[src/trunk]: src/usr.bin/su Normalize the program's compilation options so th...

[christos <christos%NetBSD.org@localhost>]

details:   https://anonhg.NetBSD.org/src/rev/617bb1a2e355
branches:  trunk
changeset: 550759:617bb1a2e355
user:      christos <christos%NetBSD.org@localhost>
date:      Wed Aug 20 14:11:17 2003 +0000

description:
Normalize the program's compilation options so they are all of the form SU_
and document them.

diffstat:

 usr.bin/su/Makefile |   8 ++++----
 usr.bin/su/su.1     |  28 +++++++++++++++++++++++++++-
 usr.bin/su/su.c     |  22 +++++++++++-----------
 3 files changed, 42 insertions(+), 16 deletions(-)

diffs (151 lines):

diff -r a07219aab569 -r 617bb1a2e355 usr.bin/su/Makefile
--- a/usr.bin/su/Makefile       Wed Aug 20 14:04:00 2003 +0000
+++ b/usr.bin/su/Makefile       Wed Aug 20 14:11:17 2003 +0000
@@ -1,4 +1,4 @@
-#      $NetBSD: Makefile,v 1.31 2003/07/24 16:18:21 tron Exp $
+#      $NetBSD: Makefile,v 1.32 2003/08/20 14:11:17 christos Exp $
 #      from: @(#)Makefile      8.1 (Berkeley) 7/19/93
 
 .include <bsd.own.mk>
@@ -12,7 +12,7 @@
 
 # Uncomment the following line to change the group that may su root to "sugroup"
 #
-#CPPFLAGS+=-DSUGROUP=\"sugroup\"
+#CPPFLAGS+=-DSU_GROUP=\"sugroup\"
 
 # Uncomment the following line to make su
 # treat group wheel (SUGROUP) and/or ROOTAUTH as an indirect
@@ -49,6 +49,6 @@
 LDADD+= -lskey
 .endif
 
-.ifdef SUROOTAUTH
-CPPFLAGS+=-DROOTAUTH=\"${SUROOTAUTH}\"
+.ifdef SU_ROOTAUTH
+CPPFLAGS+=-DSU_ROOTAUTH=\"${SU_ROOTAUTH}\"
 .endif
diff -r a07219aab569 -r 617bb1a2e355 usr.bin/su/su.1
--- a/usr.bin/su/su.1   Wed Aug 20 14:04:00 2003 +0000
+++ b/usr.bin/su/su.1   Wed Aug 20 14:11:17 2003 +0000
@@ -26,7 +26,7 @@
 .\" SUCH DAMAGE.
 .\"
 .\"    from: @(#)su.1  8.2 (Berkeley) 4/18/94
-.\"    $NetBSD: su.1,v 1.33 2003/08/07 11:15:56 agc Exp $
+.\"    $NetBSD: su.1,v 1.34 2003/08/20 14:11:17 christos Exp $
 .\"
 .Dd April 27, 2003
 .Dt SU 1
@@ -197,10 +197,36 @@
 prompt is set to
 .Dq Sy \&#
 to remind one of its awesome power.
+.Sh COMPILATION OPTIONS
+.Pp
+Several compilation time options are available that alter the program's
+behavior.
+These options are:
+.Bl -tag -width "SU_INDIRECT_GROUP"
+.It SU_GROUP
+If defined, it changes the default group that is allowed to become
+.Dq root ,
+from
+.Dq wheel
+to the specified string.
+.It SU_ROOTAUTH
+If defined, it specifies a group whose members are allowed to become
+.Dq root ,
+by supplying their own password instead of the
+.Dq root
+one.
+.It SU_INDIRECT_GROOP
+If defined, the
+.Ar SU_GROUP
+and 
+.Ar SU_ROOTAUTH
+groups are treated as indirect groups.
+The group members of those two groups, are treated as groups themselves.
 .Sh EXIT STATUS
 .Nm
 returns the exit status of the executed subshell, or 1 if any error
 occurred while switching privileges.
+.El
 .Sh ENVIRONMENT
 Environment variables used by
 .Nm :
diff -r a07219aab569 -r 617bb1a2e355 usr.bin/su/su.c
--- a/usr.bin/su/su.c   Wed Aug 20 14:04:00 2003 +0000
+++ b/usr.bin/su/su.c   Wed Aug 20 14:11:17 2003 +0000
@@ -1,4 +1,4 @@
-/*     $NetBSD: su.c,v 1.56 2003/08/07 11:15:57 agc Exp $      */
+/*     $NetBSD: su.c,v 1.57 2003/08/20 14:11:17 christos Exp $ */
 
 /*
  * Copyright (c) 1988 The Regents of the University of California.
@@ -40,7 +40,7 @@
 #if 0
 static char sccsid[] = "@(#)su.c       8.3 (Berkeley) 4/2/94";*/
 #else
-__RCSID("$NetBSD: su.c,v 1.56 2003/08/07 11:15:57 agc Exp $");
+__RCSID("$NetBSD: su.c,v 1.57 2003/08/20 14:11:17 christos Exp $");
 #endif
 #endif /* not lint */
 
@@ -94,8 +94,8 @@
 #define        ARGSTRX "-dflm"
 #endif
 
-#ifndef        SUGROUP
-#define        SUGROUP "wheel"
+#ifndef        SU_GROUP
+#define        SU_GROUP        "wheel"
 #endif
 
 #ifdef LOGIN_CAP
@@ -239,30 +239,30 @@
                char *pass = pwd->pw_passwd;
                int ok = pwd->pw_uid != 0;
 
-#ifdef ROOTAUTH
+#ifdef SU_ROOTAUTH
                /*
                 * Allow those in group rootauth to su to root, by supplying
                 * their own password.
                 */
                if (!ok) {
-                       if ((ok = check_ingroup(-1, ROOTAUTH, username, 0))) {
+                       if ((ok = check_ingroup(-1, SU_ROOTAUTH, username, 0))) {
                                pass = userpass;
                                user = username;
                        }
                }
 #endif
                /*
-                * Only allow those in group SUGROUP to su to root,
+                * Only allow those in group SU_GROUP to su to root,
                 * but only if that group has any members.
-                * If SUGROUP has no members, allow anyone to su root
+                * If SU_GROUP has no members, allow anyone to su root
                 */
                if (!ok) {
-                       ok = check_ingroup(-1, SUGROUP, username, 1);
+                       ok = check_ingroup(-1, SU_GROUP, username, 1);
                }
                if (!ok)
                        errx(1,
            "you are not listed in the correct secondary group (%s) to su %s.",
-                                           SUGROUP, user);
+                                           SU_GROUP, user);
                /* if target requires a password, verify it */
                if (*pass) {
                        p = getpass("Password:");
@@ -694,7 +694,7 @@
 
        /*
         * XXX we are relying on the fact that we only set ifempty when
-        * calling to check for SUGROUP and that is the only time a
+        * calling to check for SU_GROUP and that is the only time a
         * missing group is acceptable.
         */
        if (gr == NULL)