[Pkg-shadow-devel] patches for su synchronisation

[Nicolas François]

Tomasz,

This fourth patch simplifies how -p is handled (at least for its
documentation).

-- 
Nekral
-------------- next part --------------
--- src/su.c.3	2005-12-17 18:27:06.000000000 +0100
+++ src/su.c	2005-12-17 18:28:11.000000000 +0100
@@ -357,6 +357,10 @@
 				break;
 			case 'm':
 			case 'p':
+				/* This will only have an effect if the target
+				 * user do not have a restricted shell, or if
+				 * su is called by root.
+				 */
 				change_environment = 0;
 				break;
 			case 's':
@@ -485,14 +489,18 @@
 #endif				/* !USE_PAM */
 	pwent = *pw;
 
+	/* If su is not called by root, and the target user has a restricted
+	 * shell, the environment must be changed.
+	 */
+	change_environment |= (restricted_shell(pwent.pw_shell) && !amroot);
+
 	/*
 	 * If a new login is being set up, the old environment will be
 	 * ignored and a new one created later on.
 	 * (note: in the case of a subsystem, the shell will be restricted,
 	 *        and this won't be executed on the first pass)
 	 */
-	if (fakelogin &&
-	    (change_environment || restricted_shell (pwent.pw_shell))) {
+	if (fakelogin && change_environment) {
 		/*
 		 * The terminal type will be left alone if it is present in
 		 * the environment already.
@@ -751,7 +759,7 @@
 		exit (1);
 	}
 
-	if (change_environment || restricted_shell (pwent.pw_shell)) {
+	if (change_environment) {
 		/* we need to setup the environment *after* pam_open_session(),
 		 * else the UID is changed before stuff like pam_xauth could
 		 * run, and we cannot access /etc/shadow and co
@@ -782,7 +790,7 @@
 		exit (1);
 #endif				/* !USE_PAM */
 
-	if (change_environment || restricted_shell (pwent.pw_shell)) {
+	if (change_environment) {
 		if (fakelogin)
 			setup_env (&pwent);
 		else {