[packages/coreutils.git] / coreutils-pam.patch

--- coreutils-6.7/src/Makefile.am.pam	2006-11-24 21:28:10.000000000 +0000
+++ coreutils-6.7/src/Makefile.am	2007-01-09 17:00:01.000000000 +0000
@@ -359,7 +359,7 @@
 uptime_LDADD += $(GETLOADAVG_LIBS)
 
 # for crypt
-su_LDADD += $(LIB_CRYPT)
+su_LDADD += $(LIB_CRYPT) $(LIB_PAM)
 
 # for various ACL functions
 copy_LDADD += $(LIB_ACL)
--- coreutils-6.10/src/su.c.orig	2007-11-25 14:23:31.000000000 +0100
+++ coreutils-6.10/src/su.c	2008-03-02 02:07:13.568059486 +0100
@@ -37,6 +37,16 @@
    restricts who can su to UID 0 accounts.  RMS considers that to
    be fascist.
 
+#ifdef USE_PAM
+
+   Actually, with PAM, su has nothing to do with whether or not a
+   wheel group is enforced by su.  RMS tries to restrict your access
+   to a su which implements the wheel group, but PAM considers that
+   to be fascist, and gives the user/sysadmin the opportunity to
+   enforce a wheel group by proper editing of /etc/pam.conf
+
+#endif
+
    Compile-time options:
    -DSYSLOG_SUCCESS	Log successful su's (by default, to root) with syslog.
    -DSYSLOG_FAILURE	Log failed su's (by default, to root) with syslog.
@@ -58,6 +68,15 @@
    prototype (returning `int') in <unistd.h>.  */
 #define getusershell _getusershell_sys_proto_
 
+#ifdef USE_PAM
+# include <signal.h>
+# include <sys/wait.h>
+# include <sys/fsuid.h>
+# include <unistd.h>
+# include <security/pam_appl.h>
+# include <security/pam_misc.h>
+#endif /* USE_PAM */
+
 #include "system.h"
 #include "getpass.h"

@@ -130,10 +130,17 @@
 /* The user to become if none is specified.  */
 #define DEFAULT_USER "root"
 
+#ifndef USE_PAM
 char *crypt (char const *key, char const *salt);
+#endif
 
-static void run_shell (char const *, char const *, char **, size_t)
+static void run_shell (char const *, char const *, char **, size_t,
+		const struct passwd *)
+#ifdef USE_PAM
+	;
+#else
      ATTRIBUTE_NORETURN;
+#endif
 
 /* If true, pass the `-f' option to the subshell.  */
 static bool fast_startup;
@@ -215,7 +241,26 @@
 }
 #endif
 
+#ifdef USE_PAM
+static pam_handle_t *pamh = NULL;
+static int retval;
+static struct pam_conv conv = {
+  misc_conv,
+  NULL
+};
+
+#define PAM_BAIL_P if (retval) { \
+  pam_end(pamh, PAM_SUCCESS); \
+  return 0; \
+}
+#define PAM_BAIL_P_VOID if (retval) {		\
+  pam_end(pamh, PAM_SUCCESS);			\
+return;						\
+}
+#endif
+
 /* Ask the user for a password.
+   If PAM is in use, let PAM ask for the password if necessary.
    Return true if the user gives the correct password for entry PW,
    false if not.  Return true without asking for a password if run by UID 0
    or if PW has an empty password.  */
@@ -223,6 +268,44 @@
 static bool
 correct_password (const struct passwd *pw)
 {
+#ifdef USE_PAM
+  struct passwd *caller;
+  char *tty_name, *ttyn;
+  retval = pam_start(PROGRAM_NAME, pw->pw_name, &conv, &pamh);
+  PAM_BAIL_P;
+
+  if (getuid() != 0 && !isatty(0)) {
+	fprintf(stderr, _("standard in must be a tty\n"));
+	exit(1);
+  }
+
+  caller = getpwuid(getuid());
+  if(caller != NULL && caller->pw_name != NULL) {
+	  retval = pam_set_item(pamh, PAM_RUSER, caller->pw_name);
+	  PAM_BAIL_P;
+  }
+
+  ttyn = ttyname(0);
+  if (ttyn) {
+    if (strncmp(ttyn, "/dev/", 5) == 0)
+       tty_name = ttyn+5;
+    else
+       tty_name = ttyn;
+    retval = pam_set_item(pamh, PAM_TTY, tty_name);
+    PAM_BAIL_P;
+  }
+  retval = pam_authenticate(pamh, 0);
+  PAM_BAIL_P;
+  retval = pam_acct_mgmt(pamh, 0);
+  if (retval == PAM_NEW_AUTHTOK_REQD && getuid()) {
+    /* password has expired.  Offer option to change it. */
+    retval = pam_chauthtok(pamh, PAM_CHANGE_EXPIRED_AUTHTOK);
+    PAM_BAIL_P;
+  }
+  PAM_BAIL_P;
+  /* must be authenticated if this point was reached */
+  return 1;
+#else /* !USE_PAM */
   char *unencrypted, *encrypted, *correct;
 #if HAVE_GETSPNAM && HAVE_STRUCT_SPWD_SP_PWDP
   /* Shadow passwd stuff for SVR3 and maybe other systems.  */
@@ -247,6 +330,7 @@
   encrypted = crypt (unencrypted, correct);
   memset (unencrypted, 0, strlen (unencrypted));
   return STREQ (encrypted, correct);
+#endif /* !USE_PAM */
 }
 
 /* Update `environ' for the new shell based on PW, with SHELL being
@@ -260,12 +344,18 @@
       /* Leave TERM unchanged.  Set HOME, SHELL, USER, LOGNAME, PATH.
          Unset all other environment variables.  */
       char const *term = getenv ("TERM");
+      char const *display = getenv ("DISPLAY");
+      char const *xauthority = getenv ("XAUTHORITY");
       if (term)
         term = xstrdup (term);
       environ = xmalloc ((6 + !!term) * sizeof (char *));
       environ[0] = NULL;
       if (term)
         xsetenv ("TERM", term);
+      if (display)
+        xsetenv ("DISPLAY", display);
+      if (xauthority)
+        xsetenv ("XAUTHORITY", xauthority);
       xsetenv ("HOME", pw->pw_dir);
       xsetenv ("SHELL", shell);
       xsetenv ("USER", pw->pw_name);
@@ -373,8 +373,13 @@
 {
 #ifdef HAVE_INITGROUPS
   errno = 0;
-  if (initgroups (pw->pw_name, pw->pw_gid) == -1)
+  if (initgroups (pw->pw_name, pw->pw_gid) == -1) {
+#ifdef USE_PAM
+      pam_close_session(pamh, 0);
+      pam_end(pamh, PAM_ABORT);
+#endif
     error (EXIT_CANCELED, errno, _("cannot set groups"));
+  }
   endgrent ();
 #endif
   if (setgid (pw->pw_gid))
@@ -308,6 +403,31 @@
     error (EXIT_FAILURE, errno, _("cannot set user id"));
 }
 
+#ifdef USE_PAM
+static int caught=0;
+/* Signal handler for parent process later */
+static void su_catch_sig(int sig)
+{
+  ++caught;
+}
+
+int
+pam_copyenv (pam_handle_t *pamh)
+{
+  char **env;
+
+  env = pam_getenvlist(pamh);
+  if(env) {
+    while(*env) {
+	if (putenv (*env))
+	  xalloc_die ();
+	env++;
+    }
+  }
+  return(0);
+}
+#endif
+
 /* Run SHELL, or DEFAULT_SHELL if SHELL is empty.
    If COMMAND is nonzero, pass it to the shell with the -c option.
    Pass ADDITIONAL_ARGS to the shell as more arguments; there
@@ -315,17 +435,49 @@
 
 static void
 run_shell (char const *shell, char const *command, char **additional_args,
-           size_t n_additional_args)
+           size_t n_additional_args, const struct passwd *pw)
 {
   size_t n_args = 1 + fast_startup + 2 * !!command + n_additional_args + 1;
   char const **args = xnmalloc (n_args, sizeof *args);
   size_t argno = 1;
+#ifdef USE_PAM
+  int child;
+  sigset_t ourset;
+  int status;
+
+  retval = pam_open_session(pamh,0);
+  if (retval != PAM_SUCCESS) {
+    fprintf (stderr, _("could not open session\n"));
+    exit (1);
+  }
+
+/* do this at the last possible moment, because environment variables may
+   be passed even in the session phase
+*/
+  if(pam_copyenv(pamh) != PAM_SUCCESS)
+     fprintf (stderr, _("error copying PAM environment\n"));
+  
+  /* Credentials should be set in the parent */ 
+  if (pam_setcred(pamh, PAM_ESTABLISH_CRED) != PAM_SUCCESS) {
+    pam_close_session(pamh, 0);
+    fprintf(stderr, _("could not set PAM credentials\n"));
+    exit(1);
+  }
+
+  child = fork();
+  if (child == 0) {  /* child shell */
+  change_identity (pw);
+  pam_end(pamh, 0);
+#endif
 
   if (simulate_login)
     {
       char *arg0;
       char *shell_basename;
 
+      if(chdir(pw->pw_dir))
+	      error(0, errno, _("warning: cannot change directory to %s"), pw->pw_dir);
+
       shell_basename = last_component (shell);
       arg0 = xmalloc (strlen (shell_basename) + 2);
       arg0[0] = '-';
@@ -350,6 +502,66 @@
     error (0, errno, "%s", shell);
     exit (exit_status);
   }
+#ifdef USE_PAM
+  } else if (child == -1) {
+      fprintf(stderr, _("can not fork user shell: %s"), strerror(errno));
+      pam_setcred(pamh, PAM_DELETE_CRED | PAM_SILENT);
+      pam_close_session(pamh, 0);
+      pam_end(pamh, PAM_ABORT);
+      exit(1);
+  }
+  /* parent only */
+  sigfillset(&ourset);
+  if (sigprocmask(SIG_BLOCK, &ourset, NULL)) {
+    fprintf(stderr, _("%s: signal malfunction\n"), PROGRAM_NAME);
+    caught = 1;
+  }
+  if (!caught) {
+    struct sigaction action;
+    action.sa_handler = su_catch_sig;
+    sigemptyset(&action.sa_mask);
+    action.sa_flags = 0;
+    sigemptyset(&ourset);
+    if (sigaddset(&ourset, SIGTERM)
+        || sigaddset(&ourset, SIGALRM)
+        || sigaction(SIGTERM, &action, NULL)
+        || sigprocmask(SIG_UNBLOCK, &ourset, NULL)) {
+      fprintf(stderr, _("%s: signal masking malfunction\n"), PROGRAM_NAME);
+      caught = 1;
+    }
+  }
+  if (!caught) {
+    do {
+      int pid;
+
+      pid = waitpid(-1, &status, WUNTRACED);
+
+      if (WIFSTOPPED(status)) {
+          kill(getpid(), SIGSTOP);
+          /* once we get here, we must have resumed */
+          kill(pid, SIGCONT);
+      }
+    } while (WIFSTOPPED(status));
+  }
+
+  if (caught) {
+    fprintf(stderr, _("\nSession terminated, killing shell..."));
+    kill (child, SIGTERM);
+  }
+  /* Not checking retval on this because we need to call close session */
+  pam_setcred(pamh, PAM_DELETE_CRED | PAM_SILENT);
+  retval = pam_close_session(pamh, 0);
+  PAM_BAIL_P_VOID;
+  retval = pam_end(pamh, PAM_SUCCESS);
+  PAM_BAIL_P_VOID;
+  if (caught) {
+    sleep(2);
+    kill(child, SIGKILL);
+    fprintf(stderr, _(" ...killed.\n"));
+    exit(-1);
+  }
+  exit (WEXITSTATUS(status));
+#endif /* USE_PAM */
 }
 
 /* Return true if SHELL is a restricted shell (one not returned by
@@ -714,9 +714,9 @@
   shell = xstrdup (shell ? shell : pw->pw_shell);
   modify_environment (pw, shell);
 
+#ifndef USE_PAM
   change_identity (pw);
-  if (simulate_login && chdir (pw->pw_dir) != 0)
-    error (0, errno, _("warning: cannot change directory to %s"), pw->pw_dir);
+#endif
 
   /* error() flushes stderr, but does not check for write failure.
      Normally, we would catch this via our atexit() hook of
@@ -726,5 +726,5 @@
   if (ferror (stderr))
     exit (EXIT_CANCELED);
 
-  run_shell (shell, command, argv + optind, MAX (0, argc - optind));
+  run_shell (shell, command, argv + optind, MAX (0, argc - optind), pw);
 }
--- coreutils-6.7/doc/coreutils.texi.pam	2006-10-27 15:30:48.000000000 +0100
+++ coreutils-6.7/doc/coreutils.texi	2007-01-09 17:00:01.000000000 +0000
@@ -13395,8 +13395,11 @@
 @findex syslog
 @command{su} can optionally be compiled to use @code{syslog} to report
 failed, and optionally successful, @command{su} attempts.  (If the system
-supports @code{syslog}.)  However, GNU @command{su} does not check if the
-user is a member of the @code{wheel} group; see below.
+supports @code{syslog}.)
+
+This version of @command{su} has support for using PAM for
+authentication.  You can edit @file{/etc/pam.d/su} to customize its
+behaviour.
 
 The program accepts the following options.  Also see @ref{Common options}.
 
@@ -11892,32 +11892,6 @@
 the exit status of the subshell otherwise
 @end display
 
-@cindex wheel group, not supported
-@cindex group wheel, not supported
-@cindex fascism
-@subsection Why GNU @command{su} does not support the @samp{wheel} group
-
-(This section is by Richard Stallman.)
-
-@cindex Twenex
-@cindex MIT AI lab
-Sometimes a few of the users try to hold total power over all the
-rest.  For example, in 1984, a few users at the MIT AI lab decided to
-seize power by changing the operator password on the Twenex system and
-keeping it secret from everyone else.  (I was able to thwart this coup
-and give power back to the users by patching the kernel, but I
-wouldn't know how to do that in Unix.)
-
-However, occasionally the rulers do tell someone.  Under the usual
-@command{su} mechanism, once someone learns the root password who
-sympathizes with the ordinary users, he or she can tell the rest.  The
-``wheel group'' feature would make this impossible, and thus cement the
-power of the rulers.
-
-I'm on the side of the masses, not that of the rulers.  If you are
-used to supporting the bosses and sysadmins in whatever they do, you
-might find this idea strange at first.
-
 
 @node Delaying
 @chapter Delaying
--- coreutils-6.10/configure.ac.orig	2008-01-13 09:14:23.000000000 +0100
+++ coreutils-6.10/configure.ac	2008-03-02 02:08:10.027276914 +0100
@@ -44,6 +44,13 @@
 gl_INIT
 coreutils_MACROS
 
+dnl Give the chance to enable PAM
+AC_ARG_ENABLE(pam, dnl
+[  --enable-pam              Enable use of the PAM libraries],
+AC_DEFINE(USE_PAM, 1, [Define if you want to use PAM])
+LIB_PAM="-ldl -lpam -lpam_misc"
+)
+
 AC_FUNC_FORK
 
 optional_bin_progs=
@@ -332,6 +339,13 @@
 AM_GNU_GETTEXT([external], [need-formatstring-macros])
 AM_GNU_GETTEXT_VERSION([0.15])
 
+# just in case we want PAM
+AC_SUBST(LIB_PAM)
+# with PAM su doesn't need libcrypt
+if test -n "$LIB_PAM" ; then
+  LIB_CRYPT=
+fi
+
 AC_CONFIG_FILES(
   Makefile
   doc/Makefile
--- coreutils-6.10/po/pl.po.orig	2008-01-16 21:22:08.000000000 +0100
+++ coreutils-6.10/po/pl.po	2008-03-02 02:09:23.671473657 +0100
@@ -8875,6 +8875,49 @@
 msgid "Usage: %s [OPTION]... [-] [USER [ARG]...]\n"
 msgstr "Składnia: %s [OPCJA]... [-] [UŻYTKOWNIK [ARGUMENT]...]\n"
 
+#: src/su.c:300
+msgid "standard in must be a tty\n\n"
+msgstr "standardowe wejście musi być terminalem\n"
+
+#: src/su.c:425
+msgid "could not open session\n"
+msgstr "nie można otworzyć sesji\n"
+
+#: src/su.c:433
+msgid "error copying PAM environment\n"
+msgstr "błąd podczas kopiowania środowiska PAM\n"
+
+#: src/su.c:450
+msgid "could not set PAM credentials\n"
+msgstr "błąd podczas ustawiania uwierzytelnienia PAM\n"
+
+#: src/su.c:471
+#, c-format
+msgid "cannot fork user shell: %s"
+msgstr "nie można utworzyć procesu powłoki użytkownika: %s"
+
+#: src/su.c:477
+#, c-format
+msgid "%s: signal malfunction\n"
+msgstr "%s: błędne działanie sygnałów\n"
+
+#: src/su.c:490
+#, c-format
+msgid "%s: signal masking malfunction\n"
+msgstr "%s: błędne działanie maskowania sygnałów\n"
+
+#: src/su.c:509
+msgid ""
+"\n"
+"Session terminated, killing shell..."
+msgstr ""
+"\n"
+"Sesja zakończona, zabijanie powłoki..."
+
+#: src/su.c:519
+msgid " killed.\n"
+msgstr " zabito.\n"
+
 #: src/su.c:382
 msgid ""
 "Change the effective user id and group id to that of USER.\n"
diff -Nur coreutils-5.2.1.orig/man/es/su.1 coreutils-5.2.1/man/es/su.1
--- coreutils-5.2.1.orig/man/es/su.1	Mon Apr 12 14:26:19 1999
+++ coreutils-5.2.1/man/es/su.1	Thu Mar 18 17:05:55 2004
@@ -47,13 +47,6 @@
Commit	Line	Data
ca7ee99d JR	1	--- coreutils-6.7/src/Makefile.am.pam 2006-11-24 21:28:10.000000000 +0000
ca7ee99d JR	2	+++ coreutils-6.7/src/Makefile.am 2007-01-09 17:00:01.000000000 +0000
2a866b46 AM	3	@@ -359,7 +359,7 @@
2a866b46 AM	4	uptime_LDADD += $(GETLOADAVG_LIBS)
f774849c	5
2a866b46 AM	6	# for crypt
	7	-su_LDADD += $(LIB_CRYPT)
	8	+su_LDADD += $(LIB_CRYPT) $(LIB_PAM)
ca7ee99d	9
2a866b46 AM	10	# for various ACL functions
2a866b46 AM	11	copy_LDADD += $(LIB_ACL)
3c350007 JB	12	--- coreutils-6.10/src/su.c.orig 2007-11-25 14:23:31.000000000 +0100
	13	+++ coreutils-6.10/src/su.c 2008-03-02 02:07:13.568059486 +0100
	14	@@ -37,6 +37,16 @@
ca7ee99d JR	15	restricts who can su to UID 0 accounts. RMS considers that to
	16	be fascist.
	17
	18	+#ifdef USE_PAM
f774849c	19	+
ca7ee99d JR	20	+ Actually, with PAM, su has nothing to do with whether or not a
	21	+ wheel group is enforced by su. RMS tries to restrict your access
	22	+ to a su which implements the wheel group, but PAM considers that
	23	+ to be fascist, and gives the user/sysadmin the opportunity to
	24	+ enforce a wheel group by proper editing of /etc/pam.conf
	25	+
	26	+#endif
	27	+
	28	Compile-time options:
	29	-DSYSLOG_SUCCESS Log successful su's (by default, to root) with syslog.
	30	-DSYSLOG_FAILURE Log failed su's (by default, to root) with syslog.
3c350007	31	@@ -58,6 +68,15 @@
ca7ee99d JR	32	prototype (returning `int') in <unistd.h>. */
ca7ee99d JR	33	#define getusershell _getusershell_sys_proto_
f774849c	34
ca7ee99d JR	35	+#ifdef USE_PAM
	36	+# include <signal.h>
	37	+# include <sys/wait.h>
	38	+# include <sys/fsuid.h>
	39	+# include <unistd.h>
	40	+# include <security/pam_appl.h>
	41	+# include <security/pam_misc.h>
	42	+#endif /* USE_PAM */
f774849c	43	+
ca7ee99d JR	44	#include "system.h"
ca7ee99d JR	45	#include "getpass.h"
2a866b46 AM	46
2a866b46 AM	47	@@ -130,10 +130,17 @@
ca7ee99d JR	48	/* The user to become if none is specified. */
ca7ee99d JR	49	#define DEFAULT_USER "root"
f774849c	50
ca7ee99d	51	+#ifndef USE_PAM
ce369209	52	char crypt (char const key, char const *salt);
ca7ee99d	53	+#endif
f774849c	54
c2be74f0	55	-static void run_shell (char const , char const , char **, size_t)
ca7ee99d	56	+static void run_shell (char const , char const , char **, size_t,
2a866b46	57	+ const struct passwd *)
ca7ee99d JR	58	+#ifdef USE_PAM
	59	+ ;
	60	+#else
f774849c	61	ATTRIBUTE_NORETURN;
ca7ee99d	62	+#endif
f774849c	63
2a866b46 AM	64	/* If true, pass the `-f' option to the subshell. */
2a866b46 AM	65	static bool fast_startup;
3c350007	66	@@ -215,7 +241,26 @@
f774849c	67	}
	68	#endif
	69
	70	+#ifdef USE_PAM
	71	+static pam_handle_t *pamh = NULL;
	72	+static int retval;
	73	+static struct pam_conv conv = {
	74	+ misc_conv,
	75	+ NULL
	76	+};
	77	+
	78	+#define PAM_BAIL_P if (retval) { \
	79	+ pam_end(pamh, PAM_SUCCESS); \
	80	+ return 0; \
	81	+}
ca7ee99d JR	82	+#define PAM_BAIL_P_VOID if (retval) { \
	83	+ pam_end(pamh, PAM_SUCCESS); \
	84	+return; \
	85	+}
f774849c	86	+#endif
	87	+
	88	/* Ask the user for a password.
	89	+ If PAM is in use, let PAM ask for the password if necessary.
c2be74f0 JB	90	Return true if the user gives the correct password for entry PW,
c2be74f0 JB	91	false if not. Return true without asking for a password if run by UID 0
f774849c	92	or if PW has an empty password. */
3c350007	93	@@ -223,6 +268,44 @@
c2be74f0	94	static bool
f774849c	95	correct_password (const struct passwd *pw)
	96	{
	97	+#ifdef USE_PAM
ca7ee99d JR	98	+ struct passwd *caller;
ca7ee99d JR	99	+ char tty_name, ttyn;
f774849c	100	+ retval = pam_start(PROGRAM_NAME, pw->pw_name, &conv, &pamh);
	101	+ PAM_BAIL_P;
	102	+
ca7ee99d JR	103	+ if (getuid() != 0 && !isatty(0)) {
	104	+ fprintf(stderr, _("standard in must be a tty\n"));
	105	+ exit(1);
	106	+ }
	107	+
	108	+ caller = getpwuid(getuid());
	109	+ if(caller != NULL && caller->pw_name != NULL) {
	110	+ retval = pam_set_item(pamh, PAM_RUSER, caller->pw_name);
	111	+ PAM_BAIL_P;
	112	+ }
	113	+
	114	+ ttyn = ttyname(0);
	115	+ if (ttyn) {
	116	+ if (strncmp(ttyn, "/dev/", 5) == 0)
	117	+ tty_name = ttyn+5;
	118	+ else
	119	+ tty_name = ttyn;
	120	+ retval = pam_set_item(pamh, PAM_TTY, tty_name);
	121	+ PAM_BAIL_P;
	122	+ }
f774849c	123	+ retval = pam_authenticate(pamh, 0);
f774849c	124	+ PAM_BAIL_P;
f774849c	125	+ retval = pam_acct_mgmt(pamh, 0);
ca7ee99d	126	+ if (retval == PAM_NEW_AUTHTOK_REQD && getuid()) {
f774849c	127	+ /* password has expired. Offer option to change it. */
ca7ee99d JR	128	+ retval = pam_chauthtok(pamh, PAM_CHANGE_EXPIRED_AUTHTOK);
ca7ee99d JR	129	+ PAM_BAIL_P;
f774849c	130	+ }
	131	+ PAM_BAIL_P;
	132	+ /* must be authenticated if this point was reached */
	133	+ return 1;
	134	+#else /* !USE_PAM */
	135	char unencrypted, encrypted, *correct;
	136	#if HAVE_GETSPNAM && HAVE_STRUCT_SPWD_SP_PWDP
	137	/* Shadow passwd stuff for SVR3 and maybe other systems. */
3c350007	138	@@ -247,6 +330,7 @@
f774849c	139	encrypted = crypt (unencrypted, correct);
f774849c	140	memset (unencrypted, 0, strlen (unencrypted));
c2be74f0	141	return STREQ (encrypted, correct);
f774849c	142	+#endif /* !USE_PAM */
	143	}
	144
	145	/* Update `environ' for the new shell based on PW, with SHELL being
3c350007	146	@@ -260,12 +344,18 @@
ca7ee99d	147	/* Leave TERM unchanged. Set HOME, SHELL, USER, LOGNAME, PATH.
f774849c	148	Unset all other environment variables. */
c2be74f0 JB	149	char const *term = getenv ("TERM");
c2be74f0 JB	150	+ char const *display = getenv ("DISPLAY");
ca7ee99d	151	+ char const *xauthority = getenv ("XAUTHORITY");
c2be74f0	152	if (term)
6fd30452	153	term = xstrdup (term);
ca7ee99d	154	environ = xmalloc ((6 + !!term) * sizeof (char *));
c2be74f0	155	environ[0] = NULL;
f774849c	156	if (term)
6fd30452	157	xsetenv ("TERM", term);
f774849c	158	+ if (display)
6fd30452	159	+ xsetenv ("DISPLAY", display);
ca7ee99d	160	+ if (xauthority)
6fd30452	161	+ xsetenv ("XAUTHORITY", xauthority);
c2be74f0 JB	162	xsetenv ("HOME", pw->pw_dir);
	163	xsetenv ("SHELL", shell);
	164	xsetenv ("USER", pw->pw_name);
2a866b46	165	@@ -373,8 +373,13 @@
ca7ee99d JR	166	{
	167	#ifdef HAVE_INITGROUPS
	168	errno = 0;
	169	- if (initgroups (pw->pw_name, pw->pw_gid) == -1)
	170	+ if (initgroups (pw->pw_name, pw->pw_gid) == -1) {
	171	+#ifdef USE_PAM
2a866b46 AM	172	+ pam_close_session(pamh, 0);
2a866b46 AM	173	+ pam_end(pamh, PAM_ABORT);
ca7ee99d	174	+#endif
2a866b46	175	error (EXIT_CANCELED, errno, _("cannot set groups"));
ca7ee99d	176	+ }
f774849c	177	endgrent ();
f774849c	178	#endif
f774849c	179	if (setgid (pw->pw_gid))
3c350007 JB	180	@@ -308,6 +403,31 @@
3c350007 JB	181	error (EXIT_FAILURE, errno, _("cannot set user id"));
f774849c	182	}
	183
	184	+#ifdef USE_PAM
	185	+static int caught=0;
	186	+/* Signal handler for parent process later */
	187	+static void su_catch_sig(int sig)
	188	+{
	189	+ ++caught;
	190	+}
	191	+
	192	+int
	193	+pam_copyenv (pam_handle_t *pamh)
	194	+{
	195	+ char **env;
ca7ee99d	196	+
f774849c	197	+ env = pam_getenvlist(pamh);
	198	+ if(env) {
	199	+ while(*env) {
ca7ee99d JR	200	+ if (putenv (*env))
ca7ee99d JR	201	+ xalloc_die ();
f774849c	202	+ env++;
	203	+ }
	204	+ }
	205	+ return(0);
	206	+}
	207	+#endif
	208	+
	209	/* Run SHELL, or DEFAULT_SHELL if SHELL is empty.
	210	If COMMAND is nonzero, pass it to the shell with the -c option.
c2be74f0	211	Pass ADDITIONAL_ARGS to the shell as more arguments; there
3c350007	212	@@ -315,17 +435,49 @@
f774849c	213
f774849c	214	static void
c2be74f0	215	run_shell (char const shell, char const command, char **additional_args,
6fd30452 AM	216	- size_t n_additional_args)
6fd30452 AM	217	+ size_t n_additional_args, const struct passwd *pw)
f774849c	218	{
c2be74f0 JB	219	size_t n_args = 1 + fast_startup + 2 * !!command + n_additional_args + 1;
	220	char const *args = xnmalloc (n_args, sizeof args);
	221	size_t argno = 1;
f774849c	222	+#ifdef USE_PAM
	223	+ int child;
	224	+ sigset_t ourset;
	225	+ int status;
	226	+
	227	+ retval = pam_open_session(pamh,0);
	228	+ if (retval != PAM_SUCCESS) {
40ce7301	229	+ fprintf (stderr, _("could not open session\n"));
f774849c	230	+ exit (1);
	231	+ }
	232	+
	233	+/* do this at the last possible moment, because environment variables may
	234	+ be passed even in the session phase
	235	+*/
	236	+ if(pam_copyenv(pamh) != PAM_SUCCESS)
40ce7301	237	+ fprintf (stderr, _("error copying PAM environment\n"));
700628e7	238	+
ca7ee99d JR	239	+ /* Credentials should be set in the parent */
	240	+ if (pam_setcred(pamh, PAM_ESTABLISH_CRED) != PAM_SUCCESS) {
	241	+ pam_close_session(pamh, 0);
	242	+ fprintf(stderr, _("could not set PAM credentials\n"));
	243	+ exit(1);
	244	+ }
	245	+
f774849c	246	+ child = fork();
	247	+ if (child == 0) { /* child shell */
	248	+ change_identity (pw);
	249	+ pam_end(pamh, 0);
	250	+#endif
ca7ee99d	251
c2be74f0 JB	252	if (simulate_login)
	253	{
	254	char *arg0;
ca7ee99d JR	255	char *shell_basename;
	256
	257	+ if(chdir(pw->pw_dir))
	258	+ error(0, errno, _("warning: cannot change directory to %s"), pw->pw_dir);
	259	+
	260	shell_basename = last_component (shell);
	261	arg0 = xmalloc (strlen (shell_basename) + 2);
	262	arg0[0] = '-';
3c350007	263	@@ -350,6 +502,66 @@
700628e7 JB	264	error (0, errno, "%s", shell);
700628e7 JB	265	exit (exit_status);
f774849c	266	}
	267	+#ifdef USE_PAM
	268	+ } else if (child == -1) {
ca7ee99d JR	269	+ fprintf(stderr, _("can not fork user shell: %s"), strerror(errno));
	270	+ pam_setcred(pamh, PAM_DELETE_CRED \| PAM_SILENT);
	271	+ pam_close_session(pamh, 0);
	272	+ pam_end(pamh, PAM_ABORT);
f774849c	273	+ exit(1);
	274	+ }
	275	+ /* parent only */
	276	+ sigfillset(&ourset);
	277	+ if (sigprocmask(SIG_BLOCK, &ourset, NULL)) {
40ce7301	278	+ fprintf(stderr, _("%s: signal malfunction\n"), PROGRAM_NAME);
f774849c	279	+ caught = 1;
	280	+ }
	281	+ if (!caught) {
	282	+ struct sigaction action;
	283	+ action.sa_handler = su_catch_sig;
	284	+ sigemptyset(&action.sa_mask);
	285	+ action.sa_flags = 0;
	286	+ sigemptyset(&ourset);
	287	+ if (sigaddset(&ourset, SIGTERM)
	288	+ \|\| sigaddset(&ourset, SIGALRM)
	289	+ \|\| sigaction(SIGTERM, &action, NULL)
	290	+ \|\| sigprocmask(SIG_UNBLOCK, &ourset, NULL)) {
40ce7301	291	+ fprintf(stderr, _("%s: signal masking malfunction\n"), PROGRAM_NAME);
f774849c	292	+ caught = 1;
	293	+ }
	294	+ }
	295	+ if (!caught) {
	296	+ do {
	297	+ int pid;
	298	+
	299	+ pid = waitpid(-1, &status, WUNTRACED);
	300	+
	301	+ if (WIFSTOPPED(status)) {
	302	+ kill(getpid(), SIGSTOP);
	303	+ /* once we get here, we must have resumed */
	304	+ kill(pid, SIGCONT);
	305	+ }
	306	+ } while (WIFSTOPPED(status));
	307	+ }
	308	+
	309	+ if (caught) {
40ce7301	310	+ fprintf(stderr, _("\nSession terminated, killing shell..."));
f774849c	311	+ kill (child, SIGTERM);
f774849c	312	+ }
ca7ee99d JR	313	+ /* Not checking retval on this because we need to call close session */
ca7ee99d JR	314	+ pam_setcred(pamh, PAM_DELETE_CRED \| PAM_SILENT);
f774849c	315	+ retval = pam_close_session(pamh, 0);
ca7ee99d	316	+ PAM_BAIL_P_VOID;
f774849c	317	+ retval = pam_end(pamh, PAM_SUCCESS);
ca7ee99d	318	+ PAM_BAIL_P_VOID;
f774849c	319	+ if (caught) {
	320	+ sleep(2);
	321	+ kill(child, SIGKILL);
ca7ee99d	322	+ fprintf(stderr, _(" ...killed.\n"));
f774849c	323	+ exit(-1);
	324	+ }
	325	+ exit (WEXITSTATUS(status));
	326	+#endif /* USE_PAM */
	327	}
	328
c2be74f0	329	/* Return true if SHELL is a restricted shell (one not returned by
2a866b46	330	@@ -714,9 +714,9 @@
c2be74f0	331	shell = xstrdup (shell ? shell : pw->pw_shell);
f774849c	332	modify_environment (pw, shell);
f774849c	333
ca7ee99d	334	+#ifndef USE_PAM
f774849c	335	change_identity (pw);
ca7ee99d JR	336	- if (simulate_login && chdir (pw->pw_dir) != 0)
ca7ee99d JR	337	- error (0, errno, _("warning: cannot change directory to %s"), pw->pw_dir);
f774849c	338	+#endif
f774849c	339
2a866b46 AM	340	/* error() flushes stderr, but does not check for write failure.
	341	Normally, we would catch this via our atexit() hook of
	342	@@ -726,5 +726,5 @@
	343	if (ferror (stderr))
	344	exit (EXIT_CANCELED);
	345
c2be74f0 JB	346	- run_shell (shell, command, argv + optind, MAX (0, argc - optind));
c2be74f0 JB	347	+ run_shell (shell, command, argv + optind, MAX (0, argc - optind), pw);
f774849c	348	}
ca7ee99d JR	349	--- coreutils-6.7/doc/coreutils.texi.pam 2006-10-27 15:30:48.000000000 +0100
	350	+++ coreutils-6.7/doc/coreutils.texi 2007-01-09 17:00:01.000000000 +0000
	351	@@ -13395,8 +13395,11 @@
	352	@findex syslog
	353	@command{su} can optionally be compiled to use @code{syslog} to report
	354	failed, and optionally successful, @command{su} attempts. (If the system
	355	-supports @code{syslog}.) However, GNU @command{su} does not check if the
	356	-user is a member of the @code{wheel} group; see below.
	357	+supports @code{syslog}.)
	358	+
	359	+This version of @command{su} has support for using PAM for
	360	+authentication. You can edit @file{/etc/pam.d/su} to customize its
	361	+behaviour.
	362
	363	The program accepts the following options. Also see @ref{Common options}.
	364
	365	@@ -11892,32 +11892,6 @@
	366	the exit status of the subshell otherwise
	367	@end display
	368
	369	-@cindex wheel group, not supported
	370	-@cindex group wheel, not supported
	371	-@cindex fascism
	372	-@subsection Why GNU @command{su} does not support the @samp{wheel} group
	373	-
	374	-(This section is by Richard Stallman.)
	375	-
	376	-@cindex Twenex
	377	-@cindex MIT AI lab
	378	-Sometimes a few of the users try to hold total power over all the
	379	-rest. For example, in 1984, a few users at the MIT AI lab decided to
	380	-seize power by changing the operator password on the Twenex system and
	381	-keeping it secret from everyone else. (I was able to thwart this coup
	382	-and give power back to the users by patching the kernel, but I
	383	-wouldn't know how to do that in Unix.)
	384	-
	385	-However, occasionally the rulers do tell someone. Under the usual
	386	-@command{su} mechanism, once someone learns the root password who
	387	-sympathizes with the ordinary users, he or she can tell the rest. The
	388	-``wheel group'' feature would make this impossible, and thus cement the
	389	-power of the rulers.
	390	-
	391	-I'm on the side of the masses, not that of the rulers. If you are
	392	-used to supporting the bosses and sysadmins in whatever they do, you
	393	-might find this idea strange at first.
	394	-
	395
	396	@node Delaying
	397	@chapter Delaying
3c350007 JB	398	--- coreutils-6.10/configure.ac.orig 2008-01-13 09:14:23.000000000 +0100
	399	+++ coreutils-6.10/configure.ac 2008-03-02 02:08:10.027276914 +0100
	400	@@ -44,6 +44,13 @@
ca7ee99d JR	401	gl_INIT
	402	coreutils_MACROS
	403
	404	+dnl Give the chance to enable PAM
	405	+AC_ARG_ENABLE(pam, dnl
	406	+[ --enable-pam Enable use of the PAM libraries],
c1e30285	407	+AC_DEFINE(USE_PAM, 1, [Define if you want to use PAM])
ca7ee99d JR	408	+LIB_PAM="-ldl -lpam -lpam_misc"
	409	+)
	410	+
3c350007 JB	411	AC_FUNC_FORK
	412
	413	optional_bin_progs=
	414	@@ -332,6 +339,13 @@
ca7ee99d JR	415	AM_GNU_GETTEXT([external], [need-formatstring-macros])
	416	AM_GNU_GETTEXT_VERSION([0.15])
	417
	418	+# just in case we want PAM
	419	+AC_SUBST(LIB_PAM)
	420	+# with PAM su doesn't need libcrypt
	421	+if test -n "$LIB_PAM" ; then
	422	+ LIB_CRYPT=
	423	+fi
	424	+
	425	AC_CONFIG_FILES(
	426	Makefile
	427	doc/Makefile
3c350007 JB	428	--- coreutils-6.10/po/pl.po.orig 2008-01-16 21:22:08.000000000 +0100
	429	+++ coreutils-6.10/po/pl.po 2008-03-02 02:09:23.671473657 +0100
	430	@@ -8875,6 +8875,49 @@
ca7ee99d	431	msgid "Usage: %s [OPTION]... [-] [USER [ARG]...]\n"
2f7c8a76	432	msgstr "Składnia: %s [OPCJA]... [-] [UŻYTKOWNIK [ARGUMENT]...]\n"
ca7ee99d JR	433
	434	+#: src/su.c:300
	435	+msgid "standard in must be a tty\n\n"
2f7c8a76	436	+msgstr "standardowe wejście musi być terminalem\n"
ca7ee99d JR	437	+
	438	+#: src/su.c:425
	439	+msgid "could not open session\n"
2f7c8a76	440	+msgstr "nie można otworzyć sesji\n"
ca7ee99d JR	441	+
	442	+#: src/su.c:433
	443	+msgid "error copying PAM environment\n"
2f7c8a76	444	+msgstr "błąd podczas kopiowania środowiska PAM\n"
ca7ee99d JR	445	+
	446	+#: src/su.c:450
	447	+msgid "could not set PAM credentials\n"
2f7c8a76	448	+msgstr "błąd podczas ustawiania uwierzytelnienia PAM\n"
ca7ee99d JR	449	+
	450	+#: src/su.c:471
	451	+#, c-format
	452	+msgid "cannot fork user shell: %s"
2f7c8a76	453	+msgstr "nie można utworzyć procesu powłoki użytkownika: %s"
ca7ee99d JR	454	+
	455	+#: src/su.c:477
	456	+#, c-format
	457	+msgid "%s: signal malfunction\n"
2f7c8a76	458	+msgstr "%s: błędne działanie sygnałów\n"
ca7ee99d JR	459	+
	460	+#: src/su.c:490
	461	+#, c-format
	462	+msgid "%s: signal masking malfunction\n"
2f7c8a76	463	+msgstr "%s: błędne działanie maskowania sygnałów\n"
ca7ee99d JR	464	+
	465	+#: src/su.c:509
	466	+msgid ""
	467	+"\n"
	468	+"Session terminated, killing shell..."
	469	+msgstr ""
	470	+"\n"
2f7c8a76	471	+"Sesja zakończona, zabijanie powłoki..."
ca7ee99d JR	472	+
	473	+#: src/su.c:519
	474	+msgid " killed.\n"
	475	+msgstr " zabito.\n"
	476	+
ce369209	477	#: src/su.c:382
ca7ee99d	478	msgid ""
3c350007	479	"Change the effective user id and group id to that of USER.\n"
ca7ee99d JR	480	diff -Nur coreutils-5.2.1.orig/man/es/su.1 coreutils-5.2.1/man/es/su.1
	481	--- coreutils-5.2.1.orig/man/es/su.1 Mon Apr 12 14:26:19 1999
	482	+++ coreutils-5.2.1/man/es/su.1 Thu Mar 18 17:05:55 2004
	483	@@ -47,13 +47,6 @@
	484