/*
-**
-** Copyright 2008, The Android Open Source Project
-**
-** Licensed under the Apache License, Version 2.0 (the "License");
-** you may not use this file except in compliance with the License.
-** You may obtain a copy of the License at
-**
-** http://www.apache.org/licenses/LICENSE-2.0
-**
-** Unless required by applicable law or agreed to in writing, software
-** distributed under the License is distributed on an "AS IS" BASIS,
-** WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
-** See the License for the specific language governing permissions and
-** limitations under the License.
-*/
-
-#define LOG_TAG "su"
+ * Copyright (C) 2008 The Android Open Source Project
+ *
+ * Licensed under the Apache License, Version 2.0 (the "License");
+ * you may not use this file except in compliance with the License.
+ * You may obtain a copy of the License at
+ *
+ * http://www.apache.org/licenses/LICENSE-2.0
+ *
+ * Unless required by applicable law or agreed to in writing, software
+ * distributed under the License is distributed on an "AS IS" BASIS,
+ * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+ * See the License for the specific language governing permissions and
+ * limitations under the License.
+ */
+#include <errno.h>
+#include <error.h>
+#include <getopt.h>
+#include <paths.h>
+#include <pwd.h>
+#include <stdbool.h>
#include <stdio.h>
#include <stdlib.h>
#include <string.h>
-#include <sys/types.h>
-#include <dirent.h>
-#include <errno.h>
-
#include <unistd.h>
-#include <time.h>
-
-#include <pwd.h>
#include <private/android_filesystem_config.h>
-
-void pwtoid(const char *tok, uid_t *uid, gid_t *gid)
-{
- struct passwd *pw;
- pw = getpwnam(tok);
+void pwtoid(const char* tok, uid_t* uid, gid_t* gid) {
+ struct passwd* pw = getpwnam(tok);
if (pw) {
if (uid) *uid = pw->pw_uid;
if (gid) *gid = pw->pw_gid;
} else {
- uid_t tmpid = atoi(tok);
+ char* end;
+ errno = 0;
+ uid_t tmpid = strtoul(tok, &end, 10);
+ if (errno != 0 || end == tok) error(1, errno, "invalid uid/gid '%s'", tok);
if (uid) *uid = tmpid;
if (gid) *gid = tmpid;
}
}
-void extract_uidgids(const char *uidgids, uid_t *uid, gid_t *gid, gid_t *gids,
- int *gids_count)
-{
+void extract_uidgids(const char* uidgids, uid_t* uid, gid_t* gid, gid_t* gids, int* gids_count) {
char *clobberablegids;
char *nexttok;
char *tok;
*gids_count = 0;
return;
}
+
clobberablegids = strdup(uidgids);
strcpy(clobberablegids, uidgids);
nexttok = clobberablegids;
free(clobberablegids);
}
-/*
- * SU can be given a specific command to exec. UID _must_ be
- * specified for this (ie argc => 3).
- *
- * Usage:
- * su 1000
- * su 1000 ls -l
- * or
- * su [uid[,gid[,group1]...] [cmd]]
- * E.g.
- * su 1000,shell,net_bw_acct,net_bw_stats id
- * will return
- * uid=1000(system) gid=2000(shell) groups=3006(net_bw_stats),3007(net_bw_acct)
- */
-int main(int argc, char **argv)
-{
- struct passwd *pw;
- uid_t uid, myuid;
- gid_t gid, gids[10];
-
- /* Until we have something better, only root and the shell can use su. */
- myuid = getuid();
- if (myuid != AID_ROOT && myuid != AID_SHELL) {
- fprintf(stderr,"su: uid %d not allowed to su\n", myuid);
- return 1;
+int main(int argc, char** argv) {
+ uid_t current_uid = getuid();
+ if (current_uid != AID_ROOT && current_uid != AID_SHELL) error(1, 0, "not allowed");
+
+ // Handle -h and --help.
+ ++argv;
+ if (*argv && (strcmp(*argv, "--help") == 0 || strcmp(*argv, "-h") == 0)) {
+ fprintf(stderr,
+ "usage: su [UID[,GID[,GID2]...]] [COMMAND [ARG...]]\n"
+ "\n"
+ "Switch to WHO (default 'root') and run the given command (default sh).\n"
+ "\n"
+ "where WHO is a comma-separated list of user, group,\n"
+ "and supplementary groups in that order.\n"
+ "\n");
+ return 0;
}
- if(argc < 2) {
- uid = gid = 0;
- } else {
+ // The default user is root.
+ uid_t uid = 0;
+ gid_t gid = 0;
+
+ // If there are any arguments, the first argument is the uid/gid/supplementary groups.
+ if (*argv) {
+ gid_t gids[10];
int gids_count = sizeof(gids)/sizeof(gids[0]);
- extract_uidgids(argv[1], &uid, &gid, gids, &gids_count);
- if(gids_count) {
- if(setgroups(gids_count, gids)) {
- fprintf(stderr, "su: failed to set groups\n");
- return 1;
+ extract_uidgids(*argv, &uid, &gid, gids, &gids_count);
+ if (gids_count) {
+ if (setgroups(gids_count, gids)) {
+ error(1, errno, "setgroups failed");
}
}
+ ++argv;
}
- if(setgid(gid) || setuid(uid)) {
- fprintf(stderr,"su: permission denied\n");
- return 1;
- }
+ if (setgid(gid)) error(1, errno, "setgid failed");
+ if (setuid(uid)) error(1, errno, "setuid failed");
- /* User specified command for exec. */
- if (argc == 3 ) {
- if (execlp(argv[2], argv[2], NULL) < 0) {
- int saved_errno = errno;
- fprintf(stderr, "su: exec failed for %s Error:%s\n", argv[2],
- strerror(errno));
- return -saved_errno;
- }
- } else if (argc > 3) {
- /* Copy the rest of the args from main. */
- char *exec_args[argc - 1];
- memset(exec_args, 0, sizeof(exec_args));
- memcpy(exec_args, &argv[2], sizeof(exec_args));
- if (execvp(argv[2], exec_args) < 0) {
- int saved_errno = errno;
- fprintf(stderr, "su: exec failed for %s Error:%s\n", argv[2],
- strerror(errno));
- return -saved_errno;
- }
+ // Reset parts of the environment.
+ setenv("PATH", _PATH_DEFPATH, 1);
+ unsetenv("IFS");
+ struct passwd* pw = getpwuid(uid);
+ if (pw) {
+ setenv("LOGNAME", pw->pw_name, 1);
+ setenv("USER", pw->pw_name, 1);
+ } else {
+ unsetenv("LOGNAME");
+ unsetenv("USER");
}
- /* Default exec shell. */
- execlp("/system/bin/sh", "sh", NULL);
+ // Set up the arguments for exec.
+ char* exec_args[argc + 1]; // Having too much space is fine.
+ size_t i = 0;
+ for (; *argv != NULL; ++i) {
+ exec_args[i] = *argv++;
+ }
+ // Default to the standard shell.
+ if (i == 0) exec_args[i++] = "/system/bin/sh";
+ exec_args[i] = NULL;
- fprintf(stderr, "su: exec failed\n");
- return 1;
+ execvp(exec_args[0], exec_args);
+ error(1, errno, "failed to exec %s", exec_args[0]);
}
OSDN Git Service
