diff options
Diffstat (limited to 'release/src/router/busybox/coreutils/id.c')
-rw-r--r-- | release/src/router/busybox/coreutils/id.c | 270 |
1 files changed, 187 insertions, 83 deletions
diff --git a/release/src/router/busybox/coreutils/id.c b/release/src/router/busybox/coreutils/id.c index 971e7cda..43f403fa 100644 --- a/release/src/router/busybox/coreutils/id.c +++ b/release/src/router/busybox/coreutils/id.c @@ -3,108 +3,212 @@ * Mini id implementation for busybox * * Copyright (C) 2000 by Randolph Chung <tausq@debian.org> + * Copyright (C) 2008 by Tito Ragusa <farmatito@tiscali.it> * - * This program is free software; you can redistribute it and/or modify - * it under the terms of the GNU General Public License as published by - * the Free Software Foundation; either version 2 of the License, or - * (at your option) any later version. - * - * This program is distributed in the hope that it will be useful, - * but WITHOUT ANY WARRANTY; without even the implied warranty of - * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU - * General Public License for more details. - * - * You should have received a copy of the GNU General Public License - * along with this program; if not, write to the Free Software - * Foundation, Inc., 59 Temple Place, Suite 330, Boston, MA 02111-1307 USA - * + * Licensed under GPLv2 or later, see file LICENSE in this tarball for details. */ -/* BB_AUDIT SUSv3 _NOT_ compliant -- option -G is not currently supported. */ +/* BB_AUDIT SUSv3 compliant. */ +/* Hacked by Tito Ragusa (C) 2004 to handle usernames of whatever + * length and to be more similar to GNU id. + * -Z option support: by Yuichi Nakamura <ynakam@hitachisoft.jp> + * Added -G option Tito Ragusa (C) 2008 for SUSv3. + */ -#include "busybox.h" -#include <stdio.h> -#include <unistd.h> -#include <getopt.h> -#include <string.h> -#include <sys/types.h> -#ifdef CONFIG_SELINUX -#include <proc_secure.h> -#include <flask_util.h> -#endif +#include "libbb.h" -#define JUST_USER 1 -#define JUST_GROUP 2 -#define PRINT_REAL 4 -#define NAME_NOT_NUMBER 8 +#if !ENABLE_USE_BB_PWD_GRP +#if defined(__UCLIBC_MAJOR__) && (__UCLIBC_MAJOR__ == 0) +#if (__UCLIBC_MINOR__ < 9) || (__UCLIBC_MINOR__ == 9 && __UCLIBC_SUBLEVEL__ < 30) +#error "Sorry, you need at least uClibc version 0.9.30 for id applet to build" +#endif +#endif +#endif -extern int id_main(int argc, char **argv) -{ - char user[9], group[9]; - long pwnam, grnam; - int uid, gid; - int flags; -#ifdef CONFIG_SELINUX - int is_flask_enabled_flag = is_flask_enabled(); +enum { + PRINT_REAL = (1 << 0), + NAME_NOT_NUMBER = (1 << 1), + JUST_USER = (1 << 2), + JUST_GROUP = (1 << 3), + JUST_ALL_GROUPS = (1 << 4), +#if ENABLE_SELINUX + JUST_CONTEXT = (1 << 5), #endif - - flags = bb_getopt_ulflags(argc, argv, "ugrn"); +}; - if (((flags & (JUST_USER | JUST_GROUP)) == (JUST_USER | JUST_GROUP)) - || (argc > optind + 1) - ) { - bb_show_usage(); +static int print_common(unsigned id, const char *name, const char *prefix) +{ + if (prefix) { + printf("%s", prefix); } - - if (argv[optind] == NULL) { - if (flags & PRINT_REAL) { - uid = getuid(); - gid = getgid(); + if (!(option_mask32 & NAME_NOT_NUMBER) || !name) { + printf("%u", id); + } + if (!option_mask32 || (option_mask32 & NAME_NOT_NUMBER)) { + if (name) { + printf(option_mask32 ? "%s" : "(%s)", name); } else { - uid = geteuid(); - gid = getegid(); + /* Don't set error status flag in default mode */ + if (option_mask32) { + if (ENABLE_DESKTOP) + bb_error_msg("unknown ID %u", id); + return EXIT_FAILURE; + } } - my_getpwuid(user, uid); + } + return EXIT_SUCCESS; +} + +static int print_group(gid_t id, const char *prefix) +{ + return print_common(id, gid2group(id), prefix); +} + +static int print_user(uid_t id, const char *prefix) +{ + return print_common(id, uid2uname(id), prefix); +} + +/* On error set *n < 0 and return >= 0 + * If *n is too small, update it and return < 0 + * (ok to trash groups[] in both cases) + * Otherwise fill in groups[] and return >= 0 + */ +static int get_groups(const char *username, gid_t rgid, gid_t *groups, int *n) +{ + int m; + + if (username) { + /* If the user is a member of more than + * *n groups, then -1 is returned. Otherwise >= 0. + * (and no defined way of detecting errors?!) */ + m = getgrouplist(username, rgid, groups, n); + /* I guess *n < 0 might indicate error. Anyway, + * malloc'ing -1 bytes won't be good, so: */ + //if (*n < 0) + // return 0; + //return m; + //commented out here, happens below anyway } else { - safe_strncpy(user, argv[optind], sizeof(user)); - gid = my_getpwnamegid(user); + /* On error -1 is returned, which ends up in *n */ + int nn = getgroups(*n, groups); + /* 0: nn <= *n, groups[] was big enough; -1 otherwise */ + m = - (nn > *n); + *n = nn; } - my_getgrgid(group, gid); + if (*n < 0) + return 0; /* error, don't return < 0! */ + return m; +} - pwnam=my_getpwnam(user); - grnam=my_getgrnam(group); +int id_main(int argc, char **argv) MAIN_EXTERNALLY_VISIBLE; +int id_main(int argc UNUSED_PARAM, char **argv) +{ + uid_t ruid; + gid_t rgid; + uid_t euid; + gid_t egid; + unsigned opt; + int i; + int status = EXIT_SUCCESS; + const char *prefix; + const char *username; +#if ENABLE_SELINUX + security_context_t scontext = NULL; +#endif + /* Don't allow -n -r -nr -ug -rug -nug -rnug -uZ -gZ -GZ*/ + /* Don't allow more than one username */ + opt_complementary = "?1:u--g:g--u:G--u:u--G:g--G:G--g:r?ugG:n?ugG" + USE_SELINUX(":u--Z:Z--u:g--Z:Z--g:G--Z:Z--G"); + opt = getopt32(argv, "rnugG" USE_SELINUX("Z")); - if (flags & (JUST_GROUP | JUST_USER)) { - char *s = group; - if (flags & JUST_USER) { - s = user; - grnam = pwnam; - } - if (flags & NAME_NOT_NUMBER) { - puts(s); + username = argv[optind]; + if (username) { + struct passwd *p = xgetpwnam(username); + euid = ruid = p->pw_uid; + egid = rgid = p->pw_gid; + } else { + egid = getegid(); + rgid = getgid(); + euid = geteuid(); + ruid = getuid(); + } + /* JUST_ALL_GROUPS ignores -r PRINT_REAL flag even if man page for */ + /* id says: print the real ID instead of the effective ID, with -ugG */ + /* in fact in this case egid is always printed if egid != rgid */ + if (!opt || (opt & JUST_ALL_GROUPS)) { + gid_t *groups; + int n; + + if (!opt) { + /* Default Mode */ + status |= print_user(ruid, "uid="); + status |= print_group(rgid, " gid="); + if (euid != ruid) + status |= print_user(euid, " euid="); + if (egid != rgid) + status |= print_group(egid, " egid="); } else { - printf("%ld\n", grnam); + /* JUST_ALL_GROUPS */ + status |= print_group(rgid, NULL); + if (egid != rgid) + status |= print_group(egid, " "); } - } else { -#ifdef CONFIG_SELINUX - printf("uid=%ld(%s) gid=%ld(%s)", pwnam, user, grnam, group); - if(is_flask_enabled_flag) - { - security_id_t mysid = getsecsid(); - char context[80]; - int len = sizeof(context); - context[0] = '\0'; - if(security_sid_to_context(mysid, context, &len)) - strcpy(context, "unknown"); - printf(" context=%s\n", context); + /* We are supplying largish buffer, trying + * to not run get_groups() twice. That might be slow + * ("user database in remote SQL server" case) */ + groups = xmalloc(64 * sizeof(gid_t)); + n = 64; + if (get_groups(username, rgid, groups, &n) < 0) { + /* Need bigger buffer after all */ + groups = xrealloc(groups, n * sizeof(gid_t)); + get_groups(username, rgid, groups, &n); + } + if (n > 0) { + /* Print the list */ + prefix = " groups="; + for (i = 0; i < n; i++) { + if (opt && (groups[i] == rgid || groups[i] == egid)) + continue; + status |= print_group(groups[i], opt ? " " : prefix); + prefix = ","; + } + } else if (n < 0) { /* error in get_groups() */ + if (!ENABLE_DESKTOP) + bb_error_msg_and_die("cannot get groups"); + else + return EXIT_FAILURE; + } + if (ENABLE_FEATURE_CLEAN_UP) + free(groups); +#if ENABLE_SELINUX + if (is_selinux_enabled()) { + if (getcon(&scontext) == 0) + printf(" context=%s", scontext); } - else - printf("\n"); -#else - printf("uid=%ld(%s) gid=%ld(%s)\n", pwnam, user, grnam, group); #endif - + } else if (opt & PRINT_REAL) { + euid = ruid; + egid = rgid; } - bb_fflush_stdout_and_exit(0); + if (opt & JUST_USER) + status |= print_user(euid, NULL); + else if (opt & JUST_GROUP) + status |= print_group(egid, NULL); +#if ENABLE_SELINUX + else if (opt & JUST_CONTEXT) { + selinux_or_die(); + if (username || getcon(&scontext)) { + bb_error_msg_and_die("can't get process context%s", + username ? " for a different user" : ""); + } + fputs(scontext, stdout); + } + /* freecon(NULL) seems to be harmless */ + if (ENABLE_FEATURE_CLEAN_UP) + freecon(scontext); +#endif + bb_putchar('\n'); + fflush_stdout_and_exit(status); } |