applets/applets.c

/* vi: set sw=4 ts=4: */
/*
 * Utility routines.
 *
 * Copyright (C) tons of folks.  Tracking down who wrote what
 * isn't something I'm going to worry about...  If you wrote something
 * here, please feel free to acknowledge your work.
 *
 * This program is free software; you can redistribute it and/or modify
 * it under the terms of the GNU General Public License as published by
 * the Free Software Foundation; either version 2 of the License, or
 * (at your option) any later version.
 *
 * This program is distributed in the hope that it will be useful,
 * but WITHOUT ANY WARRANTY; without even the implied warranty of
 * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU
 * General Public License for more details.
 *
 * You should have received a copy of the GNU General Public License
 * along with this program; if not, write to the Free Software
 * Foundation, Inc., 59 Temple Place, Suite 330, Boston, MA 02111-1307 USA
 *
 * Based in part on code from sash, Copyright (c) 1999 by David I. Bell
 * Permission has been granted to redistribute this code under the GPL.
 *
 */

#include <unistd.h>
#include <stdio.h>
#include <stdlib.h>
#include <string.h>
#include "busybox.h"

#undef APPLET
#undef APPLET_NOUSAGE
#undef PROTOTYPES
#include "applets.h"

struct BB_applet *applet_using;

/* The -1 arises because of the {0,NULL,0,-1} entry above. */
const size_t NUM_APPLETS = (sizeof (applets) / sizeof (struct BB_applet) - 1);


#ifdef CONFIG_FEATURE_SUID

static void check_suid (struct BB_applet *app);

#ifdef CONFIG_FEATURE_SUID_CONFIG

#include <sys/stat.h>
#include <ctype.h>
#include "pwd_.h"
#include "grp_.h"

static int parse_config_file (void);

static int config_ok;

#define CONFIG_FILE "/etc/busybox.conf"

/* applets [] is const, so we have to define this "override" structure */
struct BB_suid_config
{
  struct BB_applet *m_applet;

  uid_t m_uid;
  gid_t m_gid;
  mode_t m_mode;

  struct BB_suid_config *m_next;
};

static struct BB_suid_config *suid_config;

#endif /* CONFIG_FEATURE_SUID_CONFIG */

#endif /* CONFIG_FEATURE_SUID */



extern void
bb_show_usage (void)
{
  const char *format_string;
  const char *usage_string = usage_messages;
  int i;

  for (i = applet_using - applets; i > 0;) {
	if (!*usage_string++) {
	  --i;
	}
  }

  format_string = "%s\n\nUsage: %s %s\n\n";
  if (*usage_string == '\b')
	format_string = "%s\n\nNo help available.\n\n";
  fprintf (stderr, format_string, bb_msg_full_version, applet_using->name,
		   usage_string);

  exit (EXIT_FAILURE);
}

static int
applet_name_compare (const void *x, const void *y)
{
  const char *name = x;
  const struct BB_applet *applet = y;

  return strcmp (name, applet->name);
}

extern const size_t NUM_APPLETS;

struct BB_applet *
find_applet_by_name (const char *name)
{
  return bsearch (name, applets, NUM_APPLETS, sizeof (struct BB_applet),
				  applet_name_compare);
}

void
run_applet_by_name (const char *name, int argc, char **argv)
{
  static int recurse_level = 0;
  extern int been_there_done_that;      /* From busybox.c */

#ifdef CONFIG_FEATURE_SUID_CONFIG
  if (recurse_level == 0)
	config_ok = parse_config_file ();
#endif

  recurse_level++;
  /* Do a binary search to find the applet entry given the name. */
  if ((applet_using = find_applet_by_name (name)) != NULL) {
	bb_applet_name = applet_using->name;
	if (argv[1] && strcmp (argv[1], "--help") == 0) {
	  if (strcmp (applet_using->name, "busybox") == 0) {
		if (argv[2])
		  applet_using = find_applet_by_name (argv[2]);
		else
		  applet_using = NULL;
	  }
	  if (applet_using)
		bb_show_usage ();
	  been_there_done_that = 1;
	  busybox_main (0, NULL);
	}
#ifdef CONFIG_FEATURE_SUID
	check_suid (applet_using);
#endif

	exit ((*(applet_using->main)) (argc, argv));
  }
  /* Just in case they have renamed busybox - Check argv[1] */
  if (recurse_level == 1) {
	run_applet_by_name ("busybox", argc, argv);
  }
  recurse_level--;
}


#ifdef CONFIG_FEATURE_SUID

#ifdef CONFIG_FEATURE_SUID_CONFIG

/* check if u is member of group g */
static int
ingroup (uid_t u, gid_t g)
{
  struct group *grp = getgrgid (g);

  if (grp) {
	char **mem;

	for (mem = grp->gr_mem; *mem; mem++) {
	  struct passwd *pwd = getpwnam (*mem);

	  if (pwd && (pwd->pw_uid == u))
		return 1;
	}
  }
  return 0;
}

#endif


void
check_suid (struct BB_applet *applet)
{
  uid_t ruid = getuid ();               /* real [ug]id */
  uid_t rgid = getgid ();

#ifdef CONFIG_FEATURE_SUID_CONFIG
  if (config_ok) {
	struct BB_suid_config *sct;

	for (sct = suid_config; sct; sct = sct->m_next) {
	  if (sct->m_applet == applet)
		break;
	}
	if (sct) {
	  mode_t m = sct->m_mode;

	  if (sct->m_uid == ruid)       /* same uid */
		m >>= 6;
	  else if ((sct->m_gid == rgid) || ingroup (ruid, sct->m_gid))  /* same group / in group */
		m >>= 3;

	  if (!(m & S_IXOTH))           /* is x bit not set ? */
		bb_error_msg_and_die ("You have no permission to run this applet!");

	  if ((sct->m_mode & (S_ISGID | S_IXGRP)) == (S_ISGID | S_IXGRP)) {     /* *both* have to be set for sgid */
		if (setegid (sct->m_gid))
		  bb_error_msg_and_die
			("BusyBox binary has insufficient rights to set proper GID for applet!");
	  } else
		setgid (rgid);                  /* no sgid -> drop */

	  if (sct->m_mode & S_ISUID) {
		if (seteuid (sct->m_uid))
		  bb_error_msg_and_die
			("BusyBox binary has insufficient rights to set proper UID for applet!");
	  } else
		setuid (ruid);                  /* no suid -> drop */
	} else {
		/* default: drop all priviledges */
	  setgid (rgid);
	  setuid (ruid);
	}
	return;
  } else {
#ifndef CONFIG_FEATURE_SUID_CONFIG_QUIET
	static int onetime = 0;

	if (!onetime) {
	  onetime = 1;
	  fprintf (stderr, "Using fallback suid method\n");
	}
#endif
  }
#endif

  if (applet->need_suid == _BB_SUID_ALWAYS) {
	if (geteuid () != 0)
	  bb_error_msg_and_die ("This applet requires root priviledges!");
  } else if (applet->need_suid == _BB_SUID_NEVER) {
	setgid (rgid);                          /* drop all priviledges */
	setuid (ruid);
  }
}

#ifdef CONFIG_FEATURE_SUID_CONFIG


#define parse_error(x)  { err=x; goto pe_label; }


int
parse_config_file (void)
{
  struct stat st;
  char *err = 0;
  FILE *f = 0;
  int lc = 0;

  suid_config = 0;

  /* is there a config file ? */
  if (stat (CONFIG_FILE, &st) == 0) {
	/* is it owned by root with no write perm. for group and others ? */
	if (S_ISREG (st.st_mode) && (st.st_uid == 0)
		&& (!(st.st_mode & (S_IWGRP | S_IWOTH)))) {
	  /* that's ok .. then try to open it */
	  f = fopen (CONFIG_FILE, "r");

	  if (f) {
		char buffer[256];
		int section = 0;

		while (fgets (buffer, sizeof (buffer) - 1, f)) {
		  char c = buffer[0];
		  char *p;

		  lc++;

		  p = strchr (buffer, '#');
		  if (p)
			*p = 0;
		  p = buffer + bb_strlen (buffer);
		  while ((p > buffer) && isspace (*--p))
			*p = 0;

		  if (p == buffer)
			continue;

		  if (c == '[') {
			p = strchr (buffer, ']');

			if (!p || (p == (buffer + 1)))  /* no matching ] or empty [] */
			  parse_error ("malformed section header");

			*p = 0;

			if (strcasecmp (buffer + 1, "SUID") == 0)
			  section = 1;
			else
			  section = -1;         /* unknown section - just skip */
		  } else if (section) {
			switch (section) {
			case 1:{                        /* SUID */
				int l;
				struct BB_applet *applet;

				p = strchr (buffer, '=');       /* <key>[::space::]*=[::space::]*<value> */

				if (!p || (p == (buffer + 1)))  /* no = or key is empty */
				  parse_error ("malformed keyword");

				l = p - buffer;
				while (isspace (buffer[--l])) {
					/* skip whitespace */
				}

				buffer[l + 1] = 0;

				if ((applet = find_applet_by_name (buffer))) {
				  struct BB_suid_config *sct =
					xmalloc (sizeof (struct BB_suid_config));

				  sct->m_applet = applet;
				  sct->m_next = suid_config;
				  suid_config = sct;

				  while (isspace (*++p)) {
					/* skip whitespace */
				  }

				  sct->m_mode = 0;

				  switch (*p++) {
				  case 'S':
					sct->m_mode |= S_ISUID;
					break;
				  case 's':
					sct->m_mode |= S_ISUID;
					/* no break */
				  case 'x':
					sct->m_mode |= S_IXUSR;
					break;
				  case '-':
					break;
				  default:
					parse_error ("invalid user mode");
				  }

				  switch (*p++) {
				  case 's':
					sct->m_mode |= S_ISGID;
					/* no break */
				  case 'x':
					sct->m_mode |= S_IXGRP;
					break;
				  case 'S':
					break;
				  case '-':
					break;
				  default:
					parse_error ("invalid group mode");
				  }

				  switch (*p) {
				  case 't':
				  case 'x':
					sct->m_mode |= S_IXOTH;
					break;
				  case 'T':
				  case '-':
					break;
				  default:
					parse_error ("invalid other mode");
				  }

				  while (isspace (*++p)) {
					/* skip whitespace */
				  }

				  if (isdigit (*p)) {
					sct->m_uid = strtol (p, &p, 10);
					if (*p++ != '.')
					  parse_error ("parsing <uid>.<gid>");
				  } else {
					struct passwd *pwd;
					char *p2 = strchr (p, '.');

					if (!p2)
					  parse_error ("parsing <uid>.<gid>");

					*p2 = 0;
					pwd = getpwnam (p);

					if (!pwd)
					  parse_error ("invalid user name");

					sct->m_uid = pwd->pw_uid;
					p = p2 + 1;
				  }
				  if (isdigit (*p))
					sct->m_gid = strtol (p, &p, 10);
				  else {
					struct group *grp = getgrnam (p);

					if (!grp)
					  parse_error ("invalid group name");

					sct->m_gid = grp->gr_gid;
				  }
				}
				break;
			  }
			default:                        /* unknown - skip */
			  break;
			}
		  } else
			parse_error ("keyword not within section");
		}
		fclose (f);
		return 1;
	  }
	}
  }
  return 0;     /* no config file or not readable (not an error) */

pe_label:
  fprintf (stderr, "Parse error in %s, line %d: %s\n", CONFIG_FILE, lc, err);

  if (f)
	fclose (f);
  return 0;
}

#endif

#endif

/* END CODE */
/*
Local Variables:
c-file-style: "linux"
c-basic-offset: 4
tab-width: 4
End:
*/