5 // Must match constants in chpst_main!
6 #define OPT_verbose (option_mask32 & 0x2000)
7 #define OPT_pgrp (option_mask32 & 0x4000)
8 #define OPT_nostdin (option_mask32 & 0x8000)
9 #define OPT_nostdout (option_mask32 & 0x10000)
10 #define OPT_nostderr (option_mask32 & 0x20000)
12 static char *set_user;
13 static char *env_user;
14 static const char *env_dir;
15 static long limitd = -2;
16 static long limits = -2;
17 static long limitl = -2;
18 static long limita = -2;
19 static long limito = -2;
20 static long limitp = -2;
21 static long limitf = -2;
22 static long limitc = -2;
23 static long limitr = -2;
24 static long limitt = -2;
26 static const char *root;
28 static void suidgid(char *user)
30 struct bb_uidgid_t ugid;
32 if (!uidgid_get(&ugid, user)) {
33 bb_error_msg_and_die("unknown user/group: %s", user);
35 if (setgroups(1, &ugid.gid) == -1)
36 bb_perror_msg_and_die("setgroups");
41 static void euidgid(char *user)
43 struct bb_uidgid_t ugid;
45 if (!uidgid_get(&ugid, user)) {
46 bb_error_msg_and_die("unknown user/group: %s", user);
48 xsetenv("GID", utoa(ugid.gid));
49 xsetenv("UID", utoa(ugid.uid));
52 static void edir(const char *directory_name)
59 wdir = xopen(".", O_RDONLY | O_NDELAY);
60 xchdir(directory_name);
63 bb_perror_msg_and_die("opendir %s", directory_name);
68 if (errno) bb_perror_msg_and_die("readdir %s", directory_name);
71 if (d->d_name[0] == '.') continue;
72 fd = open(d->d_name, O_RDONLY | O_NDELAY);
74 if ((errno == EISDIR) && env_dir) {
76 bb_perror_msg("warning: %s/%s is a directory", directory_name,
80 bb_perror_msg_and_die("open %s/%s", directory_name, /* was exiting 111 */
88 size = safe_read(fd, buf, sizeof(buf)-1);
90 bb_perror_msg_and_die("read %s/%s", directory_name, /* was exiting 111 */
97 tail = memchr(buf, '\n', sizeof(buf));
98 /* skip trailing whitespace */;
100 if (tail[0]==' ') tail[0] = '\0';
101 if (tail[0]=='\t') tail[0] = '\0';
102 if (tail[0]=='\n') tail[0] = '\0';
103 if (tail == buf) break;
106 xsetenv(d->d_name, buf);
110 if (fchdir(wdir) == -1) bb_perror_msg_and_die("fchdir");
114 static void limit(int what, long l)
118 if (getrlimit(what, &r) == -1) bb_perror_msg_and_die("getrlimit");
119 if ((l < 0) || (l > r.rlim_max))
120 r.rlim_cur = r.rlim_max;
123 if (setrlimit(what, &r) == -1) bb_perror_msg_and_die("setrlimit");
126 static void slimit(void)
130 limit(RLIMIT_DATA, limitd);
132 if (OPT_verbose) bb_error_msg("system does not support %s", "RLIMIT_DATA");
137 limit(RLIMIT_STACK, limits);
139 if (OPT_verbose) bb_error_msg("system does not support %s", "RLIMIT_STACK");
143 #ifdef RLIMIT_MEMLOCK
144 limit(RLIMIT_MEMLOCK, limitl);
146 if (OPT_verbose) bb_error_msg("system does not support %s", "RLIMIT_MEMLOCK");
151 limit(RLIMIT_VMEM, limita);
154 limit(RLIMIT_AS, limita);
157 bb_error_msg("system does not support %s", "RLIMIT_VMEM");
163 limit(RLIMIT_NOFILE, limito);
166 limit(RLIMIT_OFILE, limito);
169 bb_error_msg("system does not support %s", "RLIMIT_NOFILE");
175 limit(RLIMIT_NPROC, limitp);
177 if (OPT_verbose) bb_error_msg("system does not support %s", "RLIMIT_NPROC");
182 limit(RLIMIT_FSIZE, limitf);
184 if (OPT_verbose) bb_error_msg("system does not support %s", "RLIMIT_FSIZE");
189 limit(RLIMIT_CORE, limitc);
191 if (OPT_verbose) bb_error_msg("system does not support %s", "RLIMIT_CORE");
196 limit(RLIMIT_RSS, limitr);
198 if (OPT_verbose) bb_error_msg("system does not support %s", "RLIMIT_RSS");
203 limit(RLIMIT_CPU, limitt);
205 if (OPT_verbose) bb_error_msg("system does not support %s", "RLIMIT_CPU");
211 static void setuidgid(int, char **);
212 static void envuidgid(int, char **);
213 static void envdir(int, char **);
214 static void softlimit(int, char **);
216 int chpst_main(int argc, char **argv)
218 if (applet_name[3] == 'd') envdir(argc, argv);
219 if (applet_name[1] == 'o') softlimit(argc, argv);
220 if (applet_name[0] == 's') setuidgid(argc, argv);
221 if (applet_name[0] == 'e') envuidgid(argc, argv);
222 // otherwise we are.......... chpst
225 char *m,*d,*o,*p,*f,*c,*r,*t,*n;
226 getopt32(argc, argv, "u:U:e:m:d:o:p:f:c:r:t:/:n:vP012",
227 &set_user,&env_user,&env_dir,
228 &m,&d,&o,&p,&f,&c,&r,&t,&root,&n);
229 // if (option_mask32 & 0x1) // -u
230 // if (option_mask32 & 0x2) // -U
231 // if (option_mask32 & 0x4) // -e
232 if (option_mask32 & 0x8) limits = limitl = limita = limitd = xatoul(m); // -m
233 if (option_mask32 & 0x10) limitd = xatoul(d); // -d
234 if (option_mask32 & 0x20) limito = xatoul(o); // -o
235 if (option_mask32 & 0x40) limitp = xatoul(p); // -p
236 if (option_mask32 & 0x80) limitf = xatoul(f); // -f
237 if (option_mask32 & 0x100) limitc = xatoul(c); // -c
238 if (option_mask32 & 0x200) limitr = xatoul(r); // -r
239 if (option_mask32 & 0x400) limitt = xatoul(t); // -t
240 // if (option_mask32 & 0x800) // -/
241 if (option_mask32 & 0x1000) nicelvl = xatoi(n); // -n
242 // The below consts should match #defines at top!
243 //if (option_mask32 & 0x2000) OPT_verbose = 1; // -v
244 //if (option_mask32 & 0x4000) OPT_pgrp = 1; // -P
245 //if (option_mask32 & 0x8000) OPT_nostdin = 1; // -0
246 //if (option_mask32 & 0x10000) OPT_nostdout = 1; // -1
247 //if (option_mask32 & 0x20000) OPT_nostderr = 1; // -2
250 if (!argv || !*argv) bb_show_usage();
252 if (OPT_pgrp) setsid();
253 if (env_dir) edir(env_dir);
256 if (chroot(".") == -1)
257 bb_perror_msg_and_die("chroot");
262 if (nice(nicelvl) == -1)
263 bb_perror_msg_and_die("nice");
265 if (env_user) euidgid(env_user);
266 if (set_user) suidgid(set_user);
267 if (OPT_nostdin) close(0);
268 if (OPT_nostdout) close(1);
269 if (OPT_nostderr) close(2);
270 execvp(argv[0], argv);
271 bb_perror_msg_and_die("exec %s", argv[0]);
274 static void setuidgid(int argc, char **argv)
279 if (!account) bb_show_usage();
280 if (!*++argv) bb_show_usage();
281 suidgid((char*)account);
282 execvp(argv[0], argv);
283 bb_perror_msg_and_die("exec %s", argv[0]);
286 static void envuidgid(int argc, char **argv)
291 if (!account) bb_show_usage();
292 if (!*++argv) bb_show_usage();
293 euidgid((char*)account);
294 execvp(argv[0], argv);
295 bb_perror_msg_and_die("exec %s", argv[0]);
298 static void envdir(int argc, char **argv)
303 if (!dir) bb_show_usage();
304 if (!*++argv) bb_show_usage();
306 execvp(argv[0], argv);
307 bb_perror_msg_and_die("exec %s", argv[0]);
310 static void softlimit(int argc, char **argv)
312 char *a,*c,*d,*f,*l,*m,*o,*p,*r,*s,*t;
313 getopt32(argc, argv, "a:c:d:f:l:m:o:p:r:s:t:",
314 &a,&c,&d,&f,&l,&m,&o,&p,&r,&s,&t);
315 if (option_mask32 & 0x001) limita = xatoul(a); // -a
316 if (option_mask32 & 0x002) limitc = xatoul(c); // -c
317 if (option_mask32 & 0x004) limitd = xatoul(d); // -d
318 if (option_mask32 & 0x008) limitf = xatoul(f); // -f
319 if (option_mask32 & 0x010) limitl = xatoul(l); // -l
320 if (option_mask32 & 0x020) limits = limitl = limita = limitd = xatoul(m); // -m
321 if (option_mask32 & 0x040) limito = xatoul(o); // -o
322 if (option_mask32 & 0x080) limitp = xatoul(p); // -p
323 if (option_mask32 & 0x100) limitr = xatoul(r); // -r
324 if (option_mask32 & 0x200) limits = xatoul(s); // -s
325 if (option_mask32 & 0x400) limitt = xatoul(t); // -t
327 if (!argv[0]) bb_show_usage();
329 execvp(argv[0], argv);
330 bb_perror_msg_and_die("exec %s", argv[0]);