Source-Changes-HG archive
[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index][Old Index]
[src/trunk]: src/usr.bin/su Restore su.c to version 1.58, plus minor prototyp...
details: https://anonhg.NetBSD.org/src/rev/b73fb63216b2
branches: trunk
changeset: 572678:b73fb63216b2
user: christos <christos%NetBSD.org@localhost>
date: Mon Jan 10 03:11:50 2005 +0000
description:
Restore su.c to version 1.58, plus minor prototyping. Split pam
into su_pam.c, and turn it off by default in the Makefile until it
is tested and actually works. The current pam version does not set ruid
properly anymore.
diffstat:
usr.bin/su/Makefile | 29 ++-
usr.bin/su/su.c | 482 ++----------------------------------------------
usr.bin/su/su_pam.c | 515 ++++++++++++++++++++++++++++++++++++++++++++++++++++
3 files changed, 556 insertions(+), 470 deletions(-)
diffs (truncated from 1160 to 300 lines):
diff -r a8635176f583 -r b73fb63216b2 usr.bin/su/Makefile
--- a/usr.bin/su/Makefile Mon Jan 10 03:11:17 2005 +0000
+++ b/usr.bin/su/Makefile Mon Jan 10 03:11:50 2005 +0000
@@ -1,14 +1,28 @@
-# $NetBSD: Makefile,v 1.36 2005/01/08 09:54:36 lukem Exp $
+# $NetBSD: Makefile,v 1.37 2005/01/10 03:11:50 christos Exp $
# from: @(#)Makefile 8.1 (Berkeley) 7/19/93
.include <bsd.own.mk>
+MKPAM=no
PROG= su
-DPADD+= ${LIBCRYPT}
-LDADD+= -lcrypt -lutil
+CPPFLAGS+=-DLOGIN_CAP
BINOWN= root
BINMODE=4555
-CPPFLAGS+=-DLOGIN_CAP
+
+.if ${MKPAM} != "no"
+
+CPPFLAGS+=-DUSE_PAM -DPAM_DEBUG
+# XXX: Need libcrypt here, because libcrypto defines it too.
+DPADD+= ${LIBPAM} ${LIBCRYPT} ${LIBUTIL}
+LDADD+= -lpam -lcrypt -lutil
+SRCS=su_pam.c
+
+.else
+
+SRCS=su.c
+
+DPADD+= ${LIBCRYPT} ${LIBUTIL}
+LDADD+= -lcrypt -lutil
# Uncomment the following line to change the group that may su root to "sugroup"
#
@@ -39,7 +53,6 @@
LDADD+= -lcrypto -lroken -lcom_err
.endif
-.include <bsd.prog.mk>
.if (${USE_SKEY} != "no")
CPPFLAGS+=-DSKEY
@@ -51,8 +64,6 @@
CPPFLAGS+=-DSU_ROOTAUTH=\"${SU_ROOTAUTH}\"
.endif
-.if (${USE_PAM} != "no")
-CPPFLAGS+=-DUSE_PAM
-DPADD+= ${LIBPAM}
-LDADD+= -lpam
.endif
+
+.include <bsd.prog.mk>
diff -r a8635176f583 -r b73fb63216b2 usr.bin/su/su.c
--- a/usr.bin/su/su.c Mon Jan 10 03:11:17 2005 +0000
+++ b/usr.bin/su/su.c Mon Jan 10 03:11:50 2005 +0000
@@ -1,4 +1,4 @@
-/* $NetBSD: su.c,v 1.63 2005/01/09 21:32:38 manu Exp $ */
+/* $NetBSD: su.c,v 1.64 2005/01/10 03:11:50 christos Exp $ */
/*
* Copyright (c) 1988 The Regents of the University of California.
@@ -40,16 +40,13 @@
#if 0
static char sccsid[] = "@(#)su.c 8.3 (Berkeley) 4/2/94";*/
#else
-__RCSID("$NetBSD: su.c,v 1.63 2005/01/09 21:32:38 manu Exp $");
+__RCSID("$NetBSD: su.c,v 1.64 2005/01/10 03:11:50 christos Exp $");
#endif
#endif /* not lint */
#include <sys/param.h>
#include <sys/time.h>
#include <sys/resource.h>
-#ifdef USE_PAM
-#include <sys/wait.h>
-#endif
#include <err.h>
#include <errno.h>
#include <grp.h>
@@ -66,32 +63,24 @@
#include <tzfile.h>
#include <unistd.h>
-#ifdef USE_PAM
-#include <security/pam_appl.h>
-#include <security/openpam.h> /* for openpam_ttyconv() */
-
-static pam_handle_t *pamh = NULL;
-static const struct pam_conv pamc = { &openpam_ttyconv, NULL };
-#endif
-
#ifdef LOGIN_CAP
#include <login_cap.h>
#endif
-#if defined(KERBEROS) && !defined(USE_PAM)
+#ifdef KERBEROS
#include <des.h>
#include <krb.h>
#include <netdb.h>
-static int kerberos __P((char *, char *, int));
-static int koktologin __P((char *, char *, char *));
+static int kerberos(char *, char *, int);
+static int koktologin(char *, char *, char *);
#endif
-#if defined(KERBEROS5) && !defined(USE_PAM)
+#ifdef KERBEROS5
#include <krb5.h>
-static int kerberos5 __P((char *, char *, int));
+static int kerberos5(char *, char *, int);
#endif
@@ -115,20 +104,14 @@
#define ARGSTR ARGSTRX
#endif
-int main __P((int, char **));
+static int chshell(const char *);
+static char *ontty(void);
+static int check_ingroup(int, const char *, const char *, int);
-static int chshell __P((const char *));
-static char *ontty __P((void));
-#ifndef USE_PAM
-static int check_ingroup __P((int, const char *, const char *, int));
-#endif
+int main(int, char **);
-
-#ifndef USE_PAM
int
-main(argc, argv)
- int argc;
- char **argv;
+main(int argc, char **argv)
{
extern char **environ;
struct passwd *pwd;
@@ -427,433 +410,21 @@
/* NOTREACHED */
}
-#else /* USE_PAM */
-
-int
-main(argc, argv)
- int argc;
- char **argv;
-{
- extern char **environ;
- struct passwd *pwd;
- char *p;
- uid_t ruid;
- int asme, ch, asthem, fastlogin, prio, gohome;
- enum { UNSET, YES, NO } iscsh = UNSET;
- char *user, *shell, *avshell, *username, **np;
- char *class;
- char shellbuf[MAXPATHLEN], avshellbuf[MAXPATHLEN];
- int pam_err;
- char hostname[MAXHOSTNAMELEN];
- char *tty;
- const void *newuser;
-#ifdef LOGIN_CAP
- login_cap_t *lc;
-#endif
-
- asme = asthem = fastlogin = 0;
- gohome = 1;
- shell = class = NULL;
- while ((ch = getopt(argc, argv, ARGSTR)) != -1)
- switch((char)ch) {
-#if defined(KERBEROS) || defined(KERBEROS5)
- case 'K':
- fprintf(stderr, "%s: -K is not supported anymore\n",
- getprogname());
- use_kerberos = 0;
- break;
-#endif
-#ifdef LOGIN_CAP
- case 'c':
- class = optarg;
- break;
-#endif
- case 'd':
- asme = 0;
- asthem = 1;
- gohome = 0;
- break;
- case 'f':
- fastlogin = 1;
- break;
- case '-':
- case 'l':
- asme = 0;
- asthem = 1;
- break;
- case 'm':
- asme = 1;
- asthem = 0;
- break;
- case '?':
- default:
- (void)fprintf(stderr,
- "usage: %s [%s] [login [shell arguments]]\n",
- getprogname(), ARGSTR);
- exit(1);
- }
- argv += optind;
-
- /* Lower the priority so su runs faster */
- errno = 0;
- prio = getpriority(PRIO_PROCESS, 0);
- if (errno)
- prio = 0;
- if (prio > -2)
- (void)setpriority(PRIO_PROCESS, 0, -2);
- openlog("su", 0, LOG_AUTH);
-
- /* get current login name and shell */
- ruid = getuid();
- username = getlogin();
- if (username == NULL || (pwd = getpwnam(username)) == NULL ||
- pwd->pw_uid != ruid)
- pwd = getpwuid(ruid);
- if (pwd == NULL)
- errx(1, "who are you?");
- if ((username = strdup(pwd->pw_name)) == NULL)
- err(1, "strdup");
-
-
- if (asme) {
- if (pwd->pw_shell && *pwd->pw_shell) {
- strlcpy(shellbuf, pwd->pw_shell, sizeof(shellbuf));
- shell = shellbuf;
- } else {
- shell = _PATH_BSHELL;
- iscsh = NO;
- }
- }
- /* get target login information, default to root */
- user = *argv ? *argv : "root";
- np = *argv ? argv : argv-1;
-
- if ((pwd = getpwnam(user)) == NULL)
- errx(1, "unknown login %s", user);
-
- /*
- * PAM initialization
- */
-#define PAM_END(func) do { \
- syslog(LOG_ERR, "%s: %s", func, pam_strerror(pamh, pam_err)); \
- warnx("%s: %s", func, pam_strerror(pamh, pam_err)); \
- pam_end(pamh, pam_err); \
- exit(1); \
-} while (/* CONSTCOND */0)
-
- if ((pam_err = pam_start("su", user, &pamc, &pamh)) != PAM_SUCCESS) {
- if (pamh != NULL)
- PAM_END("pam_start");
- /* Things went really bad... */
- syslog(LOG_ERR, "pam_start failed");
- errx(1, "pam_start failed");
- }
-
- /*
- * Fill hostname, username and tty
- */
- if ((pam_err = pam_set_item(pamh, PAM_RUSER, username)) != PAM_SUCCESS)
- PAM_END("pam_set_item(PAM_RUSER)");
-
- if ((gethostname(hostname, sizeof(hostname)) == 0) &&
- ((pam_err = pam_set_item(pamh,
- PAM_RHOST, hostname) != PAM_SUCCESS)))
- PAM_END("pam_set_item(PAM_RHOST)");
-
- if (((tty = ttyname(STDERR_FILENO)) != NULL) &&
- ((pam_err = pam_set_item(pamh, PAM_TTY, tty)) != PAM_SUCCESS))
- PAM_END("pam_set_item(PAM_TTY)");
-
- /*
- * Authentication
- */
- if ((pam_err = pam_authenticate(pamh, 0)) != PAM_SUCCESS) {
- syslog(LOG_WARNING, "BAD SU %s to %s%s",
- username, user, ontty());
- pam_end(pamh, pam_err);
- errx(1, "Sorry");
- }
-
- /*
- * Authorization
- */
Home |
Main Index |
Thread Index |
Old Index