1 | /* vi: set sw=4 ts=4: */
|
---|
2 | /*
|
---|
3 | * Utility routines.
|
---|
4 | *
|
---|
5 | * Copyright (C) tons of folks. Tracking down who wrote what
|
---|
6 | * isn't something I'm going to worry about... If you wrote something
|
---|
7 | * here, please feel free to acknowledge your work.
|
---|
8 | *
|
---|
9 | * Based in part on code from sash, Copyright (c) 1999 by David I. Bell
|
---|
10 | * Permission has been granted to redistribute this code under the GPL.
|
---|
11 | *
|
---|
12 | * Licensed under GPLv2 or later, see file License in this tarball for details.
|
---|
13 | */
|
---|
14 |
|
---|
15 | #include "busybox.h"
|
---|
16 | #include <unistd.h>
|
---|
17 | #include <string.h>
|
---|
18 | #include <assert.h>
|
---|
19 |
|
---|
20 | #if ENABLE_SHOW_USAGE && !ENABLE_FEATURE_COMPRESS_USAGE
|
---|
21 | static const char usage_messages[] =
|
---|
22 | #define MAKE_USAGE
|
---|
23 | #include "usage.h"
|
---|
24 | #include "applets.h"
|
---|
25 | ;
|
---|
26 | #undef MAKE_USAGE
|
---|
27 | #else
|
---|
28 | #define usage_messages 0
|
---|
29 | #endif /* ENABLE_SHOW_USAGE */
|
---|
30 |
|
---|
31 | #undef APPLET
|
---|
32 | #undef APPLET_NOUSAGE
|
---|
33 | #undef PROTOTYPES
|
---|
34 | #include "applets.h"
|
---|
35 |
|
---|
36 | static struct BB_applet *applet_using;
|
---|
37 |
|
---|
38 | /* The -1 arises because of the {0,NULL,0,-1} entry above. */
|
---|
39 | const size_t NUM_APPLETS = (sizeof (applets) / sizeof (struct BB_applet) - 1);
|
---|
40 |
|
---|
41 |
|
---|
42 | #ifdef CONFIG_FEATURE_SUID_CONFIG
|
---|
43 |
|
---|
44 | #include <ctype.h>
|
---|
45 | #include "pwd_.h"
|
---|
46 | #include "grp_.h"
|
---|
47 |
|
---|
48 | #define CONFIG_FILE "/etc/busybox.conf"
|
---|
49 |
|
---|
50 | /* applets [] is const, so we have to define this "override" structure */
|
---|
51 | static struct BB_suid_config
|
---|
52 | {
|
---|
53 | struct BB_applet *m_applet;
|
---|
54 |
|
---|
55 | uid_t m_uid;
|
---|
56 | gid_t m_gid;
|
---|
57 | mode_t m_mode;
|
---|
58 |
|
---|
59 | struct BB_suid_config *m_next;
|
---|
60 | } *suid_config;
|
---|
61 |
|
---|
62 | static int suid_cfg_readable;
|
---|
63 |
|
---|
64 | /* check if u is member of group g */
|
---|
65 | static int ingroup (uid_t u, gid_t g)
|
---|
66 | {
|
---|
67 | struct group *grp = getgrgid (g);
|
---|
68 |
|
---|
69 | if (grp) {
|
---|
70 | char **mem;
|
---|
71 |
|
---|
72 | for (mem = grp->gr_mem; *mem; mem++) {
|
---|
73 | struct passwd *pwd = getpwnam (*mem);
|
---|
74 |
|
---|
75 | if (pwd && (pwd->pw_uid == u))
|
---|
76 | return 1;
|
---|
77 | }
|
---|
78 | }
|
---|
79 | return 0;
|
---|
80 | }
|
---|
81 |
|
---|
82 | /* This should probably be a libbb routine. In that case,
|
---|
83 | * I'd probably rename it to something like bb_trimmed_slice.
|
---|
84 | */
|
---|
85 | static char *get_trimmed_slice(char *s, char *e)
|
---|
86 | {
|
---|
87 | /* First, consider the value at e to be nul and back up until we
|
---|
88 | * reach a non-space char. Set the char after that (possibly at
|
---|
89 | * the original e) to nul. */
|
---|
90 | while (e-- > s) {
|
---|
91 | if (!isspace(*e)) {
|
---|
92 | break;
|
---|
93 | }
|
---|
94 | }
|
---|
95 | e[1] = 0;
|
---|
96 |
|
---|
97 | /* Next, advance past all leading space and return a ptr to the
|
---|
98 | * first non-space char; possibly the terminating nul. */
|
---|
99 | return skip_whitespace(s);
|
---|
100 | }
|
---|
101 |
|
---|
102 |
|
---|
103 | #define parse_error(x) { err=x; goto pe_label; }
|
---|
104 |
|
---|
105 | /* Don't depend on the tools to combine strings. */
|
---|
106 | static const char config_file[] = CONFIG_FILE;
|
---|
107 |
|
---|
108 | /* There are 4 chars + 1 nul for each of user/group/other. */
|
---|
109 | static const char mode_chars[] = "Ssx-\0Ssx-\0Ttx-";
|
---|
110 |
|
---|
111 | /* We don't supply a value for the nul, so an index adjustment is
|
---|
112 | * necessary below. Also, we use unsigned short here to save some
|
---|
113 | * space even though these are really mode_t values. */
|
---|
114 | static const unsigned short mode_mask[] = {
|
---|
115 | /* SST sst xxx --- */
|
---|
116 | S_ISUID, S_ISUID|S_IXUSR, S_IXUSR, 0, /* user */
|
---|
117 | S_ISGID, S_ISGID|S_IXGRP, S_IXGRP, 0, /* group */
|
---|
118 | 0, S_IXOTH, S_IXOTH, 0 /* other */
|
---|
119 | };
|
---|
120 |
|
---|
121 | static void parse_config_file(void)
|
---|
122 | {
|
---|
123 | struct BB_suid_config *sct_head;
|
---|
124 | struct BB_suid_config *sct;
|
---|
125 | struct BB_applet *applet;
|
---|
126 | FILE *f;
|
---|
127 | char *err;
|
---|
128 | char *s;
|
---|
129 | char *e;
|
---|
130 | int i, lc, section;
|
---|
131 | char buffer[256];
|
---|
132 | struct stat st;
|
---|
133 |
|
---|
134 | assert(!suid_config); /* Should be set to NULL by bss init. */
|
---|
135 |
|
---|
136 | if ((stat(config_file, &st) != 0) /* No config file? */
|
---|
137 | || !S_ISREG(st.st_mode) /* Not a regular file? */
|
---|
138 | || (st.st_uid != 0) /* Not owned by root? */
|
---|
139 | || (st.st_mode & (S_IWGRP | S_IWOTH)) /* Writable by non-root? */
|
---|
140 | || !(f = fopen(config_file, "r")) /* Can not open? */
|
---|
141 | ) {
|
---|
142 | return;
|
---|
143 | }
|
---|
144 |
|
---|
145 | suid_cfg_readable = 1;
|
---|
146 | sct_head = NULL;
|
---|
147 | section = lc = 0;
|
---|
148 |
|
---|
149 | do {
|
---|
150 | s = buffer;
|
---|
151 |
|
---|
152 | if (!fgets(s, sizeof(buffer), f)) { /* Are we done? */
|
---|
153 | if (ferror(f)) { /* Make sure it wasn't a read error. */
|
---|
154 | parse_error("reading");
|
---|
155 | }
|
---|
156 | fclose(f);
|
---|
157 | suid_config = sct_head; /* Success, so set the pointer. */
|
---|
158 | return;
|
---|
159 | }
|
---|
160 |
|
---|
161 | lc++; /* Got a (partial) line. */
|
---|
162 |
|
---|
163 | /* If a line is too long for our buffer, we consider it an error.
|
---|
164 | * The following test does mistreat one corner case though.
|
---|
165 | * If the final line of the file does not end with a newline and
|
---|
166 | * yet exactly fills the buffer, it will be treated as too long
|
---|
167 | * even though there isn't really a problem. But it isn't really
|
---|
168 | * worth adding code to deal with such an unlikely situation, and
|
---|
169 | * we do err on the side of caution. Besides, the line would be
|
---|
170 | * too long if it did end with a newline. */
|
---|
171 | if (!strchr(s, '\n') && !feof(f)) {
|
---|
172 | parse_error("line too long");
|
---|
173 | }
|
---|
174 |
|
---|
175 | /* Trim leading and trailing whitespace, ignoring comments, and
|
---|
176 | * check if the resulting string is empty. */
|
---|
177 | if (!*(s = get_trimmed_slice(s, strchrnul(s, '#')))) {
|
---|
178 | continue;
|
---|
179 | }
|
---|
180 |
|
---|
181 | /* Check for a section header. */
|
---|
182 |
|
---|
183 | if (*s == '[') {
|
---|
184 | /* Unlike the old code, we ignore leading and trailing
|
---|
185 | * whitespace for the section name. We also require that
|
---|
186 | * there are no stray characters after the closing bracket. */
|
---|
187 | if (!(e = strchr(s, ']')) /* Missing right bracket? */
|
---|
188 | || e[1] /* Trailing characters? */
|
---|
189 | || !*(s = get_trimmed_slice(s+1, e)) /* Missing name? */
|
---|
190 | ) {
|
---|
191 | parse_error("section header");
|
---|
192 | }
|
---|
193 | /* Right now we only have one section so just check it.
|
---|
194 | * If more sections are added in the future, please don't
|
---|
195 | * resort to cascading ifs with multiple strcasecmp calls.
|
---|
196 | * That kind of bloated code is all too common. A loop
|
---|
197 | * and a string table would be a better choice unless the
|
---|
198 | * number of sections is very small. */
|
---|
199 | if (strcasecmp(s, "SUID") == 0) {
|
---|
200 | section = 1;
|
---|
201 | continue;
|
---|
202 | }
|
---|
203 | section = -1; /* Unknown section so set to skip. */
|
---|
204 | continue;
|
---|
205 | }
|
---|
206 |
|
---|
207 | /* Process sections. */
|
---|
208 |
|
---|
209 | if (section == 1) { /* SUID */
|
---|
210 | /* Since we trimmed leading and trailing space above, we're
|
---|
211 | * now looking for strings of the form
|
---|
212 | * <key>[::space::]*=[::space::]*<value>
|
---|
213 | * where both key and value could contain inner whitespace. */
|
---|
214 |
|
---|
215 | /* First get the key (an applet name in our case). */
|
---|
216 | if (!!(e = strchr(s, '='))) {
|
---|
217 | s = get_trimmed_slice(s, e);
|
---|
218 | }
|
---|
219 | if (!e || !*s) { /* Missing '=' or empty key. */
|
---|
220 | parse_error("keyword");
|
---|
221 | }
|
---|
222 |
|
---|
223 | /* Ok, we have an applet name. Process the rhs if this
|
---|
224 | * applet is currently built in and ignore it otherwise.
|
---|
225 | * Note: This can hide config file bugs which only pop
|
---|
226 | * up when the busybox configuration is changed. */
|
---|
227 | if ((applet = find_applet_by_name(s))) {
|
---|
228 | /* Note: We currently don't check for duplicates!
|
---|
229 | * The last config line for each applet will be the
|
---|
230 | * one used since we insert at the head of the list.
|
---|
231 | * I suppose this could be considered a feature. */
|
---|
232 | sct = xmalloc(sizeof(struct BB_suid_config));
|
---|
233 | sct->m_applet = applet;
|
---|
234 | sct->m_mode = 0;
|
---|
235 | sct->m_next = sct_head;
|
---|
236 | sct_head = sct;
|
---|
237 |
|
---|
238 | /* Get the specified mode. */
|
---|
239 |
|
---|
240 | e = skip_whitespace(e+1);
|
---|
241 |
|
---|
242 | for (i=0 ; i < 3 ; i++) {
|
---|
243 | const char *q;
|
---|
244 | if (!*(q = strchrnul(mode_chars + 5*i, *e++))) {
|
---|
245 | parse_error("mode");
|
---|
246 | }
|
---|
247 | /* Adjust by -i to account for nul. */
|
---|
248 | sct->m_mode |= mode_mask[(q - mode_chars) - i];
|
---|
249 | }
|
---|
250 |
|
---|
251 | /* Now get the the user/group info. */
|
---|
252 |
|
---|
253 | s = skip_whitespace(e);
|
---|
254 |
|
---|
255 | /* Note: We require whitespace between the mode and the
|
---|
256 | * user/group info. */
|
---|
257 | if ((s == e) || !(e = strchr(s, '.'))) {
|
---|
258 | parse_error("<uid>.<gid>");
|
---|
259 | }
|
---|
260 | *e++ = 0;
|
---|
261 |
|
---|
262 | /* We can't use get_ug_id here since it would exit()
|
---|
263 | * if a uid or gid was not found. Oh well... */
|
---|
264 | {
|
---|
265 | char *e2;
|
---|
266 |
|
---|
267 | sct->m_uid = strtoul(s, &e2, 10);
|
---|
268 | if (*e2 || (s == e2)) {
|
---|
269 | struct passwd *pwd;
|
---|
270 | if (!(pwd = getpwnam(s))) {
|
---|
271 | parse_error("user");
|
---|
272 | }
|
---|
273 | sct->m_uid = pwd->pw_uid;
|
---|
274 | }
|
---|
275 |
|
---|
276 | sct->m_gid = strtoul(e, &e2, 10);
|
---|
277 | if (*e2 || (e == e2)) {
|
---|
278 | struct group *grp;
|
---|
279 | if (!(grp = getgrnam(e))) {
|
---|
280 | parse_error("group");
|
---|
281 | }
|
---|
282 | sct->m_gid = grp->gr_gid;
|
---|
283 | }
|
---|
284 | }
|
---|
285 | }
|
---|
286 | continue;
|
---|
287 | }
|
---|
288 |
|
---|
289 | /* Unknown sections are ignored. */
|
---|
290 |
|
---|
291 | /* Encountering configuration lines prior to seeing a
|
---|
292 | * section header is treated as an error. This is how
|
---|
293 | * the old code worked, but it may not be desirable.
|
---|
294 | * We may want to simply ignore such lines in case they
|
---|
295 | * are used in some future version of busybox. */
|
---|
296 | if (!section) {
|
---|
297 | parse_error("keyword outside section");
|
---|
298 | }
|
---|
299 |
|
---|
300 | } while (1);
|
---|
301 |
|
---|
302 | pe_label:
|
---|
303 | fprintf(stderr, "Parse error in %s, line %d: %s\n",
|
---|
304 | config_file, lc, err);
|
---|
305 |
|
---|
306 | fclose(f);
|
---|
307 | /* Release any allocated memory before returning. */
|
---|
308 | while (sct_head) {
|
---|
309 | sct = sct_head->m_next;
|
---|
310 | free(sct_head);
|
---|
311 | sct_head = sct;
|
---|
312 | }
|
---|
313 | return;
|
---|
314 | }
|
---|
315 |
|
---|
316 | #else
|
---|
317 | #define parse_config_file()
|
---|
318 | #endif /* CONFIG_FEATURE_SUID_CONFIG */
|
---|
319 |
|
---|
320 | #ifdef CONFIG_FEATURE_SUID
|
---|
321 | static void check_suid (struct BB_applet *applet)
|
---|
322 | {
|
---|
323 | uid_t ruid = getuid (); /* real [ug]id */
|
---|
324 | uid_t rgid = getgid ();
|
---|
325 |
|
---|
326 | #ifdef CONFIG_FEATURE_SUID_CONFIG
|
---|
327 | if (suid_cfg_readable) {
|
---|
328 | struct BB_suid_config *sct;
|
---|
329 |
|
---|
330 | for (sct = suid_config; sct; sct = sct->m_next) {
|
---|
331 | if (sct->m_applet == applet)
|
---|
332 | break;
|
---|
333 | }
|
---|
334 | if (sct) {
|
---|
335 | mode_t m = sct->m_mode;
|
---|
336 |
|
---|
337 | if (sct->m_uid == ruid) /* same uid */
|
---|
338 | m >>= 6;
|
---|
339 | else if ((sct->m_gid == rgid) || ingroup (ruid, sct->m_gid)) /* same group / in group */
|
---|
340 | m >>= 3;
|
---|
341 |
|
---|
342 | if (!(m & S_IXOTH)) /* is x bit not set ? */
|
---|
343 | bb_error_msg_and_die ("You have no permission to run this applet!");
|
---|
344 |
|
---|
345 | if ((sct->m_mode & (S_ISGID | S_IXGRP)) == (S_ISGID | S_IXGRP)) { /* *both* have to be set for sgid */
|
---|
346 | if (setegid (sct->m_gid))
|
---|
347 | bb_error_msg_and_die
|
---|
348 | ("BusyBox binary has insufficient rights to set proper GID for applet!");
|
---|
349 | } else
|
---|
350 | setgid (rgid); /* no sgid -> drop */
|
---|
351 |
|
---|
352 | if (sct->m_mode & S_ISUID) {
|
---|
353 | if (seteuid (sct->m_uid))
|
---|
354 | bb_error_msg_and_die
|
---|
355 | ("BusyBox binary has insufficient rights to set proper UID for applet!");
|
---|
356 | } else
|
---|
357 | setuid (ruid); /* no suid -> drop */
|
---|
358 | } else {
|
---|
359 | /* default: drop all privileges */
|
---|
360 | setgid (rgid);
|
---|
361 | setuid (ruid);
|
---|
362 | }
|
---|
363 | return;
|
---|
364 | } else {
|
---|
365 | #ifndef CONFIG_FEATURE_SUID_CONFIG_QUIET
|
---|
366 | static int onetime = 0;
|
---|
367 |
|
---|
368 | if (!onetime) {
|
---|
369 | onetime = 1;
|
---|
370 | fprintf (stderr, "Using fallback suid method\n");
|
---|
371 | }
|
---|
372 | #endif
|
---|
373 | }
|
---|
374 | #endif
|
---|
375 |
|
---|
376 | if (applet->need_suid == _BB_SUID_ALWAYS) {
|
---|
377 | if (geteuid () != 0)
|
---|
378 | bb_error_msg_and_die ("This applet requires root privileges!");
|
---|
379 | } else if (applet->need_suid == _BB_SUID_NEVER) {
|
---|
380 | setgid (rgid); /* drop all privileges */
|
---|
381 | setuid (ruid);
|
---|
382 | }
|
---|
383 | }
|
---|
384 | #else
|
---|
385 | #define check_suid(x)
|
---|
386 | #endif /* CONFIG_FEATURE_SUID */
|
---|
387 |
|
---|
388 |
|
---|
389 |
|
---|
390 | #if ENABLE_FEATURE_COMPRESS_USAGE
|
---|
391 |
|
---|
392 | #include "usage_compressed.h"
|
---|
393 | #include "unarchive.h"
|
---|
394 |
|
---|
395 | static const char *unpack_usage_messages(void)
|
---|
396 | {
|
---|
397 | int input[2], output[2], pid;
|
---|
398 | char *buf;
|
---|
399 |
|
---|
400 | if(pipe(input) < 0 || pipe(output) < 0)
|
---|
401 | exit(1);
|
---|
402 |
|
---|
403 | pid = fork();
|
---|
404 | switch (pid) {
|
---|
405 | case -1: /* error */
|
---|
406 | exit(1);
|
---|
407 | case 0: /* child */
|
---|
408 | close(input[1]);
|
---|
409 | close(output[0]);
|
---|
410 | uncompressStream(input[0], output[1]);
|
---|
411 | exit(0);
|
---|
412 | }
|
---|
413 | /* parent */
|
---|
414 |
|
---|
415 | close(input[0]);
|
---|
416 | close(output[1]);
|
---|
417 | pid = fork();
|
---|
418 | switch (pid) {
|
---|
419 | case -1: /* error */
|
---|
420 | exit(1);
|
---|
421 | case 0: /* child */
|
---|
422 | bb_full_write(input[1], packed_usage, sizeof(packed_usage));
|
---|
423 | exit(0);
|
---|
424 | }
|
---|
425 | /* parent */
|
---|
426 | close(input[1]);
|
---|
427 |
|
---|
428 | buf = xmalloc(SIZEOF_usage_messages);
|
---|
429 | bb_full_read(output[0], buf, SIZEOF_usage_messages);
|
---|
430 | return buf;
|
---|
431 | }
|
---|
432 |
|
---|
433 | #else
|
---|
434 | #define unpack_usage_messages() usage_messages
|
---|
435 | #endif /* ENABLE_FEATURE_COMPRESS_USAGE */
|
---|
436 |
|
---|
437 | void bb_show_usage (void)
|
---|
438 | {
|
---|
439 | if (ENABLE_SHOW_USAGE) {
|
---|
440 | const char *format_string;
|
---|
441 | const char *usage_string = unpack_usage_messages();
|
---|
442 | int i;
|
---|
443 |
|
---|
444 | for (i = applet_using - applets; i > 0;)
|
---|
445 | if (!*usage_string++) --i;
|
---|
446 |
|
---|
447 | format_string = "%s\n\nUsage: %s %s\n\n";
|
---|
448 | if (*usage_string == '\b')
|
---|
449 | format_string = "%s\n\nNo help available.\n\n";
|
---|
450 | fprintf (stderr, format_string, bb_msg_full_version,
|
---|
451 | applet_using->name, usage_string);
|
---|
452 | }
|
---|
453 |
|
---|
454 | exit (bb_default_error_retval);
|
---|
455 | }
|
---|
456 |
|
---|
457 | static int applet_name_compare (const void *x, const void *y)
|
---|
458 | {
|
---|
459 | const char *name = x;
|
---|
460 | const struct BB_applet *applet = y;
|
---|
461 |
|
---|
462 | return strcmp (name, applet->name);
|
---|
463 | }
|
---|
464 |
|
---|
465 | extern const size_t NUM_APPLETS;
|
---|
466 |
|
---|
467 | struct BB_applet *find_applet_by_name (const char *name)
|
---|
468 | {
|
---|
469 | return bsearch (name, applets, NUM_APPLETS, sizeof (struct BB_applet),
|
---|
470 | applet_name_compare);
|
---|
471 | }
|
---|
472 |
|
---|
473 | void run_applet_by_name (const char *name, int argc, char **argv)
|
---|
474 | {
|
---|
475 | if(ENABLE_FEATURE_SUID_CONFIG) parse_config_file ();
|
---|
476 |
|
---|
477 | if(!strncmp(name, "busybox", 7)) busybox_main(argc, argv);
|
---|
478 | /* Do a binary search to find the applet entry given the name. */
|
---|
479 | applet_using = find_applet_by_name(name);
|
---|
480 | if(applet_using) {
|
---|
481 | bb_applet_name = applet_using->name;
|
---|
482 | if(argc==2 && !strcmp(argv[1], "--help")) bb_show_usage ();
|
---|
483 | if(ENABLE_FEATURE_SUID) check_suid (applet_using);
|
---|
484 | exit ((*(applet_using->main)) (argc, argv));
|
---|
485 | }
|
---|
486 | }
|
---|