const char *tty_name; /* tty_path without /dev prefix */
const char *tty_number; /* end of the tty_path */
+ char *new_user; /* wanted user */
+ char *old_user; /* orginal user */
+
unsigned int runuser :1, /* flase=su, true=runuser */
+ runuser_uopt :1, /* runuser -u specified */
isterm :1, /* is stdin terminal? */
fast_startup :1, /* pass the `-f' option to the subshell. */
simulate_login :1, /* simulate a login instead of just starting a shell. */
caught_signal = sig;
}
-
-static const struct passwd *
-current_getpwuid(void)
-{
- uid_t ruid;
-
- /* GNU Hurd implementation has an extension where a process can exist in a
- * non-conforming environment, and thus be outside the realms of POSIX
- * process identifiers; on this platform, getuid() fails with a status of
- * (uid_t)(-1) and sets errno if a program is run from a non-conforming
- * environment.
- *
- * http://austingroupbugs.net/view.php?id=511
- */
- errno = 0;
- ruid = getuid();
-
- return errno == 0 ? getpwuid(ruid) : NULL;
-}
-
-
static void init_tty(struct su_context *su)
{
su->isterm = isatty(STDIN_FILENO) ? 1 : 0;
static void log_syslog(struct su_context *su, bool successful)
{
- const char *new_user = su->pwd->pw_name,
- *old_user;
-
- /* The utmp entry (via getlogin) is probably the best way to identify
- * the user, especially if someone su's from a su-shell.
- */
- old_user = getlogin();
- if (!old_user) {
- /* probably lack of utmp entry; resort to getpwuid. */
- const struct passwd *pwd = current_getpwuid();
- old_user = pwd ? pwd->pw_name : "";
- }
-
openlog(program_invocation_short_name, 0, LOG_AUTH);
syslog(LOG_NOTICE, "%s(to %s) %s on %s",
successful ? "" :
su->runuser ? "FAILED RUNUSER " : "FAILED SU ",
- new_user, old_user,
+ su->new_user, su->old_user ? : "",
su->tty_name ? : "none");
closelog();
}
static void supam_authenticate(struct su_context *su)
{
- const struct passwd *lpw = NULL;
const char *srvname = NULL;
int retval;
if (is_pam_failure(retval))
goto done;
}
-
- lpw = current_getpwuid();
- if (lpw && lpw->pw_name) {
- retval = pam_set_item(su->pamh, PAM_RUSER, (const void *)lpw->pw_name);
+ if (su->old_user) {
+ retval = pam_set_item(su->pamh, PAM_RUSER, (const void *) su->old_user);
if (is_pam_failure(retval))
goto done;
}
-
if (su->runuser) {
/*
* This is the only difference between runuser(1) and su(1). The command
struct su_context _su = {
.conv = { supam_conv, NULL },
.runuser = (mode == RUNUSER_MODE ? 1 : 0),
- .change_environment = 1
+ .change_environment = 1,
+ .new_user = DEFAULT_USER
}, *su = &_su;
int optc;
- const char *new_user = DEFAULT_USER, *runuser_user = NULL;
char *command = NULL;
int request_same_session = 0;
char *shell = NULL;
case 'u':
if (!su->runuser)
errtryhelp(EXIT_FAILURE);
- runuser_user = optarg;
+ su->runuser_uopt = 1;
+ su->new_user = optarg;
break;
case 'h':
switch (mode) {
case RUNUSER_MODE:
- if (runuser_user) {
- /* runuser -u <user> <command> */
- new_user = runuser_user;
- if (shell || su->fast_startup || command || su->simulate_login) {
+ /* runuser -u <user> <command> */
+ if (su->runuser_uopt) {
+ if (shell || su->fast_startup || command || su->simulate_login)
errx(EXIT_FAILURE,
- _
- ("options --{shell,fast,command,session-command,login} and "
+ _("options --{shell,fast,command,session-command,login} and "
"--user are mutually exclusive"));
- }
if (optind == argc)
- errx(EXIT_FAILURE,
- _("no command was specified"));
-
+ errx(EXIT_FAILURE, _("no command was specified"));
break;
}
/* fallthrough if -u <user> is not specified, then follow
*/
case SU_MODE:
if (optind < argc)
- new_user = argv[optind++];
+ su->new_user = argv[optind++];
break;
}
logindefs_set_loader(load_config, (void *) su);
init_tty(su);
- su->pwd = xgetpwnam(new_user, &su->pwdbuf);
+ su->pwd = xgetpwnam(su->new_user, &su->pwdbuf);
if (!su->pwd
|| !su->pwd->pw_passwd
|| !su->pwd->pw_name || !*su->pwd->pw_name
|| !su->pwd->pw_dir || !*su->pwd->pw_dir)
- errx(EXIT_FAILURE, _("user %s does not exist"), new_user);
+ errx(EXIT_FAILURE, _("user %s does not exist"), su->new_user);
+
+ su->new_user = su->pwd->pw_name;
+ su->old_user = xgetlogin();
if (!su->pwd->pw_shell || !*su->pwd->pw_shell)
su->pwd->pw_shell = DEFAULT_SHELL;
su->same_session = 1;
/* initialize shell variable only if "-u <user>" not specified */
- if (runuser_user) {
+ if (su->runuser_uopt) {
shell = NULL;
} else {
if (!shell && !su->change_environment)
projects / thirdparty / util-linux.git / commitdiff
