| /* vi: set sw=4 ts=4: */ |
| /* |
| * Utility routines. |
| * |
| * Copyright (C) tons of folks. Tracking down who wrote what |
| * isn't something I'm going to worry about... If you wrote something |
| * here, please feel free to acknowledge your work. |
| * |
| * This program is free software; you can redistribute it and/or modify |
| * it under the terms of the GNU General Public License as published by |
| * the Free Software Foundation; either version 2 of the License, or |
| * (at your option) any later version. |
| * |
| * This program is distributed in the hope that it will be useful, |
| * but WITHOUT ANY WARRANTY; without even the implied warranty of |
| * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU |
| * General Public License for more details. |
| * |
| * You should have received a copy of the GNU General Public License |
| * along with this program; if not, write to the Free Software |
| * Foundation, Inc., 59 Temple Place, Suite 330, Boston, MA 02111-1307 USA |
| * |
| * Based in part on code from sash, Copyright (c) 1999 by David I. Bell |
| * Permission has been granted to redistribute this code under the GPL. |
| * |
| */ |
| |
| #include <unistd.h> |
| #include <stdio.h> |
| #include <stdlib.h> |
| #include <string.h> |
| #include <assert.h> |
| #include "busybox.h" |
| |
| const char usage_messages[] = |
| |
| #define MAKE_USAGE |
| #include "usage.h" |
| |
| #include "applets.h" |
| |
| ; |
| |
| #undef MAKE_USAGE |
| #undef APPLET |
| #undef APPLET_NOUSAGE |
| #undef PROTOTYPES |
| #include "applets.h" |
| |
| |
| static struct BB_applet *applet_using; |
| |
| /* The -1 arises because of the {0,NULL,0,-1} entry above. */ |
| const size_t NUM_APPLETS = (sizeof (applets) / sizeof (struct BB_applet) - 1); |
| |
| |
| #ifdef CONFIG_FEATURE_SUID |
| |
| static void check_suid (struct BB_applet *app); |
| |
| #ifdef CONFIG_FEATURE_SUID_CONFIG |
| |
| #include <sys/stat.h> |
| #include <ctype.h> |
| #include "pwd_.h" |
| #include "grp_.h" |
| |
| static void parse_config_file (void); |
| |
| #define CONFIG_FILE "/etc/busybox.conf" |
| |
| /* applets [] is const, so we have to define this "override" structure */ |
| struct BB_suid_config |
| { |
| struct BB_applet *m_applet; |
| |
| uid_t m_uid; |
| gid_t m_gid; |
| mode_t m_mode; |
| |
| struct BB_suid_config *m_next; |
| }; |
| |
| static struct BB_suid_config *suid_config; |
| static int suid_cfg_readable; |
| |
| #endif /* CONFIG_FEATURE_SUID_CONFIG */ |
| |
| #endif /* CONFIG_FEATURE_SUID */ |
| |
| |
| |
| extern void bb_show_usage (void) |
| { |
| const char *format_string; |
| const char *usage_string = usage_messages; |
| int i; |
| |
| for (i = applet_using - applets; i > 0;) { |
| if (!*usage_string++) { |
| --i; |
| } |
| } |
| |
| format_string = "%s\n\nUsage: %s %s\n\n"; |
| if (*usage_string == '\b') |
| format_string = "%s\n\nNo help available.\n\n"; |
| fprintf (stderr, format_string, bb_msg_full_version, applet_using->name, |
| usage_string); |
| |
| exit (EXIT_FAILURE); |
| } |
| |
| static int applet_name_compare (const void *x, const void *y) |
| { |
| const char *name = x; |
| const struct BB_applet *applet = y; |
| |
| return strcmp (name, applet->name); |
| } |
| |
| extern const size_t NUM_APPLETS; |
| |
| struct BB_applet *find_applet_by_name (const char *name) |
| { |
| return bsearch (name, applets, NUM_APPLETS, sizeof (struct BB_applet), |
| applet_name_compare); |
| } |
| |
| void run_applet_by_name (const char *name, int argc, char **argv) |
| { |
| if(ENABLE_FEATURE_SUID_CONFIG) parse_config_file (); |
| |
| if(!strncmp(name, "busybox", 7)) busybox_main(argc, argv); |
| /* Do a binary search to find the applet entry given the name. */ |
| applet_using = find_applet_by_name(name); |
| if(applet_using) { |
| bb_applet_name = applet_using->name; |
| if(argc==2 && !strcmp(argv[1], "--help")) bb_show_usage (); |
| if(ENABLE_FEATURE_SUID) check_suid (applet_using); |
| exit ((*(applet_using->main)) (argc, argv)); |
| } |
| } |
| |
| |
| #ifdef CONFIG_FEATURE_SUID |
| |
| #ifdef CONFIG_FEATURE_SUID_CONFIG |
| |
| /* check if u is member of group g */ |
| static int |
| ingroup (uid_t u, gid_t g) |
| { |
| struct group *grp = getgrgid (g); |
| |
| if (grp) { |
| char **mem; |
| |
| for (mem = grp->gr_mem; *mem; mem++) { |
| struct passwd *pwd = getpwnam (*mem); |
| |
| if (pwd && (pwd->pw_uid == u)) |
| return 1; |
| } |
| } |
| return 0; |
| } |
| |
| #endif |
| |
| |
| void |
| check_suid (struct BB_applet *applet) |
| { |
| uid_t ruid = getuid (); /* real [ug]id */ |
| uid_t rgid = getgid (); |
| |
| #ifdef CONFIG_FEATURE_SUID_CONFIG |
| if (suid_cfg_readable) { |
| struct BB_suid_config *sct; |
| |
| for (sct = suid_config; sct; sct = sct->m_next) { |
| if (sct->m_applet == applet) |
| break; |
| } |
| if (sct) { |
| mode_t m = sct->m_mode; |
| |
| if (sct->m_uid == ruid) /* same uid */ |
| m >>= 6; |
| else if ((sct->m_gid == rgid) || ingroup (ruid, sct->m_gid)) /* same group / in group */ |
| m >>= 3; |
| |
| if (!(m & S_IXOTH)) /* is x bit not set ? */ |
| bb_error_msg_and_die ("You have no permission to run this applet!"); |
| |
| if ((sct->m_mode & (S_ISGID | S_IXGRP)) == (S_ISGID | S_IXGRP)) { /* *both* have to be set for sgid */ |
| if (setegid (sct->m_gid)) |
| bb_error_msg_and_die |
| ("BusyBox binary has insufficient rights to set proper GID for applet!"); |
| } else |
| setgid (rgid); /* no sgid -> drop */ |
| |
| if (sct->m_mode & S_ISUID) { |
| if (seteuid (sct->m_uid)) |
| bb_error_msg_and_die |
| ("BusyBox binary has insufficient rights to set proper UID for applet!"); |
| } else |
| setuid (ruid); /* no suid -> drop */ |
| } else { |
| /* default: drop all priviledges */ |
| setgid (rgid); |
| setuid (ruid); |
| } |
| return; |
| } else { |
| #ifndef CONFIG_FEATURE_SUID_CONFIG_QUIET |
| static int onetime = 0; |
| |
| if (!onetime) { |
| onetime = 1; |
| fprintf (stderr, "Using fallback suid method\n"); |
| } |
| #endif |
| } |
| #endif |
| |
| if (applet->need_suid == _BB_SUID_ALWAYS) { |
| if (geteuid () != 0) |
| bb_error_msg_and_die ("This applet requires root priviledges!"); |
| } else if (applet->need_suid == _BB_SUID_NEVER) { |
| setgid (rgid); /* drop all priviledges */ |
| setuid (ruid); |
| } |
| } |
| |
| #ifdef CONFIG_FEATURE_SUID_CONFIG |
| |
| /* This should probably be a libbb routine. In that case, |
| * I'd probably rename it to something like bb_trimmed_slice. |
| */ |
| static char *get_trimmed_slice(char *s, char *e) |
| { |
| /* First, consider the value at e to be nul and back up until we |
| * reach a non-space char. Set the char after that (possibly at |
| * the original e) to nul. */ |
| while (e-- > s) { |
| if (!isspace(*e)) { |
| break; |
| } |
| } |
| e[1] = 0; |
| |
| /* Next, advance past all leading space and return a ptr to the |
| * first non-space char; possibly the terminating nul. */ |
| return (char *) bb_skip_whitespace(s); |
| } |
| |
| |
| #define parse_error(x) { err=x; goto pe_label; } |
| |
| /* Don't depend on the tools to combine strings. */ |
| static const char config_file[] = CONFIG_FILE; |
| |
| /* There are 4 chars + 1 nul for each of user/group/other. */ |
| static const char mode_chars[] = "Ssx-\0Ssx-\0Ttx-"; |
| |
| /* We don't supply a value for the nul, so an index adjustment is |
| * necessary below. Also, we use unsigned short here to save some |
| * space even though these are really mode_t values. */ |
| static const unsigned short mode_mask[] = { |
| /* SST sst xxx --- */ |
| S_ISUID, S_ISUID|S_IXUSR, S_IXUSR, 0, /* user */ |
| S_ISGID, S_ISGID|S_IXGRP, S_IXGRP, 0, /* group */ |
| 0, S_IXOTH, S_IXOTH, 0 /* other */ |
| }; |
| |
| static void parse_config_file(void) |
| { |
| struct BB_suid_config *sct_head; |
| struct BB_suid_config *sct; |
| struct BB_applet *applet; |
| FILE *f; |
| char *err; |
| char *s; |
| char *e; |
| int i, lc, section; |
| char buffer[256]; |
| struct stat st; |
| |
| assert(!suid_config); /* Should be set to NULL by bss init. */ |
| |
| if ((stat(config_file, &st) != 0) /* No config file? */ |
| || !S_ISREG(st.st_mode) /* Not a regular file? */ |
| || (st.st_uid != 0) /* Not owned by root? */ |
| || (st.st_mode & (S_IWGRP | S_IWOTH)) /* Writable by non-root? */ |
| || !(f = fopen(config_file, "r")) /* Can not open? */ |
| ) { |
| return; |
| } |
| |
| suid_cfg_readable = 1; |
| sct_head = NULL; |
| section = lc = 0; |
| |
| do { |
| s = buffer; |
| |
| if (!fgets(s, sizeof(buffer), f)) { /* Are we done? */ |
| if (ferror(f)) { /* Make sure it wasn't a read error. */ |
| parse_error("reading"); |
| } |
| fclose(f); |
| suid_config = sct_head; /* Success, so set the pointer. */ |
| return; |
| } |
| |
| lc++; /* Got a (partial) line. */ |
| |
| /* If a line is too long for our buffer, we consider it an error. |
| * The following test does mistreat one corner case though. |
| * If the final line of the file does not end with a newline and |
| * yet exactly fills the buffer, it will be treated as too long |
| * even though there isn't really a problem. But it isn't really |
| * worth adding code to deal with such an unlikely situation, and |
| * we do err on the side of caution. Besides, the line would be |
| * too long if it did end with a newline. */ |
| if (!strchr(s, '\n') && !feof(f)) { |
| parse_error("line too long"); |
| } |
| |
| /* Trim leading and trailing whitespace, ignoring comments, and |
| * check if the resulting string is empty. */ |
| if (!*(s = get_trimmed_slice(s, strchrnul(s, '#')))) { |
| continue; |
| } |
| |
| /* Check for a section header. */ |
| |
| if (*s == '[') { |
| /* Unlike the old code, we ignore leading and trailing |
| * whitespace for the section name. We also require that |
| * there are no stray characters after the closing bracket. */ |
| if (!(e = strchr(s, ']')) /* Missing right bracket? */ |
| || e[1] /* Trailing characters? */ |
| || !*(s = get_trimmed_slice(s+1, e)) /* Missing name? */ |
| ) { |
| parse_error("section header"); |
| } |
| /* Right now we only have one section so just check it. |
| * If more sections are added in the future, please don't |
| * resort to cascading ifs with multiple strcasecmp calls. |
| * That kind of bloated code is all too common. A loop |
| * and a string table would be a better choice unless the |
| * number of sections is very small. */ |
| if (strcasecmp(s, "SUID") == 0) { |
| section = 1; |
| continue; |
| } |
| section = -1; /* Unknown section so set to skip. */ |
| continue; |
| } |
| |
| /* Process sections. */ |
| |
| if (section == 1) { /* SUID */ |
| /* Since we trimmed leading and trailing space above, we're |
| * now looking for strings of the form |
| * <key>[::space::]*=[::space::]*<value> |
| * where both key and value could contain inner whitespace. */ |
| |
| /* First get the key (an applet name in our case). */ |
| if (!!(e = strchr(s, '='))) { |
| s = get_trimmed_slice(s, e); |
| } |
| if (!e || !*s) { /* Missing '=' or empty key. */ |
| parse_error("keyword"); |
| } |
| |
| /* Ok, we have an applet name. Process the rhs if this |
| * applet is currently built in and ignore it otherwise. |
| * Note: This can hide config file bugs which only pop |
| * up when the busybox configuration is changed. */ |
| if ((applet = find_applet_by_name(s))) { |
| /* Note: We currently don't check for duplicates! |
| * The last config line for each applet will be the |
| * one used since we insert at the head of the list. |
| * I suppose this could be considered a feature. */ |
| sct = xmalloc(sizeof(struct BB_suid_config)); |
| sct->m_applet = applet; |
| sct->m_mode = 0; |
| sct->m_next = sct_head; |
| sct_head = sct; |
| |
| /* Get the specified mode. */ |
| |
| e = (char *) bb_skip_whitespace(e+1); |
| |
| for (i=0 ; i < 3 ; i++) { |
| const char *q; |
| if (!*(q = strchrnul(mode_chars + 5*i, *e++))) { |
| parse_error("mode"); |
| } |
| /* Adjust by -i to account for nul. */ |
| sct->m_mode |= mode_mask[(q - mode_chars) - i]; |
| } |
| |
| /* Now get the the user/group info. */ |
| |
| s = (char *) bb_skip_whitespace(e); |
| |
| /* Note: We require whitespace between the mode and the |
| * user/group info. */ |
| if ((s == e) || !(e = strchr(s, '.'))) { |
| parse_error("<uid>.<gid>"); |
| } |
| *e++ = 0; |
| |
| /* We can't use get_ug_id here since it would exit() |
| * if a uid or gid was not found. Oh well... */ |
| { |
| char *e2; |
| |
| sct->m_uid = strtoul(s, &e2, 10); |
| if (*e2 || (s == e2)) { |
| struct passwd *pwd; |
| if (!(pwd = getpwnam(s))) { |
| parse_error("user"); |
| } |
| sct->m_uid = pwd->pw_uid; |
| } |
| |
| sct->m_gid = strtoul(e, &e2, 10); |
| if (*e2 || (e == e2)) { |
| struct group *grp; |
| if (!(grp = getgrnam(e))) { |
| parse_error("group"); |
| } |
| sct->m_gid = grp->gr_gid; |
| } |
| } |
| } |
| continue; |
| } |
| |
| /* Unknown sections are ignored. */ |
| |
| /* Encountering configuration lines prior to seeing a |
| * section header is treated as an error. This is how |
| * the old code worked, but it may not be desirable. |
| * We may want to simply ignore such lines in case they |
| * are used in some future version of busybox. */ |
| if (!section) { |
| parse_error("keyword outside section"); |
| } |
| |
| } while (1); |
| |
| pe_label: |
| fprintf(stderr, "Parse error in %s, line %d: %s\n", |
| config_file, lc, err); |
| |
| fclose(f); |
| /* Release any allocated memory before returning. */ |
| while (sct_head) { |
| sct = sct_head->m_next; |
| free(sct_head); |
| sct_head = sct; |
| } |
| return; |
| } |
| |
| #endif |
| |
| #endif |
| |
| /* END CODE */ |
| /* |
| Local Variables: |
| c-file-style: "linux" |
| c-basic-offset: 4 |
| tab-width: 4 |
| End: |
| */ |