]>
Commit | Line | Data |
---|---|---|
3c350007 JB |
1 | --- coreutils-6.10/README.orig 2008-01-18 09:26:09.000000000 +0100 |
2 | +++ coreutils-6.10/README 2008-03-02 14:24:55.578407708 +0100 | |
3 | @@ -12,7 +12,7 @@ | |
4 | factor false fmt fold groups head hostid hostname id install join kill | |
5 | link ln logname ls md5sum mkdir mkfifo mknod mktemp mv nice nl nohup | |
6 | od paste pathchk pinky pr printenv printf ptx pwd readlink rm rmdir | |
7 | - runcon seq sha1sum sha224sum sha256sum sha384sum sha512sum shred shuf | |
8 | + runcon runuser seq sha1sum sha224sum sha256sum sha384sum sha512sum shred shuf | |
9 | sleep sort split stat stty su sum sync tac tail tee test touch tr true | |
10 | tsort tty uname unexpand uniq unlink uptime users vdir wc who whoami yes | |
5d9fc52d | 11 | |
3c350007 JB |
12 | --- coreutils-6.10/AUTHORS.orig 2008-01-05 23:58:24.000000000 +0100 |
13 | +++ coreutils-6.10/AUTHORS 2008-03-02 14:25:23.908022120 +0100 | |
14 | @@ -64,6 +64,7 @@ | |
15 | rm: Paul Rubin, David MacKenzie, Richard Stallman, Jim Meyering | |
16 | rmdir: David MacKenzie | |
17 | runcon: Russell Coker | |
18 | +runuser: David MacKenzie, Dan Walsh | |
19 | seq: Ulrich Drepper | |
20 | sha1sum: Ulrich Drepper, Scott Miller, David Madore | |
21 | sha224sum: Ulrich Drepper, Scott Miller, David Madore | |
5d9fc52d JR |
22 | --- coreutils-6.7/src/su.c.runuser 2007-01-09 17:27:56.000000000 +0000 |
23 | +++ coreutils-6.7/src/su.c 2007-01-09 17:30:12.000000000 +0000 | |
d7c818dd | 24 | @@ -109,9 +109,15 @@ |
5d9fc52d JR |
25 | #include "error.h" |
26 | ||
27 | /* The official name of this program (e.g., no `g' prefix). */ | |
28 | +#ifndef RUNUSER | |
29 | #define PROGRAM_NAME "su" | |
30 | +#else | |
31 | +#define PROGRAM_NAME "runuser" | |
32 | +#endif | |
33 | ||
34 | +#ifndef AUTHORS | |
d7c818dd | 35 | #define AUTHORS proper_name ("David MacKenzie") |
5d9fc52d JR |
36 | +#endif |
37 | ||
38 | #if HAVE_PATHS_H | |
39 | # include <paths.h> | |
40 | @@ -150,6 +156,10 @@ | |
41 | #ifndef USE_PAM | |
42 | char *crypt (); | |
43 | #endif | |
44 | +#ifndef CHECKPASSWD | |
45 | +#define CHECKPASSWD 1 | |
46 | +#endif | |
47 | + | |
48 | char *getusershell (); | |
49 | void endusershell (); | |
50 | void setusershell (); | |
51 | @@ -157,7 +167,11 @@ | |
52 | extern char **environ; | |
53 | ||
54 | static void run_shell (char const *, char const *, char **, size_t, | |
55 | - const struct passwd *) | |
56 | + const struct passwd * | |
57 | +#ifdef RUNUSER | |
58 | + , gid_t *groups, int num_groups | |
59 | +#endif | |
60 | + ) | |
61 | #ifdef USE_PAM | |
62 | ; | |
63 | #else | |
64 | @@ -187,6 +201,10 @@ | |
65 | {"login", no_argument, NULL, 'l'}, | |
66 | {"preserve-environment", no_argument, NULL, 'p'}, | |
67 | {"shell", required_argument, NULL, 's'}, | |
68 | +#ifdef RUNUSER | |
69 | + {"group", required_argument, NULL, 'g'}, | |
70 | + {"supp-group", required_argument, NULL, 'G'}, | |
71 | +#endif | |
72 | {GETOPT_HELP_OPTION_DECL}, | |
73 | {GETOPT_VERSION_OPTION_DECL}, | |
74 | {NULL, 0, NULL, 0} | |
75 | @@ -288,10 +306,12 @@ | |
76 | retval = pam_start(PROGRAM_NAME, pw->pw_name, &conv, &pamh); | |
77 | PAM_BAIL_P; | |
78 | ||
79 | +#ifndef RUNUSER | |
80 | if (getuid() != 0 && !isatty(0)) { | |
81 | fprintf(stderr, _("standard in must be a tty\n")); | |
82 | exit(1); | |
83 | } | |
84 | +#endif | |
85 | ||
86 | caller = getpwuid(getuid()); | |
87 | if(caller != NULL && caller->pw_name != NULL) { | |
88 | @@ -308,6 +328,11 @@ | |
89 | retval = pam_set_item(pamh, PAM_TTY, tty_name); | |
90 | PAM_BAIL_P; | |
91 | } | |
92 | +#ifdef RUNUSER | |
93 | + if (getuid() != geteuid()) | |
94 | + /* safety net: deny operation if we are suid by accident */ | |
3c350007 | 95 | + error(EXIT_FAILURE, 1, "runuser may not be setuid"); |
5d9fc52d JR |
96 | +#else |
97 | retval = pam_authenticate(pamh, 0); | |
98 | PAM_BAIL_P; | |
99 | retval = pam_acct_mgmt(pamh, 0); | |
100 | @@ -317,6 +342,7 @@ | |
101 | PAM_BAIL_P; | |
102 | } | |
103 | PAM_BAIL_P; | |
104 | +#endif | |
105 | /* must be authenticated if this point was reached */ | |
106 | return 1; | |
107 | #else /* !USE_PAM */ | |
108 | @@ -398,11 +424,22 @@ | |
109 | /* Become the user and group(s) specified by PW. */ | |
110 | ||
111 | static void | |
112 | -change_identity (const struct passwd *pw) | |
113 | +change_identity (const struct passwd *pw | |
114 | +#ifdef RUNUSER | |
115 | + , gid_t *groups, int num_groups | |
116 | +#endif | |
117 | + ) | |
118 | { | |
119 | #ifdef HAVE_INITGROUPS | |
120 | + int rc = 0; | |
121 | errno = 0; | |
122 | - if (initgroups (pw->pw_name, pw->pw_gid) == -1) { | |
123 | +#ifdef RUNUSER | |
124 | + if (num_groups) | |
125 | + rc = setgroups(num_groups, groups); | |
126 | + else | |
127 | +#endif | |
128 | + rc = initgroups(pw->pw_name, pw->pw_gid); | |
129 | + if (rc == -1) { | |
130 | #ifdef USE_PAM | |
131 | pam_close_session(pamh, 0); | |
132 | pam_end(pamh, PAM_ABORT); | |
133 | @@ -449,7 +486,11 @@ | |
134 | ||
135 | static void | |
136 | run_shell (char const *shell, char const *command, char **additional_args, | |
137 | - size_t n_additional_args, const struct passwd *pw) | |
138 | + size_t n_additional_args, const struct passwd *pw | |
139 | +#ifdef RUNUSER | |
140 | + , gid_t *groups, int num_groups | |
141 | +#endif | |
142 | + ) | |
143 | { | |
144 | size_t n_args = 1 + fast_startup + 2 * !!command + n_additional_args + 1; | |
145 | char const **args = xnmalloc (n_args, sizeof *args); | |
146 | @@ -480,7 +521,11 @@ | |
147 | ||
148 | child = fork(); | |
149 | if (child == 0) { /* child shell */ | |
150 | - change_identity (pw); | |
151 | + change_identity (pw | |
152 | +#ifdef RUNUSER | |
153 | + , groups, num_groups | |
154 | +#endif | |
155 | + ); | |
156 | pam_end(pamh, 0); | |
157 | if (!same_session) | |
158 | setsid (); | |
159 | @@ -657,6 +702,12 @@ | |
160 | char *shell = NULL; | |
161 | struct passwd *pw; | |
162 | struct passwd pw_copy; | |
163 | +#ifdef RUNUSER | |
164 | + struct group *gr; | |
165 | + gid_t groups[NGROUPS_MAX]; | |
166 | + int num_supp_groups = 0; | |
167 | + int use_gid = 0; | |
168 | +#endif | |
169 | ||
170 | initialize_main (&argc, &argv); | |
171 | program_name = argv[0]; | |
172 | @@ -671,7 +722,11 @@ | |
173 | simulate_login = false; | |
174 | change_environment = true; | |
175 | ||
176 | - while ((optc = getopt_long (argc, argv, "c:flmps:", longopts, NULL)) != -1) | |
177 | + while ((optc = getopt_long (argc, argv, "c:flmps:" | |
178 | +#ifdef RUNUSER | |
179 | + "g:G:" | |
180 | +#endif | |
181 | + , longopts, NULL)) != -1) | |
182 | { | |
183 | switch (optc) | |
184 | { | |
185 | @@ -701,6 +756,28 @@ | |
186 | shell = optarg; | |
187 | break; | |
188 | ||
189 | +#ifdef RUNUSER | |
190 | + case 'g': | |
191 | + gr = getgrnam(optarg); | |
192 | + if (!gr) | |
3c350007 | 193 | + error (EXIT_FAILURE, 0, _("group %s does not exist"), optarg); |
5d9fc52d JR |
194 | + use_gid = 1; |
195 | + groups[0] = gr->gr_gid; | |
196 | + break; | |
197 | + | |
198 | + case 'G': | |
199 | + num_supp_groups++; | |
200 | + if (num_supp_groups >= NGROUPS_MAX) | |
3c350007 | 201 | + error (EXIT_FAILURE, 0, |
5d9fc52d JR |
202 | + _("Can't specify more than %d supplemental groups"), |
203 | + NGROUPS_MAX - 1); | |
204 | + gr = getgrnam(optarg); | |
205 | + if (!gr) | |
3c350007 | 206 | + error (EXIT_FAILURE, 0, _("group %s does not exist"), optarg); |
5d9fc52d JR |
207 | + groups[num_supp_groups] = gr->gr_gid; |
208 | + break; | |
209 | +#endif | |
210 | + | |
211 | case_GETOPT_HELP_CHAR; | |
212 | ||
213 | case_GETOPT_VERSION_CHAR (PROGRAM_NAME, AUTHORS); | |
214 | @@ -739,7 +816,20 @@ | |
215 | : DEFAULT_SHELL); | |
216 | endpwent (); | |
217 | ||
218 | - if (!correct_password (pw)) | |
219 | +#ifdef RUNUSER | |
220 | + if (num_supp_groups && !use_gid) | |
221 | + { | |
222 | + pw->pw_gid = groups[1]; | |
223 | + memmove (groups, groups + 1, sizeof(gid_t) * num_supp_groups); | |
224 | + } | |
225 | + else if (use_gid) | |
226 | + { | |
227 | + pw->pw_gid = groups[0]; | |
228 | + num_supp_groups++; | |
229 | + } | |
230 | +#endif | |
231 | + | |
232 | + if (CHECKPASSWD && !correct_password (pw)) | |
233 | { | |
234 | #ifdef SYSLOG_FAILURE | |
235 | log_su (pw, false); | |
236 | @@ -771,8 +861,16 @@ | |
237 | modify_environment (pw, shell); | |
238 | ||
239 | #ifndef USE_PAM | |
240 | - change_identity (pw); | |
241 | + change_identity (pw | |
242 | +#ifdef RUNUSER | |
243 | + , groups, num_supp_groups | |
244 | +#endif | |
245 | + ); | |
246 | #endif | |
247 | ||
248 | - run_shell (shell, command, argv + optind, MAX (0, argc - optind), pw); | |
249 | + run_shell (shell, command, argv + optind, MAX (0, argc - optind), pw | |
250 | +#ifdef RUNUSER | |
251 | + , groups, num_supp_groups | |
252 | +#endif | |
253 | + ); | |
254 | } | |
3c350007 JB |
255 | --- coreutils-6.10/src/Makefile.am.orig 2008-03-02 14:22:53.223435095 +0100 |
256 | +++ coreutils-6.10/src/Makefile.am 2008-03-02 14:25:58.317983032 +0100 | |
257 | @@ -24,7 +24,7 @@ | |
258 | arch hostname su | |
259 | ||
260 | build_if_possible__progs = \ | |
261 | - chroot df hostid nice pinky stty su uname uptime users who | |
262 | + chroot df hostid nice pinky stty su runuser uname uptime users who | |
5d9fc52d | 263 | |
3c350007 JB |
264 | EXTRA_PROGRAMS = \ |
265 | $(no_install__progs) \ | |
266 | @@ -135,6 +135,10 @@ | |
5d9fc52d | 267 | |
3c350007 | 268 | stat_LDADD = $(LDADD) $(LIB_SELINUX) |
5d9fc52d JR |
269 | |
270 | +runuser_SOURCES = su.c | |
271 | +runuser_CFLAGS = -DRUNUSER -DAUTHORS="\"David MacKenzie, Dan Walsh\"" | |
67a461d4 | 272 | +runuser_LDADD = $(LDADD) $(LIB_CRYPT) $(LIB_PAM) |
5d9fc52d JR |
273 | + |
274 | $(PROGRAMS): ../lib/libcoreutils.a | |
275 | ||
3c350007 JB |
276 | # Get the release year from ../lib/version-etc.c. |
277 | @@ -156,7 +160,7 @@ | |
5d9fc52d JR |
278 | chmod +x $@-t |
279 | mv $@-t $@ | |
280 | ||
281 | -all-local: su$(EXEEXT) | |
3c350007 | 282 | +all-local: su$(EXEEXT) runuser$(EXEEXT) |
5d9fc52d JR |
283 | |
284 | installed_su = $(DESTDIR)$(bindir)/`echo su|sed '$(transform)'` | |
285 | ||
3c350007 JB |
286 | --- coreutils-6.10/man/Makefile.am.orig 2008-03-02 14:22:53.175432360 +0100 |
287 | +++ coreutils-6.10/man/Makefile.am 2008-03-02 14:26:36.980186266 +0100 | |
288 | @@ -94,6 +94,7 @@ | |
5d9fc52d JR |
289 | rm.1: $(common_dep) $(srcdir)/rm.x ../src/rm.c |
290 | rmdir.1: $(common_dep) $(srcdir)/rmdir.x ../src/rmdir.c | |
3c350007 | 291 | runcon.1: $(common_dep) $(srcdir)/runcon.x ../src/runcon.c |
5d9fc52d JR |
292 | +runuser.1: $(common_dep) $(srcdir)/runuser.x ../src/su.c |
293 | seq.1: $(common_dep) $(srcdir)/seq.x ../src/seq.c | |
294 | sha1sum.1: $(common_dep) $(srcdir)/sha1sum.x ../src/md5sum.c | |
295 | sha224sum.1: $(common_dep) $(srcdir)/sha224sum.x ../src/md5sum.c | |
296 | --- /dev/null 2007-01-09 09:38:07.860075128 +0000 | |
297 | +++ coreutils-6.7/man/runuser.x 2007-01-09 17:27:56.000000000 +0000 | |
298 | @@ -0,0 +1,4 @@ | |
299 | +[NAME] | |
300 | +runuser \- run a shell with substitute user and group IDs | |
301 | +[DESCRIPTION] | |
302 | +.\" Add any additional description here | |
303 | --- /dev/null 2007-01-09 09:38:07.860075128 +0000 | |
304 | +++ coreutils-6.7/man/runuser.1 2007-01-09 17:27:56.000000000 +0000 | |
305 | @@ -0,0 +1,68 @@ | |
306 | +.\" DO NOT MODIFY THIS FILE! It was generated by help2man 1.33. | |
307 | +.TH RUNUSER "1" "September 2004" "runuser (coreutils) 5.2.1" "User Commands" | |
308 | +.SH NAME | |
309 | +runuser \- run a shell with substitute user and group IDs, similar to su, but will not run PAM hooks | |
310 | +.SH SYNOPSIS | |
311 | +.B runuser | |
312 | +[\fIOPTION\fR]... [\fI-\fR] [\fIUSER \fR[\fIARG\fR]...] | |
313 | +.SH DESCRIPTION | |
314 | +.\" Add any additional description here | |
315 | +.PP | |
316 | +Change the effective user id and group id to that of USER. No PAM hooks | |
317 | +are run, and there will be no password prompt. This command is useful | |
318 | +when run as the root user. If run as a non-root user without privilege | |
319 | +to set user ID, the command will fail. | |
320 | +.TP | |
321 | +-, \fB\-l\fR, \fB\-\-login\fR | |
322 | +make the shell a login shell | |
323 | +.TP | |
324 | +\fB\-c\fR, \fB\-\-commmand\fR=\fICOMMAND\fR | |
325 | +pass a single COMMAND to the shell with \fB\-c\fR | |
326 | +.TP | |
327 | +\fB\-f\fR, \fB\-\-fast\fR | |
328 | +pass \fB\-f\fR to the shell (for csh or tcsh) | |
329 | +.TP | |
330 | +\fB\-g\fR, \fB\-\-group\fR=\fIGROUP\fR | |
331 | +specify the primary group | |
332 | +.TP | |
333 | +\fB\-G\fR, \fB\-\-supp-group\fR=\fIGROUP\fR | |
334 | +specify a supplemental group | |
335 | +.TP | |
336 | +\fB\-m\fR, \fB\-\-preserve\-environment\fR | |
337 | +do not reset environment variables | |
338 | +.TP | |
339 | +\fB\-p\fR | |
340 | +same as \fB\-m\fR | |
341 | +.TP | |
342 | +\fB\-s\fR, \fB\-\-shell\fR=\fISHELL\fR | |
343 | +run SHELL if /etc/shells allows it | |
344 | +.TP | |
345 | +\fB\-\-help\fR | |
346 | +display this help and exit | |
347 | +.TP | |
348 | +\fB\-\-version\fR | |
349 | +output version information and exit | |
350 | +.PP | |
351 | +A mere - implies \fB\-l\fR. If USER not given, assume root. | |
352 | +.SH AUTHOR | |
353 | +Written by David MacKenzie, Dan Walsh. | |
354 | +.SH "REPORTING BUGS" | |
355 | +Report bugs to <bug-coreutils@gnu.org>. | |
356 | +.SH COPYRIGHT | |
357 | +Copyright \(co 2004 Free Software Foundation, Inc. | |
358 | +.br | |
359 | +This is free software; see the source for copying conditions. There is NO | |
360 | +warranty; not even for MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. | |
361 | +.SH "SEE ALSO" | |
362 | +Since this command is trimmed down version of su use you can use the su manual. | |
363 | +The full documentation for | |
364 | +.B su | |
365 | +is maintained as a Texinfo manual. If the | |
366 | +.B info | |
367 | +and | |
368 | +.B su | |
369 | +programs are properly installed at your site, the command | |
370 | +.IP | |
371 | +.B info coreutils su | |
372 | +.PP | |
373 | +should give you access to the complete manual. | |
3c350007 JB |
374 | --- coreutils-6.10/po/pl.po.orig 2008-03-02 14:22:54.123486386 +0100 |
375 | +++ coreutils-6.10/po/pl.po 2008-03-02 14:28:35.858960780 +0100 | |
376 | @@ -8986,6 +8986,16 @@ | |
2b14ddfb JB |
377 | msgid "warning: cannot change directory to %s" |
378 |