diff --git a/0200-su-add-group-and-supp-group-options.patch b/0200-su-add-group-and-supp-group-options.patch new file mode 100644 index 0000000..fae59a9 --- /dev/null +++ b/0200-su-add-group-and-supp-group-options.patch @@ -0,0 +1,203 @@ +From 6273784aa4f40121b3963b41df0986044eeaced0 Mon Sep 17 00:00:00 2001 +From: Karel Zak +Date: Tue, 28 Aug 2012 16:32:28 +0200 +Subject: [PATCH 200/208] su: add --group and --supp-group options + +These options allow to specify alternative groups. The command +su(1) has to be executed by root. The implementation is based on +Fedora runuser(1) command. + +For example: + + # su --group=kzak --supp-group=uuidd - + # id + uid=0(root) gid=1000(kzak) groups=0(root),985(uuidd),1000(kzak) + +non-root user: + + $ su --group=kzak - + su: only root can specify alternative groups + +Signed-off-by: Karel Zak +--- + login-utils/su.1 | 6 +++++ + login-utils/su.c | 73 ++++++++++++++++++++++++++++++++++++++++++++++++++++---- + 2 files changed, 75 insertions(+), 4 deletions(-) + +diff --git a/login-utils/su.1 b/login-utils/su.1 +index 598cebd..59e1731 100644 +--- a/login-utils/su.1 ++++ b/login-utils/su.1 +@@ -59,6 +59,12 @@ Pass + to the shell which may or may not be useful depending on the + shell. + .TP ++\fB\-g\fR, \fB\-\-group\fR=\fIgroup\fR\fR ++specify the primary group, this option is allowed for root user only ++.TP ++\fB\-G\fR, \fB\-\-supp-group\fR=\fIgroup\fR\fR ++specify a supplemental group, this option is allowed for root user only ++.TP + \fB\-\fR, \fB\-l\fR, \fB\-\-login\fR + Starts the shell as login shell with an environment similar to a real + login: +diff --git a/login-utils/su.c b/login-utils/su.c +index c6b8bce..f11c757 100644 +--- a/login-utils/su.c ++++ b/login-utils/su.c +@@ -110,6 +110,8 @@ static struct option const longopts[] = + {"login", no_argument, NULL, 'l'}, + {"preserve-environment", no_argument, NULL, 'p'}, + {"shell", required_argument, NULL, 's'}, ++ {"group", required_argument, NULL, 'g'}, ++ {"supp-group", required_argument, NULL, 'G'}, + {"help", no_argument, 0, 'h'}, + {"version", no_argument, 0, 'V'}, + {NULL, 0, NULL, 0} +@@ -424,11 +426,18 @@ modify_environment (const struct passwd *pw, const char *shell) + /* Become the user and group(s) specified by PW. */ + + static void +-init_groups (const struct passwd *pw) ++init_groups (const struct passwd *pw, gid_t *groups, int num_groups) + { + int retval; ++ + errno = 0; +- if (initgroups (pw->pw_name, pw->pw_gid) == -1) ++ ++ if (num_groups) ++ retval = setgroups (num_groups, groups); ++ else ++ retval = initgroups (pw->pw_name, pw->pw_gid); ++ ++ if (retval == -1) + { + cleanup_pam (PAM_ABORT); + err (EXIT_FAILURE, _("cannot set groups")); +@@ -535,6 +544,8 @@ usage (int status) + -c, --command pass a single command to the shell with -c\n\ + --session-command pass a single command to the shell with -c\n\ + and do not create a new session\n\ ++ -g --group=group specify the primary group\n\ ++ -G --supp-group=group specify a supplemental group\n\ + -f, --fast pass -f to the shell (for csh or tcsh)\n\ + -m, --preserve-environment do not reset environment variables\n\ + -p same as -m\n\ +@@ -556,6 +567,19 @@ void load_config(void) + logindefs_load_file(_PATH_LOGINDEFS); + } + ++/* ++ * Returns 1 if the current user is not root ++ */ ++static int ++evaluate_uid(void) ++{ ++ uid_t ruid = getuid(); ++ uid_t euid = geteuid(); ++ ++ /* if we're really root and aren't running setuid */ ++ return (uid_t) 0 == ruid && ruid == euid ? 0 : 1; ++} ++ + int + main (int argc, char **argv) + { +@@ -566,6 +590,11 @@ main (int argc, char **argv) + char *shell = NULL; + struct passwd *pw; + struct passwd pw_copy; ++ struct group *gr; ++ gid_t groups[NGROUPS_MAX]; ++ int num_supp_groups = 0; ++ int use_gid = 0; ++ int restricted; + + setlocale (LC_ALL, ""); + bindtextdomain (PACKAGE, LOCALEDIR); +@@ -575,7 +604,7 @@ main (int argc, char **argv) + simulate_login = false; + change_environment = true; + +- while ((optc = getopt_long (argc, argv, "c:flmps:hV", longopts, NULL)) != -1) ++ while ((optc = getopt_long (argc, argv, "c:fg:G:lmps:hV", longopts, NULL)) != -1) + { + switch (optc) + { +@@ -592,6 +621,26 @@ main (int argc, char **argv) + fast_startup = true; + break; + ++ case 'g': ++ gr = getgrnam(optarg); ++ if (!gr) ++ errx(EXIT_FAILURE, _("group %s does not exist"), optarg); ++ use_gid = 1; ++ groups[0] = gr->gr_gid; ++ break; ++ ++ case 'G': ++ num_supp_groups++; ++ if (num_supp_groups >= NGROUPS_MAX) ++ errx(EXIT_FAILURE, ++ _("can't specify more than %d supplemental groups"), ++ NGROUPS_MAX - 1); ++ gr = getgrnam(optarg); ++ if (!gr) ++ errx(EXIT_FAILURE, _("group %s does not exist"), optarg); ++ groups[num_supp_groups] = gr->gr_gid; ++ break; ++ + case 'l': + simulate_login = true; + break; +@@ -617,6 +666,8 @@ main (int argc, char **argv) + } + } + ++ restricted = evaluate_uid (); ++ + if (optind < argc && !strcmp (argv[optind], "-")) + { + simulate_login = true; +@@ -625,6 +676,9 @@ main (int argc, char **argv) + if (optind < argc) + new_user = argv[optind++]; + ++ if ((num_supp_groups || use_gid) && restricted) ++ errx(EXIT_FAILURE, _("only root can specify alternative groups")); ++ + logindefs_load_defaults = load_config; + + pw = getpwnam (new_user); +@@ -648,6 +702,17 @@ main (int argc, char **argv) + : DEFAULT_SHELL); + endpwent (); + ++ if (num_supp_groups && !use_gid) ++ { ++ pw->pw_gid = groups[1]; ++ memmove (groups, groups + 1, sizeof(gid_t) * num_supp_groups); ++ } ++ else if (use_gid) ++ { ++ pw->pw_gid = groups[0]; ++ num_supp_groups++; ++ } ++ + authenticate (pw); + + if (request_same_session || !command || !pw->pw_uid) +@@ -666,7 +731,7 @@ main (int argc, char **argv) + } + shell = xstrdup (shell ? shell : pw->pw_shell); + +- init_groups (pw); ++ init_groups (pw, groups, num_supp_groups); + + create_watching_parent (); + /* Now we're in the child. */ +-- +1.7.11.7 + diff --git a/0201-su-move-generic-su-code-to-su-common.c.patch b/0201-su-move-generic-su-code-to-su-common.c.patch new file mode 100644 index 0000000..25c7141 --- /dev/null +++ b/0201-su-move-generic-su-code-to-su-common.c.patch @@ -0,0 +1,1576 @@ +From 1874fa1ef38ce41eaf61b1aada25fac5f6966839 Mon Sep 17 00:00:00 2001 +From: Karel Zak +Date: Thu, 1 Nov 2012 12:38:48 +0100 +Subject: [PATCH 201/208] su: move generic su code to su-common.c + +Signed-off-by: Karel Zak +--- + login-utils/Makemodule.am | 2 + + login-utils/su-common.c | 759 ++++++++++++++++++++++++++++++++++++++++++++++ + login-utils/su-common.h | 12 + + login-utils/su.c | 754 +-------------------------------------------- + 4 files changed, 776 insertions(+), 751 deletions(-) + create mode 100644 login-utils/su-common.c + create mode 100644 login-utils/su-common.h + +diff --git a/login-utils/Makemodule.am b/login-utils/Makemodule.am +index e10da46..b918f00 100644 +--- a/login-utils/Makemodule.am ++++ b/login-utils/Makemodule.am +@@ -83,6 +83,8 @@ bin_PROGRAMS += su + dist_man_MANS += login-utils/su.1 + su_SOURCES = \ + login-utils/su.c \ ++ login-utils/su-common.c \ ++ login-utils/su-common.h \ + login-utils/logindefs.c \ + login-utils/logindefs.h + su_CFLAGS = $(SUID_CFLAGS) $(AM_CFLAGS) +diff --git a/login-utils/su-common.c b/login-utils/su-common.c +new file mode 100644 +index 0000000..f1f46aa +--- /dev/null ++++ b/login-utils/su-common.c +@@ -0,0 +1,759 @@ ++/* su for Linux. Run a shell with substitute user and group IDs. ++ Copyright (C) 1992-2006 Free Software Foundation, Inc. ++ Copyright (C) 2012 SUSE Linux Products GmbH, Nuernberg ++ ++ This program is free software; you can redistribute it and/or modify ++ it under the terms of the GNU General Public License as published by ++ the Free Software Foundation; either version 2, or (at your option) ++ any later version. ++ ++ This program is distributed in the hope that it will be useful, ++ but WITHOUT ANY WARRANTY; without even the implied warranty of ++ MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the ++ GNU General Public License for more details. ++ ++ You should have received a copy of the GNU General Public License ++ along with this program; if not, write to the Free Software Foundation, ++ Inc., 51 Franklin Street, Fifth Floor, Boston, MA 02110-1301, USA. */ ++ ++/* Run a shell with the real and effective UID and GID and groups ++ of USER, default `root'. ++ ++ The shell run is taken from USER's password entry, /bin/sh if ++ none is specified there. If the account has a password, su ++ prompts for a password unless run by a user with real UID 0. ++ ++ Does not change the current directory. ++ Sets `HOME' and `SHELL' from the password entry for USER, and if ++ USER is not root, sets `USER' and `LOGNAME' to USER. ++ The subshell is not a login shell. ++ ++ If one or more ARGs are given, they are passed as additional ++ arguments to the subshell. ++ ++ Does not handle /bin/sh or other shells specially ++ (setting argv[0] to "-su", passing -c only to certain shells, etc.). ++ I don't see the point in doing that, and it's ugly. ++ ++ Based on an implemenation by David MacKenzie . */ ++ ++enum ++{ ++ EXIT_CANNOT_INVOKE = 126, ++ EXIT_ENOENT = 127 ++}; ++ ++#include ++#include ++#include ++#include ++#include ++#include ++#include ++#include ++#include ++#include ++#include ++ ++#include "err.h" ++ ++#include ++#include "c.h" ++#include "xalloc.h" ++#include "nls.h" ++#include "pathnames.h" ++#include "env.h" ++ ++/* name of the pam configuration files. separate configs for su and su - */ ++#define PAM_SERVICE_NAME "su" ++#define PAM_SERVICE_NAME_L "su-l" ++ ++#define is_pam_failure(_rc) ((_rc) != PAM_SUCCESS) ++ ++#include "logindefs.h" ++#include "su-common.h" ++ ++/* The shell to run if none is given in the user's passwd entry. */ ++#define DEFAULT_SHELL "/bin/sh" ++ ++/* The user to become if none is specified. */ ++#define DEFAULT_USER "root" ++ ++#ifndef HAVE_ENVIRON_DECL ++extern char **environ; ++#endif ++ ++static void run_shell (char const *, char const *, char **, size_t) ++ __attribute__ ((__noreturn__)); ++ ++/* If true, pass the `-f' option to the subshell. */ ++static bool fast_startup; ++ ++/* If true, simulate a login instead of just starting a shell. */ ++static bool simulate_login; ++ ++/* If true, change some environment vars to indicate the user su'd to. */ ++static bool change_environment; ++ ++/* If true, then don't call setsid() with a command. */ ++int same_session = 0; ++ ++/* SU_MODE_{RUNUSER,SU} */ ++static int su_mode; ++ ++static bool _pam_session_opened; ++static bool _pam_cred_established; ++static sig_atomic_t volatile caught_signal = false; ++static pam_handle_t *pamh = NULL; ++ ++static struct option const longopts[] = ++{ ++ {"command", required_argument, NULL, 'c'}, ++ {"session-command", required_argument, NULL, 'C'}, ++ {"fast", no_argument, NULL, 'f'}, ++ {"login", no_argument, NULL, 'l'}, ++ {"preserve-environment", no_argument, NULL, 'p'}, ++ {"shell", required_argument, NULL, 's'}, ++ {"group", required_argument, NULL, 'g'}, ++ {"supp-group", required_argument, NULL, 'G'}, ++ {"help", no_argument, 0, 'h'}, ++ {"version", no_argument, 0, 'V'}, ++ {NULL, 0, NULL, 0} ++}; ++ ++/* Log the fact that someone has run su to the user given by PW; ++ if SUCCESSFUL is true, they gave the correct password, etc. */ ++ ++static void ++log_su (struct passwd const *pw, bool successful) ++{ ++ const char *new_user, *old_user, *tty; ++ ++ new_user = pw->pw_name; ++ /* The utmp entry (via getlogin) is probably the best way to identify ++ the user, especially if someone su's from a su-shell. */ ++ old_user = getlogin (); ++ if (!old_user) ++ { ++ /* getlogin can fail -- usually due to lack of utmp entry. ++ Resort to getpwuid. */ ++ struct passwd *pwd = getpwuid (getuid ()); ++ old_user = (pwd ? pwd->pw_name : ""); ++ } ++ tty = ttyname (STDERR_FILENO); ++ if (!tty) ++ tty = "none"; ++ ++ openlog (program_invocation_short_name, 0 , LOG_AUTH); ++ syslog (LOG_NOTICE, "%s(to %s) %s on %s", ++ successful ? "" : "FAILED SU ", ++ new_user, old_user, tty); ++ closelog (); ++} ++ ++static struct pam_conv conv = ++{ ++ misc_conv, ++ NULL ++}; ++ ++static void ++cleanup_pam (int retcode) ++{ ++ int saved_errno = errno; ++ ++ if (_pam_session_opened) ++ pam_close_session (pamh, 0); ++ ++ if (_pam_cred_established) ++ pam_setcred (pamh, PAM_DELETE_CRED | PAM_SILENT); ++ ++ pam_end(pamh, retcode); ++ ++ errno = saved_errno; ++} ++ ++/* Signal handler for parent process. */ ++static void ++su_catch_sig (int sig __attribute__((__unused__))) ++{ ++ caught_signal = true; ++} ++ ++/* Export env variables declared by PAM modules. */ ++static void ++export_pamenv (void) ++{ ++ char **env; ++ ++ /* This is a copy but don't care to free as we exec later anyways. */ ++ env = pam_getenvlist (pamh); ++ while (env && *env) ++ { ++ if (putenv (*env) != 0) ++ err (EXIT_FAILURE, NULL); ++ env++; ++ } ++} ++ ++static void ++create_watching_parent (void) ++{ ++ pid_t child; ++ sigset_t ourset; ++ int status = 0; ++ int retval; ++ ++ retval = pam_open_session (pamh, 0); ++ if (is_pam_failure(retval)) ++ { ++ cleanup_pam (retval); ++ errx (EXIT_FAILURE, _("cannot not open session: %s"), ++ pam_strerror (pamh, retval)); ++ } ++ else ++ _pam_session_opened = 1; ++ ++ child = fork (); ++ if (child == (pid_t) -1) ++ { ++ cleanup_pam (PAM_ABORT); ++ err (EXIT_FAILURE, _("cannot create child process")); ++ } ++ ++ /* the child proceeds to run the shell */ ++ if (child == 0) ++ return; ++ ++ /* In the parent watch the child. */ ++ ++ /* su without pam support does not have a helper that keeps ++ sitting on any directory so let's go to /. */ ++ if (chdir ("/") != 0) ++ warn (_("cannot change directory to %s"), "/"); ++ ++ sigfillset (&ourset); ++ if (sigprocmask (SIG_BLOCK, &ourset, NULL)) ++ { ++ warn (_("cannot block signals")); ++ caught_signal = true; ++ } ++ if (!caught_signal) ++ { ++ struct sigaction action; ++ action.sa_handler = su_catch_sig; ++ sigemptyset (&action.sa_mask); ++ action.sa_flags = 0; ++ sigemptyset (&ourset); ++ if (!same_session) ++ { ++ if (sigaddset(&ourset, SIGINT) || sigaddset(&ourset, SIGQUIT)) ++ { ++ warn (_("cannot set signal handler")); ++ caught_signal = true; ++ } ++ } ++ if (!caught_signal && (sigaddset(&ourset, SIGTERM) ++ || sigaddset(&ourset, SIGALRM) ++ || sigaction(SIGTERM, &action, NULL) ++ || sigprocmask(SIG_UNBLOCK, &ourset, NULL))) { ++ warn (_("cannot set signal handler")); ++ caught_signal = true; ++ } ++ if (!caught_signal && !same_session && (sigaction(SIGINT, &action, NULL) ++ || sigaction(SIGQUIT, &action, NULL))) ++ { ++ warn (_("cannot set signal handler")); ++ caught_signal = true; ++ } ++ } ++ if (!caught_signal) ++ { ++ pid_t pid; ++ for (;;) ++ { ++ pid = waitpid (child, &status, WUNTRACED); ++ ++ if (pid != (pid_t)-1 && WIFSTOPPED (status)) ++ { ++ kill (getpid (), SIGSTOP); ++ /* once we get here, we must have resumed */ ++ kill (pid, SIGCONT); ++ } ++ else ++ break; ++ } ++ if (pid != (pid_t)-1) ++ if (WIFSIGNALED (status)) ++ status = WTERMSIG (status) + 128; ++ else ++ status = WEXITSTATUS (status); ++ else ++ status = 1; ++ } ++ else ++ status = 1; ++ ++ if (caught_signal) ++ { ++ fprintf (stderr, _("\nSession terminated, killing shell...")); ++ kill (child, SIGTERM); ++ } ++ ++ cleanup_pam (PAM_SUCCESS); ++ ++ if (caught_signal) ++ { ++ sleep (2); ++ kill (child, SIGKILL); ++ fprintf (stderr, _(" ...killed.\n")); ++ } ++ exit (status); ++} ++ ++static void ++authenticate (const struct passwd *pw) ++{ ++ const struct passwd *lpw; ++ const char *cp; ++ int retval; ++ ++ retval = pam_start (simulate_login ? PAM_SERVICE_NAME_L : PAM_SERVICE_NAME, ++ pw->pw_name, &conv, &pamh); ++ if (is_pam_failure(retval)) ++ goto done; ++ ++ if (isatty (0) && (cp = ttyname (0)) != NULL) ++ { ++ const char *tty; ++ ++ if (strncmp (cp, "/dev/", 5) == 0) ++ tty = cp + 5; ++ else ++ tty = cp; ++ retval = pam_set_item (pamh, PAM_TTY, tty); ++ if (is_pam_failure(retval)) ++ goto done; ++ } ++ ++ lpw = getpwuid (getuid ()); ++ if (lpw && lpw->pw_name) ++ { ++ retval = pam_set_item (pamh, PAM_RUSER, (const void *) lpw->pw_name); ++ if (is_pam_failure(retval)) ++ goto done; ++ } ++ ++ retval = pam_authenticate (pamh, 0); ++ if (is_pam_failure(retval)) ++ goto done; ++ ++ retval = pam_acct_mgmt (pamh, 0); ++ if (retval == PAM_NEW_AUTHTOK_REQD) ++ { ++ /* Password has expired. Offer option to change it. */ ++ retval = pam_chauthtok (pamh, PAM_CHANGE_EXPIRED_AUTHTOK); ++ } ++ ++done: ++ ++ log_su (pw, !is_pam_failure(retval)); ++ ++ if (is_pam_failure(retval)) ++ { ++ const char *msg = pam_strerror(pamh, retval); ++ pam_end(pamh, retval); ++ sleep (getlogindefs_num ("FAIL_DELAY", 1)); ++ errx (EXIT_FAILURE, "%s", msg?msg:_("incorrect password")); ++ } ++} ++ ++static void ++set_path(const struct passwd* pw) ++{ ++ int r; ++ if (pw->pw_uid) ++ r = logindefs_setenv("PATH", "ENV_PATH", _PATH_DEFPATH); ++ ++ else if ((r = logindefs_setenv("PATH", "ENV_ROOTPATH", NULL)) != 0) ++ r = logindefs_setenv("PATH", "ENV_SUPATH", _PATH_DEFPATH_ROOT); ++ ++ if (r != 0) ++ err (EXIT_FAILURE, _("failed to set PATH")); ++} ++ ++/* Update `environ' for the new shell based on PW, with SHELL being ++ the value for the SHELL environment variable. */ ++ ++static void ++modify_environment (const struct passwd *pw, const char *shell) ++{ ++ if (simulate_login) ++ { ++ /* Leave TERM unchanged. Set HOME, SHELL, USER, LOGNAME, PATH. ++ Unset all other environment variables. */ ++ char const *term = getenv ("TERM"); ++ if (term) ++ term = xstrdup (term); ++ environ = xmalloc ((6 + !!term) * sizeof (char *)); ++ environ[0] = NULL; ++ if (term) ++ xsetenv ("TERM", term, 1); ++ xsetenv ("HOME", pw->pw_dir, 1); ++ xsetenv ("SHELL", shell, 1); ++ xsetenv ("USER", pw->pw_name, 1); ++ xsetenv ("LOGNAME", pw->pw_name, 1); ++ set_path(pw); ++ } ++ else ++ { ++ /* Set HOME, SHELL, and if not becoming a super-user, ++ USER and LOGNAME. */ ++ if (change_environment) ++ { ++ xsetenv ("HOME", pw->pw_dir, 1); ++ xsetenv ("SHELL", shell, 1); ++ if (getlogindefs_bool ("ALWAYS_SET_PATH", 0)) ++ set_path(pw); ++ ++ if (pw->pw_uid) ++ { ++ xsetenv ("USER", pw->pw_name, 1); ++ xsetenv ("LOGNAME", pw->pw_name, 1); ++ } ++ } ++ } ++ ++ export_pamenv (); ++} ++ ++/* Become the user and group(s) specified by PW. */ ++ ++static void ++init_groups (const struct passwd *pw, gid_t *groups, int num_groups) ++{ ++ int retval; ++ ++ errno = 0; ++ ++ if (num_groups) ++ retval = setgroups (num_groups, groups); ++ else ++ retval = initgroups (pw->pw_name, pw->pw_gid); ++ ++ if (retval == -1) ++ { ++ cleanup_pam (PAM_ABORT); ++ err (EXIT_FAILURE, _("cannot set groups")); ++ } ++ endgrent (); ++ ++ retval = pam_setcred (pamh, PAM_ESTABLISH_CRED); ++ if (is_pam_failure(retval)) ++ errx (EXIT_FAILURE, "%s", pam_strerror (pamh, retval)); ++ else ++ _pam_cred_established = 1; ++} ++ ++static void ++change_identity (const struct passwd *pw) ++{ ++ if (setgid (pw->pw_gid)) ++ err (EXIT_FAILURE, _("cannot set group id")); ++ if (setuid (pw->pw_uid)) ++ err (EXIT_FAILURE, _("cannot set user id")); ++} ++ ++/* Run SHELL, or DEFAULT_SHELL if SHELL is empty. ++ If COMMAND is nonzero, pass it to the shell with the -c option. ++ Pass ADDITIONAL_ARGS to the shell as more arguments; there ++ are N_ADDITIONAL_ARGS extra arguments. */ ++ ++static void ++run_shell (char const *shell, char const *command, char **additional_args, ++ size_t n_additional_args) ++{ ++ size_t n_args = 1 + fast_startup + 2 * !!command + n_additional_args + 1; ++ char const **args = xcalloc (n_args, sizeof *args); ++ size_t argno = 1; ++ ++ if (simulate_login) ++ { ++ char *arg0; ++ char *shell_basename; ++ ++ shell_basename = basename (shell); ++ arg0 = xmalloc (strlen (shell_basename) + 2); ++ arg0[0] = '-'; ++ strcpy (arg0 + 1, shell_basename); ++ args[0] = arg0; ++ } ++ else ++ args[0] = basename (shell); ++ if (fast_startup) ++ args[argno++] = "-f"; ++ if (command) ++ { ++ args[argno++] = "-c"; ++ args[argno++] = command; ++ } ++ memcpy (args + argno, additional_args, n_additional_args * sizeof *args); ++ args[argno + n_additional_args] = NULL; ++ execv (shell, (char **) args); ++ ++ { ++ int exit_status = (errno == ENOENT ? EXIT_ENOENT : EXIT_CANNOT_INVOKE); ++ warn ("%s", shell); ++ exit (exit_status); ++ } ++} ++ ++/* Return true if SHELL is a restricted shell (one not returned by ++ getusershell), else false, meaning it is a standard shell. */ ++ ++static bool ++restricted_shell (const char *shell) ++{ ++ char *line; ++ ++ setusershell (); ++ while ((line = getusershell ()) != NULL) ++ { ++ if (*line != '#' && !strcmp (line, shell)) ++ { ++ endusershell (); ++ return false; ++ } ++ } ++ endusershell (); ++ return true; ++} ++ ++static void __attribute__((__noreturn__)) ++usage (int status) ++{ ++ if (status != EXIT_SUCCESS) ++ fprintf (stderr, _("Try `%s --help' for more information.\n"), ++ program_invocation_short_name); ++ else ++ { ++ fputs(USAGE_HEADER, stdout); ++ printf (_(" %s [options] [-] [USER [arg]...]\n"), program_invocation_short_name); ++ fputs (_("\n\ ++ Change the effective user id and group id to that of USER.\n\ ++ A mere - implies -l. If USER not given, assume root.\n"), stdout); ++ fputs(USAGE_OPTIONS, stdout); ++ fputs (_("\ ++ -, -l, --login make the shell a login shell\n\ ++ -c, --command pass a single command to the shell with -c\n\ ++ --session-command pass a single command to the shell with -c\n\ ++ and do not create a new session\n\ ++ -g --group=group specify the primary group\n\ ++ -G --supp-group=group specify a supplemental group\n\ ++ -f, --fast pass -f to the shell (for csh or tcsh)\n\ ++ -m, --preserve-environment do not reset environment variables\n\ ++ -p same as -m\n\ ++ -s, --shell run shell if /etc/shells allows it\n\ ++"), stdout); ++ ++ fputs(USAGE_SEPARATOR, stdout); ++ fputs(USAGE_HELP, stdout); ++ fputs(USAGE_VERSION, stdout); ++ printf(USAGE_MAN_TAIL("su(1)")); ++ } ++ exit (status); ++} ++ ++static ++void load_config(void) ++{ ++ logindefs_load_file("/etc/default/su"); ++ logindefs_load_file(_PATH_LOGINDEFS); ++} ++ ++/* ++ * Returns 1 if the current user is not root ++ */ ++static int ++evaluate_uid(void) ++{ ++ uid_t ruid = getuid(); ++ uid_t euid = geteuid(); ++ ++ /* if we're really root and aren't running setuid */ ++ return (uid_t) 0 == ruid && ruid == euid ? 0 : 1; ++} ++ ++int ++su_main (int argc, char **argv, int mode) ++{ ++ int optc; ++ const char *new_user = DEFAULT_USER; ++ char *command = NULL; ++ int request_same_session = 0; ++ char *shell = NULL; ++ struct passwd *pw; ++ struct passwd pw_copy; ++ struct group *gr; ++ gid_t groups[NGROUPS_MAX]; ++ int num_supp_groups = 0; ++ int use_gid = 0; ++ int restricted; ++ ++ setlocale (LC_ALL, ""); ++ bindtextdomain (PACKAGE, LOCALEDIR); ++ textdomain (PACKAGE); ++ ++ su_mode = mode; ++ fast_startup = false; ++ simulate_login = false; ++ change_environment = true; ++ ++ while ((optc = getopt_long (argc, argv, "c:fg:G:lmps:hV", longopts, NULL)) != -1) ++ { ++ switch (optc) ++ { ++ case 'c': ++ command = optarg; ++ break; ++ ++ case 'C': ++ command = optarg; ++ request_same_session = 1; ++ break; ++ ++ case 'f': ++ fast_startup = true; ++ break; ++ ++ case 'g': ++ gr = getgrnam(optarg); ++ if (!gr) ++ errx(EXIT_FAILURE, _("group %s does not exist"), optarg); ++ use_gid = 1; ++ groups[0] = gr->gr_gid; ++ break; ++ ++ case 'G': ++ num_supp_groups++; ++ if (num_supp_groups >= NGROUPS_MAX) ++ errx(EXIT_FAILURE, ++ _("can't specify more than %d supplemental groups"), ++ NGROUPS_MAX - 1); ++ gr = getgrnam(optarg); ++ if (!gr) ++ errx(EXIT_FAILURE, _("group %s does not exist"), optarg); ++ groups[num_supp_groups] = gr->gr_gid; ++ break; ++ ++ case 'l': ++ simulate_login = true; ++ break; ++ ++ case 'm': ++ case 'p': ++ change_environment = false; ++ break; ++ ++ case 's': ++ shell = optarg; ++ break; ++ ++ case 'h': ++ usage(0); ++ ++ case 'V': ++ printf(UTIL_LINUX_VERSION); ++ exit(EXIT_SUCCESS); ++ ++ default: ++ usage (EXIT_FAILURE); ++ } ++ } ++ ++ restricted = evaluate_uid (); ++ ++ if (optind < argc && !strcmp (argv[optind], "-")) ++ { ++ simulate_login = true; ++ ++optind; ++ } ++ if (optind < argc) ++ new_user = argv[optind++]; ++ ++ if ((num_supp_groups || use_gid) && restricted) ++ errx(EXIT_FAILURE, _("only root can specify alternative groups")); ++ ++ logindefs_load_defaults = load_config; ++ ++ pw = getpwnam (new_user); ++ if (! (pw && pw->pw_name && pw->pw_name[0] && pw->pw_dir && pw->pw_dir[0] ++ && pw->pw_passwd)) ++ errx (EXIT_FAILURE, _("user %s does not exist"), new_user); ++ ++ /* Make a copy of the password information and point pw at the local ++ copy instead. Otherwise, some systems (e.g. Linux) would clobber ++ the static data through the getlogin call from log_su. ++ Also, make sure pw->pw_shell is a nonempty string. ++ It may be NULL when NEW_USER is a username that is retrieved via NIS (YP), ++ but that doesn't have a default shell listed. */ ++ pw_copy = *pw; ++ pw = &pw_copy; ++ pw->pw_name = xstrdup (pw->pw_name); ++ pw->pw_passwd = xstrdup (pw->pw_passwd); ++ pw->pw_dir = xstrdup (pw->pw_dir); ++ pw->pw_shell = xstrdup (pw->pw_shell && pw->pw_shell[0] ++ ? pw->pw_shell ++ : DEFAULT_SHELL); ++ endpwent (); ++ ++ if (num_supp_groups && !use_gid) ++ { ++ pw->pw_gid = groups[1]; ++ memmove (groups, groups + 1, sizeof(gid_t) * num_supp_groups); ++ } ++ else if (use_gid) ++ { ++ pw->pw_gid = groups[0]; ++ num_supp_groups++; ++ } ++ ++ authenticate (pw); ++ ++ if (request_same_session || !command || !pw->pw_uid) ++ same_session = 1; ++ ++ if (!shell && !change_environment) ++ shell = getenv ("SHELL"); ++ if (shell && getuid () != 0 && restricted_shell (pw->pw_shell)) ++ { ++ /* The user being su'd to has a nonstandard shell, and so is ++ probably a uucp account or has restricted access. Don't ++ compromise the account by allowing access with a standard ++ shell. */ ++ warnx (_("using restricted shell %s"), pw->pw_shell); ++ shell = NULL; ++ } ++ shell = xstrdup (shell ? shell : pw->pw_shell); ++ ++ init_groups (pw, groups, num_supp_groups); ++ ++ create_watching_parent (); ++ /* Now we're in the child. */ ++ ++ change_identity (pw); ++ if (!same_session) ++ setsid (); ++ ++ /* Set environment after pam_open_session, which may put KRB5CCNAME ++ into the pam_env, etc. */ ++ ++ modify_environment (pw, shell); ++ ++ if (simulate_login && chdir (pw->pw_dir) != 0) ++ warn (_("warning: cannot change directory to %s"), pw->pw_dir); ++ ++ run_shell (shell, command, argv + optind, max (0, argc - optind)); ++} ++ ++// vim: sw=2 cinoptions=>4,n-2,{2,^-2,\:2,=2,g0,h2,p5,t0,+2,(0,u0,w1,m1 +diff --git a/login-utils/su-common.h b/login-utils/su-common.h +new file mode 100644 +index 0000000..4e4dc9d +--- /dev/null ++++ b/login-utils/su-common.h +@@ -0,0 +1,12 @@ ++#ifndef UTIL_LINUX_SU_COMMON_H ++#define UTIL_LINUX_SU_COMMON_H ++ ++enum { ++ SU_MODE, ++ RUNUSER_MODE ++}; ++ ++extern int su_main(int argc, char **argv, int mode); ++ ++#endif /* UTIL_LINUX_SU_COMMON */ ++ +diff --git a/login-utils/su.c b/login-utils/su.c +index f11c757..6179e1b 100644 +--- a/login-utils/su.c ++++ b/login-utils/su.c +@@ -1,754 +1,6 @@ +-/* su for Linux. Run a shell with substitute user and group IDs. +- Copyright (C) 1992-2006 Free Software Foundation, Inc. +- Copyright (C) 2012 SUSE Linux Products GmbH, Nuernberg ++#include "su-common.h" + +- This program is free software; you can redistribute it and/or modify +- it under the terms of the GNU General Public License as published by +- the Free Software Foundation; either version 2, or (at your option) +- any later version. +- +- This program is distributed in the hope that it will be useful, +- but WITHOUT ANY WARRANTY; without even the implied warranty of +- MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the +- GNU General Public License for more details. +- +- You should have received a copy of the GNU General Public License +- along with this program; if not, write to the Free Software Foundation, +- Inc., 51 Franklin Street, Fifth Floor, Boston, MA 02110-1301, USA. */ +- +-/* Run a shell with the real and effective UID and GID and groups +- of USER, default `root'. +- +- The shell run is taken from USER's password entry, /bin/sh if +- none is specified there. If the account has a password, su +- prompts for a password unless run by a user with real UID 0. +- +- Does not change the current directory. +- Sets `HOME' and `SHELL' from the password entry for USER, and if +- USER is not root, sets `USER' and `LOGNAME' to USER. +- The subshell is not a login shell. +- +- If one or more ARGs are given, they are passed as additional +- arguments to the subshell. +- +- Does not handle /bin/sh or other shells specially +- (setting argv[0] to "-su", passing -c only to certain shells, etc.). +- I don't see the point in doing that, and it's ugly. +- +- Based on an implemenation by David MacKenzie . */ +- +-enum +-{ +- EXIT_CANNOT_INVOKE = 126, +- EXIT_ENOENT = 127 +-}; +- +-#include +-#include +-#include +-#include +-#include +-#include +-#include +-#include +-#include +-#include +-#include +- +-#include "err.h" +- +-#include +-#include "c.h" +-#include "xalloc.h" +-#include "nls.h" +-#include "pathnames.h" +-#include "env.h" +- +-/* name of the pam configuration files. separate configs for su and su - */ +-#define PAM_SERVICE_NAME "su" +-#define PAM_SERVICE_NAME_L "su-l" +- +-#define is_pam_failure(_rc) ((_rc) != PAM_SUCCESS) +- +-#include "logindefs.h" +- +-/* The shell to run if none is given in the user's passwd entry. */ +-#define DEFAULT_SHELL "/bin/sh" +- +-/* The user to become if none is specified. */ +-#define DEFAULT_USER "root" +- +-#ifndef HAVE_ENVIRON_DECL +-extern char **environ; +-#endif +- +-static void run_shell (char const *, char const *, char **, size_t) +- __attribute__ ((__noreturn__)); +- +-/* If true, pass the `-f' option to the subshell. */ +-static bool fast_startup; +- +-/* If true, simulate a login instead of just starting a shell. */ +-static bool simulate_login; +- +-/* If true, change some environment vars to indicate the user su'd to. */ +-static bool change_environment; +- +-/* If true, then don't call setsid() with a command. */ +-int same_session = 0; +- +-static bool _pam_session_opened; +-static bool _pam_cred_established; +-static sig_atomic_t volatile caught_signal = false; +-static pam_handle_t *pamh = NULL; +- +-static struct option const longopts[] = +-{ +- {"command", required_argument, NULL, 'c'}, +- {"session-command", required_argument, NULL, 'C'}, +- {"fast", no_argument, NULL, 'f'}, +- {"login", no_argument, NULL, 'l'}, +- {"preserve-environment", no_argument, NULL, 'p'}, +- {"shell", required_argument, NULL, 's'}, +- {"group", required_argument, NULL, 'g'}, +- {"supp-group", required_argument, NULL, 'G'}, +- {"help", no_argument, 0, 'h'}, +- {"version", no_argument, 0, 'V'}, +- {NULL, 0, NULL, 0} +-}; +- +-/* Log the fact that someone has run su to the user given by PW; +- if SUCCESSFUL is true, they gave the correct password, etc. */ +- +-static void +-log_su (struct passwd const *pw, bool successful) +-{ +- const char *new_user, *old_user, *tty; +- +- new_user = pw->pw_name; +- /* The utmp entry (via getlogin) is probably the best way to identify +- the user, especially if someone su's from a su-shell. */ +- old_user = getlogin (); +- if (!old_user) +- { +- /* getlogin can fail -- usually due to lack of utmp entry. +- Resort to getpwuid. */ +- struct passwd *pwd = getpwuid (getuid ()); +- old_user = (pwd ? pwd->pw_name : ""); +- } +- tty = ttyname (STDERR_FILENO); +- if (!tty) +- tty = "none"; +- +- openlog (program_invocation_short_name, 0 , LOG_AUTH); +- syslog (LOG_NOTICE, "%s(to %s) %s on %s", +- successful ? "" : "FAILED SU ", +- new_user, old_user, tty); +- closelog (); +-} +- +-static struct pam_conv conv = +-{ +- misc_conv, +- NULL +-}; +- +-static void +-cleanup_pam (int retcode) +-{ +- int saved_errno = errno; +- +- if (_pam_session_opened) +- pam_close_session (pamh, 0); +- +- if (_pam_cred_established) +- pam_setcred (pamh, PAM_DELETE_CRED | PAM_SILENT); +- +- pam_end(pamh, retcode); +- +- errno = saved_errno; +-} +- +-/* Signal handler for parent process. */ +-static void +-su_catch_sig (int sig __attribute__((__unused__))) +-{ +- caught_signal = true; +-} +- +-/* Export env variables declared by PAM modules. */ +-static void +-export_pamenv (void) +-{ +- char **env; +- +- /* This is a copy but don't care to free as we exec later anyways. */ +- env = pam_getenvlist (pamh); +- while (env && *env) +- { +- if (putenv (*env) != 0) +- err (EXIT_FAILURE, NULL); +- env++; +- } +-} +- +-static void +-create_watching_parent (void) +-{ +- pid_t child; +- sigset_t ourset; +- int status = 0; +- int retval; +- +- retval = pam_open_session (pamh, 0); +- if (is_pam_failure(retval)) +- { +- cleanup_pam (retval); +- errx (EXIT_FAILURE, _("cannot not open session: %s"), +- pam_strerror (pamh, retval)); +- } +- else +- _pam_session_opened = 1; +- +- child = fork (); +- if (child == (pid_t) -1) +- { +- cleanup_pam (PAM_ABORT); +- err (EXIT_FAILURE, _("cannot create child process")); +- } +- +- /* the child proceeds to run the shell */ +- if (child == 0) +- return; +- +- /* In the parent watch the child. */ +- +- /* su without pam support does not have a helper that keeps +- sitting on any directory so let's go to /. */ +- if (chdir ("/") != 0) +- warn (_("cannot change directory to %s"), "/"); +- +- sigfillset (&ourset); +- if (sigprocmask (SIG_BLOCK, &ourset, NULL)) +- { +- warn (_("cannot block signals")); +- caught_signal = true; +- } +- if (!caught_signal) +- { +- struct sigaction action; +- action.sa_handler = su_catch_sig; +- sigemptyset (&action.sa_mask); +- action.sa_flags = 0; +- sigemptyset (&ourset); +- if (!same_session) +- { +- if (sigaddset(&ourset, SIGINT) || sigaddset(&ourset, SIGQUIT)) +- { +- warn (_("cannot set signal handler")); +- caught_signal = true; +- } +- } +- if (!caught_signal && (sigaddset(&ourset, SIGTERM) +- || sigaddset(&ourset, SIGALRM) +- || sigaction(SIGTERM, &action, NULL) +- || sigprocmask(SIG_UNBLOCK, &ourset, NULL))) { +- warn (_("cannot set signal handler")); +- caught_signal = true; +- } +- if (!caught_signal && !same_session && (sigaction(SIGINT, &action, NULL) +- || sigaction(SIGQUIT, &action, NULL))) +- { +- warn (_("cannot set signal handler")); +- caught_signal = true; +- } +- } +- if (!caught_signal) +- { +- pid_t pid; +- for (;;) +- { +- pid = waitpid (child, &status, WUNTRACED); +- +- if (pid != (pid_t)-1 && WIFSTOPPED (status)) +- { +- kill (getpid (), SIGSTOP); +- /* once we get here, we must have resumed */ +- kill (pid, SIGCONT); +- } +- else +- break; +- } +- if (pid != (pid_t)-1) +- if (WIFSIGNALED (status)) +- status = WTERMSIG (status) + 128; +- else +- status = WEXITSTATUS (status); +- else +- status = 1; +- } +- else +- status = 1; +- +- if (caught_signal) +- { +- fprintf (stderr, _("\nSession terminated, killing shell...")); +- kill (child, SIGTERM); +- } +- +- cleanup_pam (PAM_SUCCESS); +- +- if (caught_signal) +- { +- sleep (2); +- kill (child, SIGKILL); +- fprintf (stderr, _(" ...killed.\n")); +- } +- exit (status); +-} +- +-static void +-authenticate (const struct passwd *pw) ++int main (int argc, char **argv) + { +- const struct passwd *lpw; +- const char *cp; +- int retval; +- +- retval = pam_start (simulate_login ? PAM_SERVICE_NAME_L : PAM_SERVICE_NAME, +- pw->pw_name, &conv, &pamh); +- if (is_pam_failure(retval)) +- goto done; +- +- if (isatty (0) && (cp = ttyname (0)) != NULL) +- { +- const char *tty; +- +- if (strncmp (cp, "/dev/", 5) == 0) +- tty = cp + 5; +- else +- tty = cp; +- retval = pam_set_item (pamh, PAM_TTY, tty); +- if (is_pam_failure(retval)) +- goto done; +- } +- +- lpw = getpwuid (getuid ()); +- if (lpw && lpw->pw_name) +- { +- retval = pam_set_item (pamh, PAM_RUSER, (const void *) lpw->pw_name); +- if (is_pam_failure(retval)) +- goto done; +- } +- +- retval = pam_authenticate (pamh, 0); +- if (is_pam_failure(retval)) +- goto done; +- +- retval = pam_acct_mgmt (pamh, 0); +- if (retval == PAM_NEW_AUTHTOK_REQD) +- { +- /* Password has expired. Offer option to change it. */ +- retval = pam_chauthtok (pamh, PAM_CHANGE_EXPIRED_AUTHTOK); +- } +- +-done: +- +- log_su (pw, !is_pam_failure(retval)); +- +- if (is_pam_failure(retval)) +- { +- const char *msg = pam_strerror(pamh, retval); +- pam_end(pamh, retval); +- sleep (getlogindefs_num ("FAIL_DELAY", 1)); +- errx (EXIT_FAILURE, "%s", msg?msg:_("incorrect password")); +- } ++ return su_main(argc, argv, SU_MODE); + } +- +-static void +-set_path(const struct passwd* pw) +-{ +- int r; +- if (pw->pw_uid) +- r = logindefs_setenv("PATH", "ENV_PATH", _PATH_DEFPATH); +- +- else if ((r = logindefs_setenv("PATH", "ENV_ROOTPATH", NULL)) != 0) +- r = logindefs_setenv("PATH", "ENV_SUPATH", _PATH_DEFPATH_ROOT); +- +- if (r != 0) +- err (EXIT_FAILURE, _("failed to set PATH")); +-} +- +-/* Update `environ' for the new shell based on PW, with SHELL being +- the value for the SHELL environment variable. */ +- +-static void +-modify_environment (const struct passwd *pw, const char *shell) +-{ +- if (simulate_login) +- { +- /* Leave TERM unchanged. Set HOME, SHELL, USER, LOGNAME, PATH. +- Unset all other environment variables. */ +- char const *term = getenv ("TERM"); +- if (term) +- term = xstrdup (term); +- environ = xmalloc ((6 + !!term) * sizeof (char *)); +- environ[0] = NULL; +- if (term) +- xsetenv ("TERM", term, 1); +- xsetenv ("HOME", pw->pw_dir, 1); +- xsetenv ("SHELL", shell, 1); +- xsetenv ("USER", pw->pw_name, 1); +- xsetenv ("LOGNAME", pw->pw_name, 1); +- set_path(pw); +- } +- else +- { +- /* Set HOME, SHELL, and if not becoming a super-user, +- USER and LOGNAME. */ +- if (change_environment) +- { +- xsetenv ("HOME", pw->pw_dir, 1); +- xsetenv ("SHELL", shell, 1); +- if (getlogindefs_bool ("ALWAYS_SET_PATH", 0)) +- set_path(pw); +- +- if (pw->pw_uid) +- { +- xsetenv ("USER", pw->pw_name, 1); +- xsetenv ("LOGNAME", pw->pw_name, 1); +- } +- } +- } +- +- export_pamenv (); +-} +- +-/* Become the user and group(s) specified by PW. */ +- +-static void +-init_groups (const struct passwd *pw, gid_t *groups, int num_groups) +-{ +- int retval; +- +- errno = 0; +- +- if (num_groups) +- retval = setgroups (num_groups, groups); +- else +- retval = initgroups (pw->pw_name, pw->pw_gid); +- +- if (retval == -1) +- { +- cleanup_pam (PAM_ABORT); +- err (EXIT_FAILURE, _("cannot set groups")); +- } +- endgrent (); +- +- retval = pam_setcred (pamh, PAM_ESTABLISH_CRED); +- if (is_pam_failure(retval)) +- errx (EXIT_FAILURE, "%s", pam_strerror (pamh, retval)); +- else +- _pam_cred_established = 1; +-} +- +-static void +-change_identity (const struct passwd *pw) +-{ +- if (setgid (pw->pw_gid)) +- err (EXIT_FAILURE, _("cannot set group id")); +- if (setuid (pw->pw_uid)) +- err (EXIT_FAILURE, _("cannot set user id")); +-} +- +-/* Run SHELL, or DEFAULT_SHELL if SHELL is empty. +- If COMMAND is nonzero, pass it to the shell with the -c option. +- Pass ADDITIONAL_ARGS to the shell as more arguments; there +- are N_ADDITIONAL_ARGS extra arguments. */ +- +-static void +-run_shell (char const *shell, char const *command, char **additional_args, +- size_t n_additional_args) +-{ +- size_t n_args = 1 + fast_startup + 2 * !!command + n_additional_args + 1; +- char const **args = xcalloc (n_args, sizeof *args); +- size_t argno = 1; +- +- if (simulate_login) +- { +- char *arg0; +- char *shell_basename; +- +- shell_basename = basename (shell); +- arg0 = xmalloc (strlen (shell_basename) + 2); +- arg0[0] = '-'; +- strcpy (arg0 + 1, shell_basename); +- args[0] = arg0; +- } +- else +- args[0] = basename (shell); +- if (fast_startup) +- args[argno++] = "-f"; +- if (command) +- { +- args[argno++] = "-c"; +- args[argno++] = command; +- } +- memcpy (args + argno, additional_args, n_additional_args * sizeof *args); +- args[argno + n_additional_args] = NULL; +- execv (shell, (char **) args); +- +- { +- int exit_status = (errno == ENOENT ? EXIT_ENOENT : EXIT_CANNOT_INVOKE); +- warn ("%s", shell); +- exit (exit_status); +- } +-} +- +-/* Return true if SHELL is a restricted shell (one not returned by +- getusershell), else false, meaning it is a standard shell. */ +- +-static bool +-restricted_shell (const char *shell) +-{ +- char *line; +- +- setusershell (); +- while ((line = getusershell ()) != NULL) +- { +- if (*line != '#' && !strcmp (line, shell)) +- { +- endusershell (); +- return false; +- } +- } +- endusershell (); +- return true; +-} +- +-static void __attribute__((__noreturn__)) +-usage (int status) +-{ +- if (status != EXIT_SUCCESS) +- fprintf (stderr, _("Try `%s --help' for more information.\n"), +- program_invocation_short_name); +- else +- { +- fputs(USAGE_HEADER, stdout); +- printf (_(" %s [options] [-] [USER [arg]...]\n"), program_invocation_short_name); +- fputs (_("\n\ +- Change the effective user id and group id to that of USER.\n\ +- A mere - implies -l. If USER not given, assume root.\n"), stdout); +- fputs(USAGE_OPTIONS, stdout); +- fputs (_("\ +- -, -l, --login make the shell a login shell\n\ +- -c, --command pass a single command to the shell with -c\n\ +- --session-command pass a single command to the shell with -c\n\ +- and do not create a new session\n\ +- -g --group=group specify the primary group\n\ +- -G --supp-group=group specify a supplemental group\n\ +- -f, --fast pass -f to the shell (for csh or tcsh)\n\ +- -m, --preserve-environment do not reset environment variables\n\ +- -p same as -m\n\ +- -s, --shell run shell if /etc/shells allows it\n\ +-"), stdout); +- +- fputs(USAGE_SEPARATOR, stdout); +- fputs(USAGE_HELP, stdout); +- fputs(USAGE_VERSION, stdout); +- printf(USAGE_MAN_TAIL("su(1)")); +- } +- exit (status); +-} +- +-static +-void load_config(void) +-{ +- logindefs_load_file("/etc/default/su"); +- logindefs_load_file(_PATH_LOGINDEFS); +-} +- +-/* +- * Returns 1 if the current user is not root +- */ +-static int +-evaluate_uid(void) +-{ +- uid_t ruid = getuid(); +- uid_t euid = geteuid(); +- +- /* if we're really root and aren't running setuid */ +- return (uid_t) 0 == ruid && ruid == euid ? 0 : 1; +-} +- +-int +-main (int argc, char **argv) +-{ +- int optc; +- const char *new_user = DEFAULT_USER; +- char *command = NULL; +- int request_same_session = 0; +- char *shell = NULL; +- struct passwd *pw; +- struct passwd pw_copy; +- struct group *gr; +- gid_t groups[NGROUPS_MAX]; +- int num_supp_groups = 0; +- int use_gid = 0; +- int restricted; +- +- setlocale (LC_ALL, ""); +- bindtextdomain (PACKAGE, LOCALEDIR); +- textdomain (PACKAGE); +- +- fast_startup = false; +- simulate_login = false; +- change_environment = true; +- +- while ((optc = getopt_long (argc, argv, "c:fg:G:lmps:hV", longopts, NULL)) != -1) +- { +- switch (optc) +- { +- case 'c': +- command = optarg; +- break; +- +- case 'C': +- command = optarg; +- request_same_session = 1; +- break; +- +- case 'f': +- fast_startup = true; +- break; +- +- case 'g': +- gr = getgrnam(optarg); +- if (!gr) +- errx(EXIT_FAILURE, _("group %s does not exist"), optarg); +- use_gid = 1; +- groups[0] = gr->gr_gid; +- break; +- +- case 'G': +- num_supp_groups++; +- if (num_supp_groups >= NGROUPS_MAX) +- errx(EXIT_FAILURE, +- _("can't specify more than %d supplemental groups"), +- NGROUPS_MAX - 1); +- gr = getgrnam(optarg); +- if (!gr) +- errx(EXIT_FAILURE, _("group %s does not exist"), optarg); +- groups[num_supp_groups] = gr->gr_gid; +- break; +- +- case 'l': +- simulate_login = true; +- break; +- +- case 'm': +- case 'p': +- change_environment = false; +- break; +- +- case 's': +- shell = optarg; +- break; +- +- case 'h': +- usage(0); +- +- case 'V': +- printf(UTIL_LINUX_VERSION); +- exit(EXIT_SUCCESS); +- +- default: +- usage (EXIT_FAILURE); +- } +- } +- +- restricted = evaluate_uid (); +- +- if (optind < argc && !strcmp (argv[optind], "-")) +- { +- simulate_login = true; +- ++optind; +- } +- if (optind < argc) +- new_user = argv[optind++]; +- +- if ((num_supp_groups || use_gid) && restricted) +- errx(EXIT_FAILURE, _("only root can specify alternative groups")); +- +- logindefs_load_defaults = load_config; +- +- pw = getpwnam (new_user); +- if (! (pw && pw->pw_name && pw->pw_name[0] && pw->pw_dir && pw->pw_dir[0] +- && pw->pw_passwd)) +- errx (EXIT_FAILURE, _("user %s does not exist"), new_user); +- +- /* Make a copy of the password information and point pw at the local +- copy instead. Otherwise, some systems (e.g. Linux) would clobber +- the static data through the getlogin call from log_su. +- Also, make sure pw->pw_shell is a nonempty string. +- It may be NULL when NEW_USER is a username that is retrieved via NIS (YP), +- but that doesn't have a default shell listed. */ +- pw_copy = *pw; +- pw = &pw_copy; +- pw->pw_name = xstrdup (pw->pw_name); +- pw->pw_passwd = xstrdup (pw->pw_passwd); +- pw->pw_dir = xstrdup (pw->pw_dir); +- pw->pw_shell = xstrdup (pw->pw_shell && pw->pw_shell[0] +- ? pw->pw_shell +- : DEFAULT_SHELL); +- endpwent (); +- +- if (num_supp_groups && !use_gid) +- { +- pw->pw_gid = groups[1]; +- memmove (groups, groups + 1, sizeof(gid_t) * num_supp_groups); +- } +- else if (use_gid) +- { +- pw->pw_gid = groups[0]; +- num_supp_groups++; +- } +- +- authenticate (pw); +- +- if (request_same_session || !command || !pw->pw_uid) +- same_session = 1; +- +- if (!shell && !change_environment) +- shell = getenv ("SHELL"); +- if (shell && getuid () != 0 && restricted_shell (pw->pw_shell)) +- { +- /* The user being su'd to has a nonstandard shell, and so is +- probably a uucp account or has restricted access. Don't +- compromise the account by allowing access with a standard +- shell. */ +- warnx (_("using restricted shell %s"), pw->pw_shell); +- shell = NULL; +- } +- shell = xstrdup (shell ? shell : pw->pw_shell); +- +- init_groups (pw, groups, num_supp_groups); +- +- create_watching_parent (); +- /* Now we're in the child. */ +- +- change_identity (pw); +- if (!same_session) +- setsid (); +- +- /* Set environment after pam_open_session, which may put KRB5CCNAME +- into the pam_env, etc. */ +- +- modify_environment (pw, shell); +- +- if (simulate_login && chdir (pw->pw_dir) != 0) +- warn (_("warning: cannot change directory to %s"), pw->pw_dir); +- +- run_shell (shell, command, argv + optind, max (0, argc - optind)); +-} +- +-// vim: sw=2 cinoptions=>4,n-2,{2,^-2,\:2,=2,g0,h2,p5,t0,+2,(0,u0,w1,m1 +-- +1.7.11.7 + diff --git a/0202-runuser-new-command-derived-from-su-1.patch b/0202-runuser-new-command-derived-from-su-1.patch new file mode 100644 index 0000000..7282092 --- /dev/null +++ b/0202-runuser-new-command-derived-from-su-1.patch @@ -0,0 +1,450 @@ +From d8c2f623ab9d9e7da1490244cb8c77c3017545dc Mon Sep 17 00:00:00 2001 +From: Karel Zak +Date: Wed, 29 Aug 2012 17:34:26 +0200 +Subject: [PATCH 202/208] runuser: new command (derived from su(1)) + + This command is based on su(1), the differences: + + - based on Fedora runuser su(1) patch + - not installed with suid rights + - allowed for root users only + - don't ask for password + - uses PAM session, for example: + +$ cat /etc/pam.d/runuser +auth sufficient pam_rootok.so +session optional pam_keyinit.so revoke +session required pam_limits.so +session required pam_unix.so + +$ cat /etc/pam.d/runuser-l +auth include runuser +session optional pam_keyinit.so force revoke +session include runuser + +Signed-off-by: Karel Zak +--- + .gitignore | 1 + + configure.ac | 9 ++ + login-utils/Makemodule.am | 13 +++ + login-utils/runuser.1 | 230 ++++++++++++++++++++++++++++++++++++++++++++++ + login-utils/runuser.c | 7 ++ + login-utils/su-common.c | 51 ++++++++-- + 6 files changed, 303 insertions(+), 8 deletions(-) + create mode 100644 login-utils/runuser.1 + create mode 100644 login-utils/runuser.c + +#diff --git a/.gitignore b/.gitignore +#index fbc5636..5be008f 100644 +#--- a/.gitignore +#+++ b/.gitignore +#@@ -138,6 +138,7 @@ tests/run.sh.trs +# /resizepart +# /rev +# /rtcwake +#+/runuser +# /sample-mkfs +# /sample-partitions +# /sample-superblocks +diff --git a/configure.ac b/configure.ac +index 87e85fa..83ef6ce 100644 +--- a/configure.ac ++++ b/configure.ac +@@ -1149,6 +1149,15 @@ UL_REQUIRES_HAVE([su], [security_pam_misc_h], [PAM header file]) + AM_CONDITIONAL(BUILD_SU, test "x$build_su" = xyes) + + ++AC_ARG_ENABLE([runuser], ++ AS_HELP_STRING([--disable-runuser], [do not build runuser]), ++ [], enable_runuser=yes ++) ++UL_BUILD_INIT([runuser]) ++UL_REQUIRES_HAVE([runuser], [security_pam_misc_h], [PAM header file]) ++AM_CONDITIONAL(BUILD_RUNUSER, test "x$build_runuser" = xyes) ++ ++ + AC_ARG_ENABLE([schedutils], + AS_HELP_STRING([--disable-schedutils], [do not build chrt, ionice, teskset]), + [], enable_schedutils=yes +diff --git a/login-utils/Makemodule.am b/login-utils/Makemodule.am +index b918f00..e26d9a7 100644 +--- a/login-utils/Makemodule.am ++++ b/login-utils/Makemodule.am +@@ -93,6 +93,19 @@ su_LDADD = $(LDADD) -lpam -lpam_misc + endif + + ++if BUILD_RUNUSER ++bin_PROGRAMS += runuser ++dist_man_MANS += login-utils/runuser.1 ++runuser_SOURCES = \ ++ login-utils/runuser.c \ ++ login-utils/su-common.c \ ++ login-utils/su-common.h \ ++ login-utils/logindefs.c \ ++ login-utils/logindefs.h ++runuser_LDADD = $(LDADD) -lpam -lpam_misc ++endif ++ ++ + if BUILD_NEWGRP + usrbin_exec_PROGRAMS += newgrp + dist_man_MANS += login-utils/newgrp.1 +diff --git a/login-utils/runuser.1 b/login-utils/runuser.1 +new file mode 100644 +index 0000000..66ad1c4 +--- /dev/null ++++ b/login-utils/runuser.1 +@@ -0,0 +1,230 @@ ++.TH RUNUSER "1" "August 2012" "util-linux" "User Commands" ++.SH NAME ++runuser \- run a command with substitute user and group ID ++.SH SYNOPSIS ++.B runuser ++[options...] [\-] [user [args...]] ++.SH DESCRIPTION ++.B runuser ++allows to run commands with substitute user and group ID. ++The difference between the commands ++.B runuser ++and ++.B su ++is that ++.B runuser ++does not ask for password, because it may be executed by root user only. ++The command ++.B runuser ++does not have to be installed with suid permissions. ++.PP ++When called without arguments ++.B runuser ++defaults to running an interactive shell as ++.IR root . ++.PP ++For backward compatibility ++.B runuser ++defaults to not change the current directory and to only set the ++environment variables ++.B HOME ++and ++.B SHELL ++(plus ++.B USER ++and ++.B LOGNAME ++if the target ++.I user ++is not root). It is recommended to always use the ++.B \-\-login ++option (instead it's shortcut ++.BR \- ) ++to avoid side effects caused by mixing environments. ++.PP ++This version of ++.B runuser ++uses PAM for session management. ++.SH OPTIONS ++.TP ++\fB\-c\fR \fIcommand\fR, \fB\-\-command\fR=\fIcommand\fR ++Pass ++.I command ++to the shell with the ++.B \-c ++option. ++.TP ++\fB\-\-session\-command\fR=\fIcommand\fR ++Same as ++.B \-c ++but do not create a new session (discouraged). ++.TP ++\fB\-f\fR, \fB\-\-fast\fR ++Pass ++.B \-f ++to the shell which may or may not be useful depending on the ++shell. ++.TP ++\fB\-g\fR, \fB\-\-group\fR=\fIgroup\fR\fR ++specify the primary group, this option is allowed for root user only ++.TP ++\fB\-G\fR, \fB\-\-supp-group\fR=\fIgroup\fR\fR ++specify a supplemental group, this option is allowed for root user only ++.TP ++\fB\-\fR, \fB\-l\fR, \fB\-\-login\fR ++Starts the shell as login shell with an environment similar to a real ++login: ++.RS 10 ++.TP ++o ++clears all environment variables except for ++.B TERM ++.TP ++o ++initializes the environment variables ++.BR HOME , ++.BR SHELL , ++.BR USER , ++.BR LOGNAME , ++.B PATH ++.TP ++o ++changes to the target user's home directory ++.TP ++o ++sets argv[0] of the shell to ++.RB ' \- ' ++in order to make the shell a login shell ++.RE ++.TP ++\fB\-m\fR, \fB\-p\fR, \fB\-\-preserve-environment\fR ++Preserves the whole environment, ie does not set ++.BR HOME , ++.BR SHELL , ++.B USER ++nor ++.BR LOGNAME . ++.TP ++\fB\-s\fR \fISHELL\fR, \fB\-\-shell\fR=\fISHELL\fR ++Runs the specified shell instead of the default. The shell to run is ++selected according to the following rules in order: ++.RS 10 ++.TP ++o ++the shell specified with ++.B \-\-shell ++.TP ++o ++The shell specified in the environment variable ++.B SHELL ++if the ++.B \-\-preserve-environment ++option is used. ++.TP ++o ++the shell listed in the passwd entry of the target user ++.TP ++o ++/bin/sh ++.RE ++.IP ++If the target user has a restricted shell (i.e. not listed in ++/etc/shells) the ++.B \-\-shell ++option and the ++.B SHELL ++environment variables are ignored unless the calling user is root. ++.TP ++\fB\-\-help\fR ++Display help text and exit. ++.TP ++\fB\-\-version\fR ++Display version information and exit. ++.SH CONFIG FILES ++.B runuser ++reads the ++.I /etc/default/runuser ++and ++.I /etc/login.defs ++configuration files. The following configuration items are relevant ++for ++.BR runuser : ++.PP ++.B ENV_PATH ++(string) ++.RS 4 ++Defines the PATH environment variable for a regular user. The ++default value is ++.IR /usr/local/bin:\:/bin:\:/usr/bin . ++.RE ++.PP ++.B ENV_ROOTPATH ++(string) ++.br ++.B ENV_SUPATH ++(string) ++.RS 4 ++Defines the PATH environment variable for root. The default value is ++.IR /usr/local/sbin:\:/usr/local/bin:\:/sbin:\:/bin:\:/usr/sbin:\:/usr/bin . ++.RE ++.PP ++.B ALWAYS_SET_PATH ++(boolean) ++.RS 4 ++If set to ++.I yes ++and \-\-login and \-\-preserve\-environment were not specified ++.B runuser ++initializes ++.BR PATH . ++.RE ++.SH EXIT STATUS ++.B runuser ++normally returns the exit status of the command it executed. If the ++command was killed by a signal, ++.B runuser ++returns the number of the signal plus 128. ++.PP ++Exit status generated by ++.B runuser ++itself: ++.RS 10 ++.TP ++1 ++Generic error before executing the requested command ++.TP ++126 ++The requested command could not be executed ++.TP ++127 ++The requested command could was not found ++.RE ++.SH FILES ++.PD 0 ++.TP 17 ++/etc/pam.d/runuser ++default PAM configuration file ++.TP ++/etc/pam.d/runuser-l ++PAM configuration file if \-\-login is specified ++.TP ++/etc/default/runuser ++runuser specific logindef config file ++.TP ++/etc/login.defs ++global logindef config file ++.PD 1 ++.SH "SEE ALSO" ++.BR pam (8), ++.BR shells (5), ++.BR login.defs (5), ++.BR su (1) ++.SH AUTHOR ++Derived from coreutils' su which was based on an implemenation from ++David MacKenzie and Fedora runuser command from Dan Walsh. ++.SH AVAILABILITY ++The runuser command is part of the util-linux package and is ++available from ++.UR ftp://\:ftp.kernel.org\:/pub\:/linux\:/utils\:/util-linux/ ++Linux Kernel Archive ++.UE . +diff --git a/login-utils/runuser.c b/login-utils/runuser.c +new file mode 100644 +index 0000000..d4f37f4 +--- /dev/null ++++ b/login-utils/runuser.c +@@ -0,0 +1,7 @@ ++ ++#include "su-common.h" ++ ++int main(int argc, char **argv) ++{ ++ return su_main(argc, argv, RUNUSER_MODE); ++} +diff --git a/login-utils/su-common.c b/login-utils/su-common.c +index f1f46aa..770f455 100644 +--- a/login-utils/su-common.c ++++ b/login-utils/su-common.c +@@ -65,8 +65,14 @@ enum + #include "env.h" + + /* name of the pam configuration files. separate configs for su and su - */ +-#define PAM_SERVICE_NAME "su" +-#define PAM_SERVICE_NAME_L "su-l" ++#define PAM_SRVNAME_SU "su" ++#define PAM_SRVNAME_SU_L "su-l" ++ ++#define PAM_SRVNAME_RUNUSER "runuser" ++#define PAM_SRVNAME_RUNUSER_L "runuser-l" ++ ++#define _PATH_LOGINDEFS_SU "/etc/defaults/su" ++#define _PATH_LOGINDEFS_RUNUSER "/etc/defaults/runuser" + + #define is_pam_failure(_rc) ((_rc) != PAM_SUCCESS) + +@@ -106,6 +112,8 @@ static bool _pam_cred_established; + static sig_atomic_t volatile caught_signal = false; + static pam_handle_t *pamh = NULL; + ++static int restricted = 1; /* zero for root user */ ++ + static struct option const longopts[] = + { + {"command", required_argument, NULL, 'c'}, +@@ -146,7 +154,8 @@ log_su (struct passwd const *pw, bool successful) + + openlog (program_invocation_short_name, 0 , LOG_AUTH); + syslog (LOG_NOTICE, "%s(to %s) %s on %s", +- successful ? "" : "FAILED SU ", ++ successful ? "" : ++ su_mode == RUNUSER_MODE ? "FAILED RUNUSER " : "FAILED SU ", + new_user, old_user, tty); + closelog (); + } +@@ -315,11 +324,19 @@ static void + authenticate (const struct passwd *pw) + { + const struct passwd *lpw; +- const char *cp; ++ const char *cp, *srvname = NULL; + int retval; + +- retval = pam_start (simulate_login ? PAM_SERVICE_NAME_L : PAM_SERVICE_NAME, +- pw->pw_name, &conv, &pamh); ++ switch (su_mode) { ++ case SU_MODE: ++ srvname = simulate_login ? PAM_SRVNAME_SU_L : PAM_SRVNAME_SU; ++ break; ++ case RUNUSER_MODE: ++ srvname = simulate_login ? PAM_SRVNAME_RUNUSER_L : PAM_SRVNAME_RUNUSER; ++ break; ++ } ++ ++ retval = pam_start (srvname, pw->pw_name, &conv, &pamh); + if (is_pam_failure(retval)) + goto done; + +@@ -344,6 +361,17 @@ authenticate (const struct passwd *pw) + goto done; + } + ++ if (su_mode == RUNUSER_MODE) ++ { ++ /* ++ * This is the only difference between runuser(1) and su(1). The command ++ * runuser(1) does not required authentication, because user is root. ++ */ ++ if (restricted) ++ errx(EXIT_FAILURE, _("may not be used by non-root users")); ++ return; ++ } ++ + retval = pam_authenticate (pamh, 0); + if (is_pam_failure(retval)) + goto done; +@@ -567,7 +595,15 @@ usage (int status) + static + void load_config(void) + { +- logindefs_load_file("/etc/default/su"); ++ switch (su_mode) { ++ case SU_MODE: ++ logindefs_load_file(_PATH_LOGINDEFS_SU); ++ break; ++ case RUNUSER_MODE: ++ logindefs_load_file(_PATH_LOGINDEFS_RUNUSER); ++ break; ++ } ++ + logindefs_load_file(_PATH_LOGINDEFS); + } + +@@ -598,7 +634,6 @@ su_main (int argc, char **argv, int mode) + gid_t groups[NGROUPS_MAX]; + int num_supp_groups = 0; + int use_gid = 0; +- int restricted; + + setlocale (LC_ALL, ""); + bindtextdomain (PACKAGE, LOCALEDIR); +-- +1.7.11.7 + diff --git a/0203-su-more-robust-getpwuid-for-GNU-Hurt-coreutils-71b7d.patch b/0203-su-more-robust-getpwuid-for-GNU-Hurt-coreutils-71b7d.patch new file mode 100644 index 0000000..2ab11bc --- /dev/null +++ b/0203-su-more-robust-getpwuid-for-GNU-Hurt-coreutils-71b7d.patch @@ -0,0 +1,68 @@ +From 8f33f59e72bef913068f9a80338f12d8d4434010 Mon Sep 17 00:00:00 2001 +From: Karel Zak +Date: Wed, 5 Sep 2012 11:13:34 +0200 +Subject: [PATCH 203/208] su: more robust getpwuid() for GNU Hurt [coreutils + 71b7ddc] + +Let's support GNU Hurd over-engineering where a process can exist +without UID and getuid() returns -1 and sets errno. + +Signed-off-by: Karel Zak +--- + login-utils/su-common.c | 26 +++++++++++++++++++++++--- + 1 file changed, 23 insertions(+), 3 deletions(-) + +diff --git a/login-utils/su-common.c b/login-utils/su-common.c +index 770f455..a253dda 100644 +--- a/login-utils/su-common.c ++++ b/login-utils/su-common.c +@@ -129,6 +129,26 @@ static struct option const longopts[] = + {NULL, 0, NULL, 0} + }; + ++ ++static struct passwd * ++current_getpwuid(void) ++{ ++ uid_t ruid; ++ ++ /* GNU Hurd implementation has an extension where a process can exist in a ++ * non-conforming environment, and thus be outside the realms of POSIX ++ * process identifiers; on this platform, getuid() fails with a status of ++ * (uid_t)(-1) and sets errno if a program is run from a non-conforming ++ * environment. ++ * ++ * http://austingroupbugs.net/view.php?id=511 ++ */ ++ errno = 0; ++ ruid = getuid (); ++ ++ return errno == 0 ? getpwuid (ruid) : NULL; ++} ++ + /* Log the fact that someone has run su to the user given by PW; + if SUCCESSFUL is true, they gave the correct password, etc. */ + +@@ -145,8 +165,8 @@ log_su (struct passwd const *pw, bool successful) + { + /* getlogin can fail -- usually due to lack of utmp entry. + Resort to getpwuid. */ +- struct passwd *pwd = getpwuid (getuid ()); +- old_user = (pwd ? pwd->pw_name : ""); ++ struct passwd *pwd = current_getpwuid(); ++ old_user = pwd ? pwd->pw_name : ""; + } + tty = ttyname (STDERR_FILENO); + if (!tty) +@@ -353,7 +373,7 @@ authenticate (const struct passwd *pw) + goto done; + } + +- lpw = getpwuid (getuid ()); ++ lpw = current_getpwuid (); + if (lpw && lpw->pw_name) + { + retval = pam_set_item (pamh, PAM_RUSER, (const void *) lpw->pw_name); +-- +1.7.11.7 + diff --git a/0204-su-verify-writing-to-streams-was-successful.patch b/0204-su-verify-writing-to-streams-was-successful.patch new file mode 100644 index 0000000..4418ff5 --- /dev/null +++ b/0204-su-verify-writing-to-streams-was-successful.patch @@ -0,0 +1,33 @@ +From 589e24a625c5e83805e95b917eaf3bf1be64369e Mon Sep 17 00:00:00 2001 +From: Karel Zak +Date: Wed, 5 Sep 2012 11:21:07 +0200 +Subject: [PATCH 204/208] su: verify writing to streams was successful + +Signed-off-by: Karel Zak +--- + login-utils/su-common.c | 2 ++ + 1 file changed, 2 insertions(+) + +diff --git a/login-utils/su-common.c b/login-utils/su-common.c +index a253dda..1f97328 100644 +--- a/login-utils/su-common.c ++++ b/login-utils/su-common.c +@@ -63,6 +63,7 @@ enum + #include "nls.h" + #include "pathnames.h" + #include "env.h" ++#include "closestream.h" + + /* name of the pam configuration files. separate configs for su and su - */ + #define PAM_SRVNAME_SU "su" +@@ -658,6 +659,7 @@ su_main (int argc, char **argv, int mode) + setlocale (LC_ALL, ""); + bindtextdomain (PACKAGE, LOCALEDIR); + textdomain (PACKAGE); ++ atexit(close_stdout); + + su_mode = mode; + fast_startup = false; +-- +1.7.11.7 + diff --git a/0205-su-move-long-options-to-main.patch b/0205-su-move-long-options-to-main.patch new file mode 100644 index 0000000..ed57c5d --- /dev/null +++ b/0205-su-move-long-options-to-main.patch @@ -0,0 +1,60 @@ +From bea3752e9d048895b6750e2d0d8ce72fed20cef9 Mon Sep 17 00:00:00 2001 +From: Karel Zak +Date: Wed, 5 Sep 2012 11:26:20 +0200 +Subject: [PATCH 205/208] su: move long options to main() + +Signed-off-by: Karel Zak +--- + login-utils/su-common.c | 29 ++++++++++++++--------------- + 1 file changed, 14 insertions(+), 15 deletions(-) + +diff --git a/login-utils/su-common.c b/login-utils/su-common.c +index 1f97328..778738f 100644 +--- a/login-utils/su-common.c ++++ b/login-utils/su-common.c +@@ -115,21 +115,6 @@ static pam_handle_t *pamh = NULL; + + static int restricted = 1; /* zero for root user */ + +-static struct option const longopts[] = +-{ +- {"command", required_argument, NULL, 'c'}, +- {"session-command", required_argument, NULL, 'C'}, +- {"fast", no_argument, NULL, 'f'}, +- {"login", no_argument, NULL, 'l'}, +- {"preserve-environment", no_argument, NULL, 'p'}, +- {"shell", required_argument, NULL, 's'}, +- {"group", required_argument, NULL, 'g'}, +- {"supp-group", required_argument, NULL, 'G'}, +- {"help", no_argument, 0, 'h'}, +- {"version", no_argument, 0, 'V'}, +- {NULL, 0, NULL, 0} +-}; +- + + static struct passwd * + current_getpwuid(void) +@@ -656,6 +641,20 @@ su_main (int argc, char **argv, int mode) + int num_supp_groups = 0; + int use_gid = 0; + ++ static const struct option longopts[] = { ++ {"command", required_argument, NULL, 'c'}, ++ {"session-command", required_argument, NULL, 'C'}, ++ {"fast", no_argument, NULL, 'f'}, ++ {"login", no_argument, NULL, 'l'}, ++ {"preserve-environment", no_argument, NULL, 'p'}, ++ {"shell", required_argument, NULL, 's'}, ++ {"group", required_argument, NULL, 'g'}, ++ {"supp-group", required_argument, NULL, 'G'}, ++ {"help", no_argument, 0, 'h'}, ++ {"version", no_argument, 0, 'V'}, ++ {NULL, 0, NULL, 0} ++ }; ++ + setlocale (LC_ALL, ""); + bindtextdomain (PACKAGE, LOCALEDIR); + textdomain (PACKAGE); +-- +1.7.11.7 + diff --git a/0206-su-add-segmentation-fault-reporting-of-the-child-pro.patch b/0206-su-add-segmentation-fault-reporting-of-the-child-pro.patch new file mode 100644 index 0000000..ffb3df8 --- /dev/null +++ b/0206-su-add-segmentation-fault-reporting-of-the-child-pro.patch @@ -0,0 +1,40 @@ +From 1fe22a730b1a6595c6da9ea8cd58594337e66dc3 Mon Sep 17 00:00:00 2001 +From: Ondrej Oprala +Date: Tue, 11 Sep 2012 16:39:17 +0200 +Subject: [PATCH 206/208] su: add segmentation fault reporting of the child + process +MIME-Version: 1.0 +Content-Type: text/plain; charset=UTF-8 +Content-Transfer-Encoding: 8bit + +Child processes that ended with segmentation fault previously +indicated this with return status only. The report is now more +verbose if core dump is allowed. + +Improved-by: Pádraig Brady +Signed-off-by: Ondrej Oprala +--- + login-utils/su-common.c | 7 ++++++- + 1 file changed, 6 insertions(+), 1 deletion(-) + +diff --git a/login-utils/su-common.c b/login-utils/su-common.c +index 778738f..118e080 100644 +--- a/login-utils/su-common.c ++++ b/login-utils/su-common.c +@@ -300,7 +300,12 @@ create_watching_parent (void) + } + if (pid != (pid_t)-1) + if (WIFSIGNALED (status)) +- status = WTERMSIG (status) + 128; ++ { ++ status = WTERMSIG (status) + 128; ++ if (WCOREDUMP (status)) ++ fprintf (stderr, _("%s (core dumped)\n"), ++ strsignal (WTERMSIG (status))); ++ } + else + status = WEXITSTATUS (status); + else +-- +1.7.11.7 + diff --git a/0207-su-fixed-a-typo-in-pam-error-message.patch b/0207-su-fixed-a-typo-in-pam-error-message.patch new file mode 100644 index 0000000..f5c19d6 --- /dev/null +++ b/0207-su-fixed-a-typo-in-pam-error-message.patch @@ -0,0 +1,26 @@ +From 2f3cb337e1cda9e897480f256453f369914380b3 Mon Sep 17 00:00:00 2001 +From: Vitezslav Cizek +Date: Mon, 1 Oct 2012 14:48:16 +0200 +Subject: [PATCH 207/208] su: fixed a typo in pam error message + +Signed-off-by: Vitezslav Cizek +--- + login-utils/su-common.c | 2 +- + 1 file changed, 1 insertion(+), 1 deletion(-) + +diff --git a/login-utils/su-common.c b/login-utils/su-common.c +index 118e080..ea6864e 100644 +--- a/login-utils/su-common.c ++++ b/login-utils/su-common.c +@@ -223,7 +223,7 @@ create_watching_parent (void) + if (is_pam_failure(retval)) + { + cleanup_pam (retval); +- errx (EXIT_FAILURE, _("cannot not open session: %s"), ++ errx (EXIT_FAILURE, _("cannot open session: %s"), + pam_strerror (pamh, retval)); + } + else +-- +1.7.11.7 + diff --git a/0208-runuser-add-u-to-not-execute-shell.patch b/0208-runuser-add-u-to-not-execute-shell.patch new file mode 100644 index 0000000..5085956 --- /dev/null +++ b/0208-runuser-add-u-to-not-execute-shell.patch @@ -0,0 +1,281 @@ +From f0c57c2b1129b17e68e54d08421d1f209f1b6c57 Mon Sep 17 00:00:00 2001 +From: Karel Zak +Date: Thu, 13 Sep 2012 11:58:00 +0200 +Subject: [PATCH 208/208] runuser: add -u to not execute shell + +Signed-off-by: Karel Zak +--- + login-utils/runuser.1 | 20 ++++--- + login-utils/su-common.c | 138 +++++++++++++++++++++++++++++++----------------- + login-utils/su.1 | 1 + + 3 files changed, 105 insertions(+), 54 deletions(-) + +diff --git a/login-utils/runuser.1 b/login-utils/runuser.1 +index 66ad1c4..4620165 100644 +--- a/login-utils/runuser.1 ++++ b/login-utils/runuser.1 +@@ -3,10 +3,21 @@ + runuser \- run a command with substitute user and group ID + .SH SYNOPSIS + .B runuser +-[options...] [\-] [user [args...]] ++[options] -u ++.IR user ++.IR "command " [ argument ...] ++.LP ++.B runuser ++[options] [-] ++[ ++.IR "user " [ argument ...] ++] + .SH DESCRIPTION + .B runuser + allows to run commands with substitute user and group ID. ++If the option \fB\-u\fR not given, fallback to ++.B su ++compatible semantic and shell is executed. + The difference between the commands + .B runuser + and +@@ -36,12 +47,7 @@ and + .B LOGNAME + if the target + .I user +-is not root). It is recommended to always use the +-.B \-\-login +-option (instead it's shortcut +-.BR \- ) +-to avoid side effects caused by mixing environments. +-.PP ++is not root). + This version of + .B runuser + uses PAM for session management. +diff --git a/login-utils/su-common.c b/login-utils/su-common.c +index ea6864e..4e1f6b2 100644 +--- a/login-utils/su-common.c ++++ b/login-utils/su-common.c +@@ -439,7 +439,8 @@ modify_environment (const struct passwd *pw, const char *shell) + if (term) + xsetenv ("TERM", term, 1); + xsetenv ("HOME", pw->pw_dir, 1); +- xsetenv ("SHELL", shell, 1); ++ if (shell) ++ xsetenv ("SHELL", shell, 1); + xsetenv ("USER", pw->pw_name, 1); + xsetenv ("LOGNAME", pw->pw_name, 1); + set_path(pw); +@@ -451,7 +452,8 @@ modify_environment (const struct passwd *pw, const char *shell) + if (change_environment) + { + xsetenv ("HOME", pw->pw_dir, 1); +- xsetenv ("SHELL", shell, 1); ++ if (shell) ++ xsetenv ("SHELL", shell, 1); + if (getlogindefs_bool ("ALWAYS_SET_PATH", 0)) + set_path(pw); + +@@ -571,35 +573,47 @@ restricted_shell (const char *shell) + static void __attribute__((__noreturn__)) + usage (int status) + { +- if (status != EXIT_SUCCESS) +- fprintf (stderr, _("Try `%s --help' for more information.\n"), +- program_invocation_short_name); +- else +- { +- fputs(USAGE_HEADER, stdout); +- printf (_(" %s [options] [-] [USER [arg]...]\n"), program_invocation_short_name); +- fputs (_("\n\ +- Change the effective user id and group id to that of USER.\n\ +- A mere - implies -l. If USER not given, assume root.\n"), stdout); +- fputs(USAGE_OPTIONS, stdout); +- fputs (_("\ +- -, -l, --login make the shell a login shell\n\ +- -c, --command pass a single command to the shell with -c\n\ +- --session-command pass a single command to the shell with -c\n\ +- and do not create a new session\n\ +- -g --group=group specify the primary group\n\ +- -G --supp-group=group specify a supplemental group\n\ +- -f, --fast pass -f to the shell (for csh or tcsh)\n\ +- -m, --preserve-environment do not reset environment variables\n\ +- -p same as -m\n\ +- -s, --shell run shell if /etc/shells allows it\n\ +-"), stdout); +- +- fputs(USAGE_SEPARATOR, stdout); +- fputs(USAGE_HELP, stdout); +- fputs(USAGE_VERSION, stdout); +- printf(USAGE_MAN_TAIL("su(1)")); +- } ++ if (su_mode == RUNUSER_MODE) { ++ fputs(USAGE_HEADER, stdout); ++ printf (_(" %s [options] -u COMMAND\n"), program_invocation_short_name); ++ printf (_(" %s [options] [-] [USER [arg]...]\n"), program_invocation_short_name); ++ fputs (_("\n" ++ "Run COMMAND with the effective id and group id. If -u not\n" ++ "given, fallback to su(1) compatible semantic and shell is executed.\n" ++ "The options -l, -c, -f, -s are mutually exclusive to -u.\n"), stdout); ++ ++ fputs(USAGE_OPTIONS, stdout); ++ ++ fputs (_( ++ " -u, --user username\n"), stdout); ++ ++ } else { ++ fputs(USAGE_HEADER, stdout); ++ printf (_(" %s [options] [-] [USER [arg]...]\n"), program_invocation_short_name); ++ fputs (_("\n" ++ "Change the effective user id and group id to that of USER.\n" ++ "A mere - implies -l. If USER not given, assume root.\n"), stdout); ++ ++ fputs(USAGE_OPTIONS, stdout); ++ } ++ ++ fputs (_( ++ " -m, -p, --preserve-environment do not reset environment variables\n" ++ " -g, --group specify the primary group\n" ++ " -G, --supp-group specify a supplemental group\n\n"), stdout); ++ ++ fputs (_( ++ " -, -l, --login make the shell a login shell\n" ++ " -c, --command pass a single command to the shell with -c\n" ++ " --session-command pass a single command to the shell with -c\n" ++ " and do not create a new session\n" ++ " -f, --fast pass -f to the shell (for csh or tcsh)\n" ++ " -s, --shell run shell if /etc/shells allows it\n"), stdout); ++ ++ fputs(USAGE_SEPARATOR, stdout); ++ fputs(USAGE_HELP, stdout); ++ fputs(USAGE_VERSION, stdout); ++ printf(USAGE_MAN_TAIL(su_mode == SU_MODE ? "su(1)" : "runuser(1)")); + exit (status); + } + +@@ -635,7 +649,7 @@ int + su_main (int argc, char **argv, int mode) + { + int optc; +- const char *new_user = DEFAULT_USER; ++ const char *new_user = DEFAULT_USER, *runuser_user = NULL; + char *command = NULL; + int request_same_session = 0; + char *shell = NULL; +@@ -655,6 +669,7 @@ su_main (int argc, char **argv, int mode) + {"shell", required_argument, NULL, 's'}, + {"group", required_argument, NULL, 'g'}, + {"supp-group", required_argument, NULL, 'G'}, ++ {"user", required_argument, NULL, 'u'}, /* runuser only */ + {"help", no_argument, 0, 'h'}, + {"version", no_argument, 0, 'V'}, + {NULL, 0, NULL, 0} +@@ -670,7 +685,7 @@ su_main (int argc, char **argv, int mode) + simulate_login = false; + change_environment = true; + +- while ((optc = getopt_long (argc, argv, "c:fg:G:lmps:hV", longopts, NULL)) != -1) ++ while ((optc = getopt_long (argc, argv, "+c:fg:G:lmps:u:hV", longopts, NULL)) != -1) + { + switch (optc) + { +@@ -720,6 +735,12 @@ su_main (int argc, char **argv, int mode) + shell = optarg; + break; + ++ case 'u': ++ if (su_mode != RUNUSER_MODE) ++ usage (EXIT_FAILURE); ++ runuser_user = optarg; ++ break; ++ + case 'h': + usage(0); + +@@ -739,8 +760,21 @@ su_main (int argc, char **argv, int mode) + simulate_login = true; + ++optind; + } +- if (optind < argc) ++ ++ /* if not "-u " specified then fallback to classic su(1) */ ++ if (!runuser_user && optind < argc) + new_user = argv[optind++]; ++ else { ++ /* runuser -u */ ++ new_user = runuser_user; ++ if (shell || fast_startup || command || simulate_login) { ++ errx(EXIT_FAILURE, ++ _("options --{shell,fast,command,session-command,login} and " ++ "--user are mutually exclusive.")); ++ } ++ if (optind == argc) ++ errx(EXIT_FAILURE, _("COMMAND not specified.")); ++ } + + if ((num_supp_groups || use_gid) && restricted) + errx(EXIT_FAILURE, _("only root can specify alternative groups")); +@@ -784,18 +818,23 @@ su_main (int argc, char **argv, int mode) + if (request_same_session || !command || !pw->pw_uid) + same_session = 1; + +- if (!shell && !change_environment) +- shell = getenv ("SHELL"); +- if (shell && getuid () != 0 && restricted_shell (pw->pw_shell)) +- { +- /* The user being su'd to has a nonstandard shell, and so is +- probably a uucp account or has restricted access. Don't +- compromise the account by allowing access with a standard +- shell. */ +- warnx (_("using restricted shell %s"), pw->pw_shell); +- shell = NULL; +- } +- shell = xstrdup (shell ? shell : pw->pw_shell); ++ /* initialize shell variable only if "-u " not specified */ ++ if (runuser_user) { ++ shell = NULL; ++ } else { ++ if (!shell && !change_environment) ++ shell = getenv ("SHELL"); ++ if (shell && getuid () != 0 && restricted_shell (pw->pw_shell)) ++ { ++ /* The user being su'd to has a nonstandard shell, and so is ++ probably a uucp account or has restricted access. Don't ++ compromise the account by allowing access with a standard ++ shell. */ ++ warnx (_("using restricted shell %s"), pw->pw_shell); ++ shell = NULL; ++ } ++ shell = xstrdup (shell ? shell : pw->pw_shell); ++ } + + init_groups (pw, groups, num_supp_groups); + +@@ -814,7 +853,12 @@ su_main (int argc, char **argv, int mode) + if (simulate_login && chdir (pw->pw_dir) != 0) + warn (_("warning: cannot change directory to %s"), pw->pw_dir); + +- run_shell (shell, command, argv + optind, max (0, argc - optind)); ++ if (shell) ++ run_shell (shell, command, argv + optind, max (0, argc - optind)); ++ else { ++ execvp(argv[optind], &argv[optind]); ++ err(EXIT_FAILURE, _("executing %s failed"), argv[optind]); ++ } + } + + // vim: sw=2 cinoptions=>4,n-2,{2,^-2,\:2,=2,g0,h2,p5,t0,+2,(0,u0,w1,m1 +diff --git a/login-utils/su.1 b/login-utils/su.1 +index 59e1731..c82b941 100644 +--- a/login-utils/su.1 ++++ b/login-utils/su.1 +@@ -216,6 +216,7 @@ command specific logindef config file + global logindef config file + .PD 1 + .SH "SEE ALSO" ++.BR runuser (8), + .BR pam (8), + .BR shells (5), + .BR login.defs (5) +-- +1.7.11.7 + diff --git a/0209-build-sys-move-runuser-to-sbin-dir.patch b/0209-build-sys-move-runuser-to-sbin-dir.patch new file mode 100644 index 0000000..ab87cbc --- /dev/null +++ b/0209-build-sys-move-runuser-to-sbin-dir.patch @@ -0,0 +1,26 @@ +From 69658513d00635048f5de76ed73f4a43a61d374d Mon Sep 17 00:00:00 2001 +From: Karel Zak +Date: Thu, 1 Nov 2012 13:12:02 +0100 +Subject: [PATCH] build-sys: move runuser to sbin dir + +Signed-off-by: Karel Zak +--- + login-utils/Makemodule.am | 2 +- + 1 file changed, 1 insertion(+), 1 deletion(-) + +diff --git a/login-utils/Makemodule.am b/login-utils/Makemodule.am +index e26d9a7..0d8e8b1 100644 +--- a/login-utils/Makemodule.am ++++ b/login-utils/Makemodule.am +@@ -94,7 +94,7 @@ endif + + + if BUILD_RUNUSER +-bin_PROGRAMS += runuser ++sbin_PROGRAMS += runuser + dist_man_MANS += login-utils/runuser.1 + runuser_SOURCES = \ + login-utils/runuser.c \ +-- +1.7.11.7 + diff --git a/util-linux-runuser-l.pamd b/util-linux-runuser-l.pamd new file mode 100644 index 0000000..fa1e4d8 --- /dev/null +++ b/util-linux-runuser-l.pamd @@ -0,0 +1,4 @@ +#%PAM-1.0 +auth include runuser +session optional pam_keyinit.so force revoke +session include runuser diff --git a/util-linux-runuser.pamd b/util-linux-runuser.pamd new file mode 100644 index 0000000..37f0e84 --- /dev/null +++ b/util-linux-runuser.pamd @@ -0,0 +1,5 @@ +#%PAM-1.0 +auth sufficient pam_rootok.so +session optional pam_keyinit.so revoke +session required pam_limits.so +session required pam_unix.so diff --git a/util-linux-su-l.pamd b/util-linux-su-l.pamd new file mode 100644 index 0000000..656a139 --- /dev/null +++ b/util-linux-su-l.pamd @@ -0,0 +1,6 @@ +#%PAM-1.0 +auth include su +account include su +password include su +session optional pam_keyinit.so force revoke +session include su diff --git a/util-linux-su.pamd b/util-linux-su.pamd new file mode 100644 index 0000000..1981f58 --- /dev/null +++ b/util-linux-su.pamd @@ -0,0 +1,14 @@ +#%PAM-1.0 +auth sufficient pam_rootok.so +# Uncomment the following line to implicitly trust users in the "wheel" group. +#auth sufficient pam_wheel.so trust use_uid +# Uncomment the following line to require a user to be in the "wheel" group. +#auth required pam_wheel.so use_uid +auth include system-auth +auth include postlogin +account sufficient pam_succeed_if.so uid = 0 use_uid quiet +account include system-auth +password include system-auth +session include system-auth +session include postlogin +session optional pam_xauth.so diff --git a/util-linux.spec b/util-linux.spec index aa6dab8..a2faa3d 100644 --- a/util-linux.spec +++ b/util-linux.spec @@ -2,7 +2,7 @@ Summary: A collection of basic system utilities Name: util-linux Version: 2.22.1 -Release: 2%{?dist} +Release: 3%{?dist} License: GPLv2 and GPLv2+ and GPLv3+ and LGPLv2+ and BSD with advertising and Public Domain Group: System Environment/Base URL: http://en.wikipedia.org/wiki/Util-linux @@ -24,6 +24,11 @@ BuildRequires: popt-devel BuildRequires: libutempter-devel Buildrequires: systemd-devel +# because backported su(1) and runuser(1) patches +BuildRequires: automake +BuildRequires: autoconf +BuildRequires: libtool + ### Sources Source0: ftp://ftp.kernel.org/pub/linux/utils/util-linux/v2.22/util-linux-%{upstream_version}.tar.xz Source1: util-linux-login.pamd @@ -33,8 +38,14 @@ Source4: util-linux-60-raw.rules Source8: nologin.c Source9: nologin.8 Source11: http://downloads.sourceforge.net/floppyutil/floppy-%{floppyver}.tar.bz2 +Source12: util-linux-su.pamd +Source13: util-linux-su-l.pamd +Source14: util-linux-runuser.pamd +Source15: util-linux-runuser-l.pamd ### Obsoletes & Conflicts & Provides +# su(1) and runuser(1) merged into util-linux v2.22 +Conflicts: coreutils < 8.20 # eject has been merged into util-linux v2.22 Obsoletes: eject <= 2.1.5 Provides: eject = 2.1.6 @@ -99,6 +110,20 @@ Patch109: 0009-fsck.cramfs-compile-with-DINCLUDE_FS_TESTS-for-make-.patch Patch110: 0010-login-fix-compiler-warning-Wunused-result.patch Patch111: 0011-misc-make-readlink-usage-more-robust.patch +### Upstream patches from master branch (will be v2.23) for su(1) and new +### runuser(1) implementation. This is required for the recent coreutils where +### is no more su(1). +### +Patch200: 0200-su-add-group-and-supp-group-options.patch +Patch201: 0201-su-move-generic-su-code-to-su-common.c.patch +Patch202: 0202-runuser-new-command-derived-from-su-1.patch +Patch203: 0203-su-more-robust-getpwuid-for-GNU-Hurt-coreutils-71b7d.patch +Patch204: 0204-su-verify-writing-to-streams-was-successful.patch +Patch205: 0205-su-move-long-options-to-main.patch +Patch206: 0206-su-add-segmentation-fault-reporting-of-the-child-pro.patch +Patch207: 0207-su-fixed-a-typo-in-pam-error-message.patch +Patch208: 0208-runuser-add-u-to-not-execute-shell.patch +Patch209: 0209-build-sys-move-runuser-to-sbin-dir.patch %description The util-linux package contains a large variety of low-level system @@ -228,9 +253,22 @@ cp %{SOURCE8} %{SOURCE9} . %patch110 -p1 %patch111 -p1 +%patch200 -p1 +%patch201 -p1 +%patch202 -p1 +%patch203 -p1 +%patch204 -p1 +%patch205 -p1 +%patch206 -p1 +%patch207 -p1 +%patch208 -p1 +%patch209 -p1 + %build unset LINGUAS || : +./autogen.sh + export CFLAGS="-D_LARGEFILE_SOURCE -D_LARGEFILE64_SOURCE -D_FILE_OFFSET_BITS=64 $RPM_OPT_FLAGS" export SUID_CFLAGS="-fpie" export SUID_LDFLAGS="-pie -Wl,-z,relro -Wl,-z,now" @@ -242,7 +280,6 @@ export SUID_LDFLAGS="-pie -Wl,-z,relro -Wl,-z,now" --enable-chfn-chsh \ --enable-write \ --enable-raw \ - --disable-su \ --with-udev \ --with-selinux \ --with-audit \ @@ -327,6 +364,10 @@ chmod 755 ${RPM_BUILD_ROOT}%{_bindir}/sunhostid install -m 644 %{SOURCE2} ./remote install -m 644 %{SOURCE3} ./chsh install -m 644 %{SOURCE3} ./chfn + install -m 644 %{SOURCE12} ./su + install -m 644 %{SOURCE13} ./su-l + install -m 644 %{SOURCE14} ./runuser + install -m 644 %{SOURCE15} ./runuser-l popd } @@ -485,10 +526,15 @@ fi %config(noreplace) %{_sysconfdir}/pam.d/chsh %config(noreplace) %{_sysconfdir}/pam.d/login %config(noreplace) %{_sysconfdir}/pam.d/remote +%config(noreplace) %{_sysconfdir}/pam.d/su +%config(noreplace) %{_sysconfdir}/pam.d/su-l +%config(noreplace) %{_sysconfdir}/pam.d/runuser +%config(noreplace) %{_sysconfdir}/pam.d/runuser-l %config(noreplace) %{_prefix}/lib/udev/rules.d %attr(4755,root,root) %{_bindir}/mount %attr(4755,root,root) %{_bindir}/umount +%attr(4755,root,root) %{_bindir}/su %attr(755,root,root) %{_bindir}/login %attr(4711,root,root) %{_bindir}/chfn %attr(4711,root,root) %{_bindir}/chsh @@ -574,10 +620,12 @@ fi %{_mandir}/man1/rename.1* %{_mandir}/man1/renice.1* %{_mandir}/man1/rev.1* +%{_mandir}/man1/runuser.1* %{_mandir}/man1/script.1* %{_mandir}/man1/scriptreplay.1* %{_mandir}/man1/setsid.1* %{_mandir}/man1/setterm.1* +%{_mandir}/man1/su.1* %{_mandir}/man1/tailf.1* %{_mandir}/man1/taskset.1* %{_mandir}/man1/ul.1* @@ -653,6 +701,7 @@ fi %{_sbindir}/readprofile %{_sbindir}/resizepart %{_sbindir}/rtcwake +%{_sbindir}/runuser %{_sbindir}/sulogin %{_sbindir}/swaplabel %{_sbindir}/swapoff @@ -754,6 +803,10 @@ fi %changelog +* Thu Nov 1 2012 Karel Zak 2.22.1-3 +- backport upstream runuser(1) +- enable su(1) + * Thu Nov 1 2012 Karel Zak 2.22.1-2 - apply pathes from upstream stable/v2.22 branch - fix #865961 - wipefs -a should use O_EXCL