su: make /etc/shells check configurable

ash: missing ';'
author: Denis Vlasenko <vda.linux@googlemail.com> 2006-12-19 00:20:20 +0000
committer: Denis Vlasenko <vda.linux@googlemail.com> 2006-12-19 00:20:20 +0000
commit: 15b213ef5a0834eb06a0183ab839ac883d829d5a (patch)
tree: 46b4cf5e6ce90c66b6794bf23b69705fbcb8d1e6
parent: 908d6b7054fbe793636d75d50d4af73ad9627c3b (diff)
download: busybox-w32-15b213ef5a0834eb06a0183ab839ac883d829d5a.tar.gz
busybox-w32-15b213ef5a0834eb06a0183ab839ac883d829d5a.tar.bz2
busybox-w32-15b213ef5a0834eb06a0183ab839ac883d829d5a.zip
4 files changed, 29 insertions, 30 deletions
diff --git a/libbb/restricted_shell.c b/libbb/restricted_shell.c
index 74a64140f..dc4cfb458 100644
--- a/libbb/restricted_shell.c
+++ b/libbb/restricted_shell.c
@@ -28,30 +28,19 @@
 * SUCH DAMAGE.
 */
-#include <stdio.h>
-#include <errno.h>
-#include <unistd.h>
-#include <string.h>
-#include <stdlib.h>
-#include <syslog.h>
-#include <ctype.h>
 #include "libbb.h"
 /* Return 1 if SHELL is a restricted shell (one not returned by
   getusershell), else 0, meaning it is a standard shell.  */
+int restricted_shell(const char *shell)
-int restricted_shell ( const char *shell )
 {
        char *line;
-        setusershell ( );
+        setusershell();
-        while (( line = getusershell ( ))) {
+        while ((line = getusershell())) {
-                if (( *line != '#' ) && ( strcmp ( line, shell ) == 0 ))
+                if (*line != '#' && strcmp(line, shell) == 0)
-                        break;
+                        return 0;
        }
-        endusershell ( );
+        endusershell();
-        return line ? 0 : 1;
+        return 1;
 }
diff --git a/loginutils/Config.in b/loginutils/Config.in
index 2ad141511..3628c49af 100644
--- a/loginutils/Config.in
+++ b/loginutils/Config.in
@@ -155,11 +155,14 @@ config SU
          work properly.
 config SU_SYSLOG
-        bool "Support for syslog in su"
+        bool "Enable su to write to syslog"
        default y
        depends on SU
-        help
-          Enables support for syslog in su.
+config FEATURE_SU_CHECKS_SHELLS
+        bool "Enable su to check user's shell to be listed in /etc/shells"
+        depends on SU
+        default y
 config SULOGIN
        bool "sulogin"
diff --git a/loginutils/su.c b/loginutils/su.c
index 046457b6f..25b85920a 100644
--- a/loginutils/su.c
+++ b/loginutils/su.c
@@ -10,7 +10,7 @@
 int su_main(int argc, char **argv)
 {
-        unsigned long flags;
+        unsigned flags;
        char *opt_shell = 0;
        char *opt_command = 0;
        char *opt_username = "root";
@@ -49,19 +49,23 @@ int su_main(int argc, char **argv)
        }
        pw = getpwnam(opt_username);
-        if (!pw) bb_error_msg_and_die("unknown id: %s", opt_username);
+        if (!pw)        
+                bb_error_msg_and_die("unknown id: %s", opt_username);
        /* Make sure pw->pw_shell is non-NULL.  It may be NULL when NEW_USER
           is a username that is retrieved via NIS (YP), but that doesn't have
           a default shell listed.  */
-        if (!pw->pw_shell || !pw->pw_shell[0]) pw->pw_shell = (char *)DEFAULT_SHELL;
+        if (!pw->pw_shell || !pw->pw_shell[0])
+                pw->pw_shell = (char *)DEFAULT_SHELL;
        if ((cur_uid == 0) || correct_password(pw)) {
                if (ENABLE_SU_SYSLOG)
-                        syslog(LOG_NOTICE, "+ %s %s:%s", tty, old_user, opt_username);
+                        syslog(LOG_NOTICE, "%c %s %s:%s",
+                                '+', tty, old_user, opt_username);
        } else {
                if (ENABLE_SU_SYSLOG)
-                        syslog(LOG_NOTICE, "- %s %s:%s", tty, old_user, opt_username);
+                        syslog(LOG_NOTICE, "%c %s %s:%s",
+                                '-', tty, old_user, opt_username);
                bb_error_msg_and_die("incorrect password");
        }
@@ -70,8 +74,10 @@ int su_main(int argc, char **argv)
                free(old_user);
        }
-        if (!opt_shell && (flags & SU_OPT_mp)) opt_shell = getenv("SHELL");
+        if (!opt_shell && (flags & SU_OPT_mp))
+                opt_shell = getenv("SHELL");
+#if ENABLE_FEATURE_SU_CHECKS_SHELLS
        if (opt_shell && cur_uid && restricted_shell(pw->pw_shell)) {
                /* The user being su'd to has a nonstandard shell, and so is
                   probably a uucp account or has restricted access.  Don't
@@ -80,8 +86,9 @@ int su_main(int argc, char **argv)
                bb_error_msg("using restricted shell");
                opt_shell = 0;
        }
+#endif
-        if (!opt_shell) opt_shell = pw->pw_shell;
+        if (!opt_shell)
+                opt_shell = pw->pw_shell;
        change_identity(pw);
        setup_environment(opt_shell, flags & SU_OPT_l, !(flags & SU_OPT_mp), pw);
diff --git a/shell/ash.c b/shell/ash.c
index ae5182ad1..97f0d6bef 100644
--- a/shell/ash.c
+++ b/shell/ash.c
@@ -12014,7 +12014,7 @@ setvar(const char *name, const char *val, int flags)
                vallen = strlen(val);
        }
        INTOFF;
-        nameeq = ckmalloc(namelen + vallen + 2)
+        nameeq = ckmalloc(namelen + vallen + 2);
        p = memcpy(nameeq, name, namelen) + namelen;
        if (val) {
                *p++ = '=';
author	Denis Vlasenko <vda.linux@googlemail.com>	2006-12-19 00:20:20 +0000
committer	Denis Vlasenko <vda.linux@googlemail.com>	2006-12-19 00:20:20 +0000
commit	15b213ef5a0834eb06a0183ab839ac883d829d5a (patch)
tree	46b4cf5e6ce90c66b6794bf23b69705fbcb8d1e6
parent	908d6b7054fbe793636d75d50d4af73ad9627c3b (diff)
download	busybox-w32-15b213ef5a0834eb06a0183ab839ac883d829d5a.tar.gz busybox-w32-15b213ef5a0834eb06a0183ab839ac883d829d5a.tar.bz2 busybox-w32-15b213ef5a0834eb06a0183ab839ac883d829d5a.zip

diff --git a/libbb/restricted_shell.c b/libbb/restricted_shell.c index 74a64140f..dc4cfb458 100644 --- a/libbb/restricted_shell.c +++ b/libbb/restricted_shell.c
@@ -28,30 +28,19 @@
28	* SUCH DAMAGE.	28	* SUCH DAMAGE.
29	*/	29	*/
30		30
31	#include <stdio.h>
32	#include <errno.h>
33	#include <unistd.h>
34	#include <string.h>
35	#include <stdlib.h>
36	#include <syslog.h>
37	#include <ctype.h>
38	#include "libbb.h"	31	#include "libbb.h"
39		32
40
41
42	/* Return 1 if SHELL is a restricted shell (one not returned by	33	/* Return 1 if SHELL is a restricted shell (one not returned by
43	getusershell), else 0, meaning it is a standard shell. */	34	getusershell), else 0, meaning it is a standard shell. */
44		35	int restricted_shell(const char *shell)
45	int restricted_shell ( const char *shell )
46	{	36	{
47	char *line;	37	char *line;
48		38
49	setusershell ( );	39	setusershell();
50	while (( line = getusershell ( ))) {	40	while ((line = getusershell())) {
51	if (( *line != '#' ) && ( strcmp ( line, shell ) == 0 ))	41	if (*line != '#' && strcmp(line, shell) == 0)
52	break;	42	return 0;
53	}	43	}
54	endusershell ( );	44	endusershell();
55	return line ? 0 : 1;	45	return 1;
56	}	46	}
57


diff --git a/loginutils/Config.in b/loginutils/Config.in index 2ad141511..3628c49af 100644 --- a/loginutils/Config.in +++ b/loginutils/Config.in
@@ -155,11 +155,14 @@ config SU
155	work properly.	155	work properly.
156		156
157	config SU_SYSLOG	157	config SU_SYSLOG
158	bool "Support for syslog in su"	158	bool "Enable su to write to syslog"
159	default y	159	default y
160	depends on SU	160	depends on SU
161	help	161
162	Enables support for syslog in su.	162	config FEATURE_SU_CHECKS_SHELLS
		163	bool "Enable su to check user's shell to be listed in /etc/shells"
		164	depends on SU
		165	default y
163		166
164	config SULOGIN	167	config SULOGIN
165	bool "sulogin"	168	bool "sulogin"


diff --git a/loginutils/su.c b/loginutils/su.c index 046457b6f..25b85920a 100644 --- a/loginutils/su.c +++ b/loginutils/su.c
@@ -10,7 +10,7 @@
10		10
11	int su_main(int argc, char **argv)	11	int su_main(int argc, char **argv)
12	{	12	{
13	unsigned long flags;	13	unsigned flags;
14	char *opt_shell = 0;	14	char *opt_shell = 0;
15	char *opt_command = 0;	15	char *opt_command = 0;
16	char *opt_username = "root";	16	char *opt_username = "root";
@@ -49,19 +49,23 @@ int su_main(int argc, char **argv)
49	}	49	}
50		50
51	pw = getpwnam(opt_username);	51	pw = getpwnam(opt_username);
52	if (!pw) bb_error_msg_and_die("unknown id: %s", opt_username);	52	if (!pw)
		53	bb_error_msg_and_die("unknown id: %s", opt_username);
53		54
54	/* Make sure pw->pw_shell is non-NULL. It may be NULL when NEW_USER	55	/* Make sure pw->pw_shell is non-NULL. It may be NULL when NEW_USER
55	is a username that is retrieved via NIS (YP), but that doesn't have	56	is a username that is retrieved via NIS (YP), but that doesn't have
56	a default shell listed. */	57	a default shell listed. */
57	if (!pw->pw_shell \|\| !pw->pw_shell[0]) pw->pw_shell = (char *)DEFAULT_SHELL;	58	if (!pw->pw_shell \|\| !pw->pw_shell[0])
		59	pw->pw_shell = (char *)DEFAULT_SHELL;
58		60
59	if ((cur_uid == 0) \|\| correct_password(pw)) {	61	if ((cur_uid == 0) \|\| correct_password(pw)) {
60	if (ENABLE_SU_SYSLOG)	62	if (ENABLE_SU_SYSLOG)
61	syslog(LOG_NOTICE, "+ %s %s:%s", tty, old_user, opt_username);	63	syslog(LOG_NOTICE, "%c %s %s:%s",
		64	'+', tty, old_user, opt_username);
62	} else {	65	} else {
63	if (ENABLE_SU_SYSLOG)	66	if (ENABLE_SU_SYSLOG)
64	syslog(LOG_NOTICE, "- %s %s:%s", tty, old_user, opt_username);	67	syslog(LOG_NOTICE, "%c %s %s:%s",
		68	'-', tty, old_user, opt_username);
65	bb_error_msg_and_die("incorrect password");	69	bb_error_msg_and_die("incorrect password");
66	}	70	}
67		71
@@ -70,8 +74,10 @@ int su_main(int argc, char **argv)
70	free(old_user);	74	free(old_user);
71	}	75	}
72		76
73	if (!opt_shell && (flags & SU_OPT_mp)) opt_shell = getenv("SHELL");	77	if (!opt_shell && (flags & SU_OPT_mp))
		78	opt_shell = getenv("SHELL");
74		79
		80	#if ENABLE_FEATURE_SU_CHECKS_SHELLS
75	if (opt_shell && cur_uid && restricted_shell(pw->pw_shell)) {	81	if (opt_shell && cur_uid && restricted_shell(pw->pw_shell)) {
76	/* The user being su'd to has a nonstandard shell, and so is	82	/* The user being su'd to has a nonstandard shell, and so is
77	probably a uucp account or has restricted access. Don't	83	probably a uucp account or has restricted access. Don't
@@ -80,8 +86,9 @@ int su_main(int argc, char **argv)
80	bb_error_msg("using restricted shell");	86	bb_error_msg("using restricted shell");
81	opt_shell = 0;	87	opt_shell = 0;
82	}	88	}
83		89	#endif
84	if (!opt_shell) opt_shell = pw->pw_shell;	90	if (!opt_shell)
		91	opt_shell = pw->pw_shell;
85		92
86	change_identity(pw);	93	change_identity(pw);
87	setup_environment(opt_shell, flags & SU_OPT_l, !(flags & SU_OPT_mp), pw);	94	setup_environment(opt_shell, flags & SU_OPT_l, !(flags & SU_OPT_mp), pw);


diff --git a/shell/ash.c b/shell/ash.c index ae5182ad1..97f0d6bef 100644 --- a/shell/ash.c +++ b/shell/ash.c
@@ -12014,7 +12014,7 @@ setvar(const char name, const char val, int flags)
12014	vallen = strlen(val);	12014	vallen = strlen(val);
12015	}	12015	}
12016	INTOFF;	12016	INTOFF;
12017	nameeq = ckmalloc(namelen + vallen + 2)	12017	nameeq = ckmalloc(namelen + vallen + 2);
12018	p = memcpy(nameeq, name, namelen) + namelen;	12018	p = memcpy(nameeq, name, namelen) + namelen;
12019	if (val) {	12019	if (val) {
12020	*p++ = '=';	12020	*p++ = '=';