httpd: add -u user[:grp] support

author: Denis Vlasenko <vda.linux@googlemail.com> 2006-10-05 22:50:22 +0000
committer: Denis Vlasenko <vda.linux@googlemail.com> 2006-10-05 22:50:22 +0000
commit: de59c0f58fa5dc75b753f94da61be92bfa0935ec (patch)
tree: fea308471e3d73fb6770ff6e4cda23da53b65bec
parent: 01c27fc5ac89b07821a5430880d771e3c993c1c1 (diff)
download: busybox-w32-de59c0f58fa5dc75b753f94da61be92bfa0935ec.tar.gz
busybox-w32-de59c0f58fa5dc75b753f94da61be92bfa0935ec.tar.bz2
busybox-w32-de59c0f58fa5dc75b753f94da61be92bfa0935ec.zip
12 files changed, 117 insertions, 139 deletions
diff --git a/coreutils/id.c b/coreutils/id.c
index 9e49999cd..9d605325c 100644
--- a/coreutils/id.c
+++ b/coreutils/id.c
@@ -29,11 +29,11 @@
 static short printf_full(unsigned int id, const char *arg, const char prefix)
 {
        const char *fmt = "%cid=%u";
-        short status=EXIT_FAILURE;
+        short status = EXIT_FAILURE;
-        if(arg) {
+        if (arg) {
                fmt = "%cid=%u(%s)";
-                status=EXIT_SUCCESS;
+                status = EXIT_SUCCESS;
        }
        bb_printf(fmt, prefix, id, arg);
        return status;
@@ -60,21 +60,21 @@ int id_main(int argc, char **argv)
                gid = getgid();
        }
-        if(argv[optind]) {
+        if (argv[optind]) {
-                p=getpwnam(argv[optind]);
+                p = getpwnam(argv[optind]);
                /* bb_xgetpwnam is needed because it exits on failure */
                uid = bb_xgetpwnam(argv[optind]);
                gid = p->pw_gid;
                /* in this case PRINT_REAL is the same */
        }
-        if(flags & (JUST_GROUP | JUST_USER)) {
+        if (flags & (JUST_GROUP | JUST_USER)) {
                /* JUST_GROUP and JUST_USER are mutually exclusive */
-                if(flags & NAME_NOT_NUMBER) {
+                if (flags & NAME_NOT_NUMBER) {
                        /* bb_getpwuid and bb_getgrgid exit on failure so puts cannot segfault */
                        puts((flags & JUST_USER) ? bb_getpwuid(NULL, uid, -1 ) : bb_getgrgid(NULL, gid, -1 ));
                } else {
-                        bb_printf("%u\n",(flags & JUST_USER) ? uid : gid);
+                        bb_printf("%u\n", (flags & JUST_USER) ? uid : gid);
                }
                /* exit */
                bb_fflush_stdout_and_exit(EXIT_SUCCESS);
@@ -82,13 +82,13 @@ int id_main(int argc, char **argv)
        /* Print full info like GNU id */
        /* bb_getpwuid doesn't exit on failure here */
-        status=printf_full(uid, bb_getpwuid(NULL, uid, 0), 'u');
+        status = printf_full(uid, bb_getpwuid(NULL, uid, 0), 'u');
        putchar(' ');
        /* bb_getgrgid doesn't exit on failure here */
-        status|=printf_full(gid, bb_getgrgid(NULL, gid, 0), 'g');
+        status |= printf_full(gid, bb_getgrgid(NULL, gid, 0), 'g');
 #ifdef CONFIG_SELINUX
-        if ( is_selinux_enabled() ) {
+        if (is_selinux_enabled()) {
                        security_context_t mysid;
                        char context[80];
                        int len = sizeof(context);
@@ -99,8 +99,8 @@ int id_main(int argc, char **argv)
                                        len = strlen(mysid)+1;
                                        safe_strncpy(context, mysid, len);
                                        freecon(mysid);
-                        }else{
+                        } else {
-                                        safe_strncpy(context, "unknown",8);
+                                        safe_strncpy(context, "unknown", 8);
                        }
                bb_printf(" context=%s", context);
        }
diff --git a/e2fsprogs/ext2fs/version.c b/e2fsprogs/ext2fs/version.c
index 882e121d4..d2981e867 100644
--- a/e2fsprogs/ext2fs/version.c
+++ b/e2fsprogs/ext2fs/version.c
@@ -20,8 +20,6 @@
 #include "ext2_fs.h"
 #include "ext2fs.h"
-//#include "../../version.h"
 static const char *lib_version = E2FSPROGS_VERSION;
 static const char *lib_date = E2FSPROGS_DATE;
diff --git a/include/libbb.h b/include/libbb.h
index ed1d780fd..adfeca590 100644
--- a/include/libbb.h
+++ b/include/libbb.h
@@ -291,6 +291,13 @@ extern char *bb_getug(char *buffer, char *idname, long id, int bufsize, char pre
 extern char *bb_getpwuid(char *name, long uid, int bufsize);
 extern char *bb_getgrgid(char *group, long gid, int bufsize);
 extern char *bb_askpass(int timeout, const char * prompt);
+/* from chpst */
+struct bb_uidgid_t {
+        uid_t uid;
+        gid_t gid;
+};
+extern unsigned uidgid_get(struct bb_uidgid_t*, const char* /*, unsigned*/);
 extern int device_open(const char *device, int mode);
diff --git a/include/usage.h b/include/usage.h
index 34b0566cd..c9e501903 100644
--- a/include/usage.h
+++ b/include/usage.h
@@ -1167,7 +1167,7 @@ USE_FEATURE_DATE_ISOFMT( \
 #define httpd_trivial_usage \
        "[-c <conf file>]" \
        USE_FEATURE_HTTPD_WITHOUT_INETD(" [-p <port>]") \
-        USE_FEATURE_HTTPD_SETUID(" [-u user]") \
+        USE_FEATURE_HTTPD_SETUID(" [-u user[:grp]]") \
        USE_FEATURE_HTTPD_BASIC_AUTH(" [-r <realm>]") \
        USE_FEATURE_HTTPD_AUTH_MD5(" [-m pass]") \
        " [-h home]" \
@@ -1176,12 +1176,12 @@ USE_FEATURE_DATE_ISOFMT( \
        "Listens for incoming http server requests.\n\n" \
        "Options:\n" \
        "\t-c FILE\t\tSpecifies configuration file. (default httpd.conf)\n" \
-        USE_FEATURE_HTTPD_WITHOUT_INETD("\t-p PORT\tServer port (default 80)\n") \
+        USE_FEATURE_HTTPD_WITHOUT_INETD("\t-p PORT\t\tServer port (default 80)\n") \
-        USE_FEATURE_HTTPD_SETUID("\t-u USER\tSet uid to USER after listening privileges port\n") \
+        USE_FEATURE_HTTPD_SETUID("\t-u USER[:GRP]\tSet uid/gid after binding to port\n") \
        USE_FEATURE_HTTPD_BASIC_AUTH("\t-r REALM\tAuthentication Realm for Basic Authentication\n") \
        USE_FEATURE_HTTPD_AUTH_MD5("\t-m PASS\t\tCrypt PASS with md5 algorithm\n") \
-        "\t-h HOME  \tSpecifies http HOME directory (default ./)\n" \
+        "\t-h HOME\t\tSpecifies http HOME directory (default ./)\n" \
-        "\t-e STRING\tHtml encode STRING\n" \
+        "\t-e STRING\tHTML encode STRING\n" \
        "\t-d STRING\tURL decode STRING"
 #define hwclock_trivial_usage \
diff --git a/libbb/safe_strncpy.c b/libbb/safe_strncpy.c
index add92ac9f..42bc16ea0 100644
--- a/libbb/safe_strncpy.c
+++ b/libbb/safe_strncpy.c
@@ -15,6 +15,7 @@
 /* Like strncpy but make sure the resulting string is always 0 terminated. */
 char * safe_strncpy(char *dst, const char *src, size_t size)
 {
-        dst[size-1] = '\0';
+        if (!size) return dst;
-        return strncpy(dst, src, size-1);
+        dst[--size] = '\0';
+        return strncpy(dst, src, size);
 }
diff --git a/libpwdgrp/Kbuild b/libpwdgrp/Kbuild
index 36a6ce393..9e60ef1e5 100644
--- a/libpwdgrp/Kbuild
+++ b/libpwdgrp/Kbuild
@@ -4,4 +4,4 @@
 #
 # Licensed under the GPL v2, see the file LICENSE in this tarball.
-lib-y:=pwd_grp.o
+lib-y:=pwd_grp.o uidgid_get.o
diff --git a/libpwdgrp/uidgid_get.c b/libpwdgrp/uidgid_get.c
new file mode 100644
index 000000000..a2d02a84f
--- /dev/null
+++ b/libpwdgrp/uidgid_get.c
@@ -0,0 +1,49 @@
+#include "busybox.h"
+unsigned uidgid_get(struct bb_uidgid_t *u, const char *ug /*, unsigned dogrp */)
+{
+        struct passwd *pwd;
+        struct group *gr;
+        const char *g;
+        /* g = 0; if (dogrp) g = strchr(ug, ':'); */
+        g = strchr(ug, ':');
+        if (g) {
+                int sz = (++g) - ug;
+                char buf[sz];
+                safe_strncpy(buf, ug, sz);
+                pwd = getpwnam(buf);
+        } else
+                pwd = getpwnam(ug);
+        if (!pwd)
+                return 0;
+        u->uid = pwd->pw_uid;
+        u->gid = pwd->pw_gid;
+        if (g) {
+                gr = getgrnam(g);
+                if (!gr) return 0;
+                u->gid = gr->gr_gid;
+        }
+        return 1;
+}
+#if 0
+#include <stdio.h>
+int main()
+{
+        unsigned u;
+        struct bb_uidgid_t ug;
+        u = uidgid_get(&ug, "apache");
+        printf("%u = %u:%u\n", u, ug.uid, ug.gid);
+        ug.uid = ug.gid = 1111;
+        u = uidgid_get(&ug, "apache");
+        printf("%u = %u:%u\n", u, ug.uid, ug.gid);
+        ug.uid = ug.gid = 1111;
+        u = uidgid_get(&ug, "apache:users");
+        printf("%u = %u:%u\n", u, ug.uid, ug.gid);
+        ug.uid = ug.gid = 1111;
+        u = uidgid_get(&ug, "apache:users");
+        printf("%u = %u:%u\n", u, ug.uid, ug.gid);
+        return 0;
+}
+#endif
diff --git a/networking/httpd.c b/networking/httpd.c
index ac9eac6bf..8f985774e 100644
--- a/networking/httpd.c
+++ b/networking/httpd.c
@@ -1916,8 +1916,8 @@ int httpd_main(int argc, char *argv[])
        USE_FEATURE_HTTPD_WITHOUT_INETD(const char *s_port;)
        USE_FEATURE_HTTPD_WITHOUT_INETD(int server;)
-        USE_FEATURE_HTTPD_SETUID(const char *s_uid;)
+        USE_FEATURE_HTTPD_SETUID(const char *s_ugid = NULL;)
-        USE_FEATURE_HTTPD_SETUID(long uid = -1;)
+        USE_FEATURE_HTTPD_SETUID(struct bb_uidgid_t ugid;)
        USE_FEATURE_HTTPD_AUTH_MD5(const char *pass;)
@@ -1937,7 +1937,7 @@ int httpd_main(int argc, char *argv[])
                        USE_FEATURE_HTTPD_ENCODE_URL_STR(, &url_for_encode)
                        USE_FEATURE_HTTPD_BASIC_AUTH(, &(config->realm))
                        USE_FEATURE_HTTPD_AUTH_MD5(, &pass)
-                        USE_FEATURE_HTTPD_SETUID(, &s_uid)
+                        USE_FEATURE_HTTPD_SETUID(, &s_ugid)
                        USE_FEATURE_HTTPD_WITHOUT_INETD(, &s_port)
                );
@@ -1963,11 +1963,18 @@ int httpd_main(int argc, char *argv[])
 #if ENABLE_FEATURE_HTTPD_SETUID
        if (opt & OPT_SETUID) {
                char *e;
+                // FIXME: what the default group should be?
-                uid = strtol(s_uid, &e, 0);
+                ugid.gid = -1;
+                ugid.uid = strtoul(s_ugid, &e, 0);
+                if (*e == ':') {
+                        e++;
+                        ugid.gid = strtoul(e, &e, 0);
+                }
                if (*e != '\0') {
                        /* not integer */
-                        uid = bb_xgetpwnam(s_uid);
+                        if (!uidgid_get(&ugid, s_ugid))
+                                bb_error_msg_and_die("unrecognized user[:group] "
+                                                "name '%s'", s_ugid);
                }
        }
 #endif
@@ -1978,8 +1985,15 @@ int httpd_main(int argc, char *argv[])
        server = openServer();
 # ifdef CONFIG_FEATURE_HTTPD_SETUID
        /* drop privileges */
-        if (uid > 0)
+        if (opt & OPT_SETUID) {
-                xsetuid(uid);
+                if (ugid.gid != (gid_t)-1) {
+                        // FIXME: needed?
+                        //if (setgroups(1, &ugid.gid) == -1)
+                        //      bb_perror_msg_and_die("setgroups");
+                        xsetgid(ugid.gid);
+                }
+                xsetuid(ugid.uid);
+        }
 # endif
 #endif
diff --git a/runit/Kbuild b/runit/Kbuild
index 9fee84224..39a9b0229 100644
--- a/runit/Kbuild
+++ b/runit/Kbuild
@@ -5,4 +5,4 @@
 # Licensed under the GPL v2, see the file LICENSE in this tarball.
 lib-y:=
-lib-$(CONFIG_CHPST) += chpst.o uidgid.o
+lib-$(CONFIG_CHPST) += chpst.o
diff --git a/runit/chpst.c b/runit/chpst.c
index 1ee9b8d0f..da2f270e2 100644
--- a/runit/chpst.c
+++ b/runit/chpst.c
@@ -1,16 +1,9 @@
 #include "busybox.h"
-#include <sys/types.h>
-#include <sys/resource.h>
-#include <grp.h>
-#include "uidgid.h"
-#include <sys/types.h>
 #include <dirent.h>
 static unsigned option_mask;
-// Must meatch constants in chpst_main!
+// Must match constants in chpst_main!
 #define OPT_verbose  (option_mask & 0x2000)
 #define OPT_pgrp     (option_mask & 0x4000)
 #define OPT_nostdin  (option_mask & 0x8000)
@@ -33,34 +26,27 @@ static long limitt = -2;
 static long nicelvl;
 static const char *root;
-static void suidgid(char *user, unsigned dogrp)
+static void suidgid(char *user)
 {
-        struct uidgid ugid;
+        struct bb_uidgid_t ugid;
-        if (!uidgid_get(&ugid, user, dogrp)) {
+        if (!uidgid_get(&ugid, user)) {
-                if (dogrp)
+                bb_error_msg_and_die("unknown user/group: %s", user);
-                        bb_error_msg_and_die("unknown user/group: %s", user);
-                else
-                        bb_error_msg_and_die("unknown account: %s", user);
        }
-        if (setgroups(ugid.gids, ugid.gid) == -1)
+        if (setgroups(1, &ugid.gid) == -1)
                bb_perror_msg_and_die("setgroups");
-        xsetgid(*ugid.gid);
+        xsetgid(ugid.gid);
        xsetuid(ugid.uid);
 }
-static void euidgid(char *user, unsigned dogrp)
+static void euidgid(char *user)
 {
-        struct uidgid ugid;
+        struct bb_uidgid_t ugid;
-        if (!uidgid_get(&ugid, user, dogrp)) {
+        if (!uidgid_get(&ugid, user)) {
-                if (dogrp)
+                bb_error_msg_and_die("unknown user/group: %s", user);
-                        bb_error_msg_and_die("unknown user/group: %s", user);
-                else
-                        bb_error_msg_and_die("unknown account: %s", user);
        }
-        //FIXME: ultoa needed here!
+        xsetenv("GID", utoa(ugid.gid));
-        xsetenv("GID", utoa(*ugid.gid));
        xsetenv("UID", utoa(ugid.uid));
 }
@@ -276,8 +262,8 @@ int chpst_main(int argc, char **argv)
                if (nice(nicelvl) == -1)
                        bb_perror_msg_and_die("nice");
        }
-        if (env_user) euidgid(env_user, 1);
+        if (env_user) euidgid(env_user);
-        if (set_user) suidgid(set_user, 1);
+        if (set_user) suidgid(set_user);
        if (OPT_nostdin) close(0);
        if (OPT_nostdout) close(1);
        if (OPT_nostderr) close(2);
@@ -292,7 +278,7 @@ static void setuidgid(int argc, char **argv)
        account = *++argv;
        if (!account) bb_show_usage();
        if (!*++argv) bb_show_usage();
-        suidgid((char*)account, 0);
+        suidgid((char*)account);
        execvp(argv[0], argv);
        bb_perror_msg_and_die("exec %s", argv[0]);
 }
@@ -304,7 +290,7 @@ static void envuidgid(int argc, char **argv)
        account = *++argv;
        if (!account) bb_show_usage();
        if (!*++argv) bb_show_usage();
-        euidgid((char*)account, 0);
+        euidgid((char*)account);
        execvp(argv[0], argv);
        bb_perror_msg_and_die("exec %s", argv[0]);
 }
diff --git a/runit/uidgid.c b/runit/uidgid.c
deleted file mode 100644
index a8fec409d..000000000
--- a/runit/uidgid.c
+++ /dev/null
@@ -1,63 +0,0 @@
-#include <sys/types.h>
-#include <pwd.h>
-#include <grp.h>
-#include "uidgid.h"
-static unsigned str_chr(const char *s, int c)
-{
-        const char *t = s;
-        while (t[0] && t[0] != (char)c)
-                t++;
-        return t - s;
-}
-unsigned uidgid_get(struct uidgid *u, char *ug, unsigned dogrp) {
-        char *g = 0;
-        struct passwd *pwd = 0;
-        struct group *gr = 0;
-        int i, d = 0;
-        if (dogrp)
-                d = str_chr(ug, ':');
-        if (ug[d] == ':') {
-                ug[d] = 0;
-                g = ug + d + 1;
-        }
-        pwd = getpwnam(ug);
-        if (!pwd) {
-                if (g) ug[d] = ':';
-                return 0;
-        }
-        if (g) {
-                ug[d] = ':';
-                for (i = 0; i < 60; ++i) {
-                        d = str_chr(g, ':');
-                        if (g[d] == ':') {
-                                g[d] = 0;
-                                gr = getgrnam(g);
-                                if (!gr) {
-                                        g[d] = ':';
-                                        return 0;
-                                }
-                                g[d] = ':';
-                                u->gid[i] = gr->gr_gid;
-                                g += d+1;
-                        }
-                        else {
-                                gr = getgrnam(g);
-                                if (!gr) return 0;
-                                u->gid[i++] = gr->gr_gid;
-                                break;
-                        }
-                }
-                u->gid[i] = 0;
-                u->gids = i;
-        }
-        if (!g) {
-                u->gid[0] = pwd->pw_gid;
-                u->gids = 1;
-        }
-        u->uid = pwd->pw_uid;
-        return 1;
-}
diff --git a/runit/uidgid.h b/runit/uidgid.h
deleted file mode 100644
index 1d47fe620..000000000
--- a/runit/uidgid.h
+++ /dev/null
@@ -1,14 +0,0 @@
-#ifndef UIDGID_H
-#define UIDGID_H
-#include <sys/types.h>
-struct uidgid {
-        uid_t uid;
-        gid_t gid[61];
-        int gids;
-};
-extern unsigned uidgid_get(struct uidgid *, char *, unsigned);
-#endif
author	Denis Vlasenko <vda.linux@googlemail.com>	2006-10-05 22:50:22 +0000
committer	Denis Vlasenko <vda.linux@googlemail.com>	2006-10-05 22:50:22 +0000
commit	de59c0f58fa5dc75b753f94da61be92bfa0935ec (patch)
tree	fea308471e3d73fb6770ff6e4cda23da53b65bec
parent	01c27fc5ac89b07821a5430880d771e3c993c1c1 (diff)
download	busybox-w32-de59c0f58fa5dc75b753f94da61be92bfa0935ec.tar.gz busybox-w32-de59c0f58fa5dc75b753f94da61be92bfa0935ec.tar.bz2 busybox-w32-de59c0f58fa5dc75b753f94da61be92bfa0935ec.zip

diff --git a/coreutils/id.c b/coreutils/id.c index 9e49999cd..9d605325c 100644 --- a/coreutils/id.c +++ b/coreutils/id.c
@@ -29,11 +29,11 @@
29	static short printf_full(unsigned int id, const char *arg, const char prefix)	29	static short printf_full(unsigned int id, const char *arg, const char prefix)
30	{	30	{
31	const char *fmt = "%cid=%u";	31	const char *fmt = "%cid=%u";
32	short status=EXIT_FAILURE;	32	short status = EXIT_FAILURE;
33		33
34	if(arg) {	34	if (arg) {
35	fmt = "%cid=%u(%s)";	35	fmt = "%cid=%u(%s)";
36	status=EXIT_SUCCESS;	36	status = EXIT_SUCCESS;
37	}	37	}
38	bb_printf(fmt, prefix, id, arg);	38	bb_printf(fmt, prefix, id, arg);
39	return status;	39	return status;
@@ -60,21 +60,21 @@ int id_main(int argc, char **argv)
60	gid = getgid();	60	gid = getgid();
61	}	61	}
62		62
63	if(argv[optind]) {	63	if (argv[optind]) {
64	p=getpwnam(argv[optind]);	64	p = getpwnam(argv[optind]);
65	/* bb_xgetpwnam is needed because it exits on failure */	65	/* bb_xgetpwnam is needed because it exits on failure */
66	uid = bb_xgetpwnam(argv[optind]);	66	uid = bb_xgetpwnam(argv[optind]);
67	gid = p->pw_gid;	67	gid = p->pw_gid;
68	/* in this case PRINT_REAL is the same */	68	/* in this case PRINT_REAL is the same */
69	}	69	}
70		70
71	if(flags & (JUST_GROUP \| JUST_USER)) {	71	if (flags & (JUST_GROUP \| JUST_USER)) {
72	/* JUST_GROUP and JUST_USER are mutually exclusive */	72	/* JUST_GROUP and JUST_USER are mutually exclusive */
73	if(flags & NAME_NOT_NUMBER) {	73	if (flags & NAME_NOT_NUMBER) {
74	/* bb_getpwuid and bb_getgrgid exit on failure so puts cannot segfault */	74	/* bb_getpwuid and bb_getgrgid exit on failure so puts cannot segfault */
75	puts((flags & JUST_USER) ? bb_getpwuid(NULL, uid, -1 ) : bb_getgrgid(NULL, gid, -1 ));	75	puts((flags & JUST_USER) ? bb_getpwuid(NULL, uid, -1 ) : bb_getgrgid(NULL, gid, -1 ));
76	} else {	76	} else {
77	bb_printf("%u\n",(flags & JUST_USER) ? uid : gid);	77	bb_printf("%u\n", (flags & JUST_USER) ? uid : gid);
78	}	78	}
79	/* exit */	79	/* exit */
80	bb_fflush_stdout_and_exit(EXIT_SUCCESS);	80	bb_fflush_stdout_and_exit(EXIT_SUCCESS);
@@ -82,13 +82,13 @@ int id_main(int argc, char **argv)
82		82
83	/* Print full info like GNU id */	83	/* Print full info like GNU id */
84	/* bb_getpwuid doesn't exit on failure here */	84	/* bb_getpwuid doesn't exit on failure here */
85	status=printf_full(uid, bb_getpwuid(NULL, uid, 0), 'u');	85	status = printf_full(uid, bb_getpwuid(NULL, uid, 0), 'u');
86	putchar(' ');	86	putchar(' ');
87	/* bb_getgrgid doesn't exit on failure here */	87	/* bb_getgrgid doesn't exit on failure here */
88	status\|=printf_full(gid, bb_getgrgid(NULL, gid, 0), 'g');	88	status \|= printf_full(gid, bb_getgrgid(NULL, gid, 0), 'g');
89		89
90	#ifdef CONFIG_SELINUX	90	#ifdef CONFIG_SELINUX
91	if ( is_selinux_enabled() ) {	91	if (is_selinux_enabled()) {
92	security_context_t mysid;	92	security_context_t mysid;
93	char context[80];	93	char context[80];
94	int len = sizeof(context);	94	int len = sizeof(context);
@@ -99,8 +99,8 @@ int id_main(int argc, char **argv)
99	len = strlen(mysid)+1;	99	len = strlen(mysid)+1;
100	safe_strncpy(context, mysid, len);	100	safe_strncpy(context, mysid, len);
101	freecon(mysid);	101	freecon(mysid);
102	}else{	102	} else {
103	safe_strncpy(context, "unknown",8);	103	safe_strncpy(context, "unknown", 8);
104	}	104	}
105	bb_printf(" context=%s", context);	105	bb_printf(" context=%s", context);
106	}	106	}


diff --git a/e2fsprogs/ext2fs/version.c b/e2fsprogs/ext2fs/version.c index 882e121d4..d2981e867 100644 --- a/e2fsprogs/ext2fs/version.c +++ b/e2fsprogs/ext2fs/version.c
@@ -20,8 +20,6 @@
20	#include "ext2_fs.h"	20	#include "ext2_fs.h"
21	#include "ext2fs.h"	21	#include "ext2fs.h"
22		22
23	//#include "../../version.h"
24
25	static const char *lib_version = E2FSPROGS_VERSION;	23	static const char *lib_version = E2FSPROGS_VERSION;
26	static const char *lib_date = E2FSPROGS_DATE;	24	static const char *lib_date = E2FSPROGS_DATE;
27		25


diff --git a/include/libbb.h b/include/libbb.h index ed1d780fd..adfeca590 100644 --- a/include/libbb.h +++ b/include/libbb.h
@@ -291,6 +291,13 @@ extern char bb_getug(char buffer, char *idname, long id, int bufsize, char pre
291	extern char bb_getpwuid(char name, long uid, int bufsize);	291	extern char bb_getpwuid(char name, long uid, int bufsize);
292	extern char bb_getgrgid(char group, long gid, int bufsize);	292	extern char bb_getgrgid(char group, long gid, int bufsize);
293	extern char bb_askpass(int timeout, const char prompt);	293	extern char bb_askpass(int timeout, const char prompt);
		294	/* from chpst */
		295	struct bb_uidgid_t {
		296	uid_t uid;
		297	gid_t gid;
		298	};
		299	extern unsigned uidgid_get(struct bb_uidgid_t, const char /, unsigned/);
		300
294		301
295	extern int device_open(const char *device, int mode);	302	extern int device_open(const char *device, int mode);
296		303


diff --git a/include/usage.h b/include/usage.h index 34b0566cd..c9e501903 100644 --- a/include/usage.h +++ b/include/usage.h
@@ -1167,7 +1167,7 @@ USE_FEATURE_DATE_ISOFMT( \
1167	#define httpd_trivial_usage \	1167	#define httpd_trivial_usage \
1168	"[-c <conf file>]" \	1168	"[-c <conf file>]" \
1169	USE_FEATURE_HTTPD_WITHOUT_INETD(" [-p <port>]") \	1169	USE_FEATURE_HTTPD_WITHOUT_INETD(" [-p <port>]") \
1170	USE_FEATURE_HTTPD_SETUID(" [-u user]") \	1170	USE_FEATURE_HTTPD_SETUID(" [-u user[:grp]]") \
1171	USE_FEATURE_HTTPD_BASIC_AUTH(" [-r <realm>]") \	1171	USE_FEATURE_HTTPD_BASIC_AUTH(" [-r <realm>]") \
1172	USE_FEATURE_HTTPD_AUTH_MD5(" [-m pass]") \	1172	USE_FEATURE_HTTPD_AUTH_MD5(" [-m pass]") \
1173	" [-h home]" \	1173	" [-h home]" \
@@ -1176,12 +1176,12 @@ USE_FEATURE_DATE_ISOFMT( \
1176	"Listens for incoming http server requests.\n\n" \	1176	"Listens for incoming http server requests.\n\n" \
1177	"Options:\n" \	1177	"Options:\n" \
1178	"\t-c FILE\t\tSpecifies configuration file. (default httpd.conf)\n" \	1178	"\t-c FILE\t\tSpecifies configuration file. (default httpd.conf)\n" \
1179	USE_FEATURE_HTTPD_WITHOUT_INETD("\t-p PORT\tServer port (default 80)\n") \	1179	USE_FEATURE_HTTPD_WITHOUT_INETD("\t-p PORT\t\tServer port (default 80)\n") \
1180	USE_FEATURE_HTTPD_SETUID("\t-u USER\tSet uid to USER after listening privileges port\n") \	1180	USE_FEATURE_HTTPD_SETUID("\t-u USER[:GRP]\tSet uid/gid after binding to port\n") \
1181	USE_FEATURE_HTTPD_BASIC_AUTH("\t-r REALM\tAuthentication Realm for Basic Authentication\n") \	1181	USE_FEATURE_HTTPD_BASIC_AUTH("\t-r REALM\tAuthentication Realm for Basic Authentication\n") \
1182	USE_FEATURE_HTTPD_AUTH_MD5("\t-m PASS\t\tCrypt PASS with md5 algorithm\n") \	1182	USE_FEATURE_HTTPD_AUTH_MD5("\t-m PASS\t\tCrypt PASS with md5 algorithm\n") \
1183	"\t-h HOME \tSpecifies http HOME directory (default ./)\n" \	1183	"\t-h HOME\t\tSpecifies http HOME directory (default ./)\n" \
1184	"\t-e STRING\tHtml encode STRING\n" \	1184	"\t-e STRING\tHTML encode STRING\n" \
1185	"\t-d STRING\tURL decode STRING"	1185	"\t-d STRING\tURL decode STRING"
1186		1186
1187	#define hwclock_trivial_usage \	1187	#define hwclock_trivial_usage \


diff --git a/libbb/safe_strncpy.c b/libbb/safe_strncpy.c index add92ac9f..42bc16ea0 100644 --- a/libbb/safe_strncpy.c +++ b/libbb/safe_strncpy.c
@@ -15,6 +15,7 @@
15	/* Like strncpy but make sure the resulting string is always 0 terminated. */	15	/* Like strncpy but make sure the resulting string is always 0 terminated. */
16	char * safe_strncpy(char dst, const char src, size_t size)	16	char * safe_strncpy(char dst, const char src, size_t size)
17	{	17	{
18	dst[size-1] = '\0';	18	if (!size) return dst;
19	return strncpy(dst, src, size-1);	19	dst[--size] = '\0';
		20	return strncpy(dst, src, size);
20	}	21	}


diff --git a/libpwdgrp/Kbuild b/libpwdgrp/Kbuild index 36a6ce393..9e60ef1e5 100644 --- a/libpwdgrp/Kbuild +++ b/libpwdgrp/Kbuild
@@ -4,4 +4,4 @@
4	#	4	#
5	# Licensed under the GPL v2, see the file LICENSE in this tarball.	5	# Licensed under the GPL v2, see the file LICENSE in this tarball.
6		6
7	lib-y:=pwd_grp.o	7	lib-y:=pwd_grp.o uidgid_get.o


diff --git a/libpwdgrp/uidgid_get.c b/libpwdgrp/uidgid_get.c new file mode 100644 index 000000000..a2d02a84f --- /dev/null +++ b/libpwdgrp/uidgid_get.c
@@ -0,0 +1,49 @@
		1	#include "busybox.h"
		2
		3	unsigned uidgid_get(struct bb_uidgid_t u, const char ug /, unsigned dogrp /)
		4	{
		5	struct passwd *pwd;
		6	struct group *gr;
		7	const char *g;
		8
		9	/* g = 0; if (dogrp) g = strchr(ug, ':'); */
		10	g = strchr(ug, ':');
		11	if (g) {
		12	int sz = (++g) - ug;
		13	char buf[sz];
		14	safe_strncpy(buf, ug, sz);
		15	pwd = getpwnam(buf);
		16	} else
		17	pwd = getpwnam(ug);
		18	if (!pwd)
		19	return 0;
		20	u->uid = pwd->pw_uid;
		21	u->gid = pwd->pw_gid;
		22	if (g) {
		23	gr = getgrnam(g);
		24	if (!gr) return 0;
		25	u->gid = gr->gr_gid;
		26	}
		27	return 1;
		28	}
		29
		30	#if 0
		31	#include <stdio.h>
		32	int main()
		33	{
		34	unsigned u;
		35	struct bb_uidgid_t ug;
		36	u = uidgid_get(&ug, "apache");
		37	printf("%u = %u:%u\n", u, ug.uid, ug.gid);
		38	ug.uid = ug.gid = 1111;
		39	u = uidgid_get(&ug, "apache");
		40	printf("%u = %u:%u\n", u, ug.uid, ug.gid);
		41	ug.uid = ug.gid = 1111;
		42	u = uidgid_get(&ug, "apache:users");
		43	printf("%u = %u:%u\n", u, ug.uid, ug.gid);
		44	ug.uid = ug.gid = 1111;
		45	u = uidgid_get(&ug, "apache:users");
		46	printf("%u = %u:%u\n", u, ug.uid, ug.gid);
		47	return 0;
		48	}
		49	#endif


diff --git a/networking/httpd.c b/networking/httpd.c index ac9eac6bf..8f985774e 100644 --- a/networking/httpd.c +++ b/networking/httpd.c
@@ -1916,8 +1916,8 @@ int httpd_main(int argc, char *argv[])
1916	USE_FEATURE_HTTPD_WITHOUT_INETD(const char *s_port;)	1916	USE_FEATURE_HTTPD_WITHOUT_INETD(const char *s_port;)
1917	USE_FEATURE_HTTPD_WITHOUT_INETD(int server;)	1917	USE_FEATURE_HTTPD_WITHOUT_INETD(int server;)
1918		1918
1919	USE_FEATURE_HTTPD_SETUID(const char *s_uid;)	1919	USE_FEATURE_HTTPD_SETUID(const char *s_ugid = NULL;)
1920	USE_FEATURE_HTTPD_SETUID(long uid = -1;)	1920	USE_FEATURE_HTTPD_SETUID(struct bb_uidgid_t ugid;)
1921		1921
1922	USE_FEATURE_HTTPD_AUTH_MD5(const char *pass;)	1922	USE_FEATURE_HTTPD_AUTH_MD5(const char *pass;)
1923		1923
@@ -1937,7 +1937,7 @@ int httpd_main(int argc, char *argv[])
1937	USE_FEATURE_HTTPD_ENCODE_URL_STR(, &url_for_encode)	1937	USE_FEATURE_HTTPD_ENCODE_URL_STR(, &url_for_encode)
1938	USE_FEATURE_HTTPD_BASIC_AUTH(, &(config->realm))	1938	USE_FEATURE_HTTPD_BASIC_AUTH(, &(config->realm))
1939	USE_FEATURE_HTTPD_AUTH_MD5(, &pass)	1939	USE_FEATURE_HTTPD_AUTH_MD5(, &pass)
1940	USE_FEATURE_HTTPD_SETUID(, &s_uid)	1940	USE_FEATURE_HTTPD_SETUID(, &s_ugid)
1941	USE_FEATURE_HTTPD_WITHOUT_INETD(, &s_port)	1941	USE_FEATURE_HTTPD_WITHOUT_INETD(, &s_port)
1942	);	1942	);
1943		1943
@@ -1963,11 +1963,18 @@ int httpd_main(int argc, char *argv[])
1963	#if ENABLE_FEATURE_HTTPD_SETUID	1963	#if ENABLE_FEATURE_HTTPD_SETUID
1964	if (opt & OPT_SETUID) {	1964	if (opt & OPT_SETUID) {
1965	char *e;	1965	char *e;
1966		1966	// FIXME: what the default group should be?
1967	uid = strtol(s_uid, &e, 0);	1967	ugid.gid = -1;
		1968	ugid.uid = strtoul(s_ugid, &e, 0);
		1969	if (*e == ':') {
		1970	e++;
		1971	ugid.gid = strtoul(e, &e, 0);
		1972	}
1968	if (*e != '\0') {	1973	if (*e != '\0') {
1969	/* not integer */	1974	/* not integer */
1970	uid = bb_xgetpwnam(s_uid);	1975	if (!uidgid_get(&ugid, s_ugid))
		1976	bb_error_msg_and_die("unrecognized user[:group] "
		1977	"name '%s'", s_ugid);
1971	}	1978	}
1972	}	1979	}
1973	#endif	1980	#endif
@@ -1978,8 +1985,15 @@ int httpd_main(int argc, char *argv[])
1978	server = openServer();	1985	server = openServer();
1979	# ifdef CONFIG_FEATURE_HTTPD_SETUID	1986	# ifdef CONFIG_FEATURE_HTTPD_SETUID
1980	/* drop privileges */	1987	/* drop privileges */
1981	if (uid > 0)	1988	if (opt & OPT_SETUID) {
1982	xsetuid(uid);	1989	if (ugid.gid != (gid_t)-1) {
		1990	// FIXME: needed?
		1991	//if (setgroups(1, &ugid.gid) == -1)
		1992	// bb_perror_msg_and_die("setgroups");
		1993	xsetgid(ugid.gid);
		1994	}
		1995	xsetuid(ugid.uid);
		1996	}
1983	# endif	1997	# endif
1984	#endif	1998	#endif
1985		1999


diff --git a/runit/Kbuild b/runit/Kbuild index 9fee84224..39a9b0229 100644 --- a/runit/Kbuild +++ b/runit/Kbuild
@@ -5,4 +5,4 @@
5	# Licensed under the GPL v2, see the file LICENSE in this tarball.	5	# Licensed under the GPL v2, see the file LICENSE in this tarball.
6		6
7	lib-y:=	7	lib-y:=
8	lib-$(CONFIG_CHPST) += chpst.o uidgid.o	8	lib-$(CONFIG_CHPST) += chpst.o


diff --git a/runit/chpst.c b/runit/chpst.c index 1ee9b8d0f..da2f270e2 100644 --- a/runit/chpst.c +++ b/runit/chpst.c
@@ -1,16 +1,9 @@
1	#include "busybox.h"	1	#include "busybox.h"
2		2
3	#include <sys/types.h>
4	#include <sys/resource.h>
5	#include <grp.h>
6
7	#include "uidgid.h"
8
9	#include <sys/types.h>
10	#include <dirent.h>	3	#include <dirent.h>
11		4
12	static unsigned option_mask;	5	static unsigned option_mask;
13	// Must meatch constants in chpst_main!	6	// Must match constants in chpst_main!
14	#define OPT_verbose (option_mask & 0x2000)	7	#define OPT_verbose (option_mask & 0x2000)
15	#define OPT_pgrp (option_mask & 0x4000)	8	#define OPT_pgrp (option_mask & 0x4000)
16	#define OPT_nostdin (option_mask & 0x8000)	9	#define OPT_nostdin (option_mask & 0x8000)
@@ -33,34 +26,27 @@ static long limitt = -2;
33	static long nicelvl;	26	static long nicelvl;
34	static const char *root;	27	static const char *root;
35		28
36	static void suidgid(char *user, unsigned dogrp)	29	static void suidgid(char *user)
37	{	30	{
38	struct uidgid ugid;	31	struct bb_uidgid_t ugid;
39		32
40	if (!uidgid_get(&ugid, user, dogrp)) {	33	if (!uidgid_get(&ugid, user)) {
41	if (dogrp)	34	bb_error_msg_and_die("unknown user/group: %s", user);
42	bb_error_msg_and_die("unknown user/group: %s", user);
43	else
44	bb_error_msg_and_die("unknown account: %s", user);
45	}	35	}
46	if (setgroups(ugid.gids, ugid.gid) == -1)	36	if (setgroups(1, &ugid.gid) == -1)
47	bb_perror_msg_and_die("setgroups");	37	bb_perror_msg_and_die("setgroups");
48	xsetgid(*ugid.gid);	38	xsetgid(ugid.gid);
49	xsetuid(ugid.uid);	39	xsetuid(ugid.uid);
50	}	40	}
51		41
52	static void euidgid(char *user, unsigned dogrp)	42	static void euidgid(char *user)
53	{	43	{
54	struct uidgid ugid;	44	struct bb_uidgid_t ugid;
55		45
56	if (!uidgid_get(&ugid, user, dogrp)) {	46	if (!uidgid_get(&ugid, user)) {
57	if (dogrp)	47	bb_error_msg_and_die("unknown user/group: %s", user);
58	bb_error_msg_and_die("unknown user/group: %s", user);
59	else
60	bb_error_msg_and_die("unknown account: %s", user);
61	}	48	}
62	//FIXME: ultoa needed here!	49	xsetenv("GID", utoa(ugid.gid));
63	xsetenv("GID", utoa(*ugid.gid));
64	xsetenv("UID", utoa(ugid.uid));	50	xsetenv("UID", utoa(ugid.uid));
65	}	51	}
66		52
@@ -276,8 +262,8 @@ int chpst_main(int argc, char **argv)
276	if (nice(nicelvl) == -1)	262	if (nice(nicelvl) == -1)
277	bb_perror_msg_and_die("nice");	263	bb_perror_msg_and_die("nice");
278	}	264	}
279	if (env_user) euidgid(env_user, 1);	265	if (env_user) euidgid(env_user);
280	if (set_user) suidgid(set_user, 1);	266	if (set_user) suidgid(set_user);
281	if (OPT_nostdin) close(0);	267	if (OPT_nostdin) close(0);
282	if (OPT_nostdout) close(1);	268	if (OPT_nostdout) close(1);
283	if (OPT_nostderr) close(2);	269	if (OPT_nostderr) close(2);
@@ -292,7 +278,7 @@ static void setuidgid(int argc, char **argv)
292	account = *++argv;	278	account = *++argv;
293	if (!account) bb_show_usage();	279	if (!account) bb_show_usage();
294	if (!*++argv) bb_show_usage();	280	if (!*++argv) bb_show_usage();
295	suidgid((char*)account, 0);	281	suidgid((char*)account);
296	execvp(argv[0], argv);	282	execvp(argv[0], argv);
297	bb_perror_msg_and_die("exec %s", argv[0]);	283	bb_perror_msg_and_die("exec %s", argv[0]);
298	}	284	}
@@ -304,7 +290,7 @@ static void envuidgid(int argc, char **argv)
304	account = *++argv;	290	account = *++argv;
305	if (!account) bb_show_usage();	291	if (!account) bb_show_usage();
306	if (!*++argv) bb_show_usage();	292	if (!*++argv) bb_show_usage();
307	euidgid((char*)account, 0);	293	euidgid((char*)account);
308	execvp(argv[0], argv);	294	execvp(argv[0], argv);
309	bb_perror_msg_and_die("exec %s", argv[0]);	295	bb_perror_msg_and_die("exec %s", argv[0]);
310	}	296	}


diff --git a/runit/uidgid.c b/runit/uidgid.c deleted file mode 100644 index a8fec409d..000000000 --- a/runit/uidgid.c +++ /dev/null
@@ -1,63 +0,0 @@
1	#include <sys/types.h>
2	#include <pwd.h>
3	#include <grp.h>
4	#include "uidgid.h"
5
6	static unsigned str_chr(const char *s, int c)
7	{
8	const char *t = s;
9	while (t[0] && t[0] != (char)c)
10	t++;
11	return t - s;
12	}
13
14
15	unsigned uidgid_get(struct uidgid u, char ug, unsigned dogrp) {
16	char *g = 0;
17	struct passwd *pwd = 0;
18	struct group *gr = 0;
19	int i, d = 0;
20
21	if (dogrp)
22	d = str_chr(ug, ':');
23	if (ug[d] == ':') {
24	ug[d] = 0;
25	g = ug + d + 1;
26	}
27	pwd = getpwnam(ug);
28	if (!pwd) {
29	if (g) ug[d] = ':';
30	return 0;
31	}
32	if (g) {
33	ug[d] = ':';
34	for (i = 0; i < 60; ++i) {
35	d = str_chr(g, ':');
36	if (g[d] == ':') {
37	g[d] = 0;
38	gr = getgrnam(g);
39	if (!gr) {
40	g[d] = ':';
41	return 0;
42	}
43	g[d] = ':';
44	u->gid[i] = gr->gr_gid;
45	g += d+1;
46	}
47	else {
48	gr = getgrnam(g);
49	if (!gr) return 0;
50	u->gid[i++] = gr->gr_gid;
51	break;
52	}
53	}
54	u->gid[i] = 0;
55	u->gids = i;
56	}
57	if (!g) {
58	u->gid[0] = pwd->pw_gid;
59	u->gids = 1;
60	}
61	u->uid = pwd->pw_uid;
62	return 1;
63	}


diff --git a/runit/uidgid.h b/runit/uidgid.h deleted file mode 100644 index 1d47fe620..000000000 --- a/runit/uidgid.h +++ /dev/null
@@ -1,14 +0,0 @@
1	#ifndef UIDGID_H
2	#define UIDGID_H
3
4	#include <sys/types.h>
5
6	struct uidgid {
7	uid_t uid;
8	gid_t gid[61];
9	int gids;
10	};
11
12	extern unsigned uidgid_get(struct uidgid , char , unsigned);
13
14	#endif