1 /*
2 * Copyright (C) 2008 The Android Open Source Project
3 *
4 * Licensed under the Apache License, Version 2.0 (the "License");
5 * you may not use this file except in compliance with the License.
6 * You may obtain a copy of the License at
7 *
8 * http://www.apache.org/licenses/LICENSE-2.0
9 *
10 * Unless required by applicable law or agreed to in writing, software
11 * distributed under the License is distributed on an "AS IS" BASIS,
12 * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
13 * See the License for the specific language governing permissions and
14 * limitations under the License.
15 */
16
17 #include <errno.h>
18 #include <error.h>
19 #include <getopt.h>
20 #include <paths.h>
21 #include <pwd.h>
22 #include <stdio.h>
23 #include <stdlib.h>
24 #include <string.h>
25 #include <unistd.h>
26
27 #include <private/android_filesystem_config.h>
28
pwtoid(const char * tok,uid_t * uid,gid_t * gid)29 void pwtoid(const char* tok, uid_t* uid, gid_t* gid) {
30 struct passwd* pw = getpwnam(tok);
31 if (pw) {
32 if (uid) *uid = pw->pw_uid;
33 if (gid) *gid = pw->pw_gid;
34 } else {
35 char* end;
36 errno = 0;
37 uid_t tmpid = strtoul(tok, &end, 10);
38 if (errno != 0 || end == tok) error(1, errno, "invalid uid/gid '%s'", tok);
39 if (uid) *uid = tmpid;
40 if (gid) *gid = tmpid;
41 }
42 }
43
extract_uidgids(const char * uidgids,uid_t * uid,gid_t * gid,gid_t * gids,int * gids_count)44 void extract_uidgids(const char* uidgids, uid_t* uid, gid_t* gid, gid_t* gids, int* gids_count) {
45 char *clobberablegids;
46 char *nexttok;
47 char *tok;
48 int gids_found;
49
50 if (!uidgids || !*uidgids) {
51 *gid = *uid = 0;
52 *gids_count = 0;
53 return;
54 }
55
56 clobberablegids = strdup(uidgids);
57 strcpy(clobberablegids, uidgids);
58 nexttok = clobberablegids;
59 tok = strsep(&nexttok, ",");
60 pwtoid(tok, uid, gid);
61 tok = strsep(&nexttok, ",");
62 if (!tok) {
63 /* gid is already set above */
64 *gids_count = 0;
65 free(clobberablegids);
66 return;
67 }
68 pwtoid(tok, NULL, gid);
69 gids_found = 0;
70 while ((gids_found < *gids_count) && (tok = strsep(&nexttok, ","))) {
71 pwtoid(tok, NULL, gids);
72 gids_found++;
73 gids++;
74 }
75 if (nexttok && gids_found == *gids_count) {
76 fprintf(stderr, "too many group ids\n");
77 }
78 *gids_count = gids_found;
79 free(clobberablegids);
80 }
81
main(int argc,char ** argv)82 int main(int argc, char** argv) {
83 uid_t current_uid = getuid();
84 if (current_uid != AID_ROOT && current_uid != AID_SHELL) error(1, 0, "not allowed");
85
86 // Handle -h and --help.
87 ++argv;
88 if (*argv && (strcmp(*argv, "--help") == 0 || strcmp(*argv, "-h") == 0)) {
89 fprintf(stderr,
90 "usage: su [WHO [COMMAND...]]\n"
91 "\n"
92 "Switch to WHO (default 'root') and run the given COMMAND (default sh).\n"
93 "\n"
94 "WHO is a comma-separated list of user, group, and supplementary groups\n"
95 "in that order.\n"
96 "\n");
97 return 0;
98 }
99
100 // The default user is root.
101 uid_t uid = 0;
102 gid_t gid = 0;
103
104 // If there are any arguments, the first argument is the uid/gid/supplementary groups.
105 if (*argv) {
106 gid_t gids[10];
107 int gids_count = sizeof(gids)/sizeof(gids[0]);
108 extract_uidgids(*argv, &uid, &gid, gids, &gids_count);
109 if (gids_count) {
110 if (setgroups(gids_count, gids)) {
111 error(1, errno, "setgroups failed");
112 }
113 }
114 ++argv;
115 }
116
117 if (setgid(gid)) error(1, errno, "setgid failed");
118 if (setuid(uid)) error(1, errno, "setuid failed");
119
120 // Reset parts of the environment.
121 setenv("PATH", _PATH_DEFPATH, 1);
122 unsetenv("IFS");
123 struct passwd* pw = getpwuid(uid);
124 if (pw) {
125 setenv("LOGNAME", pw->pw_name, 1);
126 setenv("USER", pw->pw_name, 1);
127 } else {
128 unsetenv("LOGNAME");
129 unsetenv("USER");
130 }
131
132 // Set up the arguments for exec.
133 char* exec_args[argc + 1]; // Having too much space is fine.
134 size_t i = 0;
135 for (; *argv != NULL; ++i) {
136 exec_args[i] = *argv++;
137 }
138 // Default to the standard shell.
139 if (i == 0) exec_args[i++] = const_cast<char*>("/system/bin/sh");
140 exec_args[i] = NULL;
141
142 execvp(exec_args[0], exec_args);
143 error(1, errno, "failed to exec %s", exec_args[0]);
144 }
145