diff options
author | Karel Zak | 2016-10-14 15:18:37 +0200 |
---|---|---|
committer | Karel Zak | 2017-09-18 11:48:56 +0200 |
commit | 581ddd373ae26066fb6e20406d7887f9dcca996b (patch) | |
tree | 7778e3a77997d3e2a4cab3fa89a4141ec62c74b3 /login-utils | |
parent | su: cleanup usernames usage (diff) | |
download | kernel-qcow2-util-linux-581ddd373ae26066fb6e20406d7887f9dcca996b.tar.gz kernel-qcow2-util-linux-581ddd373ae26066fb6e20406d7887f9dcca996b.tar.xz kernel-qcow2-util-linux-581ddd373ae26066fb6e20406d7887f9dcca996b.zip |
su: cleanup shell related code
Signed-off-by: Karel Zak <kzak@redhat.com>
Diffstat (limited to 'login-utils')
-rw-r--r-- | login-utils/su-common.c | 54 |
1 files changed, 26 insertions, 28 deletions
diff --git a/login-utils/su-common.c b/login-utils/su-common.c index c818b9eb8..22411d227 100644 --- a/login-utils/su-common.c +++ b/login-utils/su-common.c @@ -111,8 +111,6 @@ struct su_context { }; -static void run_shell(struct su_context *, char const *, char const *, char **, size_t); - static sig_atomic_t volatile caught_signal = false; /* Signal handler for parent process. */ @@ -508,20 +506,19 @@ change_identity (const struct passwd * const pw) err(EXIT_FAILURE, _("cannot set user id")); } -/* Run SHELL, or DEFAULT_SHELL if SHELL is empty. - If COMMAND is nonzero, pass it to the shell with the -c option. - Pass ADDITIONAL_ARGS to the shell as more arguments; there - are N_ADDITIONAL_ARGS extra arguments. */ - -static void -run_shell(struct su_context *su, - char const *shell, char const *command, char **additional_args, - size_t n_additional_args) +/* Run SHELL, if COMMAND is nonzero, pass it to the shell with the -c option. + * Pass ADDITIONAL_ARGS to the shell as more arguments; there are + * N_ADDITIONAL_ARGS extra arguments. + */ +static void run_shell( + struct su_context *su, + char const *shell, char const *command, char **additional_args, + size_t n_additional_args) { - size_t n_args = - 1 + su->fast_startup + 2 * ! !command + n_additional_args + 1; + size_t n_args = 1 + su->fast_startup + 2 * ! !command + n_additional_args + 1; char const **args = xcalloc(n_args, sizeof *args); size_t argno = 1; + int rc; if (su->simulate_login) { char *arg0; @@ -534,29 +531,26 @@ run_shell(struct su_context *su, args[0] = arg0; } else args[0] = basename(shell); + if (su->fast_startup) args[argno++] = "-f"; if (command) { args[argno++] = "-c"; args[argno++] = command; } + memcpy(args + argno, additional_args, n_additional_args * sizeof *args); args[argno + n_additional_args] = NULL; execv(shell, (char **)args); - { - int exit_status = - (errno == ENOENT ? EXIT_ENOENT : EXIT_CANNOT_INVOKE); - warn(_("failed to execute %s"), shell); - exit(exit_status); - } + rc = errno == ENOENT ? EXIT_ENOENT : EXIT_CANNOT_INVOKE; + err(rc, _("failed to execute %s"), shell); } /* Return true if SHELL is a restricted shell (one not returned by - getusershell), else false, meaning it is a standard shell. */ - -static bool -restricted_shell (const char * const shell) + * getusershell), else false, meaning it is a standard shell. + */ +static bool is_restricted_shell(const char *shell) { char *line; @@ -854,11 +848,15 @@ su_main(int argc, char **argv, int mode) } else { if (!shell && !su->change_environment) shell = getenv("SHELL"); - if (shell && getuid() != 0 && restricted_shell(su->pwd->pw_shell)) { - /* The user being su'd to has a nonstandard shell, and so is - probably a uucp account or has restricted access. Don't - compromise the account by allowing access with a standard - shell. */ + + if (shell + && getuid() != 0 + && is_restricted_shell(su->pwd->pw_shell)) { + /* The user being su'd to has a nonstandard shell, and + * so is probably a uucp account or has restricted + * access. Don't compromise the account by allowing + * access with a standard shell. + */ warnx(_("using restricted shell %s"), su->pwd->pw_shell); shell = NULL; } |