From f0a97fb43ab1ccab1904e7bc947a97c6e795900e Mon Sep 17 00:00:00 2001 From: Denis Vlasenko Date: Tue, 3 Oct 2006 17:52:24 +0000 Subject: Yeah, yeah... I forgot about 'svn add'... fixing that --- runit/Config.in | 36 ++++++ runit/Makefile | 23 ++++ runit/Makefile.in | 42 +++++++ runit/chpst.c | 345 ++++++++++++++++++++++++++++++++++++++++++++++++++++++ runit/uidgid.c | 63 ++++++++++ runit/uidgid.h | 14 +++ 6 files changed, 523 insertions(+) create mode 100644 runit/Config.in create mode 100644 runit/Makefile create mode 100644 runit/Makefile.in create mode 100644 runit/chpst.c create mode 100644 runit/uidgid.c create mode 100644 runit/uidgid.h diff --git a/runit/Config.in b/runit/Config.in new file mode 100644 index 000000000..073ca1425 --- /dev/null +++ b/runit/Config.in @@ -0,0 +1,36 @@ +# +# For a description of the syntax of this configuration file, +# see scripts/kbuild/config-language.txt. +# + +menu "Runit Utilities" + +config CONFIG_CHPST + bool "chpst" + default n + help + chpst changes the process state according to the given options, and + execs specified program. + +config CONFIG_SETUIDGID + bool "setuidgid" + help + Sets soft resource limits as specified by options + +config CONFIG_ENVUIDGID + bool "envuidgid" + help + Sets $UID to account's uid and $GID to account's gid + +config CONFIG_ENVDIR + bool "envdir" + help + Sets various environment variables as specified by files + in the given directory + +config CONFIG_SOFTLIMIT + bool "softlimit" + help + Sets soft resource limits as specified by options + +endmenu diff --git a/runit/Makefile b/runit/Makefile new file mode 100644 index 000000000..be65856fe --- /dev/null +++ b/runit/Makefile @@ -0,0 +1,23 @@ +# Makefile for busybox +# +# Copyright (C) 1999-2005 by Erik Andersen +# +# Licensed under the GPL v2, see the file LICENSE in this tarball. + +ifndef top_srcdir +top_srcdir=.. +endif +ifndef top_builddir +top_builddir=.. +endif +srcdir=$(top_srcdir)/runit +RUNIT_DIR:=./ +include $(top_srcdir)/Rules.mak +include $(top_builddir)/.config +include Makefile.in +all: $(libraries-y) +-include $(top_builddir)/.depend + +clean: + rm -f *.o *.a $(AR_TARGET) + diff --git a/runit/Makefile.in b/runit/Makefile.in new file mode 100644 index 000000000..d8cea10c2 --- /dev/null +++ b/runit/Makefile.in @@ -0,0 +1,42 @@ +# Makefile for busybox +# +# Copyright (C) 1999-2005 by Erik Andersen +# +# Licensed under the GPL v2, see the file LICENSE in this tarball. + +RUNIT_AR:=runit.a +ifndef RUNIT_DIR +RUNIT_DIR:=$(top_builddir)/runit/ +endif +srcdir=$(top_srcdir)/runit + +#unix_a:=buffer.o \ +#buffer_get.o buffer_put.o buffer_read.o buffer_write.o coe.o \ +#fd_copy.o fd_move.o fifo.o lock_ex.o lock_exnb.o \ +#ndelay_off.o ndelay_on.o open_append.o open_read.o \ +#open_trunc.o open_write.o openreadclose.o pathexec_env.o \ +#pathexec_run.o prot.o readclose.o seek_set.o sig.o \ +#sig_block.o sig_catch.o sig_pause.o stralloc_cat.o stralloc_catb.o \ +#stralloc_cats.o stralloc_eady.o stralloc_opyb.o stralloc_opys.o \ +#stralloc_pend.o wait_nohang.o \ +#wait_pid.o + +RUNIT-y:= +RUNIT-$(CONFIG_CHPST) += chpst.o uidgid.o + +RUNIT-y:=$(sort $(RUNIT-y)) + +ifneq ($(strip $(RUNIT-y)),) +libraries-y+=$(RUNIT_DIR)$(RUNIT_AR) +endif + +RUNIT_SRC-y:=$(patsubst %.o,$(srcdir)/%.c,$(RUNIT-y)) +RUNIT_SRC-a:=$(wildcard $(srcdir)/*.c) +APPLET_SRC-y+=$(RUNIT_SRC-y) +APPLET_SRC-a+=$(RUNIT_SRC-a) + +$(RUNIT_DIR)$(RUNIT_AR): $(patsubst %,$(RUNIT_DIR)%, $(RUNIT-y)) + $(do_ar) + +$(RUNIT_DIR)%.o: $(srcdir)/%.c + $(compile.c) diff --git a/runit/chpst.c b/runit/chpst.c new file mode 100644 index 000000000..11ee3d733 --- /dev/null +++ b/runit/chpst.c @@ -0,0 +1,345 @@ +#include "busybox.h" + +#include +#include +#include + +#include "uidgid.h" + +#include +#include + +static unsigned option_mask; +// Must meatch constants in chpst_main! +#define OPT_verbose (option_mask & 0x2000) +#define OPT_pgrp (option_mask & 0x4000) +#define OPT_nostdin (option_mask & 0x8000) +#define OPT_nostdout (option_mask & 0x10000) +#define OPT_nostderr (option_mask & 0x20000) + +static char *set_user; +static char *env_user; +static const char *env_dir; +static long limitd = -2; +static long limits = -2; +static long limitl = -2; +static long limita = -2; +static long limito = -2; +static long limitp = -2; +static long limitf = -2; +static long limitc = -2; +static long limitr = -2; +static long limitt = -2; +static long nicelvl; +static const char *root; + +static void suidgid(char *user, unsigned dogrp) +{ + struct uidgid ugid; + + if (!uidgid_get(&ugid, user, dogrp)) { + if (dogrp) + bb_error_msg_and_die("unknown user/group: %s", user); + else + bb_error_msg_and_die("unknown account: %s", user); + } + if (setgroups(ugid.gids, ugid.gid) == -1) + bb_perror_msg_and_die("setgroups"); + xsetgid(*ugid.gid); + xsetuid(ugid.uid); +} + +static void euidgid(char *user, unsigned dogrp) +{ + struct uidgid ugid; + + if (!uidgid_get(&ugid, user, dogrp)) { + if (dogrp) + bb_error_msg_and_die("unknown user/group: %s", user); + else + bb_error_msg_and_die("unknown account: %s", user); + } + //FIXME: ultoa needed here! + xsetenv("GID", utoa(*ugid.gid)); + xsetenv("UID", utoa(ugid.uid)); +} + +static void edir(const char *directory_name) +{ + int wdir; + DIR *dir; + struct dirent *d; + int fd; + + wdir = xopen(".", O_RDONLY | O_NDELAY); + xchdir(directory_name); + dir = opendir("."); + if (!dir) + bb_perror_msg_and_die("opendir %s", directory_name); + for (;;) { + errno = 0; + d = readdir(dir); + if (!d) { + if (errno) bb_perror_msg_and_die("readdir %s", directory_name); + break; + } + if (d->d_name[0] == '.') continue; + fd = open(d->d_name, O_RDONLY | O_NDELAY); + if (fd < 0) { + if ((errno == EISDIR) && env_dir) { + if (OPT_verbose) + bb_perror_msg("warning: %s/%s is a directory", directory_name, + d->d_name); + continue; + } else + bb_perror_msg_and_die("open %s/%s", directory_name, /* was exiting 111 */ + d->d_name); + } + if (fd >= 0) { + char buf[256]; + char *tail; + int size; + + size = safe_read(fd, buf, sizeof(buf)-1); + if (size < 0) + bb_perror_msg_and_die("read %s/%s", directory_name, /* was exiting 111 */ + d->d_name); + if (size == 0) { + xsetenv(d->d_name, ""); + continue; + } + buf[size] = '\n'; + tail = memchr(buf, '\n', sizeof(buf)); + /* skip trailing whitespace */; + while (1) { + if (tail[0]==' ') tail[0] = '\0'; + if (tail[0]=='\t') tail[0] = '\0'; + if (tail[0]=='\n') tail[0] = '\0'; + if (tail == buf) break; + tail--; + } + xsetenv(d->d_name, buf); + } + } + closedir(dir); + if (fchdir(wdir) == -1) bb_perror_msg_and_die("fchdir"); + close(wdir); +} + +static void limit(int what, long l) +{ + struct rlimit r; + + if (getrlimit(what, &r) == -1) bb_perror_msg_and_die("getrlimit"); + if ((l < 0) || (l > r.rlim_max)) + r.rlim_cur = r.rlim_max; + else + r.rlim_cur = l; + if (setrlimit(what, &r) == -1) bb_perror_msg_and_die("setrlimit"); +} + +static void slimit(void) +{ + if (limitd >= -1) { +#ifdef RLIMIT_DATA + limit(RLIMIT_DATA, limitd); +#else + if (OPT_verbose) bb_error_msg("system does not support %s", "RLIMIT_DATA"); +#endif + } + if (limits >= -1) { +#ifdef RLIMIT_STACK + limit(RLIMIT_STACK, limits); +#else + if (OPT_verbose) bb_error_msg("system does not support %s", "RLIMIT_STACK"); +#endif + } + if (limitl >= -1) { +#ifdef RLIMIT_MEMLOCK + limit(RLIMIT_MEMLOCK, limitl); +#else + if (OPT_verbose) bb_error_msg("system does not support %s", "RLIMIT_MEMLOCK"); +#endif + } + if (limita >= -1) { +#ifdef RLIMIT_VMEM + limit(RLIMIT_VMEM, limita); +#else +#ifdef RLIMIT_AS + limit(RLIMIT_AS, limita); +#else + if (OPT_verbose) + bb_error_msg("system does not support %s", "RLIMIT_VMEM"); +#endif +#endif + } + if (limito >= -1) { +#ifdef RLIMIT_NOFILE + limit(RLIMIT_NOFILE, limito); +#else +#ifdef RLIMIT_OFILE + limit(RLIMIT_OFILE, limito); +#else + if (OPT_verbose) + bb_error_msg("system does not support %s", "RLIMIT_NOFILE"); +#endif +#endif + } + if (limitp >= -1) { +#ifdef RLIMIT_NPROC + limit(RLIMIT_NPROC, limitp); +#else + if (OPT_verbose) bb_error_msg("system does not support %s", "RLIMIT_NPROC"); +#endif + } + if (limitf >= -1) { +#ifdef RLIMIT_FSIZE + limit(RLIMIT_FSIZE, limitf); +#else + if (OPT_verbose) bb_error_msg("system does not support %s", "RLIMIT_FSIZE"); +#endif + } + if (limitc >= -1) { +#ifdef RLIMIT_CORE + limit(RLIMIT_CORE, limitc); +#else + if (OPT_verbose) bb_error_msg("system does not support %s", "RLIMIT_CORE"); +#endif + } + if (limitr >= -1) { +#ifdef RLIMIT_RSS + limit(RLIMIT_RSS, limitr); +#else + if (OPT_verbose) bb_error_msg("system does not support %s", "RLIMIT_RSS"); +#endif + } + if (limitt >= -1) { +#ifdef RLIMIT_CPU + limit(RLIMIT_CPU, limitt); +#else + if (OPT_verbose) bb_error_msg("system does not support %s", "RLIMIT_CPU"); +#endif + } +} + +/* argv[0] */ +static void setuidgid(int, char **); +static void envuidgid(int, char **); +static void envdir(int, char **); +static void softlimit(int, char **); + +int chpst_main(int argc, char **argv) +{ + if (bb_applet_name[3] == 'd') envdir(argc, argv); + if (bb_applet_name[1] == 'o') softlimit(argc, argv); + if (bb_applet_name[0] == 's') setuidgid(argc, argv); + if (bb_applet_name[0] == 'e') envuidgid(argc, argv); + // otherwise we are.......... chpst + + { + char *m,*d,*o,*p,*f,*c,*r,*t,*n; + option_mask = bb_getopt_ulflags(argc, argv, "u:U:e:m:d:o:p:f:c:r:t:/:n:vP012", + &set_user,&env_user,&env_dir, + &m,&d,&o,&p,&f,&c,&r,&t,&root,&n); + // if (option_mask & 0x1) // -u + // if (option_mask & 0x2) // -U + // if (option_mask & 0x4) // -e + if (option_mask & 0x8) limits = limitl = limita = limitd = bb_xgetularg10(m); // -m + if (option_mask & 0x10) limitd = bb_xgetularg10(d); // -d + if (option_mask & 0x20) limito = bb_xgetularg10(o); // -o + if (option_mask & 0x40) limitp = bb_xgetularg10(p); // -p + if (option_mask & 0x80) limitf = bb_xgetularg10(f); // -f + if (option_mask & 0x100) limitc = bb_xgetularg10(c); // -c + if (option_mask & 0x200) limitr = bb_xgetularg10(r); // -r + if (option_mask & 0x400) limitt = bb_xgetularg10(t); // -t + // if (option_mask & 0x800) // -/ + if (option_mask & 0x1000) nicelvl = bb_xgetlarg_bnd_sfx(n, 10, -20, 20, NULL); // -n + // The below consts should match #defines at top! + //if (option_mask & 0x2000) OPT_verbose = 1; // -v + //if (option_mask & 0x4000) OPT_pgrp = 1; // -P + //if (option_mask & 0x8000) OPT_nostdin = 1; // -0 + //if (option_mask & 0x10000) OPT_nostdout = 1; // -1 + //if (option_mask & 0x20000) OPT_nostderr = 1; // -2 + } + if (!argv || !*argv) bb_show_usage(); + + if (OPT_pgrp) setsid(); + if (env_dir) edir(env_dir); + if (root) { + xchdir(root); + if (chroot(".") == -1) + bb_perror_msg_and_die("chroot"); + } + slimit(); + if (nicelvl) { + errno = 0; + if (nice(nicelvl) == -1) + bb_perror_msg_and_die("nice"); + } + if (env_user) euidgid(env_user, 1); + if (set_user) suidgid(set_user, 1); + if (OPT_nostdin) close(0); + if (OPT_nostdout) close(1); + if (OPT_nostderr) close(2); + execvp(argv[0], argv); + bb_perror_msg_and_die("exec %s", argv[0]); +} + +static void setuidgid(int argc, char **argv) +{ + const char *account; + + account = *++argv; + if (!account) bb_show_usage(); + if (!*++argv) bb_show_usage(); + suidgid((char*)account, 0); + execvp(argv[0], argv); + bb_perror_msg_and_die("exec %s", argv[0]); +} + +static void envuidgid(int argc, char **argv) +{ + const char *account; + + account = *++argv; + if (!account) bb_show_usage(); + if (!*++argv) bb_show_usage(); + euidgid((char*)account, 0); + execvp(argv[0], argv); + bb_perror_msg_and_die("exec %s", argv[0]); +} + +static void envdir(int argc, char **argv) +{ + const char *dir; + + dir = *++argv; + if (!dir) bb_show_usage(); + if (!*++argv) bb_show_usage(); + edir(dir); + execvp(argv[0], argv); + bb_perror_msg_and_die("exec %s", argv[0]); +} + +static void softlimit(int argc, char **argv) +{ + char *a,*c,*d,*f,*l,*m,*o,*p,*r,*s,*t; + option_mask = bb_getopt_ulflags(argc, argv, "a:c:d:f:l:m:o:p:r:s:t:", + &a,&c,&d,&f,&l,&m,&o,&p,&r,&s,&t); + if (option_mask & 0x001) limita = bb_xgetularg10(a); // -a + if (option_mask & 0x002) limitc = bb_xgetularg10(c); // -c + if (option_mask & 0x004) limitd = bb_xgetularg10(d); // -d + if (option_mask & 0x008) limitf = bb_xgetularg10(f); // -f + if (option_mask & 0x010) limitl = bb_xgetularg10(l); // -l + if (option_mask & 0x020) limits = limitl = limita = limitd = bb_xgetularg10(m); // -m + if (option_mask & 0x040) limito = bb_xgetularg10(o); // -o + if (option_mask & 0x080) limitp = bb_xgetularg10(p); // -p + if (option_mask & 0x100) limitr = bb_xgetularg10(r); // -r + if (option_mask & 0x200) limits = bb_xgetularg10(s); // -s + if (option_mask & 0x400) limitt = bb_xgetularg10(t); // -t + argv += optind; + if (!argv[0]) bb_show_usage(); + slimit(); + execvp(argv[0], argv); + bb_perror_msg_and_die("exec %s", argv[0]); +} diff --git a/runit/uidgid.c b/runit/uidgid.c new file mode 100644 index 000000000..a8fec409d --- /dev/null +++ b/runit/uidgid.c @@ -0,0 +1,63 @@ +#include +#include +#include +#include "uidgid.h" + +static unsigned str_chr(const char *s, int c) +{ + const char *t = s; + while (t[0] && t[0] != (char)c) + t++; + return t - s; +} + + +unsigned uidgid_get(struct uidgid *u, char *ug, unsigned dogrp) { + char *g = 0; + struct passwd *pwd = 0; + struct group *gr = 0; + int i, d = 0; + + if (dogrp) + d = str_chr(ug, ':'); + if (ug[d] == ':') { + ug[d] = 0; + g = ug + d + 1; + } + pwd = getpwnam(ug); + if (!pwd) { + if (g) ug[d] = ':'; + return 0; + } + if (g) { + ug[d] = ':'; + for (i = 0; i < 60; ++i) { + d = str_chr(g, ':'); + if (g[d] == ':') { + g[d] = 0; + gr = getgrnam(g); + if (!gr) { + g[d] = ':'; + return 0; + } + g[d] = ':'; + u->gid[i] = gr->gr_gid; + g += d+1; + } + else { + gr = getgrnam(g); + if (!gr) return 0; + u->gid[i++] = gr->gr_gid; + break; + } + } + u->gid[i] = 0; + u->gids = i; + } + if (!g) { + u->gid[0] = pwd->pw_gid; + u->gids = 1; + } + u->uid = pwd->pw_uid; + return 1; +} diff --git a/runit/uidgid.h b/runit/uidgid.h new file mode 100644 index 000000000..1d47fe620 --- /dev/null +++ b/runit/uidgid.h @@ -0,0 +1,14 @@ +#ifndef UIDGID_H +#define UIDGID_H + +#include + +struct uidgid { + uid_t uid; + gid_t gid[61]; + int gids; +}; + +extern unsigned uidgid_get(struct uidgid *, char *, unsigned); + +#endif -- cgit v1.2.3