head	1.10;
access;
symbols
	RELEASE_5_1_0:1.7
	RELEASE_4_8_0:1.7
	RELEASE_5_0_0:1.7
	RELEASE_4_7_0:1.5;
locks; strict;
comment	@# @;


1.10
date	2004.02.28.21.37.17;	author cy;	state dead;
branches;
next	1.9;

1.9
date	2004.01.26.04.10.56;	author cy;	state Exp;
branches;
next	1.8;

1.8
date	2003.08.08.01.42.00;	author cy;	state dead;
branches;
next	1.7;

1.7
date	2002.11.05.06.51.28;	author cy;	state Exp;
branches;
next	1.6;

1.6
date	2002.10.15.04.25.18;	author cy;	state dead;
branches;
next	1.5;

1.5
date	2002.08.20.21.25.23;	author cy;	state Exp;
branches;
next	1.4;

1.4
date	2002.05.14.21.35.13;	author cy;	state dead;
branches;
next	1.3;

1.3
date	2002.04.13.16.33.14;	author cy;	state Exp;
branches;
next	1.2;

1.2
date	2002.03.08.14.38.43;	author cy;	state dead;
branches;
next	1.1;

1.1
date	2002.02.10.22.45.28;	author cy;	state Exp;
branches;
next	;


desc
@@


1.10
log
@MIT KRB5 1.3.2 has been released. Remove the beta.
@
text
@--- clients/ksu/main.c.orig	Wed Aug 14 12:14:49 2002
+++ clients/ksu/main.c	Tue Jul 29 18:46:00 2003
@@@@ -32,6 +32,10 @@@@
 #include <signal.h>
 #include <grp.h>
 
+#ifdef LOGIN_CAP
+#include <login_cap.h>
+#endif
+
 /* globals */
 char * prog_name;
 int auth_debug =0;     
@@@@ -61,7 +65,7 @@@@
    ill specified arguments to commands */        
 
 void usage (){
-    fprintf(stderr, "Usage: %s [target user] [-n principal] [-c source cachename] [-k] [-D] [-r time] [-pf] [-l lifetime] [-zZ] [-q] [-e command [args... ] ] [-a [args... ] ]\n", prog_name);
+    fprintf(stderr, "Usage: %s [target user] [-m] [-n principal] [-c source cachename] [-C target cachename] [-k] [-D] [-r time] [-pf] [-l lifetime] [-zZ] [-q] [-e command [args... ] ] [-a [args... ] ]\n", prog_name);
 }
 
 /* for Ultrix and friends ... */
@@@@ -77,6 +81,7 @@@@
     int argc;
     char ** argv;
 { 
+    int asme = 0;
     int hp =0;
     int some_rest_copy = 0;	
     int all_rest_copy = 0;	
@@@@ -91,6 +96,7 @@@@
     char * cc_target_tag = NULL; 
     char * target_user = NULL;
     char * source_user;
+    char * source_shell;
     
     krb5_ccache cc_source = NULL;
     const char * cc_source_tag = NULL; 
@@@@ -117,6 +123,11 @@@@
     krb5_principal  kdc_server;
     krb5_boolean zero_password;
     char * dir_of_cc_target;     
+
+#ifdef LOGIN_CAP
+    login_cap_t *lc;
+    int setwhat;
+#endif
     
     options.opt = KRB5_DEFAULT_OPTIONS;
     options.lifetime = KRB5_DEFAULT_TKT_LIFE;
@@@@ -181,7 +192,7 @@@@
 	com_err (prog_name, errno, "while setting euid to source user");
 	exit (1);
     }
-    while(!done && ((option = getopt(pargc, pargv,"n:c:r:a:zZDfpkql:e:")) != -1)){
+    while(!done && ((option = getopt(pargc, pargv,"n:c:r:a:zZDfpkmql:e:")) != -1)){
 	switch (option) {
 	case 'r':
 	    options.opt |= KDC_OPT_RENEWABLE;
@@@@ -227,6 +238,9 @@@@
 		errflg++;
 	    }
 	    break;
+	case 'm':
+	    asme = 1;
+	    break;
 	case 'n': 
 	    if ((retval = krb5_parse_name(ksu_context, optarg, &client))){
 		com_err(prog_name, retval, "when parsing name %s", optarg); 
@@@@ -341,6 +355,7 @@@@
     
     /* allocate space and copy the usernamane there */        
     source_user = xstrdup(pwd->pw_name);
+    source_shell = xstrdup(pwd->pw_shell);
     source_uid = pwd->pw_uid;
     source_gid = pwd->pw_gid;
     
@@@@ -672,43 +687,64 @@@@
     /* get the shell of the user, this will be the shell used by su */      
     target_pwd = getpwnam(target_user);
     
-    if (target_pwd->pw_shell)
-	shell = xstrdup(target_pwd->pw_shell);
-    else {
-	shell = _DEF_CSH;  /* default is cshell */   
+    if (asme) {
+	if (source_shell && *source_shell) {
+	    shell = strdup(source_shell);
+	} else {
+	    shell = _DEF_CSH;
+	}
+    } else {
+	if (target_pwd->pw_shell)
+	    shell = strdup(target_pwd->pw_shell);
+	else {
+	    shell = _DEF_CSH;  /* default is cshell */
+	}
     }
     
 #ifdef HAVE_GETUSERSHELL
     
     /* insist that the target login uses a standard shell (root is omited) */ 
     
-    if (!standard_shell(target_pwd->pw_shell) && source_uid) {
-	fprintf(stderr, "ksu: permission denied (shell).\n");
-	sweep_up(ksu_context, cc_target);
-	exit(1);
+    if (asme) {
+	if (!standard_shell(pwd->pw_shell) && source_uid) {
+	    fprintf(stderr, "ksu: permission denied (shell).\n");
+	    sweep_up(ksu_context, cc_target);
+	    exit(1);
+	}
+    } else {
+	if (!standard_shell(target_pwd->pw_shell) && source_uid) {
+	    fprintf(stderr, "ksu: permission denied (shell).\n");
+	    sweep_up(ksu_context, cc_target);
+	    exit(1);
+	}
     }
 #endif /* HAVE_GETUSERSHELL */
     
-    if (target_pwd->pw_uid){
-	
-	if(set_env_var("USER", target_pwd->pw_name)){
+    if (!asme) {
+	if (target_pwd->pw_uid){
+	    if (set_env_var("USER", target_pwd->pw_name)){
+		fprintf(stderr,"ksu: couldn't set environment variable USER\n");
+		sweep_up(ksu_context, cc_target);
+		exit(1);
+	    }
+	}
+    
+	if (set_env_var( "HOME", target_pwd->pw_dir)){
 	    fprintf(stderr,"ksu: couldn't set environment variable USER\n");
 	    sweep_up(ksu_context, cc_target);
 	    exit(1);
-	} 			
-    }	
-    
-    if(set_env_var( "HOME", target_pwd->pw_dir)){
-	fprintf(stderr,"ksu: couldn't set environment variable USER\n");
-	sweep_up(ksu_context, cc_target);
-	exit(1);
-    } 			
+	}
     
-    if(set_env_var( "SHELL", shell)){
-	fprintf(stderr,"ksu: couldn't set environment variable USER\n");
-	sweep_up(ksu_context, cc_target);
-	exit(1);
-    } 			
+	if (set_env_var( "SHELL", shell)){
+	    fprintf(stderr,"ksu: couldn't set environment variable USER\n");
+	    sweep_up(ksu_context, cc_target);
+	    exit(1);
+	}
+    }
+
+#ifdef LOGIN_CAP
+       lc = login_getpwclass(pwd);
+#endif
     
     /* set the cc env name to target */         	
     
@@@@ -718,7 +754,19 @@@@
 	sweep_up(ksu_context, cc_target);
 	exit(1);
     } 			
-    
+   
+#ifdef LOGIN_CAP
+    setwhat = LOGIN_SETUSER|LOGIN_SETGROUP|LOGIN_SETRESOURCES|LOGIN_SETPRIORITY;
+    setwhat |= LOGIN_SETPATH|LOGIN_SETUMASK|LOGIN_SETENV;
+    /*
+     * Don't touch resource/priority settings if -m has been
+     * used or -l and -c hasn't, and we're not su'ing to root.
+     */
+    if (target_pwd->pw_uid)
+	setwhat &= ~(LOGIN_SETPRIORITY|LOGIN_SETRESOURCES);
+    if (setusercontext(lc, target_pwd, target_pwd->pw_uid, setwhat) < 0)
+	err(1, "setusercontext");
+#else
     /* set permissions */
     if (setgid(target_pwd->pw_gid) < 0) {
 	perror("ksu: setgid");
@@@@ -759,6 +807,7 @@@@
 	sweep_up(ksu_context, cc_target);
 	exit(1);
     }   
+#endif
     
     if (access( cc_target_tag_tmp, R_OK | W_OK )){
 	com_err(prog_name, errno,
@


1.9
log
@Brand new MIT KRB5 beta.
@
text
@@


1.8
log
@MIT KRB5 1.3 has been released. Remove the beta.
@
text
@d1 3
a3 4
--- clients/ksu/main.c.orig	Wed Feb 28 14:06:55 2001
+++ clients/ksu/main.c	Thu Sep  6 16:21:46 2001
@@@@ -31,6 +31,10 @@@@
 #include <sys/wait.h>
d5 1
d14 1
a14 1
@@@@ -60,7 +64,7 @@@@
d18 2
a19 2
-	fprintf(stderr, "Usage: %s [target user] [-n principal] [-c source cachename] [-C target cachename] [-k] [-D] [-r time] [-pf] [-l lifetime] [-zZ] [-q] [-e command [args... ] ] [-a [args... ] ]\n", prog_name);
+	fprintf(stderr, "Usage: %s [target user] [-m] [-n principal] [-c source cachename] [-C target cachename] [-k] [-D] [-r time] [-pf] [-l lifetime] [-zZ] [-q] [-e command [args... ] ] [-a [args... ] ]\n", prog_name);
d23 3
a25 3
@@@@ -76,6 +80,7 @@@@
 	int argc;
 	char ** argv;
d27 17
a43 16
+int asme = 0;
 int hp =0;
 int some_rest_copy = 0;	
 int all_rest_copy = 0;	
@@@@ -90,6 +95,7 @@@@
 char * cc_target_tag = NULL; 
 char * target_user = NULL;
 char * source_user;
+char * source_shell;
 
 krb5_ccache cc_source = NULL;
 const char * cc_source_tag = NULL; 
@@@@ -118,6 +124,11 @@@@
 char * dir_of_cc_target;     
 char * dir_of_cc_source; 
 
d45 2
a46 2
+login_cap_t *lc;
+int setwhat;
d48 1
a48 1
+
a50 1
     options.rlife =0; 
d71 18
a88 22
 
 	/* allocate space and copy the usernamane there */        
 	source_user = xstrdup(pwd->pw_name);
+	source_shell = xstrdup(pwd->pw_shell);
 	source_uid = pwd->pw_uid;
 	source_gid = pwd->pw_gid;
 
@@@@ -668,43 +683,64 @@@@
 	/* get the shell of the user, this will be the shell used by su */      
 	target_pwd = getpwnam(target_user);
 
-	if (target_pwd->pw_shell)
-		shell = xstrdup(target_pwd->pw_shell);
-	else {
-		shell = _DEF_CSH;  /* default is cshell */   
-    	}
+	if (asme) {
+		if (source_shell && *source_shell) {
+			shell = strdup(source_shell);
+		} else {
+			shell = _DEF_CSH;
+		}
d90 7
a96 5
+		if (target_pwd->pw_shell)
+			shell = strdup(target_pwd->pw_shell);
+		else {
+			shell = _DEF_CSH;  /* default is cshell */   
+		}
d98 2
a99 1
 
d101 20
a120 20
 
       /* insist that the target login uses a standard shell (root is omited) */ 
 
-       if (!standard_shell(target_pwd->pw_shell) && source_uid) {
-	       fprintf(stderr, "ksu: permission denied (shell).\n");
-	       sweep_up(ksu_context, cc_target);
-	       exit(1);
+	if (asme) {
+		if (!standard_shell(pwd->pw_shell) && source_uid) {
+			fprintf(stderr, "ksu: permission denied (shell).\n");
+			sweep_up(ksu_context, cc_target);
+			exit(1);
+		}
+	} else {
+		if (!standard_shell(target_pwd->pw_shell) && source_uid) {
+			fprintf(stderr, "ksu: permission denied (shell).\n");
+			sweep_up(ksu_context, cc_target);
+			exit(1);
+		}
 	}
d122 2
a123 2
 	
-       if (target_pwd->pw_uid){
d125 33
a157 36
-	      if(set_env_var("USER", target_pwd->pw_name)){
-   		fprintf(stderr,"ksu: couldn't set environment variable USER\n");
-	        sweep_up(ksu_context, cc_target);
-	        exit(1);
-	      } 			
-       }	
+	if (!asme) {
+		if (target_pwd->pw_uid){
+		      if (set_env_var("USER", target_pwd->pw_name)){
+			fprintf(stderr,"ksu: couldn't set environment variable USER\n");
+			sweep_up(ksu_context, cc_target);
+			exit(1);
+		      } 			
+		}
 
-      if(set_env_var( "HOME", target_pwd->pw_dir)){
-		fprintf(stderr,"ksu: couldn't set environment variable USER\n");
-	        sweep_up(ksu_context, cc_target);
-	        exit(1);
-      } 			
+		if (set_env_var( "HOME", target_pwd->pw_dir)){
+			fprintf(stderr,"ksu: couldn't set environment variable USER\n");
+			sweep_up(ksu_context, cc_target);
+			exit(1);
+		}
 
-      if(set_env_var( "SHELL", shell)){
-		fprintf(stderr,"ksu: couldn't set environment variable USER\n");
-	        sweep_up(ksu_context, cc_target);
-	        exit(1);
-      } 			
+		if (set_env_var( "SHELL", shell)){
+			fprintf(stderr,"ksu: couldn't set environment variable USER\n");
+			sweep_up(ksu_context, cc_target);
+			exit(1);
+		} 			
d159 1
d162 1
a162 1
+	lc = login_getpwclass(pwd);
d164 9
a172 8
 
       /* set the cc env name to target */         	
 
@@@@ -714,7 +750,18 @@@@
 	        sweep_up(ksu_context, cc_target);
 	        exit(1);
       } 			
-
d174 10
a183 10
+        setwhat = LOGIN_SETUSER|LOGIN_SETGROUP|LOGIN_SETRESOURCES|LOGIN_SETPRIORITY;
+	setwhat |= LOGIN_SETPATH|LOGIN_SETUMASK|LOGIN_SETENV;
+	/*
+	 * Don't touch resource/priority settings if -m has been
+	 * used or -l and -c hasn't, and we're not su'ing to root.
+	 */
+        if (target_pwd->pw_uid)
+		setwhat &= ~(LOGIN_SETPRIORITY|LOGIN_SETRESOURCES);
+	if (setusercontext(lc, target_pwd, target_pwd->pw_uid, setwhat) < 0)
+		err(1, "setusercontext");
d185 7
a191 9
    	/* set permissions */
         if (setgid(target_pwd->pw_gid) < 0) {
 		   perror("ksu: setgid");
@@@@ -754,7 +801,8 @@@@
 		   perror("ksu: setuid");
 	           sweep_up(ksu_context, cc_target);
 		   exit(1);
-       }   
+       }
d193 3
a195 3
 
        if (access( cc_target_tag_tmp, R_OK | W_OK )){
               com_err(prog_name, errno,
@


1.7
log
@New MIT Kerberos V beta, version 1.2.7-beta1.
@
text
@@


1.6
log
@MIT KRB5 1.2.6 has been GA for some time. Remove the beta.
@
text
@@


1.5
log
@New MIT Kerberos V beta, V 1.2.6-beta1.
@
text
@@


1.4
log
@Removing krb5-beta port.  As krb5-1.2.5 went GA 14 days ago, krb5-beta
is not relevant at this time.
@
text
@@


1.3
log
@New MIT Kerberos V beta, V 1.2.5-beta1.
@
text
@@


1.2
log
@Removing krb5-beta port.  Krb5-beta is a "test" port to allow FreeBSD users
the opportunity to use/test the upcoming krb5 before it is released.
Krb5-1.2.4 was released over a week ago superceeding this port.  This port
will be resurrected when a new krb5-beta becomes available.
@
text
@@


1.1
log
@New port, Kerberos V 1.2.4-beta1.
@
text
@@

