From dc90c77285db96b3c9b1ae6fa3dbfdeaee1a192f Mon Sep 17 00:00:00 2001
From: nekral-guest <nekral-guest@5a98b0ae-9ef6-0310-add3-de5d479b70d7>
Date: Mon, 13 Jun 2011 18:26:10 +0000
Subject: [PATCH] 	* src/su.c: Define shellstr before the environment so
 that 	restricted_shell is called only once. This will allow moving the 
 environment definition after the switch to the new user.

---
 ChangeLog |  3 +++
 src/su.c  | 62 +++++++++++++++++++++++++++----------------------------
 2 files changed, 33 insertions(+), 32 deletions(-)

diff --git a/ChangeLog b/ChangeLog
index 28c6c9f2..9e482fe7 100644
--- a/ChangeLog
+++ b/ChangeLog
@@ -13,6 +13,9 @@
 	reset to false).
 	* src/su.c: No need to change the user's shell in case of
 	subsystem root. Update the comments.
+	* src/su.c: Define shellstr before the environment so that
+	restricted_shell is called only once. This will allow moving the
+	environment definition after the switch to the new user.
 
 2011-06-10  Nicolas François  <nicolas.francois@centraliens.net>
 
diff --git a/src/su.c b/src/su.c
index c4b5ccbd..f1b0fde6 100644
--- a/src/su.c
+++ b/src/su.c
@@ -804,10 +804,37 @@ int main (int argc, char **argv)
 		goto top;		/* authenticate in the subsystem */
 	}
 
-	/* If su is not called by root, and the target user has a restricted
-	 * shell, the environment must be changed.
+	/* If the user do not want to change the environment,
+	 * use the current SHELL.
+	 * (unless another shell is required by the command line)
 	 */
-	change_environment |= (restricted_shell (pwent.pw_shell) && !amroot);
+	if ((NULL == shellstr) && !change_environment) {
+		shellstr = getenv ("SHELL");
+	}
+
+	/* If su is not called by root, and the target user has a
+	 * restricted shell, the environment must be changed and the shell
+	 * must be the one specified in /etc/passwd.
+	 */
+	if (   !amroot
+	    && restricted_shell (pwent.pw_shell)) {
+		shellstr = NULL;
+		change_environment = true;
+	}
+
+	/* If the shell is not set at this time, use the shell specified
+	 * in /etc/passwd.
+	 */
+	if (NULL == shellstr) {
+		shellstr = (char *) strdup (pwent.pw_shell);
+	}
+
+	/*
+	 * Set the default shell.
+	 */
+	if ((NULL == shellstr) || ('\0' == shellstr[0])) {
+		shellstr = SHELL;
+	}
 
 	/*
 	 * If a new login is being set up, the old environment will be
@@ -870,35 +897,6 @@ int main (int argc, char **argv)
 		}
 	}
 
-	/* If the user do not want to change the environment,
-	 * use the current SHELL.
-	 * (unless another shell is required by the command line)
-	 */
-	if ((NULL == shellstr) && !change_environment) {
-		shellstr = getenv ("SHELL");
-	}
-	/* For users with non null UID, if this user has a restricted
-	 * shell, the shell must be the one specified in /etc/passwd
-	 */
-	if (   (NULL != shellstr)
-	    && !amroot
-	    && restricted_shell (pwent.pw_shell)) {
-		shellstr = NULL;
-	}
-	/* If the shell is not set at this time, use the shell specified
-	 * in /etc/passwd.
-	 */
-	if (NULL == shellstr) {
-		shellstr = (char *) strdup (pwent.pw_shell);
-	}
-
-	/*
-	 * Set the default shell.
-	 */
-	if ((NULL == shellstr) || ('\0' == shellstr[0])) {
-		shellstr = SHELL;
-	}
-
 	cp = getdef_str ((pwent.pw_uid == 0) ? "ENV_SUPATH" : "ENV_PATH");
 	if (NULL == cp) {
 		addenv ((pwent.pw_uid == 0) ? "PATH=/sbin:/bin:/usr/sbin:/usr/bin" : "PATH=/bin:/usr/bin", NULL);