diff options
author | cvs2svn <cvs2svn@FreeBSD.org> | 2008-11-19 10:43:57 +0000 |
---|---|---|
committer | cvs2svn <cvs2svn@FreeBSD.org> | 2008-11-19 10:43:57 +0000 |
commit | f982be45e81588a27383cd1a3eb12789b8498904 (patch) | |
tree | 07be283d015b2c39f95e655cb7328ff355bc47fa /security/krb5-16/files/patch-as | |
parent | 856c5bf9f133ae5d553d972d5a940586d3f56048 (diff) |
This commit was manufactured by cvs2svn to create tag 'RELEASE_6_4_0'.release/6.4.0
Notes
Notes:
svn path=/head/; revision=223035
svn path=/tags/RELEASE_6_4_0/; revision=223036; tag=release/6.4.0
Diffstat (limited to 'security/krb5-16/files/patch-as')
-rw-r--r-- | security/krb5-16/files/patch-as | 195 |
1 files changed, 0 insertions, 195 deletions
diff --git a/security/krb5-16/files/patch-as b/security/krb5-16/files/patch-as deleted file mode 100644 index de19886eac08..000000000000 --- a/security/krb5-16/files/patch-as +++ /dev/null @@ -1,195 +0,0 @@ ---- clients/ksu/main.c.orig Wed Aug 14 12:14:49 2002 -+++ clients/ksu/main.c Tue Jul 29 18:46:00 2003 -@@ -32,6 +32,10 @@ - #include <signal.h> - #include <grp.h> - -+#ifdef LOGIN_CAP -+#include <login_cap.h> -+#endif -+ - /* globals */ - char * prog_name; - int auth_debug =0; -@@ -61,7 +65,7 @@ - ill specified arguments to commands */ - - void usage (){ -- fprintf(stderr, "Usage: %s [target user] [-n principal] [-c source cachename] [-k] [-D] [-r time] [-pf] [-l lifetime] [-zZ] [-q] [-e command [args... ] ] [-a [args... ] ]\n", prog_name); -+ fprintf(stderr, "Usage: %s [target user] [-m] [-n principal] [-c source cachename] [-C target cachename] [-k] [-D] [-r time] [-pf] [-l lifetime] [-zZ] [-q] [-e command [args... ] ] [-a [args... ] ]\n", prog_name); - } - - /* for Ultrix and friends ... */ -@@ -77,6 +81,7 @@ - int argc; - char ** argv; - { -+ int asme = 0; - int hp =0; - int some_rest_copy = 0; - int all_rest_copy = 0; -@@ -91,6 +96,7 @@ - char * cc_target_tag = NULL; - char * target_user = NULL; - char * source_user; -+ char * source_shell; - - krb5_ccache cc_source = NULL; - const char * cc_source_tag = NULL; -@@ -117,6 +123,11 @@ - krb5_principal kdc_server; - krb5_boolean zero_password; - char * dir_of_cc_target; -+ -+#ifdef LOGIN_CAP -+ login_cap_t *lc; -+ int setwhat; -+#endif - - options.opt = KRB5_DEFAULT_OPTIONS; - options.lifetime = KRB5_DEFAULT_TKT_LIFE; -@@ -181,7 +192,7 @@ - com_err (prog_name, errno, "while setting euid to source user"); - exit (1); - } -- while(!done && ((option = getopt(pargc, pargv,"n:c:r:a:zZDfpkql:e:")) != -1)){ -+ while(!done && ((option = getopt(pargc, pargv,"n:c:r:a:zZDfpkmql:e:")) != -1)){ - switch (option) { - case 'r': - options.opt |= KDC_OPT_RENEWABLE; -@@ -227,6 +238,9 @@ - errflg++; - } - break; -+ case 'm': -+ asme = 1; -+ break; - case 'n': - if ((retval = krb5_parse_name(ksu_context, optarg, &client))){ - com_err(prog_name, retval, "when parsing name %s", optarg); -@@ -341,6 +355,7 @@ - - /* allocate space and copy the usernamane there */ - source_user = xstrdup(pwd->pw_name); -+ source_shell = xstrdup(pwd->pw_shell); - source_uid = pwd->pw_uid; - source_gid = pwd->pw_gid; - -@@ -672,43 +687,64 @@ - /* get the shell of the user, this will be the shell used by su */ - target_pwd = getpwnam(target_user); - -- if (target_pwd->pw_shell) -- shell = xstrdup(target_pwd->pw_shell); -- else { -- shell = _DEF_CSH; /* default is cshell */ -+ if (asme) { -+ if (source_shell && *source_shell) { -+ shell = strdup(source_shell); -+ } else { -+ shell = _DEF_CSH; -+ } -+ } else { -+ if (target_pwd->pw_shell) -+ shell = strdup(target_pwd->pw_shell); -+ else { -+ shell = _DEF_CSH; /* default is cshell */ -+ } - } - - #ifdef HAVE_GETUSERSHELL - - /* insist that the target login uses a standard shell (root is omited) */ - -- if (!standard_shell(target_pwd->pw_shell) && source_uid) { -- fprintf(stderr, "ksu: permission denied (shell).\n"); -- sweep_up(ksu_context, cc_target); -- exit(1); -+ if (asme) { -+ if (!standard_shell(pwd->pw_shell) && source_uid) { -+ fprintf(stderr, "ksu: permission denied (shell).\n"); -+ sweep_up(ksu_context, cc_target); -+ exit(1); -+ } -+ } else { -+ if (!standard_shell(target_pwd->pw_shell) && source_uid) { -+ fprintf(stderr, "ksu: permission denied (shell).\n"); -+ sweep_up(ksu_context, cc_target); -+ exit(1); -+ } - } - #endif /* HAVE_GETUSERSHELL */ - -- if (target_pwd->pw_uid){ -- -- if(set_env_var("USER", target_pwd->pw_name)){ -+ if (!asme) { -+ if (target_pwd->pw_uid){ -+ if (set_env_var("USER", target_pwd->pw_name)){ -+ fprintf(stderr,"ksu: couldn't set environment variable USER\n"); -+ sweep_up(ksu_context, cc_target); -+ exit(1); -+ } -+ } -+ -+ if (set_env_var( "HOME", target_pwd->pw_dir)){ - fprintf(stderr,"ksu: couldn't set environment variable USER\n"); - sweep_up(ksu_context, cc_target); - exit(1); -- } -- } -- -- if(set_env_var( "HOME", target_pwd->pw_dir)){ -- fprintf(stderr,"ksu: couldn't set environment variable USER\n"); -- sweep_up(ksu_context, cc_target); -- exit(1); -- } -+ } - -- if(set_env_var( "SHELL", shell)){ -- fprintf(stderr,"ksu: couldn't set environment variable USER\n"); -- sweep_up(ksu_context, cc_target); -- exit(1); -- } -+ if (set_env_var( "SHELL", shell)){ -+ fprintf(stderr,"ksu: couldn't set environment variable USER\n"); -+ sweep_up(ksu_context, cc_target); -+ exit(1); -+ } -+ } -+ -+#ifdef LOGIN_CAP -+ lc = login_getpwclass(pwd); -+#endif - - /* set the cc env name to target */ - -@@ -718,7 +754,19 @@ - sweep_up(ksu_context, cc_target); - exit(1); - } -- -+ -+#ifdef LOGIN_CAP -+ setwhat = LOGIN_SETUSER|LOGIN_SETGROUP|LOGIN_SETRESOURCES|LOGIN_SETPRIORITY; -+ setwhat |= LOGIN_SETPATH|LOGIN_SETUMASK|LOGIN_SETENV; -+ /* -+ * Don't touch resource/priority settings if -m has been -+ * used or -l and -c hasn't, and we're not su'ing to root. -+ */ -+ if (target_pwd->pw_uid) -+ setwhat &= ~(LOGIN_SETPRIORITY|LOGIN_SETRESOURCES); -+ if (setusercontext(lc, target_pwd, target_pwd->pw_uid, setwhat) < 0) -+ err(1, "setusercontext"); -+#else - /* set permissions */ - if (setgid(target_pwd->pw_gid) < 0) { - perror("ksu: setgid"); -@@ -759,6 +807,7 @@ - sweep_up(ksu_context, cc_target); - exit(1); - } -+#endif - - if (access( cc_target_tag_tmp, R_OK | W_OK )){ - com_err(prog_name, errno, |