Context Navigation

su.c@ 3232

Visit:

Last change on this file since 3232 was 3232, checked in by Bruno Cornec, 10 years ago
Update mindi-busybox to 1.21.1
File size: 3.8 KB

Rev	Line
[821]	1	/* vi: set sw=4 ts=4: */
	2	/*
[2725]	3	* Mini su implementation for busybox
[1765]	4	*
[2725]	5	* Licensed under GPLv2 or later, see file LICENSE in this source tree.
[1765]	6	*/
[821]	7
[1765]	8	#include "libbb.h"
[821]	9	#include <syslog.h>
	10
[3232]	11	//usage:#define su_trivial_usage
	12	//usage: "[OPTIONS] [-] [USER]"
	13	//usage:#define su_full_usage "\n\n"
	14	//usage: "Run shell under USER (by default, root)\n"
	15	//usage: "\n -,-l Clear environment, run shell as login shell"
	16	//usage: "\n -p,-m Do not set new $HOME, $SHELL, $USER, $LOGNAME"
	17	//usage: "\n -c CMD Command to pass to 'sh -c'"
	18	//usage: "\n -s SH Shell to use instead of user's default"
	19
[2725]	20	#if ENABLE_FEATURE_SU_CHECKS_SHELLS
	21	/* Return 1 if SHELL is a restricted shell (one not returned by
	22	* getusershell), else 0, meaning it is a standard shell. */
	23	static int restricted_shell(const char *shell)
	24	{
	25	char *line;
	26	int result = 1;
	27
	28	/setusershell(); - getusershell does it itself/
	29	while ((line = getusershell()) != NULL) {
	30	if (/* line != '#' && / strcmp(line, shell) == 0) {
	31	result = 0;
	32	break;
	33	}
	34	}
	35	if (ENABLE_FEATURE_CLEAN_UP)
	36	endusershell();
	37	return result;
	38	}
	39	#endif
	40
[1765]	41	#define SU_OPT_mp (3)
[2725]	42	#define SU_OPT_l (4)
[821]	43
[2725]	44	int su_main(int argc, char **argv) MAIN_EXTERNALLY_VISIBLE;
	45	int su_main(int argc UNUSED_PARAM, char **argv)
[821]	46	{
[1765]	47	unsigned flags;
	48	char *opt_shell = NULL;
	49	char *opt_command = NULL;
	50	const char *opt_username = "root";
[821]	51	struct passwd *pw;
	52	uid_t cur_uid = getuid();
	53	const char *tty;
[3232]	54	#if ENABLE_FEATURE_UTMP
[2725]	55	char user_buf[64];
[3232]	56	#endif
[2725]	57	const char *old_user;
[821]	58
[1765]	59	flags = getopt32(argv, "mplc:s:", &opt_command, &opt_shell);
[2725]	60	//argc -= optind;
[1765]	61	argv += optind;
[821]	62
[2725]	63	if (argv[0] && LONE_DASH(argv[0])) {
[821]	64	flags \|= SU_OPT_l;
[1765]	65	argv++;
	66	}
[821]	67
	68	/* get user if specified */
[2725]	69	if (argv[0]) {
[1765]	70	opt_username = argv[0];
	71	argv++;
	72	}
[821]	73
[1765]	74	if (ENABLE_FEATURE_SU_SYSLOG) {
[2725]	75	/* The utmp entry (via getlogin) is probably the best way to
	76	* identify the user, especially if someone su's from a su-shell.
	77	* But getlogin can fail -- usually due to lack of utmp entry.
	78	* in this case resort to getpwuid. */
	79	#if ENABLE_FEATURE_UTMP
	80	old_user = user_buf;
	81	if (getlogin_r(user_buf, sizeof(user_buf)) != 0)
	82	#endif
	83	{
	84	pw = getpwuid(cur_uid);
	85	old_user = pw ? xstrdup(pw->pw_name) : "";
	86	}
	87	tty = xmalloc_ttyname(2);
	88	if (!tty) {
	89	tty = "none";
	90	}
[1765]	91	openlog(applet_name, 0, LOG_AUTH);
[821]	92	}
	93
[2725]	94	pw = xgetpwnam(opt_username);
[821]	95
[2725]	96	if (cur_uid == 0 \|\| correct_password(pw)) {
[1765]	97	if (ENABLE_FEATURE_SU_SYSLOG)
	98	syslog(LOG_NOTICE, "%c %s %s:%s",
	99	'+', tty, old_user, opt_username);
[821]	100	} else {
[1765]	101	if (ENABLE_FEATURE_SU_SYSLOG)
	102	syslog(LOG_NOTICE, "%c %s %s:%s",
	103	'-', tty, old_user, opt_username);
	104	bb_error_msg_and_die("incorrect password");
[821]	105	}
	106
[1765]	107	if (ENABLE_FEATURE_CLEAN_UP && ENABLE_FEATURE_SU_SYSLOG) {
	108	closelog();
	109	}
[821]	110
[2725]	111	if (!opt_shell && (flags & SU_OPT_mp)) {
	112	/* -s SHELL is not given, but "preserve env" opt is */
[1765]	113	opt_shell = getenv("SHELL");
[2725]	114	}
[821]	115
[1765]	116	#if ENABLE_FEATURE_SU_CHECKS_SHELLS
[3232]	117	if (opt_shell && cur_uid != 0 && pw->pw_shell && restricted_shell(pw->pw_shell)) {
[821]	118	/* The user being su'd to has a nonstandard shell, and so is
[2725]	119	* probably a uucp account or has restricted access. Don't
	120	* compromise the account by allowing access with a standard
	121	* shell. */
[1765]	122	bb_error_msg("using restricted shell");
[3232]	123	opt_shell = NULL; /* ignore -s PROG */
[821]	124	}
[2725]	125	/* else: user can run whatever he wants via "su -s PROG USER".
	126	* This is safe since PROG is run under user's uid/gid. */
[1765]	127	#endif
	128	if (!opt_shell)
[821]	129	opt_shell = pw->pw_shell;
	130
[1765]	131	change_identity(pw);
[2725]	132	setup_environment(opt_shell,
	133	((flags & SU_OPT_l) / SU_OPT_l * SETUP_ENV_CLEARENV)
[3232]	134	+ (!(flags & SU_OPT_mp) * SETUP_ENV_CHANGEENV)
	135	+ (!(flags & SU_OPT_l) * SETUP_ENV_NO_CHDIR),
[2725]	136	pw);
	137	IF_SELINUX(set_current_security_context(NULL);)
[821]	138
[1765]	139	/* Never returns */
	140	run_shell(opt_shell, flags & SU_OPT_l, opt_command, (const char**)argv);
	141
[2725]	142	/* return EXIT_FAILURE; - not reached */
[821]	143	}

Note: See TracBrowser for help on using the repository browser.

Context Navigation

source: MondoRescue/branches/3.2/mindi-busybox/loginutils/su.c@ 3232

Download in other formats: