Context Navigation

← Previous Revision
Latest Revision
Next Revision →
Blame
Revision Log

chpst.c@ 3621

Visit:

Last change on this file since 3621 was 3621, checked in by Bruno Cornec, 7 years ago
New 3?3 banch for incorporation of latest busybox 1.25. Changing minor version to handle potential incompatibilities.
Property svn:eol-style set to `native`
File size: 13.7 KB

Line
1	/*
2	Copyright (c) 2001-2006, Gerrit Pape
3	All rights reserved.
4
5	Redistribution and use in source and binary forms, with or without
6	modification, are permitted provided that the following conditions are met:
7
8	1. Redistributions of source code must retain the above copyright notice,
9	this list of conditions and the following disclaimer.
10	2. Redistributions in binary form must reproduce the above copyright
11	notice, this list of conditions and the following disclaimer in the
12	documentation and/or other materials provided with the distribution.
13	3. The name of the author may not be used to endorse or promote products
14	derived from this software without specific prior written permission.
15
16	THIS SOFTWARE IS PROVIDED BY THE AUTHOR ``AS IS'' AND ANY EXPRESS OR IMPLIED
17	WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE IMPLIED WARRANTIES OF
18	MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE ARE DISCLAIMED. IN NO
19	EVENT SHALL THE AUTHOR BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL,
20	SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT NOT LIMITED TO,
21	PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; LOSS OF USE, DATA, OR PROFITS;
22	OR BUSINESS INTERRUPTION) HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY,
23	WHETHER IN CONTRACT, STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR
24	OTHERWISE) ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF
25	ADVISED OF THE POSSIBILITY OF SUCH DAMAGE.
26	*/
27
28	/* Busyboxed by Denys Vlasenko <vda.linux@googlemail.com> */
29
30	//config:config CHPST
31	//config: bool "chpst"
32	//config: default y
33	//config: help
34	//config: chpst changes the process state according to the given options, and
35	//config: execs specified program.
36	//config:
37	//config:config SETUIDGID
38	//config: bool "setuidgid"
39	//config: default y
40	//config: help
41	//config: Sets soft resource limits as specified by options
42	//config:
43	//config:config ENVUIDGID
44	//config: bool "envuidgid"
45	//config: default y
46	//config: help
47	//config: Sets $UID to account's uid and $GID to account's gid
48	//config:
49	//config:config ENVDIR
50	//config: bool "envdir"
51	//config: default y
52	//config: help
53	//config: Sets various environment variables as specified by files
54	//config: in the given directory
55	//config:
56	//config:config SOFTLIMIT
57	//config: bool "softlimit"
58	//config: default y
59	//config: help
60	//config: Sets soft resource limits as specified by options
61
62	//applet:IF_CHPST(APPLET(chpst, BB_DIR_USR_BIN, BB_SUID_DROP))
63	//applet:IF_ENVDIR(APPLET_ODDNAME(envdir, chpst, BB_DIR_USR_BIN, BB_SUID_DROP, envdir))
64	//applet:IF_ENVUIDGID(APPLET_ODDNAME(envuidgid, chpst, BB_DIR_USR_BIN, BB_SUID_DROP, envuidgid))
65	//applet:IF_SETUIDGID(APPLET_ODDNAME(setuidgid, chpst, BB_DIR_USR_BIN, BB_SUID_DROP, setuidgid))
66	//applet:IF_SOFTLIMIT(APPLET_ODDNAME(softlimit, chpst, BB_DIR_USR_BIN, BB_SUID_DROP, softlimit))
67
68	//kbuild:lib-$(CONFIG_CHPST) += chpst.o
69	//kbuild:lib-$(CONFIG_ENVDIR) += chpst.o
70	//kbuild:lib-$(CONFIG_ENVUIDGID) += chpst.o
71	//kbuild:lib-$(CONFIG_SETUIDGID) += chpst.o
72	//kbuild:lib-$(CONFIG_SOFTLIMIT) += chpst.o
73
74	//usage:#define chpst_trivial_usage
75	//usage: "[-vP012] [-u USER[:GRP]] [-U USER[:GRP]] [-e DIR]\n"
76	//usage: " [-/ DIR] [-n NICE] [-m BYTES] [-d BYTES] [-o N]\n"
77	//usage: " [-p N] [-f BYTES] [-c BYTES] PROG ARGS"
78	//usage:#define chpst_full_usage "\n\n"
79	//usage: "Change the process state, run PROG\n"
80	//usage: "\n -u USER[:GRP] Set uid and gid"
81	//usage: "\n -U USER[:GRP] Set $UID and $GID in environment"
82	//usage: "\n -e DIR Set environment variables as specified by files"
83	//usage: "\n in DIR: file=1st_line_of_file"
84	//usage: "\n -/ DIR Chroot to DIR"
85	//usage: "\n -n NICE Add NICE to nice value"
86	//usage: "\n -m BYTES Same as -d BYTES -s BYTES -l BYTES"
87	//usage: "\n -d BYTES Limit data segment"
88	//usage: "\n -o N Limit number of open files per process"
89	//usage: "\n -p N Limit number of processes per uid"
90	//usage: "\n -f BYTES Limit output file sizes"
91	//usage: "\n -c BYTES Limit core file size"
92	//usage: "\n -v Verbose"
93	//usage: "\n -P Create new process group"
94	//usage: "\n -0 Close stdin"
95	//usage: "\n -1 Close stdout"
96	//usage: "\n -2 Close stderr"
97	//usage:
98	//usage:#define envdir_trivial_usage
99	//usage: "DIR PROG ARGS"
100	//usage:#define envdir_full_usage "\n\n"
101	//usage: "Set various environment variables as specified by files\n"
102	//usage: "in the directory DIR, run PROG"
103	//usage:
104	//usage:#define envuidgid_trivial_usage
105	//usage: "USER PROG ARGS"
106	//usage:#define envuidgid_full_usage "\n\n"
107	//usage: "Set $UID to USER's uid and $GID to USER's gid, run PROG"
108	//usage:
109	//usage:#define setuidgid_trivial_usage
110	//usage: "USER PROG ARGS"
111	//usage:#define setuidgid_full_usage "\n\n"
112	//usage: "Set uid and gid to USER's uid and gid, drop supplementary group ids,\n"
113	//usage: "run PROG"
114	//usage:
115	//usage:#define softlimit_trivial_usage
116	//usage: "[-a BYTES] [-m BYTES] [-d BYTES] [-s BYTES] [-l BYTES]\n"
117	//usage: " [-f BYTES] [-c BYTES] [-r BYTES] [-o N] [-p N] [-t N]\n"
118	//usage: " PROG ARGS"
119	//usage:#define softlimit_full_usage "\n\n"
120	//usage: "Set soft resource limits, then run PROG\n"
121	//usage: "\n -a BYTES Limit total size of all segments"
122	//usage: "\n -m BYTES Same as -d BYTES -s BYTES -l BYTES -a BYTES"
123	//usage: "\n -d BYTES Limit data segment"
124	//usage: "\n -s BYTES Limit stack segment"
125	//usage: "\n -l BYTES Limit locked memory size"
126	//usage: "\n -o N Limit number of open files per process"
127	//usage: "\n -p N Limit number of processes per uid"
128	//usage: "\nOptions controlling file sizes:"
129	//usage: "\n -f BYTES Limit output file sizes"
130	//usage: "\n -c BYTES Limit core file size"
131	//usage: "\nEfficiency opts:"
132	//usage: "\n -r BYTES Limit resident set size"
133	//usage: "\n -t N Limit CPU time, process receives"
134	//usage: "\n a SIGXCPU after N seconds"
135
136	#include "libbb.h"
137	#include <sys/resource.h> /* getrlimit */
138
139	/*
140	Five applets here: chpst, envdir, envuidgid, setuidgid, softlimit.
141
142	Only softlimit and chpst are taking options:
143
144	# common
145	-o N Limit number of open files per process
146	-p N Limit number of processes per uid
147	-m BYTES Same as -d BYTES -s BYTES -l BYTES [-a BYTES]
148	-d BYTES Limit data segment
149	-f BYTES Limit output file sizes
150	-c BYTES Limit core file size
151	# softlimit
152	-a BYTES Limit total size of all segments
153	-s BYTES Limit stack segment
154	-l BYTES Limit locked memory size
155	-r BYTES Limit resident set size
156	-t N Limit CPU time
157	# chpst
158	-u USER[:GRP] Set uid and gid
159	-U USER[:GRP] Set $UID and $GID in environment
160	-e DIR Set environment variables as specified by files in DIR
161	-/ DIR Chroot to DIR
162	-n NICE Add NICE to nice value
163	-v Verbose
164	-P Create new process group
165	-0 -1 -2 Close fd 0,1,2
166
167	Even though we accept all these options for both softlimit and chpst,
168	they are not to be advertised on their help texts.
169	We have enough problems with feature creep in other people's
170	software, don't want to add our own.
171
172	envdir, envuidgid, setuidgid take no options, but they reuse code which
173	handles -e, -U and -u.
174	*/
175
176	enum {
177	OPT_a = (1 << 0) * ENABLE_SOFTLIMIT,
178	OPT_c = (1 << 1) * (ENABLE_SOFTLIMIT \|\| ENABLE_CHPST),
179	OPT_d = (1 << 2) * (ENABLE_SOFTLIMIT \|\| ENABLE_CHPST),
180	OPT_f = (1 << 3) * (ENABLE_SOFTLIMIT \|\| ENABLE_CHPST),
181	OPT_l = (1 << 4) * ENABLE_SOFTLIMIT,
182	OPT_m = (1 << 5) * (ENABLE_SOFTLIMIT \|\| ENABLE_CHPST),
183	OPT_o = (1 << 6) * (ENABLE_SOFTLIMIT \|\| ENABLE_CHPST),
184	OPT_p = (1 << 7) * (ENABLE_SOFTLIMIT \|\| ENABLE_CHPST),
185	OPT_r = (1 << 8) * ENABLE_SOFTLIMIT,
186	OPT_s = (1 << 9) * ENABLE_SOFTLIMIT,
187	OPT_t = (1 << 10) * ENABLE_SOFTLIMIT,
188	OPT_u = (1 << 11) * (ENABLE_CHPST \|\| ENABLE_SETUIDGID),
189	OPT_U = (1 << 12) * (ENABLE_CHPST \|\| ENABLE_ENVUIDGID),
190	OPT_e = (1 << 13) * (ENABLE_CHPST \|\| ENABLE_ENVDIR),
191	OPT_root = (1 << 14) * ENABLE_CHPST,
192	OPT_n = (1 << 15) * ENABLE_CHPST,
193	OPT_v = (1 << 16) * ENABLE_CHPST,
194	OPT_P = (1 << 17) * ENABLE_CHPST,
195	OPT_0 = (1 << 18) * ENABLE_CHPST,
196	OPT_1 = (1 << 19) * ENABLE_CHPST,
197	OPT_2 = (1 << 20) * ENABLE_CHPST,
198	};
199
200	/* TODO: use recursive_action? */
201	static NOINLINE void edir(const char *directory_name)
202	{
203	int wdir;
204	DIR *dir;
205	struct dirent *d;
206	int fd;
207
208	wdir = xopen(".", O_RDONLY \| O_NDELAY);
209	xchdir(directory_name);
210	dir = xopendir(".");
211	for (;;) {
212	char buf[256];
213	char *tail;
214	int size;
215
216	errno = 0;
217	d = readdir(dir);
218	if (!d) {
219	if (errno)
220	bb_perror_msg_and_die("readdir %s",
221	directory_name);
222	break;
223	}
224	if (d->d_name[0] == '.')
225	continue;
226	fd = open(d->d_name, O_RDONLY \| O_NDELAY);
227	if (fd < 0) {
228	if ((errno == EISDIR) && directory_name) {
229	if (option_mask32 & OPT_v)
230	bb_perror_msg("warning: %s/%s is a directory",
231	directory_name, d->d_name);
232	continue;
233	}
234	bb_perror_msg_and_die("open %s/%s",
235	directory_name, d->d_name);
236	}
237	size = full_read(fd, buf, sizeof(buf)-1);
238	close(fd);
239	if (size < 0)
240	bb_perror_msg_and_die("read %s/%s",
241	directory_name, d->d_name);
242	if (size == 0) {
243	unsetenv(d->d_name);
244	continue;
245	}
246	buf[size] = '\n';
247	tail = strchr(buf, '\n');
248	/* skip trailing whitespace */
249	while (1) {
250	*tail = '\0';
251	tail--;
252	if (tail < buf \|\| !isspace(*tail))
253	break;
254	}
255	xsetenv(d->d_name, buf);
256	}
257	closedir(dir);
258	xfchdir(wdir);
259	close(wdir);
260	}
261
262	static void limit(int what, long l)
263	{
264	struct rlimit r;
265
266	/* Never fails under Linux (except if you pass it bad arguments) */
267	getrlimit(what, &r);
268	if ((l < 0) \|\| (l > r.rlim_max))
269	r.rlim_cur = r.rlim_max;
270	else
271	r.rlim_cur = l;
272	if (setrlimit(what, &r) == -1)
273	bb_perror_msg_and_die("setrlimit");
274	}
275
276	int chpst_main(int argc, char **argv) MAIN_EXTERNALLY_VISIBLE;
277	int chpst_main(int argc UNUSED_PARAM, char **argv)
278	{
279	struct bb_uidgid_t ugid;
280	char set_user = set_user; / for compiler */
281	char *env_dir = env_dir;
282	char *root;
283	char *nicestr;
284	unsigned limita;
285	unsigned limitc;
286	unsigned limitd;
287	unsigned limitf;
288	unsigned limitl;
289	unsigned limitm;
290	unsigned limito;
291	unsigned limitp;
292	unsigned limitr;
293	unsigned limits;
294	unsigned limitt;
295	unsigned opt;
296
297	if ((ENABLE_CHPST && applet_name[0] == 'c')
298	\|\| (ENABLE_SOFTLIMIT && applet_name[1] == 'o')
299	) {
300	// FIXME: can we live with int-sized limits?
301	// can we live with 40000 days?
302	// if yes -> getopt converts strings to numbers for us
303	opt_complementary = "-1:a+:c+:d+:f+:l+:m+:o+:p+:r+:s+:t+";
304	opt = getopt32(argv, "+a:c:d:f:l:m:o:p:r:s:t:u:U:e:"
305	IF_CHPST("/:n:vP012"),
306	&limita, &limitc, &limitd, &limitf, &limitl,
307	&limitm, &limito, &limitp, &limitr, &limits, &limitt,
308	&set_user, &set_user, &env_dir
309	IF_CHPST(, &root, &nicestr));
310	argv += optind;
311	if (opt & OPT_m) { // -m means -asld
312	limita = limits = limitl = limitd = limitm;
313	opt \|= (OPT_s \| OPT_l \| OPT_a \| OPT_d);
314	}
315	} else {
316	option_mask32 = opt = 0;
317	argv++;
318	if (!*argv)
319	bb_show_usage();
320	}
321
322	// envdir?
323	if (ENABLE_ENVDIR && applet_name[3] == 'd') {
324	env_dir = *argv++;
325	opt \|= OPT_e;
326	}
327
328	// setuidgid?
329	if (ENABLE_SETUIDGID && applet_name[1] == 'e') {
330	set_user = *argv++;
331	opt \|= OPT_u;
332	}
333
334	// envuidgid?
335	if (ENABLE_ENVUIDGID && applet_name[0] == 'e' && applet_name[3] == 'u') {
336	set_user = *argv++;
337	opt \|= OPT_U;
338	}
339
340	// we must have PROG [ARGS]
341	if (!*argv)
342	bb_show_usage();
343
344	// set limits
345	if (opt & OPT_d) {
346	#ifdef RLIMIT_DATA
347	limit(RLIMIT_DATA, limitd);
348	#else
349	if (opt & OPT_v)
350	bb_error_msg("system does not support RLIMIT_%s",
351	"DATA");
352	#endif
353	}
354	if (opt & OPT_s) {
355	#ifdef RLIMIT_STACK
356	limit(RLIMIT_STACK, limits);
357	#else
358	if (opt & OPT_v)
359	bb_error_msg("system does not support RLIMIT_%s",
360	"STACK");
361	#endif
362	}
363	if (opt & OPT_l) {
364	#ifdef RLIMIT_MEMLOCK
365	limit(RLIMIT_MEMLOCK, limitl);
366	#else
367	if (opt & OPT_v)
368	bb_error_msg("system does not support RLIMIT_%s",
369	"MEMLOCK");
370	#endif
371	}
372	if (opt & OPT_a) {
373	#ifdef RLIMIT_VMEM
374	limit(RLIMIT_VMEM, limita);
375	#else
376	#ifdef RLIMIT_AS
377	limit(RLIMIT_AS, limita);
378	#else
379	if (opt & OPT_v)
380	bb_error_msg("system does not support RLIMIT_%s",
381	"VMEM");
382	#endif
383	#endif
384	}
385	if (opt & OPT_o) {
386	#ifdef RLIMIT_NOFILE
387	limit(RLIMIT_NOFILE, limito);
388	#else
389	#ifdef RLIMIT_OFILE
390	limit(RLIMIT_OFILE, limito);
391	#else
392	if (opt & OPT_v)
393	bb_error_msg("system does not support RLIMIT_%s",
394	"NOFILE");
395	#endif
396	#endif
397	}
398	if (opt & OPT_p) {
399	#ifdef RLIMIT_NPROC
400	limit(RLIMIT_NPROC, limitp);
401	#else
402	if (opt & OPT_v)
403	bb_error_msg("system does not support RLIMIT_%s",
404	"NPROC");
405	#endif
406	}
407	if (opt & OPT_f) {
408	#ifdef RLIMIT_FSIZE
409	limit(RLIMIT_FSIZE, limitf);
410	#else
411	if (opt & OPT_v)
412	bb_error_msg("system does not support RLIMIT_%s",
413	"FSIZE");
414	#endif
415	}
416	if (opt & OPT_c) {
417	#ifdef RLIMIT_CORE
418	limit(RLIMIT_CORE, limitc);
419	#else
420	if (opt & OPT_v)
421	bb_error_msg("system does not support RLIMIT_%s",
422	"CORE");
423	#endif
424	}
425	if (opt & OPT_r) {
426	#ifdef RLIMIT_RSS
427	limit(RLIMIT_RSS, limitr);
428	#else
429	if (opt & OPT_v)
430	bb_error_msg("system does not support RLIMIT_%s",
431	"RSS");
432	#endif
433	}
434	if (opt & OPT_t) {
435	#ifdef RLIMIT_CPU
436	limit(RLIMIT_CPU, limitt);
437	#else
438	if (opt & OPT_v)
439	bb_error_msg("system does not support RLIMIT_%s",
440	"CPU");
441	#endif
442	}
443
444	if (opt & OPT_P)
445	setsid();
446
447	if (opt & OPT_e)
448	edir(env_dir);
449
450	if (opt & (OPT_u\|OPT_U))
451	xget_uidgid(&ugid, set_user);
452
453	// chrooted jail must have /etc/passwd if we move this after chroot.
454	// OTOH chroot fails for non-roots.
455	// Solution: cache uid/gid before chroot, apply uid/gid after.
456	if (opt & OPT_U) {
457	xsetenv("GID", utoa(ugid.gid));
458	xsetenv("UID", utoa(ugid.uid));
459	}
460
461	if (opt & OPT_root) {
462	xchroot(root);
463	}
464
465	if (opt & OPT_u) {
466	if (setgroups(1, &ugid.gid) == -1)
467	bb_perror_msg_and_die("setgroups");
468	xsetgid(ugid.gid);
469	xsetuid(ugid.uid);
470	}
471
472	if (opt & OPT_n) {
473	errno = 0;
474	if (nice(xatoi(nicestr)) == -1)
475	bb_perror_msg_and_die("nice");
476	}
477
478	if (opt & OPT_0)
479	close(STDIN_FILENO);
480	if (opt & OPT_1)
481	close(STDOUT_FILENO);
482	if (opt & OPT_2)
483	close(STDERR_FILENO);
484
485	BB_EXECVP_or_die(argv);
486	}

Note: See TracBrowser for help on using the repository browser.

Context Navigation

source: MondoRescue/branches/3.3/mindi-busybox/runit/chpst.c@ 3621

Download in other formats: