Patch from Tito to make syslog configurable and remove #ifdefs. Further

cleanups by me.
author: Rob Landley <rob@landley.net> 2006-07-10 03:05:46 +0000
committer: Rob Landley <rob@landley.net> 2006-07-10 03:05:46 +0000
commit: 3bfcf3ccccf1726aaac508c0ff2623bdbb929ba1 (patch)
tree: a8091962223342ded76e506d69efe4c839591c24 /loginutils/su.c
parent: cba1b967358c3a552a8d187861284ede98b9fc76 (diff)
download: busybox-w32-3bfcf3ccccf1726aaac508c0ff2623bdbb929ba1.tar.gz
busybox-w32-3bfcf3ccccf1726aaac508c0ff2623bdbb929ba1.tar.bz2
busybox-w32-3bfcf3ccccf1726aaac508c0ff2623bdbb929ba1.zip
1 files changed, 43 insertions, 111 deletions
diff --git a/loginutils/su.c b/loginutils/su.c
index 1273831ff..bd3e7c566 100644
--- a/loginutils/su.c
+++ b/loginutils/su.c
@@ -1,86 +1,31 @@
 /* vi: set sw=4 ts=4: */
 /*
-   Licensed under the GPL v2, see the file LICENSE in this tarball.
+ *  Mini su implementation for busybox
-*/
+ *
+ *  Licensed under the GPL v2, see the file LICENSE in this tarball.
+ */
-#include <fcntl.h>
+#include "busybox.h"
 #include <signal.h>
-#include <stdio.h>
-#include <stdlib.h>
-#include <string.h>
 #include <syslog.h>
-#include <termios.h>
-#include <unistd.h>
-#include <utmp.h>
 #include <sys/resource.h>
-#include <sys/stat.h>
-#include <sys/types.h>
-#include <ctype.h>
 #include <time.h>
-#include "busybox.h"
-/* The shell to run if none is given in the user's passwd entry.  */
-#ifndef DEFAULT_SHELL
-#define DEFAULT_SHELL "/bin/sh"
-#endif
-/* Default user.  */
-#define DEFAULT_USER  "root"
-/* #define SYSLOG_SUCCESS */
-#define SYSLOG_FAILURE
-#if defined( SYSLOG_SUCCESS ) || defined( SYSLOG_FAILURE )
-/* Log the fact that someone has run su */
-# if defined( SYSLOG_SUCCESS ) && defined( SYSLOG_FAILURE )
-static void log_su (const char *successful, const char *old_user,
-                                        const char *tty)
-{
-        syslog ( LOG_NOTICE, "%s%s on %s", successful, old_user, tty);
-}
-#  define log_su_successful(cu, u, tty) if(!cu) log_su("", u, tty)
-#  define log_su_failure(cu, u, tty)    if(!cu) log_su("FAILED SU ", u, tty)
-# else
-        /* partial logging */
-#  if !defined( SYSLOG_SUCESS )
-#   define log_su_successful(cu, u, tty)
-#   define log_su_failure(cu, u, t) if(!cu) \
-                        syslog(LOG_NOTICE, "FAILED SU %s on %s", u, t)
-#  else
-#   define log_su_successful(cu, u, t) if(!cu) \
-                        syslog(LOG_NOTICE, "%s on %s", u, t)
-#   define log_su_failure(cu, u, tty)
-#  endif
-# endif
-#else
-        /* logging not used */
-# define log_su_successful(cu, u, tty)
-# define log_su_failure(cu, u, tty)
-#endif
 int su_main ( int argc, char **argv )
 {
        unsigned long flags;
        char *opt_shell = 0;
        char *opt_command = 0;
-        char *opt_username = DEFAULT_USER;
+        char *opt_username = "root";
        char **opt_args = 0;
        struct passwd *pw;
        uid_t cur_uid = getuid();
-#if defined( SYSLOG_SUCCESS ) || defined( SYSLOG_FAILURE )
        const char *tty;
-        const char *old_user;
+        char *old_user;
-#endif
-        flags = bb_getopt_ulflags(argc, argv, "mplc:s:",
+        flags = bb_getopt_ulflags(argc, argv, "mplc:s:", &opt_command, &opt_shell);
-                                                  &opt_command, &opt_shell);
+#define SU_OPT_mp (3)
-#define SU_OPT_m (3)
-#define SU_OPT_p (3)
 #define SU_OPT_l (4)
        if (optind < argc  && argv[optind][0] == '-' && argv[optind][1] == 0) {
@@ -89,73 +34,60 @@ int su_main ( int argc, char **argv )
    }
        /* get user if specified */
-        if ( optind < argc )
+        if (optind < argc) opt_username = argv [optind++];
-                opt_username = argv [optind++];
+        if (optind < argc) opt_args = argv + optind;
-        if ( optind < argc )
-                opt_args = argv + optind;
+        if (ENABLE_SU_SYSLOG) {
+                /* The utmp entry (via getlogin) is probably the best way to identify
-#if defined( SYSLOG_SUCCESS ) || defined( SYSLOG_FAILURE )
+                the user, especially if someone su's from a su-shell.
-#ifdef CONFIG_FEATURE_UTMP
+                But getlogin can fail -- usually due to lack of utmp entry.
-        /* The utmp entry (via getlogin) is probably the best way to identify
+                in this case resort to getpwuid.  */
-           the user, especially if someone su's from a su-shell.  */
+                old_user = bb_xstrdup(USE_FEATURE_UTMP(getlogin() ? : ) (pw = getpwuid(cur_uid)) ? pw->pw_name : "");
-        old_user = getlogin ( );
+                tty = ttyname(2) ? : "none";
-        if ( !old_user )
+                openlog(bb_applet_name, 0, LOG_AUTH);
-#endif
-                {
-                /* getlogin can fail -- usually due to lack of utmp entry.
-                   Resort to getpwuid.  */
-                pw = getpwuid ( cur_uid );
-                old_user = ( pw ? pw->pw_name : "" );
        }
-        tty = ttyname ( 2 );
-        if(!tty)
-                tty = "none";
-        openlog ( bb_applet_name, 0, LOG_AUTH );
+        pw = getpwnam(opt_username);
-#endif
+        if (!pw) bb_error_msg_and_die("Unknown id: %s", opt_username);
-        pw = getpwnam ( opt_username );
-        if ( !pw )
-                bb_error_msg_and_die ( "user %s does not exist", opt_username );
        /* Make sure pw->pw_shell is non-NULL.  It may be NULL when NEW_USER
           is a username that is retrieved via NIS (YP), but that doesn't have
           a default shell listed.  */
-        if ( !pw->pw_shell || !pw->pw_shell [0] )
+        if (!pw->pw_shell || !pw->pw_shell[0]) pw->pw_shell = (char *)DEFAULT_SHELL;
-                pw->pw_shell = (char *) DEFAULT_SHELL;
-        if ((( cur_uid == 0 ) || correct_password ( pw ))) {
+        if ((cur_uid == 0) || correct_password(pw)) {
-                log_su_successful(pw->pw_uid, old_user, tty );
+                if (ENABLE_SU_SYSLOG)
+                        syslog(LOG_NOTICE, "+ %s %s:%s", tty, old_user, opt_username);
        } else {
-                log_su_failure (pw->pw_uid, old_user, tty );
+                if (ENABLE_SU_SYSLOG)
-                bb_error_msg_and_die ( "incorrect password" );
+                        syslog(LOG_NOTICE, "- %s %s:%s", tty, old_user, opt_username);
+                bb_error_msg_and_die("incorrect password");
        }
-#if defined( SYSLOG_SUCCESS ) || defined( SYSLOG_FAILURE )
+        if (ENABLE_FEATURE_CLEAN_UP && ENABLE_SU_SYSLOG) {
-        closelog();
+                closelog();
-#endif
+                free(old_user);
+        }
-        if ( !opt_shell && (flags & SU_OPT_p))
+        if (!opt_shell && (flags & SU_OPT_mp)) opt_shell = getenv("SHELL");
-                opt_shell = getenv ( "SHELL" );
-        if ( opt_shell && cur_uid && restricted_shell ( pw->pw_shell )) {
+        if (opt_shell && cur_uid && restricted_shell(pw->pw_shell)) {
                /* The user being su'd to has a nonstandard shell, and so is
                   probably a uucp account or has restricted access.  Don't
                   compromise the account by allowing access with a standard
                   shell.  */
-                fputs ( "using restricted shell\n", stderr );
+                bb_error_msg("using restricted shell");
                opt_shell = 0;
        }
-        if ( !opt_shell )
+        if (!opt_shell) opt_shell = pw->pw_shell;
-                opt_shell = pw->pw_shell;
+        change_identity(pw);
+        setup_environment(opt_shell, flags & SU_OPT_l, !(flags & SU_OPT_mp), pw);
+    USE_SELINUX(set_current_security_context(NULL);)
-        change_identity ( pw );
+        /* Returns only on error */
-        setup_environment(opt_shell, flags & SU_OPT_l, !(flags & SU_OPT_p), pw);
-#if ENABLE_SELINUX
-       set_current_security_context(NULL);
-#endif
        run_shell(opt_shell, flags & SU_OPT_l, opt_command, (const char**)opt_args);
        return EXIT_FAILURE;
author	Rob Landley <rob@landley.net>	2006-07-10 03:05:46 +0000
committer	Rob Landley <rob@landley.net>	2006-07-10 03:05:46 +0000
commit	3bfcf3ccccf1726aaac508c0ff2623bdbb929ba1 (patch)
tree	a8091962223342ded76e506d69efe4c839591c24 /loginutils/su.c
parent	cba1b967358c3a552a8d187861284ede98b9fc76 (diff)
download	busybox-w32-3bfcf3ccccf1726aaac508c0ff2623bdbb929ba1.tar.gz busybox-w32-3bfcf3ccccf1726aaac508c0ff2623bdbb929ba1.tar.bz2 busybox-w32-3bfcf3ccccf1726aaac508c0ff2623bdbb929ba1.zip

diff --git a/loginutils/su.c b/loginutils/su.c index 1273831ff..bd3e7c566 100644 --- a/loginutils/su.c +++ b/loginutils/su.c
@@ -1,86 +1,31 @@
1	/* vi: set sw=4 ts=4: */	1	/* vi: set sw=4 ts=4: */
2	/*	2	/*
3	Licensed under the GPL v2, see the file LICENSE in this tarball.	3	* Mini su implementation for busybox
4	*/	4	*
		5	* Licensed under the GPL v2, see the file LICENSE in this tarball.
		6	*/
5		7
6	#include <fcntl.h>	8	#include "busybox.h"
7	#include <signal.h>	9	#include <signal.h>
8	#include <stdio.h>
9	#include <stdlib.h>
10	#include <string.h>
11	#include <syslog.h>	10	#include <syslog.h>
12	#include <termios.h>
13	#include <unistd.h>
14	#include <utmp.h>
15	#include <sys/resource.h>	11	#include <sys/resource.h>
16	#include <sys/stat.h>
17	#include <sys/types.h>
18	#include <ctype.h>
19	#include <time.h>	12	#include <time.h>
20		13
21	#include "busybox.h"
22
23	/* The shell to run if none is given in the user's passwd entry. */
24	#ifndef DEFAULT_SHELL
25	#define DEFAULT_SHELL "/bin/sh"
26	#endif
27
28	/* Default user. */
29	#define DEFAULT_USER "root"
30
31	/* #define SYSLOG_SUCCESS */
32	#define SYSLOG_FAILURE
33
34
35	#if defined( SYSLOG_SUCCESS ) \|\| defined( SYSLOG_FAILURE )
36	/* Log the fact that someone has run su */
37
38	# if defined( SYSLOG_SUCCESS ) && defined( SYSLOG_FAILURE )
39	static void log_su (const char successful, const char old_user,
40	const char *tty)
41	{
42	syslog ( LOG_NOTICE, "%s%s on %s", successful, old_user, tty);
43	}
44	# define log_su_successful(cu, u, tty) if(!cu) log_su("", u, tty)
45	# define log_su_failure(cu, u, tty) if(!cu) log_su("FAILED SU ", u, tty)
46	# else
47	/* partial logging */
48	# if !defined( SYSLOG_SUCESS )
49	# define log_su_successful(cu, u, tty)
50	# define log_su_failure(cu, u, t) if(!cu) \
51	syslog(LOG_NOTICE, "FAILED SU %s on %s", u, t)
52	# else
53	# define log_su_successful(cu, u, t) if(!cu) \
54	syslog(LOG_NOTICE, "%s on %s", u, t)
55	# define log_su_failure(cu, u, tty)
56	# endif
57	# endif
58	#else
59	/* logging not used */
60	# define log_su_successful(cu, u, tty)
61	# define log_su_failure(cu, u, tty)
62	#endif
63
64		14
65	int su_main ( int argc, char **argv )	15	int su_main ( int argc, char **argv )
66	{	16	{
67	unsigned long flags;	17	unsigned long flags;
68	char *opt_shell = 0;	18	char *opt_shell = 0;
69	char *opt_command = 0;	19	char *opt_command = 0;
70	char *opt_username = DEFAULT_USER;	20	char *opt_username = "root";
71	char **opt_args = 0;	21	char **opt_args = 0;
72	struct passwd *pw;	22	struct passwd *pw;
73	uid_t cur_uid = getuid();	23	uid_t cur_uid = getuid();
74
75	#if defined( SYSLOG_SUCCESS ) \|\| defined( SYSLOG_FAILURE )
76	const char *tty;	24	const char *tty;
77	const char *old_user;	25	char *old_user;
78	#endif
79		26
80	flags = bb_getopt_ulflags(argc, argv, "mplc:s:",	27	flags = bb_getopt_ulflags(argc, argv, "mplc:s:", &opt_command, &opt_shell);
81	&opt_command, &opt_shell);	28	#define SU_OPT_mp (3)
82	#define SU_OPT_m (3)
83	#define SU_OPT_p (3)
84	#define SU_OPT_l (4)	29	#define SU_OPT_l (4)
85		30
86	if (optind < argc && argv[optind][0] == '-' && argv[optind][1] == 0) {	31	if (optind < argc && argv[optind][0] == '-' && argv[optind][1] == 0) {
@@ -89,73 +34,60 @@ int su_main ( int argc, char **argv )
89	}	34	}
90		35
91	/* get user if specified */	36	/* get user if specified */
92	if ( optind < argc )	37	if (optind < argc) opt_username = argv [optind++];
93	opt_username = argv [optind++];	38
94		39	if (optind < argc) opt_args = argv + optind;
95	if ( optind < argc )	40
96	opt_args = argv + optind;	41	if (ENABLE_SU_SYSLOG) {
97		42	/* The utmp entry (via getlogin) is probably the best way to identify
98	#if defined( SYSLOG_SUCCESS ) \|\| defined( SYSLOG_FAILURE )	43	the user, especially if someone su's from a su-shell.
99	#ifdef CONFIG_FEATURE_UTMP	44	But getlogin can fail -- usually due to lack of utmp entry.
100	/* The utmp entry (via getlogin) is probably the best way to identify	45	in this case resort to getpwuid. */
101	the user, especially if someone su's from a su-shell. */	46	old_user = bb_xstrdup(USE_FEATURE_UTMP(getlogin() ? : ) (pw = getpwuid(cur_uid)) ? pw->pw_name : "");
102	old_user = getlogin ( );	47	tty = ttyname(2) ? : "none";
103	if ( !old_user )	48	openlog(bb_applet_name, 0, LOG_AUTH);
104	#endif
105	{
106	/* getlogin can fail -- usually due to lack of utmp entry.
107	Resort to getpwuid. */
108	pw = getpwuid ( cur_uid );
109	old_user = ( pw ? pw->pw_name : "" );
110	}	49	}
111	tty = ttyname ( 2 );
112	if(!tty)
113	tty = "none";
114		50
115	openlog ( bb_applet_name, 0, LOG_AUTH );	51	pw = getpwnam(opt_username);
116	#endif	52	if (!pw) bb_error_msg_and_die("Unknown id: %s", opt_username);
117
118	pw = getpwnam ( opt_username );
119	if ( !pw )
120	bb_error_msg_and_die ( "user %s does not exist", opt_username );
121		53
122	/* Make sure pw->pw_shell is non-NULL. It may be NULL when NEW_USER	54	/* Make sure pw->pw_shell is non-NULL. It may be NULL when NEW_USER
123	is a username that is retrieved via NIS (YP), but that doesn't have	55	is a username that is retrieved via NIS (YP), but that doesn't have
124	a default shell listed. */	56	a default shell listed. */
125	if ( !pw->pw_shell \|\| !pw->pw_shell [0] )	57	if (!pw->pw_shell \|\| !pw->pw_shell[0]) pw->pw_shell = (char *)DEFAULT_SHELL;
126	pw->pw_shell = (char *) DEFAULT_SHELL;
127		58
128	if ((( cur_uid == 0 ) \|\| correct_password ( pw ))) {	59	if ((cur_uid == 0) \|\| correct_password(pw)) {
129	log_su_successful(pw->pw_uid, old_user, tty );	60	if (ENABLE_SU_SYSLOG)
		61	syslog(LOG_NOTICE, "+ %s %s:%s", tty, old_user, opt_username);
130	} else {	62	} else {
131	log_su_failure (pw->pw_uid, old_user, tty );	63	if (ENABLE_SU_SYSLOG)
132	bb_error_msg_and_die ( "incorrect password" );	64	syslog(LOG_NOTICE, "- %s %s:%s", tty, old_user, opt_username);
		65	bb_error_msg_and_die("incorrect password");
133	}	66	}
134		67
135	#if defined( SYSLOG_SUCCESS ) \|\| defined( SYSLOG_FAILURE )	68	if (ENABLE_FEATURE_CLEAN_UP && ENABLE_SU_SYSLOG) {
136	closelog();	69	closelog();
137	#endif	70	free(old_user);
		71	}
138		72
139	if ( !opt_shell && (flags & SU_OPT_p))	73	if (!opt_shell && (flags & SU_OPT_mp)) opt_shell = getenv("SHELL");
140	opt_shell = getenv ( "SHELL" );
141		74
142	if ( opt_shell && cur_uid && restricted_shell ( pw->pw_shell )) {	75	if (opt_shell && cur_uid && restricted_shell(pw->pw_shell)) {
143	/* The user being su'd to has a nonstandard shell, and so is	76	/* The user being su'd to has a nonstandard shell, and so is
144	probably a uucp account or has restricted access. Don't	77	probably a uucp account or has restricted access. Don't
145	compromise the account by allowing access with a standard	78	compromise the account by allowing access with a standard
146	shell. */	79	shell. */
147	fputs ( "using restricted shell\n", stderr );	80	bb_error_msg("using restricted shell");
148	opt_shell = 0;	81	opt_shell = 0;
149	}	82	}
150		83
151	if ( !opt_shell )	84	if (!opt_shell) opt_shell = pw->pw_shell;
152	opt_shell = pw->pw_shell;	85
		86	change_identity(pw);
		87	setup_environment(opt_shell, flags & SU_OPT_l, !(flags & SU_OPT_mp), pw);
		88	USE_SELINUX(set_current_security_context(NULL);)
153		89
154	change_identity ( pw );	90	/* Returns only on error */
155	setup_environment(opt_shell, flags & SU_OPT_l, !(flags & SU_OPT_p), pw);
156	#if ENABLE_SELINUX
157	set_current_security_context(NULL);
158	#endif
159	run_shell(opt_shell, flags & SU_OPT_l, opt_command, (const char**)opt_args);	91	run_shell(opt_shell, flags & SU_OPT_l, opt_command, (const char**)opt_args);
160		92
161	return EXIT_FAILURE;	93	return EXIT_FAILURE;