diff options
-rw-r--r-- | include/libbb.h | 6 | ||||
-rw-r--r-- | libbb/change_identity.c | 12 | ||||
-rw-r--r-- | loginutils/Config.in | 8 | ||||
-rw-r--r-- | loginutils/login.c | 22 |
4 files changed, 39 insertions, 9 deletions
diff --git a/include/libbb.h b/include/libbb.h index 6bea048..7fbeb4f 100644 --- a/include/libbb.h +++ b/include/libbb.h @@ -490,9 +490,9 @@ void xprint_and_close_file(FILE *file); #define FAIL_DELAY 3 extern void bb_do_delay(int seconds); -extern void change_identity ( const struct passwd *pw ); -extern const char *change_identity_e2str ( const struct passwd *pw ); -extern void run_shell ( const char *shell, int loginshell, const char *command, const char **additional_args); +extern void change_identity(const struct passwd *pw); +extern const char *change_identity_e2str(const struct passwd *pw); +extern void run_shell(const char *shell, int loginshell, const char *command, const char **additional_args); #ifdef CONFIG_SELINUX extern void renew_current_security_context(void); extern void set_current_security_context(security_context_t sid); diff --git a/libbb/change_identity.c b/libbb/change_identity.c index 74ffccb..63c5ae1 100644 --- a/libbb/change_identity.c +++ b/libbb/change_identity.c @@ -40,21 +40,21 @@ /* Become the user and group(s) specified by PW. */ -const char *change_identity_e2str ( const struct passwd *pw ) +const char *change_identity_e2str(const struct passwd *pw) { - if ( initgroups ( pw-> pw_name, pw-> pw_gid ) == -1 ) + if (initgroups(pw->pw_name, pw->pw_gid) == -1) return "cannot set groups"; - endgrent ( ); + endgrent(); - xsetgid(pw-> pw_gid); + xsetgid(pw->pw_gid); xsetuid(pw->pw_uid); return NULL; } -void change_identity ( const struct passwd *pw ) +void change_identity(const struct passwd *pw) { const char *err_msg = change_identity_e2str(pw); if(err_msg) - bb_perror_msg_and_die ( "%s", err_msg ); + bb_perror_msg_and_die("%s", err_msg); } diff --git a/loginutils/Config.in b/loginutils/Config.in index 71e0a3a..6e45b70 100644 --- a/loginutils/Config.in +++ b/loginutils/Config.in @@ -111,6 +111,14 @@ config CONFIG_LOGIN Note that Busybox binary must be setuid root for this applet to work properly. +config CONFIG_LOGIN_SCRIPTS + bool "Support for login scripts" + depends on CONFIG_LOGIN + default n + help + Enable this if you want login to execute $LOGIN_PRE_SUID_SCRIPT + just prior to swithching from root to logged-in user. + config CONFIG_FEATURE_SECURETTY bool "Support for /etc/securetty" default y diff --git a/loginutils/login.c b/loginutils/login.c index 5b4edd8..39d980f 100644 --- a/loginutils/login.c +++ b/loginutils/login.c @@ -15,6 +15,7 @@ #include <sys/resource.h> #include <sys/stat.h> #include <sys/types.h> +#include <sys/wait.h> #include <ctype.h> #include <time.h> @@ -258,6 +259,27 @@ auth_ok: chown ( full_tty, pw-> pw_uid, pw-> pw_gid ); chmod ( full_tty, 0600 ); + if (ENABLE_LOGIN_SCRIPTS) { + char *script = getenv("LOGIN_PRE_SUID_SCRIPT"); + if (script) { + char *t_argv[2] = { script, NULL }; + switch(fork()) { + case -1: break; + case 0: /* child */ + xchdir("/"); + setenv("LOGIN_TTY", full_tty, 1); + setenv("LOGIN_USER", pw->pw_name, 1); + setenv("LOGIN_UID", utoa(pw->pw_uid), 1); + setenv("LOGIN_GID", utoa(pw->pw_gid), 1); + setenv("LOGIN_SHELL", pw->pw_shell, 1); + execvp(script, t_argv); + exit(1); + default: /* parent */ + wait(NULL); + } + } + } + change_identity ( pw ); tmp = pw-> pw_shell; if(!tmp || !*tmp) |