diff options
Diffstat (limited to 'security/krb5-beta/files/patch-as')
| -rw-r--r-- | security/krb5-beta/files/patch-as | 199 |
1 files changed, 199 insertions, 0 deletions
diff --git a/security/krb5-beta/files/patch-as b/security/krb5-beta/files/patch-as new file mode 100644 index 000000000000..0b26c449fe11 --- /dev/null +++ b/security/krb5-beta/files/patch-as @@ -0,0 +1,199 @@ +--- clients/ksu/main.c.orig Wed Feb 28 14:06:55 2001 ++++ clients/ksu/main.c Thu Sep 6 16:21:46 2001 +@@ -31,6 +31,10 @@ + #include <sys/wait.h> + #include <signal.h> + ++#ifdef LOGIN_CAP ++#include <login_cap.h> ++#endif ++ + /* globals */ + char * prog_name; + int auth_debug =0; +@@ -60,7 +64,7 @@ + ill specified arguments to commands */ + + void usage (){ +- fprintf(stderr, "Usage: %s [target user] [-n principal] [-c source cachename] [-C target cachename] [-k] [-D] [-r time] [-pf] [-l lifetime] [-zZ] [-q] [-e command [args... ] ] [-a [args... ] ]\n", prog_name); ++ fprintf(stderr, "Usage: %s [target user] [-m] [-n principal] [-c source cachename] [-C target cachename] [-k] [-D] [-r time] [-pf] [-l lifetime] [-zZ] [-q] [-e command [args... ] ] [-a [args... ] ]\n", prog_name); + } + + /* for Ultrix and friends ... */ +@@ -76,6 +80,7 @@ + int argc; + char ** argv; + { ++int asme = 0; + int hp =0; + int some_rest_copy = 0; + int all_rest_copy = 0; +@@ -90,6 +95,7 @@ + char * cc_target_tag = NULL; + char * target_user = NULL; + char * source_user; ++char * source_shell; + + krb5_ccache cc_source = NULL; + const char * cc_source_tag = NULL; +@@ -118,6 +124,11 @@ + char * dir_of_cc_target; + char * dir_of_cc_source; + ++#ifdef LOGIN_CAP ++login_cap_t *lc; ++int setwhat; ++#endif ++ + options.opt = KRB5_DEFAULT_OPTIONS; + options.lifetime = KRB5_DEFAULT_TKT_LIFE; + options.rlife =0; +@@ -181,7 +192,7 @@ + com_err (prog_name, errno, "while setting euid to source user"); + exit (1); + } +- while(!done && ((option = getopt(pargc, pargv,"n:c:r:a:zZDfpkql:e:")) != -1)){ ++ while(!done && ((option = getopt(pargc, pargv,"n:c:r:a:zZDfpkmql:e:")) != -1)){ + switch (option) { + case 'r': + options.opt |= KDC_OPT_RENEWABLE; +@@ -227,6 +238,9 @@ + errflg++; + } + break; ++ case 'm': ++ asme = 1; ++ break; + case 'n': + if ((retval = krb5_parse_name(ksu_context, optarg, &client))){ + com_err(prog_name, retval, "when parsing name %s", optarg); +@@ -341,6 +355,7 @@ + + /* allocate space and copy the usernamane there */ + source_user = xstrdup(pwd->pw_name); ++ source_shell = xstrdup(pwd->pw_shell); + source_uid = pwd->pw_uid; + source_gid = pwd->pw_gid; + +@@ -668,43 +683,64 @@ + /* get the shell of the user, this will be the shell used by su */ + target_pwd = getpwnam(target_user); + +- if (target_pwd->pw_shell) +- shell = xstrdup(target_pwd->pw_shell); +- else { +- shell = _DEF_CSH; /* default is cshell */ +- } ++ if (asme) { ++ if (source_shell && *source_shell) { ++ shell = strdup(source_shell); ++ } else { ++ shell = _DEF_CSH; ++ } ++ } else { ++ if (target_pwd->pw_shell) ++ shell = strdup(target_pwd->pw_shell); ++ else { ++ shell = _DEF_CSH; /* default is cshell */ ++ } ++ } + + #ifdef HAVE_GETUSERSHELL + + /* insist that the target login uses a standard shell (root is omited) */ + +- if (!standard_shell(target_pwd->pw_shell) && source_uid) { +- fprintf(stderr, "ksu: permission denied (shell).\n"); +- sweep_up(ksu_context, cc_target); +- exit(1); ++ if (asme) { ++ if (!standard_shell(pwd->pw_shell) && source_uid) { ++ fprintf(stderr, "ksu: permission denied (shell).\n"); ++ sweep_up(ksu_context, cc_target); ++ exit(1); ++ } ++ } else { ++ if (!standard_shell(target_pwd->pw_shell) && source_uid) { ++ fprintf(stderr, "ksu: permission denied (shell).\n"); ++ sweep_up(ksu_context, cc_target); ++ exit(1); ++ } + } + #endif /* HAVE_GETUSERSHELL */ + +- if (target_pwd->pw_uid){ +- +- if(set_env_var("USER", target_pwd->pw_name)){ +- fprintf(stderr,"ksu: couldn't set environment variable USER\n"); +- sweep_up(ksu_context, cc_target); +- exit(1); +- } +- } ++ if (!asme) { ++ if (target_pwd->pw_uid){ ++ if (set_env_var("USER", target_pwd->pw_name)){ ++ fprintf(stderr,"ksu: couldn't set environment variable USER\n"); ++ sweep_up(ksu_context, cc_target); ++ exit(1); ++ } ++ } + +- if(set_env_var( "HOME", target_pwd->pw_dir)){ +- fprintf(stderr,"ksu: couldn't set environment variable USER\n"); +- sweep_up(ksu_context, cc_target); +- exit(1); +- } ++ if (set_env_var( "HOME", target_pwd->pw_dir)){ ++ fprintf(stderr,"ksu: couldn't set environment variable USER\n"); ++ sweep_up(ksu_context, cc_target); ++ exit(1); ++ } + +- if(set_env_var( "SHELL", shell)){ +- fprintf(stderr,"ksu: couldn't set environment variable USER\n"); +- sweep_up(ksu_context, cc_target); +- exit(1); +- } ++ if (set_env_var( "SHELL", shell)){ ++ fprintf(stderr,"ksu: couldn't set environment variable USER\n"); ++ sweep_up(ksu_context, cc_target); ++ exit(1); ++ } ++ } ++ ++#ifdef LOGIN_CAP ++ lc = login_getpwclass(pwd); ++#endif + + /* set the cc env name to target */ + +@@ -714,7 +750,18 @@ + sweep_up(ksu_context, cc_target); + exit(1); + } +- ++#ifdef LOGIN_CAP ++ setwhat = LOGIN_SETUSER|LOGIN_SETGROUP|LOGIN_SETRESOURCES|LOGIN_SETPRIORITY; ++ setwhat |= LOGIN_SETPATH|LOGIN_SETUMASK|LOGIN_SETENV; ++ /* ++ * Don't touch resource/priority settings if -m has been ++ * used or -l and -c hasn't, and we're not su'ing to root. ++ */ ++ if (target_pwd->pw_uid) ++ setwhat &= ~(LOGIN_SETPRIORITY|LOGIN_SETRESOURCES); ++ if (setusercontext(lc, target_pwd, target_pwd->pw_uid, setwhat) < 0) ++ err(1, "setusercontext"); ++#else + /* set permissions */ + if (setgid(target_pwd->pw_gid) < 0) { + perror("ksu: setgid"); +@@ -754,7 +801,8 @@ + perror("ksu: setuid"); + sweep_up(ksu_context, cc_target); + exit(1); +- } ++ } ++#endif + + if (access( cc_target_tag_tmp, R_OK | W_OK )){ + com_err(prog_name, errno, |