Yeah, yeah... I forgot about 'svn add'... fixing that

diff --git a/runit/Config.in b/runit/Config.in
new file mode 100644 (file)
index 0000000..073ca14
--- /dev/null
+++ b/runit/Config.in
@@ -0,0 +1,36 @@
+#
+# For a description of the syntax of this configuration file,
+# see scripts/kbuild/config-language.txt.
+#
+
+menu "Runit Utilities"
+
+config CONFIG_CHPST
+       bool "chpst"
+       default n
+       help
+         chpst changes the process state according to the given options, and
+         execs specified program.
+
+config CONFIG_SETUIDGID
+       bool "setuidgid"
+       help
+         Sets soft resource limits as specified by options
+
+config CONFIG_ENVUIDGID
+       bool "envuidgid"
+       help
+         Sets $UID to account's uid and $GID to account's gid
+
+config CONFIG_ENVDIR
+       bool "envdir"
+       help
+         Sets various environment variables as specified by files
+         in the given directory
+
+config CONFIG_SOFTLIMIT
+       bool "softlimit"
+       help
+         Sets soft resource limits as specified by options
+
+endmenu

diff --git a/runit/Makefile b/runit/Makefile
new file mode 100644 (file)
index 0000000..be65856
--- /dev/null
+++ b/runit/Makefile
@@ -0,0 +1,23 @@
+# Makefile for busybox
+#
+# Copyright (C) 1999-2005 by Erik Andersen <andersen@codepoet.org>
+#
+# Licensed under the GPL v2, see the file LICENSE in this tarball.
+
+ifndef top_srcdir
+top_srcdir=..
+endif
+ifndef top_builddir
+top_builddir=..
+endif
+srcdir=$(top_srcdir)/runit
+RUNIT_DIR:=./
+include $(top_srcdir)/Rules.mak
+include $(top_builddir)/.config
+include Makefile.in
+all: $(libraries-y)
+-include $(top_builddir)/.depend
+
+clean:
+       rm -f *.o *.a $(AR_TARGET)
+

diff --git a/runit/Makefile.in b/runit/Makefile.in
new file mode 100644 (file)
index 0000000..d8cea10
--- /dev/null
+++ b/runit/Makefile.in
@@ -0,0 +1,42 @@
+# Makefile for busybox
+#
+# Copyright (C) 1999-2005 by Erik Andersen <andersen@codepoet.org>
+#
+# Licensed under the GPL v2, see the file LICENSE in this tarball.
+
+RUNIT_AR:=runit.a
+ifndef RUNIT_DIR
+RUNIT_DIR:=$(top_builddir)/runit/
+endif
+srcdir=$(top_srcdir)/runit
+
+#unix_a:=buffer.o \
+#buffer_get.o buffer_put.o buffer_read.o buffer_write.o coe.o \
+#fd_copy.o fd_move.o fifo.o lock_ex.o lock_exnb.o \
+#ndelay_off.o ndelay_on.o open_append.o open_read.o \
+#open_trunc.o open_write.o openreadclose.o pathexec_env.o \
+#pathexec_run.o prot.o readclose.o seek_set.o sig.o \
+#sig_block.o sig_catch.o sig_pause.o stralloc_cat.o stralloc_catb.o \
+#stralloc_cats.o stralloc_eady.o stralloc_opyb.o stralloc_opys.o \
+#stralloc_pend.o wait_nohang.o \
+#wait_pid.o
+
+RUNIT-y:=
+RUNIT-$(CONFIG_CHPST) += chpst.o uidgid.o
+
+RUNIT-y:=$(sort $(RUNIT-y))
+
+ifneq ($(strip $(RUNIT-y)),)
+libraries-y+=$(RUNIT_DIR)$(RUNIT_AR)
+endif
+
+RUNIT_SRC-y:=$(patsubst %.o,$(srcdir)/%.c,$(RUNIT-y))
+RUNIT_SRC-a:=$(wildcard $(srcdir)/*.c)
+APPLET_SRC-y+=$(RUNIT_SRC-y)
+APPLET_SRC-a+=$(RUNIT_SRC-a)
+
+$(RUNIT_DIR)$(RUNIT_AR): $(patsubst %,$(RUNIT_DIR)%, $(RUNIT-y))
+       $(do_ar)
+
+$(RUNIT_DIR)%.o: $(srcdir)/%.c
+       $(compile.c)

diff --git a/runit/chpst.c b/runit/chpst.c
new file mode 100644 (file)
index 0000000..11ee3d7
--- /dev/null
+++ b/runit/chpst.c
@@ -0,0 +1,345 @@
+#include "busybox.h"
+
+#include <sys/types.h>
+#include <sys/resource.h>
+#include <grp.h>
+
+#include "uidgid.h"
+
+#include <sys/types.h>
+#include <dirent.h>
+
+static unsigned option_mask;
+// Must meatch constants in chpst_main!
+#define OPT_verbose  (option_mask & 0x2000)
+#define OPT_pgrp     (option_mask & 0x4000)
+#define OPT_nostdin  (option_mask & 0x8000)
+#define OPT_nostdout (option_mask & 0x10000)
+#define OPT_nostderr (option_mask & 0x20000)
+
+static char *set_user;
+static char *env_user;
+static const char *env_dir;
+static long limitd = -2;
+static long limits = -2;
+static long limitl = -2;
+static long limita = -2;
+static long limito = -2;
+static long limitp = -2;
+static long limitf = -2;
+static long limitc = -2;
+static long limitr = -2;
+static long limitt = -2;
+static long nicelvl;
+static const char *root;
+
+static void suidgid(char *user, unsigned dogrp)
+{
+       struct uidgid ugid;
+
+       if (!uidgid_get(&ugid, user, dogrp)) {
+               if (dogrp)
+                       bb_error_msg_and_die("unknown user/group: %s", user);
+               else
+                       bb_error_msg_and_die("unknown account: %s", user);
+       }
+       if (setgroups(ugid.gids, ugid.gid) == -1)
+               bb_perror_msg_and_die("setgroups");
+       xsetgid(*ugid.gid);
+       xsetuid(ugid.uid);
+}
+
+static void euidgid(char *user, unsigned dogrp)
+{
+       struct uidgid ugid;
+
+       if (!uidgid_get(&ugid, user, dogrp)) {
+               if (dogrp)
+                       bb_error_msg_and_die("unknown user/group: %s", user);
+               else
+                       bb_error_msg_and_die("unknown account: %s", user);
+       }
+       //FIXME: ultoa needed here!
+       xsetenv("GID", utoa(*ugid.gid));
+       xsetenv("UID", utoa(ugid.uid));
+}
+
+static void edir(const char *directory_name)
+{
+       int wdir;
+       DIR *dir;
+       struct dirent *d;
+       int fd;
+
+       wdir = xopen(".", O_RDONLY | O_NDELAY);
+       xchdir(directory_name);
+       dir = opendir(".");
+       if (!dir)
+               bb_perror_msg_and_die("opendir %s", directory_name);
+       for (;;) {
+               errno = 0;
+               d = readdir(dir);
+               if (!d) {
+                       if (errno) bb_perror_msg_and_die("readdir %s", directory_name);
+                       break;
+               }
+               if (d->d_name[0] == '.') continue;
+               fd = open(d->d_name, O_RDONLY | O_NDELAY);
+               if (fd < 0) {
+                       if ((errno == EISDIR) && env_dir) {
+                               if (OPT_verbose)
+                                       bb_perror_msg("warning: %s/%s is a directory", directory_name,
+                                               d->d_name);
+                               continue;
+                       } else
+                               bb_perror_msg_and_die("open %s/%s", directory_name, /* was exiting 111 */
+                                                    d->d_name);
+               }
+               if (fd >= 0) {
+                       char buf[256];
+                       char *tail;
+                       int size;
+
+                       size = safe_read(fd, buf, sizeof(buf)-1);
+                       if (size < 0)
+                               bb_perror_msg_and_die("read %s/%s", directory_name, /* was exiting 111 */
+                                               d->d_name);
+                       if (size == 0) {
+                               xsetenv(d->d_name, "");
+                               continue;
+                       }
+                       buf[size] = '\n';
+                       tail = memchr(buf, '\n', sizeof(buf));
+                       /* skip trailing whitespace */;
+                       while (1) {
+                               if (tail[0]==' ') tail[0] = '\0';
+                               if (tail[0]=='\t') tail[0] = '\0';
+                               if (tail[0]=='\n') tail[0] = '\0';
+                               if (tail == buf) break;
+                               tail--;
+                       }
+                       xsetenv(d->d_name, buf);
+               }
+       }
+       closedir(dir);
+       if (fchdir(wdir) == -1) bb_perror_msg_and_die("fchdir");
+       close(wdir);
+}
+
+static void limit(int what, long l)
+{
+       struct rlimit r;
+
+       if (getrlimit(what, &r) == -1) bb_perror_msg_and_die("getrlimit");
+       if ((l < 0) || (l > r.rlim_max))
+               r.rlim_cur = r.rlim_max;
+       else
+               r.rlim_cur = l;
+       if (setrlimit(what, &r) == -1) bb_perror_msg_and_die("setrlimit");
+}
+
+static void slimit(void)
+{
+       if (limitd >= -1) {
+#ifdef RLIMIT_DATA
+               limit(RLIMIT_DATA, limitd);
+#else
+               if (OPT_verbose) bb_error_msg("system does not support %s", "RLIMIT_DATA");
+#endif
+       }
+       if (limits >= -1) {
+#ifdef RLIMIT_STACK
+               limit(RLIMIT_STACK, limits);
+#else
+               if (OPT_verbose) bb_error_msg("system does not support %s", "RLIMIT_STACK");
+#endif
+       }
+       if (limitl >= -1) {
+#ifdef RLIMIT_MEMLOCK
+               limit(RLIMIT_MEMLOCK, limitl);
+#else
+               if (OPT_verbose) bb_error_msg("system does not support %s", "RLIMIT_MEMLOCK");
+#endif
+       }
+       if (limita >= -1) {
+#ifdef RLIMIT_VMEM
+               limit(RLIMIT_VMEM, limita);
+#else
+#ifdef RLIMIT_AS
+               limit(RLIMIT_AS, limita);
+#else
+               if (OPT_verbose)
+                       bb_error_msg("system does not support %s", "RLIMIT_VMEM");
+#endif
+#endif
+       }
+       if (limito >= -1) {
+#ifdef RLIMIT_NOFILE
+               limit(RLIMIT_NOFILE, limito);
+#else
+#ifdef RLIMIT_OFILE
+               limit(RLIMIT_OFILE, limito);
+#else
+               if (OPT_verbose)
+                       bb_error_msg("system does not support %s", "RLIMIT_NOFILE");
+#endif
+#endif
+       }
+       if (limitp >= -1) {
+#ifdef RLIMIT_NPROC
+               limit(RLIMIT_NPROC, limitp);
+#else
+               if (OPT_verbose) bb_error_msg("system does not support %s", "RLIMIT_NPROC");
+#endif
+       }
+       if (limitf >= -1) {
+#ifdef RLIMIT_FSIZE
+               limit(RLIMIT_FSIZE, limitf);
+#else
+               if (OPT_verbose) bb_error_msg("system does not support %s", "RLIMIT_FSIZE");
+#endif
+       }
+       if (limitc >= -1) {
+#ifdef RLIMIT_CORE
+               limit(RLIMIT_CORE, limitc);
+#else
+               if (OPT_verbose) bb_error_msg("system does not support %s", "RLIMIT_CORE");
+#endif
+       }
+       if (limitr >= -1) {
+#ifdef RLIMIT_RSS
+               limit(RLIMIT_RSS, limitr);
+#else
+               if (OPT_verbose) bb_error_msg("system does not support %s", "RLIMIT_RSS");
+#endif
+       }
+       if (limitt >= -1) {
+#ifdef RLIMIT_CPU
+               limit(RLIMIT_CPU, limitt);
+#else
+               if (OPT_verbose) bb_error_msg("system does not support %s", "RLIMIT_CPU");
+#endif
+       }
+}
+
+/* argv[0] */
+static void setuidgid(int, char **);
+static void envuidgid(int, char **);
+static void envdir(int, char **);
+static void softlimit(int, char **);
+
+int chpst_main(int argc, char **argv)
+{
+       if (bb_applet_name[3] == 'd') envdir(argc, argv);
+       if (bb_applet_name[1] == 'o') softlimit(argc, argv);
+       if (bb_applet_name[0] == 's') setuidgid(argc, argv);
+       if (bb_applet_name[0] == 'e') envuidgid(argc, argv);
+        // otherwise we are.......... chpst
+
+       {
+               char *m,*d,*o,*p,*f,*c,*r,*t,*n;
+               option_mask = bb_getopt_ulflags(argc, argv, "u:U:e:m:d:o:p:f:c:r:t:/:n:vP012",
+                               &set_user,&env_user,&env_dir,
+                               &m,&d,&o,&p,&f,&c,&r,&t,&root,&n);
+               // if (option_mask & 0x1) // -u
+               // if (option_mask & 0x2) // -U
+               // if (option_mask & 0x4) // -e
+               if (option_mask & 0x8) limits = limitl = limita = limitd = bb_xgetularg10(m); // -m
+               if (option_mask & 0x10) limitd = bb_xgetularg10(d); // -d
+               if (option_mask & 0x20) limito = bb_xgetularg10(o); // -o
+               if (option_mask & 0x40) limitp = bb_xgetularg10(p); // -p
+               if (option_mask & 0x80) limitf = bb_xgetularg10(f); // -f
+               if (option_mask & 0x100) limitc = bb_xgetularg10(c); // -c
+               if (option_mask & 0x200) limitr = bb_xgetularg10(r); // -r
+               if (option_mask & 0x400) limitt = bb_xgetularg10(t); // -t
+               // if (option_mask & 0x800) // -/
+               if (option_mask & 0x1000) nicelvl = bb_xgetlarg_bnd_sfx(n, 10, -20, 20, NULL); // -n
+               // The below consts should match #defines at top!
+               //if (option_mask & 0x2000) OPT_verbose = 1; // -v
+               //if (option_mask & 0x4000) OPT_pgrp = 1; // -P
+               //if (option_mask & 0x8000) OPT_nostdin = 1; // -0
+               //if (option_mask & 0x10000) OPT_nostdout = 1; // -1
+               //if (option_mask & 0x20000) OPT_nostderr = 1; // -2
+       }
+       if (!argv || !*argv) bb_show_usage();
+       
+       if (OPT_pgrp) setsid();
+       if (env_dir) edir(env_dir);
+       if (root) {
+               xchdir(root);
+               if (chroot(".") == -1)
+                       bb_perror_msg_and_die("chroot");
+       }
+       slimit();
+       if (nicelvl) {
+               errno = 0;
+               if (nice(nicelvl) == -1)
+                       bb_perror_msg_and_die("nice");
+       }
+       if (env_user) euidgid(env_user, 1);
+       if (set_user) suidgid(set_user, 1);
+       if (OPT_nostdin) close(0);
+       if (OPT_nostdout) close(1);
+       if (OPT_nostderr) close(2);
+       execvp(argv[0], argv);
+       bb_perror_msg_and_die("exec %s", argv[0]);
+}
+
+static void setuidgid(int argc, char **argv)
+{
+       const char *account;
+
+       account = *++argv;
+       if (!account) bb_show_usage();
+       if (!*++argv) bb_show_usage();
+       suidgid((char*)account, 0);
+       execvp(argv[0], argv);
+       bb_perror_msg_and_die("exec %s", argv[0]);
+}
+
+static void envuidgid(int argc, char **argv)
+{
+       const char *account;
+
+       account = *++argv;
+       if (!account) bb_show_usage();
+       if (!*++argv) bb_show_usage();
+       euidgid((char*)account, 0);
+       execvp(argv[0], argv);
+       bb_perror_msg_and_die("exec %s", argv[0]);
+}
+
+static void envdir(int argc, char **argv)
+{
+       const char *dir;
+
+       dir = *++argv;
+       if (!dir) bb_show_usage();
+       if (!*++argv) bb_show_usage();
+       edir(dir);
+       execvp(argv[0], argv);
+       bb_perror_msg_and_die("exec %s", argv[0]);
+}
+
+static void softlimit(int argc, char **argv)
+{
+       char *a,*c,*d,*f,*l,*m,*o,*p,*r,*s,*t;
+       option_mask = bb_getopt_ulflags(argc, argv, "a:c:d:f:l:m:o:p:r:s:t:",
+                       &a,&c,&d,&f,&l,&m,&o,&p,&r,&s,&t);
+       if (option_mask & 0x001) limita = bb_xgetularg10(a); // -a
+       if (option_mask & 0x002) limitc = bb_xgetularg10(c); // -c
+       if (option_mask & 0x004) limitd = bb_xgetularg10(d); // -d
+       if (option_mask & 0x008) limitf = bb_xgetularg10(f); // -f
+       if (option_mask & 0x010) limitl = bb_xgetularg10(l); // -l
+       if (option_mask & 0x020) limits = limitl = limita = limitd = bb_xgetularg10(m); // -m
+       if (option_mask & 0x040) limito = bb_xgetularg10(o); // -o
+       if (option_mask & 0x080) limitp = bb_xgetularg10(p); // -p
+       if (option_mask & 0x100) limitr = bb_xgetularg10(r); // -r
+       if (option_mask & 0x200) limits = bb_xgetularg10(s); // -s
+       if (option_mask & 0x400) limitt = bb_xgetularg10(t); // -t
+       argv += optind;
+       if (!argv[0]) bb_show_usage();
+       slimit();
+       execvp(argv[0], argv);
+       bb_perror_msg_and_die("exec %s", argv[0]);
+}

diff --git a/runit/uidgid.c b/runit/uidgid.c
new file mode 100644 (file)
index 0000000..a8fec40
--- /dev/null
+++ b/runit/uidgid.c
@@ -0,0 +1,63 @@
+#include <sys/types.h>
+#include <pwd.h>
+#include <grp.h>
+#include "uidgid.h"
+
+static unsigned str_chr(const char *s, int c)
+{
+       const char *t = s;
+       while (t[0] && t[0] != (char)c)
+               t++;
+       return t - s;
+}
+
+
+unsigned uidgid_get(struct uidgid *u, char *ug, unsigned dogrp) {
+       char *g = 0;
+       struct passwd *pwd = 0;
+       struct group *gr = 0;
+       int i, d = 0;
+
+       if (dogrp)
+               d = str_chr(ug, ':');
+       if (ug[d] == ':') {
+               ug[d] = 0;
+               g = ug + d + 1;
+       }
+       pwd = getpwnam(ug);
+       if (!pwd) {
+               if (g) ug[d] = ':';
+               return 0;
+       }
+       if (g) {
+               ug[d] = ':';
+               for (i = 0; i < 60; ++i) {
+                       d = str_chr(g, ':');
+                       if (g[d] == ':') {
+                               g[d] = 0;
+                               gr = getgrnam(g);
+                               if (!gr) {
+                                       g[d] = ':';
+                                       return 0;
+                               }
+                               g[d] = ':';
+                               u->gid[i] = gr->gr_gid;
+                               g += d+1;
+                       }
+                       else {
+                               gr = getgrnam(g);
+                               if (!gr) return 0;
+                               u->gid[i++] = gr->gr_gid;
+                               break;
+                       }
+               }
+               u->gid[i] = 0;
+               u->gids = i;
+       }
+       if (!g) {
+               u->gid[0] = pwd->pw_gid;
+               u->gids = 1;
+       }
+       u->uid = pwd->pw_uid;
+       return 1;
+}

diff --git a/runit/uidgid.h b/runit/uidgid.h
new file mode 100644 (file)
index 0000000..1d47fe6
--- /dev/null
+++ b/runit/uidgid.h
@@ -0,0 +1,14 @@
+#ifndef UIDGID_H
+#define UIDGID_H
+
+#include <sys/types.h>
+
+struct uidgid {
+       uid_t uid;
+       gid_t gid[61];
+       int gids;
+};
+
+extern unsigned uidgid_get(struct uidgid *, char *, unsigned);
+
+#endif