int mkdir_main(int argc UNUSED_PARAM, char **argv)
{
long mode = -1;
int status = EXIT_SUCCESS;
int flags = 0;
unsigned opt;
char *smode;
#if ENABLE_SELINUX
security_context_t scontext;
#endif
#if ENABLE_FEATURE_MKDIR_LONG_OPTIONS
applet_long_options = mkdir_longopts;
#endif
opt = getopt32(argv, "m:pv" IF_SELINUX("Z:"), &smode IF_SELINUX(,&scontext));
if (opt & 1) {
mode_t mmode = bb_parse_mode(smode, 0777);
if (mmode == (mode_t)-1) {
bb_error_msg_and_die("invalid mode '%s'", smode);
}
mode = mmode;
}
if (opt & 2)
flags |= FILEUTILS_RECUR;
if ((opt & 4) && FILEUTILS_VERBOSE)
flags |= FILEUTILS_VERBOSE;
#if ENABLE_SELINUX
if (opt & 8) {
selinux_or_die();
setfscreatecon_or_die(scontext);
}
#endif
argv += optind;
if (!argv[0])
bb_show_usage();
do {
if (bb_make_directory(*argv, mode, flags)) {
status = EXIT_FAILURE;
}
} while (*++argv);
return status;
}
mode_t FAST_FUNC getopt_mk_fifo_nod(char **argv)
{
mode_t mode = 0666;
char *smode = NULL;
#if ENABLE_SELINUX
security_context_t scontext;
#endif
int opt;
opt = getopt32(argv, "m:" IF_SELINUX("Z:"), &smode IF_SELINUX(,&scontext));
if (opt & 1) {
if (bb_parse_mode(smode, &mode))
umask(0);
}
#if ENABLE_SELINUX
if (opt & 2) {
selinux_or_die();
setfscreatecon_or_die(scontext);
}
#endif
return mode;
}
/* -LHRctur Std options, busybox optionally supports */
/* -Fp Std options, busybox optionally supports */
/* -SXvhTw GNU options, busybox optionally supports */
/* -T WIDTH Ignored (we don't use tabs on output) */
/* -KZ SELinux mandated options, busybox optionally supports */
/* (coreutils 8.4 has no -K, remove it?) */
/* -e I think we made this one up (looks similar to GNU --full-time) */
/* We already used up all 32 bits, if we need to add more, candidates for removal: */
/* -K, -T, -e (add --full-time instead) */
static const char ls_options[] ALIGN1 =
"Cadil1gnsxQAk" /* 13 opts, total 13 */
IF_FEATURE_LS_TIMESTAMPS("cetu") /* 4, 17 */
IF_FEATURE_LS_SORTFILES("SXrv") /* 4, 21 */
IF_FEATURE_LS_FILETYPES("Fp") /* 2, 23 */
IF_FEATURE_LS_RECURSIVE("R") /* 1, 24 */
IF_SELINUX("KZ") /* 2, 26 */
IF_FEATURE_LS_FOLLOWLINKS("LH") /* 2, 28 */
IF_FEATURE_HUMAN_READABLE("h") /* 1, 29 */
IF_FEATURE_AUTOWIDTH("T:w:") /* 2, 31 */
/* with --color, we use all 32 bits */;
enum {
//OPT_C = (1 << 0),
//OPT_a = (1 << 1),
//OPT_d = (1 << 2),
//OPT_i = (1 << 3),
//OPT_l = (1 << 4),
//OPT_1 = (1 << 5),
OPT_g = (1 << 6),
//OPT_n = (1 << 7),
//OPT_s = (1 << 8),
//OPT_x = (1 << 9),
int id_main(int argc UNUSED_PARAM, char **argv)
{
uid_t ruid;
gid_t rgid;
uid_t euid;
gid_t egid;
unsigned opt;
int i;
int status = EXIT_SUCCESS;
const char *prefix;
const char *username;
#if ENABLE_SELINUX
security_context_t scontext = NULL;
#endif
if (ENABLE_GROUPS && (!ENABLE_ID || applet_name[0] == 'g')) {
/* TODO: coreutils groups prepend "USER : "******"") | JUST_ALL_GROUPS | NAME_NOT_NUMBER;
} else {
/* Don't allow -n -r -nr -ug -rug -nug -rnug -uZ -gZ -GZ*/
/* Don't allow more than one username */
opt = getopt32(argv, "^"
"rnugG" IF_SELINUX("Z")
"\0"
"?1:u--g:g--u:G--u:u--G:g--G:G--g:r?ugG:n?ugG"
IF_SELINUX(":u--Z:Z--u:g--Z:Z--g:G--Z:Z--G")
);
}
username = argv[optind];
if (username) {
struct passwd *p = xgetpwnam(username);
euid = ruid = p->pw_uid;
egid = rgid = p->pw_gid;
} else {
egid = getegid();
rgid = getgid();
euid = geteuid();
ruid = getuid();
}
/* JUST_ALL_GROUPS ignores -r PRINT_REAL flag even if man page for */
/* id says: print the real ID instead of the effective ID, with -ugG */
/* in fact in this case egid is always printed if egid != rgid */
if (!opt || (opt & JUST_ALL_GROUPS)) {
gid_t *groups;
int n;
if (!opt) {
/* Default Mode */
status |= print_user(ruid, "uid=");
status |= print_group(rgid, " gid=");
if (euid != ruid)
status |= print_user(euid, " euid=");
if (egid != rgid)
status |= print_group(egid, " egid=");
} else {
/* JUST_ALL_GROUPS */
status |= print_group(rgid, NULL);
if (egid != rgid)
status |= print_group(egid, " ");
}
/* We are supplying largish buffer, trying
* to not run get_groups() twice. That might be slow
* ("user database in remote SQL server" case) */
groups = xmalloc(64 * sizeof(groups[0]));
n = 64;
if (get_groups(username, rgid, groups, &n) < 0) {
/* Need bigger buffer after all */
groups = xrealloc(groups, n * sizeof(groups[0]));
get_groups(username, rgid, groups, &n);
}
if (n > 0) {
/* Print the list */
prefix = " groups=";
for (i = 0; i < n; i++) {
if (opt && (groups[i] == rgid || groups[i] == egid))
continue;
status |= print_group(groups[i], opt ? " " : prefix);
prefix = ",";
}
} else if (n < 0) { /* error in get_groups() */
if (ENABLE_DESKTOP)
bb_error_msg_and_die("can't get groups");
return EXIT_FAILURE;
}
if (ENABLE_FEATURE_CLEAN_UP)
free(groups);
#if ENABLE_SELINUX
if (is_selinux_enabled()) {
if (getcon(&scontext) == 0)
printf(" context=%s", scontext);
}
#endif
} else if (opt & PRINT_REAL) {
euid = ruid;
egid = rgid;
}
if (opt & JUST_USER)
status |= print_user(euid, NULL);
else if (opt & JUST_GROUP)
status |= print_group(egid, NULL);
#if ENABLE_SELINUX
else if (opt & JUST_CONTEXT) {
selinux_or_die();
if (username || getcon(&scontext)) {
bb_error_msg_and_die("can't get process context%s",
username ? " for a different user" : "");
}
fputs(scontext, stdout);
}
/* freecon(NULL) seems to be harmless */
if (ENABLE_FEATURE_CLEAN_UP)
freecon(scontext);
#endif
bb_putchar('\n');
fflush_stdout_and_exit(status);
}
int install_main(int argc, char **argv)
{
struct stat statbuf;
mode_t mode;
uid_t uid;
gid_t gid;
char *arg, *last;
const char *gid_str;
const char *uid_str;
const char *mode_str;
int copy_flags = FILEUTILS_DEREFERENCE | FILEUTILS_FORCE;
int opts;
int min_args = 1;
int ret = EXIT_SUCCESS;
int isdir = 0;
#if ENABLE_SELINUX
security_context_t scontext;
bool use_default_selinux_context = 1;
#endif
enum {
OPT_c = 1 << 0,
OPT_v = 1 << 1,
OPT_b = 1 << 2,
OPT_MKDIR_LEADING = 1 << 3,
OPT_DIRECTORY = 1 << 4,
OPT_PRESERVE_TIME = 1 << 5,
OPT_STRIP = 1 << 6,
OPT_GROUP = 1 << 7,
OPT_MODE = 1 << 8,
OPT_OWNER = 1 << 9,
#if ENABLE_SELINUX
OPT_SET_SECURITY_CONTEXT = 1 << 10,
OPT_PRESERVE_SECURITY_CONTEXT = 1 << 11,
#endif
};
#if ENABLE_FEATURE_INSTALL_LONG_OPTIONS
applet_long_options = install_longopts;
#endif
opt_complementary = "s--d:d--s" IF_FEATURE_INSTALL_LONG_OPTIONS(IF_SELINUX(":Z--\xff:\xff--Z"));
/* -c exists for backwards compatibility, it's needed */
/* -v is ignored ("print name of each created directory") */
/* -b is ignored ("make a backup of each existing destination file") */
opts = getopt32(argv, "cvb" "Ddpsg:m:o:" IF_SELINUX("Z:"),
&gid_str, &mode_str, &uid_str IF_SELINUX(, &scontext));
argc -= optind;
argv += optind;
#if ENABLE_SELINUX
if (opts & (OPT_PRESERVE_SECURITY_CONTEXT|OPT_SET_SECURITY_CONTEXT)) {
selinux_or_die();
use_default_selinux_context = 0;
if (opts & OPT_PRESERVE_SECURITY_CONTEXT) {
copy_flags |= FILEUTILS_PRESERVE_SECURITY_CONTEXT;
}
if (opts & OPT_SET_SECURITY_CONTEXT) {
setfscreatecon_or_die(scontext);
copy_flags |= FILEUTILS_SET_SECURITY_CONTEXT;
}
}
#endif
/* preserve access and modification time, this is GNU behaviour,
* BSD only preserves modification time */
if (opts & OPT_PRESERVE_TIME) {
copy_flags |= FILEUTILS_PRESERVE_STATUS;
}
mode = 0755; /* GNU coreutils 6.10 compat */
if (opts & OPT_MODE)
bb_parse_mode(mode_str, &mode);
uid = (opts & OPT_OWNER) ? get_ug_id(uid_str, xuname2uid) : getuid();
gid = (opts & OPT_GROUP) ? get_ug_id(gid_str, xgroup2gid) : getgid();
last = argv[argc - 1];
if (!(opts & OPT_DIRECTORY)) {
argv[argc - 1] = NULL;
min_args++;
/* coreutils install resolves link in this case, don't use lstat */
isdir = stat(last, &statbuf) < 0 ? 0 : S_ISDIR(statbuf.st_mode);
}
if (argc < min_args)
bb_show_usage();
while ((arg = *argv++) != NULL) {
char *dest = last;
if (opts & OPT_DIRECTORY) {
dest = arg;
/* GNU coreutils 6.9 does not set uid:gid
* on intermediate created directories
* (only on last one) */
if (bb_make_directory(dest, 0755, FILEUTILS_RECUR)) {
ret = EXIT_FAILURE;
goto next;
}
} else {
if (opts & OPT_MKDIR_LEADING) {
char *ddir = xstrdup(dest);
bb_make_directory(dirname(ddir), 0755, FILEUTILS_RECUR);
/* errors are not checked. copy_file
* will fail if dir is not created. */
free(ddir);
}
if (isdir)
dest = concat_path_file(last, bb_basename(arg));
if (copy_file(arg, dest, copy_flags) != 0) {
/* copy is not made */
ret = EXIT_FAILURE;
goto next;
}
if (opts & OPT_STRIP) {
char *args[4];
args[0] = (char*)"strip";
args[1] = (char*)"-p"; /* -p --preserve-dates */
args[2] = dest;
args[3] = NULL;
if (spawn_and_wait(args)) {
bb_perror_msg("strip");
ret = EXIT_FAILURE;
}
}
}
/* Set the file mode (always, not only with -m).
* GNU coreutils 6.10 is not affected by umask. */
if (chmod(dest, mode) == -1) {
bb_perror_msg("can't change %s of %s", "permissions", dest);
ret = EXIT_FAILURE;
}
#if ENABLE_SELINUX
if (use_default_selinux_context)
setdefaultfilecon(dest);
#endif
/* Set the user and group id */
if ((opts & (OPT_OWNER|OPT_GROUP))
&& lchown(dest, uid, gid) == -1
) {
bb_perror_msg("can't change %s of %s", "ownership", dest);
ret = EXIT_FAILURE;
}
next:
if (ENABLE_FEATURE_CLEAN_UP && isdir)
free(dest);
}
return ret;
}
/* "[-]Q" GNU option? busybox always supports */
/* "[-]Ak" GNU options, busybox always supports */
/* "[-]FLRctur", POSIX mandated options, busybox optionally supports */
/* "[-]p", POSIX non-mandated options, busybox optionally supports */
/* "[-]SXvThw", GNU options, busybox optionally supports */
/* "[-]K", SELinux mandated options, busybox optionally supports */
/* "[-]e", I think we made this one up */
static const char ls_options[] ALIGN1 =
"Cadil1gnsxQAk" /* 13 opts, total 13 */
IF_FEATURE_LS_TIMESTAMPS("cetu") /* 4, 17 */
IF_FEATURE_LS_SORTFILES("SXrv") /* 4, 21 */
IF_FEATURE_LS_FILETYPES("Fp") /* 2, 23 */
IF_FEATURE_LS_FOLLOWLINKS("L") /* 1, 24 */
IF_FEATURE_LS_RECURSIVE("R") /* 1, 25 */
IF_FEATURE_HUMAN_READABLE("h") /* 1, 26 */
IF_SELINUX("KZ") /* 2, 28 */
IF_FEATURE_AUTOWIDTH("T:w:") /* 2, 30 */
;
enum {
//OPT_C = (1 << 0),
//OPT_a = (1 << 1),
//OPT_d = (1 << 2),
//OPT_i = (1 << 3),
//OPT_l = (1 << 4),
//OPT_1 = (1 << 5),
OPT_g = (1 << 6),
//OPT_n = (1 << 7),
//OPT_s = (1 << 8),
//OPT_x = (1 << 9),
OPT_Q = (1 << 10),
//OPT_A = (1 << 11),
int sulogin_main(int argc UNUSED_PARAM, char **argv)
{
char *cp;
int timeout = 0;
struct passwd *pwd;
const char *shell;
#if ENABLE_FEATURE_SHADOWPASSWDS
/* Using _r function to avoid pulling in static buffers */
char buffer[256];
struct spwd spw;
#endif
logmode = LOGMODE_BOTH;
openlog(applet_name, 0, LOG_AUTH);
opt_complementary = "t+"; /* -t N */
getopt32(argv, "t:", &timeout);
argv += optind;
if (argv[0]) {
close(0);
close(1);
dup(xopen(argv[0], O_RDWR));
close(2);
dup(0);
}
/* Malicious use like "sulogin /dev/sda"? */
if (!isatty(0) || !isatty(1) || !isatty(2)) {
logmode = LOGMODE_SYSLOG;
bb_error_msg_and_die("not a tty");
}
/* Clear dangerous stuff, set PATH */
sanitize_env_if_suid();
pwd = getpwuid(0);
if (!pwd) {
goto auth_error;
}
#if ENABLE_FEATURE_SHADOWPASSWDS
{
/* getspnam_r may return 0 yet set result to NULL.
* At least glibc 2.4 does this. Be extra paranoid here. */
struct spwd *result = NULL;
int r = getspnam_r(pwd->pw_name, &spw, buffer, sizeof(buffer), &result);
if (r || !result) {
goto auth_error;
}
pwd->pw_passwd = result->sp_pwdp;
}
#endif
while (1) {
char *encrypted;
int r;
/* cp points to a static buffer */
cp = bb_ask(STDIN_FILENO, timeout,
"Give root password for system maintenance\n"
"(or type Control-D for normal startup):");
if (!cp) {
/* ^D, ^C, timeout, or read error */
bb_info_msg("Normal startup");
return 0;
}
encrypted = pw_encrypt(cp, pwd->pw_passwd, 1);
r = strcmp(encrypted, pwd->pw_passwd);
free(encrypted);
if (r == 0) {
break;
}
bb_do_delay(LOGIN_FAIL_DELAY);
bb_info_msg("Login incorrect");
}
memset(cp, 0, strlen(cp));
// signal(SIGALRM, SIG_DFL);
bb_info_msg("System Maintenance Mode");
IF_SELINUX(renew_current_security_context());
shell = getenv("SUSHELL");
if (!shell)
shell = getenv("sushell");
if (!shell)
shell = pwd->pw_shell;
/* Exec login shell with no additional parameters. Never returns. */
run_shell(shell, 1, NULL, NULL);
auth_error:
bb_error_msg_and_die("no password entry for root");
}
int sulogin_main(int argc UNUSED_PARAM, char **argv)
{
int timeout = 0;
struct passwd *pwd;
const char *shell;
/* Note: sulogin is not a suid app. It is meant to be run by init
* for single user / emergency mode. init starts it as root.
* Normal users (potentially malisious ones) can only run it under
* their UID, therefore no paranoia here is warranted:
* $LD_LIBRARY_PATH in env, TTY = /dev/sda
* are no more dangerous here than in e.g. cp applet.
*/
logmode = LOGMODE_BOTH;
openlog(applet_name, 0, LOG_AUTH);
getopt32(argv, "t:+", &timeout);
argv += optind;
if (argv[0]) {
close(0);
close(1);
dup(xopen(argv[0], O_RDWR));
close(2);
dup(0);
}
pwd = getpwuid(0);
if (!pwd) {
bb_error_msg_and_die("no password entry for root");
}
while (1) {
int r;
r = ask_and_check_password_extended(pwd, timeout,
"Give root password for system maintenance\n"
"(or type Control-D for normal startup):"
);
if (r < 0) {
/* ^D, ^C, timeout, or read error */
bb_error_msg("normal startup");
return 0;
}
if (r > 0) {
break;
}
bb_do_delay(LOGIN_FAIL_DELAY);
bb_error_msg("Login incorrect");
}
bb_error_msg("starting shell for system maintenance");
IF_SELINUX(renew_current_security_context());
shell = getenv("SUSHELL");
if (!shell)
shell = getenv("sushell");
if (!shell)
shell = pwd->pw_shell;
/* Exec login shell with no additional parameters. Never returns. */
run_shell(shell, 1, NULL);
}
