+** SAFEFOPEN -- do a file open with extra checking
+**
+** Parameters:
+** fn -- the file name to open.
+** omode -- the open-style mode flags.
+** cmode -- the create-style mode flags.
+** sff -- safefile flags.
+**
+** Returns:
+** Same as fopen.
+*/
+
+FILE *
+safefopen(fn, omode, cmode, sff)
+ char *fn;
+ int omode;
+ int cmode;
+ int sff;
+{
+ int rval;
+ FILE *fp;
+ int smode;
+ struct stat stb, sta;
+ extern char RealUserName[];
+
+ if (bitset(O_CREAT, omode))
+ sff |= SFF_CREAT;
+ smode = 0;
+ switch (omode & O_ACCMODE)
+ {
+ case O_RDONLY:
+ smode = S_IREAD;
+ break;
+
+ case O_WRONLY:
+ smode = S_IWRITE;
+ break;
+
+ case O_RDWR:
+ smode = S_IREAD|S_IWRITE;
+ break;
+
+ default:
+ smode = 0;
+ break;
+ }
+ rval = safefile(fn, RealUid, RealGid, RealUserName, sff, smode, &stb);
+ if (rval != 0)
+ {
+ errno = rval;
+ return NULL;
+ }
+ if (stb.st_mode == ST_MODE_NOFILE)
+ omode |= O_EXCL;
+
+ fp = dfopen(fn, omode, cmode);
+ if (fp == NULL)
+ return NULL;
+ if (bitset(O_EXCL, omode))
+ return fp;
+ if (fstat(fileno(fp), &sta) < 0 ||
+ sta.st_nlink != stb.st_nlink ||
+ sta.st_dev != stb.st_dev ||
+ sta.st_ino != stb.st_ino ||
+ sta.st_uid != stb.st_uid ||
+ sta.st_gid != stb.st_gid)
+ {
+ syserr("554 cannot open: file %s changed after open", fn);
+ errno = EPERM;
+ fclose(fp);
+ return NULL;
+ }
+ return fp;
+}
+\f/*