* src/su.c: Group some of the environment processing blocks. The
definition of shellstr, PATH and IFS is not influenced (getenv, getdef, restricted_shell) by and does not influence (addenv does not change environ) the authentication. And the authentication does not overwrite those definitions. This will ease an extraction from the big main() function.
This commit is contained in:
parent
aef33a89c2
commit
4be8077a56
@ -1,3 +1,12 @@
|
||||
2011-06-10 Nicolas François <nicolas.francois@centraliens.net>
|
||||
|
||||
* src/su.c: Group some of the environment processing blocks. The
|
||||
definition of shellstr, PATH and IFS is not influenced (getenv,
|
||||
getdef, restricted_shell) by and does not influence (addenv does
|
||||
not change environ) the authentication. And the authentication
|
||||
does not overwrite those definitions. This will ease an extraction
|
||||
from the big main() function.
|
||||
|
||||
2011-06-10 Nicolas François <nicolas.francois@centraliens.net>
|
||||
|
||||
* src/su.c: Updating pwent after expire() is not useful. Only the
|
||||
|
84
src/su.c
84
src/su.c
@ -720,6 +720,48 @@ int main (int argc, char **argv)
|
||||
}
|
||||
}
|
||||
|
||||
/* If the user do not want to change the environment,
|
||||
* use the current SHELL.
|
||||
* (unless another shell is required by the command line)
|
||||
*/
|
||||
if ((NULL == shellstr) && !change_environment) {
|
||||
shellstr = getenv ("SHELL");
|
||||
}
|
||||
/* For users with non null UID, if this user has a restricted
|
||||
* shell, the shell must be the one specified in /etc/passwd
|
||||
*/
|
||||
if ( (NULL != shellstr)
|
||||
&& !amroot
|
||||
&& restricted_shell (pwent.pw_shell)) {
|
||||
shellstr = NULL;
|
||||
}
|
||||
/* If the shell is not set at this time, use the shell specified
|
||||
* in /etc/passwd.
|
||||
*/
|
||||
if (NULL == shellstr) {
|
||||
shellstr = (char *) strdup (pwent.pw_shell);
|
||||
}
|
||||
|
||||
/*
|
||||
* Set the default shell.
|
||||
*/
|
||||
if ((NULL == shellstr) || ('\0' == shellstr[0])) {
|
||||
shellstr = SHELL;
|
||||
}
|
||||
|
||||
cp = getdef_str ((pwent.pw_uid == 0) ? "ENV_SUPATH" : "ENV_PATH");
|
||||
if (NULL == cp) {
|
||||
addenv ((pwent.pw_uid == 0) ? "PATH=/sbin:/bin:/usr/sbin:/usr/bin" : "PATH=/bin:/usr/bin", NULL);
|
||||
} else if (strchr (cp, '=') != NULL) {
|
||||
addenv (cp, NULL);
|
||||
} else {
|
||||
addenv ("PATH", cp);
|
||||
}
|
||||
|
||||
if (getenv ("IFS") != NULL) { /* don't export user IFS ... */
|
||||
addenv ("IFS= \t\n", NULL); /* ... instead, set a safe IFS */
|
||||
}
|
||||
|
||||
#ifndef USE_PAM
|
||||
/*
|
||||
* BSD systems only allow "wheel" to SU to root. USG systems don't,
|
||||
@ -769,35 +811,6 @@ int main (int argc, char **argv)
|
||||
}
|
||||
#endif /* !USE_PAM */
|
||||
|
||||
/* If the user do not want to change the environment,
|
||||
* use the current SHELL.
|
||||
* (unless another shell is required by the command line)
|
||||
*/
|
||||
if ((NULL == shellstr) && !change_environment) {
|
||||
shellstr = getenv ("SHELL");
|
||||
}
|
||||
/* For users with non null UID, if this user has a restricted
|
||||
* shell, the shell must be the one specified in /etc/passwd
|
||||
*/
|
||||
if ( (NULL != shellstr)
|
||||
&& !amroot
|
||||
&& restricted_shell (pwent.pw_shell)) {
|
||||
shellstr = NULL;
|
||||
}
|
||||
/* If the shell is not set at this time, use the shell specified
|
||||
* in /etc/passwd.
|
||||
*/
|
||||
if (NULL == shellstr) {
|
||||
shellstr = (char *) strdup (pwent.pw_shell);
|
||||
}
|
||||
|
||||
/*
|
||||
* Set the default shell.
|
||||
*/
|
||||
if ((NULL == shellstr) || ('\0' == shellstr[0])) {
|
||||
shellstr = SHELL;
|
||||
}
|
||||
|
||||
(void) signal (SIGINT, SIG_IGN);
|
||||
(void) signal (SIGQUIT, SIG_IGN);
|
||||
#ifdef USE_PAM
|
||||
@ -889,19 +902,6 @@ int main (int argc, char **argv)
|
||||
(void) signal (SIGINT, SIG_DFL);
|
||||
(void) signal (SIGQUIT, SIG_DFL);
|
||||
|
||||
cp = getdef_str ((pwent.pw_uid == 0) ? "ENV_SUPATH" : "ENV_PATH");
|
||||
if (NULL == cp) {
|
||||
addenv ((pwent.pw_uid == 0) ? "PATH=/sbin:/bin:/usr/sbin:/usr/bin" : "PATH=/bin:/usr/bin", NULL);
|
||||
} else if (strchr (cp, '=') != NULL) {
|
||||
addenv (cp, NULL);
|
||||
} else {
|
||||
addenv ("PATH", cp);
|
||||
}
|
||||
|
||||
if (getenv ("IFS") != NULL) { /* don't export user IFS ... */
|
||||
addenv ("IFS= \t\n", NULL); /* ... instead, set a safe IFS */
|
||||
}
|
||||
|
||||
/*
|
||||
* Even if --shell is specified, the subsystem login test is based on
|
||||
* the shell specified in /etc/passwd (not the one specified with
|
||||
|
Loading…
x
Reference in New Issue
Block a user