diff -Nur coreutils-5.2.1.orig/configure.ac coreutils-5.2.1/configure.ac --- coreutils-5.2.1.orig/configure.ac Tue Mar 2 23:47:31 2004 +++ coreutils-5.2.1/configure.ac Thu Mar 18 17:06:38 2004 @@ -7,6 +7,13 @@ AM_INIT_AUTOMAKE([1.8 gnits dist-bzip2]) +dnl Give the chance to enable PAM +AC_ARG_ENABLE(pam, dnl +[ --enable-pam Enable use of the PAM libraries], +AC_DEFINE(USE_PAM,,[Use PAM?]) +LIB_PAM="-ldl -lpam -lpam_misc" +) + gl_DEFAULT_POSIX2_VERSION gl_USE_SYSTEM_EXTENSIONS jm_PERL @@ -235,6 +242,13 @@ AM_GNU_GETTEXT([external], [need-ngettext]) AM_GNU_GETTEXT_VERSION(0.13.1) +# just in case we want PAM +AC_SUBST(LIB_PAM) +# with PAM su doesn't need libcrypt +if test -n "$LIB_PAM" ; then + LIB_CRYPT= +fi + AC_CONFIG_FILES( Makefile doc/Makefile diff -Nur coreutils-5.2.1.orig/doc/coreutils.texi coreutils-5.2.1/doc/coreutils.texi --- coreutils-5.2.1.orig/doc/coreutils.texi Thu Mar 18 16:58:54 2004 +++ coreutils-5.2.1/doc/coreutils.texi Thu Mar 18 17:08:08 2004 @@ -11892,32 +11892,6 @@ the exit status of the subshell otherwise @end display -@cindex wheel group, not supported -@cindex group wheel, not supported -@cindex fascism -@subsection Why GNU @command{su} does not support the @samp{wheel} group - -(This section is by Richard Stallman.) - -@cindex Twenex -@cindex MIT AI lab -Sometimes a few of the users try to hold total power over all the -rest. For example, in 1984, a few users at the MIT AI lab decided to -seize power by changing the operator password on the Twenex system and -keeping it secret from everyone else. (I was able to thwart this coup -and give power back to the users by patching the kernel, but I -wouldn't know how to do that in Unix.) - -However, occasionally the rulers do tell someone. Under the usual -@command{su} mechanism, once someone learns the root password who -sympathizes with the ordinary users, he or she can tell the rest. The -``wheel group'' feature would make this impossible, and thus cement the -power of the rulers. - -I'm on the side of the masses, not that of the rulers. If you are -used to supporting the bosses and sysadmins in whatever they do, you -might find this idea strange at first. - @node Delaying @chapter Delaying diff -Nur coreutils-5.2.1.orig/man/es/su.1 coreutils-5.2.1/man/es/su.1 --- coreutils-5.2.1.orig/man/es/su.1 Mon Apr 12 14:26:19 1999 +++ coreutils-5.2.1/man/es/su.1 Thu Mar 18 17:05:55 2004 @@ -47,13 +47,6 @@ puede ser compilado para reportar fallo, y opcionalmente éxito en syslog. .B su intentará utilizar syslog. -.PP -Este programa no soporta el grupo "wheel", el cual restringe quien podrá -ejecutar -.B su -hacia la cuenta de root (el superusuario) ya que esta política podría -ayudar a los administradores de máquinas a facilitar un uso inadecuado a otros -usuarios. .SS OPCIONES .TP .I "\-c COMANDO, \-\-command=COMANDO" @@ -118,22 +111,3 @@ .I "\-\-version" Escribe información sobre la versión en la salida estándar y acaba sin provocar error. - -.SH Por que GNU no soporta el grupo "wheel" (por Richard Stallman) -A veces, algunos listillos intentan hacerse con el poder total -sobre el resto de usuarios. Por ejemplo, en 1984, un grupo de usuarios del -laboratorio de Inteligencia Artificial del MIT decidieron tomar el poder -cambiando el password de operador del sistema Twenex y manteniendolo secreto -para el resto de usuarios. (De todas maneras, hubiera sido posible desbaratar -la situación y devolver el control a los usuarios legítimos parcheando el -kernel, pero no sabría como realizar esta operación en un sistema Unix.) -.PP -Sin embargo, casualmente alguien contó el secreto. Mediante el uso habitual de -.B su -una vez que alguien conoce el password de root puede contarselo al resto de -usuarios. El grupo "wheel" hará que esto sea imposible, protegiendo así el poder -de los superusuarios. -.PP -Yo estoy del lado de las masas, no de los superusuarios. Si eres de los que -estan de acuerdo con los jefes y los administradores de sistemas en cualquier -cosa que hagan, al principio encontrarás esta idea algo extraña. diff -Nur coreutils-5.2.1.orig/man/fr/su.1 coreutils-5.2.1/man/fr/su.1 --- coreutils-5.2.1.orig/man/fr/su.1 Sun Aug 10 12:00:00 2003 +++ coreutils-5.2.1/man/fr/su.1 Thu Mar 18 17:05:55 2004 @@ -54,13 +54,6 @@ peut être compilé afin de fournir des rapports d'échec, et éventuellement de réussite des tentatives d'utilisation de .BR su . -.PP -Ce programme ne gère pas le "groupe wheel" utilisé pour restreindre -l'accès par -.B su -au compte Super-Utilisateur, car il pourrait aider des administrateurs -système fascistes à disposer d'un pouvoir incontrôlé -sur les autres utilisateurs. .SS OPTIONS .TP .I "\-c COMMANDE, \-\-command=COMMANDE" @@ -119,25 +112,5 @@ .I "\-\-version" Afficher un numéro de version sur la sortie standard et se terminer normalement. -.SH Pourquoi GNU SU ne gère-t-il pas le groupe `wheel' (par Richard Stallman) -Il peut arriver qu'un petit groupe d'utilisateurs essayent de s'approprier -l'ensemble du système. Par exemple, en 1984, quelques utilisateurs du -laboratoire d'I.A du MIT ont tentés de prendre le pouvoir en modifiant -le mot de passe de l'opérateur sur le système Twenex, et en -gardant ce mot de passe secret. (J'ai pu les en empêcher en modifiant le noyau, et -restaurer ainsi les autres accès, mais je ne saurais pas en faire autant -sous Unix). -.PP -Néanmoins, il arrive parfois que les chefs fournissent le mot -de passe de root à un utilisateur ordinaire. -Avec le mécanisme habituel de \fBsu\fP, -une fois que quelqu'un connaît ce mot de passe, il peut le transmettre -à ses amis. Le principe du "groupe wheel" rend ce partage impossible, -ce qui renforce la puissance des chefs. -.PP -Je me situe du cote du peuple, pas du côté des chefs. Si vous avez l'habitude -de soutenir les patrons et les administrateurs systèmes quoi qu'ils fassent, -cette idée peut vous paraître étrange au premier abord. - .SH TRADUCTION Christophe Blaess, 1997-2003. diff -Nur coreutils-5.2.1.orig/man/hu/su.1 coreutils-5.2.1/man/hu/su.1 --- coreutils-5.2.1.orig/man/hu/su.1 Sun Jul 9 14:19:12 2000 +++ coreutils-5.2.1/man/hu/su.1 Thu Mar 18 17:05:55 2004 @@ -151,33 +151,6 @@ .B "\-\-version" A program verziójáról ír ki információt a standard kimenetre, majd sikeres visszatérési értékkel kilép. -.SH Miért nem támogatja a GNU su a wheel csoportot? (Richard Stallman) - -Néha a rendszer fölötti teljes ellenõrzést egy néhány emberbõl -álló csoport akarja kézbe venni. Például 1984-ben pár user a MIT AI -laborban úgy döntött, hogy átveszik az irányítást a Twenex rendszer -operátori jelszavának megváltoztatásával, és annak titokban tartásával. -(A puccsot sikerült leverni, és a felhasználókat jogaikba visszahelyezni -egy kernel patch segítségével, de Unix alatt ezt nem tudtam volna megcsinálni.) -(A fordító megj.: a wheel csoportot ezzel a módszerrel könnyen -önkényesen is leszûkíthetik a csoporttagok , így tulajdonképpen nincs sok értelme.) -.PP -Néha az uralmon levõk elárulják a root jelszót. A szokásos su -mechanizmus szerint, ha valaki megtudja a root jelszót, és -szimpatizál a többi közönséges felhasználóval, elárulhatja nekik -is. A wheel csoport ezt lehetetlenné tenné, és így bebetonozná az -uralmon levõ hatalmát. -.PP -Én a tömegek oldalán állok, nem az uralkodókén. Ha te mindig a -fõnökök és a rendszergazdák oldalán állsz, bármit is tesznek, akkor -valószínûleg furcsálni fogod ezt a hozzáállást. -.PP -A fordító megjegyzése: -Valami jó azért mégis lenne a wheel csoportban: az, hogy ha a root -jelszó kitudódna azzal nem tudna bármelyik felhasználó közvetlenül -visszaélni. A wheel csoporthoz hasonló dolgot lehet elérni a -.B sudo -csomaggal. .SH MEGJEGYZÉS A hibákat a bug-sh-utils@gnu.org címen lehet jelenteni. Az oldalt Ragnar Hojland Espinosa frissítette. diff -Nur coreutils-5.2.1.orig/man/it/su.1 coreutils-5.2.1/man/it/su.1 --- coreutils-5.2.1.orig/man/it/su.1 Mon Jul 1 23:09:38 2002 +++ coreutils-5.2.1/man/it/su.1 Thu Mar 18 17:05:55 2004 @@ -52,11 +52,6 @@ .B su può essere compilato per riportare tramite syslog gli errori, ed eventualmente anche i successi che ottiene. -.PP -Questo programma non supporta un "gruppo wheel" che limita chi può fare -.B su -agli account del superuser, poiché ciò può aiutare amministratori di -sistema "fascisti" a tenere un potere inautorizzato sugli altri utenti. .SS OPZIONI .TP .I "\-c COMANDO, \-\-command=COMANDO" @@ -117,21 +112,3 @@ .I "\-\-version" Stampa in standard output informazioni sulla versione e esce (con successo). -.SH Perché GNU su non supporta il gruppo wheel (di Richard Stallman) -Qualche volta pochi utenti provano a tenere il potere assoluto sul -resto degli utenti. Per esempio, nel 1984, alcuni utenti nel -laboratorio di AI del MIT decisero impossessarsi del potere cambiando -la password dell'operatore su un sistema Twenex e tenendola segreta a -tutti gli altri (fui in grado di contrastare questo colpaccio e -restituire il potere agli utenti ``patch-ando'' il kernel, ma non -saprei come fare ciò in Unix). -.PP -Comunque, occasionalmente i sovrani lo fanno. Tramite l'usuale -meccanismo su, una volta che qualcuno che simpatizzi con gli -utenti normali, abbia imparato la password di root può dirla anche -agli altri. La caratteristica del "gruppo wheel" renderebbe ciò -impossibile, consolidando quindi il potere dei sovrani. -.PP -Io sono dalla parte delle masse, non da quella dei sovrani. Se tu sei -abituato a sostenere i capi e gli amministratori di sistema in tutto -quello che fanno, potresti trovare questa idea strana all'inizio. diff -Nur coreutils-5.2.1.orig/man/ja/su.1 coreutils-5.2.1/man/ja/su.1 --- coreutils-5.2.1.orig/man/ja/su.1 Sun Dec 14 16:06:54 2003 +++ coreutils-5.2.1/man/ja/su.1 Thu Mar 18 17:05:55 2004 @@ -83,12 +83,6 @@ .B su ¤¬¼ºÇÔ¤·¤¿¤È¤­ syslog ¤Ë¥ì¥Ý¡¼¥È¤¹¤ë¤è¤¦¤Ë¥³¥ó¥Ñ¥¤¥ë¤¹¤ë¤³¤È ¤¬¤Ç¤­¤ë¡ÊÀ®¸ù¤ò¥ì¥Ý¡¼¥È¤¹¤ë¤è¤¦¤Ë¤â¤Ç¤­¤ë¡Ë¡£ -.PP -¤³¤Î¥×¥í¥°¥é¥à¤Ï "wheel group" ¤Îµ¡Ç½¡Ê -.B su -¤Ë¤è¤Ã¤Æ¥¹¡¼¥Ñ¡¼¥æ¡¼¥¶¡¼¥¢¥«¥¦¥ó¥È¤Ë¤Ê¤ì¤ë¥æ¡¼¥¶¤òÀ©¸Â¤¹¤ëµ¡Ç½¡Ë¤ò¥µ¥Ý¡¼ -¥È¤·¤Ê¤¤¡£¤³¤ì¤ÏÀìÀ©Åª¤Ê¥·¥¹¥Æ¥à´ÉÍý¼Ô¤¬Â¾¤Î¥æ¡¼¥¶¡¼¤ËÉÔÅö¤Ê¸¢ÎϤò¿¶¤ë -¤¨¤Ê¤¤¤è¤¦¤Ë¤¹¤ë¤¿¤á¤Ç¤¢¤ë¡£ .SS OPTIONS .TP .I "\-c COMMAND, \-\-command=COMMAND" @@ -151,19 +145,3 @@ .TP .I "\-\-version" ¥Ð¡¼¥¸¥ç¥ó¾ðÊó¤òɸ½à½ÐÎϤËɽ¼¨¤·¡¢¼Â¹ÔÀ®¸ù¤òÊÖ¤·¤Æ½ªÎ»¤¹¤ë¡£ -.SH GNU su ¤Ç wheel ¥°¥ë¡¼¥×¤ò¥µ¥Ý¡¼¥È¤·¤Ê¤¤¤ï¤±¡ÊRichard Stallman¡Ë -¤È¤­¤ª¤ê¡¢¾¯¿ô¤Î¥æ¡¼¥¶¡¼¤Ë¤è¤Ã¤Æ¡¢Â¾¤Î¥æ¡¼¥¶¡¼¤ËÂФ¹¤ëÁ´¸¢¤ò¾¸°®¤·¤è¤¦ -¤È¤¹¤ë»î¤ß¤¬¤Ê¤µ¤ì¤ë¤³¤È¤¬¤¢¤ë¡£Î㤨¤Ð 1984 ǯ¡¢ MIT AI ¥é¥Ü¤Î¾¯¿ô¤Î¥æ¡¼ -¥¶¡¼¤Ï Twenex ¥·¥¹¥Æ¥à¤Î¥ª¥Ú¥ì¡¼¥¿¡¼¥Ñ¥¹¥ï¡¼¥É¤ÎÊѹ¹¸¢¸Â¤ò¶¯Ã¥¤·¡¢¤³¤ì -¤ò¾¤Î¥æ¡¼¥¶¡¼¤«¤éÈëÆ¿¤¹¤ë¤³¤È¤Ë·èÄꤷ¤¿¡Ê¤³¤ÎºÝ¤Ë¤Ï»ä¤Ï¤³¤Î¥¯¡¼¥Ç¥¿¡¼ -¤Î΢¤ò¤«¤­¡¢¥«¡¼¥Í¥ë¤Ë¥Ñ¥Ã¥Á¤òÅö¤Æ¤Æ¸¢¸Â¤ò¼è¤êÊÖ¤¹¤³¤È¤ËÀ®¸ù¤·¤¿¡£¤·¤« -¤·¤³¤ì¤¬ Unix ¤Ç¤¢¤Ã¤¿¤é¡¢»ä¤Ë¤Ï¤É¤¦¤¹¤ì¤Ð¤è¤¤¤«¤ï¤«¤é¤Ê¤«¤Ã¤¿¤À¤í¤¦¡Ë¡£ -.PP -¤·¤«¤·¤Ê¤¬¤é¡¢»þ¤Ë¤ÏÀìÀ©¼Ô¤âÈëÌ©¤òϳ¤é¤¹¤â¤Î¤Ç¤¢¤ë¡£Ä̾ï¤Î su ¤Î¥á¥«¥Ë -¥º¥à¤Ç¤Ï¡¢°ìÈ̥桼¥¶¡¼¤Î¦¤ËΩ¤Ä¼Ô¤¬ root ¤Î¥Ñ¥¹¥ï¡¼¥É¤òÃΤì¤Ð¡¢¤³¤ì¤ò -¾¤Î¥æ¡¼¥¶¡¼¤Ë¤âÃΤ餻¤ë¤³¤È¤¬¤Ç¤­¤ë¡£¤·¤«¤· "wheel group" µ¡Ç½¤Ï¤³¤ì -¤òÉÔ²Äǽ¤Ë¤·¡¢·ë²Ì¤È¤·¤ÆÀìÀ©¼Ôã¤Î¸¢¸Â¤ò¶¯¸Ç¤¿¤ë¤â¤Î¤Ë¤·¤Æ¤·¤Þ¤¦¡£ -.PP -»ä¤ÏÂç½°¤Î¦¤ËΩ¤Ä¤â¤Î¤Ç¤¢¤ê¡¢ÀìÀ©Åª¤ÊΩ¾ì¤Ë¤ÏÈ¿ÂФ¹¤ë¡£¤¢¤Ê¤¿¤Ï¥Ü¥¹¤ä -¥·¥¹¥Æ¥à´ÉÍý¼Ô¤Î¤ä¤ê¸ý¤Ë½¾¤¦¤³¤È¤Ë´·¤ì¤Æ¤¤¤ë¤«¤âÃΤì¤Ê¤¤¤¬¡¢¤½¤Î¾ì¹ç¤Ï -¤Þ¤º¤½¤Î¤³¤È¼«¿È¤òÉԻ׵Ĥ˻פ¦¤Ù¤­¤Ç¤Ï¤Ê¤¤¤À¤í¤¦¤«¡£ diff -Nur coreutils-5.2.1.orig/man/pl/su.1 coreutils-5.2.1/man/pl/su.1 --- coreutils-5.2.1.orig/man/pl/su.1 Tue Jun 20 16:07:31 2000 +++ coreutils-5.2.1/man/pl/su.1 Thu Mar 18 17:05:55 2004 @@ -78,8 +78,6 @@ mo¿e zostaæ tak skompilowane, by raportowa³o nieudane, lub opcjonalnie równie¿ udane próby zmiany id przy u¿yciu .BR su . -Jednak \fBsu\fP w wersji GNU nie sprawdza czy u¿ytkownik jest cz³onkiem grupy -`wheel' -- patrz poni¿ej. .SH OPCJE .TP .BR \-c " \fIpolecenie\fP, " \-\-command= \fIpolecenie @@ -139,25 +137,6 @@ .TP .B \-\-version Wy¶wietla numer wersji programu i koñczy pracê. -.SH Dlaczego GNU `su' nie obs³uguje grupy `wheel' - -(Sekcjê tê napisa³ Richard Stallman) - -Czasami kilku u¿ytkowników usi³uje sprawowaæ nieograniczon± w³adzê nad -pozosta³ymi. Na przyk³ad, w 1984, kilku u¿ytkowników w laboratorium AI MIT -zdecydowa³o siê `przej±æ w³adzê' zmieniaj±c has³o operatora systemu Twenex -i trzymaj±c je w tajemnicy przed wszystkimi innymi. (Uda³o mi siê -udaremniæ ten zamach i przywróciæ w³adzê u¿ytkownikom ³ataj±c j±dro, lecz -nie wiedzia³bym jak zrobiæ to w Uniksie.) - -Jednak, od czasu do czasu panuj±cy wyjawiaj± komu¶. Przy zwyk³ym -mechanizmie `su', kto¶, kto pozna³ has³o root'a i sympatyzuje ze zwyk³ymi -u¿ytkownikami, mo¿e przekazaæ je pozosta³ym. Funkcja "grupy wheel" -uniemo¿liwia³aby to, i w ten sposób umacnia³a w³adzê rz±dz±cych. - -Jestem po stronie mas, nie po stronie rz±dz±cych. Je¿eli zwyk³e¶ popieraæ -szefów i administratorów systemów we wszystkim, co robi±, podej¶cie to mo¿e -pocz±tkowo wydaæ Ci siê dziwne. .SH "ZG£ASZANIE B£ÊDÓW" B³êdy proszê zg³aszaæ, w jêz.ang., do . .SH COPYRIGHT diff -Nur coreutils-5.2.1.orig/po/pl.po coreutils-5.2.1/po/pl.po --- coreutils-5.2.1.orig/po/pl.po Thu Mar 18 16:58:54 2004 +++ coreutils-5.2.1/po/pl.po Thu Mar 18 17:05:55 2004 @@ -7332,6 +7332,41 @@ msgid "Usage: %s [OPTION]... [-] [USER [ARG]...]\n" msgstr "Sk³adnia: %s [OPCJA]... [-] [U¯YTKOWNIK [ARGUMENT]...]\n" +#: src/su.c:468 +msgid "could not open session\n" +msgstr "nie mo¿na otworzyæ sesji\n" + +#: src/su.c:476 +msgid "error copying PAM environment\n" +msgstr "b³±d podczas kopiowania ¶rodowiska PAM\n" + +#: src/su.c:521 +#, c-format +msgid "cannot fork user shell: %s" +msgstr "nie mo¿na utworzyæ procesu pow³oki u¿ytkownika: %s" + +#: src/su.c:527 +#, c-format +msgid "%s: signal malfunction\n" +msgstr "%s: b³êdne dzia³anie sygna³ów\n" + +#: src/su.c:540 +#, c-format +msgid "%s: signal masking malfunction\n" +msgstr "%s: b³êdne dzia³anie maskowania sygna³ów\n" + +#: src/su.c:559 +msgid "" +"\n" +"Session terminated, killing shell..." +msgstr "" +"\n" +"Sesja zakoñczona, zabijanie pow³oki..." + +#: src/su.c:569 +msgid " killed.\n" +msgstr " zabito.\n" + #: src/su.c:437 msgid "" "Change the effective user id and group id to that of USER.\n" diff -Nur coreutils-5.2.1.orig/src/Makefile.am coreutils-5.2.1/src/Makefile.am --- coreutils-5.2.1.orig/src/Makefile.am Mon Feb 2 09:12:57 2004 +++ coreutils-5.2.1/src/Makefile.am Thu Mar 18 17:08:45 2004 @@ -63,7 +63,7 @@ uptime_LDADD = $(LDADD) $(GETLOADAVG_LIBS) -su_LDADD = $(LDADD) $(LIB_CRYPT) +su_LDADD = $(LDADD) $(LIB_CRYPT) $(LIB_PAM) $(PROGRAMS): ../lib/libfetish.a diff -Nur coreutils-5.2.1.orig/src/su.c coreutils-5.2.1/src/su.c --- coreutils-5.2.1.orig/src/su.c Wed Jan 21 23:27:02 2004 +++ coreutils-5.2.1/src/su.c Thu Mar 18 17:11:21 2004 @@ -38,6 +38,16 @@ restricts who can su to UID 0 accounts. RMS considers that to be fascist. +#ifdef USE_PAM + + Actually, with PAM, su has nothing to do with whether or not a + wheel group is enforced by su. RMS tries to restrict your access + to a su which implements the wheel group, but PAM considers that + to be fascist, and gives the user/sysadmin the opportunity to + enforce a wheel group by proper editing of /etc/pam.conf + +#endif + Options: -, -l, --login Make the subshell a login shell. Unset all environment variables except @@ -81,6 +91,14 @@ prototype (returning `int') in . */ #define getusershell _getusershell_sys_proto_ +#ifdef USE_PAM +# include +# include +# include +# include +# include +#endif /* USE_PAM */ + #include "system.h" #include "dirname.h" @@ -141,7 +159,9 @@ /* The user to become if none is specified. */ #define DEFAULT_USER "root" +#ifndef USE_PAM char *crypt (); +#endif char *getpass (); char *getusershell (); void endusershell (); @@ -149,7 +169,7 @@ extern char **environ; -static void run_shell (const char *, const char *, char **) +static void run_shell (const char *, const char *, char **, const struct passwd *) ATTRIBUTE_NORETURN; /* The name this program was run with. */ @@ -262,7 +282,22 @@ } #endif +#ifdef USE_PAM +static pam_handle_t *pamh = NULL; +static int retval; +static struct pam_conv conv = { + misc_conv, + NULL +}; + +#define PAM_BAIL_P if (retval) { \ + pam_end(pamh, PAM_SUCCESS); \ + return 0; \ +} +#endif + /* Ask the user for a password. + If PAM is in use, let PAM ask for the password if necessary. Return 1 if the user gives the correct password for entry PW, 0 if not. Return 1 without asking for a password if run by UID 0 or if PW has an empty password. */ @@ -270,6 +305,29 @@ static int correct_password (const struct passwd *pw) { +#ifdef USE_PAM + /* root always succeeds; this isn't an authentication question (no + * extra privs are being granted) so it shouldn't authenticate with PAM. + * However, we want to create the pam_handle so that proper credentials + * are created later with pam_setcred(). */ + retval = pam_start(PROGRAM_NAME, pw->pw_name, &conv, &pamh); + PAM_BAIL_P; + + retval = pam_authenticate(pamh, 0); + PAM_BAIL_P; + + retval = pam_acct_mgmt(pamh, 0); + if (retval == PAM_NEW_AUTHTOK_REQD) { + /* password has expired. Offer option to change it. */ + if (getuid()) { + retval = pam_chauthtok(pamh, PAM_CHANGE_EXPIRED_AUTHTOK); + PAM_BAIL_P; + } else retval = PAM_SUCCESS; + } + PAM_BAIL_P; + /* must be authenticated if this point was reached */ + return 1; +#else /* !USE_PAM */ char *unencrypted, *encrypted, *correct; #if HAVE_GETSPNAM && HAVE_STRUCT_SPWD_SP_PWDP /* Shadow passwd stuff for SVR3 and maybe other systems. */ @@ -294,6 +352,7 @@ encrypted = crypt (unencrypted, correct); memset (unencrypted, 0, strlen (unencrypted)); return strcmp (encrypted, correct) == 0; +#endif /* !USE_PAM */ } /* Update `environ' for the new shell based on PW, with SHELL being @@ -303,16 +362,20 @@ modify_environment (const struct passwd *pw, const char *shell) { char *term; + char *display; if (simulate_login) { - /* Leave TERM unchanged. Set HOME, SHELL, USER, LOGNAME, PATH. + /* Leave TERM, DISPLAY unchanged. Set HOME, SHELL, USER, LOGNAME, PATH. Unset all other environment variables. */ term = getenv ("TERM"); + display = getenv ("DISPLAY"); environ = xmalloc (2 * sizeof (char *)); environ[0] = 0; if (term) xputenv (concat ("TERM", "=", term)); + if (display) + xputenv (concat ("DISPLAY", "=", display)); xputenv (concat ("HOME", "=", pw->pw_dir)); xputenv (concat ("SHELL", "=", shell)); xputenv (concat ("USER", "=", pw->pw_name)); @@ -349,23 +412,74 @@ error (EXIT_FAIL, errno, _("cannot set groups")); endgrent (); #endif +#ifdef USE_PAM + retval = pam_setcred(pamh, PAM_ESTABLISH_CRED); + if (retval != PAM_SUCCESS) + error (1, 0, pam_strerror(pamh, retval)); +#endif /* USE_PAM */ if (setgid (pw->pw_gid)) error (EXIT_FAIL, errno, _("cannot set group id")); if (setuid (pw->pw_uid)) error (EXIT_FAIL, errno, _("cannot set user id")); } +#ifdef USE_PAM +static int caught=0; +/* Signal handler for parent process later */ +static void su_catch_sig(int sig) +{ + ++caught; +} + +int +pam_copyenv (pam_handle_t *pamh) +{ + char **env; + + env = pam_getenvlist(pamh); + if(env) { + while(*env) { + xputenv(*env); + env++; + } + } + return(0); +} +#endif + /* Run SHELL, or DEFAULT_SHELL if SHELL is empty. If COMMAND is nonzero, pass it to the shell with the -c option. If ADDITIONAL_ARGS is nonzero, pass it to the shell as more arguments. */ static void -run_shell (const char *shell, const char *command, char **additional_args) +run_shell (const char *shell, const char *command, char **additional_args, const struct passwd *pw) { const char **args; int argno = 1; +#ifdef USE_PAM + int child; + sigset_t ourset; + int status; + + retval = pam_open_session(pamh,0); + if (retval != PAM_SUCCESS) { + fprintf (stderr, _("could not open session\n")); + exit (1); + } + +/* do this at the last possible moment, because environment variables may + be passed even in the session phase +*/ + if(pam_copyenv(pamh) != PAM_SUCCESS) + fprintf (stderr, _("error copying PAM environment\n")); + + child = fork(); + if (child == 0) { /* child shell */ + change_identity (pw); + pam_end(pamh, 0); +#endif if (additional_args) args = xmalloc (sizeof (char *) * (10 + elements (additional_args))); @@ -402,6 +516,61 @@ error (0, errno, "%s", shell); exit (exit_status); } +#ifdef USE_PAM + } else if (child == -1) { + fprintf(stderr, _("cannot fork user shell: %s"), strerror(errno)); + exit(1); + } + /* parent only */ + sigfillset(&ourset); + if (sigprocmask(SIG_BLOCK, &ourset, NULL)) { + fprintf(stderr, _("%s: signal malfunction\n"), PROGRAM_NAME); + caught = 1; + } + if (!caught) { + struct sigaction action; + action.sa_handler = su_catch_sig; + sigemptyset(&action.sa_mask); + action.sa_flags = 0; + sigemptyset(&ourset); + if (sigaddset(&ourset, SIGTERM) + || sigaddset(&ourset, SIGALRM) + || sigaction(SIGTERM, &action, NULL) + || sigprocmask(SIG_UNBLOCK, &ourset, NULL)) { + fprintf(stderr, _("%s: signal masking malfunction\n"), PROGRAM_NAME); + caught = 1; + } + } + if (!caught) { + do { + int pid; + + pid = waitpid(-1, &status, WUNTRACED); + + if (WIFSTOPPED(status)) { + kill(getpid(), SIGSTOP); + /* once we get here, we must have resumed */ + kill(pid, SIGCONT); + } + } while (WIFSTOPPED(status)); + } + + if (caught) { + fprintf(stderr, _("\nSession terminated, killing shell...")); + kill (child, SIGTERM); + } + retval = pam_close_session(pamh, 0); + PAM_BAIL_P; + retval = pam_end(pamh, PAM_SUCCESS); + PAM_BAIL_P; + if (caught) { + sleep(2); + kill(child, SIGKILL); + fprintf(stderr, _(" killed.\n")); + exit(-1); + } + exit (WEXITSTATUS(status)); +#endif /* USE_PAM */ } /* Return 1 if SHELL is a restricted shell (one not returned by @@ -577,9 +746,14 @@ } modify_environment (pw, shell); + +#ifdef USE_PAM + setfsuid(pw->pw_uid); +#else change_identity (pw); +#endif if (simulate_login && chdir (pw->pw_dir)) error (0, errno, _("warning: cannot change directory to %s"), pw->pw_dir); - run_shell (shell, command, additional_args); + run_shell (shell, command, additional_args, pw); }