aboutsummaryrefslogtreecommitdiff
path: root/security/krb5-16/files/patch-as
diff options
context:
space:
mode:
Diffstat (limited to 'security/krb5-16/files/patch-as')
-rw-r--r--security/krb5-16/files/patch-as290
1 files changed, 143 insertions, 147 deletions
diff --git a/security/krb5-16/files/patch-as b/security/krb5-16/files/patch-as
index 0b26c449fe11..de19886eac08 100644
--- a/security/krb5-16/files/patch-as
+++ b/security/krb5-16/files/patch-as
@@ -1,8 +1,8 @@
---- clients/ksu/main.c.orig Wed Feb 28 14:06:55 2001
-+++ clients/ksu/main.c Thu Sep 6 16:21:46 2001
-@@ -31,6 +31,10 @@
- #include <sys/wait.h>
+--- clients/ksu/main.c.orig Wed Aug 14 12:14:49 2002
++++ clients/ksu/main.c Tue Jul 29 18:46:00 2003
+@@ -32,6 +32,10 @@
#include <signal.h>
+ #include <grp.h>
+#ifdef LOGIN_CAP
+#include <login_cap.h>
@@ -11,43 +11,43 @@
/* globals */
char * prog_name;
int auth_debug =0;
-@@ -60,7 +64,7 @@
+@@ -61,7 +65,7 @@
ill specified arguments to commands */
void usage (){
-- fprintf(stderr, "Usage: %s [target user] [-n principal] [-c source cachename] [-C target cachename] [-k] [-D] [-r time] [-pf] [-l lifetime] [-zZ] [-q] [-e command [args... ] ] [-a [args... ] ]\n", prog_name);
-+ fprintf(stderr, "Usage: %s [target user] [-m] [-n principal] [-c source cachename] [-C target cachename] [-k] [-D] [-r time] [-pf] [-l lifetime] [-zZ] [-q] [-e command [args... ] ] [-a [args... ] ]\n", prog_name);
+- fprintf(stderr, "Usage: %s [target user] [-n principal] [-c source cachename] [-k] [-D] [-r time] [-pf] [-l lifetime] [-zZ] [-q] [-e command [args... ] ] [-a [args... ] ]\n", prog_name);
++ fprintf(stderr, "Usage: %s [target user] [-m] [-n principal] [-c source cachename] [-C target cachename] [-k] [-D] [-r time] [-pf] [-l lifetime] [-zZ] [-q] [-e command [args... ] ] [-a [args... ] ]\n", prog_name);
}
/* for Ultrix and friends ... */
-@@ -76,6 +80,7 @@
- int argc;
- char ** argv;
+@@ -77,6 +81,7 @@
+ int argc;
+ char ** argv;
{
-+int asme = 0;
- int hp =0;
- int some_rest_copy = 0;
- int all_rest_copy = 0;
-@@ -90,6 +95,7 @@
- char * cc_target_tag = NULL;
- char * target_user = NULL;
- char * source_user;
-+char * source_shell;
-
- krb5_ccache cc_source = NULL;
- const char * cc_source_tag = NULL;
-@@ -118,6 +124,11 @@
- char * dir_of_cc_target;
- char * dir_of_cc_source;
-
++ int asme = 0;
+ int hp =0;
+ int some_rest_copy = 0;
+ int all_rest_copy = 0;
+@@ -91,6 +96,7 @@
+ char * cc_target_tag = NULL;
+ char * target_user = NULL;
+ char * source_user;
++ char * source_shell;
+
+ krb5_ccache cc_source = NULL;
+ const char * cc_source_tag = NULL;
+@@ -117,6 +123,11 @@
+ krb5_principal kdc_server;
+ krb5_boolean zero_password;
+ char * dir_of_cc_target;
++
+#ifdef LOGIN_CAP
-+login_cap_t *lc;
-+int setwhat;
++ login_cap_t *lc;
++ int setwhat;
+#endif
-+
+
options.opt = KRB5_DEFAULT_OPTIONS;
options.lifetime = KRB5_DEFAULT_TKT_LIFE;
- options.rlife =0;
@@ -181,7 +192,7 @@
com_err (prog_name, errno, "while setting euid to source user");
exit (1);
@@ -68,132 +68,128 @@
if ((retval = krb5_parse_name(ksu_context, optarg, &client))){
com_err(prog_name, retval, "when parsing name %s", optarg);
@@ -341,6 +355,7 @@
-
- /* allocate space and copy the usernamane there */
- source_user = xstrdup(pwd->pw_name);
-+ source_shell = xstrdup(pwd->pw_shell);
- source_uid = pwd->pw_uid;
- source_gid = pwd->pw_gid;
-
-@@ -668,43 +683,64 @@
- /* get the shell of the user, this will be the shell used by su */
- target_pwd = getpwnam(target_user);
-
-- if (target_pwd->pw_shell)
-- shell = xstrdup(target_pwd->pw_shell);
-- else {
-- shell = _DEF_CSH; /* default is cshell */
-- }
-+ if (asme) {
-+ if (source_shell && *source_shell) {
-+ shell = strdup(source_shell);
-+ } else {
-+ shell = _DEF_CSH;
-+ }
+
+ /* allocate space and copy the usernamane there */
+ source_user = xstrdup(pwd->pw_name);
++ source_shell = xstrdup(pwd->pw_shell);
+ source_uid = pwd->pw_uid;
+ source_gid = pwd->pw_gid;
+
+@@ -672,43 +687,64 @@
+ /* get the shell of the user, this will be the shell used by su */
+ target_pwd = getpwnam(target_user);
+
+- if (target_pwd->pw_shell)
+- shell = xstrdup(target_pwd->pw_shell);
+- else {
+- shell = _DEF_CSH; /* default is cshell */
++ if (asme) {
++ if (source_shell && *source_shell) {
++ shell = strdup(source_shell);
+ } else {
-+ if (target_pwd->pw_shell)
-+ shell = strdup(target_pwd->pw_shell);
-+ else {
-+ shell = _DEF_CSH; /* default is cshell */
-+ }
++ shell = _DEF_CSH;
+ }
-
++ } else {
++ if (target_pwd->pw_shell)
++ shell = strdup(target_pwd->pw_shell);
++ else {
++ shell = _DEF_CSH; /* default is cshell */
++ }
+ }
+
#ifdef HAVE_GETUSERSHELL
-
- /* insist that the target login uses a standard shell (root is omited) */
-
-- if (!standard_shell(target_pwd->pw_shell) && source_uid) {
-- fprintf(stderr, "ksu: permission denied (shell).\n");
-- sweep_up(ksu_context, cc_target);
-- exit(1);
-+ if (asme) {
-+ if (!standard_shell(pwd->pw_shell) && source_uid) {
-+ fprintf(stderr, "ksu: permission denied (shell).\n");
-+ sweep_up(ksu_context, cc_target);
-+ exit(1);
-+ }
-+ } else {
-+ if (!standard_shell(target_pwd->pw_shell) && source_uid) {
-+ fprintf(stderr, "ksu: permission denied (shell).\n");
-+ sweep_up(ksu_context, cc_target);
-+ exit(1);
-+ }
- }
+
+ /* insist that the target login uses a standard shell (root is omited) */
+
+- if (!standard_shell(target_pwd->pw_shell) && source_uid) {
+- fprintf(stderr, "ksu: permission denied (shell).\n");
+- sweep_up(ksu_context, cc_target);
+- exit(1);
++ if (asme) {
++ if (!standard_shell(pwd->pw_shell) && source_uid) {
++ fprintf(stderr, "ksu: permission denied (shell).\n");
++ sweep_up(ksu_context, cc_target);
++ exit(1);
++ }
++ } else {
++ if (!standard_shell(target_pwd->pw_shell) && source_uid) {
++ fprintf(stderr, "ksu: permission denied (shell).\n");
++ sweep_up(ksu_context, cc_target);
++ exit(1);
++ }
+ }
#endif /* HAVE_GETUSERSHELL */
-
-- if (target_pwd->pw_uid){
+
+- if (target_pwd->pw_uid){
-
-- if(set_env_var("USER", target_pwd->pw_name)){
-- fprintf(stderr,"ksu: couldn't set environment variable USER\n");
-- sweep_up(ksu_context, cc_target);
-- exit(1);
-- }
-- }
-+ if (!asme) {
-+ if (target_pwd->pw_uid){
-+ if (set_env_var("USER", target_pwd->pw_name)){
-+ fprintf(stderr,"ksu: couldn't set environment variable USER\n");
-+ sweep_up(ksu_context, cc_target);
-+ exit(1);
-+ }
-+ }
-
-- if(set_env_var( "HOME", target_pwd->pw_dir)){
-- fprintf(stderr,"ksu: couldn't set environment variable USER\n");
-- sweep_up(ksu_context, cc_target);
-- exit(1);
-- }
-+ if (set_env_var( "HOME", target_pwd->pw_dir)){
-+ fprintf(stderr,"ksu: couldn't set environment variable USER\n");
-+ sweep_up(ksu_context, cc_target);
-+ exit(1);
-+ }
-
-- if(set_env_var( "SHELL", shell)){
-- fprintf(stderr,"ksu: couldn't set environment variable USER\n");
-- sweep_up(ksu_context, cc_target);
-- exit(1);
-- }
-+ if (set_env_var( "SHELL", shell)){
-+ fprintf(stderr,"ksu: couldn't set environment variable USER\n");
-+ sweep_up(ksu_context, cc_target);
-+ exit(1);
-+ }
+- if(set_env_var("USER", target_pwd->pw_name)){
++ if (!asme) {
++ if (target_pwd->pw_uid){
++ if (set_env_var("USER", target_pwd->pw_name)){
++ fprintf(stderr,"ksu: couldn't set environment variable USER\n");
++ sweep_up(ksu_context, cc_target);
++ exit(1);
++ }
+ }
++
++ if (set_env_var( "HOME", target_pwd->pw_dir)){
+ fprintf(stderr,"ksu: couldn't set environment variable USER\n");
+ sweep_up(ksu_context, cc_target);
+ exit(1);
+- }
+- }
+-
+- if(set_env_var( "HOME", target_pwd->pw_dir)){
+- fprintf(stderr,"ksu: couldn't set environment variable USER\n");
+- sweep_up(ksu_context, cc_target);
+- exit(1);
+- }
++ }
+
+- if(set_env_var( "SHELL", shell)){
+- fprintf(stderr,"ksu: couldn't set environment variable USER\n");
+- sweep_up(ksu_context, cc_target);
+- exit(1);
+- }
++ if (set_env_var( "SHELL", shell)){
++ fprintf(stderr,"ksu: couldn't set environment variable USER\n");
++ sweep_up(ksu_context, cc_target);
++ exit(1);
++ }
++ }
+
+#ifdef LOGIN_CAP
-+ lc = login_getpwclass(pwd);
++ lc = login_getpwclass(pwd);
+#endif
-
- /* set the cc env name to target */
-
-@@ -714,7 +750,18 @@
- sweep_up(ksu_context, cc_target);
- exit(1);
- }
--
+
+ /* set the cc env name to target */
+
+@@ -718,7 +754,19 @@
+ sweep_up(ksu_context, cc_target);
+ exit(1);
+ }
+-
++
+#ifdef LOGIN_CAP
-+ setwhat = LOGIN_SETUSER|LOGIN_SETGROUP|LOGIN_SETRESOURCES|LOGIN_SETPRIORITY;
-+ setwhat |= LOGIN_SETPATH|LOGIN_SETUMASK|LOGIN_SETENV;
-+ /*
-+ * Don't touch resource/priority settings if -m has been
-+ * used or -l and -c hasn't, and we're not su'ing to root.
-+ */
-+ if (target_pwd->pw_uid)
-+ setwhat &= ~(LOGIN_SETPRIORITY|LOGIN_SETRESOURCES);
-+ if (setusercontext(lc, target_pwd, target_pwd->pw_uid, setwhat) < 0)
-+ err(1, "setusercontext");
++ setwhat = LOGIN_SETUSER|LOGIN_SETGROUP|LOGIN_SETRESOURCES|LOGIN_SETPRIORITY;
++ setwhat |= LOGIN_SETPATH|LOGIN_SETUMASK|LOGIN_SETENV;
++ /*
++ * Don't touch resource/priority settings if -m has been
++ * used or -l and -c hasn't, and we're not su'ing to root.
++ */
++ if (target_pwd->pw_uid)
++ setwhat &= ~(LOGIN_SETPRIORITY|LOGIN_SETRESOURCES);
++ if (setusercontext(lc, target_pwd, target_pwd->pw_uid, setwhat) < 0)
++ err(1, "setusercontext");
+#else
- /* set permissions */
- if (setgid(target_pwd->pw_gid) < 0) {
- perror("ksu: setgid");
-@@ -754,7 +801,8 @@
- perror("ksu: setuid");
- sweep_up(ksu_context, cc_target);
- exit(1);
-- }
-+ }
+ /* set permissions */
+ if (setgid(target_pwd->pw_gid) < 0) {
+ perror("ksu: setgid");
+@@ -759,6 +807,7 @@
+ sweep_up(ksu_context, cc_target);
+ exit(1);
+ }
+#endif
-
- if (access( cc_target_tag_tmp, R_OK | W_OK )){
- com_err(prog_name, errno,
+
+ if (access( cc_target_tag_tmp, R_OK | W_OK )){
+ com_err(prog_name, errno,