head	1.9;
access;
symbols
	old_RELEASE_7_3_0:1.7
	old_RELEASE_8_0_0:1.7
	old_old_RELEASE_7_2_0:1.6
	old_old_RELEASE_7_1_0:1.6
	old_old_RELEASE_6_4_0:1.6
	old_old_RELEASE_5_EOL:1.6
	old_old_RELEASE_7_0_0:1.6
	old_old_RELEASE_6_3_0:1.6
	old_old_PRE_XORG_7:1.6
	old_old_RELEASE_4_EOL:1.6
	old_old_RELEASE_6_2_0:1.6
	old_old_RELEASE_6_1_0:1.6
	old_old_RELEASE_5_5_0:1.6
	old_old_RELEASE_6_0_0:1.6
	old_old_RELEASE_5_4_0:1.6
	old_old_RELEASE_4_11_0:1.6
	old_old_RELEASE_5_3_0:1.6
	old_old_RELEASE_4_10_0:1.6
	old_old_RELEASE_5_2_1:1.6
	old_old_RELEASE_5_2_0:1.6
	old_old_RELEASE_4_9_0:1.6
	old_old_RELEASE_5_1_0:1.5
	old_old_RELEASE_4_8_0:1.5
	old_old_RELEASE_5_0_0:1.5
	old_old_RELEASE_4_7_0:1.5
	old_old_RELEASE_4_6_2:1.5
	old_old_RELEASE_4_6_1:1.5
	old_old_RELEASE_4_6_0:1.5
	old_old_RELEASE_5_0_DP1:1.5
	old_old_RELEASE_4_5_0:1.5
	old_old_RELEASE_4_4_0:1.5
	old_old_RELEASE_4_3_0:1.4
	old_old_RELEASE_4_2_0:1.4
	old_old_RELEASE_4_1_1:1.4
	old_old_RELEASE_4_1_0:1.4
	old_old_krb5_1_2:1.4
	old_old_krb5_1_1_1:1.3
	old_old_RELEASE_3_5_0:1.3
	old_old_RELEASE_4_0_0:1.3
	old_old_RELEASE_3_4_0:1.2
	old_old_RELEASE_3_3_0:1.1
	old_old_krb5_1_0_6:1.1
	old_old_krb5_1_0_5:1.1
	old_old_RELEASE_3_2_0:1.1
	old_old_RELEASE_3_1_0:1.1
	old_old_RELEASE_2_2_8:1.1
	old_old_RELEASE_3_0_0:1.1
	old_old_RELEASE_2_2_7:1.1;
locks; strict;
comment	@# @;


1.9
date	2010.04.26.03.54.16;	author cy;	state dead;
branches;
next	1.8;

1.8
date	2010.04.26.03.31.54;	author cy;	state Exp;
branches;
next	1.7;

1.7
date	2009.06.09.04.16.35;	author cy;	state Exp;
branches;
next	1.6;

1.6
date	2003.08.08.01.20.18;	author cy;	state Exp;
branches;
next	1.5;

1.5
date	2001.09.07.19.53.09;	author nectar;	state Exp;
branches;
next	1.4;

1.4
date	2000.06.24.01.48.10;	author nectar;	state Exp;
branches;
next	1.3;

1.3
date	2000.01.16.19.10.56;	author nectar;	state Exp;
branches;
next	1.2;

1.2
date	99.10.04.14.32.27;	author nectar;	state Exp;
branches;
next	1.1;

1.1
date	98.07.06.18.59.04;	author nectar;	state Exp;
branches;
next	;


desc
@@


1.9
log
@Welcome to krb5-appl-1.0. MIT split the Kerberos applications from the
base Kerberos distribution, creating krb5-appl.
@
text
@--- clients/ksu/main.c.orig	Wed Aug 14 12:14:49 2002
+++ clients/ksu/main.c	Tue Jul 29 18:46:00 2003
@@@@ -32,6 +32,10 @@@@
 #include <signal.h>
 #include <grp.h>
 
+#ifdef LOGIN_CAP
+#include <login_cap.h>
+#endif
+
 /* globals */
 char * prog_name;
 int auth_debug =0;     
@@@@ -61,7 +65,7 @@@@
    ill specified arguments to commands */        
 
 void usage (){
-    fprintf(stderr, "Usage: %s [target user] [-n principal] [-c source cachename] [-k] [-D] [-r time] [-pf] [-l lifetime] [-zZ] [-q] [-e command [args... ] ] [-a [args... ] ]\n", prog_name);
+    fprintf(stderr, "Usage: %s [target user] [-m] [-n principal] [-c source cachename] [-C target cachename] [-k] [-D] [-r time] [-pf] [-l lifetime] [-zZ] [-q] [-e command [args... ] ] [-a [args... ] ]\n", prog_name);
 }
 
 /* for Ultrix and friends ... */
@@@@ -77,6 +81,7 @@@@
     int argc;
     char ** argv;
 { 
+    int asme = 0;
     int hp =0;
     int some_rest_copy = 0;	
     int all_rest_copy = 0;	
@@@@ -91,6 +96,7 @@@@
     char * cc_target_tag = NULL; 
     char * target_user = NULL;
     char * source_user;
+    char * source_shell;
     
     krb5_ccache cc_source = NULL;
     const char * cc_source_tag = NULL; 
@@@@ -117,6 +123,11 @@@@
     krb5_principal  kdc_server;
     krb5_boolean zero_password;
     char * dir_of_cc_target;     
+
+#ifdef LOGIN_CAP
+    login_cap_t *lc;
+    int setwhat;
+#endif
     
     options.opt = KRB5_DEFAULT_OPTIONS;
     options.lifetime = KRB5_DEFAULT_TKT_LIFE;
@@@@ -181,7 +192,7 @@@@
 	com_err (prog_name, errno, "while setting euid to source user");
 	exit (1);
     }
-    while(!done && ((option = getopt(pargc, pargv,"n:c:r:a:zZDfpkql:e:")) != -1)){
+    while(!done && ((option = getopt(pargc, pargv,"n:c:r:a:zZDfpkmql:e:")) != -1)){
 	switch (option) {
 	case 'r':
 	    options.opt |= KDC_OPT_RENEWABLE;
@@@@ -227,6 +238,9 @@@@
 		errflg++;
 	    }
 	    break;
+	case 'm':
+	    asme = 1;
+	    break;
 	case 'n': 
 	    if ((retval = krb5_parse_name(ksu_context, optarg, &client))){
 		com_err(prog_name, retval, "when parsing name %s", optarg); 
@@@@ -341,6 +355,7 @@@@
     
     /* allocate space and copy the usernamane there */        
     source_user = xstrdup(pwd->pw_name);
+    source_shell = xstrdup(pwd->pw_shell);
     source_uid = pwd->pw_uid;
     source_gid = pwd->pw_gid;
     
@@@@ -672,43 +687,64 @@@@
     /* get the shell of the user, this will be the shell used by su */      
     target_pwd = getpwnam(target_user);
     
-    if (target_pwd->pw_shell)
-	shell = xstrdup(target_pwd->pw_shell);
-    else {
-	shell = _DEF_CSH;  /* default is cshell */   
+    if (asme) {
+	if (source_shell && *source_shell) {
+	    shell = strdup(source_shell);
+	} else {
+	    shell = _DEF_CSH;
+	}
+    } else {
+	if (target_pwd->pw_shell)
+	    shell = strdup(target_pwd->pw_shell);
+	else {
+	    shell = _DEF_CSH;  /* default is cshell */
+	}
     }
     
 #ifdef HAVE_GETUSERSHELL
     
     /* insist that the target login uses a standard shell (root is omited) */ 
     
-    if (!standard_shell(target_pwd->pw_shell) && source_uid) {
-	fprintf(stderr, "ksu: permission denied (shell).\n");
-	sweep_up(ksu_context, cc_target);
-	exit(1);
+    if (asme) {
+	if (!standard_shell(pwd->pw_shell) && source_uid) {
+	    fprintf(stderr, "ksu: permission denied (shell).\n");
+	    sweep_up(ksu_context, cc_target);
+	    exit(1);
+	}
+    } else {
+	if (!standard_shell(target_pwd->pw_shell) && source_uid) {
+	    fprintf(stderr, "ksu: permission denied (shell).\n");
+	    sweep_up(ksu_context, cc_target);
+	    exit(1);
+	}
     }
 #endif /* HAVE_GETUSERSHELL */
     
-    if (target_pwd->pw_uid){
-	
-	if(set_env_var("USER", target_pwd->pw_name)){
+    if (!asme) {
+	if (target_pwd->pw_uid){
+	    if (set_env_var("USER", target_pwd->pw_name)){
+		fprintf(stderr,"ksu: couldn't set environment variable USER\n");
+		sweep_up(ksu_context, cc_target);
+		exit(1);
+	    }
+	}
+    
+	if (set_env_var( "HOME", target_pwd->pw_dir)){
 	    fprintf(stderr,"ksu: couldn't set environment variable USER\n");
 	    sweep_up(ksu_context, cc_target);
 	    exit(1);
-	} 			
-    }	
-    
-    if(set_env_var( "HOME", target_pwd->pw_dir)){
-	fprintf(stderr,"ksu: couldn't set environment variable USER\n");
-	sweep_up(ksu_context, cc_target);
-	exit(1);
-    } 			
+	}
     
-    if(set_env_var( "SHELL", shell)){
-	fprintf(stderr,"ksu: couldn't set environment variable USER\n");
-	sweep_up(ksu_context, cc_target);
-	exit(1);
-    } 			
+	if (set_env_var( "SHELL", shell)){
+	    fprintf(stderr,"ksu: couldn't set environment variable USER\n");
+	    sweep_up(ksu_context, cc_target);
+	    exit(1);
+	}
+    }
+
+#ifdef LOGIN_CAP
+       lc = login_getpwclass(pwd);
+#endif
     
     /* set the cc env name to target */         	
     
@@@@ -718,7 +754,19 @@@@
 	sweep_up(ksu_context, cc_target);
 	exit(1);
     } 			
-    
+   
+#ifdef LOGIN_CAP
+    setwhat = LOGIN_SETUSER|LOGIN_SETGROUP|LOGIN_SETRESOURCES|LOGIN_SETPRIORITY;
+    setwhat |= LOGIN_SETPATH|LOGIN_SETUMASK|LOGIN_SETENV;
+    /*
+     * Don't touch resource/priority settings if -m has been
+     * used or -l and -c hasn't, and we're not su'ing to root.
+     */
+    if (target_pwd->pw_uid)
+	setwhat &= ~(LOGIN_SETPRIORITY|LOGIN_SETRESOURCES);
+    if (setusercontext(lc, target_pwd, target_pwd->pw_uid, setwhat) < 0)
+	err(1, "setusercontext");
+#else
     /* set permissions */
     if (setgid(target_pwd->pw_gid) < 0) {
 	perror("ksu: setgid");
@@@@ -759,6 +807,7 @@@@
 	sweep_up(ksu_context, cc_target);
 	exit(1);
     }   
+#endif
     
     if (access( cc_target_tag_tmp, R_OK | W_OK )){
 	com_err(prog_name, errno,
@


1.8
log
@This forced commit documents the repocopy of the now defunct krb5-17 port
into krb5-appl. This is in preparation of the krb5-1.8.1 commit. Krb5-1.8.1
splits the kdc and libraries from the applications (this port, krb5-appl-1.0).`

PR:		145968
@
text
@@


1.7
log
@This forced commit documents the repocopy of security/krb5 to security/krb5-17
in preparation for inclusion of KRB5 1.7 in the ports collection.

PR:		135290
@
text
@@


1.6
log
@Update 1.2.8 --> 1.3
@
text
@@


1.5
log
@= Modify `ksu' so that it uses the login cap database.  Michael Allman
  <msa@@dinosauricon.com> provided the original patches.

= For users outside of the US, point to www.crypto-publish.org for the
  distfiles.  It was Chris Knight <chris@@aims.com.au>'s idea.

Submitted by:	Cy.Schubert@@uumail.gov.bc.ca (MAINTAINER)
PR:		ports/29865
@
text
@d1 3
a3 4
--- clients/ksu/main.c.orig	Wed Feb 28 14:06:55 2001
+++ clients/ksu/main.c	Thu Sep  6 16:21:46 2001
@@@@ -31,6 +31,10 @@@@
 #include <sys/wait.h>
d5 1
d14 1
a14 1
@@@@ -60,7 +64,7 @@@@
d18 2
a19 2
-	fprintf(stderr, "Usage: %s [target user] [-n principal] [-c source cachename] [-C target cachename] [-k] [-D] [-r time] [-pf] [-l lifetime] [-zZ] [-q] [-e command [args... ] ] [-a [args... ] ]\n", prog_name);
+	fprintf(stderr, "Usage: %s [target user] [-m] [-n principal] [-c source cachename] [-C target cachename] [-k] [-D] [-r time] [-pf] [-l lifetime] [-zZ] [-q] [-e command [args... ] ] [-a [args... ] ]\n", prog_name);
d23 3
a25 3
@@@@ -76,6 +80,7 @@@@
 	int argc;
 	char ** argv;
d27 17
a43 16
+int asme = 0;
 int hp =0;
 int some_rest_copy = 0;	
 int all_rest_copy = 0;	
@@@@ -90,6 +95,7 @@@@
 char * cc_target_tag = NULL; 
 char * target_user = NULL;
 char * source_user;
+char * source_shell;
 
 krb5_ccache cc_source = NULL;
 const char * cc_source_tag = NULL; 
@@@@ -118,6 +124,11 @@@@
 char * dir_of_cc_target;     
 char * dir_of_cc_source; 
 
d45 2
a46 2
+login_cap_t *lc;
+int setwhat;
d48 1
a48 1
+
a50 1
     options.rlife =0; 
d71 18
a88 22
 
 	/* allocate space and copy the usernamane there */        
 	source_user = xstrdup(pwd->pw_name);
+	source_shell = xstrdup(pwd->pw_shell);
 	source_uid = pwd->pw_uid;
 	source_gid = pwd->pw_gid;
 
@@@@ -668,43 +683,64 @@@@
 	/* get the shell of the user, this will be the shell used by su */      
 	target_pwd = getpwnam(target_user);
 
-	if (target_pwd->pw_shell)
-		shell = xstrdup(target_pwd->pw_shell);
-	else {
-		shell = _DEF_CSH;  /* default is cshell */   
-    	}
+	if (asme) {
+		if (source_shell && *source_shell) {
+			shell = strdup(source_shell);
+		} else {
+			shell = _DEF_CSH;
+		}
d90 7
a96 5
+		if (target_pwd->pw_shell)
+			shell = strdup(target_pwd->pw_shell);
+		else {
+			shell = _DEF_CSH;  /* default is cshell */   
+		}
d98 2
a99 1
 
d101 20
a120 20
 
       /* insist that the target login uses a standard shell (root is omited) */ 
 
-       if (!standard_shell(target_pwd->pw_shell) && source_uid) {
-	       fprintf(stderr, "ksu: permission denied (shell).\n");
-	       sweep_up(ksu_context, cc_target);
-	       exit(1);
+	if (asme) {
+		if (!standard_shell(pwd->pw_shell) && source_uid) {
+			fprintf(stderr, "ksu: permission denied (shell).\n");
+			sweep_up(ksu_context, cc_target);
+			exit(1);
+		}
+	} else {
+		if (!standard_shell(target_pwd->pw_shell) && source_uid) {
+			fprintf(stderr, "ksu: permission denied (shell).\n");
+			sweep_up(ksu_context, cc_target);
+			exit(1);
+		}
 	}
d122 2
a123 2
 	
-       if (target_pwd->pw_uid){
d125 33
a157 36
-	      if(set_env_var("USER", target_pwd->pw_name)){
-   		fprintf(stderr,"ksu: couldn't set environment variable USER\n");
-	        sweep_up(ksu_context, cc_target);
-	        exit(1);
-	      } 			
-       }	
+	if (!asme) {
+		if (target_pwd->pw_uid){
+		      if (set_env_var("USER", target_pwd->pw_name)){
+			fprintf(stderr,"ksu: couldn't set environment variable USER\n");
+			sweep_up(ksu_context, cc_target);
+			exit(1);
+		      } 			
+		}
 
-      if(set_env_var( "HOME", target_pwd->pw_dir)){
-		fprintf(stderr,"ksu: couldn't set environment variable USER\n");
-	        sweep_up(ksu_context, cc_target);
-	        exit(1);
-      } 			
+		if (set_env_var( "HOME", target_pwd->pw_dir)){
+			fprintf(stderr,"ksu: couldn't set environment variable USER\n");
+			sweep_up(ksu_context, cc_target);
+			exit(1);
+		}
 
-      if(set_env_var( "SHELL", shell)){
-		fprintf(stderr,"ksu: couldn't set environment variable USER\n");
-	        sweep_up(ksu_context, cc_target);
-	        exit(1);
-      } 			
+		if (set_env_var( "SHELL", shell)){
+			fprintf(stderr,"ksu: couldn't set environment variable USER\n");
+			sweep_up(ksu_context, cc_target);
+			exit(1);
+		} 			
d159 1
d162 1
a162 1
+	lc = login_getpwclass(pwd);
d164 9
a172 8
 
       /* set the cc env name to target */         	
 
@@@@ -714,7 +750,18 @@@@
 	        sweep_up(ksu_context, cc_target);
 	        exit(1);
       } 			
-
d174 10
a183 10
+        setwhat = LOGIN_SETUSER|LOGIN_SETGROUP|LOGIN_SETRESOURCES|LOGIN_SETPRIORITY;
+	setwhat |= LOGIN_SETPATH|LOGIN_SETUMASK|LOGIN_SETENV;
+	/*
+	 * Don't touch resource/priority settings if -m has been
+	 * used or -l and -c hasn't, and we're not su'ing to root.
+	 */
+        if (target_pwd->pw_uid)
+		setwhat &= ~(LOGIN_SETPRIORITY|LOGIN_SETRESOURCES);
+	if (setusercontext(lc, target_pwd, target_pwd->pw_uid, setwhat) < 0)
+		err(1, "setusercontext");
d185 7
a191 9
    	/* set permissions */
         if (setgid(target_pwd->pw_gid) < 0) {
 		   perror("ksu: setgid");
@@@@ -754,7 +801,8 @@@@
 		   perror("ksu: setuid");
 	           sweep_up(ksu_context, cc_target);
 		   exit(1);
-       }   
+       }
d193 3
a195 3
 
        if (access( cc_target_tag_tmp, R_OK | W_OK )){
               com_err(prog_name, errno,
@


1.4
log
@Update 1.1.1 -> 1.2
@
text
@d1 14
a14 3
--- clients/ksu/main.c.ORIG	Fri Dec 17 14:44:39 1999
+++ clients/ksu/main.c	Fri Dec 17 18:52:57 1999
@@@@ -60,6 +60,6 @@@@
d22 2
a23 1
@@@@ -76,6 +76,7 @@@@
d31 1
a31 1
@@@@ -90,6 +91,7 @@@@
d39 16
a54 2
@@@@ -183,5 +185,5 @@@@
         }
d60 1
a60 1
@@@@ -227,6 +229,9 @@@@
d70 1
a70 1
@@@@ -341,6 +341,7 @@@@
d78 1
a78 1
@@@@ -669,44 +675,61 @@@@
a79 1

a131 12
-
-      if(set_env_var( "HOME", target_pwd->pw_dir)){
-		fprintf(stderr,"ksu: couldn't set environment variable USER\n");
-	        sweep_up(ksu_context, cc_target);
-	        exit(1);
-      } 			
-
-      if(set_env_var( "SHELL", shell)){
-		fprintf(stderr,"ksu: couldn't set environment variable USER\n");
-	        sweep_up(ksu_context, cc_target);
-	        exit(1);
-      } 			
d140 6
a145 1
+
d151 6
a156 1
+
d163 4
d170 30
@


1.3
log
@Update 1.1 -> 1.1.1
@
text
@d3 1
a3 1
@@@@ -56,7 +56,7 @@@@
a8 1
 
d11 1
a11 1
@@@@ -75,6 +75,7 @@@@
d27 1
a27 1
@@@@ -173,7 +175,7 @@@@
a28 2
 
 
d34 1
a34 1
@@@@ -219,6 +221,9 @@@@
d44 1
a44 1
@@@@ -326,6 +331,7 @@@@
d52 1
a52 1
@@@@ -699,43 +705,60 @@@@
d54 1
d82 1
a82 1
-	       sweep_up(ksu_context, use_source_cache, cc_target);
d87 1
a87 1
+			sweep_up(ksu_context, use_source_cache, cc_target);
d93 1
a93 1
+			sweep_up(ksu_context, use_source_cache, cc_target);
d103 1
a103 1
-	        sweep_up(ksu_context, use_source_cache, cc_target);
d110 1
a110 1
-	        sweep_up(ksu_context, use_source_cache, cc_target);
d116 1
a116 1
-	        sweep_up(ksu_context, use_source_cache, cc_target);
d123 1
a123 1
+			sweep_up(ksu_context, use_source_cache, cc_target);
d130 1
a130 1
+			sweep_up(ksu_context, use_source_cache, cc_target);
d136 1
a136 1
+			sweep_up(ksu_context, use_source_cache, cc_target);
@


1.2
log
@Update 1.0.6 -> 1.1
@
text
@d1 144
a144 194
*** clients/ksu/main.c.ORIG	Fri Feb  6 19:41:57 1998
--- clients/ksu/main.c	Tue Jun 30 19:46:02 1998
***************
*** 56,62 ****
     ill specified arguments to commands */        
  
  void usage (){
! 	fprintf(stderr, "Usage: %s [target user] [-n principal] [-c source cachename] [-C target cachename] [-k] [-D] [-r time] [-pf] [-l lifetime] [-zZ] [-q] [-e command [args... ] ] [-a [args... ] ]\n", prog_name);
  
  }
  
--- 56,62 ----
     ill specified arguments to commands */        
  
  void usage (){
! 	fprintf(stderr, "Usage: %s [target user] [-m] [-n principal] [-c source cachename] [-C target cachename] [-k] [-D] [-r time] [-pf] [-l lifetime] [-zZ] [-q] [-e command [args... ] ] [-a [args... ] ]\n", prog_name);
  
  }
  
***************
*** 75,80 ****
--- 75,81 ----
  	int argc;
  	char ** argv;
  { 
+ int asme = 0;
  int hp =0;
  int some_rest_copy = 0;	
  int all_rest_copy = 0;	
***************
*** 90,95 ****
--- 91,97 ----
  char * cc_target_tag = NULL; 
  char * target_user = NULL;
  char * source_user;
+ char * source_shell;
  
  krb5_ccache cc_source = NULL;
  char * cc_source_tag = NULL; 
***************
*** 174,180 ****
          }
  
  
!     while(!done && ((option = getopt(pargc, pargv,"n:c:C:r:a:zZDfpkql:e:")) != -1)){
  	switch (option) {
  	case 'r':
  	    options.opt |= KDC_OPT_RENEWABLE;
--- 176,182 ----
          }
  
  
!     while(!done && ((option = getopt(pargc, pargv,"n:c:C:r:a:zZDfpkmql:e:")) != -1)){
  	switch (option) {
  	case 'r':
  	    options.opt |= KDC_OPT_RENEWABLE;
***************
*** 216,221 ****
--- 218,226 ----
  		errflg++;
  	    }
  	    break;
+ 	case 'm':
+ 	    asme = 1;
+ 	    break;
  	case 'n': 
  	    if ((retval = krb5_parse_name(ksu_context, optarg, &client))){
  		com_err(prog_name, retval, "when parsing name %s", optarg); 
***************
*** 355,362 ****
      		exit(1);
  	}
  
! 	/* allocate space and copy the usernamane there */        
  	source_user = strdup(pwd->pw_name);
  	source_uid = pwd->pw_uid;
  	source_gid = pwd->pw_gid;
  
--- 360,368 ----
      		exit(1);
  	}
  
! 	/* allocate space and copy the username there */        
  	source_user = strdup(pwd->pw_name);
+ 	source_shell = strdup(pwd->pw_shell);
  	source_uid = pwd->pw_uid;
  	source_gid = pwd->pw_gid;
  
***************
*** 727,769 ****
  	/* get the shell of the user, this will be the shell used by su */      
  	target_pwd = getpwnam(target_user);
  
! 	if (target_pwd->pw_shell)
! 		shell = strdup(target_pwd->pw_shell);
! 	else {
! 		shell = _DEF_CSH;  /* default is cshell */   
!     	}
  
  #ifdef HAVE_GETUSERSHELL
  
        /* insist that the target login uses a standard shell (root is omited) */ 
  
!        if (!standard_shell(target_pwd->pw_shell) && source_uid) {
! 	       fprintf(stderr, "ksu: permission denied (shell).\n");
! 	       sweep_up(ksu_context, use_source_cache, cc_target);
! 	       exit(1);
  	}
  #endif /* HAVE_GETUSERSHELL */
  	
!        if (target_pwd->pw_uid){
! 	
! 	      if(set_env_var("USER", target_pwd->pw_name)){
!    		fprintf(stderr,"ksu: couldn't set environment variable USER\n");
! 	        sweep_up(ksu_context, use_source_cache, cc_target);
! 	        exit(1);
! 	      } 			
!        }	
! 
!       if(set_env_var( "HOME", target_pwd->pw_dir)){
! 		fprintf(stderr,"ksu: couldn't set environment variable USER\n");
! 	        sweep_up(ksu_context, use_source_cache, cc_target);
! 	        exit(1);
!       } 			
! 
!       if(set_env_var( "SHELL", shell)){
! 		fprintf(stderr,"ksu: couldn't set environment variable USER\n");
! 	        sweep_up(ksu_context, use_source_cache, cc_target);
! 	        exit(1);
!       } 			
  
        /* set the cc env name to target */         	
  
--- 733,792 ----
  	/* get the shell of the user, this will be the shell used by su */      
  	target_pwd = getpwnam(target_user);
  
! 	if (asme) {
! 		if (source_shell && *source_shell) {
! 			shell = strdup(source_shell);
! 		} else {
! 			shell = _DEF_CSH;
! 		}
! 	} else {
! 		if (target_pwd->pw_shell)
! 			shell = strdup(target_pwd->pw_shell);
! 		else {
! 			shell = _DEF_CSH;  /* default is cshell */   
! 		}
! 	}
  
  #ifdef HAVE_GETUSERSHELL
  
        /* insist that the target login uses a standard shell (root is omited) */ 
  
! 	if (asme) {
! 		if (!standard_shell(pwd->pw_shell) && source_uid) {
! 			fprintf(stderr, "ksu: permission denied (shell).\n");
! 			sweep_up(ksu_context, use_source_cache, cc_target);
! 			exit(1);
! 		}
! 	} else {
! 		if (!standard_shell(target_pwd->pw_shell) && source_uid) {
! 			fprintf(stderr, "ksu: permission denied (shell).\n");
! 			sweep_up(ksu_context, use_source_cache, cc_target);
! 			exit(1);
! 		}
  	}
  #endif /* HAVE_GETUSERSHELL */
  	
! 	if (!asme) {
! 		if (target_pwd->pw_uid){
! 		      if (set_env_var("USER", target_pwd->pw_name)){
! 			fprintf(stderr,"ksu: couldn't set environment variable USER\n");
! 			sweep_up(ksu_context, use_source_cache, cc_target);
! 			exit(1);
! 		      } 			
! 		}
! 
! 		if (set_env_var( "HOME", target_pwd->pw_dir)){
! 			fprintf(stderr,"ksu: couldn't set environment variable USER\n");
! 			sweep_up(ksu_context, use_source_cache, cc_target);
! 			exit(1);
! 		}
! 
! 		if (set_env_var( "SHELL", shell)){
! 			fprintf(stderr,"ksu: couldn't set environment variable USER\n");
! 			sweep_up(ksu_context, use_source_cache, cc_target);
! 			exit(1);
! 		} 			
! 	}
  
        /* set the cc env name to target */         	
  
@


1.1
log
@Additional patches (already committed to krb5-current):
* Paths corrected in applications
* ftpd now logs to facility LOG_FTP
* use openpty to obtain pseudo-terminal
* corrected detection of TCL libraries
* fix a forwarding bug
* add -m flag to ksu (preserve USER, HOME, SHELL)
* cosmetic bug fix to telnet.c
Submitted by:	Dima Ruban <dima@@best.net>
@
text
@d45 1
a45 1
!     while(!done && ((option = getopt(pargc, pargv,"n:c:C:r:a:zZDfpkql:e:")) != EOF)){
d53 1
a53 1
!     while(!done && ((option = getopt(pargc, pargv,"n:c:C:r:a:zZDfpkmql:e:")) != EOF)){
@

