3
0

chpst.c 10 KB

123456789101112131415161718192021222324252627282930313233343536373839404142434445464748495051525354555657585960616263646566676869707172737475767778798081828384858687888990919293949596979899100101102103104105106107108109110111112113114115116117118119120121122123124125126127128129130131132133134135136137138139140141142143144145146147148149150151152153154155156157158159160161162163164165166167168169170171172173174175176177178179180181182183184185186187188189190191192193194195196197198199200201202203204205206207208209210211212213214215216217218219220221222223224225226227228229230231232233234235236237238239240241242243244245246247248249250251252253254255256257258259260261262263264265266267268269270271272273274275276277278279280281282283284285286287288289290291292293294295296297298299300301302303304305306307308309310311312313314315316317318319320321322323324325326327328329330331332333334335336337338339340341342343344345346347348349350351352353354355356357358359360361362363364365366367368369370371372373374375376377378379380381382383384385386387388389390391392393394395396397398399400401402403404405406407
  1. /*
  2. Copyright (c) 2001-2006, Gerrit Pape
  3. All rights reserved.
  4. Redistribution and use in source and binary forms, with or without
  5. modification, are permitted provided that the following conditions are met:
  6. 1. Redistributions of source code must retain the above copyright notice,
  7. this list of conditions and the following disclaimer.
  8. 2. Redistributions in binary form must reproduce the above copyright
  9. notice, this list of conditions and the following disclaimer in the
  10. documentation and/or other materials provided with the distribution.
  11. 3. The name of the author may not be used to endorse or promote products
  12. derived from this software without specific prior written permission.
  13. THIS SOFTWARE IS PROVIDED BY THE AUTHOR ``AS IS'' AND ANY EXPRESS OR IMPLIED
  14. WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE IMPLIED WARRANTIES OF
  15. MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE ARE DISCLAIMED. IN NO
  16. EVENT SHALL THE AUTHOR BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL,
  17. SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT NOT LIMITED TO,
  18. PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; LOSS OF USE, DATA, OR PROFITS;
  19. OR BUSINESS INTERRUPTION) HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY,
  20. WHETHER IN CONTRACT, STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR
  21. OTHERWISE) ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF
  22. ADVISED OF THE POSSIBILITY OF SUCH DAMAGE.
  23. */
  24. /* Busyboxed by Denys Vlasenko <vda.linux@googlemail.com> */
  25. /* Dependencies on runit_lib.c removed */
  26. #include "libbb.h"
  27. #include <dirent.h>
  28. // Must match constants in chpst_main!
  29. #define OPT_verbose (option_mask32 & 0x2000)
  30. #define OPT_pgrp (option_mask32 & 0x4000)
  31. #define OPT_nostdin (option_mask32 & 0x8000)
  32. #define OPT_nostdout (option_mask32 & 0x10000)
  33. #define OPT_nostderr (option_mask32 & 0x20000)
  34. struct globals {
  35. char *set_user;
  36. char *env_user;
  37. const char *env_dir;
  38. const char *root;
  39. long limitd; /* limitX are initialized to -2 */
  40. long limits;
  41. long limitl;
  42. long limita;
  43. long limito;
  44. long limitp;
  45. long limitf;
  46. long limitc;
  47. long limitr;
  48. long limitt;
  49. int nicelvl;
  50. };
  51. #define G (*(struct globals*)&bb_common_bufsiz1)
  52. #define set_user (G.set_user)
  53. #define env_user (G.env_user)
  54. #define env_dir (G.env_dir )
  55. #define root (G.root )
  56. #define limitd (G.limitd )
  57. #define limits (G.limits )
  58. #define limitl (G.limitl )
  59. #define limita (G.limita )
  60. #define limito (G.limito )
  61. #define limitp (G.limitp )
  62. #define limitf (G.limitf )
  63. #define limitc (G.limitc )
  64. #define limitr (G.limitr )
  65. #define limitt (G.limitt )
  66. #define nicelvl (G.nicelvl )
  67. #define INIT_G() do { \
  68. long *p = &limitd; \
  69. do *p++ = -2; while (p <= &limitt); \
  70. } while (0)
  71. static void suidgid(char *user)
  72. {
  73. struct bb_uidgid_t ugid;
  74. if (!get_uidgid(&ugid, user, 1)) {
  75. bb_error_msg_and_die("unknown user/group: %s", user);
  76. }
  77. if (setgroups(1, &ugid.gid) == -1)
  78. bb_perror_msg_and_die("setgroups");
  79. xsetgid(ugid.gid);
  80. xsetuid(ugid.uid);
  81. }
  82. static void euidgid(char *user)
  83. {
  84. struct bb_uidgid_t ugid;
  85. if (!get_uidgid(&ugid, user, 1)) {
  86. bb_error_msg_and_die("unknown user/group: %s", user);
  87. }
  88. xsetenv("GID", utoa(ugid.gid));
  89. xsetenv("UID", utoa(ugid.uid));
  90. }
  91. static void edir(const char *directory_name)
  92. {
  93. int wdir;
  94. DIR *dir;
  95. struct dirent *d;
  96. int fd;
  97. wdir = xopen(".", O_RDONLY | O_NDELAY);
  98. xchdir(directory_name);
  99. dir = opendir(".");
  100. if (!dir)
  101. bb_perror_msg_and_die("opendir %s", directory_name);
  102. for (;;) {
  103. char buf[256];
  104. char *tail;
  105. int size;
  106. errno = 0;
  107. d = readdir(dir);
  108. if (!d) {
  109. if (errno)
  110. bb_perror_msg_and_die("readdir %s",
  111. directory_name);
  112. break;
  113. }
  114. if (d->d_name[0] == '.')
  115. continue;
  116. fd = open(d->d_name, O_RDONLY | O_NDELAY);
  117. if (fd < 0) {
  118. if ((errno == EISDIR) && env_dir) {
  119. if (OPT_verbose)
  120. bb_perror_msg("warning: %s/%s is a directory",
  121. directory_name, d->d_name);
  122. continue;
  123. } else
  124. bb_perror_msg_and_die("open %s/%s",
  125. directory_name, d->d_name);
  126. }
  127. size = full_read(fd, buf, sizeof(buf)-1);
  128. close(fd);
  129. if (size < 0)
  130. bb_perror_msg_and_die("read %s/%s",
  131. directory_name, d->d_name);
  132. if (size == 0) {
  133. unsetenv(d->d_name);
  134. continue;
  135. }
  136. buf[size] = '\n';
  137. tail = strchr(buf, '\n');
  138. /* skip trailing whitespace */
  139. while (1) {
  140. *tail = '\0';
  141. tail--;
  142. if (tail < buf || !isspace(*tail))
  143. break;
  144. }
  145. xsetenv(d->d_name, buf);
  146. }
  147. closedir(dir);
  148. if (fchdir(wdir) == -1)
  149. bb_perror_msg_and_die("fchdir");
  150. close(wdir);
  151. }
  152. static void limit(int what, long l)
  153. {
  154. struct rlimit r;
  155. /* Never fails under Linux (except if you pass it bad arguments) */
  156. getrlimit(what, &r);
  157. if ((l < 0) || (l > r.rlim_max))
  158. r.rlim_cur = r.rlim_max;
  159. else
  160. r.rlim_cur = l;
  161. if (setrlimit(what, &r) == -1)
  162. bb_perror_msg_and_die("setrlimit");
  163. }
  164. static void slimit(void)
  165. {
  166. if (limitd >= -1) {
  167. #ifdef RLIMIT_DATA
  168. limit(RLIMIT_DATA, limitd);
  169. #else
  170. if (OPT_verbose)
  171. bb_error_msg("system does not support RLIMIT_%s",
  172. "DATA");
  173. #endif
  174. }
  175. if (limits >= -1) {
  176. #ifdef RLIMIT_STACK
  177. limit(RLIMIT_STACK, limits);
  178. #else
  179. if (OPT_verbose)
  180. bb_error_msg("system does not support RLIMIT_%s",
  181. "STACK");
  182. #endif
  183. }
  184. if (limitl >= -1) {
  185. #ifdef RLIMIT_MEMLOCK
  186. limit(RLIMIT_MEMLOCK, limitl);
  187. #else
  188. if (OPT_verbose)
  189. bb_error_msg("system does not support RLIMIT_%s",
  190. "MEMLOCK");
  191. #endif
  192. }
  193. if (limita >= -1) {
  194. #ifdef RLIMIT_VMEM
  195. limit(RLIMIT_VMEM, limita);
  196. #else
  197. #ifdef RLIMIT_AS
  198. limit(RLIMIT_AS, limita);
  199. #else
  200. if (OPT_verbose)
  201. bb_error_msg("system does not support RLIMIT_%s",
  202. "VMEM");
  203. #endif
  204. #endif
  205. }
  206. if (limito >= -1) {
  207. #ifdef RLIMIT_NOFILE
  208. limit(RLIMIT_NOFILE, limito);
  209. #else
  210. #ifdef RLIMIT_OFILE
  211. limit(RLIMIT_OFILE, limito);
  212. #else
  213. if (OPT_verbose)
  214. bb_error_msg("system does not support RLIMIT_%s",
  215. "NOFILE");
  216. #endif
  217. #endif
  218. }
  219. if (limitp >= -1) {
  220. #ifdef RLIMIT_NPROC
  221. limit(RLIMIT_NPROC, limitp);
  222. #else
  223. if (OPT_verbose)
  224. bb_error_msg("system does not support RLIMIT_%s",
  225. "NPROC");
  226. #endif
  227. }
  228. if (limitf >= -1) {
  229. #ifdef RLIMIT_FSIZE
  230. limit(RLIMIT_FSIZE, limitf);
  231. #else
  232. if (OPT_verbose)
  233. bb_error_msg("system does not support RLIMIT_%s",
  234. "FSIZE");
  235. #endif
  236. }
  237. if (limitc >= -1) {
  238. #ifdef RLIMIT_CORE
  239. limit(RLIMIT_CORE, limitc);
  240. #else
  241. if (OPT_verbose)
  242. bb_error_msg("system does not support RLIMIT_%s",
  243. "CORE");
  244. #endif
  245. }
  246. if (limitr >= -1) {
  247. #ifdef RLIMIT_RSS
  248. limit(RLIMIT_RSS, limitr);
  249. #else
  250. if (OPT_verbose)
  251. bb_error_msg("system does not support RLIMIT_%s",
  252. "RSS");
  253. #endif
  254. }
  255. if (limitt >= -1) {
  256. #ifdef RLIMIT_CPU
  257. limit(RLIMIT_CPU, limitt);
  258. #else
  259. if (OPT_verbose)
  260. bb_error_msg("system does not support RLIMIT_%s",
  261. "CPU");
  262. #endif
  263. }
  264. }
  265. /* argv[0] */
  266. static void setuidgid(int, char **) ATTRIBUTE_NORETURN;
  267. static void envuidgid(int, char **) ATTRIBUTE_NORETURN;
  268. static void envdir(int, char **) ATTRIBUTE_NORETURN;
  269. static void softlimit(int, char **) ATTRIBUTE_NORETURN;
  270. int chpst_main(int argc, char **argv) MAIN_EXTERNALLY_VISIBLE;
  271. int chpst_main(int argc ATTRIBUTE_UNUSED, char **argv)
  272. {
  273. INIT_G();
  274. if (applet_name[3] == 'd') envdir(argc, argv);
  275. if (applet_name[1] == 'o') softlimit(argc, argv);
  276. if (applet_name[0] == 's') setuidgid(argc, argv);
  277. if (applet_name[0] == 'e') envuidgid(argc, argv);
  278. // otherwise we are chpst
  279. {
  280. char *m,*d,*o,*p,*f,*c,*r,*t,*n;
  281. getopt32(argv, "+u:U:e:m:d:o:p:f:c:r:t:/:n:vP012",
  282. &set_user,&env_user,&env_dir,
  283. &m,&d,&o,&p,&f,&c,&r,&t,&root,&n);
  284. // if (option_mask32 & 0x1) // -u
  285. // if (option_mask32 & 0x2) // -U
  286. // if (option_mask32 & 0x4) // -e
  287. if (option_mask32 & 0x8) limits = limitl = limita = limitd = xatoul(m); // -m
  288. if (option_mask32 & 0x10) limitd = xatoul(d); // -d
  289. if (option_mask32 & 0x20) limito = xatoul(o); // -o
  290. if (option_mask32 & 0x40) limitp = xatoul(p); // -p
  291. if (option_mask32 & 0x80) limitf = xatoul(f); // -f
  292. if (option_mask32 & 0x100) limitc = xatoul(c); // -c
  293. if (option_mask32 & 0x200) limitr = xatoul(r); // -r
  294. if (option_mask32 & 0x400) limitt = xatoul(t); // -t
  295. // if (option_mask32 & 0x800) // -/
  296. if (option_mask32 & 0x1000) nicelvl = xatoi(n); // -n
  297. // The below consts should match #defines at top!
  298. //if (option_mask32 & 0x2000) OPT_verbose = 1; // -v
  299. //if (option_mask32 & 0x4000) OPT_pgrp = 1; // -P
  300. //if (option_mask32 & 0x8000) OPT_nostdin = 1; // -0
  301. //if (option_mask32 & 0x10000) OPT_nostdout = 1; // -1
  302. //if (option_mask32 & 0x20000) OPT_nostderr = 1; // -2
  303. }
  304. argv += optind;
  305. if (!argv || !*argv) bb_show_usage();
  306. if (OPT_pgrp) setsid();
  307. if (env_dir) edir(env_dir);
  308. if (root) {
  309. xchdir(root);
  310. xchroot(".");
  311. }
  312. slimit();
  313. if (nicelvl) {
  314. errno = 0;
  315. if (nice(nicelvl) == -1)
  316. bb_perror_msg_and_die("nice");
  317. }
  318. if (env_user) euidgid(env_user);
  319. if (set_user) suidgid(set_user);
  320. if (OPT_nostdin) close(0);
  321. if (OPT_nostdout) close(1);
  322. if (OPT_nostderr) close(2);
  323. BB_EXECVP(argv[0], argv);
  324. bb_perror_msg_and_die("exec %s", argv[0]);
  325. }
  326. static void setuidgid(int argc ATTRIBUTE_UNUSED, char **argv)
  327. {
  328. const char *account;
  329. account = *++argv;
  330. if (!account) bb_show_usage();
  331. if (!*++argv) bb_show_usage();
  332. suidgid((char*)account);
  333. BB_EXECVP(argv[0], argv);
  334. bb_perror_msg_and_die("exec %s", argv[0]);
  335. }
  336. static void envuidgid(int argc ATTRIBUTE_UNUSED, char **argv)
  337. {
  338. const char *account;
  339. account = *++argv;
  340. if (!account) bb_show_usage();
  341. if (!*++argv) bb_show_usage();
  342. euidgid((char*)account);
  343. BB_EXECVP(argv[0], argv);
  344. bb_perror_msg_and_die("exec %s", argv[0]);
  345. }
  346. static void envdir(int argc ATTRIBUTE_UNUSED, char **argv)
  347. {
  348. const char *dir;
  349. dir = *++argv;
  350. if (!dir) bb_show_usage();
  351. if (!*++argv) bb_show_usage();
  352. edir(dir);
  353. BB_EXECVP(argv[0], argv);
  354. bb_perror_msg_and_die("exec %s", argv[0]);
  355. }
  356. static void softlimit(int argc ATTRIBUTE_UNUSED, char **argv)
  357. {
  358. char *a,*c,*d,*f,*l,*m,*o,*p,*r,*s,*t;
  359. getopt32(argv, "+a:c:d:f:l:m:o:p:r:s:t:",
  360. &a,&c,&d,&f,&l,&m,&o,&p,&r,&s,&t);
  361. if (option_mask32 & 0x001) limita = xatoul(a); // -a
  362. if (option_mask32 & 0x002) limitc = xatoul(c); // -c
  363. if (option_mask32 & 0x004) limitd = xatoul(d); // -d
  364. if (option_mask32 & 0x008) limitf = xatoul(f); // -f
  365. if (option_mask32 & 0x010) limitl = xatoul(l); // -l
  366. if (option_mask32 & 0x020) limits = limitl = limita = limitd = xatoul(m); // -m
  367. if (option_mask32 & 0x040) limito = xatoul(o); // -o
  368. if (option_mask32 & 0x080) limitp = xatoul(p); // -p
  369. if (option_mask32 & 0x100) limitr = xatoul(r); // -r
  370. if (option_mask32 & 0x200) limits = xatoul(s); // -s
  371. if (option_mask32 & 0x400) limitt = xatoul(t); // -t
  372. argv += optind;
  373. if (!argv[0]) bb_show_usage();
  374. slimit();
  375. BB_EXECVP(argv[0], argv);
  376. bb_perror_msg_and_die("exec %s", argv[0]);
  377. }