aboutsummaryrefslogtreecommitdiff
path: root/loginutils/su.c
diff options
context:
space:
mode:
authorLadislav Michl <Ladislav.Michl@seznam.cz>2010-06-27 03:23:31 +0200
committerDenys Vlasenko <vda.linux@googlemail.com>2010-06-27 03:23:31 +0200
commita73b87e9343df2a6f14e328a977e7b70eb3ed707 (patch)
tree564869bde93c870b20f6d4d8a3da71e42b629f2e /loginutils/su.c
parent1b14cdb27ca5e8104a824424731be430c8592dd6 (diff)
downloadbusybox-w32-a73b87e9343df2a6f14e328a977e7b70eb3ed707.tar.gz
busybox-w32-a73b87e9343df2a6f14e328a977e7b70eb3ed707.tar.bz2
busybox-w32-a73b87e9343df2a6f14e328a977e7b70eb3ed707.zip
*: s/"/bin/sh"/DEFAULT_SHELL, run_shell() API fix, remove unneeded strdup
function old new delta run_shell 157 166 +9 su_main 477 470 -7 sulogin_main 515 503 -12 Signed-off-by: Ladislav Michl <Ladislav.Michl@seznam.cz> Signed-off-by: Denys Vlasenko <vda.linux@googlemail.com>
Diffstat (limited to 'loginutils/su.c')
-rw-r--r--loginutils/su.c57
1 files changed, 31 insertions, 26 deletions
diff --git a/loginutils/su.c b/loginutils/su.c
index af25655fd..9bae37551 100644
--- a/loginutils/su.c
+++ b/loginutils/su.c
@@ -10,23 +10,27 @@
10 10
11#if ENABLE_FEATURE_SU_CHECKS_SHELLS 11#if ENABLE_FEATURE_SU_CHECKS_SHELLS
12/* Return 1 if SHELL is a restricted shell (one not returned by 12/* Return 1 if SHELL is a restricted shell (one not returned by
13 getusershell), else 0, meaning it is a standard shell. */ 13 * getusershell), else 0, meaning it is a standard shell. */
14static int restricted_shell(const char *shell) 14static int restricted_shell(const char *shell)
15{ 15{
16 char *line; 16 char *line;
17 int result = 1;
17 18
18 /*setusershell(); - getusershell does it itself*/ 19 /*setusershell(); - getusershell does it itself*/
19 while ((line = getusershell()) != NULL) { 20 while ((line = getusershell()) != NULL) {
20 if (/* *line != '#' && */ strcmp(line, shell) == 0) 21 if (/* *line != '#' && */ strcmp(line, shell) == 0) {
21 return 0; 22 result = 0;
23 break;
24 }
22 } 25 }
23 endusershell(); 26 if (ENABLE_FEATURE_CLEAN_UP)
24 return 1; 27 endusershell();
28 return result;
25} 29}
26#endif 30#endif
27 31
28#define SU_OPT_mp (3) 32#define SU_OPT_mp (3)
29#define SU_OPT_l (4) 33#define SU_OPT_l (4)
30 34
31int su_main(int argc, char **argv) MAIN_EXTERNALLY_VISIBLE; 35int su_main(int argc, char **argv) MAIN_EXTERNALLY_VISIBLE;
32int su_main(int argc UNUSED_PARAM, char **argv) 36int su_main(int argc UNUSED_PARAM, char **argv)
@@ -38,7 +42,8 @@ int su_main(int argc UNUSED_PARAM, char **argv)
38 struct passwd *pw; 42 struct passwd *pw;
39 uid_t cur_uid = getuid(); 43 uid_t cur_uid = getuid();
40 const char *tty; 44 const char *tty;
41 char *old_user; 45 char user_buf[64];
46 const char *old_user;
42 47
43 flags = getopt32(argv, "mplc:s:", &opt_command, &opt_shell); 48 flags = getopt32(argv, "mplc:s:", &opt_command, &opt_shell);
44 //argc -= optind; 49 //argc -= optind;
@@ -56,21 +61,18 @@ int su_main(int argc UNUSED_PARAM, char **argv)
56 } 61 }
57 62
58 if (ENABLE_FEATURE_SU_SYSLOG) { 63 if (ENABLE_FEATURE_SU_SYSLOG) {
59 /* The utmp entry (via getlogin) is probably the best way to identify 64 /* The utmp entry (via getlogin) is probably the best way to
60 * the user, especially if someone su's from a su-shell. 65 * identify the user, especially if someone su's from a su-shell.
61 * But getlogin can fail -- usually due to lack of utmp entry. 66 * But getlogin can fail -- usually due to lack of utmp entry.
62 * in this case resort to getpwuid. */ 67 * in this case resort to getpwuid. */
63 const char *user;
64#if ENABLE_FEATURE_UTMP 68#if ENABLE_FEATURE_UTMP
65 char user_buf[64]; 69 old_user = user_buf;
66 user = user_buf;
67 if (getlogin_r(user_buf, sizeof(user_buf)) != 0) 70 if (getlogin_r(user_buf, sizeof(user_buf)) != 0)
68#endif 71#endif
69 { 72 {
70 pw = getpwuid(cur_uid); 73 pw = getpwuid(cur_uid);
71 user = pw ? pw->pw_name : ""; 74 old_user = pw ? xstrdup(pw->pw_name) : "";
72 } 75 }
73 old_user = xstrdup(user);
74 tty = xmalloc_ttyname(2); 76 tty = xmalloc_ttyname(2);
75 if (!tty) { 77 if (!tty) {
76 tty = "none"; 78 tty = "none";
@@ -80,13 +82,7 @@ int su_main(int argc UNUSED_PARAM, char **argv)
80 82
81 pw = xgetpwnam(opt_username); 83 pw = xgetpwnam(opt_username);
82 84
83 /* Make sure pw->pw_shell is non-NULL. It may be NULL when NEW_USER 85 if (cur_uid == 0 || correct_password(pw)) {
84 is a username that is retrieved via NIS (YP), but that doesn't have
85 a default shell listed. */
86 if (!pw->pw_shell || !pw->pw_shell[0])
87 pw->pw_shell = (char *)DEFAULT_SHELL;
88
89 if ((cur_uid == 0) || correct_password(pw)) {
90 if (ENABLE_FEATURE_SU_SYSLOG) 86 if (ENABLE_FEATURE_SU_SYSLOG)
91 syslog(LOG_NOTICE, "%c %s %s:%s", 87 syslog(LOG_NOTICE, "%c %s %s:%s",
92 '+', tty, old_user, opt_username); 88 '+', tty, old_user, opt_username);
@@ -99,21 +95,30 @@ int su_main(int argc UNUSED_PARAM, char **argv)
99 95
100 if (ENABLE_FEATURE_CLEAN_UP && ENABLE_FEATURE_SU_SYSLOG) { 96 if (ENABLE_FEATURE_CLEAN_UP && ENABLE_FEATURE_SU_SYSLOG) {
101 closelog(); 97 closelog();
102 free(old_user);
103 } 98 }
104 99
105 if (!opt_shell && (flags & SU_OPT_mp)) 100 if (!opt_shell && (flags & SU_OPT_mp)) {
101 /* -s SHELL is not given, but "preserve env" opt is */
106 opt_shell = getenv("SHELL"); 102 opt_shell = getenv("SHELL");
103 }
104
105 /* Make sure pw->pw_shell is non-NULL. It may be NULL when NEW_USER
106 * is a username that is retrieved via NIS (YP), that doesn't have
107 * a default shell listed. */
108 if (!pw->pw_shell || !pw->pw_shell[0])
109 pw->pw_shell = (char *)DEFAULT_SHELL;
107 110
108#if ENABLE_FEATURE_SU_CHECKS_SHELLS 111#if ENABLE_FEATURE_SU_CHECKS_SHELLS
109 if (opt_shell && cur_uid != 0 && restricted_shell(pw->pw_shell)) { 112 if (opt_shell && cur_uid != 0 && restricted_shell(pw->pw_shell)) {
110 /* The user being su'd to has a nonstandard shell, and so is 113 /* The user being su'd to has a nonstandard shell, and so is
111 probably a uucp account or has restricted access. Don't 114 * probably a uucp account or has restricted access. Don't
112 compromise the account by allowing access with a standard 115 * compromise the account by allowing access with a standard
113 shell. */ 116 * shell. */
114 bb_error_msg("using restricted shell"); 117 bb_error_msg("using restricted shell");
115 opt_shell = NULL; 118 opt_shell = NULL;
116 } 119 }
120 /* else: user can run whatever he wants via "su -s PROG USER".
121 * This is safe since PROG is run under user's uid/gid. */
117#endif 122#endif
118 if (!opt_shell) 123 if (!opt_shell)
119 opt_shell = pw->pw_shell; 124 opt_shell = pw->pw_shell;