id: coreutils compat by Tito + test script

author: Denis Vlasenko <vda.linux@googlemail.com> 2008-10-29 00:27:31 +0000
committer: Denis Vlasenko <vda.linux@googlemail.com> 2008-10-29 00:27:31 +0000
commit: 34e68c8b42ccbc8b04e6184f4985c3b47e6c6df0 (patch)
tree: 561bfdec1b2633b25d10e1a8044de3c7184b334c
parent: d498850e02861ac4422f9a1e88deb8dec2c34887 (diff)
download: busybox-w32-34e68c8b42ccbc8b04e6184f4985c3b47e6c6df0.tar.gz
busybox-w32-34e68c8b42ccbc8b04e6184f4985c3b47e6c6df0.tar.bz2
busybox-w32-34e68c8b42ccbc8b04e6184f4985c3b47e6c6df0.zip
2 files changed, 406 insertions, 128 deletions
diff --git a/coreutils/id.c b/coreutils/id.c
index aa27ed394..b00532f83 100644
--- a/coreutils/id.c
+++ b/coreutils/id.c
@@ -3,176 +3,210 @@
 * Mini id implementation for busybox
 *
 * Copyright (C) 2000 by Randolph Chung <tausq@debian.org>
+ * Copyright (C) 2008 by Tito Ragusa <farmatito@tiscali.it>
 *
 * Licensed under GPLv2 or later, see file LICENSE in this tarball for details.
 */
 /* BB_AUDIT SUSv3 compliant. */
-/* Hacked by Tito Ragusa (C) 2004 to handle usernames of whatever length and to
+/* Hacked by Tito Ragusa (C) 2004 to handle usernames of whatever
- * be more similar to GNU id.
+ * length and to be more similar to GNU id.
 * -Z option support: by Yuichi Nakamura <ynakam@hitachisoft.jp>
 * Added -G option Tito Ragusa (C) 2008 for SUSv3.
 */
 #include "libbb.h"
-#define PRINT_REAL        1
+enum {
-#define NAME_NOT_NUMBER   2
+        PRINT_REAL      = (1 << 0),
-#define JUST_USER         4
+        NAME_NOT_NUMBER = (1 << 1),
-#define JUST_GROUP        8
+        JUST_USER       = (1 << 2),
-#define JUST_ALL_GROUPS  16
+        JUST_GROUP      = (1 << 3),
+        JUST_ALL_GROUPS = (1 << 4),
 #if ENABLE_SELINUX
-#define JUST_CONTEXT     32
+        JUST_CONTEXT    = (1 << 5),
 #endif
+};
-static int printf_full(unsigned id, const char *arg, const char *prefix)
+static int print_common(unsigned id,
+                char* FAST_FUNC bb_getXXXid(char *name, int bufsize, long uid),
+                const char *prefix)
 {
-        const char *fmt = "%s%u";
+        const char *name = bb_getXXXid(NULL, 0, id);
-        int status = EXIT_FAILURE;
-        if (arg) {
+        if (prefix) {
-                fmt = "%s%u(%s)";
+                printf("%s", prefix);
-                status = EXIT_SUCCESS;
        }
-        printf(fmt, prefix, id, arg);
+        if (!(option_mask32 & NAME_NOT_NUMBER) || !name) {
-        return status;
+                printf("%u", id);
+        }
+        if (!option_mask32 || (option_mask32 & NAME_NOT_NUMBER)) {
+                if (name) {
+                        printf(option_mask32 ? "%s" : "(%s)", name);
+                } else {
+                        /* Don't set error status flag in default mode */
+                        if (option_mask32) {
+                                if (ENABLE_DESKTOP)
+                                        bb_error_msg("unknown ID %u", id);
+                                return EXIT_FAILURE;
+                        }
+                }
+        }
+        return EXIT_SUCCESS;
 }
-#if (defined(__GLIBC__) && !defined(__UCLIBC__))
+static int print_group(gid_t id, const char *prefix)
-#define HAVE_getgrouplist 1
+{
-#elif ENABLE_USE_BB_PWD_GRP
+        return print_common(id, bb_getgrgid, prefix);
-#define HAVE_getgrouplist 1
+}
-#else
-#define HAVE_getgrouplist 0
+static int print_user(gid_t id, const char *prefix)
-#endif
+{
+        return print_common(id, bb_getpwuid, prefix);
+}
+/* On error set *n < 0 and return >= 0
+ * If *n is too small, update it and return < 0
+ *  (ok to trash groups[] in both cases)
+ * Otherwise fill in groups[] and return >= 0
+ */
+static int get_groups(const char *username, gid_t rgid, gid_t *groups, int *n)
+{
+        int m;
+        if (username) {
+                /* If the user is a member of more than
+                 * *n groups, then -1 is returned. Otherwise >= 0.
+                 * (and no defined way of detecting errors?!) */
+                m = getgrouplist(username, rgid, groups, n);
+                /* I guess *n < 0 might indicate error. Anyway,
+                 * malloc'ing -1 bytes won't be good, so: */
+                //if (*n < 0)
+                //      return 0;
+                //return m;
+                //commented here, happens below anyway
+        } else {
+                /* On error -1 is returned, which ends up in *n */
+                int nn = getgroups(*n, groups);
+                /* 0: nn <= *n, groups[] was big enough; -1 otherwise */
+                m = - (nn > *n);
+                *n = nn;
+        }
+        if (*n < 0)
+                return 0; /* error, don't return < 0! */
+        return m;
+}
 int id_main(int argc, char **argv) MAIN_EXTERNALLY_VISIBLE;
 int id_main(int argc UNUSED_PARAM, char **argv)
 {
+        uid_t ruid;
+        gid_t rgid;
+        uid_t euid;
+        gid_t egid;
+        unsigned opt;
+        int i;
+        int status = EXIT_SUCCESS;
+        const char *prefix;
        const char *username;
-        struct passwd *p;
-        uid_t uid;
-        gid_t gid;
-#if HAVE_getgrouplist
-        gid_t *groups;
-        int n;
-#endif
-        unsigned flags;
-        short status;
 #if ENABLE_SELINUX
-        security_context_t scontext;
+        security_context_t scontext = NULL;
 #endif
-        /* Don't allow -n -r -nr -ug -rug -nug -rnug */
+        /* Don't allow -n -r -nr -ug -rug -nug -rnug -uZ -gZ -GZ*/
        /* Don't allow more than one username */
-        opt_complementary = "?1:u--g:g--u:G--u:u--G:g--G:G--g:r?ugG:n?ugG" USE_SELINUX(":u--Z:Z--u:g--Z:Z--g");
+        opt_complementary = "?1:u--g:g--u:G--u:u--G:g--G:G--g:r?ugG:n?ugG"
-        flags = getopt32(argv, "rnugG" USE_SELINUX("Z"));
+                         USE_SELINUX(":u--Z:Z--u:g--Z:Z--g:G--Z:Z--G");
-        username = argv[optind];
+        opt = getopt32(argv, "rnugG" USE_SELINUX("Z"));
-        /* This values could be overwritten later */
-        uid = geteuid();
-        gid = getegid();
-        if (flags & PRINT_REAL) {
-                uid = getuid();
-                gid = getgid();
-        }
+        username = argv[optind];
        if (username) {
-#if HAVE_getgrouplist
+                struct passwd *p = getpwnam(username);
-                int m;
+                if (!p)
-#endif
+                        bb_error_msg_and_die("unknown user %s", username);
-                p = getpwnam(username);
+                euid = ruid = p->pw_uid;
-                /* xuname2uid is needed because it exits on failure */
+                egid = rgid = p->pw_gid;
-                uid = xuname2uid(username);
-                gid = p->pw_gid; /* in this case PRINT_REAL is the same */
-#if HAVE_getgrouplist
-                n = 16;
-                groups = NULL;
-                do {
-                        m = n;
-                        groups = xrealloc(groups, sizeof(groups[0]) * m);
-                        getgrouplist(username, gid, groups, &n); /* GNUism? */
-                } while (n > m);
-#endif
        } else {
-#if HAVE_getgrouplist
+                egid = getegid();
-                n = getgroups(0, NULL);
+                rgid = getgid();
-                groups = xmalloc(sizeof(groups[0]) * n);
+                euid = geteuid();
-                getgroups(n, groups);
+                ruid = getuid();
-#endif
-        }
-        if (flags & JUST_ALL_GROUPS) {
-#if HAVE_getgrouplist
-                while (n--) {
-                        if (flags & NAME_NOT_NUMBER)
-                                printf("%s", bb_getgrgid(NULL, 0, *groups++));
-                        else
-                                printf("%u", (unsigned) *groups++);
-                        bb_putchar((n > 0) ? ' ' : '\n');
-                }
-#endif
-                /* exit */
-                fflush_stdout_and_exit(EXIT_SUCCESS);
        }
+        /* JUST_ALL_GROUPS ignores -r PRINT_REAL flag even if man page for */
-        if (flags & (JUST_GROUP | JUST_USER USE_SELINUX(| JUST_CONTEXT))) {
+        /* id says: print the real ID instead of the effective ID, with -ugG */
-                /* JUST_GROUP and JUST_USER are mutually exclusive */
+        /* in fact in ths case egid is always printed if egid != rgid */
-                if (flags & NAME_NOT_NUMBER) {
+        if (!opt || (opt & JUST_ALL_GROUPS)) {
-                        /* bb_getXXXid(-1) exits on failure, puts cannot segfault */
+                gid_t *groups;
-                        puts((flags & JUST_USER) ? bb_getpwuid(NULL, -1, uid) : bb_getgrgid(NULL, -1, gid));
+                int n;
+                if (!opt) {
+                        /* Default Mode */
+                        status |= print_user(ruid, "uid=");
+                        status |= print_group(rgid, " gid=");
+                        if (euid != ruid)
+                                status |= print_user(euid, " euid=");
+                        if (egid != rgid)
+                                status |= print_group(egid, " egid=");
                } else {
-                        if (flags & JUST_USER) {
+                        /* JUST_ALL_GROUPS */
-                                printf("%u\n", (unsigned)uid);
+                        status |= print_group(rgid, NULL);
-                        }
+                        if (egid != rgid)
-                        if (flags & JUST_GROUP) {
+                                status |= print_group(egid, " ");
-                                printf("%u\n", (unsigned)gid);
+                }
+                /* We'd rather try supplying largish buffer than
+                 * having get_groups() run twice. That might be slow
+                 * (think about "user database in remove SQL server" case) */
+                groups = xmalloc(64 * sizeof(gid_t));
+                n = 64;
+                if (get_groups(username, rgid, groups, &n) < 0) {
+                        /* Need bigger buffer after all */
+                        groups = xrealloc(groups, n * sizeof(gid_t));
+                        get_groups(username, rgid, groups, &n);
+                }
+                if (n > 0) {
+                        /* Print the list */
+                        prefix = " groups=";
+                        for (i = 0; i < n; i++) {
+                                if (opt && (groups[i] == rgid || groups[i] == egid))
+                                        continue;
+                                status |= print_group(groups[i], opt ? " " : prefix);
+                                prefix = ",";
                        }
+                        if (ENABLE_FEATURE_CLEAN_UP)
+                                free(groups);
+                } else if (n < 0) { /* error in get_groups() */
+                        if (!ENABLE_DESKTOP)
+                                bb_error_msg_and_die("cannot get groups");
+                        else
+                                return EXIT_FAILURE;
                }
 #if ENABLE_SELINUX
-                if (flags & JUST_CONTEXT) {
+                if (is_selinux_enabled()) {
-                        selinux_or_die();
+                        if (getcon(&scontext) == 0)
-                        if (username) {
+                                printf(" context=%s", scontext);
-                                bb_error_msg_and_die("user name can't be passed with -Z");
-                        }
-                        if (getcon(&scontext)) {
-                                bb_error_msg_and_die("can't get process context");
-                        }
-                        puts(scontext);
                }
 #endif
-                /* exit */
+        } else if (opt & PRINT_REAL) {
-                fflush_stdout_and_exit(EXIT_SUCCESS);
+                euid = ruid;
+                egid = rgid;
        }
-        /* Print full info like GNU id */
+        if (opt & JUST_USER)
-        /* bb_getpwuid(0) doesn't exit on failure (returns NULL) */
+                status |= print_user(euid, NULL);
-        status = printf_full(uid, bb_getpwuid(NULL, 0, uid), "uid=");
+        else if (opt & JUST_GROUP)
-        status |= printf_full(gid, bb_getgrgid(NULL, 0, gid), " gid=");
+                status |= print_group(egid, NULL);
-#if HAVE_getgrouplist
-        {
-                const char *msg = " groups=";
-                while (n--) {
-                        status |= printf_full(*groups, bb_getgrgid(NULL, 0, *groups), msg);
-                        msg = ",";
-                        groups++;
-                }
-        }
-        /* we leak groups vector... */
-#endif
 #if ENABLE_SELINUX
-        if (is_selinux_enabled()) {
+        else if (opt & JUST_CONTEXT) {
-                security_context_t mysid;
+                selinux_or_die();
-                getcon(&mysid);
+                if (username || getcon(&scontext)) {
-                printf(" context=%s", mysid ? mysid : "unknown");
+                        bb_error_msg_and_die("can't get process context%s",
-                if (mysid) /* TODO: maybe freecon(NULL) is harmless? */
+                                username ? " for a different user" : "");
-                        freecon(mysid);
+                }
+                fputs(scontext, stdout);
        }
+        /* freecon(NULL) seems to be harmless */
+        if (ENABLE_FEATURE_CLEAN_UP)
+                freecon(scontext);
 #endif
        bb_putchar('\n');
        fflush_stdout_and_exit(status);
 }
diff --git a/coreutils/id_test.sh b/coreutils/id_test.sh
new file mode 100755
index 000000000..0d65f2ae3
--- /dev/null
+++ b/coreutils/id_test.sh
@@ -0,0 +1,244 @@
+#!/bin/bash
+# Test script for busybox id vs. coreutils id.
+# Needs root privileges for some tests.
+cp /usr/bin/id .
+BUSYBOX=./busybox
+ID=./id
+LIST=`awk -F: '{ printf "%s\n", $1 }' /etc/passwd`
+FLAG_USER_EXISTS="no"
+TEST_USER="f583ca884c1d93458fb61ed137ff44f6"
+echo "test 1: id [options] nousername"
+rm -f foo bar
+for OPTIONS in "" "-u" "-un" "-unr" "-g" "-gn" "-gnr" "-G" "-Gn" "-Gnr"
+do
+        #echo "$OPTIONS"
+        $BUSYBOX id $OPTIONS >foo 2>/dev/null
+        RET1=$?
+        $ID $OPTIONS >bar 2>/dev/null
+        RET2=$?
+        if test "$RET1" != "$RET2"; then
+                echo "Return Values differ ($RET1 != $RET2): options $OPTIONS"
+        fi
+        diff foo bar
+done
+echo "test 2: id [options] username"
+rm -f foo bar
+for OPTIONS in "" "-u" "-un" "-unr" "-g" "-gn" "-gnr" "-G" "-Gn" "-Gnr"
+do
+        #echo "$OPTIONS"
+        for i in $LIST ; do
+                if test "$i" = "$TEST_USER"; then
+                        FLAG_USER_EXISTS="yes"
+                fi
+                $BUSYBOX id $OPTIONS $i >foo 2>/dev/null
+                RET1=$?
+                $ID $OPTIONS $i >bar 2>/dev/null
+                RET2=$?
+                if test "$RET1" != "$RET2"; then
+                        echo "Return Values differ ($RET1 != $RET2): options $OPTIONS"
+                fi
+                diff foo bar
+        done
+done
+if test $FLAG_USER_EXISTS = "yes"; then
+        echo "test 3,4,5,6,7,8,9,10,11,12 skipped because test user $TEST_USER already exists"
+        rm -f foo bar
+        exit 1
+fi
+adduser -s /bin/true -g "" -H -D "$TEST_USER" || exit 1
+chown $TEST_USER.$TEST_USER $BUSYBOX
+chmod u+s $BUSYBOX 2>&1 /dev/null
+chown $TEST_USER.$TEST_USER $ID
+chmod u+s $ID 2>&1 /dev/null
+echo "test 3 setuid, existing user: id [options] no username"
+rm -f foo bar
+for OPTIONS in "" "-u" "-un" "-unr" "-g" "-gn" "-gnr" "-G" "-Gn" "-Gnr"
+do
+        #echo "$OPTIONS"
+        $BUSYBOX id $OPTIONS >foo 2>/dev/null
+        RET1=$?
+        $ID $OPTIONS >bar 2>/dev/null
+        RET2=$?
+        if test "$RET1" != "$RET2"; then
+                echo "Return Values differ ($RET1 != $RET2): options $OPTIONS"
+        fi
+        diff foo bar
+        #done
+done
+echo "test 4 setuid, existing user: id [options] username"
+rm -f foo bar
+for OPTIONS in "" "-u" "-un" "-unr" "-g" "-gn" "-gnr" "-G" "-Gn" "-Gnr"
+do
+        #echo "$OPTIONS"
+        for i in $LIST ; do
+                $BUSYBOX id $OPTIONS $i >foo 2>/dev/null
+                RET1=$?
+                $ID $OPTIONS $i >bar 2>/dev/null
+                RET2=$?
+                if test "$RET1" != "$RET2"; then
+                        echo "Return Values differ ($RET1 != $RET2): options $OPTIONS"
+                fi
+                diff foo bar
+        done
+done
+chown $TEST_USER.$TEST_USER $BUSYBOX
+chmod g+s $BUSYBOX 2>&1 /dev/null
+chown $TEST_USER.$TEST_USER $ID
+chmod g+s $ID 2>&1 /dev/null
+echo "test 5 setgid, existing user: id [options] no username"
+rm -f foo bar
+for OPTIONS in "" "-u" "-un" "-unr" "-g" "-gn" "-gnr" "-G" "-Gn" "-Gnr"
+do
+        #echo "$OPTIONS"
+        $BUSYBOX id $OPTIONS >foo 2>/dev/null
+        RET1=$?
+        $ID $OPTIONS >bar 2>/dev/null
+        RET2=$?
+        if test "$RET1" != "$RET2"; then
+                echo "Return Values differ ($RET1 != $RET2): options $OPTIONS"
+        fi
+        diff foo bar
+        #done
+done
+echo "test 6 setgid, existing user: id [options] username"
+rm -f foo bar
+for OPTIONS in "" "-u" "-un" "-unr" "-g" "-gn" "-gnr" "-G" "-Gn" "-Gnr"
+do
+        #echo "$OPTIONS"
+        for i in $LIST ; do
+                $BUSYBOX id $OPTIONS $i >foo 2>/dev/null
+                RET1=$?
+                $ID $OPTIONS $i >bar 2>/dev/null
+                RET2=$?
+                if test "$RET1" != "$RET2"; then
+                        echo "Return Values differ ($RET1 != $RET2): options $OPTIONS"
+                fi
+                diff foo bar
+        done
+done
+chown $TEST_USER.$TEST_USER $BUSYBOX
+chmod u+s,g+s $BUSYBOX 2>&1 /dev/null
+chown $TEST_USER.$TEST_USER $ID
+chmod u+s,g+s $ID 2>&1 /dev/null
+echo "test 7 setuid, setgid, existing user: id [options] no username"
+rm -f foo bar
+for OPTIONS in "" "-u" "-un" "-unr" "-g" "-gn" "-gnr" "-G" "-Gn" "-Gnr"
+do
+        #echo "$OPTIONS"
+        $BUSYBOX id $OPTIONS >foo 2>/dev/null
+        RET1=$?
+        $ID $OPTIONS >bar 2>/dev/null
+        RET2=$?
+        if test "$RET1" != "$RET2"; then
+                echo "Return Values differ ($RET1 != $RET2): options $OPTIONS"
+        fi
+        diff foo bar
+        #done
+done
+echo "test 8 setuid, setgid, existing user: id [options] username"
+rm -f foo bar
+for OPTIONS in "" "-u" "-un" "-unr" "-g" "-gn" "-gnr" "-G" "-Gn" "-Gnr"
+do
+        #echo "$OPTIONS"
+        for i in $LIST ; do
+                $BUSYBOX id $OPTIONS $i >foo 2>/dev/null
+                RET1=$?
+                $ID $OPTIONS $i >bar 2>/dev/null
+                RET2=$?
+                if test "$RET1" != "$RET2"; then
+                        echo "Return Values differ ($RET1 != $RET2): options $OPTIONS"
+                fi
+                diff foo bar
+        done
+done
+deluser $TEST_USER || exit 1
+echo "test 9 setuid, setgid, not existing user: id [options] no username"
+rm -f foo bar
+for OPTIONS in "" "-u" "-un" "-unr" "-g" "-gn" "-gnr" "-G" "-Gn" "-Gnr"
+do
+        #echo "$OPTIONS"
+        $BUSYBOX id $OPTIONS >foo 2>/dev/null
+        RET1=$?
+        $ID $OPTIONS >bar 2>/dev/null
+        RET2=$?
+        if test "$RET1" != "$RET2"; then
+                echo "Return Values differ ($RET1 != $RET2): options $OPTIONS"
+        fi
+        diff foo bar
+done
+echo "test 10 setuid, setgid, not existing user: id [options] username"
+rm -f foo bar
+for OPTIONS in "" "-u" "-un" "-unr" "-g" "-gn" "-gnr" "-G" "-Gn" "-Gnr"
+do
+        #echo "$OPTIONS"
+        for i in $LIST ; do
+                $BUSYBOX id $OPTIONS $i >foo 2>/dev/null
+                RET1=$?
+                $ID $OPTIONS $i >bar 2>/dev/null
+                RET2=$?
+                if test "$RET1" != "$RET2"; then
+                        echo "Return Values differ ($RET1 != $RET2): options $OPTIONS"
+                fi
+                diff foo bar
+        done
+done
+chown .root $BUSYBOX 2>&1 /dev/null
+chown .root $ID 2>&1 /dev/null
+chmod g+s $BUSYBOX 2>&1 /dev/null
+chmod g+s $ID 2>&1 /dev/null
+echo "test 11 setgid, not existing group: id [options] no username"
+rm -f foo bar
+for OPTIONS in "" "-u" "-un" "-unr" "-g" "-gn" "-gnr" "-G" "-Gn" "-Gnr"
+do
+        #echo "$OPTIONS"
+        $BUSYBOX id $OPTIONS >foo 2>/dev/null
+        RET1=$?
+        $ID $OPTIONS >bar 2>/dev/null
+        RET2=$?
+        if test "$RET1" != "$RET2"; then
+                echo "Return Values differ ($RET1 != $RET2): options $OPTIONS"
+        fi
+        diff foo bar
+        #done
+done
+echo "test 12 setgid, not existing group: id [options] username"
+rm -f foo bar
+for OPTIONS in "" "-u" "-un" "-unr" "-g" "-gn" "-gnr" "-G" "-Gn" "-Gnr"
+do
+        #echo "$OPTIONS"
+        for i in $LIST ; do
+                $BUSYBOX id $OPTIONS $i >foo 2>/dev/null
+                RET1=$?
+                $ID $OPTIONS $i >bar 2>/dev/null
+                RET2=$?
+                if test "$RET1" != "$RET2"; then
+                        echo "Return Values differ ($RET1 != $RET2): options $OPTIONS"
+                fi
+                diff foo bar
+        done
+done
+chown root.root $BUSYBOX 2>&1 /dev/null
+chown root.root $ID 2>&1 /dev/null
+rm -f $ID
+rm -f foo bar
author	Denis Vlasenko <vda.linux@googlemail.com>	2008-10-29 00:27:31 +0000
committer	Denis Vlasenko <vda.linux@googlemail.com>	2008-10-29 00:27:31 +0000
commit	34e68c8b42ccbc8b04e6184f4985c3b47e6c6df0 (patch)
tree	561bfdec1b2633b25d10e1a8044de3c7184b334c
parent	d498850e02861ac4422f9a1e88deb8dec2c34887 (diff)
download	busybox-w32-34e68c8b42ccbc8b04e6184f4985c3b47e6c6df0.tar.gz busybox-w32-34e68c8b42ccbc8b04e6184f4985c3b47e6c6df0.tar.bz2 busybox-w32-34e68c8b42ccbc8b04e6184f4985c3b47e6c6df0.zip

diff --git a/coreutils/id.c b/coreutils/id.c index aa27ed394..b00532f83 100644 --- a/coreutils/id.c +++ b/coreutils/id.c
@@ -3,176 +3,210 @@
3	* Mini id implementation for busybox	3	* Mini id implementation for busybox
4	*	4	*
5	* Copyright (C) 2000 by Randolph Chung <tausq@debian.org>	5	* Copyright (C) 2000 by Randolph Chung <tausq@debian.org>
		6	* Copyright (C) 2008 by Tito Ragusa <farmatito@tiscali.it>
6	*	7	*
7	* Licensed under GPLv2 or later, see file LICENSE in this tarball for details.	8	* Licensed under GPLv2 or later, see file LICENSE in this tarball for details.
8	*/	9	*/
9		10
10	/* BB_AUDIT SUSv3 compliant. */	11	/* BB_AUDIT SUSv3 compliant. */
11	/* Hacked by Tito Ragusa (C) 2004 to handle usernames of whatever length and to	12	/* Hacked by Tito Ragusa (C) 2004 to handle usernames of whatever
12	* be more similar to GNU id.	13	* length and to be more similar to GNU id.
13	* -Z option support: by Yuichi Nakamura <ynakam@hitachisoft.jp>	14	* -Z option support: by Yuichi Nakamura <ynakam@hitachisoft.jp>
14	* Added -G option Tito Ragusa (C) 2008 for SUSv3.	15	* Added -G option Tito Ragusa (C) 2008 for SUSv3.
15	*/	16	*/
16		17
17	#include "libbb.h"	18	#include "libbb.h"
18		19
19	#define PRINT_REAL 1	20	enum {
20	#define NAME_NOT_NUMBER 2	21	PRINT_REAL = (1 << 0),
21	#define JUST_USER 4	22	NAME_NOT_NUMBER = (1 << 1),
22	#define JUST_GROUP 8	23	JUST_USER = (1 << 2),
23	#define JUST_ALL_GROUPS 16	24	JUST_GROUP = (1 << 3),
		25	JUST_ALL_GROUPS = (1 << 4),
24	#if ENABLE_SELINUX	26	#if ENABLE_SELINUX
25	#define JUST_CONTEXT 32	27	JUST_CONTEXT = (1 << 5),
26	#endif	28	#endif
		29	};
27		30
28	static int printf_full(unsigned id, const char arg, const char prefix)	31	static int print_common(unsigned id,
		32	char* FAST_FUNC bb_getXXXid(char *name, int bufsize, long uid),
		33	const char *prefix)
29	{	34	{
30	const char *fmt = "%s%u";	35	const char *name = bb_getXXXid(NULL, 0, id);
31	int status = EXIT_FAILURE;
32		36
33	if (arg) {	37	if (prefix) {
34	fmt = "%s%u(%s)";	38	printf("%s", prefix);
35	status = EXIT_SUCCESS;
36	}	39	}
37	printf(fmt, prefix, id, arg);	40	if (!(option_mask32 & NAME_NOT_NUMBER) \|\| !name) {
38	return status;	41	printf("%u", id);
		42	}
		43	if (!option_mask32 \|\| (option_mask32 & NAME_NOT_NUMBER)) {
		44	if (name) {
		45	printf(option_mask32 ? "%s" : "(%s)", name);
		46	} else {
		47	/* Don't set error status flag in default mode */
		48	if (option_mask32) {
		49	if (ENABLE_DESKTOP)
		50	bb_error_msg("unknown ID %u", id);
		51	return EXIT_FAILURE;
		52	}
		53	}
		54	}
		55	return EXIT_SUCCESS;
39	}	56	}
40		57
41	#if (defined(__GLIBC__) && !defined(__UCLIBC__))	58	static int print_group(gid_t id, const char *prefix)
42	#define HAVE_getgrouplist 1	59	{
43	#elif ENABLE_USE_BB_PWD_GRP	60	return print_common(id, bb_getgrgid, prefix);
44	#define HAVE_getgrouplist 1	61	}
45	#else	62
46	#define HAVE_getgrouplist 0	63	static int print_user(gid_t id, const char *prefix)
47	#endif	64	{
		65	return print_common(id, bb_getpwuid, prefix);
		66	}
		67
		68	/* On error set *n < 0 and return >= 0
		69	* If *n is too small, update it and return < 0
		70	* (ok to trash groups[] in both cases)
		71	* Otherwise fill in groups[] and return >= 0
		72	*/
		73	static int get_groups(const char username, gid_t rgid, gid_t groups, int *n)
		74	{
		75	int m;
		76
		77	if (username) {
		78	/* If the user is a member of more than
		79	* *n groups, then -1 is returned. Otherwise >= 0.
		80	* (and no defined way of detecting errors?!) */
		81	m = getgrouplist(username, rgid, groups, n);
		82	/* I guess *n < 0 might indicate error. Anyway,
		83	* malloc'ing -1 bytes won't be good, so: */
		84	//if (*n < 0)
		85	// return 0;
		86	//return m;
		87	//commented here, happens below anyway
		88	} else {
		89	/* On error -1 is returned, which ends up in n /
		90	int nn = getgroups(*n, groups);
		91	/* 0: nn <= n, groups[] was big enough; -1 otherwise /
		92	m = - (nn > *n);
		93	*n = nn;
		94	}
		95	if (*n < 0)
		96	return 0; /* error, don't return < 0! */
		97	return m;
		98	}
48		99
49	int id_main(int argc, char **argv) MAIN_EXTERNALLY_VISIBLE;	100	int id_main(int argc, char **argv) MAIN_EXTERNALLY_VISIBLE;
50	int id_main(int argc UNUSED_PARAM, char **argv)	101	int id_main(int argc UNUSED_PARAM, char **argv)
51	{	102	{
		103	uid_t ruid;
		104	gid_t rgid;
		105	uid_t euid;
		106	gid_t egid;
		107	unsigned opt;
		108	int i;
		109	int status = EXIT_SUCCESS;
		110	const char *prefix;
52	const char *username;	111	const char *username;
53	struct passwd *p;
54	uid_t uid;
55	gid_t gid;
56	#if HAVE_getgrouplist
57	gid_t *groups;
58	int n;
59	#endif
60	unsigned flags;
61	short status;
62	#if ENABLE_SELINUX	112	#if ENABLE_SELINUX
63	security_context_t scontext;	113	security_context_t scontext = NULL;
64	#endif	114	#endif
65	/* Don't allow -n -r -nr -ug -rug -nug -rnug */	115	/* Don't allow -n -r -nr -ug -rug -nug -rnug -uZ -gZ -GZ*/
66	/* Don't allow more than one username */	116	/* Don't allow more than one username */
67	opt_complementary = "?1:u--g:g--u:G--u:u--G:g--G:G--g:r?ugG:n?ugG" USE_SELINUX(":u--Z:Z--u:g--Z:Z--g");	117	opt_complementary = "?1:u--g:g--u:G--u:u--G:g--G:G--g:r?ugG:n?ugG"
68	flags = getopt32(argv, "rnugG" USE_SELINUX("Z"));	118	USE_SELINUX(":u--Z:Z--u:g--Z:Z--g:G--Z:Z--G");
69	username = argv[optind];	119	opt = getopt32(argv, "rnugG" USE_SELINUX("Z"));
70
71	/* This values could be overwritten later */
72	uid = geteuid();
73	gid = getegid();
74	if (flags & PRINT_REAL) {
75	uid = getuid();
76	gid = getgid();
77	}
78		120
		121	username = argv[optind];
79	if (username) {	122	if (username) {
80	#if HAVE_getgrouplist	123	struct passwd *p = getpwnam(username);
81	int m;	124	if (!p)
82	#endif	125	bb_error_msg_and_die("unknown user %s", username);
83	p = getpwnam(username);	126	euid = ruid = p->pw_uid;
84	/* xuname2uid is needed because it exits on failure */	127	egid = rgid = p->pw_gid;
85	uid = xuname2uid(username);
86	gid = p->pw_gid; /* in this case PRINT_REAL is the same */
87
88	#if HAVE_getgrouplist
89	n = 16;
90	groups = NULL;
91	do {
92	m = n;
93	groups = xrealloc(groups, sizeof(groups[0]) * m);
94	getgrouplist(username, gid, groups, &n); /* GNUism? */
95	} while (n > m);
96	#endif
97	} else {	128	} else {
98	#if HAVE_getgrouplist	129	egid = getegid();
99	n = getgroups(0, NULL);	130	rgid = getgid();
100	groups = xmalloc(sizeof(groups[0]) * n);	131	euid = geteuid();
101	getgroups(n, groups);	132	ruid = getuid();
102	#endif
103	}
104
105	if (flags & JUST_ALL_GROUPS) {
106	#if HAVE_getgrouplist
107	while (n--) {
108	if (flags & NAME_NOT_NUMBER)
109	printf("%s", bb_getgrgid(NULL, 0, *groups++));
110	else
111	printf("%u", (unsigned) *groups++);
112	bb_putchar((n > 0) ? ' ' : '\n');
113	}
114	#endif
115	/* exit */
116	fflush_stdout_and_exit(EXIT_SUCCESS);
117	}	133	}
118		134	/* JUST_ALL_GROUPS ignores -r PRINT_REAL flag even if man page for */
119	if (flags & (JUST_GROUP \| JUST_USER USE_SELINUX(\| JUST_CONTEXT))) {	135	/* id says: print the real ID instead of the effective ID, with -ugG */
120	/* JUST_GROUP and JUST_USER are mutually exclusive */	136	/* in fact in ths case egid is always printed if egid != rgid */
121	if (flags & NAME_NOT_NUMBER) {	137	if (!opt \|\| (opt & JUST_ALL_GROUPS)) {
122	/* bb_getXXXid(-1) exits on failure, puts cannot segfault */	138	gid_t *groups;
123	puts((flags & JUST_USER) ? bb_getpwuid(NULL, -1, uid) : bb_getgrgid(NULL, -1, gid));	139	int n;
		140
		141	if (!opt) {
		142	/* Default Mode */
		143	status \|= print_user(ruid, "uid=");
		144	status \|= print_group(rgid, " gid=");
		145	if (euid != ruid)
		146	status \|= print_user(euid, " euid=");
		147	if (egid != rgid)
		148	status \|= print_group(egid, " egid=");
124	} else {	149	} else {
125	if (flags & JUST_USER) {	150	/* JUST_ALL_GROUPS */
126	printf("%u\n", (unsigned)uid);	151	status \|= print_group(rgid, NULL);
127	}	152	if (egid != rgid)
128	if (flags & JUST_GROUP) {	153	status \|= print_group(egid, " ");
129	printf("%u\n", (unsigned)gid);	154	}
		155	/* We'd rather try supplying largish buffer than
		156	* having get_groups() run twice. That might be slow
		157	* (think about "user database in remove SQL server" case) */
		158	groups = xmalloc(64 * sizeof(gid_t));
		159	n = 64;
		160	if (get_groups(username, rgid, groups, &n) < 0) {
		161	/* Need bigger buffer after all */
		162	groups = xrealloc(groups, n * sizeof(gid_t));
		163	get_groups(username, rgid, groups, &n);
		164	}
		165	if (n > 0) {
		166	/* Print the list */
		167	prefix = " groups=";
		168	for (i = 0; i < n; i++) {
		169	if (opt && (groups[i] == rgid \|\| groups[i] == egid))
		170	continue;
		171	status \|= print_group(groups[i], opt ? " " : prefix);
		172	prefix = ",";
130	}	173	}
		174	if (ENABLE_FEATURE_CLEAN_UP)
		175	free(groups);
		176	} else if (n < 0) { /* error in get_groups() */
		177	if (!ENABLE_DESKTOP)
		178	bb_error_msg_and_die("cannot get groups");
		179	else
		180	return EXIT_FAILURE;
131	}	181	}
132
133	#if ENABLE_SELINUX	182	#if ENABLE_SELINUX
134	if (flags & JUST_CONTEXT) {	183	if (is_selinux_enabled()) {
135	selinux_or_die();	184	if (getcon(&scontext) == 0)
136	if (username) {	185	printf(" context=%s", scontext);
137	bb_error_msg_and_die("user name can't be passed with -Z");
138	}
139
140	if (getcon(&scontext)) {
141	bb_error_msg_and_die("can't get process context");
142	}
143	puts(scontext);
144	}	186	}
145	#endif	187	#endif
146	/* exit */	188	} else if (opt & PRINT_REAL) {
147	fflush_stdout_and_exit(EXIT_SUCCESS);	189	euid = ruid;
		190	egid = rgid;
148	}	191	}
149		192
150	/* Print full info like GNU id */	193	if (opt & JUST_USER)
151	/* bb_getpwuid(0) doesn't exit on failure (returns NULL) */	194	status \|= print_user(euid, NULL);
152	status = printf_full(uid, bb_getpwuid(NULL, 0, uid), "uid=");	195	else if (opt & JUST_GROUP)
153	status \|= printf_full(gid, bb_getgrgid(NULL, 0, gid), " gid=");	196	status \|= print_group(egid, NULL);
154	#if HAVE_getgrouplist
155	{
156	const char *msg = " groups=";
157	while (n--) {
158	status \|= printf_full(groups, bb_getgrgid(NULL, 0, groups), msg);
159	msg = ",";
160	groups++;
161	}
162	}
163	/* we leak groups vector... */
164	#endif
165
166	#if ENABLE_SELINUX	197	#if ENABLE_SELINUX
167	if (is_selinux_enabled()) {	198	else if (opt & JUST_CONTEXT) {
168	security_context_t mysid;	199	selinux_or_die();
169	getcon(&mysid);	200	if (username \|\| getcon(&scontext)) {
170	printf(" context=%s", mysid ? mysid : "unknown");	201	bb_error_msg_and_die("can't get process context%s",
171	if (mysid) /* TODO: maybe freecon(NULL) is harmless? */	202	username ? " for a different user" : "");
172	freecon(mysid);	203	}
		204	fputs(scontext, stdout);
173	}	205	}
		206	/* freecon(NULL) seems to be harmless */
		207	if (ENABLE_FEATURE_CLEAN_UP)
		208	freecon(scontext);
174	#endif	209	#endif
175
176	bb_putchar('\n');	210	bb_putchar('\n');
177	fflush_stdout_and_exit(status);	211	fflush_stdout_and_exit(status);
178	}	212	}


diff --git a/coreutils/id_test.sh b/coreutils/id_test.sh new file mode 100755 index 000000000..0d65f2ae3 --- /dev/null +++ b/coreutils/id_test.sh
@@ -0,0 +1,244 @@
		1	#!/bin/bash
		2	# Test script for busybox id vs. coreutils id.
		3	# Needs root privileges for some tests.
		4
		5	cp /usr/bin/id .
		6	BUSYBOX=./busybox
		7	ID=./id
		8	LIST=`awk -F: '{ printf "%s\n", $1 }' /etc/passwd`
		9	FLAG_USER_EXISTS="no"
		10	TEST_USER="f583ca884c1d93458fb61ed137ff44f6"
		11
		12	echo "test 1: id [options] nousername"
		13	rm -f foo bar
		14	for OPTIONS in "" "-u" "-un" "-unr" "-g" "-gn" "-gnr" "-G" "-Gn" "-Gnr"
		15	do
		16	#echo "$OPTIONS"
		17	$BUSYBOX id $OPTIONS >foo 2>/dev/null
		18	RET1=$?
		19	$ID $OPTIONS >bar 2>/dev/null
		20	RET2=$?
		21	if test "$RET1" != "$RET2"; then
		22	echo "Return Values differ ($RET1 != $RET2): options $OPTIONS"
		23	fi
		24	diff foo bar
		25	done
		26
		27	echo "test 2: id [options] username"
		28	rm -f foo bar
		29	for OPTIONS in "" "-u" "-un" "-unr" "-g" "-gn" "-gnr" "-G" "-Gn" "-Gnr"
		30	do
		31	#echo "$OPTIONS"
		32	for i in $LIST ; do
		33	if test "$i" = "$TEST_USER"; then
		34	FLAG_USER_EXISTS="yes"
		35	fi
		36	$BUSYBOX id $OPTIONS $i >foo 2>/dev/null
		37	RET1=$?
		38	$ID $OPTIONS $i >bar 2>/dev/null
		39	RET2=$?
		40	if test "$RET1" != "$RET2"; then
		41	echo "Return Values differ ($RET1 != $RET2): options $OPTIONS"
		42	fi
		43	diff foo bar
		44	done
		45	done
		46
		47	if test $FLAG_USER_EXISTS = "yes"; then
		48	echo "test 3,4,5,6,7,8,9,10,11,12 skipped because test user $TEST_USER already exists"
		49	rm -f foo bar
		50	exit 1
		51	fi
		52
		53	adduser -s /bin/true -g "" -H -D "$TEST_USER" \|\| exit 1
		54
		55	chown $TEST_USER.$TEST_USER $BUSYBOX
		56	chmod u+s $BUSYBOX 2>&1 /dev/null
		57	chown $TEST_USER.$TEST_USER $ID
		58	chmod u+s $ID 2>&1 /dev/null
		59
		60	echo "test 3 setuid, existing user: id [options] no username"
		61	rm -f foo bar
		62	for OPTIONS in "" "-u" "-un" "-unr" "-g" "-gn" "-gnr" "-G" "-Gn" "-Gnr"
		63	do
		64	#echo "$OPTIONS"
		65	$BUSYBOX id $OPTIONS >foo 2>/dev/null
		66	RET1=$?
		67	$ID $OPTIONS >bar 2>/dev/null
		68	RET2=$?
		69	if test "$RET1" != "$RET2"; then
		70	echo "Return Values differ ($RET1 != $RET2): options $OPTIONS"
		71	fi
		72	diff foo bar
		73	#done
		74	done
		75
		76	echo "test 4 setuid, existing user: id [options] username"
		77	rm -f foo bar
		78	for OPTIONS in "" "-u" "-un" "-unr" "-g" "-gn" "-gnr" "-G" "-Gn" "-Gnr"
		79	do
		80	#echo "$OPTIONS"
		81	for i in $LIST ; do
		82	$BUSYBOX id $OPTIONS $i >foo 2>/dev/null
		83	RET1=$?
		84	$ID $OPTIONS $i >bar 2>/dev/null
		85	RET2=$?
		86	if test "$RET1" != "$RET2"; then
		87	echo "Return Values differ ($RET1 != $RET2): options $OPTIONS"
		88	fi
		89	diff foo bar
		90	done
		91	done
		92
		93	chown $TEST_USER.$TEST_USER $BUSYBOX
		94	chmod g+s $BUSYBOX 2>&1 /dev/null
		95	chown $TEST_USER.$TEST_USER $ID
		96	chmod g+s $ID 2>&1 /dev/null
		97
		98	echo "test 5 setgid, existing user: id [options] no username"
		99	rm -f foo bar
		100	for OPTIONS in "" "-u" "-un" "-unr" "-g" "-gn" "-gnr" "-G" "-Gn" "-Gnr"
		101	do
		102	#echo "$OPTIONS"
		103	$BUSYBOX id $OPTIONS >foo 2>/dev/null
		104	RET1=$?
		105	$ID $OPTIONS >bar 2>/dev/null
		106	RET2=$?
		107	if test "$RET1" != "$RET2"; then
		108	echo "Return Values differ ($RET1 != $RET2): options $OPTIONS"
		109	fi
		110	diff foo bar
		111	#done
		112	done
		113
		114	echo "test 6 setgid, existing user: id [options] username"
		115	rm -f foo bar
		116	for OPTIONS in "" "-u" "-un" "-unr" "-g" "-gn" "-gnr" "-G" "-Gn" "-Gnr"
		117	do
		118	#echo "$OPTIONS"
		119	for i in $LIST ; do
		120	$BUSYBOX id $OPTIONS $i >foo 2>/dev/null
		121	RET1=$?
		122	$ID $OPTIONS $i >bar 2>/dev/null
		123	RET2=$?
		124	if test "$RET1" != "$RET2"; then
		125	echo "Return Values differ ($RET1 != $RET2): options $OPTIONS"
		126	fi
		127	diff foo bar
		128	done
		129	done
		130
		131	chown $TEST_USER.$TEST_USER $BUSYBOX
		132	chmod u+s,g+s $BUSYBOX 2>&1 /dev/null
		133	chown $TEST_USER.$TEST_USER $ID
		134	chmod u+s,g+s $ID 2>&1 /dev/null
		135
		136	echo "test 7 setuid, setgid, existing user: id [options] no username"
		137	rm -f foo bar
		138	for OPTIONS in "" "-u" "-un" "-unr" "-g" "-gn" "-gnr" "-G" "-Gn" "-Gnr"
		139	do
		140	#echo "$OPTIONS"
		141	$BUSYBOX id $OPTIONS >foo 2>/dev/null
		142	RET1=$?
		143	$ID $OPTIONS >bar 2>/dev/null
		144	RET2=$?
		145	if test "$RET1" != "$RET2"; then
		146	echo "Return Values differ ($RET1 != $RET2): options $OPTIONS"
		147	fi
		148	diff foo bar
		149	#done
		150	done
		151
		152	echo "test 8 setuid, setgid, existing user: id [options] username"
		153	rm -f foo bar
		154	for OPTIONS in "" "-u" "-un" "-unr" "-g" "-gn" "-gnr" "-G" "-Gn" "-Gnr"
		155	do
		156	#echo "$OPTIONS"
		157	for i in $LIST ; do
		158	$BUSYBOX id $OPTIONS $i >foo 2>/dev/null
		159	RET1=$?
		160	$ID $OPTIONS $i >bar 2>/dev/null
		161	RET2=$?
		162	if test "$RET1" != "$RET2"; then
		163	echo "Return Values differ ($RET1 != $RET2): options $OPTIONS"
		164	fi
		165	diff foo bar
		166	done
		167	done
		168
		169	deluser $TEST_USER \|\| exit 1
		170
		171	echo "test 9 setuid, setgid, not existing user: id [options] no username"
		172	rm -f foo bar
		173	for OPTIONS in "" "-u" "-un" "-unr" "-g" "-gn" "-gnr" "-G" "-Gn" "-Gnr"
		174	do
		175	#echo "$OPTIONS"
		176	$BUSYBOX id $OPTIONS >foo 2>/dev/null
		177	RET1=$?
		178	$ID $OPTIONS >bar 2>/dev/null
		179	RET2=$?
		180	if test "$RET1" != "$RET2"; then
		181	echo "Return Values differ ($RET1 != $RET2): options $OPTIONS"
		182	fi
		183	diff foo bar
		184	done
		185
		186	echo "test 10 setuid, setgid, not existing user: id [options] username"
		187	rm -f foo bar
		188	for OPTIONS in "" "-u" "-un" "-unr" "-g" "-gn" "-gnr" "-G" "-Gn" "-Gnr"
		189	do
		190	#echo "$OPTIONS"
		191	for i in $LIST ; do
		192	$BUSYBOX id $OPTIONS $i >foo 2>/dev/null
		193	RET1=$?
		194	$ID $OPTIONS $i >bar 2>/dev/null
		195	RET2=$?
		196	if test "$RET1" != "$RET2"; then
		197	echo "Return Values differ ($RET1 != $RET2): options $OPTIONS"
		198	fi
		199	diff foo bar
		200	done
		201	done
		202
		203	chown .root $BUSYBOX 2>&1 /dev/null
		204	chown .root $ID 2>&1 /dev/null
		205	chmod g+s $BUSYBOX 2>&1 /dev/null
		206	chmod g+s $ID 2>&1 /dev/null
		207
		208	echo "test 11 setgid, not existing group: id [options] no username"
		209	rm -f foo bar
		210	for OPTIONS in "" "-u" "-un" "-unr" "-g" "-gn" "-gnr" "-G" "-Gn" "-Gnr"
		211	do
		212	#echo "$OPTIONS"
		213	$BUSYBOX id $OPTIONS >foo 2>/dev/null
		214	RET1=$?
		215	$ID $OPTIONS >bar 2>/dev/null
		216	RET2=$?
		217	if test "$RET1" != "$RET2"; then
		218	echo "Return Values differ ($RET1 != $RET2): options $OPTIONS"
		219	fi
		220	diff foo bar
		221	#done
		222	done
		223
		224	echo "test 12 setgid, not existing group: id [options] username"
		225	rm -f foo bar
		226	for OPTIONS in "" "-u" "-un" "-unr" "-g" "-gn" "-gnr" "-G" "-Gn" "-Gnr"
		227	do
		228	#echo "$OPTIONS"
		229	for i in $LIST ; do
		230	$BUSYBOX id $OPTIONS $i >foo 2>/dev/null
		231	RET1=$?
		232	$ID $OPTIONS $i >bar 2>/dev/null
		233	RET2=$?
		234	if test "$RET1" != "$RET2"; then
		235	echo "Return Values differ ($RET1 != $RET2): options $OPTIONS"
		236	fi
		237	diff foo bar
		238	done
		239	done
		240
		241	chown root.root $BUSYBOX 2>&1 /dev/null
		242	chown root.root $ID 2>&1 /dev/null
		243	rm -f $ID
		244	rm -f foo bar