Patch from Tito to make syslog configurable and remove #ifdefs. Further

cleanups by me. git-svn-id: svn://busybox.net/trunk/busybox@15672 69ca8d6d-28ef-0310-b511-8ec308f3f277
author: landley <landley@69ca8d6d-28ef-0310-b511-8ec308f3f277> 2006-07-10 03:05:46 +0000
committer: landley <landley@69ca8d6d-28ef-0310-b511-8ec308f3f277> 2006-07-10 03:05:46 +0000
commit: ac8ec11ca02a5dd49390074db243a7910d1c5782 (patch)
tree: a8091962223342ded76e506d69efe4c839591c24
parent: f532dc639aad71e1462a975b1d6a9b5b4fa9aab9 (diff)
download: busybox-w32-ac8ec11ca02a5dd49390074db243a7910d1c5782.tar.gz
busybox-w32-ac8ec11ca02a5dd49390074db243a7910d1c5782.tar.bz2
busybox-w32-ac8ec11ca02a5dd49390074db243a7910d1c5782.zip
2 files changed, 50 insertions, 111 deletions
diff --git a/loginutils/Config.in b/loginutils/Config.in
index 3bbb6d90c..e920d5fc3 100644
--- a/loginutils/Config.in
+++ b/loginutils/Config.in
@@ -142,6 +142,13 @@ config CONFIG_SU
          Note that Busybox binary must be setuid root for this applet to
          work properly.
+config CONFIG_SU_SYSLOG
+        bool "Support for syslog in su"
+        default y
+        depends on CONFIG_SU
+        help
+          Enables support for syslog in su.
 config CONFIG_SULOGIN
        bool "sulogin"
        default n
diff --git a/loginutils/su.c b/loginutils/su.c
index 1273831ff..bd3e7c566 100644
--- a/loginutils/su.c
+++ b/loginutils/su.c
@@ -1,86 +1,31 @@
 /* vi: set sw=4 ts=4: */
 /*
-   Licensed under the GPL v2, see the file LICENSE in this tarball.
+ *  Mini su implementation for busybox
-*/
+ *
+ *  Licensed under the GPL v2, see the file LICENSE in this tarball.
+ */
-#include <fcntl.h>
+#include "busybox.h"
 #include <signal.h>
-#include <stdio.h>
-#include <stdlib.h>
-#include <string.h>
 #include <syslog.h>
-#include <termios.h>
-#include <unistd.h>
-#include <utmp.h>
 #include <sys/resource.h>
-#include <sys/stat.h>
-#include <sys/types.h>
-#include <ctype.h>
 #include <time.h>
-#include "busybox.h"
-/* The shell to run if none is given in the user's passwd entry.  */
-#ifndef DEFAULT_SHELL
-#define DEFAULT_SHELL "/bin/sh"
-#endif
-/* Default user.  */
-#define DEFAULT_USER  "root"
-/* #define SYSLOG_SUCCESS */
-#define SYSLOG_FAILURE
-#if defined( SYSLOG_SUCCESS ) || defined( SYSLOG_FAILURE )
-/* Log the fact that someone has run su */
-# if defined( SYSLOG_SUCCESS ) && defined( SYSLOG_FAILURE )
-static void log_su (const char *successful, const char *old_user,
-                                        const char *tty)
-{
-        syslog ( LOG_NOTICE, "%s%s on %s", successful, old_user, tty);
-}
-#  define log_su_successful(cu, u, tty) if(!cu) log_su("", u, tty)
-#  define log_su_failure(cu, u, tty)    if(!cu) log_su("FAILED SU ", u, tty)
-# else
-        /* partial logging */
-#  if !defined( SYSLOG_SUCESS )
-#   define log_su_successful(cu, u, tty)
-#   define log_su_failure(cu, u, t) if(!cu) \
-                        syslog(LOG_NOTICE, "FAILED SU %s on %s", u, t)
-#  else
-#   define log_su_successful(cu, u, t) if(!cu) \
-                        syslog(LOG_NOTICE, "%s on %s", u, t)
-#   define log_su_failure(cu, u, tty)
-#  endif
-# endif
-#else
-        /* logging not used */
-# define log_su_successful(cu, u, tty)
-# define log_su_failure(cu, u, tty)
-#endif
 int su_main ( int argc, char **argv )
 {
        unsigned long flags;
        char *opt_shell = 0;
        char *opt_command = 0;
-        char *opt_username = DEFAULT_USER;
+        char *opt_username = "root";
        char **opt_args = 0;
        struct passwd *pw;
        uid_t cur_uid = getuid();
-#if defined( SYSLOG_SUCCESS ) || defined( SYSLOG_FAILURE )
        const char *tty;
-        const char *old_user;
+        char *old_user;
-#endif
-        flags = bb_getopt_ulflags(argc, argv, "mplc:s:",
+        flags = bb_getopt_ulflags(argc, argv, "mplc:s:", &opt_command, &opt_shell);
-                                                  &opt_command, &opt_shell);
+#define SU_OPT_mp (3)
-#define SU_OPT_m (3)
-#define SU_OPT_p (3)
 #define SU_OPT_l (4)
        if (optind < argc  && argv[optind][0] == '-' && argv[optind][1] == 0) {
@@ -89,73 +34,60 @@ int su_main ( int argc, char **argv )
    }
        /* get user if specified */
-        if ( optind < argc )
+        if (optind < argc) opt_username = argv [optind++];
-                opt_username = argv [optind++];
+        if (optind < argc) opt_args = argv + optind;
-        if ( optind < argc )
-                opt_args = argv + optind;
+        if (ENABLE_SU_SYSLOG) {
+                /* The utmp entry (via getlogin) is probably the best way to identify
-#if defined( SYSLOG_SUCCESS ) || defined( SYSLOG_FAILURE )
+                the user, especially if someone su's from a su-shell.
-#ifdef CONFIG_FEATURE_UTMP
+                But getlogin can fail -- usually due to lack of utmp entry.
-        /* The utmp entry (via getlogin) is probably the best way to identify
+                in this case resort to getpwuid.  */
-           the user, especially if someone su's from a su-shell.  */
+                old_user = bb_xstrdup(USE_FEATURE_UTMP(getlogin() ? : ) (pw = getpwuid(cur_uid)) ? pw->pw_name : "");
-        old_user = getlogin ( );
+                tty = ttyname(2) ? : "none";
-        if ( !old_user )
+                openlog(bb_applet_name, 0, LOG_AUTH);
-#endif
-                {
-                /* getlogin can fail -- usually due to lack of utmp entry.
-                   Resort to getpwuid.  */
-                pw = getpwuid ( cur_uid );
-                old_user = ( pw ? pw->pw_name : "" );
        }
-        tty = ttyname ( 2 );
-        if(!tty)
-                tty = "none";
-        openlog ( bb_applet_name, 0, LOG_AUTH );
+        pw = getpwnam(opt_username);
-#endif
+        if (!pw) bb_error_msg_and_die("Unknown id: %s", opt_username);
-        pw = getpwnam ( opt_username );
-        if ( !pw )
-                bb_error_msg_and_die ( "user %s does not exist", opt_username );
        /* Make sure pw->pw_shell is non-NULL.  It may be NULL when NEW_USER
           is a username that is retrieved via NIS (YP), but that doesn't have
           a default shell listed.  */
-        if ( !pw->pw_shell || !pw->pw_shell [0] )
+        if (!pw->pw_shell || !pw->pw_shell[0]) pw->pw_shell = (char *)DEFAULT_SHELL;
-                pw->pw_shell = (char *) DEFAULT_SHELL;
-        if ((( cur_uid == 0 ) || correct_password ( pw ))) {
+        if ((cur_uid == 0) || correct_password(pw)) {
-                log_su_successful(pw->pw_uid, old_user, tty );
+                if (ENABLE_SU_SYSLOG)
+                        syslog(LOG_NOTICE, "+ %s %s:%s", tty, old_user, opt_username);
        } else {
-                log_su_failure (pw->pw_uid, old_user, tty );
+                if (ENABLE_SU_SYSLOG)
-                bb_error_msg_and_die ( "incorrect password" );
+                        syslog(LOG_NOTICE, "- %s %s:%s", tty, old_user, opt_username);
+                bb_error_msg_and_die("incorrect password");
        }
-#if defined( SYSLOG_SUCCESS ) || defined( SYSLOG_FAILURE )
+        if (ENABLE_FEATURE_CLEAN_UP && ENABLE_SU_SYSLOG) {
-        closelog();
+                closelog();
-#endif
+                free(old_user);
+        }
-        if ( !opt_shell && (flags & SU_OPT_p))
+        if (!opt_shell && (flags & SU_OPT_mp)) opt_shell = getenv("SHELL");
-                opt_shell = getenv ( "SHELL" );
-        if ( opt_shell && cur_uid && restricted_shell ( pw->pw_shell )) {
+        if (opt_shell && cur_uid && restricted_shell(pw->pw_shell)) {
                /* The user being su'd to has a nonstandard shell, and so is
                   probably a uucp account or has restricted access.  Don't
                   compromise the account by allowing access with a standard
                   shell.  */
-                fputs ( "using restricted shell\n", stderr );
+                bb_error_msg("using restricted shell");
                opt_shell = 0;
        }
-        if ( !opt_shell )
+        if (!opt_shell) opt_shell = pw->pw_shell;
-                opt_shell = pw->pw_shell;
+        change_identity(pw);
+        setup_environment(opt_shell, flags & SU_OPT_l, !(flags & SU_OPT_mp), pw);
+    USE_SELINUX(set_current_security_context(NULL);)
-        change_identity ( pw );
+        /* Returns only on error */
-        setup_environment(opt_shell, flags & SU_OPT_l, !(flags & SU_OPT_p), pw);
-#if ENABLE_SELINUX
-       set_current_security_context(NULL);
-#endif
        run_shell(opt_shell, flags & SU_OPT_l, opt_command, (const char**)opt_args);
        return EXIT_FAILURE;
author	landley <landley@69ca8d6d-28ef-0310-b511-8ec308f3f277>	2006-07-10 03:05:46 +0000
committer	landley <landley@69ca8d6d-28ef-0310-b511-8ec308f3f277>	2006-07-10 03:05:46 +0000
commit	ac8ec11ca02a5dd49390074db243a7910d1c5782 (patch)
tree	a8091962223342ded76e506d69efe4c839591c24
parent	f532dc639aad71e1462a975b1d6a9b5b4fa9aab9 (diff)
download	busybox-w32-ac8ec11ca02a5dd49390074db243a7910d1c5782.tar.gz busybox-w32-ac8ec11ca02a5dd49390074db243a7910d1c5782.tar.bz2 busybox-w32-ac8ec11ca02a5dd49390074db243a7910d1c5782.zip

diff --git a/loginutils/Config.in b/loginutils/Config.in index 3bbb6d90c..e920d5fc3 100644 --- a/loginutils/Config.in +++ b/loginutils/Config.in
@@ -142,6 +142,13 @@ config CONFIG_SU
142	Note that Busybox binary must be setuid root for this applet to	142	Note that Busybox binary must be setuid root for this applet to
143	work properly.	143	work properly.
144		144
		145	config CONFIG_SU_SYSLOG
		146	bool "Support for syslog in su"
		147	default y
		148	depends on CONFIG_SU
		149	help
		150	Enables support for syslog in su.
		151
145	config CONFIG_SULOGIN	152	config CONFIG_SULOGIN
146	bool "sulogin"	153	bool "sulogin"
147	default n	154	default n


diff --git a/loginutils/su.c b/loginutils/su.c index 1273831ff..bd3e7c566 100644 --- a/loginutils/su.c +++ b/loginutils/su.c
@@ -1,86 +1,31 @@
1	/* vi: set sw=4 ts=4: */	1	/* vi: set sw=4 ts=4: */
2	/*	2	/*
3	Licensed under the GPL v2, see the file LICENSE in this tarball.	3	* Mini su implementation for busybox
4	*/	4	*
		5	* Licensed under the GPL v2, see the file LICENSE in this tarball.
		6	*/
5		7
6	#include <fcntl.h>	8	#include "busybox.h"
7	#include <signal.h>	9	#include <signal.h>
8	#include <stdio.h>
9	#include <stdlib.h>
10	#include <string.h>
11	#include <syslog.h>	10	#include <syslog.h>
12	#include <termios.h>
13	#include <unistd.h>
14	#include <utmp.h>
15	#include <sys/resource.h>	11	#include <sys/resource.h>
16	#include <sys/stat.h>
17	#include <sys/types.h>
18	#include <ctype.h>
19	#include <time.h>	12	#include <time.h>
20		13
21	#include "busybox.h"
22
23	/* The shell to run if none is given in the user's passwd entry. */
24	#ifndef DEFAULT_SHELL
25	#define DEFAULT_SHELL "/bin/sh"
26	#endif
27
28	/* Default user. */
29	#define DEFAULT_USER "root"
30
31	/* #define SYSLOG_SUCCESS */
32	#define SYSLOG_FAILURE
33
34
35	#if defined( SYSLOG_SUCCESS ) \|\| defined( SYSLOG_FAILURE )
36	/* Log the fact that someone has run su */
37
38	# if defined( SYSLOG_SUCCESS ) && defined( SYSLOG_FAILURE )
39	static void log_su (const char successful, const char old_user,
40	const char *tty)
41	{
42	syslog ( LOG_NOTICE, "%s%s on %s", successful, old_user, tty);
43	}
44	# define log_su_successful(cu, u, tty) if(!cu) log_su("", u, tty)
45	# define log_su_failure(cu, u, tty) if(!cu) log_su("FAILED SU ", u, tty)
46	# else
47	/* partial logging */
48	# if !defined( SYSLOG_SUCESS )
49	# define log_su_successful(cu, u, tty)
50	# define log_su_failure(cu, u, t) if(!cu) \
51	syslog(LOG_NOTICE, "FAILED SU %s on %s", u, t)
52	# else
53	# define log_su_successful(cu, u, t) if(!cu) \
54	syslog(LOG_NOTICE, "%s on %s", u, t)
55	# define log_su_failure(cu, u, tty)
56	# endif
57	# endif
58	#else
59	/* logging not used */
60	# define log_su_successful(cu, u, tty)
61	# define log_su_failure(cu, u, tty)
62	#endif
63
64		14
65	int su_main ( int argc, char **argv )	15	int su_main ( int argc, char **argv )
66	{	16	{
67	unsigned long flags;	17	unsigned long flags;
68	char *opt_shell = 0;	18	char *opt_shell = 0;
69	char *opt_command = 0;	19	char *opt_command = 0;
70	char *opt_username = DEFAULT_USER;	20	char *opt_username = "root";
71	char **opt_args = 0;	21	char **opt_args = 0;
72	struct passwd *pw;	22	struct passwd *pw;
73	uid_t cur_uid = getuid();	23	uid_t cur_uid = getuid();
74
75	#if defined( SYSLOG_SUCCESS ) \|\| defined( SYSLOG_FAILURE )
76	const char *tty;	24	const char *tty;
77	const char *old_user;	25	char *old_user;
78	#endif
79		26
80	flags = bb_getopt_ulflags(argc, argv, "mplc:s:",	27	flags = bb_getopt_ulflags(argc, argv, "mplc:s:", &opt_command, &opt_shell);
81	&opt_command, &opt_shell);	28	#define SU_OPT_mp (3)
82	#define SU_OPT_m (3)
83	#define SU_OPT_p (3)
84	#define SU_OPT_l (4)	29	#define SU_OPT_l (4)
85		30
86	if (optind < argc && argv[optind][0] == '-' && argv[optind][1] == 0) {	31	if (optind < argc && argv[optind][0] == '-' && argv[optind][1] == 0) {
@@ -89,73 +34,60 @@ int su_main ( int argc, char **argv )
89	}	34	}
90		35
91	/* get user if specified */	36	/* get user if specified */
92	if ( optind < argc )	37	if (optind < argc) opt_username = argv [optind++];
93	opt_username = argv [optind++];	38
94		39	if (optind < argc) opt_args = argv + optind;
95	if ( optind < argc )	40
96	opt_args = argv + optind;	41	if (ENABLE_SU_SYSLOG) {
97		42	/* The utmp entry (via getlogin) is probably the best way to identify
98	#if defined( SYSLOG_SUCCESS ) \|\| defined( SYSLOG_FAILURE )	43	the user, especially if someone su's from a su-shell.
99	#ifdef CONFIG_FEATURE_UTMP	44	But getlogin can fail -- usually due to lack of utmp entry.
100	/* The utmp entry (via getlogin) is probably the best way to identify	45	in this case resort to getpwuid. */
101	the user, especially if someone su's from a su-shell. */	46	old_user = bb_xstrdup(USE_FEATURE_UTMP(getlogin() ? : ) (pw = getpwuid(cur_uid)) ? pw->pw_name : "");
102	old_user = getlogin ( );	47	tty = ttyname(2) ? : "none";
103	if ( !old_user )	48	openlog(bb_applet_name, 0, LOG_AUTH);
104	#endif
105	{
106	/* getlogin can fail -- usually due to lack of utmp entry.
107	Resort to getpwuid. */
108	pw = getpwuid ( cur_uid );
109	old_user = ( pw ? pw->pw_name : "" );
110	}	49	}
111	tty = ttyname ( 2 );
112	if(!tty)
113	tty = "none";
114		50
115	openlog ( bb_applet_name, 0, LOG_AUTH );	51	pw = getpwnam(opt_username);
116	#endif	52	if (!pw) bb_error_msg_and_die("Unknown id: %s", opt_username);
117
118	pw = getpwnam ( opt_username );
119	if ( !pw )
120	bb_error_msg_and_die ( "user %s does not exist", opt_username );
121		53
122	/* Make sure pw->pw_shell is non-NULL. It may be NULL when NEW_USER	54	/* Make sure pw->pw_shell is non-NULL. It may be NULL when NEW_USER
123	is a username that is retrieved via NIS (YP), but that doesn't have	55	is a username that is retrieved via NIS (YP), but that doesn't have
124	a default shell listed. */	56	a default shell listed. */
125	if ( !pw->pw_shell \|\| !pw->pw_shell [0] )	57	if (!pw->pw_shell \|\| !pw->pw_shell[0]) pw->pw_shell = (char *)DEFAULT_SHELL;
126	pw->pw_shell = (char *) DEFAULT_SHELL;
127		58
128	if ((( cur_uid == 0 ) \|\| correct_password ( pw ))) {	59	if ((cur_uid == 0) \|\| correct_password(pw)) {
129	log_su_successful(pw->pw_uid, old_user, tty );	60	if (ENABLE_SU_SYSLOG)
		61	syslog(LOG_NOTICE, "+ %s %s:%s", tty, old_user, opt_username);
130	} else {	62	} else {
131	log_su_failure (pw->pw_uid, old_user, tty );	63	if (ENABLE_SU_SYSLOG)
132	bb_error_msg_and_die ( "incorrect password" );	64	syslog(LOG_NOTICE, "- %s %s:%s", tty, old_user, opt_username);
		65	bb_error_msg_and_die("incorrect password");
133	}	66	}
134		67
135	#if defined( SYSLOG_SUCCESS ) \|\| defined( SYSLOG_FAILURE )	68	if (ENABLE_FEATURE_CLEAN_UP && ENABLE_SU_SYSLOG) {
136	closelog();	69	closelog();
137	#endif	70	free(old_user);
		71	}
138		72
139	if ( !opt_shell && (flags & SU_OPT_p))	73	if (!opt_shell && (flags & SU_OPT_mp)) opt_shell = getenv("SHELL");
140	opt_shell = getenv ( "SHELL" );
141		74
142	if ( opt_shell && cur_uid && restricted_shell ( pw->pw_shell )) {	75	if (opt_shell && cur_uid && restricted_shell(pw->pw_shell)) {
143	/* The user being su'd to has a nonstandard shell, and so is	76	/* The user being su'd to has a nonstandard shell, and so is
144	probably a uucp account or has restricted access. Don't	77	probably a uucp account or has restricted access. Don't
145	compromise the account by allowing access with a standard	78	compromise the account by allowing access with a standard
146	shell. */	79	shell. */
147	fputs ( "using restricted shell\n", stderr );	80	bb_error_msg("using restricted shell");
148	opt_shell = 0;	81	opt_shell = 0;
149	}	82	}
150		83
151	if ( !opt_shell )	84	if (!opt_shell) opt_shell = pw->pw_shell;
152	opt_shell = pw->pw_shell;	85
		86	change_identity(pw);
		87	setup_environment(opt_shell, flags & SU_OPT_l, !(flags & SU_OPT_mp), pw);
		88	USE_SELINUX(set_current_security_context(NULL);)
153		89
154	change_identity ( pw );	90	/* Returns only on error */
155	setup_environment(opt_shell, flags & SU_OPT_l, !(flags & SU_OPT_p), pw);
156	#if ENABLE_SELINUX
157	set_current_security_context(NULL);
158	#endif
159	run_shell(opt_shell, flags & SU_OPT_l, opt_command, (const char**)opt_args);	91	run_shell(opt_shell, flags & SU_OPT_l, opt_command, (const char**)opt_args);
160		92
161	return EXIT_FAILURE;	93	return EXIT_FAILURE;