+2013-08-20 Nicolas François <nicolas.francois@centraliens.net>
+
+ * src/su.c: call handle_session() before changing the UID so that
+ PAM sessions can be closed as root. This require to set the pt
+ slave ownership to the user we are switching to.
+
2013-08-20 Nicolas François <nicolas.francois@centraliens.net>
* src/su.c: There are no more SIGTSTP signal handler.
char *args[],
char *const envp[]);
static RETSIGTYPE kill_child (int unused(s));
-static void handle_session (void);
+static void handle_session (const struct passwd *pw);
#ifndef USE_PAM
static RETSIGTYPE die (int);
static bool iswheel (const char *);
* or if not a controlling terminal then wait for the child to
* terminate and exit.
*/
-static void handle_session (void)
+static void handle_session (const struct passwd *pw)
{
sigset_t ourset;
int status;
(void) close (fd_ptmx);
exit (1);
}
+
+ if (fchown (fd_pts, pw->pw_uid, -1) != 0) {
+ fprintf (stderr, _("%s: Cannot set ownership of pt slave\n"), Prog);
+ (void) close (fd_pts);
+ (void) close (fd_ptmx);
+ exit (1);
+ }
}
exit (1);
}
+ handle_session (pw);
+
/* become the new user */
if (change_uid (pw) != 0) {
exit (1);
}
-
- handle_session ();
#else /* !USE_PAM */
/* no limits if su from root (unless su must fake login's behavior) */
if (!caller_is_root || fakelogin) {
setup_limits (pw);
}
+ handle_session (pw);
+
if (setup_uid_gid (pw, caller_on_console) != 0) {
exit (1);
}
-
- handle_session ();
#endif /* !USE_PAM */
projects / thirdparty / shadow.git / commitdiff
