* src/su.c: Group some of the environment processing blocks. The

definition of shellstr, PATH and IFS is not influenced (getenv,
	getdef, restricted_shell) by and does not influence (addenv does
	not change environ) the authentication. And the authentication
	does not overwrite those definitions. This will ease an extraction
	from the big main() function.
This commit is contained in:
nekral-guest 2011-06-13 18:25:45 +00:00
parent aef33a89c2
commit 4be8077a56
2 changed files with 51 additions and 42 deletions

View File

@ -1,3 +1,12 @@
2011-06-10 Nicolas François <nicolas.francois@centraliens.net>
* src/su.c: Group some of the environment processing blocks. The
definition of shellstr, PATH and IFS is not influenced (getenv,
getdef, restricted_shell) by and does not influence (addenv does
not change environ) the authentication. And the authentication
does not overwrite those definitions. This will ease an extraction
from the big main() function.
2011-06-10 Nicolas François <nicolas.francois@centraliens.net> 2011-06-10 Nicolas François <nicolas.francois@centraliens.net>
* src/su.c: Updating pwent after expire() is not useful. Only the * src/su.c: Updating pwent after expire() is not useful. Only the

View File

@ -720,6 +720,48 @@ int main (int argc, char **argv)
} }
} }
/* If the user do not want to change the environment,
* use the current SHELL.
* (unless another shell is required by the command line)
*/
if ((NULL == shellstr) && !change_environment) {
shellstr = getenv ("SHELL");
}
/* For users with non null UID, if this user has a restricted
* shell, the shell must be the one specified in /etc/passwd
*/
if ( (NULL != shellstr)
&& !amroot
&& restricted_shell (pwent.pw_shell)) {
shellstr = NULL;
}
/* If the shell is not set at this time, use the shell specified
* in /etc/passwd.
*/
if (NULL == shellstr) {
shellstr = (char *) strdup (pwent.pw_shell);
}
/*
* Set the default shell.
*/
if ((NULL == shellstr) || ('\0' == shellstr[0])) {
shellstr = SHELL;
}
cp = getdef_str ((pwent.pw_uid == 0) ? "ENV_SUPATH" : "ENV_PATH");
if (NULL == cp) {
addenv ((pwent.pw_uid == 0) ? "PATH=/sbin:/bin:/usr/sbin:/usr/bin" : "PATH=/bin:/usr/bin", NULL);
} else if (strchr (cp, '=') != NULL) {
addenv (cp, NULL);
} else {
addenv ("PATH", cp);
}
if (getenv ("IFS") != NULL) { /* don't export user IFS ... */
addenv ("IFS= \t\n", NULL); /* ... instead, set a safe IFS */
}
#ifndef USE_PAM #ifndef USE_PAM
/* /*
* BSD systems only allow "wheel" to SU to root. USG systems don't, * BSD systems only allow "wheel" to SU to root. USG systems don't,
@ -769,35 +811,6 @@ int main (int argc, char **argv)
} }
#endif /* !USE_PAM */ #endif /* !USE_PAM */
/* If the user do not want to change the environment,
* use the current SHELL.
* (unless another shell is required by the command line)
*/
if ((NULL == shellstr) && !change_environment) {
shellstr = getenv ("SHELL");
}
/* For users with non null UID, if this user has a restricted
* shell, the shell must be the one specified in /etc/passwd
*/
if ( (NULL != shellstr)
&& !amroot
&& restricted_shell (pwent.pw_shell)) {
shellstr = NULL;
}
/* If the shell is not set at this time, use the shell specified
* in /etc/passwd.
*/
if (NULL == shellstr) {
shellstr = (char *) strdup (pwent.pw_shell);
}
/*
* Set the default shell.
*/
if ((NULL == shellstr) || ('\0' == shellstr[0])) {
shellstr = SHELL;
}
(void) signal (SIGINT, SIG_IGN); (void) signal (SIGINT, SIG_IGN);
(void) signal (SIGQUIT, SIG_IGN); (void) signal (SIGQUIT, SIG_IGN);
#ifdef USE_PAM #ifdef USE_PAM
@ -889,19 +902,6 @@ int main (int argc, char **argv)
(void) signal (SIGINT, SIG_DFL); (void) signal (SIGINT, SIG_DFL);
(void) signal (SIGQUIT, SIG_DFL); (void) signal (SIGQUIT, SIG_DFL);
cp = getdef_str ((pwent.pw_uid == 0) ? "ENV_SUPATH" : "ENV_PATH");
if (NULL == cp) {
addenv ((pwent.pw_uid == 0) ? "PATH=/sbin:/bin:/usr/sbin:/usr/bin" : "PATH=/bin:/usr/bin", NULL);
} else if (strchr (cp, '=') != NULL) {
addenv (cp, NULL);
} else {
addenv ("PATH", cp);
}
if (getenv ("IFS") != NULL) { /* don't export user IFS ... */
addenv ("IFS= \t\n", NULL); /* ... instead, set a safe IFS */
}
/* /*
* Even if --shell is specified, the subsystem login test is based on * Even if --shell is specified, the subsystem login test is based on
* the shell specified in /etc/passwd (not the one specified with * the shell specified in /etc/passwd (not the one specified with