1 /* vi: set sw=4 ts=4: */
5 * Copyright (C) tons of folks. Tracking down who wrote what
6 * isn't something I'm going to worry about... If you wrote something
7 * here, please feel free to acknowledge your work.
9 * Based in part on code from sash, Copyright (c) 1999 by David I. Bell
10 * Permission has been granted to redistribute this code under the GPL.
12 * Licensed under GPLv2 or later, see file License in this tarball for details.
19 /* Apparently uclibc defines __GLIBC__ (compat trick?). Oh well. */
20 #if ENABLE_STATIC && defined(__GLIBC__) && !defined(__UCLIBC__)
21 #warning Static linking against glibc produces buggy executables
22 #warning (glibc does not cope well with ld --gc-sections).
23 #warning See sources.redhat.com/bugzilla/show_bug.cgi?id=3400
24 #warning Note that glibc is unsuitable for static linking anyway.
25 #warning If you still want to do it, remove -Wl,--gc-sections
26 #warning from top-level Makefile and remove this warning.
27 #error Aborting compilation.
31 const struct bb_applet *current_applet;
32 const char *applet_name;
37 USE_FEATURE_SUID(static uid_t ruid;) /* real uid */
39 #if ENABLE_FEATURE_SUID_CONFIG
41 /* applets[] is const, so we have to define this "override" structure */
42 static struct BB_suid_config {
43 const struct bb_applet *m_applet;
47 struct BB_suid_config *m_next;
50 static bool suid_cfg_readable;
52 /* check if u is member of group g */
53 static int ingroup(uid_t u, gid_t g)
55 struct group *grp = getgrgid(g);
60 for (mem = grp->gr_mem; *mem; mem++) {
61 struct passwd *pwd = getpwnam(*mem);
63 if (pwd && (pwd->pw_uid == u))
70 /* This should probably be a libbb routine. In that case,
71 * I'd probably rename it to something like bb_trimmed_slice.
73 static char *get_trimmed_slice(char *s, char *e)
75 /* First, consider the value at e to be nul and back up until we
76 * reach a non-space char. Set the char after that (possibly at
77 * the original e) to nul. */
85 /* Next, advance past all leading space and return a ptr to the
86 * first non-space char; possibly the terminating nul. */
87 return skip_whitespace(s);
90 /* Don't depend on the tools to combine strings. */
91 static const char config_file[] ALIGN1 = "/etc/busybox.conf";
93 /* We don't supply a value for the nul, so an index adjustment is
94 * necessary below. Also, we use unsigned short here to save some
95 * space even though these are really mode_t values. */
96 static const unsigned short mode_mask[] ALIGN2 = {
98 S_ISUID, S_ISUID|S_IXUSR, S_IXUSR, 0, /* user */
99 S_ISGID, S_ISGID|S_IXGRP, S_IXGRP, 0, /* group */
100 0, S_IXOTH, S_IXOTH, 0 /* other */
103 #define parse_error(x) do { errmsg = x; goto pe_label; } while (0)
105 static void parse_config_file(void)
107 struct BB_suid_config *sct_head;
108 struct BB_suid_config *sct;
109 const struct bb_applet *applet;
120 assert(!suid_config); /* Should be set to NULL by bss init. */
123 if (ruid == 0) /* run by root - don't need to even read config file */
126 if ((stat(config_file, &st) != 0) /* No config file? */
127 || !S_ISREG(st.st_mode) /* Not a regular file? */
128 || (st.st_uid != 0) /* Not owned by root? */
129 || (st.st_mode & (S_IWGRP | S_IWOTH)) /* Writable by non-root? */
130 || !(f = fopen(config_file, "r")) /* Cannot open? */
135 suid_cfg_readable = 1;
142 if (!fgets(s, sizeof(buffer), f)) { /* Are we done? */
143 if (ferror(f)) { /* Make sure it wasn't a read error. */
144 parse_error("reading");
147 suid_config = sct_head; /* Success, so set the pointer. */
151 lc++; /* Got a (partial) line. */
153 /* If a line is too long for our buffer, we consider it an error.
154 * The following test does mistreat one corner case though.
155 * If the final line of the file does not end with a newline and
156 * yet exactly fills the buffer, it will be treated as too long
157 * even though there isn't really a problem. But it isn't really
158 * worth adding code to deal with such an unlikely situation, and
159 * we do err on the side of caution. Besides, the line would be
160 * too long if it did end with a newline. */
161 if (!strchr(s, '\n') && !feof(f)) {
162 parse_error("line too long");
165 /* Trim leading and trailing whitespace, ignoring comments, and
166 * check if the resulting string is empty. */
167 s = get_trimmed_slice(s, strchrnul(s, '#'));
172 /* Check for a section header. */
175 /* Unlike the old code, we ignore leading and trailing
176 * whitespace for the section name. We also require that
177 * there are no stray characters after the closing bracket. */
179 if (!e /* Missing right bracket? */
180 || e[1] /* Trailing characters? */
181 || !*(s = get_trimmed_slice(s+1, e)) /* Missing name? */
183 parse_error("section header");
185 /* Right now we only have one section so just check it.
186 * If more sections are added in the future, please don't
187 * resort to cascading ifs with multiple strcasecmp calls.
188 * That kind of bloated code is all too common. A loop
189 * and a string table would be a better choice unless the
190 * number of sections is very small. */
191 if (strcasecmp(s, "SUID") == 0) {
195 section = -1; /* Unknown section so set to skip. */
199 /* Process sections. */
201 if (section == 1) { /* SUID */
202 /* Since we trimmed leading and trailing space above, we're
203 * now looking for strings of the form
204 * <key>[::space::]*=[::space::]*<value>
205 * where both key and value could contain inner whitespace. */
207 /* First get the key (an applet name in our case). */
210 s = get_trimmed_slice(s, e);
212 if (!e || !*s) { /* Missing '=' or empty key. */
213 parse_error("keyword");
216 /* Ok, we have an applet name. Process the rhs if this
217 * applet is currently built in and ignore it otherwise.
218 * Note: this can hide config file bugs which only pop
219 * up when the busybox configuration is changed. */
220 applet = find_applet_by_name(s);
222 /* Note: We currently don't check for duplicates!
223 * The last config line for each applet will be the
224 * one used since we insert at the head of the list.
225 * I suppose this could be considered a feature. */
226 sct = xmalloc(sizeof(struct BB_suid_config));
227 sct->m_applet = applet;
229 sct->m_next = sct_head;
232 /* Get the specified mode. */
234 e = skip_whitespace(e+1);
236 for (i = 0; i < 3; i++) {
237 /* There are 4 chars + 1 nul for each of user/group/other. */
238 static const char mode_chars[] ALIGN1 = "Ssx-\0" "Ssx-\0" "Ttx-";
241 q = strchrnul(mode_chars + 5*i, *e++);
245 /* Adjust by -i to account for nul. */
246 sct->m_mode |= mode_mask[(q - mode_chars) - i];
249 /* Now get the the user/group info. */
251 s = skip_whitespace(e);
253 /* Note: we require whitespace between the mode and the
254 * user/group info. */
255 if ((s == e) || !(e = strchr(s, '.'))) {
256 parse_error("<uid>.<gid>");
260 /* We can't use get_ug_id here since it would exit()
261 * if a uid or gid was not found. Oh well... */
262 sct->m_uid = bb_strtoul(s, NULL, 10);
264 struct passwd *pwd = getpwnam(s);
268 sct->m_uid = pwd->pw_uid;
271 sct->m_gid = bb_strtoul(e, NULL, 10);
276 parse_error("group");
278 sct->m_gid = grp->gr_gid;
284 /* Unknown sections are ignored. */
286 /* Encountering configuration lines prior to seeing a
287 * section header is treated as an error. This is how
288 * the old code worked, but it may not be desirable.
289 * We may want to simply ignore such lines in case they
290 * are used in some future version of busybox. */
292 parse_error("keyword outside section");
298 fprintf(stderr, "Parse error in %s, line %d: %s\n",
299 config_file, lc, errmsg);
302 /* Release any allocated memory before returning. */
304 sct = sct_head->m_next;
310 static inline void parse_config_file(void)
312 USE_FEATURE_SUID(ruid = getuid();)
314 #endif /* FEATURE_SUID_CONFIG */
317 #if ENABLE_FEATURE_SUID
318 static void check_suid(const struct bb_applet *applet)
320 gid_t rgid; /* real gid */
322 if (ruid == 0) /* set by parse_config_file() */
323 return; /* run by root - no need to check more */
326 #if ENABLE_FEATURE_SUID_CONFIG
327 if (suid_cfg_readable) {
329 struct BB_suid_config *sct;
332 for (sct = suid_config; sct; sct = sct->m_next) {
333 if (sct->m_applet == applet)
336 /* default: drop all privileges */
342 if (sct->m_uid == ruid)
345 else if ((sct->m_gid == rgid) || ingroup(ruid, sct->m_gid))
346 /* same group / in group */
349 if (!(m & S_IXOTH)) /* is x bit not set ? */
350 bb_error_msg_and_die("you have no permission to run this applet!");
352 /* _both_ sgid and group_exec have to be set for setegid */
353 if ((sct->m_mode & (S_ISGID | S_IXGRP)) == (S_ISGID | S_IXGRP))
355 /* else (no setegid) we will set egid = rgid */
357 /* We set effective AND saved ids. If saved-id is not set
358 * like we do below, seteiud(0) can still later succeed! */
359 if (setresgid(-1, rgid, rgid))
360 bb_perror_msg_and_die("setresgid");
362 /* do we have to set effective uid? */
364 if (sct->m_mode & S_ISUID)
366 /* else (no seteuid) we will set euid = ruid */
368 if (setresuid(-1, uid, uid))
369 bb_perror_msg_and_die("setresuid");
372 #if !ENABLE_FEATURE_SUID_CONFIG_QUIET
374 static bool onetime = 0;
378 fprintf(stderr, "Using fallback suid method\n");
384 if (applet->need_suid == _BB_SUID_ALWAYS) {
385 /* Real uid is not 0. If euid isn't 0 too, suid bit
386 * is most probably not set on our executable */
388 bb_error_msg_and_die("applet requires root privileges!");
389 } else if (applet->need_suid == _BB_SUID_NEVER) {
390 xsetgid(rgid); /* drop all privileges */
395 #define check_suid(x) ((void)0)
396 #endif /* FEATURE_SUID */
399 #if ENABLE_FEATURE_INSTALLER
400 /* create (sym)links for each applet */
401 static void install_links(const char *busybox, int use_symbolic_links)
404 * this should be consistent w/ the enum,
405 * busybox.h::bb_install_loc_t, or else... */
406 static const char usr_bin [] ALIGN1 = "/usr/bin";
407 static const char usr_sbin[] ALIGN1 = "/usr/sbin";
408 static const char *const install_dir[] = {
409 &usr_bin [8], /* "", equivalent to "/" for concat_path_file() */
410 &usr_bin [4], /* "/bin" */
411 &usr_sbin[4], /* "/sbin" */
416 int (*lf)(const char *, const char *) = link;
421 if (use_symbolic_links)
424 for (i = 0; applets[i].name != NULL; i++) {
425 fpc = concat_path_file(
426 install_dir[applets[i].install_loc],
428 rc = lf(busybox, fpc);
429 if (rc != 0 && errno != EEXIST) {
430 bb_simple_perror_msg(fpc);
436 #define install_links(x,y) ((void)0)
437 #endif /* FEATURE_INSTALLER */
440 /* If we were called as "busybox..." */
441 static int busybox_main(char **argv)
444 /* Called without arguments */
445 const struct bb_applet *a;
446 int col, output_width;
449 if (ENABLE_FEATURE_AUTOWIDTH) {
450 /* Obtain the terminal width */
451 get_terminal_width_height(0, &output_width, NULL);
453 /* leading tab and room to wrap */
454 output_width -= sizeof("start-stop-daemon, ") + 8;
456 printf("%s multi-call binary\n", bb_banner); /* reuse const string... */
457 printf("Copyright (C) 1998-2006 Erik Andersen, Rob Landley, and others.\n"
458 "Licensed under GPLv2. See source distribution for full notice.\n"
460 "Usage: busybox [function] [arguments]...\n"
461 " or: [function] [arguments]...\n"
463 "\tBusyBox is a multi-call binary that combines many common Unix\n"
464 "\tutilities into a single executable. Most people will create a\n"
465 "\tlink to busybox for each function they wish to use and BusyBox\n"
466 "\twill act like whatever it was invoked as!\n"
467 "\nCurrently defined functions:\n");
471 if (col > output_width) {
475 col += printf("%s%s", (col ? ", " : "\t"), a->name);
482 if (ENABLE_FEATURE_INSTALLER && strcmp(argv[1], "--install") == 0) {
484 busybox = xmalloc_readlink(bb_busybox_exec_path);
486 busybox = bb_busybox_exec_path;
487 /* -s makes symlinks */
488 install_links(busybox, argv[2] && strcmp(argv[2], "-s") == 0);
492 if (strcmp(argv[1], "--help") == 0) {
493 /* "busybox --help [<applet>]" */
496 /* convert to "<applet> --help" */
500 /* "busybox <applet> arg1 arg2 ..." */
503 /* We support "busybox /a/path/to/applet args..." too. Allows for
504 * "#!/bin/busybox"-style wrappers */
505 applet_name = bb_get_last_path_component_nostrip(argv[0]);
506 run_applet_and_exit(applet_name, argv);
507 bb_error_msg_and_die("applet not found");
510 void run_current_applet_and_exit(char **argv)
517 /* Reinit some shared global data */
519 xfunc_error_retval = EXIT_FAILURE;
521 applet_name = current_applet->name;
522 if (argc == 2 && !strcmp(argv[1], "--help"))
524 if (ENABLE_FEATURE_SUID)
525 check_suid(current_applet);
526 exit(current_applet->main(argc, argv));
529 void run_applet_and_exit(const char *name, char **argv)
531 current_applet = find_applet_by_name(name);
533 run_current_applet_and_exit(argv);
534 if (!strncmp(name, "busybox", 7))
535 exit(busybox_main(argv));
539 int main(int argc, char **argv)
541 bbox_prepare_main(argv);
544 /* NOMMU re-exec trick sets high-order bit in first byte of name */
545 if (argv[0][0] & 0x80) {
550 applet_name = argv[0];
551 if (applet_name[0] == '-')
553 applet_name = bb_basename(applet_name);
555 parse_config_file(); /* ...maybe, if FEATURE_SUID_CONFIG */
557 run_applet_and_exit(applet_name, argv);
558 bb_error_msg_and_die("applet not found");
projects / oweals / busybox.git / blob