#if defined(HAVE_SYSLOG_H) && defined(HAVE_SYSLOG)
#include <syslog.h>
-static void log_su ();
#else /* !HAVE_SYSLOG_H */
#ifdef SYSLOG_SUCCESS
#undef SYSLOG_SUCCESS
char *xrealloc ();
char *xstrdup ();
-static char *concat ();
-static int correct_password ();
-static int elements ();
-static int restricted_shell ();
-static void change_identity ();
-static void modify_environment ();
-static void run_shell ();
-static void usage ();
-static void xputenv ();
-
extern char **environ;
/* The name this program was run with. */
{0, 0, 0, 0}
};
-int
-main (argc, argv)
- int argc;
- char **argv;
-{
- int optc;
- const char *new_user = DEFAULT_USER;
- char *command = 0;
- char **additional_args = 0;
- char *shell = 0;
- struct passwd *pw;
- struct passwd pw_copy;
-
- program_name = argv[0];
- setlocale (LC_ALL, "");
- bindtextdomain (PACKAGE, LOCALEDIR);
- textdomain (PACKAGE);
-
- fast_startup = 0;
- simulate_login = 0;
- change_environment = 1;
-
- while ((optc = getopt_long (argc, argv, "c:flmps:", longopts, (int *) 0))
- != EOF)
- {
- switch (optc)
- {
- case 0:
- break;
-
- case 'c':
- command = optarg;
- break;
+/* Add VAL to the environment, checking for out of memory errors. */
- case 'f':
- fast_startup = 1;
- break;
+static void
+xputenv (const char *val)
+{
+ if (putenv (val))
+ error (1, 0, _("virtual memory exhausted"));
+}
- case 'l':
- simulate_login = 1;
- break;
+/* Return a newly-allocated string whose contents concatenate
+ those of S1, S2, S3. */
- case 'm':
- case 'p':
- change_environment = 0;
- break;
+static char *
+concat (const char *s1, const char *s2, const char *s3)
+{
+ int len1 = strlen (s1), len2 = strlen (s2), len3 = strlen (s3);
+ char *result = (char *) xmalloc (len1 + len2 + len3 + 1);
- case 's':
- shell = optarg;
- break;
+ strcpy (result, s1);
+ strcpy (result + len1, s2);
+ strcpy (result + len1 + len2, s3);
+ result[len1 + len2 + len3] = 0;
- default:
- usage (1);
- }
- }
+ return result;
+}
- if (show_version)
- {
- printf ("su - %s\n", PACKAGE_VERSION);
- exit (0);
- }
+/* Return the number of elements in ARR, a null-terminated array. */
- if (show_help)
- usage (0);
+static int
+elements (char **arr)
+{
+ int n = 0;
- if (optind < argc && !strcmp (argv[optind], "-"))
- {
- simulate_login = 1;
- ++optind;
- }
- if (optind < argc)
- new_user = argv[optind++];
- if (optind < argc)
- additional_args = argv + optind;
+ for (n = 0; *arr; ++arr)
+ ++n;
+ return n;
+}
- pw = getpwnam (new_user);
- if (pw == 0)
- error (1, 0, _("user %s does not exist"), new_user);
- endpwent ();
+#if defined (SYSLOG_SUCCESS) || defined (SYSLOG_FAILURE)
+/* Log the fact that someone has run su to the user given by PW;
+ if SUCCESSFUL is nonzero, they gave the correct password, etc. */
- /* Make a copy of the password information and point pw at the local
- copy instead. Otherwise, some systems (e.g. Linux) would clobber
- the static data through the getlogin call from log_su. */
- pw_copy = *pw;
- pw = &pw_copy;
- pw->pw_name = xstrdup (pw->pw_name);
- pw->pw_dir = xstrdup (pw->pw_dir);
- pw->pw_shell = xstrdup (pw->pw_shell);
+static void
+log_su (const struct passwd *pw, int successful)
+{
+ const char *new_user, *old_user, *tty;
- if (!correct_password (pw))
- {
-#ifdef SYSLOG_FAILURE
- log_su (pw, 0);
+#ifndef SYSLOG_NON_ROOT
+ if (pw->pw_uid)
+ return;
#endif
- error (1, 0, _("incorrect password"));
- }
-#ifdef SYSLOG_SUCCESS
- else
- {
- log_su (pw, 1);
- }
+ new_user = pw->pw_name;
+ /* The utmp entry (via getlogin) is probably the best way to identify
+ the user, especially if someone su's from a su-shell. */
+ old_user = getlogin ();
+ if (old_user == NULL)
+ old_user = "";
+ tty = ttyname (2);
+ if (tty == NULL)
+ tty = "";
+ /* 4.2BSD openlog doesn't have the third parameter. */
+ openlog (basename (program_name), 0
+#ifdef LOG_AUTH
+ , LOG_AUTH
#endif
-
- if (pw->pw_shell == 0 || pw->pw_shell[0] == 0)
- pw->pw_shell = (char *) DEFAULT_SHELL;
- if (shell == 0 && change_environment == 0)
- shell = getenv ("SHELL");
- if (shell != 0 && getuid () && restricted_shell (pw->pw_shell))
- {
- /* The user being su'd to has a nonstandard shell, and so is
- probably a uucp account or has restricted access. Don't
- compromise the account by allowing access with a standard
- shell. */
- error (0, 0, _("using restricted shell %s"), pw->pw_shell);
- shell = 0;
- }
- if (shell == 0)
- {
- shell = xstrdup (pw->pw_shell);
- }
- modify_environment (pw, shell);
-
- change_identity (pw);
- if (simulate_login && chdir (pw->pw_dir))
- error (0, errno, _("warning: cannot change directory to %s"), pw->pw_dir);
-
- run_shell (shell, command, additional_args);
+ );
+ syslog (LOG_NOTICE,
+#ifdef SYSLOG_NON_ROOT
+ "%s(to %s) %s on %s",
+#else
+ "%s%s on %s",
+#endif
+ successful ? "" : "FAILED SU ",
+#ifdef SYSLOG_NON_ROOT
+ new_user,
+#endif
+ old_user, tty);
+ closelog ();
}
+#endif
/* Ask the user for a password.
Return 1 if the user gives the correct password for entry PW,
or if PW has an empty password. */
static int
-correct_password (pw)
- struct passwd *pw;
+correct_password (const struct passwd *pw)
{
char *unencrypted, *encrypted, *correct;
#ifdef HAVE_SHADOW_H
the value for the SHELL environment variable. */
static void
-modify_environment (pw, shell)
- struct passwd *pw;
- char *shell;
+modify_environment (const struct passwd *pw, const char *shell)
{
char *term;
/* Become the user and group(s) specified by PW. */
static void
-change_identity (pw)
- struct passwd *pw;
+change_identity (const struct passwd *pw)
{
#ifdef HAVE_INITGROUPS
errno = 0;
arguments. */
static void
-run_shell (shell, command, additional_args)
- char *shell;
- char *command;
- char **additional_args;
+run_shell (const char *shell, const char *command, char **additional_args)
{
const char **args;
int argno = 1;
error (1, errno, _("cannot run %s"), shell);
}
-#if defined (SYSLOG_SUCCESS) || defined (SYSLOG_FAILURE)
-/* Log the fact that someone has run su to the user given by PW;
- if SUCCESSFUL is nonzero, they gave the correct password, etc. */
-
-static void
-log_su (pw, successful)
- struct passwd *pw;
- int successful;
-{
- const char *new_user, *old_user, *tty;
-
-#ifndef SYSLOG_NON_ROOT
- if (pw->pw_uid)
- return;
-#endif
- new_user = pw->pw_name;
- /* The utmp entry (via getlogin) is probably the best way to identify
- the user, especially if someone su's from a su-shell. */
- old_user = getlogin ();
- if (old_user == NULL)
- old_user = "";
- tty = ttyname (2);
- if (tty == NULL)
- tty = "";
- /* 4.2BSD openlog doesn't have the third parameter. */
- openlog (basename (program_name), 0
-#ifdef LOG_AUTH
- , LOG_AUTH
-#endif
- );
- syslog (LOG_NOTICE,
-#ifdef SYSLOG_NON_ROOT
- "%s(to %s) %s on %s",
-#else
- "%s%s on %s",
-#endif
- successful ? "" : "FAILED SU ",
-#ifdef SYSLOG_NON_ROOT
- new_user,
-#endif
- old_user, tty);
- closelog ();
-}
-#endif
-
/* Return 1 if SHELL is a restricted shell (one not returned by
getusershell), else 0, meaning it is a standard shell. */
static int
-restricted_shell (shell)
- char *shell;
+restricted_shell (const char *shell)
{
char *line;
return 1;
}
-/* Return the number of elements in ARR, a null-terminated array. */
-
-static int
-elements (arr)
- char **arr;
-{
- int n = 0;
-
- for (n = 0; *arr; ++arr)
- ++n;
- return n;
-}
-
-/* Add VAL to the environment, checking for out of memory errors. */
-
-static void
-xputenv (val)
- char *val;
-{
- if (putenv (val))
- error (1, 0, _("virtual memory exhausted"));
-}
-
-/* Return a newly-allocated string whose contents concatenate
- those of S1, S2, S3. */
-
-static char *
-concat (s1, s2, s3)
- char *s1, *s2, *s3;
-{
- int len1 = strlen (s1), len2 = strlen (s2), len3 = strlen (s3);
- char *result = (char *) xmalloc (len1 + len2 + len3 + 1);
-
- strcpy (result, s1);
- strcpy (result + len1, s2);
- strcpy (result + len1 + len2, s3);
- result[len1 + len2 + len3] = 0;
-
- return result;
-}
-
static void
-usage (status)
- int status;
+usage (int status)
{
if (status != 0)
fprintf (stderr, _("Try `%s --help' for more information.\n"),
}
exit (status);
}
+
+int
+main (int argc, char **argv)
+{
+ int optc;
+ const char *new_user = DEFAULT_USER;
+ char *command = 0;
+ char **additional_args = 0;
+ char *shell = 0;
+ struct passwd *pw;
+ struct passwd pw_copy;
+
+ program_name = argv[0];
+ setlocale (LC_ALL, "");
+ bindtextdomain (PACKAGE, LOCALEDIR);
+ textdomain (PACKAGE);
+
+ fast_startup = 0;
+ simulate_login = 0;
+ change_environment = 1;
+
+ while ((optc = getopt_long (argc, argv, "c:flmps:", longopts, (int *) 0))
+ != EOF)
+ {
+ switch (optc)
+ {
+ case 0:
+ break;
+
+ case 'c':
+ command = optarg;
+ break;
+
+ case 'f':
+ fast_startup = 1;
+ break;
+
+ case 'l':
+ simulate_login = 1;
+ break;
+
+ case 'm':
+ case 'p':
+ change_environment = 0;
+ break;
+
+ case 's':
+ shell = optarg;
+ break;
+
+ default:
+ usage (1);
+ }
+ }
+
+ if (show_version)
+ {
+ printf ("su - %s\n", PACKAGE_VERSION);
+ exit (0);
+ }
+
+ if (show_help)
+ usage (0);
+
+ if (optind < argc && !strcmp (argv[optind], "-"))
+ {
+ simulate_login = 1;
+ ++optind;
+ }
+ if (optind < argc)
+ new_user = argv[optind++];
+ if (optind < argc)
+ additional_args = argv + optind;
+
+ pw = getpwnam (new_user);
+ if (pw == 0)
+ error (1, 0, _("user %s does not exist"), new_user);
+ endpwent ();
+
+ /* Make a copy of the password information and point pw at the local
+ copy instead. Otherwise, some systems (e.g. Linux) would clobber
+ the static data through the getlogin call from log_su. */
+ pw_copy = *pw;
+ pw = &pw_copy;
+ pw->pw_name = xstrdup (pw->pw_name);
+ pw->pw_dir = xstrdup (pw->pw_dir);
+ pw->pw_shell = xstrdup (pw->pw_shell);
+
+ if (!correct_password (pw))
+ {
+#ifdef SYSLOG_FAILURE
+ log_su (pw, 0);
+#endif
+ error (1, 0, _("incorrect password"));
+ }
+#ifdef SYSLOG_SUCCESS
+ else
+ {
+ log_su (pw, 1);
+ }
+#endif
+
+ if (pw->pw_shell == 0 || pw->pw_shell[0] == 0)
+ pw->pw_shell = (char *) DEFAULT_SHELL;
+ if (shell == 0 && change_environment == 0)
+ shell = getenv ("SHELL");
+ if (shell != 0 && getuid () && restricted_shell (pw->pw_shell))
+ {
+ /* The user being su'd to has a nonstandard shell, and so is
+ probably a uucp account or has restricted access. Don't
+ compromise the account by allowing access with a standard
+ shell. */
+ error (0, 0, _("using restricted shell %s"), pw->pw_shell);
+ shell = 0;
+ }
+ if (shell == 0)
+ {
+ shell = xstrdup (pw->pw_shell);
+ }
+ modify_environment (pw, shell);
+
+ change_identity (pw);
+ if (simulate_login && chdir (pw->pw_dir))
+ error (0, errno, _("warning: cannot change directory to %s"), pw->pw_dir);
+
+ run_shell (shell, command, additional_args);
+}
projects / platform / upstream / coreutils.git / commitdiff