| Commit message (Collapse) | Author | Age | Files | Lines |
|
|
|
|
|
|
|
|
|
|
| |
With users coming from LDAP, it is often the case that the entry in LDAP
does not contain one or more attributes required by su or, because of
misconfigured access control rights, the attribute might not be readable
by the LDAP client. In that case, su just tells the user that the user
does not exist.
It might be more user-friendly to tell the user to check the user entry
for all required fields.
|
|
|
|
| |
Signed-off-by: Karel Zak <kzak@redhat.com>
|
|
|
|
| |
Signed-off-by: Karel Zak <kzak@redhat.com>
|
|
|
|
|
|
|
|
|
| |
We use PAM and if pam_strerror() returns nothing we have no clue why
authentication failed. It's mistake to blame incorrect password if
there are many possible reason...
Addresses: https://github.com/karelzak/util-linux/issues/778
Signed-off-by: Karel Zak <kzak@redhat.com>
|
|
|
|
|
|
| |
See the same issue for script: 27afe5016842c22d256ea9f88b598d637ca0df84
Signed-off-by: Karel Zak <kzak@redhat.com>
|
|
|
|
|
|
|
|
|
|
|
|
| |
* use proper winsize rather than uninitialized variable (Oops...)
* set the current terminal to the raw mode
* disable ECHO for non-terminal execution to be compatible with
non-pty output
Addresses: https://github.com/karelzak/util-linux/issues/767
Signed-off-by: Karel Zak <kzak@redhat.com>
|
|
|
|
|
|
|
|
| |
ENV_SUPATH and ENV_ROOTPATH are equivalent and ENV_ROOTPATH takes
precedence in both login and su. It makes no sense. More logical would be
precedence of ENV_SUPATH in su and ENV_ROOTPATH in login.
Signed-off-by: Stanislav Brabec <sbrabec@suse.cz>
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
su(1) documentation says:
/etc/default/su command specific logindef config file
/etc/login.defs global logindef config file
It indirectly indicates that /etc/default/su should take precedence
over /etc/login.defs.
But the reverse is true. It is not possible to define ENV_PATH in
/etc/login.defs and then make su specific customization in
/etc/default/su. We need to change read order to match the documented
behavior.
Signed-off-by: Stanislav Brabec <sbrabec@suse.cz>
|
|
|
|
|
|
|
|
| |
man utmp:
String fields are terminated by a null byte ('\0') if they are shorter
than the size of the field.
Signed-off-by: Karel Zak <kzak@redhat.com>
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
* usable with --login to whitelist specified environment variables
* the list is ignored for the core variables like HOME, SHELL, USER,
LOGNAME and PATH (su --login always resets these variables)
Note that su(1) requires password and after successful authentication
user has full control over the session, so he can set arbitrary
environment variables. The whitelist makes things more user friendly
only.
The patch removes unnecessary optimization when allocate environ[]. It
seems better to keep all in glibc hands and just reset the environment
array only.
Addresses: https://github.com/karelzak/util-linux/issues/221
Signed-off-by: Karel Zak <kzak@redhat.com>
|
|
|
|
|
|
| |
Some more funny typos, please review carefully.
Signed-off-by: Ruediger Meier <ruediger.meier@ga-group.nl>
|
|
|
|
| |
Signed-off-by: Karel Zak <kzak@redhat.com>
|
|
|
|
|
|
| |
The new macro is fully compatible with original (coreutils) code.
Signed-off-by: Karel Zak <kzak@redhat.com>
|
|
|
|
|
|
|
| |
Let's make it possible to use debug.h without environment variables.
Suggested-by: J William Piggott <elseifthen@gmx.com>
Signed-off-by: Karel Zak <kzak@redhat.com>
|
|
|
|
|
|
|
| |
It seems better to deallocate logindefs.conf stuff in long time
running (=waiting) processes like login(1) and su(1).
Signed-off-by: Karel Zak <kzak@redhat.com>
|
|
|
|
| |
Signed-off-by: Sami Kerola <kerolasa@iki.fi>
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
We want to use waitpid() only when child is terminated or stopped to
pick up child status, otherwise PTY proxy has to be active. This is
difference between "su" and "su --pty". For "su" we keep parent all
time in waitpid().
It would be possible to use separate code based on signalfd_siginfo,
but it seems better to keep all this stuff on one place -- it means
wait_for_child().
Signed-off-by: Karel Zak <kzak@redhat.com>
|
|
|
|
| |
Signed-off-by: Karel Zak <kzak@redhat.com>
|
|
|
|
|
|
|
|
| |
Not sure why I have problem with this years ago for script(1), but it
seems .fd=-1 is really enough to the ignore the FD.
Reported-by: Vaclav Dolezal <vdolezal@redhat.com>
Signed-off-by: Karel Zak <kzak@redhat.com>
|
|
|
|
|
| |
Reported-by: Vaclav Dolezal <vdolezal@redhat.com>
Signed-off-by: Karel Zak <kzak@redhat.com>
|
|
|
|
|
|
|
|
|
|
|
| |
The signal mask is used by pty_init_slave(), but it has never been
uninitialized before fork(), so child gets 0 as a mask :-(
Note that script(1) has no this issue because it opens signal-fd
before fork().
Reported-by: Vaclav Dolezal <vdolezal@redhat.com>
Signed-off-by: Karel Zak <kzak@redhat.com>
|
|
|
|
| |
Signed-off-by: Karel Zak <kzak@redhat.com>
|
|
|
|
| |
Signed-off-by: Karel Zak <kzak@redhat.com>
|
|
|
|
| |
Signed-off-by: Karel Zak <kzak@redhat.com>
|
|
|
|
| |
Signed-off-by: Karel Zak <kzak@redhat.com>
|
|
|
|
| |
Signed-off-by: Karel Zak <kzak@redhat.com>
|
|
|
|
|
|
|
| |
For example if called more than once; to keep PTY code simple and
robust.
Signed-off-by: Karel Zak <kzak@redhat.com>
|
|
|
|
| |
Signed-off-by: Karel Zak <kzak@redhat.com>
|
|
|
|
|
|
| |
Fix child pid cleanup according to commit 0076012563ff34e294a6166d605118bcdd35f7e1.
Signed-off-by: Karel Zak <kzak@redhat.com>
|
|
|
|
| |
Signed-off-by: Karel Zak <kzak@redhat.com>
|
|
|
|
| |
Signed-off-by: Karel Zak <kzak@redhat.com>
|
|
|
|
| |
Signed-off-by: Karel Zak <kzak@redhat.com>
|
|
|
|
|
|
|
|
|
|
|
| |
This patch a little bit reorders signals initialization. The original
code unblocks SIGINT SIGQUIT before signal handler is set for the
signals. It means there is a small possible race.
It seems better to compose wanted mask, setup handlers and then
unblock all the wanted signals.
Signed-off-by: Karel Zak <kzak@redhat.com>
|
|
|
|
|
|
|
|
| |
- don't use magic numbers to index old actions
- don't use if () if ()
- make if() conditions more readable
Signed-off-by: Karel Zak <kzak@redhat.com>
|
|
|
|
| |
Signed-off-by: Karel Zak <kzak@redhat.com>
|
|
|
|
| |
Signed-off-by: Karel Zak <kzak@redhat.com>
|
|
|
|
|
|
|
|
| |
The patch from master branch, somehow lost during su refactoring
rebase.
Reported-by: Tobias Stöckmann <tobias@stoeckmann.org>
Signed-off-by: Karel Zak <kzak@redhat.com>
|
|
|
|
| |
Signed-off-by: Karel Zak <kzak@redhat.com>
|
|
|
|
| |
Signed-off-by: Karel Zak <kzak@redhat.com>
|
|
|
|
| |
Signed-off-by: Karel Zak <kzak@redhat.com>
|
|
|
|
| |
Signed-off-by: Karel Zak <kzak@redhat.com>
|
|
|
|
| |
Signed-off-by: Karel Zak <kzak@redhat.com>
|
|
|
|
| |
Signed-off-by: Karel Zak <kzak@redhat.com>
|
|
|
|
| |
Signed-off-by: Karel Zak <kzak@redhat.com>
|
|
|
|
| |
Signed-off-by: Karel Zak <kzak@redhat.com>
|
|
|
|
| |
Signed-off-by: Karel Zak <kzak@redhat.com>
|
|
|
|
| |
Signed-off-by: Karel Zak <kzak@redhat.com>
|
|
|
|
| |
Signed-off-by: Karel Zak <kzak@redhat.com>
|
|
|
|
| |
Signed-off-by: Karel Zak <kzak@redhat.com>
|
|
|
|
| |
Signed-off-by: Karel Zak <kzak@redhat.com>
|