diff options
Diffstat (limited to 'security/krb5-appl/files/patch-as')
| -rw-r--r-- | security/krb5-appl/files/patch-as | 290 |
1 files changed, 143 insertions, 147 deletions
diff --git a/security/krb5-appl/files/patch-as b/security/krb5-appl/files/patch-as index 0b26c449fe11..de19886eac08 100644 --- a/security/krb5-appl/files/patch-as +++ b/security/krb5-appl/files/patch-as @@ -1,8 +1,8 @@ ---- clients/ksu/main.c.orig Wed Feb 28 14:06:55 2001 -+++ clients/ksu/main.c Thu Sep 6 16:21:46 2001 -@@ -31,6 +31,10 @@ - #include <sys/wait.h> +--- clients/ksu/main.c.orig Wed Aug 14 12:14:49 2002 ++++ clients/ksu/main.c Tue Jul 29 18:46:00 2003 +@@ -32,6 +32,10 @@ #include <signal.h> + #include <grp.h> +#ifdef LOGIN_CAP +#include <login_cap.h> @@ -11,43 +11,43 @@ /* globals */ char * prog_name; int auth_debug =0; -@@ -60,7 +64,7 @@ +@@ -61,7 +65,7 @@ ill specified arguments to commands */ void usage (){ -- fprintf(stderr, "Usage: %s [target user] [-n principal] [-c source cachename] [-C target cachename] [-k] [-D] [-r time] [-pf] [-l lifetime] [-zZ] [-q] [-e command [args... ] ] [-a [args... ] ]\n", prog_name); -+ fprintf(stderr, "Usage: %s [target user] [-m] [-n principal] [-c source cachename] [-C target cachename] [-k] [-D] [-r time] [-pf] [-l lifetime] [-zZ] [-q] [-e command [args... ] ] [-a [args... ] ]\n", prog_name); +- fprintf(stderr, "Usage: %s [target user] [-n principal] [-c source cachename] [-k] [-D] [-r time] [-pf] [-l lifetime] [-zZ] [-q] [-e command [args... ] ] [-a [args... ] ]\n", prog_name); ++ fprintf(stderr, "Usage: %s [target user] [-m] [-n principal] [-c source cachename] [-C target cachename] [-k] [-D] [-r time] [-pf] [-l lifetime] [-zZ] [-q] [-e command [args... ] ] [-a [args... ] ]\n", prog_name); } /* for Ultrix and friends ... */ -@@ -76,6 +80,7 @@ - int argc; - char ** argv; +@@ -77,6 +81,7 @@ + int argc; + char ** argv; { -+int asme = 0; - int hp =0; - int some_rest_copy = 0; - int all_rest_copy = 0; -@@ -90,6 +95,7 @@ - char * cc_target_tag = NULL; - char * target_user = NULL; - char * source_user; -+char * source_shell; - - krb5_ccache cc_source = NULL; - const char * cc_source_tag = NULL; -@@ -118,6 +124,11 @@ - char * dir_of_cc_target; - char * dir_of_cc_source; - ++ int asme = 0; + int hp =0; + int some_rest_copy = 0; + int all_rest_copy = 0; +@@ -91,6 +96,7 @@ + char * cc_target_tag = NULL; + char * target_user = NULL; + char * source_user; ++ char * source_shell; + + krb5_ccache cc_source = NULL; + const char * cc_source_tag = NULL; +@@ -117,6 +123,11 @@ + krb5_principal kdc_server; + krb5_boolean zero_password; + char * dir_of_cc_target; ++ +#ifdef LOGIN_CAP -+login_cap_t *lc; -+int setwhat; ++ login_cap_t *lc; ++ int setwhat; +#endif -+ + options.opt = KRB5_DEFAULT_OPTIONS; options.lifetime = KRB5_DEFAULT_TKT_LIFE; - options.rlife =0; @@ -181,7 +192,7 @@ com_err (prog_name, errno, "while setting euid to source user"); exit (1); @@ -68,132 +68,128 @@ if ((retval = krb5_parse_name(ksu_context, optarg, &client))){ com_err(prog_name, retval, "when parsing name %s", optarg); @@ -341,6 +355,7 @@ - - /* allocate space and copy the usernamane there */ - source_user = xstrdup(pwd->pw_name); -+ source_shell = xstrdup(pwd->pw_shell); - source_uid = pwd->pw_uid; - source_gid = pwd->pw_gid; - -@@ -668,43 +683,64 @@ - /* get the shell of the user, this will be the shell used by su */ - target_pwd = getpwnam(target_user); - -- if (target_pwd->pw_shell) -- shell = xstrdup(target_pwd->pw_shell); -- else { -- shell = _DEF_CSH; /* default is cshell */ -- } -+ if (asme) { -+ if (source_shell && *source_shell) { -+ shell = strdup(source_shell); -+ } else { -+ shell = _DEF_CSH; -+ } + + /* allocate space and copy the usernamane there */ + source_user = xstrdup(pwd->pw_name); ++ source_shell = xstrdup(pwd->pw_shell); + source_uid = pwd->pw_uid; + source_gid = pwd->pw_gid; + +@@ -672,43 +687,64 @@ + /* get the shell of the user, this will be the shell used by su */ + target_pwd = getpwnam(target_user); + +- if (target_pwd->pw_shell) +- shell = xstrdup(target_pwd->pw_shell); +- else { +- shell = _DEF_CSH; /* default is cshell */ ++ if (asme) { ++ if (source_shell && *source_shell) { ++ shell = strdup(source_shell); + } else { -+ if (target_pwd->pw_shell) -+ shell = strdup(target_pwd->pw_shell); -+ else { -+ shell = _DEF_CSH; /* default is cshell */ -+ } ++ shell = _DEF_CSH; + } - ++ } else { ++ if (target_pwd->pw_shell) ++ shell = strdup(target_pwd->pw_shell); ++ else { ++ shell = _DEF_CSH; /* default is cshell */ ++ } + } + #ifdef HAVE_GETUSERSHELL - - /* insist that the target login uses a standard shell (root is omited) */ - -- if (!standard_shell(target_pwd->pw_shell) && source_uid) { -- fprintf(stderr, "ksu: permission denied (shell).\n"); -- sweep_up(ksu_context, cc_target); -- exit(1); -+ if (asme) { -+ if (!standard_shell(pwd->pw_shell) && source_uid) { -+ fprintf(stderr, "ksu: permission denied (shell).\n"); -+ sweep_up(ksu_context, cc_target); -+ exit(1); -+ } -+ } else { -+ if (!standard_shell(target_pwd->pw_shell) && source_uid) { -+ fprintf(stderr, "ksu: permission denied (shell).\n"); -+ sweep_up(ksu_context, cc_target); -+ exit(1); -+ } - } + + /* insist that the target login uses a standard shell (root is omited) */ + +- if (!standard_shell(target_pwd->pw_shell) && source_uid) { +- fprintf(stderr, "ksu: permission denied (shell).\n"); +- sweep_up(ksu_context, cc_target); +- exit(1); ++ if (asme) { ++ if (!standard_shell(pwd->pw_shell) && source_uid) { ++ fprintf(stderr, "ksu: permission denied (shell).\n"); ++ sweep_up(ksu_context, cc_target); ++ exit(1); ++ } ++ } else { ++ if (!standard_shell(target_pwd->pw_shell) && source_uid) { ++ fprintf(stderr, "ksu: permission denied (shell).\n"); ++ sweep_up(ksu_context, cc_target); ++ exit(1); ++ } + } #endif /* HAVE_GETUSERSHELL */ - -- if (target_pwd->pw_uid){ + +- if (target_pwd->pw_uid){ - -- if(set_env_var("USER", target_pwd->pw_name)){ -- fprintf(stderr,"ksu: couldn't set environment variable USER\n"); -- sweep_up(ksu_context, cc_target); -- exit(1); -- } -- } -+ if (!asme) { -+ if (target_pwd->pw_uid){ -+ if (set_env_var("USER", target_pwd->pw_name)){ -+ fprintf(stderr,"ksu: couldn't set environment variable USER\n"); -+ sweep_up(ksu_context, cc_target); -+ exit(1); -+ } -+ } - -- if(set_env_var( "HOME", target_pwd->pw_dir)){ -- fprintf(stderr,"ksu: couldn't set environment variable USER\n"); -- sweep_up(ksu_context, cc_target); -- exit(1); -- } -+ if (set_env_var( "HOME", target_pwd->pw_dir)){ -+ fprintf(stderr,"ksu: couldn't set environment variable USER\n"); -+ sweep_up(ksu_context, cc_target); -+ exit(1); -+ } - -- if(set_env_var( "SHELL", shell)){ -- fprintf(stderr,"ksu: couldn't set environment variable USER\n"); -- sweep_up(ksu_context, cc_target); -- exit(1); -- } -+ if (set_env_var( "SHELL", shell)){ -+ fprintf(stderr,"ksu: couldn't set environment variable USER\n"); -+ sweep_up(ksu_context, cc_target); -+ exit(1); -+ } +- if(set_env_var("USER", target_pwd->pw_name)){ ++ if (!asme) { ++ if (target_pwd->pw_uid){ ++ if (set_env_var("USER", target_pwd->pw_name)){ ++ fprintf(stderr,"ksu: couldn't set environment variable USER\n"); ++ sweep_up(ksu_context, cc_target); ++ exit(1); ++ } + } ++ ++ if (set_env_var( "HOME", target_pwd->pw_dir)){ + fprintf(stderr,"ksu: couldn't set environment variable USER\n"); + sweep_up(ksu_context, cc_target); + exit(1); +- } +- } +- +- if(set_env_var( "HOME", target_pwd->pw_dir)){ +- fprintf(stderr,"ksu: couldn't set environment variable USER\n"); +- sweep_up(ksu_context, cc_target); +- exit(1); +- } ++ } + +- if(set_env_var( "SHELL", shell)){ +- fprintf(stderr,"ksu: couldn't set environment variable USER\n"); +- sweep_up(ksu_context, cc_target); +- exit(1); +- } ++ if (set_env_var( "SHELL", shell)){ ++ fprintf(stderr,"ksu: couldn't set environment variable USER\n"); ++ sweep_up(ksu_context, cc_target); ++ exit(1); ++ } ++ } + +#ifdef LOGIN_CAP -+ lc = login_getpwclass(pwd); ++ lc = login_getpwclass(pwd); +#endif - - /* set the cc env name to target */ - -@@ -714,7 +750,18 @@ - sweep_up(ksu_context, cc_target); - exit(1); - } -- + + /* set the cc env name to target */ + +@@ -718,7 +754,19 @@ + sweep_up(ksu_context, cc_target); + exit(1); + } +- ++ +#ifdef LOGIN_CAP -+ setwhat = LOGIN_SETUSER|LOGIN_SETGROUP|LOGIN_SETRESOURCES|LOGIN_SETPRIORITY; -+ setwhat |= LOGIN_SETPATH|LOGIN_SETUMASK|LOGIN_SETENV; -+ /* -+ * Don't touch resource/priority settings if -m has been -+ * used or -l and -c hasn't, and we're not su'ing to root. -+ */ -+ if (target_pwd->pw_uid) -+ setwhat &= ~(LOGIN_SETPRIORITY|LOGIN_SETRESOURCES); -+ if (setusercontext(lc, target_pwd, target_pwd->pw_uid, setwhat) < 0) -+ err(1, "setusercontext"); ++ setwhat = LOGIN_SETUSER|LOGIN_SETGROUP|LOGIN_SETRESOURCES|LOGIN_SETPRIORITY; ++ setwhat |= LOGIN_SETPATH|LOGIN_SETUMASK|LOGIN_SETENV; ++ /* ++ * Don't touch resource/priority settings if -m has been ++ * used or -l and -c hasn't, and we're not su'ing to root. ++ */ ++ if (target_pwd->pw_uid) ++ setwhat &= ~(LOGIN_SETPRIORITY|LOGIN_SETRESOURCES); ++ if (setusercontext(lc, target_pwd, target_pwd->pw_uid, setwhat) < 0) ++ err(1, "setusercontext"); +#else - /* set permissions */ - if (setgid(target_pwd->pw_gid) < 0) { - perror("ksu: setgid"); -@@ -754,7 +801,8 @@ - perror("ksu: setuid"); - sweep_up(ksu_context, cc_target); - exit(1); -- } -+ } + /* set permissions */ + if (setgid(target_pwd->pw_gid) < 0) { + perror("ksu: setgid"); +@@ -759,6 +807,7 @@ + sweep_up(ksu_context, cc_target); + exit(1); + } +#endif - - if (access( cc_target_tag_tmp, R_OK | W_OK )){ - com_err(prog_name, errno, + + if (access( cc_target_tag_tmp, R_OK | W_OK )){ + com_err(prog_name, errno, |