[Pkg-shadow-devel] su: patch for option --shell
Nicolas François
nicolas.francois at centraliens.net
Fri Dec 9 23:42:53 UTC 2005
Hello Tomasz,
Here is the second patch extracted from the 437_ patches.
It adds the --preserve-environment option.
Most of this patch consist in moving a block earlier (because I need the
pwent structure earlier).
Best Regards,
--
Nekral
-------------- next part --------------
--- su-environment.c 2005-12-10 00:40:13.000000000 +0100
+++ su-shell.c 2005-12-10 00:15:53.000000000 +0100
@@ -54,8 +54,6 @@
/* not needed by sulog.c anymore */
static char name[BUFSIZ];
static char oldname[BUFSIZ];
-/* If nonzero, change some environment vars to indicate the user su'd to. */
-static int change_environment;
#ifdef USE_PAM
static pam_handle_t *pamh = NULL;
@@ -259,9 +257,6 @@
"Options:\n"
" -h, --help display this help message and exit\n"
" -, -l, --login make the shell a login shell\n"
- " -m, -p,\n"
- " --preserve-environment, do not reset environment variables, and keep\n"
- " the same shell\n"
" -s, --shell=<shell> use shell instead of the default in /etc/passwd\n"));
exit (E_USAGE);
}
@@ -311,8 +306,6 @@
bindtextdomain (PACKAGE, LOCALEDIR);
textdomain (PACKAGE);
- change_environment = 1;
-
/*
* Get the program name. The program name is used as a prefix to
* most error messages.
@@ -334,13 +327,12 @@
static struct option long_options[] = {
{"help", no_argument, NULL, 'h'},
{"login", required_argument, NULL, 'l'},
- {"preserve-environment", no_argument, 0, 'p'},
{"shell", required_argument, NULL, 's'},
{NULL, 0, NULL, '\0'}
};
while ((c =
- getopt_long (argc, argv, "hl:mps:", long_options,
+ getopt_long (argc, argv, "hl:s:", long_options,
&option_index)) != -1) {
switch (c) {
case 'h':
@@ -348,10 +340,6 @@
break;
case 'l':
break;
- case 'm':
- case 'p':
- change_environment = 0;
- break;
case 's':
shell = optarg;
break;
@@ -390,8 +378,41 @@
tty = "???";
}
-// Note this block was just moved earlier, because we need to check if
-// pwent.pw_shell is a restricted shell (and thus we need pwent earlier).
+ /*
+ * If a new login is being set up, the old environment will be
+ * ignored and a new one created later on.
+ */
+ if (fakelogin) {
+ /*
+ * The terminal type will be left alone if it is present in
+ * the environment already.
+ */
+ if ((cp = getenv ("TERM")))
+ addenv ("TERM", cp);
+#ifndef USE_PAM
+ if ((cp = getdef_str ("ENV_TZ")))
+ addenv (*cp == '/' ? tz (cp) : cp, NULL);
+
+ /*
+ * The clock frequency will be reset to the login value if required
+ */
+ if ((cp = getdef_str ("ENV_HZ")))
+ addenv (cp, NULL); /* set the default $HZ, if one */
+
+ /*
+ * Also leave DISPLAY and XAUTHORITY if present, else
+ * pam_xauth will not work.
+ */
+ if ((cp = getenv ("DISPLAY")))
+ addenv ("DISPLAY", cp);
+ if ((cp = getenv ("XAUTHORITY")))
+ addenv ("XAUTHORITY", cp);
+#endif /* !USE_PAM */
+ } else {
+ while (*envp)
+ addenv (*envp++, NULL);
+ }
+
/*
* The next argument must be either a user ID, or some flag to a
* subshell. Pretty sticky since you can't have an argument which
@@ -473,44 +494,6 @@
#endif /* !USE_PAM */
pwent = *pw;
- /*
- * If a new login is being set up, the old environment will be
- * ignored and a new one created later on.
- * (note: in the case of a subsystem, the shell will be restricted,
- * and this won't be executed on the first pass)
- */
- if (fakelogin &&
- (change_environment || restricted_shell(pwent.pw_shell))) {
- /*
- * The terminal type will be left alone if it is present in
- * the environment already.
- */
- if ((cp = getenv ("TERM")))
- addenv ("TERM", cp);
-#ifndef USE_PAM
- if ((cp = getdef_str ("ENV_TZ")))
- addenv (*cp == '/' ? tz (cp) : cp, NULL);
-
- /*
- * The clock frequency will be reset to the login value if required
- */
- if ((cp = getdef_str ("ENV_HZ")))
- addenv (cp, NULL); /* set the default $HZ, if one */
-
- /*
- * Also leave DISPLAY and XAUTHORITY if present, else
- * pam_xauth will not work.
- */
- if ((cp = getenv ("DISPLAY")))
- addenv ("DISPLAY", cp);
- if ((cp = getenv ("XAUTHORITY")))
- addenv ("XAUTHORITY", cp);
-#endif /* !USE_PAM */
- } else {
- while (*envp)
- addenv (*envp++, NULL);
- }
-
#ifndef USE_PAM
/*
* BSD systems only allow "wheel" to SU to root. USG systems don't,
@@ -557,13 +540,7 @@
}
#endif /* !USE_PAM */
- /* If the user do not want to change the environment,
- * use the current SHELL.
- * (unless another shell is required by the command line)
- */
- if (shell == NULL && change_environment == 0)
- shell = getenv ("SHELL");
- /* For users with non null UID, if this user has a restricted
+ /* For users whith non null UID, if this user has a restricted
* shell, the shell must be the one specified in /etc/passwd
*/
if (shell != NULL && getuid () && restricted_shell (pwent.pw_shell))
@@ -691,8 +668,7 @@
/*
* Even if --shell is specified, the subsystem login test is based on
- * the shell specified in /etc/passwd (not the one specified with
- * --shell, which will be the one executed in the chroot later).
+ * the shell specified in /etc/passwd.
*/
if (pwent.pw_shell[0] == '*') { /* subsystem root required */
pwent.pw_shell++; /* skip the '*' */
@@ -739,7 +715,6 @@
exit (1);
}
- if (change_environment || restricted_shell(pwent.pw_shell)) {
/* we need to setup the environment *after* pam_open_session(),
* else the UID is changed before stuff like pam_xauth could
* run, and we cannot access /etc/shadow and co
@@ -754,7 +729,6 @@
envcp++;
}
}
- }
/* become the new user */
if (change_uid (&pwent)) {
@@ -770,7 +744,6 @@
exit (1);
#endif /* !USE_PAM */
- if (change_environment || restricted_shell (pwent.pw_shell)) {
if (fakelogin)
setup_env (&pwent);
#if 1 /* Suggested by Joey Hess. XXX - is this right? */
@@ -780,7 +753,6 @@
addenv ("SHELL", shell);
}
#endif
- }
/*
* This is a workaround for Linux libc bug/feature (?) - the
More information about the Pkg-shadow-devel
mailing list