From djm@web.us.uu.net Fri Apr 14 12:12:19 2000
Received: from MIT.EDU (PACIFIC-CARRIER-ANNEX.MIT.EDU [18.69.0.28])
by rt-11.mit.edu (8.9.3/8.9.3) with SMTP id MAA03129
for <bugs@RT-11.MIT.EDU>; Fri, 14 Apr 2000 12:12:18 -0400 (EDT)
Received: from jenkins.web.us.uu.net by MIT.EDU with SMTP
id AA02891; Fri, 14 Apr 00 12:14:09 EDT
Received: from dagger.web.us.uu.net by jenkins.web.us.uu.net with ESMTP
(peer crosschecked as: dagger.web.us.uu.net [208.211.134.28])
id MAA11529; Fri, 14 Apr 2000 12:12:15 -0400 (EDT)
Received: by dagger.web.us.uu.net
id MAA28324; Fri, 14 Apr 2000 12:11:52 -0400
Message-Id: <MAA28324.200004141611@dagger.web.us.uu.net>
Date: Fri, 14 Apr 2000 12:11:52 -0400
From: djm@web.us.uu.net (David J. MacKenzie)
Reply-To: djm@web.us.uu.net
To: krb5-bugs@MIT.EDU
Cc: djm@web.us.uu.net
Subject: addition of ksu -m option
X-Send-Pr-Version: 3.99
Architecture: i686
is missing from the krb5 ksu: the -m option, which allows
the use of the person's own login shell, dot files and environment.
--- /homes/elves/djm/src/krb5-1.1.1/src/clients/ksu/ksu.M Fri Dec 17 15:44:39 1999
+++ src/clients/ksu/ksu.M Tue Mar 28 02:02:06 2000
@@ -42,6 +42,8 @@
] [
.B \-k
] [
+.B \-m
+] [
.B \-D
] [
.B \-r
@@ -159,7 +161,11 @@
.SH EXECUTION OF THE TARGET SHELL
Upon successful authentication and authorization, ksu
proceeds in a similar fashion to su. The environment
-is unmodified with the exception of USER, HOME and SHELL variables.
+is unmodified with the exception
+(unless ksu is invoked with the
+.B \-m
+option)
+of the USER, HOME and SHELL variables.
If the target user is not root, USER gets set to the target user
name. Otherwise USER remains unchanged. Both HOME and SHELL are
set to the target login's default values.
--- /homes/elves/djm/src/krb5-1.1.1/src/clients/ksu/main.c Fri Dec 17 15:44:39 1999
+++ src/clients/ksu/main.c Tue Mar 28 02:05:48 2000
@@ -56,7 +56,7 @@
ill specified arguments to commands */
void usage (){
- fprintf(stderr, "Usage: %s [target user] [-n principal] [-c source cachename] [-C target cachename] [-k] [-D] [-r time] [-pf] [-l lifetime] [-zZ] [-q] [-e command [args... ] ] [-a [args... ] ]\n", prog_name);
+ fprintf(stderr, "Usage: %s [target user] [-n principal] [-c source cachename] [-C target cachename] [-k] [-m] [-D] [-r time] [-pf] [-l lifetime] [-zZ] [-q] [-e command [args... ] ] [-a [args... ] ]\n", prog_name);
}
@@ -83,6 +83,7 @@
int option=0;
int statusp=0;
int use_source_cache = 0;
+int asme = 0;
krb5_error_code retval = 0;
krb5_principal client = NULL;
krb5_ccache cc_target = NULL;
@@ -173,7 +174,7 @@
}
- while(!done && ((option = getopt(pargc, pargv,"n:c:r:a:zZDfpkql:e:")) != -1)){
+ while(!done && ((option = getopt(pargc, pargv,"n:c:r:a:zZDfpkql:e:m")) != -1)){
switch (option) {
case 'r':
options.opt |= KDC_OPT_RENEWABLE;
@@ -219,6 +220,11 @@
errflg++;
}
break;
+#ifdef HAVE_GETUSERSHELL
+ case 'm':
+ asme = 1;
+ break;
+#endif
case 'n':
if ((retval = krb5_parse_name(ksu_context, optarg, &client))){
com_err(prog_name, retval, "when parsing name %s", optarg);
@@ -329,6 +335,15 @@
source_uid = pwd->pw_uid;
source_gid = pwd->pw_gid;
+#ifdef HAVE_GETUSERSHELL
+ if (asme) {
+ if (pwd->pw_shell)
+ shell = strdup(pwd->pw_shell);
+ else {
+ shell = _DEF_CSH; /* default is cshell */
+ }
+ }
+#endif
if (!strcmp(SOURCE_USER_LOGIN, target_user)){
target_user = xstrdup (source_user);
@@ -371,6 +386,19 @@
exit(1);
}
}
+
+ if (options.princ == 0 && target_uid == 0 && source_uid != 0) {
+ char *source_princ = xmalloc(strlen(source_user) + 6);
+ sprintf(source_princ, "%s/root", source_user);
+
+ if ((retval = krb5_parse_name(ksu_context, source_princ, &client))){
+ com_err(prog_name, retval, "when parsing name %s", source_princ);
+ errflg++;
+ }
+ free(source_princ);
+ options.princ = 1;
+ }
+
if ((retval = get_best_princ_for_target(ksu_context, source_uid,
target_uid, source_user, target_user, cc_source,
&options, cmd, localhostname, &client, &hp))){
@@ -699,11 +729,13 @@
/* get the shell of the user, this will be the shell used by su */
target_pwd = getpwnam(target_user);
+ if (!asme) {
if (target_pwd->pw_shell)
shell = xstrdup(target_pwd->pw_shell);
else {
shell = _DEF_CSH; /* default is cshell */
}
+ }
#ifdef HAVE_GETUSERSHELL
@@ -716,6 +748,7 @@
}
#endif /* HAVE_GETUSERSHELL */
+ if (!asme) {
if (target_pwd->pw_uid){
if(set_env_var("USER", target_pwd->pw_name)){
@@ -736,6 +769,7 @@
sweep_up(ksu_context, use_source_cache, cc_target);
exit(1);
}
+ }
/* set the cc env name to target */
From: "David J. MacKenzie" <djm@web.us.uu.net>
To: krb5-bugs@MIT.EDU, krb5-unassigned@rt-11.mit.edu
Cc: Subject: Re: krb5-clients/837: addition of ksu -m option
Date: Fri, 14 Apr 2000 13:09:09 -0400
Errata: I accidentally included an unrelated hunk in the diff.
The part that deals with the principal name should have only
been included in bug report krb5-clients/839, so please
disregard it in this report.
Received: from MIT.EDU (PACIFIC-CARRIER-ANNEX.MIT.EDU [18.69.0.28])
by rt-11.mit.edu (8.9.3/8.9.3) with SMTP id MAA03129
for <bugs@RT-11.MIT.EDU>; Fri, 14 Apr 2000 12:12:18 -0400 (EDT)
Received: from jenkins.web.us.uu.net by MIT.EDU with SMTP
id AA02891; Fri, 14 Apr 00 12:14:09 EDT
Received: from dagger.web.us.uu.net by jenkins.web.us.uu.net with ESMTP
(peer crosschecked as: dagger.web.us.uu.net [208.211.134.28])
id MAA11529; Fri, 14 Apr 2000 12:12:15 -0400 (EDT)
Received: by dagger.web.us.uu.net
id MAA28324; Fri, 14 Apr 2000 12:11:52 -0400
Message-Id: <MAA28324.200004141611@dagger.web.us.uu.net>
Date: Fri, 14 Apr 2000 12:11:52 -0400
From: djm@web.us.uu.net (David J. MacKenzie)
Reply-To: djm@web.us.uu.net
To: krb5-bugs@MIT.EDU
Cc: djm@web.us.uu.net
Subject: addition of ksu -m option
X-Send-Pr-Version: 3.99
Show quoted text
>Number: 837
>Category: krb5-clients
>Synopsis: krb5 ksu lacks the "as me" option
>Confidential: no
>Severity: non-critical
>Priority: medium
>Responsible: krb5-unassigned
>State: open
>Class: change-request
>Submitter-Id: unknown
>Arrival-Date: Fri Apr 14 12:13:00 EDT 2000
>Last-Modified: Fri Apr 14 13:10:00 EDT 2000
>Originator: David MacKenzie
>Organization:
UUNET Technologies>Category: krb5-clients
>Synopsis: krb5 ksu lacks the "as me" option
>Confidential: no
>Severity: non-critical
>Priority: medium
>Responsible: krb5-unassigned
>State: open
>Class: change-request
>Submitter-Id: unknown
>Arrival-Date: Fri Apr 14 12:13:00 EDT 2000
>Last-Modified: Fri Apr 14 13:10:00 EDT 2000
>Originator: David MacKenzie
>Organization:
Show quoted text
>Release: krb5-1.1.1
>Environment:
System: Linux dagger.web.us.uu.net 2.2.14-15mdk #2 Sat Mar 11 19:32:26 EST 2000 i686 unknown>Environment:
Architecture: i686
Show quoted text
>Description:
The BSD and GNU/Linux su programs have a helpful feature thatis missing from the krb5 ksu: the -m option, which allows
the use of the person's own login shell, dot files and environment.
Show quoted text
>How-To-Repeat:
ksu -m Show quoted text
>Fix:
--- /homes/elves/djm/src/krb5-1.1.1/src/clients/ksu/ksu.M Fri Dec 17 15:44:39 1999
+++ src/clients/ksu/ksu.M Tue Mar 28 02:02:06 2000
@@ -42,6 +42,8 @@
] [
.B \-k
] [
+.B \-m
+] [
.B \-D
] [
.B \-r
@@ -159,7 +161,11 @@
.SH EXECUTION OF THE TARGET SHELL
Upon successful authentication and authorization, ksu
proceeds in a similar fashion to su. The environment
-is unmodified with the exception of USER, HOME and SHELL variables.
+is unmodified with the exception
+(unless ksu is invoked with the
+.B \-m
+option)
+of the USER, HOME and SHELL variables.
If the target user is not root, USER gets set to the target user
name. Otherwise USER remains unchanged. Both HOME and SHELL are
set to the target login's default values.
--- /homes/elves/djm/src/krb5-1.1.1/src/clients/ksu/main.c Fri Dec 17 15:44:39 1999
+++ src/clients/ksu/main.c Tue Mar 28 02:05:48 2000
@@ -56,7 +56,7 @@
ill specified arguments to commands */
void usage (){
- fprintf(stderr, "Usage: %s [target user] [-n principal] [-c source cachename] [-C target cachename] [-k] [-D] [-r time] [-pf] [-l lifetime] [-zZ] [-q] [-e command [args... ] ] [-a [args... ] ]\n", prog_name);
+ fprintf(stderr, "Usage: %s [target user] [-n principal] [-c source cachename] [-C target cachename] [-k] [-m] [-D] [-r time] [-pf] [-l lifetime] [-zZ] [-q] [-e command [args... ] ] [-a [args... ] ]\n", prog_name);
}
@@ -83,6 +83,7 @@
int option=0;
int statusp=0;
int use_source_cache = 0;
+int asme = 0;
krb5_error_code retval = 0;
krb5_principal client = NULL;
krb5_ccache cc_target = NULL;
@@ -173,7 +174,7 @@
}
- while(!done && ((option = getopt(pargc, pargv,"n:c:r:a:zZDfpkql:e:")) != -1)){
+ while(!done && ((option = getopt(pargc, pargv,"n:c:r:a:zZDfpkql:e:m")) != -1)){
switch (option) {
case 'r':
options.opt |= KDC_OPT_RENEWABLE;
@@ -219,6 +220,11 @@
errflg++;
}
break;
+#ifdef HAVE_GETUSERSHELL
+ case 'm':
+ asme = 1;
+ break;
+#endif
case 'n':
if ((retval = krb5_parse_name(ksu_context, optarg, &client))){
com_err(prog_name, retval, "when parsing name %s", optarg);
@@ -329,6 +335,15 @@
source_uid = pwd->pw_uid;
source_gid = pwd->pw_gid;
+#ifdef HAVE_GETUSERSHELL
+ if (asme) {
+ if (pwd->pw_shell)
+ shell = strdup(pwd->pw_shell);
+ else {
+ shell = _DEF_CSH; /* default is cshell */
+ }
+ }
+#endif
if (!strcmp(SOURCE_USER_LOGIN, target_user)){
target_user = xstrdup (source_user);
@@ -371,6 +386,19 @@
exit(1);
}
}
+
+ if (options.princ == 0 && target_uid == 0 && source_uid != 0) {
+ char *source_princ = xmalloc(strlen(source_user) + 6);
+ sprintf(source_princ, "%s/root", source_user);
+
+ if ((retval = krb5_parse_name(ksu_context, source_princ, &client))){
+ com_err(prog_name, retval, "when parsing name %s", source_princ);
+ errflg++;
+ }
+ free(source_princ);
+ options.princ = 1;
+ }
+
if ((retval = get_best_princ_for_target(ksu_context, source_uid,
target_uid, source_user, target_user, cc_source,
&options, cmd, localhostname, &client, &hp))){
@@ -699,11 +729,13 @@
/* get the shell of the user, this will be the shell used by su */
target_pwd = getpwnam(target_user);
+ if (!asme) {
if (target_pwd->pw_shell)
shell = xstrdup(target_pwd->pw_shell);
else {
shell = _DEF_CSH; /* default is cshell */
}
+ }
#ifdef HAVE_GETUSERSHELL
@@ -716,6 +748,7 @@
}
#endif /* HAVE_GETUSERSHELL */
+ if (!asme) {
if (target_pwd->pw_uid){
if(set_env_var("USER", target_pwd->pw_name)){
@@ -736,6 +769,7 @@
sweep_up(ksu_context, use_source_cache, cc_target);
exit(1);
}
+ }
/* set the cc env name to target */
Show quoted text
>Audit-Trail:
From: "David J. MacKenzie" <djm@web.us.uu.net>
To: krb5-bugs@MIT.EDU, krb5-unassigned@rt-11.mit.edu
Cc: Subject: Re: krb5-clients/837: addition of ksu -m option
Date: Fri, 14 Apr 2000 13:09:09 -0400
Errata: I accidentally included an unrelated hunk in the diff.
The part that deals with the principal name should have only
been included in bug report krb5-clients/839, so please
disregard it in this report.
Show quoted text
>Unformatted: