rpms / coreutils

Clone
Source Code
GIT

Files

  1.   a0c234b51e172414fcde2fbf51b86ae4b52cb0bb
  2.   coreutils-5.2.1-runuser.patch
Blob Blame History Raw 
--- coreutils-5.97/src/su.c.runuser	2006-07-21 14:32:13.000000000 +0100
+++ coreutils-5.97/src/su.c	2006-07-21 15:40:16.000000000 +0100
@@ -132,9 +132,15 @@
 #include "error.h"
 
 /* The official name of this program (e.g., no `g' prefix).  */
+#ifndef RUNUSER
 #define PROGRAM_NAME "su"
+#else
+#define PROGRAM_NAME "runuser"
+#endif
 
+#ifndef AUTHORS
 #define AUTHORS "David MacKenzie"
+#endif
 
 #if HAVE_PATHS_H
 # include <paths.h>
@@ -172,6 +178,10 @@
 #ifndef USE_PAM
 char *crypt ();
 #endif
+#ifndef CHECKPASSWD
+#define CHECKPASSWD 1
+#endif
+
 char *getpass ();
 char *getusershell ();
 void endusershell ();
@@ -180,7 +190,11 @@
 extern char **environ;
 
 static void run_shell (char const *, char const *, char **, size_t,
-	const struct passwd *)
+	const struct passwd *
+#ifdef RUNUSER
+		       , gid_t *groups, int num_groups
+#endif
+	)
 #ifdef USE_PAM
 	;
 #else
@@ -210,6 +224,10 @@
   {"login", no_argument, NULL, 'l'},
   {"preserve-environment", no_argument, NULL, 'p'},
   {"shell", required_argument, NULL, 's'},
+#ifdef RUNUSER
+  {"group", required_argument, NULL, 'g'},
+  {"supp-group", required_argument, NULL, 'G'},
+#endif
   {GETOPT_HELP_OPTION_DECL},
   {GETOPT_VERSION_OPTION_DECL},
   {NULL, 0, NULL, 0}
@@ -307,10 +325,12 @@
   retval = pam_start(PROGRAM_NAME, pw->pw_name, &conv, &pamh);
   PAM_BAIL_P;
 
+#ifndef RUNUSER
   if (getuid() != 0 && !isatty(0)) {
 	fprintf(stderr, "standard in must be a tty\n");
 	exit(1);
   }
+#endif
 
   caller = getpwuid(getuid());
   if(caller != NULL && caller->pw_name != NULL) {
@@ -327,6 +347,11 @@
     retval = pam_set_item(pamh, PAM_TTY, tty_name);
     PAM_BAIL_P;
   }
+#ifdef RUNUSER
+  if (getuid() != geteuid())
+    /* safety net: deny operation if we are suid by accident */
+    error(EXIT_FAIL, 1, "runuser may not be setuid");
+#else
   retval = pam_authenticate(pamh, 0);
   PAM_BAIL_P;
   retval = pam_acct_mgmt(pamh, 0);
@@ -336,6 +361,7 @@
     PAM_BAIL_P;
   }
   PAM_BAIL_P;
+#endif
   /* must be authenticated if this point was reached */
   return 1;
 #else /* !USE_PAM */
@@ -417,11 +443,22 @@
 /* Become the user and group(s) specified by PW.  */
 
 static void
-change_identity (const struct passwd *pw)
+change_identity (const struct passwd *pw
+#ifdef RUNUSER
+		 , gid_t *groups, int num_groups
+#endif
+	)
 {
 #ifdef HAVE_INITGROUPS
+  int rc = 0;
   errno = 0;
-  if (initgroups (pw->pw_name, pw->pw_gid) == -1) {
+#ifdef RUNUSER
+  if (num_groups)
+    rc = setgroups(num_groups, groups);
+  else
+#endif
+    rc = initgroups(pw->pw_name, pw->pw_gid);
+  if (rc == -1) {
 #ifdef USE_PAM
     pam_close_session(pamh, 0);
     pam_end(pamh, PAM_ABORT);
@@ -468,7 +505,11 @@
 
 static void
 run_shell (char const *shell, char const *command, char **additional_args,
-	   size_t n_additional_args, const struct passwd *pw)
+	   size_t n_additional_args, const struct passwd *pw
+#ifdef RUNUSER
+	   , gid_t *groups, int num_groups
+#endif
+	)
 {
   size_t n_args = 1 + fast_startup + 2 * !!command + n_additional_args + 1;
   char const **args = xnmalloc (n_args, sizeof *args);
@@ -499,7 +540,11 @@
 
   child = fork();
   if (child == 0) {  /* child shell */
-  change_identity (pw);
+  change_identity (pw
+#ifdef RUNUSER
+		   , groups, num_groups
+#endif
+	  );
   pam_end(pamh, 0);
   if (!same_session)
     setsid ();
@@ -647,6 +692,8 @@
 Change the effective user id and group id to that of USER.\n\
 \n\
   -, -l, --login               make the shell a login shell\n\
+  -g --group=group             specify the primary group\n\
+  -G --supp-group=group        specify a supplemental group\n\
   -c, --commmand=COMMAND       pass a single COMMAND to the shell with -c\n\
   --session-command=COMMAND    pass a single COMMAND to the shell with -c\n\
                                and do not create a new session\n\
@@ -676,6 +723,12 @@
   char *shell = NULL;
   struct passwd *pw;
   struct passwd pw_copy;
+#ifdef RUNUSER
+  struct group *gr;
+  gid_t groups[NGROUPS_MAX];
+  int num_supp_groups = 0;
+  int use_gid = 0;
+#endif
 
   initialize_main (&argc, &argv);
   program_name = argv[0];
@@ -690,7 +743,11 @@
   simulate_login = false;
   change_environment = true;
 
-  while ((optc = getopt_long (argc, argv, "c:flmps:", longopts, NULL)) != -1)
+  while ((optc = getopt_long (argc, argv, "c:flmps:"
+#ifdef RUNUSER
+			      "g:G:"
+#endif
+			      , longopts, NULL)) != -1)
     {
       switch (optc)
 	{
@@ -720,6 +777,28 @@
 	  shell = optarg;
 	  break;
 
+#ifdef RUNUSER
+	case 'g':
+	  gr = getgrnam(optarg);
+	  if (!gr)
+	    error (EXIT_FAIL, 0, _("group %s does not exist"), optarg);
+	  use_gid = 1;
+	  groups[0] = gr->gr_gid;
+	  break;
+
+	case 'G':
+	  num_supp_groups++;
+	  if (num_supp_groups >= NGROUPS_MAX)
+	    error (EXIT_FAIL, 0,
+		   _("Can't specify more than %d supplemental groups"),
+		   NGROUPS_MAX - 1);
+	  gr = getgrnam(optarg);
+	  if (!gr)
+	    error (EXIT_FAIL, 0, _("group %s does not exist"), optarg);
+	  groups[num_supp_groups] = gr->gr_gid;
+	  break;
+#endif
+
 	case_GETOPT_HELP_CHAR;
 
 	case_GETOPT_VERSION_CHAR (PROGRAM_NAME, AUTHORS);
@@ -758,7 +837,20 @@
 			  : DEFAULT_SHELL);
   endpwent ();
 
-  if (!correct_password (pw))
+#ifdef RUNUSER
+  if (num_supp_groups && !use_gid)
+  {
+    pw->pw_gid = groups[1];
+    memmove (groups, groups + 1, sizeof(gid_t) * num_supp_groups);
+  }
+  else if (use_gid)
+  {
+    pw->pw_gid = groups[0];
+    num_supp_groups++;
+  }
+#endif
+
+  if (CHECKPASSWD && !correct_password (pw))
     {
 #ifdef SYSLOG_FAILURE
       log_su (pw, false);
@@ -790,10 +882,18 @@
   modify_environment (pw, shell);
 
 #ifndef USE_PAM
-  change_identity (pw);
+  change_identity (pw
+#ifdef RUNUSER
+		   , groups, num_supp_groups
+#endif
+		   );
 #endif
   if (simulate_login && chdir (pw->pw_dir) != 0)
     error (0, errno, _("warning: cannot change directory to %s"), pw->pw_dir);
 
-  run_shell (shell, command, argv + optind, MAX (0, argc - optind), pw);
+  run_shell (shell, command, argv + optind, MAX (0, argc - optind), pw
+#ifdef RUNUSER
+	     , groups, num_supp_groups
+#endif
+	     );
 }
--- coreutils-5.97/src/Makefile.am.runuser	2006-07-21 14:32:13.000000000 +0100
+++ coreutils-5.97/src/Makefile.am	2006-07-21 14:32:13.000000000 +0100
@@ -17,7 +17,7 @@
 ## along with this program; if not, write to the Free Software Foundation,
 ## Inc., 51 Franklin Street, Fifth Floor, Boston, MA 02110-1301, USA.
 
-EXTRA_PROGRAMS = chroot df hostid nice pinky stty su uname uptime users who
+EXTRA_PROGRAMS = chroot df hostid nice pinky stty su runuser uname uptime users who
 
 bin_SCRIPTS = groups
 bin_PROGRAMS = [ chgrp chown chmod cp dd dircolors du \
@@ -94,6 +94,10 @@
 
 su_LDADD = $(LDADD) $(LIB_CRYPT) @LIB_PAM@
 
+runuser_SOURCES = su.c
+runuser_CFLAGS = -DRUNUSER -DAUTHORS="\"David MacKenzie, Dan Walsh\""
+runuser_LDADD = $(LDADD) $(LIB_CRYPT) @LIB_PAM@
+
 $(PROGRAMS): ../lib/libcoreutils.a
 
 SUFFIXES = .sh
@@ -108,7 +112,7 @@
 	chmod +x $@-t
 	mv $@-t $@
 
-all-local: su$(EXEEXT)
+all-local: su$(EXEEXT) runuser
 
 installed_su = $(DESTDIR)$(bindir)/`echo su|sed '$(transform)'`
 
--- coreutils-5.97/tests/help-version.runuser	2006-06-01 08:26:09.000000000 +0100
+++ coreutils-5.97/tests/help-version	2006-07-21 14:32:13.000000000 +0100
@@ -137,6 +137,7 @@
 seq_args=10
 sleep_args=0
 su_args=--version
+runuser_args=--version
 test_args=foo
 
 # This is necessary in the unusual event that there is
--- coreutils-5.97/AUTHORS.runuser	2006-07-21 14:32:13.000000000 +0100
+++ coreutils-5.97/AUTHORS	2006-07-21 14:32:13.000000000 +0100
@@ -60,6 +60,7 @@
 readlink: Dmitry V. Levin
 rm: Paul Rubin, David MacKenzie, Richard Stallman, Jim Meyering
 rmdir: David MacKenzie
+runuser: David MacKenzie, Dan Walsh
 seq: Ulrich Drepper
 sha1sum: Ulrich Drepper, Scott Miller, David Madore
 sha224sum: Ulrich Drepper, Scott Miller, David Madore
--- coreutils-5.97/README.runuser	2006-07-21 14:32:13.000000000 +0100
+++ coreutils-5.97/README	2006-07-21 14:32:13.000000000 +0100
@@ -12,7 +12,7 @@
   df dir dircolors dirname du echo env expand expr factor false fmt fold
   ginstall groups head hostid hostname id join kill link ln logname ls
   md5sum mkdir mkfifo mknod mv nice nl nohup od paste pathchk pinky pr
-  printenv printf ptx pwd readlink rm rmdir seq sha1sum sha224sum
+  printenv printf ptx pwd readlink rm rmdir runuser seq sha1sum sha224sum
   sha256sum sha384sum sha512sum shred sleep sort
   split stat stty su sum sync tac tail tee test touch tr true tsort tty
   uname unexpand uniq unlink uptime users vdir wc who whoami yes
--- /dev/null	2006-07-21 09:48:40.571484750 +0100
+++ coreutils-5.97/man/runuser.x	2006-07-21 14:32:13.000000000 +0100
@@ -0,0 +1,4 @@
+[NAME]
+runuser \- run a shell with substitute user and group IDs
+[DESCRIPTION]
+.\" Add any additional description here
--- /dev/null	2006-07-21 09:48:40.571484750 +0100
+++ coreutils-5.97/man/runuser.1	2006-07-21 14:32:13.000000000 +0100
@@ -0,0 +1,59 @@
+.\" DO NOT MODIFY THIS FILE!  It was generated by help2man 1.33.
+.TH RUNUSER "1" "September 2004" "runuser (coreutils) 5.2.1" "User Commands"
+.SH NAME
+runuser \- run a shell with substitute user and group IDs, similar to su, but will not prompt for password.
+.SH SYNOPSIS
+.B runuser
+[\fIOPTION\fR]... [\fI-\fR] [\fIUSER \fR[\fIARG\fR]...]
+.SH DESCRIPTION
+.\" Add any additional description here
+.PP
+Change the effective user id and group id to that of USER.
+.TP
+-, \fB\-l\fR, \fB\-\-login\fR
+make the shell a login shell
+.TP
+\fB\-c\fR, \fB\-\-commmand\fR=\fICOMMAND\fR
+pass a single COMMAND to the shell with \fB\-c\fR
+.TP
+\fB\-f\fR, \fB\-\-fast\fR
+pass \fB\-f\fR to the shell (for csh or tcsh)
+.TP
+\fB\-m\fR, \fB\-\-preserve\-environment\fR
+do not reset environment variables
+.TP
+\fB\-p\fR
+same as \fB\-m\fR
+.TP
+\fB\-s\fR, \fB\-\-shell\fR=\fISHELL\fR
+run SHELL if /etc/shells allows it
+.TP
+\fB\-\-help\fR
+display this help and exit
+.TP
+\fB\-\-version\fR
+output version information and exit
+.PP
+A mere - implies \fB\-l\fR.   If USER not given, assume root.
+.SH AUTHOR
+Written by David MacKenzie, Dan Walsh.
+.SH "REPORTING BUGS"
+Report bugs to <bug-coreutils@gnu.org>.
+.SH COPYRIGHT
+Copyright \(co 2004 Free Software Foundation, Inc.
+.br
+This is free software; see the source for copying conditions.  There is NO
+warranty; not even for MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.
+.SH "SEE ALSO"
+Since this command is trimmed down version of su use you can use the su manual.
+The full documentation for
+.B su
+is maintained as a Texinfo manual.  If the
+.B info
+and
+.B su
+programs are properly installed at your site, the command
+.IP
+.B info coreutils su
+.PP
+should give you access to the complete manual.
--- coreutils-5.97/man/Makefile.am.runuser	2006-07-21 14:32:13.000000000 +0100
+++ coreutils-5.97/man/Makefile.am	2006-07-21 14:32:13.000000000 +0100
@@ -7,7 +7,7 @@
   link.1 ln.1 logname.1 \
   ls.1 md5sum.1 mkdir.1 mkfifo.1 mknod.1 mv.1 nice.1 nl.1 nohup.1 od.1 \
   paste.1 pathchk.1 pinky.1 pr.1 printenv.1 printf.1 ptx.1 pwd.1 readlink.1 \
-  rm.1 rmdir.1 seq.1 sha1sum.1 sha224sum.1 sha256sum.1 sha384sum.1 sha512sum.1 \
+  rm.1 rmdir.1 runuser.1 seq.1 sha1sum.1 sha224sum.1 sha256sum.1 sha384sum.1 sha512sum.1 \
   shred.1 sleep.1 sort.1 split.1 stat.1 stty.1 \
   su.1 sum.1 sync.1 tac.1 tail.1 tee.1 test.1 touch.1 tr.1 true.1 tsort.1 \
   tty.1 uname.1 unexpand.1 uniq.1 unlink.1 uptime.1 users.1 vdir.1 wc.1 \
@@ -83,6 +83,7 @@
 readlink.1:	$(common_dep)	$(srcdir)/readlink.x	../src/readlink.c
 rm.1:		$(common_dep)	$(srcdir)/rm.x		../src/rm.c
 rmdir.1:	$(common_dep)	$(srcdir)/rmdir.x	../src/rmdir.c
+runuser.1:	$(common_dep)	$(srcdir)/runuser.x	../src/su.c
 seq.1:		$(common_dep)	$(srcdir)/seq.x		../src/seq.c
 sha1sum.1:	$(common_dep)	$(srcdir)/sha1sum.x	../src/md5sum.c
 sha224sum.1:    $(common_dep)   $(srcdir)/sha224sum.x   ../src/md5sum.c
Powered by Pagure 5.13.3
DocumentationFile an IssueAbout this InstanceSSH Hostkey/Fingerprint
© Red Hat, Inc. and others.