0, 0]
Process::UID.grant_privilege(31)     #=> 31
[Process.uid, Process.euid]          #=> [0, 31]
static VALUE
p_uid_grant_privilege(VALUE obj, VALUE id)
{
    rb_seteuid_core(OBJ2UID(id));
    return id;
}
Process::UID.re_exchange → integer 按一下以切換來源

交換真實和有效使用者 ID,並傳回新的有效使用者 ID。並非所有平台都可用。

[Process.uid, Process.euid]   #=> [0, 31]
Process::UID.re_exchange      #=> 0
[Process.uid, Process.euid]   #=> [31, 0]
static VALUE
p_uid_exchange(VALUE obj)
{
    rb_uid_t uid;
#if defined(HAVE_SETRESUID) || (defined(HAVE_SETREUID) && !defined(OBSOLETE_SETREUID))
    rb_uid_t euid;
#endif

    check_uid_switch();

    uid = getuid();
#if defined(HAVE_SETRESUID) || (defined(HAVE_SETREUID) && !defined(OBSOLETE_SETREUID))
    euid = geteuid();
#endif

#if defined(HAVE_SETRESUID)
    if (setresuid(euid, uid, uid) < 0) rb_sys_fail(0);
    SAVED_USER_ID = uid;
#elif defined(HAVE_SETREUID) && !defined(OBSOLETE_SETREUID)
    if (setreuid(euid,uid) < 0) rb_sys_fail(0);
    SAVED_USER_ID = uid;
#else
    rb_notimplement();
#endif
    return UIDT2NUM(uid);
}
Process::UID.re_exchangeable? → true 或 false 按一下以切換來源

如果目前平台可以交換程序的真實和有效使用者 ID,則傳回 true

static VALUE
p_uid_exchangeable(VALUE _)
{
#if defined(HAVE_SETRESUID)
    return Qtrue;
#elif defined(HAVE_SETREUID) && !defined(OBSOLETE_SETREUID)
    return Qtrue;
#else
    return Qfalse;
#endif
}
uid → integer 按一下以切換來源
Process::UID.rid → integer
Process::Sys.getuid → integer

傳回目前程序的 (真實) 使用者 ID。

Process.uid # => 1000
static VALUE
proc_getuid(VALUE obj)
{
    rb_uid_t uid = getuid();
    return UIDT2NUM(uid);
}
Process::UID.sid_available? → true 或 false 按一下以切換來源

如果目前平台具有已儲存使用者 ID 功能,則傳回 true

static VALUE
p_uid_have_saved_id(VALUE _)
{
#if defined(HAVE_SETRESUID) || defined(HAVE_SETEUID) || defined(_POSIX_SAVED_IDS)
    return Qtrue;
#else
    return Qfalse;
#endif
}
Process::UID.switch → integer 按一下以切換來源
Process::UID.switch {|| block} → 物件

切換目前程序的有效和真實使用者 ID。如果給定一個區塊,使用者 ID 會在執行區塊後切換回來。如果沒有區塊,會傳回新的有效使用者 ID;如果給定區塊,會傳回區塊的傳回值。

static VALUE
p_uid_switch(VALUE obj)
{
    rb_uid_t uid, euid;

    check_uid_switch();

    uid = getuid();
    euid = geteuid();

    if (uid != euid) {
        proc_seteuid(uid);
        if (rb_block_given_p()) {
            under_uid_switch = 1;
            return rb_ensure(rb_yield, Qnil, p_uid_sw_ensure, SAVED_USER_ID);
        }
        else {
            return UIDT2NUM(euid);
        }
    }
    else if (euid != SAVED_USER_ID) {
        proc_seteuid(SAVED_USER_ID);
        if (rb_block_given_p()) {
            under_uid_switch = 1;
            return rb_ensure(rb_yield, Qnil, p_uid_sw_ensure, euid);
        }
        else {
            return UIDT2NUM(uid);
        }
    }
    else {
        rb_syserr_fail(EPERM, 0);
    }

    UNREACHABLE_RETURN(Qnil);
}