5 |
* Licensed under the GPL v2 or later, see the file LICENSE in this tarball. |
* Licensed under the GPL v2 or later, see the file LICENSE in this tarball. |
6 |
*/ |
*/ |
7 |
|
|
8 |
#include "busybox.h" |
#include "libbb.h" |
9 |
#include <syslog.h> |
#include <syslog.h> |
10 |
|
|
11 |
#define SU_OPT_mp (3) |
#define SU_OPT_mp (3) |
12 |
#define SU_OPT_l (4) |
#define SU_OPT_l (4) |
13 |
|
|
14 |
int su_main(int argc, char **argv) |
int su_main(int argc, char **argv) MAIN_EXTERNALLY_VISIBLE; |
15 |
|
int su_main(int argc UNUSED_PARAM, char **argv) |
16 |
{ |
{ |
17 |
unsigned flags; |
unsigned flags; |
18 |
char *opt_shell = 0; |
char *opt_shell = NULL; |
19 |
char *opt_command = 0; |
char *opt_command = NULL; |
20 |
char *opt_username = "root"; |
const char *opt_username = "root"; |
21 |
struct passwd *pw; |
struct passwd *pw; |
22 |
uid_t cur_uid = getuid(); |
uid_t cur_uid = getuid(); |
23 |
const char *tty; |
const char *tty; |
24 |
char *old_user; |
char *old_user; |
25 |
|
|
26 |
flags = getopt32(argc, argv, "mplc:s:", &opt_command, &opt_shell); |
flags = getopt32(argv, "mplc:s:", &opt_command, &opt_shell); |
27 |
argc -= optind; |
//argc -= optind; |
28 |
argv += optind; |
argv += optind; |
29 |
|
|
30 |
if (argc && LONE_DASH(argv[0])) { |
if (argv[0] && LONE_DASH(argv[0])) { |
31 |
flags |= SU_OPT_l; |
flags |= SU_OPT_l; |
|
argc--; |
|
32 |
argv++; |
argv++; |
33 |
} |
} |
34 |
|
|
35 |
/* get user if specified */ |
/* get user if specified */ |
36 |
if (argc) { |
if (argv[0]) { |
37 |
opt_username = argv[0]; |
opt_username = argv[0]; |
|
// argc--; |
|
38 |
argv++; |
argv++; |
39 |
} |
} |
40 |
|
|
84 |
compromise the account by allowing access with a standard |
compromise the account by allowing access with a standard |
85 |
shell. */ |
shell. */ |
86 |
bb_error_msg("using restricted shell"); |
bb_error_msg("using restricted shell"); |
87 |
opt_shell = 0; |
opt_shell = NULL; |
88 |
} |
} |
89 |
#endif |
#endif |
90 |
if (!opt_shell) |
if (!opt_shell) |
91 |
opt_shell = pw->pw_shell; |
opt_shell = pw->pw_shell; |
92 |
|
|
93 |
change_identity(pw); |
change_identity(pw); |
94 |
|
/* setup_environment params: shell, clear_env, change_env, pw */ |
95 |
setup_environment(opt_shell, flags & SU_OPT_l, !(flags & SU_OPT_mp), pw); |
setup_environment(opt_shell, flags & SU_OPT_l, !(flags & SU_OPT_mp), pw); |
96 |
USE_SELINUX(set_current_security_context(NULL);) |
USE_SELINUX(set_current_security_context(NULL);) |
97 |
|
|
98 |
/* Never returns */ |
/* Never returns */ |
99 |
run_shell(opt_shell, flags & SU_OPT_l, opt_command, (const char**)argv); |
run_shell(opt_shell, flags & SU_OPT_l, opt_command, (const char**)argv); |
100 |
|
|
101 |
return EXIT_FAILURE; |
/* return EXIT_FAILURE; - not reached */ |
102 |
} |
} |