OSDN > 開発者 > am0n666 > 作業部屋 > external-busybox > コミット

external-busybox
Fork

R/O
HTTP
SSH
HTTPS

コミット

コミットメタ情報

リビジョン	d8482dbecc75c8a94bd15a02fa8844cfea91e6d2 (tree)
日時	2014-08-06 20:40:07
作者	Tanguy Pruvot <tanguy.pruvot@gmai...>
コミッター	Tanguy Pruvot

ログメッセージ

Bionic changes for tty related applets

Tested (but applets not included/enabled)
getty, login, su, passwd, mkpasswd, cryptpw

Sample /etc/passwd required before 'passwd' :
root:x:0:0:root:/:/system/xbin/bash

busybox su allow to change current user, if you are root
Example: "busybox su shell -c /system/xbin/bash"

busybox login allow also to do that :
Example: "busybox login shell"

getpwnam() returns now an empty string in passwd member
instead of null, busybox often check directly pw->pw_passwd[0]

Update also selinux related stubs after tests on x86 4.4.2,
l-preview and aosp/master

If you want to include these applets, here is the required
source list to add in busybox-full.sources :

libbb/correct_password.c libbb/pw_encrypt.c libbb/update_passwd.c
loginutils/getty.c loginutils/login.c loginutils/su.c
loginutils/passwd.c loginutils/chpasswd.c loginutils/cryptpw.c

And the config flags to add :

CONFIG_GETTY=y
CONFIG_LOGIN=y
CONFIG_FEATURE_NOLOGIN=y
CONFIG_PASSWD=y
CONFIG_CRYPTPW=y
CONFIG_CHPASSWD=y
CONFIG_SU=y
CONFIG_FEATURE_SU_CHECKS_SHELLS=y

Signed-off-by: Tanguy Pruvot <tanguy.pruvot@gmail.com>

Change-Id: I96ee64f0872856fad6b3ff299faafad6451da556

変更サマリ

modified: android/selinux/android_selinux.h (diff)
modified: android/selinux/stubs.c (diff)
modified: busybox-full.config (diff)
modified: busybox-full.sources (diff)
modified: include/libbb.h (diff)
modified: libbb/bb_pwd.c (diff)
modified: loginutils/getty.c (diff)
modified: loginutils/login.c (diff)
modified: loginutils/sulogin.c (diff)
modified: miscutils/crond.c (diff)
modified: networking/telnetd.c (diff)

差分

--- a/android/selinux/android_selinux.h

+++ b/android/selinux/android_selinux.h

		@@ -103,6 +103,15 @@ extern int selinux_file_context_verify(const char *path, mode_t mode);
103	103	extern int get_default_context(const char* user, const char* fromcon,
104	104	char ** newcon);
105	105
	106	+/* Check a permission in the passwd class.
	107	+ Return 0 if granted or -1 otherwise. */
	108	+#define PASSWD__PASSWD 0x001UL
	109	+#define PASSWD__CHFN 0x002UL
	110	+#define PASSWD__CHSH 0x004UL
	111	+#define PASSWD__ROOTOK 0x008UL
	112	+#define PASSWD__CRONTAB 0x010UL
	113	+extern int selinux_check_passwd_access(access_vector_t requested);
	114	+
106	115	#define lgetfilecon_raw(path, context) \
107	116	lgetfilecon(path, context)
108	117

--- a/android/selinux/stubs.c

+++ b/android/selinux/stubs.c

		@@ -1,9 +1,9 @@
1		-#include <stdio.h>
2		-#include <stdlib.h>
	1	+#include <libbb.h>
3	2	#include <selinux/selinux.h>
4	3
5	4	/* create a new context with user name (may be unsafe) */
6		-int get_default_context(const char* user, const char* fromcon,
	5	+int get_default_context(const char* user,
	6	+ const char* fromcon UNUSED_PARAM,
7	7	char ** newcon)
8	8	{
9	9	char fmt[] = "u:r:%s:s0\0";

		@@ -19,9 +19,18 @@ int get_default_context(const char* user, const char* fromcon,
19	19	/* Compute a relabeling decision and set *newcon to refer to it.
20	20	Caller must free via freecon.
21	21	Stub not implemented in bionic, but declared in selinux.h */
22		-int security_compute_relabel(const char scon, const char tcon,
23		- security_class_t tclass,
	22	+#if defined(BIONIC_L) \|\| !defined(__i386__)
	23	+int security_compute_relabel(const char *scon UNUSED_PARAM,
	24	+ const char *tcon,
	25	+ security_class_t tclass UNUSED_PARAM,
24	26	char ** newcon)
	27	+#else
	28	+/* this was changed after 4.4.2 */
	29	+int security_compute_relabel(const security_context_t scon UNUSED_PARAM,
	30	+ const security_context_t tcon,
	31	+ security_class_t tclass UNUSED_PARAM,
	32	+ security_context_t *newcon)
	33	+#endif
25	34	{
26	35	if (tcon)
27	36	*newcon = strdup(tcon);

		@@ -32,7 +41,7 @@ int security_compute_relabel(const char scon, const char tcon,
32	41
33	42	/* Check a permission in the passwd class.
34	43	Return 0 if granted or -1 otherwise. */
35		-int selinux_check_passwd_access(access_vector_t requested)
	44	+int selinux_check_passwd_access(access_vector_t requested UNUSED_PARAM)
36	45	{
37	46	return 0;
38		-}
		\ No newline at end of file
	47	+}

--- a/busybox-full.config

+++ b/busybox-full.config

		@@ -1,7 +1,7 @@
1	1	#
2	2	# Automatically generated make config: don't edit
3	3	# Busybox version: 1.22.1
4		-# Fri Aug 1 16:21:29 2014
	4	+# Wed Aug 6 13:27:12 2014
5	5	#
6	6	CONFIG_HAVE_DOT_CONFIG=y
7	7

		@@ -452,7 +452,7 @@ CONFIG_FEATURE_MESG_ENABLE_ONLY_GROUP=y
452	452	# CONFIG_USE_BB_PWD_GRP is not set
453	453	# CONFIG_USE_BB_SHADOW is not set
454	454	CONFIG_USE_BB_CRYPT=y
455		-# CONFIG_USE_BB_CRYPT_SHA is not set
	455	+CONFIG_USE_BB_CRYPT_SHA=y
456	456	# CONFIG_ADDUSER is not set
457	457	# CONFIG_FEATURE_ADDUSER_LONG_OPTIONS is not set
458	458	# CONFIG_FEATURE_CHECK_NAMES is not set

--- a/busybox-full.sources

+++ b/busybox-full.sources

		@@ -45,7 +45,7 @@ libbb/time.c libbb/trim.c libbb/u_signal_names.c libbb/udp_io.c libbb/unicode.c
45	45	libbb/vdprintf.c libbb/verror_msg.c libbb/vfork_daemon_rexec.c libbb/warn_ignoring_args.c libbb/wfopen.c libbb/wfopen_input.c
46	46	libbb/write.c libbb/xatonum.c libbb/xconnect.c libbb/xfunc_die.c libbb/xfuncs.c libbb/xfuncs_printf.c libbb/xgetcwd.c
47	47	libbb/xgethostbyname.c libbb/xreadlink.c libbb/xrealloc_vector.c libbb/xregcomp.c
48		-libbb/endofname.c libbb/in_ether.c
	48	+libbb/endofname.c libbb/in_ether.c libbb/nuke_str.c
49	49
50	50	libpwdgrp/uidgid_get.c
51	51

--- a/include/libbb.h

+++ b/include/libbb.h

		@@ -903,6 +903,8 @@ int get_uidgid(struct bb_uidgid_t, const char, int numeric_ok) FAST_FUNC;
903	903	void xget_uidgid(struct bb_uidgid_t, const char) FAST_FUNC;
904	904	/* chown-like handling of "user[:[group]" */
905	905	void parse_chown_usergroup_or_die(struct bb_uidgid_t u, char user_group) FAST_FUNC;
	906	+struct passwd* safegetpwnam(const char *name) FAST_FUNC;
	907	+struct passwd* safegetpwuid(uid_t uid) FAST_FUNC;
906	908	struct passwd* xgetpwnam(const char *name) FAST_FUNC;
907	909	struct group* xgetgrnam(const char *name) FAST_FUNC;
908	910	struct passwd* xgetpwuid(uid_t uid) FAST_FUNC;

--- a/libbb/bb_pwd.c

+++ b/libbb/bb_pwd.c

		@@ -15,9 +15,31 @@
15	15	* pointers to static data (getpwuid)
16	16	*/
17	17
18		-struct passwd* FAST_FUNC xgetpwnam(const char *name)
	18	+struct passwd* FAST_FUNC safegetpwnam(const char *name)
19	19	{
20	20	struct passwd *pw = getpwnam(name);
	21	+#ifdef __BIONIC__
	22	+ if (pw && !pw->pw_passwd) {
	23	+ pw->pw_passwd = "";
	24	+ }
	25	+#endif
	26	+ return pw;
	27	+}
	28	+
	29	+struct passwd* FAST_FUNC safegetpwuid(uid_t uid)
	30	+{
	31	+ struct passwd *pw = getpwuid(uid);
	32	+#ifdef __BIONIC__
	33	+ if (pw && !pw->pw_passwd) {
	34	+ pw->pw_passwd = "";
	35	+ }
	36	+#endif
	37	+ return pw;
	38	+}
	39	+
	40	+struct passwd* FAST_FUNC xgetpwnam(const char *name)
	41	+{
	42	+ struct passwd *pw = safegetpwnam(name);
21	43	if (!pw)
22	44	bb_error_msg_and_die("unknown user %s", name);
23	45	return pw;

		@@ -31,10 +53,9 @@ struct group* FAST_FUNC xgetgrnam(const char *name)
31	53	return gr;
32	54	}
33	55
34		-
35	56	struct passwd* FAST_FUNC xgetpwuid(uid_t uid)
36	57	{
37		- struct passwd *pw = getpwuid(uid);
	58	+ struct passwd *pw = safegetpwuid(uid);
38	59	if (!pw)
39	60	bb_error_msg_and_die("unknown uid %u", (unsigned)uid);
40	61	return pw;

--- a/loginutils/getty.c

+++ b/loginutils/getty.c

		@@ -54,7 +54,12 @@ static FILE *dbf;
54	54	* and for line editing at the same time.
55	55	*/
56	56	#undef _PATH_LOGIN
	57	+#ifdef __BIONIC__
	58	+#define cfsetspeed(t,s) cfsetispeed(t,s)
	59	+#define _PATH_LOGIN "/system/xbin/login"
	60	+#else
57	61	#define _PATH_LOGIN "/bin/login"
	62	+#endif
58	63
59	64	/* Displayed before the login prompt.
60	65	* If ISSUE is not defined, getty will never display the contents of the

		@@ -94,7 +99,7 @@ struct globals {
94	99	//usage:#define getty_trivial_usage
95	100	//usage: "[OPTIONS] BAUD_RATE[,BAUD_RATE]... TTY [TERMTYPE]"
96	101	//usage:#define getty_full_usage "\n\n"
97		-//usage: "Open TTY, prompt for login name, then invoke /bin/login\n"
	102	+//usage: "Open TTY, prompt for login name, then invoke /system/xbin/login\n"
98	103	//usage: "\n -h Enable hardware RTS/CTS flow control"
99	104	//usage: "\n -L Set CLOCAL (ignore Carrier Detect state)"
100	105	//usage: "\n -m Get baud rate from modem's CONNECT status message"

		@@ -102,7 +107,7 @@ struct globals {
102	107	//usage: "\n -w Wait for CR or LF before sending /etc/issue"
103	108	//usage: "\n -i Don't display /etc/issue"
104	109	//usage: "\n -f ISSUE_FILE Display ISSUE_FILE instead of /etc/issue"
105		-//usage: "\n -l LOGIN Invoke LOGIN instead of /bin/login"
	110	+//usage: "\n -l LOGIN Invoke LOGIN instead of /system/xbin/login"
106	111	//usage: "\n -t SEC Terminate after SEC if no login name is read"
107	112	//usage: "\n -I INITSTR Send INITSTR before anything else"
108	113	//usage: "\n -H HOST Log HOST into the utmp file as the hostname"

		@@ -499,7 +504,7 @@ static char *get_logname(void)
499	504	default:
500	505	if ((unsigned char)c < ' ') {
501	506	/* ignore garbage characters */
502		- } else if ((int)(bp - G.line_buf) < sizeof(G.line_buf) - 1) {
	507	+ } else if ((int)(bp - G.line_buf) < (int)sizeof(G.line_buf) - 1) {
503	508	/* echo and store the character */
504	509	full_write(STDOUT_FILENO, &c, 1);
505	510	*bp++ = c;

--- a/loginutils/login.c

+++ b/loginutils/login.c

		@@ -17,9 +17,11 @@
17	17
18	18	#if ENABLE_SELINUX
19	19	# include <selinux/selinux.h> /* for is_selinux_enabled() */
	20	+#ifndef __BIONIC__
20	21	# include <selinux/get_context_list.h> /* for get_default_context() */
21	22	# include <selinux/flask.h> /* for security class definitions */
22	23	#endif
	24	+#endif
23	25
24	26	#if ENABLE_PAM
25	27	/* PAM may include <locale.h>. We may need to undefine bbox's stub define: */

		@@ -118,7 +120,8 @@ static void initselinux(char username, char full_tty,
118	120	bb_perror_msg_and_die("security_change_sid(%s) failed", full_tty);
119	121	}
120	122	if (setfilecon(full_tty, new_tty_sid) != 0) {
121		- bb_perror_msg_and_die("chsid(%s, %s) failed", full_tty, new_tty_sid);
	123	+ if (strcmp(old_tty_sid, new_tty_sid))
	124	+ bb_perror_msg_and_die("chsid(%s, %s) failed", full_tty, new_tty_sid);
122	125	}
123	126	}
124	127	#endif

		@@ -397,7 +400,7 @@ int login_main(int argc UNUSED_PARAM, char **argv)
397	400	pam_strerror(pamh, pamret), pamret);
398	401	safe_strncpy(username, "UNKNOWN", sizeof(username));
399	402	#else /* not PAM */
400		- pw = getpwnam(username);
	403	+ pw = safegetpwnam(username);
401	404	if (!pw) {
402	405	strcpy(username, "UNKNOWN");
403	406	goto fake_it;

--- a/loginutils/sulogin.c

+++ b/loginutils/sulogin.c

		@@ -45,7 +45,7 @@ int sulogin_main(int argc UNUSED_PARAM, char **argv)
45	45	/* Clear dangerous stuff, set PATH */
46	46	sanitize_env_if_suid();
47	47
48		- pwd = getpwuid(0);
	48	+ pwd = safegetpwuid(0);
49	49	if (!pwd) {
50	50	goto auth_error;
51	51	}

--- a/miscutils/crond.c

+++ b/miscutils/crond.c

		@@ -697,7 +697,7 @@ static void start_one_job(const char user, CronLine line)
697	697	struct passwd *pas;
698	698	pid_t pid;
699	699
700		- pas = getpwnam(user);
	700	+ pas = safegetpwnam(user);
701	701	if (!pas) {
702	702	crondlog(WARN9 "can't get uid for %s", user);
703	703	goto err;

--- a/networking/telnetd.c

+++ b/networking/telnetd.c

		@@ -84,7 +84,7 @@ struct globals {
84	84	} FIX_ALIASING;
85	85	#define G ((struct globals)&bb_common_bufsiz1)
86	86	#define INIT_G() do { \
87		- G.loginpath = "/bin/login"; \
	87	+ G.loginpath = "/system/xbin/login"; \
88	88	G.issuefile = "/etc/issue.net"; \
89	89	} while (0)
90	90

external-busybox Fork

コミット

タグ

よく使われているワード(クリックで追加)

コミットメタ情報

ログメッセージ

変更サマリ

差分

external-busybox
Fork