Port over the last of the tinylogin applets

-Erik

libbb/Makefile.in

@@ -34,17 +34,21 @@ LIBBB_SRC:= \
 	my_getpwuid.c parse_mode.c parse_number.c perror_msg.c perror_msg_and_die.c \
 	print_file.c process_escape_sequence.c read_package_field.c recursive_action.c \
 	safe_read.c safe_strncpy.c syscalls.c syslog_msg_with_name.c time_string.c \
-	trim.c unzip.c uncompress.c vdprintf.c verror_msg.c vperror_msg.c wfopen.c xfuncs.c \
+	trim.c unzip.c uncompress.c vdprintf.c verror_msg.c vperror_msg.c wfopen.c \
 	xgetcwd.c xreadlink.c xregcomp.c interface.c remove_file.c last_char_is.c \
 	copyfd.c vherror_msg.c herror_msg.c herror_msg_and_die.c xgethostbyname.c \
 	dirname.c make_directory.c create_icmp_socket.c u_signal_names.c arith.c \
-	simplify_path.c inet_common.c inode_hash.c
+	simplify_path.c inet_common.c inode_hash.c obscure.c pwd2spwd.c xfuncs.c \
+	correct_password.c change_identity.c setup_environment.c run_shell.c \
+	pw_encrypt.c restricted_shell.c
 LIBBB_OBJS=$(patsubst %.c,$(LIBBB_DIR)%.o, $(LIBBB_SRC))
 
 LIBBB_MSRC:=$(LIBBB_DIR)messages.c
 LIBBB_MOBJ:=full_version.o name_too_long.o omitting_directory.o not_a_directory.o \
 	memory_exhausted.o invalid_date.o invalid_option.o io_error.o dash_dash_help.o \
-	write_error.o too_few_args.o name_longer_than_foo.o unknown.o can_not_create_raw_socket.o
+	write_error.o too_few_args.o name_longer_than_foo.o unknown.o can_not_create_raw_socket.o \
+	shadow_file.o passwd_file.o group_file.o gshadow_file.o nologin_file.o securetty_file.o \
+	motd_file.o
 LIBBB_MOBJS=$(patsubst %,$(LIBBB_DIR)%, $(LIBBB_MOBJ))
 
 libraries-y+=$(LIBBB_DIR)$(LIBBB_AR)

libbb/change_identity.c

@@ -0,0 +1,54 @@
+/* vi: set sw=4 ts=4: */
+/*
+ * Copyright 1989 - 1991, Julianne Frances Haugh <jockgrrl@austin.rr.com>
+ * All rights reserved.
+ *
+ * Redistribution and use in source and binary forms, with or without
+ * modification, are permitted provided that the following conditions
+ * are met:
+ * 1. Redistributions of source code must retain the above copyright
+ *    notice, this list of conditions and the following disclaimer.
+ * 2. Redistributions in binary form must reproduce the above copyright
+ *    notice, this list of conditions and the following disclaimer in the
+ *    documentation and/or other materials provided with the distribution.
+ * 3. Neither the name of Julianne F. Haugh nor the names of its contributors
+ *    may be used to endorse or promote products derived from this software
+ *    without specific prior written permission.
+ *
+ * THIS SOFTWARE IS PROVIDED BY JULIE HAUGH AND CONTRIBUTORS ``AS IS'' AND
+ * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
+ * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE
+ * ARE DISCLAIMED.  IN NO EVENT SHALL JULIE HAUGH OR CONTRIBUTORS BE LIABLE
+ * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL
+ * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS
+ * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
+ * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT
+ * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY
+ * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
+ * SUCH DAMAGE.
+ */
+
+#include <stdio.h>
+#include <errno.h>
+#include <unistd.h>
+#include <string.h>
+#include <stdlib.h>
+#include <syslog.h>
+#include <ctype.h>
+
+#include "libbb.h"
+
+
+/* Become the user and group(s) specified by PW.  */
+void change_identity ( const struct passwd *pw )
+{
+	if ( initgroups ( pw-> pw_name, pw-> pw_gid ) == -1 )
+		perror_msg_and_die ( "cannot set groups" );
+	endgrent ( );
+
+	if ( setgid ( pw-> pw_gid ))
+		perror_msg_and_die ( "cannot set group id" );
+	if ( setuid ( pw->pw_uid ))
+		perror_msg_and_die ( "cannot set user id" );
+}
+

libbb/correct_password.c

@@ -0,0 +1,78 @@
+/* vi: set sw=4 ts=4: */
+/*
+ * Copyright 1989 - 1991, Julianne Frances Haugh <jockgrrl@austin.rr.com>
+ * All rights reserved.
+ *
+ * Redistribution and use in source and binary forms, with or without
+ * modification, are permitted provided that the following conditions
+ * are met:
+ * 1. Redistributions of source code must retain the above copyright
+ *    notice, this list of conditions and the following disclaimer.
+ * 2. Redistributions in binary form must reproduce the above copyright
+ *    notice, this list of conditions and the following disclaimer in the
+ *    documentation and/or other materials provided with the distribution.
+ * 3. Neither the name of Julianne F. Haugh nor the names of its contributors
+ *    may be used to endorse or promote products derived from this software
+ *    without specific prior written permission.
+ *
+ * THIS SOFTWARE IS PROVIDED BY JULIE HAUGH AND CONTRIBUTORS ``AS IS'' AND
+ * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
+ * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE
+ * ARE DISCLAIMED.  IN NO EVENT SHALL JULIE HAUGH OR CONTRIBUTORS BE LIABLE
+ * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL
+ * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS
+ * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
+ * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT
+ * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY
+ * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
+ * SUCH DAMAGE.
+ */
+
+#include <stdio.h>
+#include <errno.h>
+#include <unistd.h>
+#include <string.h>
+#include <stdlib.h>
+#include <syslog.h>
+#include <ctype.h>
+#include <crypt.h>
+
+#include "libbb.h"
+
+
+
+/* Ask the user for a password.
+   Return 1 if the user gives the correct password for entry PW,
+   0 if not.  Return 1 without asking for a password if run by UID 0
+   or if PW has an empty password.  */
+
+int correct_password ( const struct passwd *pw )
+{
+	char *unencrypted, *encrypted, *correct;
+	
+#ifdef CONFIG_FEATURE_SHADOWPASSWDS
+	if (( strcmp ( pw-> pw_passwd, "x" ) == 0 ) || ( strcmp ( pw-> pw_passwd, "*" ) == 0 )) {
+		struct spwd *sp = getspnam ( pw-> pw_name );
+		
+		if ( !sp )
+			error_msg_and_die ( "no valid shadow password" );
+		
+		correct = sp-> sp_pwdp;
+	}
+	else
+#endif
+    	correct = pw-> pw_passwd;
+
+	if ( correct == 0 || correct[0] == '\0' )
+		return 1;
+
+	unencrypted = getpass ( "Password: " );
+	if ( !unencrypted )
+	{
+		fputs ( "getpass: cannot open /dev/tty\n", stderr );
+		return 0;
+	}
+	encrypted = crypt ( unencrypted, correct );
+	memset ( unencrypted, 0, xstrlen ( unencrypted ));
+	return ( strcmp ( encrypted, correct ) == 0 ) ? 1 : 0;
+}

libbb/libc5.c

@@ -11,6 +11,24 @@
 
 #if __GNU_LIBRARY__ < 5
 
+/*
+ * Some systems already have updwtmp().  Some don't...  This is
+ * the updwtmp() implementation from uClibc, Copyright 2002 by
+ * Erik Andersen <andersee@debian.org> 
+ */
+extern void updwtmp(const char *wtmp_file, const struct utmp *lutmp)
+{
+	int fd;
+
+	fd = open(wtmp_file, O_APPEND | O_WRONLY, 0);
+	if (fd >= 0) {
+		if (lockf(fd, F_LOCK, 0)==0) {
+			write(fd, (const char *) lutmp, sizeof(struct utmp));
+			lockf(fd, F_ULOCK, 0);
+			close(fd);
+		}
+	}
+}
 
 /* Copyright (C) 1991 Free Software Foundation, Inc.
 This file is part of the GNU C Library.

libbb/messages.c

@@ -66,3 +66,39 @@
 #ifdef L_can_not_create_raw_socket
 	const char * const can_not_create_raw_socket = "can`t create raw socket";
 #endif
+
+#ifdef L_passwd_file
+#define PASSWD_FILE        "/etc/passwd"
+const char * const passwd_file = PASSWD_FILE;
+#endif
+
+#ifdef L_shadow_file
+#define SHADOW_FILE        "/etc/shadow"
+const char * const shadow_file = SHADOW_FILE;
+#endif
+
+#ifdef L_group_file
+#define GROUP_FILE         "/etc/group"
+const char * const group_file = GROUP_FILE;
+#endif
+
+#ifdef L_gshadow_file
+#define GSHADOW_FILE       "/etc/gshadow"
+const char * const gshadow_file = GSHADOW_FILE;
+#endif
+
+#ifdef L_nologin_file
+#define NOLOGIN_FILE       "/etc/nologin"
+const char * const nologin_file = NOLOGIN_FILE;
+#endif
+
+#ifdef L_securetty_file
+#define SECURETTY_FILE     "/etc/securetty"
+const char * const securetty_file = SECURETTY_FILE;
+#endif
+
+#ifdef L_motd_file
+#define MOTD_FILE          "/etc/motd"
+const char * const motd_file = MOTD_FILE;
+#endif
+

libbb/obscure.c

@@ -0,0 +1,246 @@
+/* vi: set sw=4 ts=4: */
+/*
+ * Copyright 1989 - 1994, Julianne Frances Haugh <jockgrrl@austin.rr.com>
+ * All rights reserved.
+ *
+ * Redistribution and use in source and binary forms, with or without
+ * modification, are permitted provided that the following conditions
+ * are met:
+ * 1. Redistributions of source code must retain the above copyright
+ *    notice, this list of conditions and the following disclaimer.
+ * 2. Redistributions in binary form must reproduce the above copyright
+ *    notice, this list of conditions and the following disclaimer in the
+ *    documentation and/or other materials provided with the distribution.
+ * 3. Neither the name of Julianne F. Haugh nor the names of its contributors
+ *    may be used to endorse or promote products derived from this software
+ *    without specific prior written permission.
+ *
+ * THIS SOFTWARE IS PROVIDED BY JULIE HAUGH AND CONTRIBUTORS ``AS IS'' AND
+ * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
+ * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE
+ * ARE DISCLAIMED.  IN NO EVENT SHALL JULIE HAUGH OR CONTRIBUTORS BE LIABLE
+ * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL
+ * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS
+ * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
+ * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT
+ * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY
+ * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
+ * SUCH DAMAGE.
+ */
+
+/*
+ * This version of obscure.c contains modifications to support "cracklib"
+ * by Alec Muffet (alec.muffett@uk.sun.com).  You must obtain the Cracklib
+ * library source code for this function to operate.
+ */
+
+#include <stdlib.h>
+#include <stdio.h>
+#include <string.h>
+#include <ctype.h>
+#include "libbb.h"
+
+/*
+ * can't be a palindrome - like `R A D A R' or `M A D A M'
+ */
+
+static int palindrome(const char *old, const char *newval)
+{
+	int i, j;
+
+	i = strlen(newval);
+
+	for (j = 0; j < i; j++)
+		if (newval[i - j - 1] != newval[j])
+			return 0;
+
+	return 1;
+}
+
+/*
+ * more than half of the characters are different ones.
+ */
+
+static int similiar(const char *old, const char *newval)
+{
+	int i, j;
+
+	for (i = j = 0; newval[i] && old[i]; i++)
+		if (strchr(newval, old[i]))
+			j++;
+
+	if (i >= j * 2)
+		return 0;
+
+	return 1;
+}
+
+/*
+ * a nice mix of characters.
+ */
+
+static int simple(const char *old, const char *newval)
+{
+	int digits = 0;
+	int uppers = 0;
+	int lowers = 0;
+	int others = 0;
+	int size;
+	int i;
+
+	for (i = 0; newval[i]; i++) {
+		if (isdigit(newval[i]))
+			digits++;
+		else if (isupper(newval[i]))
+			uppers++;
+		else if (islower(newval[i]))
+			lowers++;
+		else
+			others++;
+	}
+
+	/*
+	 * The scam is this - a password of only one character type
+	 * must be 8 letters long.  Two types, 7, and so on.
+	 */
+
+	size = 9;
+	if (digits)
+		size--;
+	if (uppers)
+		size--;
+	if (lowers)
+		size--;
+	if (others)
+		size--;
+
+	if (size <= i)
+		return 0;
+
+	return 1;
+}
+
+static char *str_lower(char *string)
+{
+	char *cp;
+
+	for (cp = string; *cp; cp++)
+		*cp = tolower(*cp);
+	return string;
+}
+
+static char *password_check(const char *old, const char *newval, const struct passwd *pwdp)
+{
+	char *msg = NULL;
+	char *oldmono, *newmono, *wrapped;
+
+	if (strcmp(newval, old) == 0)
+		return "no change";
+
+	newmono = str_lower(xstrdup(newval));
+	oldmono = str_lower(xstrdup(old));
+	wrapped = (char *) xmalloc(strlen(oldmono) * 2 + 1);
+	strcpy(wrapped, oldmono);
+	strcat(wrapped, oldmono);
+
+	if (palindrome(oldmono, newmono))
+		msg = "a palindrome";
+
+	if (!msg && strcmp(oldmono, newmono) == 0)
+		msg = "case changes only";
+
+	if (!msg && similiar(oldmono, newmono))
+		msg = "too similiar";
+
+	if (!msg && simple(old, newval))
+		msg = "too simple";
+
+	if (!msg && strstr(wrapped, newmono))
+		msg = "rotated";
+
+	bzero(newmono, strlen(newmono));
+	bzero(oldmono, strlen(oldmono));
+	bzero(wrapped, strlen(wrapped));
+	free(newmono);
+	free(oldmono);
+	free(wrapped);
+
+	return msg;
+}
+
+static char *obscure_msg(const char *old, const char *newval, const struct passwd *pwdp)
+{
+	int maxlen, oldlen, newlen;
+	char *new1, *old1, *msg;
+
+	oldlen = strlen(old);
+	newlen = strlen(newval);
+
+#if 0							/* why not check the password when set for the first time?  --marekm */
+	if (old[0] == '\0')
+		/* return (1); */
+		return NULL;
+#endif
+
+	if (newlen < 5)
+		return "too short";
+
+	/*
+	 * Remaining checks are optional.
+	 */
+	/* Not for us -- Sean
+	 *if (!getdef_bool("OBSCURE_CHECKS_ENAB"))
+	 *      return NULL;
+	 */
+	msg = password_check(old, newval, pwdp);
+	if (msg)
+		return msg;
+
+	/* The traditional crypt() truncates passwords to 8 chars.  It is
+	   possible to circumvent the above checks by choosing an easy
+	   8-char password and adding some random characters to it...
+	   Example: "password$%^&*123".  So check it again, this time
+	   truncated to the maximum length.  Idea from npasswd.  --marekm */
+
+	maxlen = 8;
+	if (oldlen <= maxlen && newlen <= maxlen)
+		return NULL;
+
+	new1 = (char *) xstrdup(newval);
+	old1 = (char *) xstrdup(old);
+	if (newlen > maxlen)
+		new1[maxlen] = '\0';
+	if (oldlen > maxlen)
+		old1[maxlen] = '\0';
+
+	msg = password_check(old1, new1, pwdp);
+
+	bzero(new1, newlen);
+	bzero(old1, oldlen);
+	free(new1);
+	free(old1);
+
+	return msg;
+}
+
+/*
+ * Obscure - see if password is obscure enough.
+ *
+ *	The programmer is encouraged to add as much complexity to this
+ *	routine as desired.  Included are some of my favorite ways to
+ *	check passwords.
+ */
+
+extern int obscure(const char *old, const char *newval, const struct passwd *pwdp)
+{
+	char *msg = obscure_msg(old, newval, pwdp);
+
+	/*  if (msg) { */
+	if (msg != NULL) {
+		printf("Bad password: %s.\n", msg);
+		/* return 0; */
+		return 1;
+	}
+	/* return 1; */
+	return 0;
+}

libbb/pw_encrypt.c

@@ -0,0 +1,48 @@
+/* vi: set sw=4 ts=4: */
+/*
+ * Utility routine.
+ *
+ * Copyright (C) 1999-2002 by Erik Andersen <andersee@debian.org>
+ *
+ * This program is free software; you can redistribute it and/or modify
+ * it under the terms of the GNU General Public License as published by
+ * the Free Software Foundation; either version 2 of the License, or
+ * (at your option) any later version.
+ *
+ * This program is distributed in the hope that it will be useful,
+ * but WITHOUT ANY WARRANTY; without even the implied warranty of
+ * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU
+ * General Public License for more details.
+ *
+ * You should have received a copy of the GNU General Public License
+ * along with this program; if not, write to the Free Software
+ * Foundation, Inc., 59 Temple Place, Suite 330, Boston, MA 02111-1307 USA
+ *
+ */
+
+#include <string.h>
+#include <crypt.h>
+#include "libbb.h"
+
+
+extern char *pw_encrypt(const char *clear, const char *salt)
+{
+	static char cipher[128];
+	char *cp;
+
+#ifdef CONFIG_FEATURE_SHA1_PASSWORDS
+	if (strncmp(salt, "$2$", 3) == 0) {
+		return sha1_crypt(clear);
+	}
+#endif
+	cp = (char *) crypt(clear, salt);
+	/* if crypt (a nonstandard crypt) returns a string too large,
+	   truncate it so we don't overrun buffers and hope there is
+	   enough security in what's left */
+	if (strlen(cp) > sizeof(cipher)-1) {
+		cp[sizeof(cipher)-1] = 0;
+	}
+	strcpy(cipher, cp);
+	return cipher;
+}
+

libbb/pwd2spwd.c

@@ -0,0 +1,73 @@
+/* vi: set sw=4 ts=4: */
+/*
+ * Copyright 1989 - 1994, Julianne Frances Haugh <jockgrrl@austin.rr.com>
+ * All rights reserved.
+ *
+ * Redistribution and use in source and binary forms, with or without
+ * modification, are permitted provided that the following conditions
+ * are met:
+ * 1. Redistributions of source code must retain the above copyright
+ *    notice, this list of conditions and the following disclaimer.
+ * 2. Redistributions in binary form must reproduce the above copyright
+ *    notice, this list of conditions and the following disclaimer in the
+ *    documentation and/or other materials provided with the distribution.
+ * 3. Neither the name of Julianne F. Haugh nor the names of its contributors
+ *    may be used to endorse or promote products derived from this software
+ *    without specific prior written permission.
+ *
+ * THIS SOFTWARE IS PROVIDED BY JULIE HAUGH AND CONTRIBUTORS ``AS IS'' AND
+ * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
+ * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE
+ * ARE DISCLAIMED.  IN NO EVENT SHALL JULIE HAUGH OR CONTRIBUTORS BE LIABLE
+ * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL
+ * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS
+ * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
+ * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT
+ * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY
+ * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
+ * SUCH DAMAGE.
+ */
+
+#include <time.h>
+#include <sys/types.h>
+#include "libbb.h"
+
+/*
+ * pwd_to_spwd - create entries for new spwd structure
+ *
+ *	pwd_to_spwd() creates a new (struct spwd) containing the
+ *	information in the pointed-to (struct passwd).
+ */
+#define DAY (24L*3600L)
+#define WEEK (7*DAY)
+#define SCALE DAY
+struct spwd *pwd_to_spwd(const struct passwd *pw)
+{
+	static struct spwd sp;
+
+	/*
+	 * Nice, easy parts first.  The name and passwd map directly
+	 * from the old password structure to the new one.
+	 */
+	sp.sp_namp = pw->pw_name;
+	sp.sp_pwdp = pw->pw_passwd;
+
+	/*
+	 * Defaults used if there is no pw_age information.
+	 */
+	sp.sp_min = 0;
+	sp.sp_max = (10000L * DAY) / SCALE;
+	sp.sp_lstchg = time((time_t *) 0) / SCALE;
+
+	/*
+	 * These fields have no corresponding information in the password
+	 * file.  They are set to uninitialized values.
+	 */
+	sp.sp_warn = -1;
+	sp.sp_expire = -1;
+	sp.sp_inact = -1;
+	sp.sp_flag = -1;
+
+	return &sp;
+}
+

libbb/restricted_shell.c

@@ -0,0 +1,57 @@
+/* vi: set sw=4 ts=4: */
+/*
+ * Copyright 1989 - 1991, Julianne Frances Haugh <jockgrrl@austin.rr.com>
+ * All rights reserved.
+ *
+ * Redistribution and use in source and binary forms, with or without
+ * modification, are permitted provided that the following conditions
+ * are met:
+ * 1. Redistributions of source code must retain the above copyright
+ *    notice, this list of conditions and the following disclaimer.
+ * 2. Redistributions in binary form must reproduce the above copyright
+ *    notice, this list of conditions and the following disclaimer in the
+ *    documentation and/or other materials provided with the distribution.
+ * 3. Neither the name of Julianne F. Haugh nor the names of its contributors
+ *    may be used to endorse or promote products derived from this software
+ *    without specific prior written permission.
+ *
+ * THIS SOFTWARE IS PROVIDED BY JULIE HAUGH AND CONTRIBUTORS ``AS IS'' AND
+ * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
+ * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE
+ * ARE DISCLAIMED.  IN NO EVENT SHALL JULIE HAUGH OR CONTRIBUTORS BE LIABLE
+ * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL
+ * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS
+ * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
+ * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT
+ * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY
+ * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
+ * SUCH DAMAGE.
+ */
+
+#include <stdio.h>
+#include <errno.h>
+#include <unistd.h>
+#include <string.h>
+#include <stdlib.h>
+#include <syslog.h>
+#include <ctype.h>
+#include "libbb.h"
+
+
+
+/* Return 1 if SHELL is a restricted shell (one not returned by
+   getusershell), else 0, meaning it is a standard shell.  */
+
+int restricted_shell ( const char *shell )
+{
+	char *line;
+
+	setusershell ( );
+	while (( line = getusershell ( ))) {
+		if (( *line != '#' ) && ( strcmp ( line, shell ) == 0 ))
+			break;
+	}
+	endusershell ( );
+	return line ? 0 : 1;
+}
+

libbb/run_shell.c

@@ -0,0 +1,81 @@
+/* vi: set sw=4 ts=4: */
+/*
+ * Copyright 1989 - 1991, Julianne Frances Haugh <jockgrrl@austin.rr.com>
+ * All rights reserved.
+ *
+ * Redistribution and use in source and binary forms, with or without
+ * modification, are permitted provided that the following conditions
+ * are met:
+ * 1. Redistributions of source code must retain the above copyright
+ *    notice, this list of conditions and the following disclaimer.
+ * 2. Redistributions in binary form must reproduce the above copyright
+ *    notice, this list of conditions and the following disclaimer in the
+ *    documentation and/or other materials provided with the distribution.
+ * 3. Neither the name of Julianne F. Haugh nor the names of its contributors
+ *    may be used to endorse or promote products derived from this software
+ *    without specific prior written permission.
+ *
+ * THIS SOFTWARE IS PROVIDED BY JULIE HAUGH AND CONTRIBUTORS ``AS IS'' AND
+ * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
+ * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE
+ * ARE DISCLAIMED.  IN NO EVENT SHALL JULIE HAUGH OR CONTRIBUTORS BE LIABLE
+ * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL
+ * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS
+ * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
+ * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT
+ * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY
+ * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
+ * SUCH DAMAGE.
+ */
+
+#include <stdio.h>
+#include <errno.h>
+#include <unistd.h>
+#include <string.h>
+#include <stdlib.h>
+#include <syslog.h>
+#include <ctype.h>
+#include "libbb.h"
+
+
+/* Run SHELL, or DEFAULT_SHELL if SHELL is empty.
+   If COMMAND is nonzero, pass it to the shell with the -c option.
+   If ADDITIONAL_ARGS is nonzero, pass it to the shell as more
+   arguments.  */
+
+void run_shell ( const char *shell, int loginshell, const char *command, const char **additional_args )
+{
+	const char **args;
+	int argno = 1;
+	int additional_args_cnt = 0;
+	
+	for ( args = additional_args; args && *args; args++ )
+		additional_args_cnt++;
+
+	if ( additional_args )
+		args = (const char **) xmalloc (sizeof (char *) * ( 4  + additional_args_cnt ));
+	else
+		args = (const char **) xmalloc (sizeof (char *) * 4 );
+		
+	args [0] = get_last_path_component ( xstrdup ( shell ));
+	
+	if ( loginshell ) {
+		char *args0 = xmalloc ( xstrlen ( args [0] ) + 2 );
+		args0 [0] = '-';
+		strcpy ( args0 + 1, args [0] );
+		args [0] = args0;
+	}
+    
+	if ( command ) {
+		args [argno++] = "-c";
+		args [argno++] = command;
+	}
+	if ( additional_args ) {
+		for ( ; *additional_args; ++additional_args )
+			args [argno++] = *additional_args;
+	}
+	args [argno] = 0;
+	execv ( shell, (char **) args );
+	perror_msg_and_die ( "cannot run %s", shell );
+}
+

libbb/setup_environment.c

@@ -0,0 +1,93 @@
+/* vi: set sw=4 ts=4: */
+/*
+ * Copyright 1989 - 1991, Julianne Frances Haugh <jockgrrl@austin.rr.com>
+ * All rights reserved.
+ *
+ * Redistribution and use in source and binary forms, with or without
+ * modification, are permitted provided that the following conditions
+ * are met:
+ * 1. Redistributions of source code must retain the above copyright
+ *    notice, this list of conditions and the following disclaimer.
+ * 2. Redistributions in binary form must reproduce the above copyright
+ *    notice, this list of conditions and the following disclaimer in the
+ *    documentation and/or other materials provided with the distribution.
+ * 3. Neither the name of Julianne F. Haugh nor the names of its contributors
+ *    may be used to endorse or promote products derived from this software
+ *    without specific prior written permission.
+ *
+ * THIS SOFTWARE IS PROVIDED BY JULIE HAUGH AND CONTRIBUTORS ``AS IS'' AND
+ * ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
+ * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE
+ * ARE DISCLAIMED.  IN NO EVENT SHALL JULIE HAUGH OR CONTRIBUTORS BE LIABLE
+ * FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL
+ * DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS
+ * OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
+ * HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT
+ * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY
+ * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
+ * SUCH DAMAGE.
+ */
+
+#include <stdio.h>
+#include <errno.h>
+#include <unistd.h>
+#include <string.h>
+#include <stdlib.h>
+#include <syslog.h>
+#include <ctype.h>
+#include "libbb.h"
+
+
+
+#define DEFAULT_LOGIN_PATH      "/bin:/usr/bin"
+#define DEFAULT_ROOT_LOGIN_PATH "/usr/sbin:/bin:/usr/bin:/sbin"
+
+static void xsetenv ( const char *key, const char *value )
+{
+	    if ( setenv ( key, value, 1 ))
+			        error_msg_and_die ( "out of memory" );
+}
+
+void setup_environment ( const char *shell, int loginshell, int changeenv, const struct passwd *pw )
+{
+	if ( loginshell ) {
+		char *term;
+	
+		/* Change the current working directory to be the home directory
+		 * of the user.  It is a fatal error for this process to be unable
+		 * to change to that directory.  There is no "default" home
+		 * directory.
+		 * Some systems default to HOME=/
+		 */		 
+		if ( chdir ( pw-> pw_dir )) {
+			if ( chdir ( "/" )) {
+				syslog ( LOG_WARNING, "unable to cd to %s' for user %s'\n", pw-> pw_dir, pw-> pw_name );
+				error_msg_and_die ( "cannot cd to home directory or /" );
+			}
+			fputs ( "warning: cannot change to home directory\n", stderr );
+		}
+
+		/* Leave TERM unchanged.  Set HOME, SHELL, USER, LOGNAME, PATH.
+		   Unset all other environment variables.  */
+		term = getenv ("TERM");
+		clearenv ( );
+		if ( term )
+			xsetenv ( "TERM", term );
+		xsetenv ( "HOME",    pw-> pw_dir );
+		xsetenv ( "SHELL",   shell );
+		xsetenv ( "USER",    pw-> pw_name );
+		xsetenv ( "LOGNAME", pw-> pw_name );
+		xsetenv ( "PATH",    ( pw-> pw_uid ? DEFAULT_LOGIN_PATH : DEFAULT_ROOT_LOGIN_PATH ));
+	}
+	else if ( changeenv ) {
+		/* Set HOME, SHELL, and if not becoming a super-user,
+	   	   USER and LOGNAME.  */
+		xsetenv ( "HOME",  pw-> pw_dir );
+		xsetenv ( "SHELL", shell );
+		if  ( pw-> pw_uid ) {
+			xsetenv ( "USER",    pw-> pw_name );
+			xsetenv ( "LOGNAME", pw-> pw_name );
+		}
+	}
+}
+