From 3409f2d5db068fa23d2344776412b86150352336 Mon Sep 17 00:00:00 2001 From: des Date: Sun, 1 Jun 2003 12:54:03 +0000 Subject: Vendor import of OpenPAM Digitalis. --- contrib/openpam/bin/Makefile | 4 ++-- contrib/openpam/bin/Makefile.inc | 3 +++ contrib/openpam/bin/su/Makefile | 6 ++--- contrib/openpam/bin/su/su.c | 47 +++++++++++++++++++++++----------------- 4 files changed, 35 insertions(+), 25 deletions(-) create mode 100644 contrib/openpam/bin/Makefile.inc (limited to 'contrib/openpam/bin') diff --git a/contrib/openpam/bin/Makefile b/contrib/openpam/bin/Makefile index 57cc1be..75bb5ad 100644 --- a/contrib/openpam/bin/Makefile +++ b/contrib/openpam/bin/Makefile @@ -1,5 +1,5 @@ #- -# Copyright (c) 2002 Networks Associates Technology, Inc. +# Copyright (c) 2002-2003 Networks Associates Technology, Inc. # All rights reserved. # # This software was developed for the FreeBSD Project by ThinkSec AS @@ -32,7 +32,7 @@ # OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF # SUCH DAMAGE. # -# $P4: //depot/projects/openpam/bin/Makefile#6 $ +# $P4: //depot/projects/openpam/bin/Makefile#7 $ # SUBDIR = diff --git a/contrib/openpam/bin/Makefile.inc b/contrib/openpam/bin/Makefile.inc new file mode 100644 index 0000000..a368da3 --- /dev/null +++ b/contrib/openpam/bin/Makefile.inc @@ -0,0 +1,3 @@ +# $P4: //depot/projects/openpam/bin/Makefile.inc#1 $ + +.include "../Makefile.inc" diff --git a/contrib/openpam/bin/su/Makefile b/contrib/openpam/bin/su/Makefile index c37e880..17a78a8 100644 --- a/contrib/openpam/bin/su/Makefile +++ b/contrib/openpam/bin/su/Makefile @@ -1,5 +1,5 @@ #- -# Copyright (c) 2002 Networks Associates Technology, Inc. +# Copyright (c) 2002-2003 Networks Associates Technology, Inc. # All rights reserved. # # This software was developed for the FreeBSD Project by ThinkSec AS @@ -32,13 +32,13 @@ # OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF # SUCH DAMAGE. # -# $P4: //depot/projects/openpam/bin/su/Makefile#5 $ +# $P4: //depot/projects/openpam/bin/su/Makefile#8 $ # PROG = su WARNS ?= 4 CFLAGS += -I${.CURDIR}/../../include -DPADD = ${.OBJDIR}/../../lib/libpam.so +DPADD = ${.OBJDIR}/../../lib/libpam.a LDADD = -L${.OBJDIR}/../../lib -R${.OBJDIR}/../../lib -lpam NOMAN = YES diff --git a/contrib/openpam/bin/su/su.c b/contrib/openpam/bin/su/su.c index 0c8c45d..345d601 100644 --- a/contrib/openpam/bin/su/su.c +++ b/contrib/openpam/bin/su/su.c @@ -1,5 +1,5 @@ /*- - * Copyright (c) 2002 Networks Associates Technology, Inc. + * Copyright (c) 2002-2003 Networks Associates Technology, Inc. * All rights reserved. * * This software was developed for the FreeBSD Project by ThinkSec AS and @@ -31,13 +31,14 @@ * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF * SUCH DAMAGE. * - * $P4: //depot/projects/openpam/bin/su/su.c#8 $ + * $P4: //depot/projects/openpam/bin/su/su.c#12 $ */ #include #include #include +#include #include #include #include @@ -81,9 +82,17 @@ main(int argc, char *argv[]) argc -= optind; argv += optind; + if (argc > 0) { + user = *argv; + --argc; + ++argv; + } else { + user = "root"; + } + /* initialize PAM */ pamc.conv = &openpam_ttyconv; - pam_start("su", argc ? *argv : "root", &pamc, &pamh); + pam_start("su", user, &pamc, &pamh); /* set some items */ gethostname(hostname, sizeof(hostname)); @@ -117,20 +126,6 @@ main(int argc, char *argv[]) if (pam_err != PAM_SUCCESS || (pwd = getpwnam(user)) == NULL) goto pamerr; - /* set uid and groups */ - if (initgroups(pwd->pw_name, pwd->pw_gid) == -1) { - warn("initgroups()"); - goto err; - } - if (setgid(pwd->pw_gid) == -1) { - warn("setgid()"); - goto err; - } - if (setuid(pwd->pw_uid) == -1) { - warn("setuid()"); - goto err; - } - /* export PAM environment */ if ((pam_envlist = pam_getenvlist(pamh)) != NULL) { for (pam_env = pam_envlist; *pam_env != NULL; ++pam_env) { @@ -154,7 +149,21 @@ main(int argc, char *argv[]) warn("fork()"); goto err; case 0: - /* child: start a shell */ + /* child: give up privs and start a shell */ + + /* set uid and groups */ + if (initgroups(pwd->pw_name, pwd->pw_gid) == -1) { + warn("initgroups()"); + _exit(1); + } + if (setgid(pwd->pw_gid) == -1) { + warn("setgid()"); + _exit(1); + } + if (setuid(pwd->pw_uid) == -1) { + warn("setuid()"); + _exit(1); + } execve(*args, args, environ); warn("execve()"); _exit(1); @@ -170,9 +179,7 @@ main(int argc, char *argv[]) } pamerr: - pam_end(pamh, pam_err); fprintf(stderr, "Sorry\n"); - exit(1); err: pam_end(pamh, pam_err); exit(1); -- cgit v1.1