summaryrefslogtreecommitdiff
path: root/libbb/appletlib.c
diff options
context:
space:
mode:
Diffstat (limited to 'libbb/appletlib.c')
-rw-r--r--libbb/appletlib.c553
1 files changed, 549 insertions, 4 deletions
diff --git a/libbb/appletlib.c b/libbb/appletlib.c
index cfa60a9..7808df5 100644
--- a/libbb/appletlib.c
+++ b/libbb/appletlib.c
@@ -1,11 +1,15 @@
/* vi: set sw=4 ts=4: */
/*
- * Support for main() which needs to end up in libbusybox, not busybox,
- * if one builds libbusybox.
+ * Utility routines.
*
- * Copyright (C) 2007 Denys Vlasenko <vda.linux@googlemail.com>
+ * Copyright (C) tons of folks. Tracking down who wrote what
+ * isn't something I'm going to worry about... If you wrote something
+ * here, please feel free to acknowledge your work.
*
- * Licensed under GPLv2, see file License in this tarball for details.
+ * Based in part on code from sash, Copyright (c) 1999 by David I. Bell
+ * Permission has been granted to redistribute this code under the GPL.
+ *
+ * Licensed under GPLv2 or later, see file License in this tarball for details.
*/
#include <assert.h>
@@ -140,3 +144,544 @@ void bbox_prepare_main(char **argv)
bb_show_usage();
#endif
}
+
+/* The code below can well be in applets/applets.c, as it is used only
+ * for busybox binary, not "individual" binaries.
+ * However, keeping it here and linking it into libbusybox.so
+ * (together with remaining tiny applets/applets.o)
+ * makes it possible to avoid --whole-archive at link time.
+ * This makes (shared busybox) + libbusybox smaller.
+ * (--gc-sections would be even better....)
+ */
+
+const char *applet_name;
+#if !BB_MMU
+bool re_execed;
+#endif
+
+USE_FEATURE_SUID(static uid_t ruid;) /* real uid */
+
+#if ENABLE_FEATURE_SUID_CONFIG
+
+/* applets[] is const, so we have to define this "override" structure */
+static struct BB_suid_config {
+ const struct bb_applet *m_applet;
+ uid_t m_uid;
+ gid_t m_gid;
+ mode_t m_mode;
+ struct BB_suid_config *m_next;
+} *suid_config;
+
+static bool suid_cfg_readable;
+
+/* check if u is member of group g */
+static int ingroup(uid_t u, gid_t g)
+{
+ struct group *grp = getgrgid(g);
+
+ if (grp) {
+ char **mem;
+
+ for (mem = grp->gr_mem; *mem; mem++) {
+ struct passwd *pwd = getpwnam(*mem);
+
+ if (pwd && (pwd->pw_uid == u))
+ return 1;
+ }
+ }
+ return 0;
+}
+
+/* This should probably be a libbb routine. In that case,
+ * I'd probably rename it to something like bb_trimmed_slice.
+ */
+static char *get_trimmed_slice(char *s, char *e)
+{
+ /* First, consider the value at e to be nul and back up until we
+ * reach a non-space char. Set the char after that (possibly at
+ * the original e) to nul. */
+ while (e-- > s) {
+ if (!isspace(*e)) {
+ break;
+ }
+ }
+ e[1] = '\0';
+
+ /* Next, advance past all leading space and return a ptr to the
+ * first non-space char; possibly the terminating nul. */
+ return skip_whitespace(s);
+}
+
+/* Don't depend on the tools to combine strings. */
+static const char config_file[] ALIGN1 = "/etc/busybox.conf";
+
+/* We don't supply a value for the nul, so an index adjustment is
+ * necessary below. Also, we use unsigned short here to save some
+ * space even though these are really mode_t values. */
+static const unsigned short mode_mask[] ALIGN2 = {
+ /* SST sst xxx --- */
+ S_ISUID, S_ISUID|S_IXUSR, S_IXUSR, 0, /* user */
+ S_ISGID, S_ISGID|S_IXGRP, S_IXGRP, 0, /* group */
+ 0, S_IXOTH, S_IXOTH, 0 /* other */
+};
+
+#define parse_error(x) do { errmsg = x; goto pe_label; } while (0)
+
+static void parse_config_file(void)
+{
+ struct BB_suid_config *sct_head;
+ struct BB_suid_config *sct;
+ const struct bb_applet *applet;
+ FILE *f;
+ const char *errmsg;
+ char *s;
+ char *e;
+ int i;
+ unsigned lc;
+ smallint section;
+ char buffer[256];
+ struct stat st;
+
+ assert(!suid_config); /* Should be set to NULL by bss init. */
+
+ ruid = getuid();
+ if (ruid == 0) /* run by root - don't need to even read config file */
+ return;
+
+ if ((stat(config_file, &st) != 0) /* No config file? */
+ || !S_ISREG(st.st_mode) /* Not a regular file? */
+ || (st.st_uid != 0) /* Not owned by root? */
+ || (st.st_mode & (S_IWGRP | S_IWOTH)) /* Writable by non-root? */
+ || !(f = fopen(config_file, "r")) /* Cannot open? */
+ ) {
+ return;
+ }
+
+ suid_cfg_readable = 1;
+ sct_head = NULL;
+ section = lc = 0;
+
+ while (1) {
+ s = buffer;
+
+ if (!fgets(s, sizeof(buffer), f)) { /* Are we done? */
+ if (ferror(f)) { /* Make sure it wasn't a read error. */
+ parse_error("reading");
+ }
+ fclose(f);
+ suid_config = sct_head; /* Success, so set the pointer. */
+ return;
+ }
+
+ lc++; /* Got a (partial) line. */
+
+ /* If a line is too long for our buffer, we consider it an error.
+ * The following test does mistreat one corner case though.
+ * If the final line of the file does not end with a newline and
+ * yet exactly fills the buffer, it will be treated as too long
+ * even though there isn't really a problem. But it isn't really
+ * worth adding code to deal with such an unlikely situation, and
+ * we do err on the side of caution. Besides, the line would be
+ * too long if it did end with a newline. */
+ if (!strchr(s, '\n') && !feof(f)) {
+ parse_error("line too long");
+ }
+
+ /* Trim leading and trailing whitespace, ignoring comments, and
+ * check if the resulting string is empty. */
+ s = get_trimmed_slice(s, strchrnul(s, '#'));
+ if (!*s) {
+ continue;
+ }
+
+ /* Check for a section header. */
+
+ if (*s == '[') {
+ /* Unlike the old code, we ignore leading and trailing
+ * whitespace for the section name. We also require that
+ * there are no stray characters after the closing bracket. */
+ e = strchr(s, ']');
+ if (!e /* Missing right bracket? */
+ || e[1] /* Trailing characters? */
+ || !*(s = get_trimmed_slice(s+1, e)) /* Missing name? */
+ ) {
+ parse_error("section header");
+ }
+ /* Right now we only have one section so just check it.
+ * If more sections are added in the future, please don't
+ * resort to cascading ifs with multiple strcasecmp calls.
+ * That kind of bloated code is all too common. A loop
+ * and a string table would be a better choice unless the
+ * number of sections is very small. */
+ if (strcasecmp(s, "SUID") == 0) {
+ section = 1;
+ continue;
+ }
+ section = -1; /* Unknown section so set to skip. */
+ continue;
+ }
+
+ /* Process sections. */
+
+ if (section == 1) { /* SUID */
+ /* Since we trimmed leading and trailing space above, we're
+ * now looking for strings of the form
+ * <key>[::space::]*=[::space::]*<value>
+ * where both key and value could contain inner whitespace. */
+
+ /* First get the key (an applet name in our case). */
+ e = strchr(s, '=');
+ if (e) {
+ s = get_trimmed_slice(s, e);
+ }
+ if (!e || !*s) { /* Missing '=' or empty key. */
+ parse_error("keyword");
+ }
+
+ /* Ok, we have an applet name. Process the rhs if this
+ * applet is currently built in and ignore it otherwise.
+ * Note: this can hide config file bugs which only pop
+ * up when the busybox configuration is changed. */
+ applet = find_applet_by_name(s);
+ if (applet) {
+ /* Note: We currently don't check for duplicates!
+ * The last config line for each applet will be the
+ * one used since we insert at the head of the list.
+ * I suppose this could be considered a feature. */
+ sct = xmalloc(sizeof(struct BB_suid_config));
+ sct->m_applet = applet;
+ sct->m_mode = 0;
+ sct->m_next = sct_head;
+ sct_head = sct;
+
+ /* Get the specified mode. */
+
+ e = skip_whitespace(e+1);
+
+ for (i = 0; i < 3; i++) {
+ /* There are 4 chars + 1 nul for each of user/group/other. */
+ static const char mode_chars[] ALIGN1 = "Ssx-\0" "Ssx-\0" "Ttx-";
+
+ const char *q;
+ q = strchrnul(mode_chars + 5*i, *e++);
+ if (!*q) {
+ parse_error("mode");
+ }
+ /* Adjust by -i to account for nul. */
+ sct->m_mode |= mode_mask[(q - mode_chars) - i];
+ }
+
+ /* Now get the the user/group info. */
+
+ s = skip_whitespace(e);
+
+ /* Note: we require whitespace between the mode and the
+ * user/group info. */
+ if ((s == e) || !(e = strchr(s, '.'))) {
+ parse_error("<uid>.<gid>");
+ }
+ *e++ = '\0';
+
+ /* We can't use get_ug_id here since it would exit()
+ * if a uid or gid was not found. Oh well... */
+ sct->m_uid = bb_strtoul(s, NULL, 10);
+ if (errno) {
+ struct passwd *pwd = getpwnam(s);
+ if (!pwd) {
+ parse_error("user");
+ }
+ sct->m_uid = pwd->pw_uid;
+ }
+
+ sct->m_gid = bb_strtoul(e, NULL, 10);
+ if (errno) {
+ struct group *grp;
+ grp = getgrnam(e);
+ if (!grp) {
+ parse_error("group");
+ }
+ sct->m_gid = grp->gr_gid;
+ }
+ }
+ continue;
+ }
+
+ /* Unknown sections are ignored. */
+
+ /* Encountering configuration lines prior to seeing a
+ * section header is treated as an error. This is how
+ * the old code worked, but it may not be desirable.
+ * We may want to simply ignore such lines in case they
+ * are used in some future version of busybox. */
+ if (!section) {
+ parse_error("keyword outside section");
+ }
+
+ } /* while (1) */
+
+ pe_label:
+ fprintf(stderr, "Parse error in %s, line %d: %s\n",
+ config_file, lc, errmsg);
+
+ fclose(f);
+ /* Release any allocated memory before returning. */
+ while (sct_head) {
+ sct = sct_head->m_next;
+ free(sct_head);
+ sct_head = sct;
+ }
+}
+#else
+static inline void parse_config_file(void)
+{
+ USE_FEATURE_SUID(ruid = getuid();)
+}
+#endif /* FEATURE_SUID_CONFIG */
+
+
+#if ENABLE_FEATURE_SUID
+static void check_suid(const struct bb_applet *applet)
+{
+ gid_t rgid; /* real gid */
+
+ if (ruid == 0) /* set by parse_config_file() */
+ return; /* run by root - no need to check more */
+ rgid = getgid();
+
+#if ENABLE_FEATURE_SUID_CONFIG
+ if (suid_cfg_readable) {
+ uid_t uid;
+ struct BB_suid_config *sct;
+ mode_t m;
+
+ for (sct = suid_config; sct; sct = sct->m_next) {
+ if (sct->m_applet == applet)
+ goto found;
+ }
+ /* default: drop all privileges */
+ xsetgid(rgid);
+ xsetuid(ruid);
+ return;
+ found:
+ m = sct->m_mode;
+ if (sct->m_uid == ruid)
+ /* same uid */
+ m >>= 6;
+ else if ((sct->m_gid == rgid) || ingroup(ruid, sct->m_gid))
+ /* same group / in group */
+ m >>= 3;
+
+ if (!(m & S_IXOTH)) /* is x bit not set ? */
+ bb_error_msg_and_die("you have no permission to run this applet!");
+
+ /* _both_ sgid and group_exec have to be set for setegid */
+ if ((sct->m_mode & (S_ISGID | S_IXGRP)) == (S_ISGID | S_IXGRP))
+ rgid = sct->m_gid;
+ /* else (no setegid) we will set egid = rgid */
+
+ /* We set effective AND saved ids. If saved-id is not set
+ * like we do below, seteiud(0) can still later succeed! */
+ if (setresgid(-1, rgid, rgid))
+ bb_perror_msg_and_die("setresgid");
+
+ /* do we have to set effective uid? */
+ uid = ruid;
+ if (sct->m_mode & S_ISUID)
+ uid = sct->m_uid;
+ /* else (no seteuid) we will set euid = ruid */
+
+ if (setresuid(-1, uid, uid))
+ bb_perror_msg_and_die("setresuid");
+ return;
+ }
+#if !ENABLE_FEATURE_SUID_CONFIG_QUIET
+ {
+ static bool onetime = 0;
+
+ if (!onetime) {
+ onetime = 1;
+ fprintf(stderr, "Using fallback suid method\n");
+ }
+ }
+#endif
+#endif
+
+ if (applet->need_suid == _BB_SUID_ALWAYS) {
+ /* Real uid is not 0. If euid isn't 0 too, suid bit
+ * is most probably not set on our executable */
+ if (geteuid())
+ bb_error_msg_and_die("applet requires root privileges!");
+ } else if (applet->need_suid == _BB_SUID_NEVER) {
+ xsetgid(rgid); /* drop all privileges */
+ xsetuid(ruid);
+ }
+}
+#else
+#define check_suid(x) ((void)0)
+#endif /* FEATURE_SUID */
+
+
+#if ENABLE_FEATURE_INSTALLER
+/* create (sym)links for each applet */
+static void install_links(const char *busybox, int use_symbolic_links)
+{
+ /* directory table
+ * this should be consistent w/ the enum,
+ * busybox.h::bb_install_loc_t, or else... */
+ static const char usr_bin [] ALIGN1 = "/usr/bin";
+ static const char usr_sbin[] ALIGN1 = "/usr/sbin";
+ static const char *const install_dir[] = {
+ &usr_bin [8], /* "", equivalent to "/" for concat_path_file() */
+ &usr_bin [4], /* "/bin" */
+ &usr_sbin[4], /* "/sbin" */
+ usr_bin,
+ usr_sbin
+ };
+
+ int (*lf)(const char *, const char *) = link;
+ char *fpc;
+ int i;
+ int rc;
+
+ if (use_symbolic_links)
+ lf = symlink;
+
+ for (i = 0; applets[i].name != NULL; i++) {
+ fpc = concat_path_file(
+ install_dir[applets[i].install_loc],
+ applets[i].name);
+ rc = lf(busybox, fpc);
+ if (rc != 0 && errno != EEXIST) {
+ bb_simple_perror_msg(fpc);
+ }
+ free(fpc);
+ }
+}
+#else
+#define install_links(x,y) ((void)0)
+#endif /* FEATURE_INSTALLER */
+
+/* If we were called as "busybox..." */
+static int busybox_main(char **argv)
+{
+ if (!argv[1]) {
+ /* Called without arguments */
+ const struct bb_applet *a;
+ int col, output_width;
+ help:
+ output_width = 80;
+ if (ENABLE_FEATURE_AUTOWIDTH) {
+ /* Obtain the terminal width */
+ get_terminal_width_height(0, &output_width, NULL);
+ }
+ /* leading tab and room to wrap */
+ output_width -= sizeof("start-stop-daemon, ") + 8;
+
+ printf("%s multi-call binary\n", bb_banner); /* reuse const string... */
+ printf("Copyright (C) 1998-2006 Erik Andersen, Rob Landley, and others.\n"
+ "Licensed under GPLv2. See source distribution for full notice.\n"
+ "\n"
+ "Usage: busybox [function] [arguments]...\n"
+ " or: [function] [arguments]...\n"
+ "\n"
+ "\tBusyBox is a multi-call binary that combines many common Unix\n"
+ "\tutilities into a single executable. Most people will create a\n"
+ "\tlink to busybox for each function they wish to use and BusyBox\n"
+ "\twill act like whatever it was invoked as!\n"
+ "\nCurrently defined functions:\n");
+ col = 0;
+ a = applets;
+ while (a->name) {
+ if (col > output_width) {
+ puts(",");
+ col = 0;
+ }
+ col += printf("%s%s", (col ? ", " : "\t"), a->name);
+ a++;
+ }
+ puts("\n");
+ return 0;
+ }
+
+ if (ENABLE_FEATURE_INSTALLER && strcmp(argv[1], "--install") == 0) {
+ const char *busybox;
+ busybox = xmalloc_readlink(bb_busybox_exec_path);
+ if (!busybox)
+ busybox = bb_busybox_exec_path;
+ /* -s makes symlinks */
+ install_links(busybox, argv[2] && strcmp(argv[2], "-s") == 0);
+ return 0;
+ }
+
+ if (strcmp(argv[1], "--help") == 0) {
+ /* "busybox --help [<applet>]" */
+ if (!argv[2])
+ goto help;
+ /* convert to "<applet> --help" */
+ argv[0] = argv[2];
+ argv[2] = NULL;
+ } else {
+ /* "busybox <applet> arg1 arg2 ..." */
+ argv++;
+ }
+ /* We support "busybox /a/path/to/applet args..." too. Allows for
+ * "#!/bin/busybox"-style wrappers */
+ applet_name = bb_get_last_path_component_nostrip(argv[0]);
+ run_applet_and_exit(applet_name, argv);
+ bb_error_msg_and_die("applet not found");
+}
+
+void run_appletstruct_and_exit(const struct bb_applet *applet, char **argv)
+{
+ int argc = 1;
+
+ while (argv[argc])
+ argc++;
+
+ /* Reinit some shared global data */
+ optind = 1;
+ xfunc_error_retval = EXIT_FAILURE;
+
+ applet_name = applet->name;
+ if (argc == 2 && !strcmp(argv[1], "--help"))
+ bb_show_usage();
+ if (ENABLE_FEATURE_SUID)
+ check_suid(applet);
+ exit(applet->main(argc, argv));
+}
+
+void run_applet_and_exit(const char *name, char **argv)
+{
+ const struct bb_applet *applet = find_applet_by_name(name);
+ if (applet)
+ run_appletstruct_and_exit(applet, argv);
+ if (!strncmp(name, "busybox", 7))
+ exit(busybox_main(argv));
+}
+
+
+#if ENABLE_BUILD_LIBBUSYBOX
+int libbusybox_main(int argc, char **argv)
+#else
+int main(int argc, char **argv)
+#endif
+{
+ bbox_prepare_main(argv);
+
+#if !BB_MMU
+ /* NOMMU re-exec trick sets high-order bit in first byte of name */
+ if (argv[0][0] & 0x80) {
+ re_execed = 1;
+ argv[0][0] &= 0x7f;
+ }
+#endif
+ applet_name = argv[0];
+ if (applet_name[0] == '-')
+ applet_name++;
+ applet_name = bb_basename(applet_name);
+
+ parse_config_file(); /* ...maybe, if FEATURE_SUID_CONFIG */
+
+ run_applet_and_exit(applet_name, argv);
+ bb_error_msg_and_die("applet not found");
+}