[Pkg-shadow-commits] r704 - trunk/debian/patches
Nicolas FRANCOIS
nekral-guest at costa.debian.org
Wed Dec 14 22:13:48 UTC 2005
Author: nekral-guest
Date: 2005-12-14 22:13:48 +0000 (Wed, 14 Dec 2005)
New Revision: 704
Added:
trunk/debian/patches/469_non-su-options
trunk/debian/patches/470_su.1_document_options
trunk/debian/patches/471_su_simplify_option_preserve_environment
trunk/debian/patches/472_su_exported_variables
trunk/debian/patches/473_su_fix_comments
trunk/debian/patches/474_useradd_fix_comments
trunk/debian/patches/475_su_use_amroot_instead_of_getuid
Modified:
trunk/debian/patches/series
Log:
Add patches sent to the mailing list
Added: trunk/debian/patches/469_non-su-options
===================================================================
--- trunk/debian/patches/469_non-su-options 2005-12-14 22:10:48 UTC (rev 703)
+++ trunk/debian/patches/469_non-su-options 2005-12-14 22:13:48 UTC (rev 704)
@@ -0,0 +1,37 @@
+Index: shadow-4.0.14/src/su.c
+===================================================================
+--- shadow-4.0.14.orig/src/su.c 2005-12-14 21:36:58.000000000 +0100
++++ shadow-4.0.14/src/su.c 2005-12-14 21:47:18.000000000 +0100
+@@ -358,9 +358,19 @@
+ };
+
+ while ((c =
+- getopt_long (argc, argv, "hlmps:", long_options,
++ getopt_long (argc, argv, "-hlmps:", long_options,
+ &option_index)) != -1) {
+ switch (c) {
++ case 1:
++ /* this is not an su option */
++ /* The next arguments are either '-', the
++ * target name, or arguments to be passed
++ * to the shell.
++ */
++ /* rewind the (not yet handled) option */
++ optind--;
++ goto end_su_options;
++ break; /* NOT REACHED */
+ case 'h':
+ usage ();
+ break;
+@@ -375,9 +385,10 @@
+ shellstr = optarg;
+ break;
+ default:
+- usage ();
++ usage (); /* NOT REACHED */
+ }
+ }
++end_su_options:
+ if (optind < argc && !strcmp (argv[optind], "-")) {
+ fakelogin = 1;
+ optind++;
Added: trunk/debian/patches/470_su.1_document_options
===================================================================
--- trunk/debian/patches/470_su.1_document_options 2005-12-14 22:10:48 UTC (rev 703)
+++ trunk/debian/patches/470_su.1_document_options 2005-12-14 22:13:48 UTC (rev 704)
@@ -0,0 +1,125 @@
+Index: shadow-4.0.14/man/su.1.xml
+===================================================================
+--- shadow-4.0.14.orig/man/su.1.xml 2005-12-14 22:18:39.000000000 +0100
++++ shadow-4.0.14/man/su.1.xml 2005-12-14 22:19:59.000000000 +0100
+@@ -15,6 +15,9 @@
+ <refsynopsisdiv id='synopsis'>
+ <cmdsynopsis>
+ <command>su</command>
++ <arg choice='opt'>
++ <replaceable>options</replaceable>
++ </arg>
+ <arg choice='opt'>- </arg>
+ <arg choice='opt'>
+ <arg choice='plain'>
+@@ -46,6 +49,11 @@
+ for the target user.
+ </para>
+
++ <para>
++ You can use the <option>--</option> argument to separate
++ <command>su</command> options from the arguments supplied to the shell.
++ </para>
++
+ <para>The user will be prompted for a password, if appropriate. Invalid
+ passwords will produce an error message. All attempts, both valid and
+ invalid, are logged to detect abuses of the system.
+@@ -68,6 +76,86 @@
+ </para>
+ </refsect1>
+
++ <refsect1 id='options'>
++ <title>OPTIONS</title>
++ <para>The options which apply to the <command>su</command> command are:
++ </para>
++ <variablelist remap='IP'>
++ <varlistentry>
++ <term>
++ <option>-</option>, <option>-l</option>, <option>--login</option>
++ </term>
++ <listitem>
++ <para>
++ Provide an environment similar to what the user would expect had
++ the user logged in directly.
++ </para>
++ <para>
++ When <option>-</option> is used, it must be specified as the last
++ <command>su</command> option.
++ The other forms (<option>-l</option> and <option>--login</option>)
++ do not have this restriction.
++ </para>
++ </listitem>
++ </varlistentry>
++ <varlistentry>
++ <term>
++ <option>-s</option>, <option>--shell</option>
++ </term>
++ <listitem>
++ <para>The shell that will be invoked.</para>
++ <para>
++ The invoked shell is choosen among (higest priority first):
++ <itemizedlist>
++ <listitem>
++ <para>The shell specified with --shell</para>
++ </listitem>
++ <listitem>
++ <para>
++ If <option>--preserve-environment</option> is used, the
++ shell specified by the <envar>SHELL</envar> environment
++ variable.
++ </para>
++ </listitem>
++ <listitem>
++ <para>
++ The shell indicated in the /etc/passwd entry for the target
++ user.
++ </para>
++ </listitem>
++ <listitem>
++ <para>
++ /bin/sh if a shell could not be found by any above method.
++ </para>
++ </listitem>
++ </itemizedlist>
++ </para>
++ <para>
++ If the target user has a restricted shell (i.e. the shell field of
++ this user's entry in <filename>/etc/passwd</filename> is not
++ specified in <filename>/etc/shell</filename>), then the
++ <option>--shell</option> option or the <envar>SHELL</envar>
++ environment variable won't be taken into account unless
++ <command>su</command> is called by the root.
++ </para>
++ </listitem>
++ </varlistentry>
++ <varlistentry>
++ <term>
++ <option>-m</option>, <option>-p</option>,
++ <option>--preserve-environment</option>
++ </term>
++ <listitem>
++ <para>Preserve the current environment.</para>
++ <para>
++ If the target user has a restricted shell, this option has no
++ effect (unless <command>su</command> is called by root).
++ </para>
++ </listitem>
++ </varlistentry>
++ </variablelist>
++ </refsect1>
++
+ <refsect1 id='caveats'>
+ <title>CAVEATS</title>
+ <para>
+@@ -104,10 +192,7 @@
+ </citerefentry>,
+ <citerefentry>
+ <refentrytitle>sh</refentrytitle><manvolnum>1</manvolnum>
+- </citerefentry>,
+- <citerefentry>
+- <refentrytitle>suauth</refentrytitle><manvolnum>5</manvolnum>
+- </citerefentry>.
++ </citerefentry>
+ </para>
+ </refsect1>
+ </refentry>
Added: trunk/debian/patches/471_su_simplify_option_preserve_environment
===================================================================
--- trunk/debian/patches/471_su_simplify_option_preserve_environment 2005-12-14 22:10:48 UTC (rev 703)
+++ trunk/debian/patches/471_su_simplify_option_preserve_environment 2005-12-14 22:13:48 UTC (rev 704)
@@ -0,0 +1,54 @@
+Index: shadow-4.0.14/src/su.c
+===================================================================
+--- shadow-4.0.14.orig/src/su.c 2005-12-14 22:18:39.000000000 +0100
++++ shadow-4.0.14/src/su.c 2005-12-14 22:25:39.000000000 +0100
+@@ -379,6 +379,10 @@
+ break;
+ case 'm':
+ case 'p':
++ /* This will only have an effect if the target
++ * user do not have a restricted shell, or if
++ * su is called by root.
++ */
+ change_environment = 0;
+ break;
+ case 's':
+@@ -510,14 +514,18 @@
+ #endif /* !USE_PAM */
+ pwent = *pw;
+
++ /* If su is not called by root, and the target user has a restricted
++ * shell, the environment must be changed.
++ */
++ change_environment |= (restricted_shell(pwent.pw_shell) && !amroot);
++
+ /*
+ * If a new login is being set up, the old environment will be
+ * ignored and a new one created later on.
+ * (note: in the case of a subsystem, the shell will be restricted,
+ * and this won't be executed on the first pass)
+ */
+- if (fakelogin &&
+- (change_environment || restricted_shell (pwent.pw_shell))) {
++ if (fakelogin && change_environment) {
+ /*
+ * The terminal type will be left alone if it is present in
+ * the environment already.
+@@ -785,7 +793,7 @@
+ exit (1);
+ }
+
+- if (change_environment || restricted_shell (pwent.pw_shell)) {
++ if (change_environment) {
+ /* we need to setup the environment *after* pam_open_session(),
+ * else the UID is changed before stuff like pam_xauth could
+ * run, and we cannot access /etc/shadow and co
+@@ -817,7 +825,7 @@
+ exit (1);
+ #endif /* !USE_PAM */
+
+- if (change_environment || restricted_shell (pwent.pw_shell)) {
++ if (change_environment) {
+ if (fakelogin)
+ setup_env (&pwent);
+ else {
Added: trunk/debian/patches/472_su_exported_variables
===================================================================
--- trunk/debian/patches/472_su_exported_variables 2005-12-14 22:10:48 UTC (rev 703)
+++ trunk/debian/patches/472_su_exported_variables 2005-12-14 22:13:48 UTC (rev 704)
@@ -0,0 +1,20 @@
+Index: shadow-4.0.14/src/su.c
+===================================================================
+--- shadow-4.0.14.orig/src/su.c 2005-12-14 22:25:39.000000000 +0100
++++ shadow-4.0.14/src/su.c 2005-12-14 22:46:42.000000000 +0100
+@@ -826,11 +826,13 @@
+ #endif /* !USE_PAM */
+
+ if (change_environment) {
+- if (fakelogin)
++ if (fakelogin) {
++ pwent.pw_shell = shellstr;
+ setup_env (&pwent);
+- else {
++ } else {
+ addenv ("HOME", pwent.pw_dir);
+ addenv ("USER", pwent.pw_name);
++ addenv ("LOGNAME", pwent.pw_name);
+ addenv ("SHELL", shellstr);
+ }
+ }
Added: trunk/debian/patches/473_su_fix_comments
===================================================================
--- trunk/debian/patches/473_su_fix_comments 2005-12-14 22:10:48 UTC (rev 703)
+++ trunk/debian/patches/473_su_fix_comments 2005-12-14 22:13:48 UTC (rev 704)
@@ -0,0 +1,23 @@
+Index: shadow-4.0.14/src/su.c
+===================================================================
+--- shadow-4.0.14.orig/src/su.c 2005-12-14 22:27:12.000000000 +0100
++++ shadow-4.0.14/src/su.c 2005-12-14 22:31:30.000000000 +0100
+@@ -289,9 +289,6 @@
+ * su changes the user's ids to the values for the specified user. if
+ * no new user name is specified, "root" is used by default.
+ *
+- * The only valid option is a "-" character, which is interpreted as
+- * requiring a new login session to be simulated.
+- *
+ * Any additional arguments are passed to the user's shell. In
+ * particular, the argument "-c" will cause the next argument to be
+ * interpreted as a command by the common shell programs.
+@@ -868,7 +865,7 @@
+ /* Position argv to the remaining arguments */
+ argv += optind;
+ /*
+- * Use new user's shell from /etc/passwd and create an argv
++ * Use the shell and create an argv
+ * with the rest of the command line included.
+ */
+ argv[-1] = shellstr;
Added: trunk/debian/patches/474_useradd_fix_comments
===================================================================
--- trunk/debian/patches/474_useradd_fix_comments 2005-12-14 22:10:48 UTC (rev 703)
+++ trunk/debian/patches/474_useradd_fix_comments 2005-12-14 22:13:48 UTC (rev 704)
@@ -0,0 +1,16 @@
+Index: shadow-4.0.14/src/useradd.c
+===================================================================
+--- shadow-4.0.14.orig/src/useradd.c 2005-12-14 21:05:25.000000000 +0100
++++ shadow-4.0.14/src/useradd.c 2005-12-14 22:32:33.000000000 +0100
+@@ -1402,9 +1402,9 @@
+
+
+ /*
+- * grp_update - add new group file entries
++ * grp_add - add new group file entries
+ *
+- * grp_update() writes the new records to the group files.
++ * grp_add() writes the new records to the group files.
+ */
+
+ static void grp_add (void)
Added: trunk/debian/patches/475_su_use_amroot_instead_of_getuid
===================================================================
--- trunk/debian/patches/475_su_use_amroot_instead_of_getuid 2005-12-14 22:10:48 UTC (rev 703)
+++ trunk/debian/patches/475_su_use_amroot_instead_of_getuid 2005-12-14 22:13:48 UTC (rev 704)
@@ -0,0 +1,13 @@
+Index: shadow-4.0.14/src/su.c
+===================================================================
+--- shadow-4.0.14.orig/src/su.c 2005-12-14 22:31:30.000000000 +0100
++++ shadow-4.0.14/src/su.c 2005-12-14 22:34:06.000000000 +0100
+@@ -608,7 +608,7 @@
+ /* For users with non null UID, if this user has a restricted
+ * shell, the shell must be the one specified in /etc/passwd
+ */
+- if (shellstr != NULL && getuid () && restricted_shell (pwent.pw_shell))
++ if (shellstr != NULL && !amroot && restricted_shell (pwent.pw_shell))
+ shellstr = NULL;
+ /* If the shell is not set at this time, use the shell specified
+ * in /etc/passwd.
Modified: trunk/debian/patches/series
===================================================================
--- trunk/debian/patches/series 2005-12-14 22:10:48 UTC (rev 703)
+++ trunk/debian/patches/series 2005-12-14 22:13:48 UTC (rev 704)
@@ -53,6 +53,13 @@
366_fflush-prompt
468_duplicate_passwd_struct_before_usage
502_fix_generated_man_pages
+469_non-su-options
+470_su.1_document_options
+471_su_simplify_option_preserve_environment
+472_su_exported_variables
+473_su_fix_comments
+474_useradd_fix_comments
+475_su_use_amroot_instead_of_getuid
# 999-2 is about using cdbs. It does not patch upstream files
# so shouldn't be here, but we keep it for the future
# 999-2_build_using_cdbs
More information about the Pkg-shadow-commits
mailing list