[Pkg-shadow-devel] su: patch for option --shell

Nicolas François nicolas.francois at centraliens.net
Fri Dec 9 23:42:53 UTC 2005


Hello Tomasz,

Here is the second patch extracted from the 437_ patches.

It adds the --preserve-environment option.

Most of this patch consist in moving a block earlier (because I need the
pwent structure earlier).

Best Regards,
-- 
Nekral
-------------- next part --------------
--- su-environment.c	2005-12-10 00:40:13.000000000 +0100
+++ su-shell.c	2005-12-10 00:15:53.000000000 +0100
@@ -54,8 +54,6 @@
 /* not needed by sulog.c anymore */
 static char name[BUFSIZ];
 static char oldname[BUFSIZ];
-/* If nonzero, change some environment vars to indicate the user su'd to. */
-static int change_environment;
 
 #ifdef USE_PAM
 static pam_handle_t *pamh = NULL;
@@ -259,9 +257,6 @@
 			   "Options:\n"
 			   "  -h, --help			display this help message and exit\n"
 			   "  -, -l, --login		make the shell a login shell\n"
-			   "  -m, -p,\n"
-			   "  --preserve-environment,	do not reset environment variables, and keep\n"
-			   "                               the same shell\n"
 			   "  -s, --shell=<shell>		use shell instead of the default in /etc/passwd\n"));
 	exit (E_USAGE);
 }
@@ -311,8 +306,6 @@
 	bindtextdomain (PACKAGE, LOCALEDIR);
 	textdomain (PACKAGE);
 
-	change_environment = 1;
-
 	/*
 	 * Get the program name. The program name is used as a prefix to
 	 * most error messages.
@@ -334,13 +327,12 @@
 		static struct option long_options[] = {
 			{"help", no_argument, NULL, 'h'},
 			{"login", required_argument, NULL, 'l'},
-			{"preserve-environment", no_argument, 0, 'p'},
 			{"shell", required_argument, NULL, 's'},
 			{NULL, 0, NULL, '\0'}
 		};
 
 		while ((c =
-			getopt_long (argc, argv, "hl:mps:", long_options,
+			getopt_long (argc, argv, "hl:s:", long_options,
 				     &option_index)) != -1) {
 			switch (c) {
 			case 'h':
@@ -348,10 +340,6 @@
 				break;
 			case 'l':
 				break;
-			case 'm':
-			case 'p':
-				change_environment = 0;
-				break;
 			case 's':
 				shell = optarg;
 				break;
@@ -390,8 +378,41 @@
 		tty = "???";
 	}
 
-// Note this block was just moved earlier, because we need to check if
-// pwent.pw_shell is a restricted shell (and thus we need pwent earlier).
+	/*
+	 * If a new login is being set up, the old environment will be
+	 * ignored and a new one created later on.
+	 */
+	if (fakelogin) {
+		/*
+		 * The terminal type will be left alone if it is present in
+		 * the environment already.
+		 */
+		if ((cp = getenv ("TERM")))
+			addenv ("TERM", cp);
+#ifndef USE_PAM
+		if ((cp = getdef_str ("ENV_TZ")))
+			addenv (*cp == '/' ? tz (cp) : cp, NULL);
+
+		/*
+		 * The clock frequency will be reset to the login value if required
+		 */
+		if ((cp = getdef_str ("ENV_HZ")))
+			addenv (cp, NULL);	/* set the default $HZ, if one */
+
+		/*
+		 * Also leave DISPLAY and XAUTHORITY if present, else
+		 * pam_xauth will not work.
+		 */
+		if ((cp = getenv ("DISPLAY")))
+			addenv ("DISPLAY", cp);
+		if ((cp = getenv ("XAUTHORITY")))
+			addenv ("XAUTHORITY", cp);
+#endif				/* !USE_PAM */
+	} else {
+		while (*envp)
+			addenv (*envp++, NULL);
+	}
+
 	/*
 	 * The next argument must be either a user ID, or some flag to a
 	 * subshell. Pretty sticky since you can't have an argument which
@@ -473,44 +494,6 @@
 #endif				/* !USE_PAM */
 	pwent = *pw;
 
-	/*
-	 * If a new login is being set up, the old environment will be
-	 * ignored and a new one created later on.
-	 * (note: in the case of a subsystem, the shell will be restricted,
-	 *        and this won't be executed on the first pass)
-	 */
-	if (fakelogin &&
-	    (change_environment || restricted_shell(pwent.pw_shell))) {
-		/*
-		 * The terminal type will be left alone if it is present in
-		 * the environment already.
-		 */
-		if ((cp = getenv ("TERM")))
-			addenv ("TERM", cp);
-#ifndef USE_PAM
-		if ((cp = getdef_str ("ENV_TZ")))
-			addenv (*cp == '/' ? tz (cp) : cp, NULL);
-
-		/*
-		 * The clock frequency will be reset to the login value if required
-		 */
-		if ((cp = getdef_str ("ENV_HZ")))
-			addenv (cp, NULL);	/* set the default $HZ, if one */
-
-		/*
-		 * Also leave DISPLAY and XAUTHORITY if present, else
-		 * pam_xauth will not work.
-		 */
-		if ((cp = getenv ("DISPLAY")))
-			addenv ("DISPLAY", cp);
-		if ((cp = getenv ("XAUTHORITY")))
-			addenv ("XAUTHORITY", cp);
-#endif				/* !USE_PAM */
-	} else {
-		while (*envp)
-			addenv (*envp++, NULL);
-	}
-
 #ifndef USE_PAM
 	/*
 	 * BSD systems only allow "wheel" to SU to root. USG systems don't,
@@ -557,13 +540,7 @@
 	}
 #endif				/* !USE_PAM */
 
-	/* If the user do not want to change the environment,
-	 * use the current SHELL.
-	 * (unless another shell is required by the command line)
-	 */
-	if (shell == NULL && change_environment == 0)
-		shell = getenv ("SHELL");
-	/* For users with non null UID, if this user has a restricted
+	/* For users whith non null UID, if this user has a restricted
 	 * shell, the shell must be the one specified in /etc/passwd
 	 */
 	if (shell != NULL && getuid () && restricted_shell (pwent.pw_shell))
@@ -691,8 +668,7 @@
 
 	/*
 	 * Even if --shell is specified, the subsystem login test is based on
-	 * the shell specified in /etc/passwd (not the one specified with
-	 * --shell, which will be the one executed in the chroot later).
+	 * the shell specified in /etc/passwd.
 	 */
 	if (pwent.pw_shell[0] == '*') {	/* subsystem root required */
 		pwent.pw_shell++;	/* skip the '*' */
@@ -739,7 +715,6 @@
 		exit (1);
 	}
 
-	if (change_environment || restricted_shell(pwent.pw_shell)) {
 	/* we need to setup the environment *after* pam_open_session(),
 	 * else the UID is changed before stuff like pam_xauth could
 	 * run, and we cannot access /etc/shadow and co
@@ -754,7 +729,6 @@
 			envcp++;
 		}
 	}
-	}
 
 	/* become the new user */
 	if (change_uid (&pwent)) {
@@ -770,7 +744,6 @@
 		exit (1);
 #endif				/* !USE_PAM */
 
-	if (change_environment || restricted_shell (pwent.pw_shell)) {
 	if (fakelogin)
 		setup_env (&pwent);
 #if 1				/* Suggested by Joey Hess. XXX - is this right?  */
@@ -780,7 +753,6 @@
 		addenv ("SHELL", shell);
 	}
 #endif
-	}
 
 	/*
 	 * This is a workaround for Linux libc bug/feature (?) - the


More information about the Pkg-shadow-devel mailing list