su z sh-utils

Tue Oct 20 11:33:54 CEST 1998

Poprawiłem tego su z sh-utils. Działa (mam nadzieję ;) jak należy. Oczywiście
proszę oblookać patcha. W międzyczasie zauważyłem jedną rzecz. Mianowicie
./configure (m.in z sh-utils) sprawdza zmienną LINGUAS a ja zgodnie z
/usr/doc/initscrtipts*/sysconfig.txt mam ją ustaloną na "pl". Configure
potrzebuje tego do sprawdzenia do jakich katalogów może instalować pliki
*.mo. W moim przypadku ponieważ miałem LINGUAS=pl chciał instalować TYLKO
do pl - niby ok gdyby nie fakt, że w specu jest jeszcze:
%lang(de) /usr/share/locale/de/LC_MESSAGES/sh-utils.mo
%lang(fr) /usr/share/locale/fr/LC_MESSAGES/sh-utils.mo
%lang(nl) /usr/share/locale/nl/LC_MESSAGES/sh-utils.mo
%lang(pt) /usr/share/locale/pt/LC_MESSAGES/sh-utils.mo
%lang(sv) /usr/share/locale/sv/LC_MESSAGES/sh-utils.mo
no i było kilka "file not found" ;) Może w specach dawać unset LINGUAS ? 

Ale wracając do su. Grzesiek pisał, że kiedyś tam "su i login chyba tez
najpierw robilo setuid a pozniej sie forkowalo. W tyniku tego
pam_open_session wykonywalo sie z roota a close_session z usera.
Bylo to troche klopotliwe jakby pam mial ustawiac jakies lock.file'y."

Ja niestety też tak zrobiłem (aaa ...). Mam nadzieję, że pam w międzyczasie 
nie robi żadnych lockfileów, a jeśli robi to ... cóż. Ktoś inny musi to su
poprawić - ja nie umiem ;) 

Tam jest tak:
  (tu jesteśmy jeszcze dr00tem - bo tak zmieniłem; teraz musimy zrobić tak,
  żeby pam_open_session() zostało wywołane gdy mamy dr00t'a, fork gdy już
  jesteśmy luserem, a pam_end() gdy znów jesteśmy dr00tem, natomiast wszystko
  następne ma być gdy jesteśmy luserem. Niby proste, a jednak nie wiem jak
  to zrobić):

  retval = pam_open_session(pamh,0);
  /* W aktualnym moim patchu właśnie tutaj ląduje setuid(user); */
  if (retval != PAM_SUCCESS) {
    fprintf (stderr, "could not open session\n");
    exit (1);
  }
  child = fork();
  if (child == 0) {  /* child shell */
  pam_end(pamh, 0);
  ...
  dalej jest exec() czyli wywołanie shella



-- 
 -< Arkadiusz Miśkiewicz >------------------------< Cron on IRC >-
  http://www.misiek.eu.org     mailto:misiek at zsz2.starachowice.pl
  Webmaster ZSZ2                  http://www.zsz2.starachowice.pl
 -< Linux micq UIN: 13798733 >-----------< Starachowice, POLAND >-
-------------- next part --------------
Name:        sh-utils
Version:     1.16
Release:     3d
Copyright:   GPL
Group:       Utilities/System
Group(pl):   Użytki/System
Source:      ftp://prep.ai.mit.edu/pub/gnu/%{name}-%{version}.tar.gz
Source1:     su.pamd
Source2:     ftp://ftp.iro.umontreal.ca/pub/po/trans/pl/%{name}-1.16b.pl.po
Patch1:      %{name}-%{version}-hostname.patch
Patch2:      %{name}-%{version}-pam.patch
Patch4:      %{name}-%{version}-getutent.patch
Patch5:      %{name}-%{version}-mktime.patch
Patch6:      %{name}-%{version}-paths.patch
Patch7:      %{name}-%{version}-newpam.patch
Patch8:      %{name}-%{version}-glibc21.patch
Patch9:      %{name}-%{version}-nocrypt.patch
Patch10:     %{name}-%{version}-mem.patch
Patch11:     %{name}-%{version}-pl_locale.patch
Patch12:     %{name}-pl.patch
Patch13:     %{name}-su-pam-limits.patch
Summary:     GNU shell utilities
Summary(de): GNU-Shell-Utilities
Summary(fr): Utilitaires shell de GNU
Summary(pl): Narzędzia shell-a (GNU)
Summary(tr): GNU kabuk araçlarý
Buildroot:   /tmp/%{name}-%{version}-root
Requires:    pam >= 0.65
Prereq:      /sbin/install-info

%description
The GNU shell utilities provide many of the basic common commands
used (among other things) for shell programming, hence the name.
Nearly all shell scripts use at least one of these programs.

%description -l de
Die GNU-Shell-Utilities stellen viele der grundlegenden gemeinsamen 
Befehle zur Verfügung, die unter anderem für die Shell-
Programmierung benutzt werden, woher sich der Name ableitet. Fast 
alle Shell-Skripts benutzen wenigstens eines dieser Programme. 

%description -l fr
Les utilitaires shell de GNU offrent la plupart des commandes de
base utilisées (entre autres) pour la programmation en shell, d'oů le nom.
Presque tous les scripts shell utilisent au moins l'un de ces programmes.

%description -l pl
Narzędzia shell-a (GNU) zawierają wiele podstawowych komend używanych
(pośród innych rzeczy) w skryptach shell-a, stąd nazwa pakietu.
Niemal wszystkie skrypty shell-a używają co najmniej jednego z tych
programów.

%description -l tr
GNU kabuk araçlarý kabuk programlamada da kullanýlan pek çok ana komutu
sađlar. Hemen hemen tüm kabuk programlarý bu programlarýn en azýndan birini
kullanýr.

%prep
%setup -q
%patch1 -p1 
%patch2 -p1 
%patch4 -p1 
%patch5 -p1 
%patch6 -p1 
%patch7 -p1 
%patch8 -p1 
%patch9 -p1 
%patch10 -p1 
%patch11 -p0 
%patch12 -p1
%patch13 -p1
cp %{SOURCE2} po/pl.po

%build
unset LINGUAS
CFLAGS="$RPM_OPT_FLAGS -DUSE_PAM -D_GNU_SOURCE" LDFLAGS=-s \
./configure --prefix=/usr
make PAMLIBS="-ldl -lpam -lpam_misc" 2>/dev/null
make PAMLIBS="-ldl -lpam -lpam_misc" info

%install
rm -rf $RPM_BUILD_ROOT
install -d $RPM_BUILD_ROOT/{bin,etc/pam.d,usr/sbin}

make install prefix=$RPM_BUILD_ROOT/usr
install src/su $RPM_BUILD_ROOT/bin/

mv $RPM_BUILD_ROOT/usr/bin/{basename,date,echo,false,nice,pwd,sleep,stty,true,uname} $RPM_BUILD_ROOT/bin
mv $RPM_BUILD_ROOT/usr/bin/chroot $RPM_BUILD_ROOT/usr/sbin
rm -f $RPM_BUILD_ROOT/usr/{bin/{hostname,uptime},man/man1/{hostname,uptime}.1}

rm -f $RPM_BUILD_ROOT/usr/bin/[
ln -sf test $RPM_BUILD_ROOT/usr/bin/[

gzip -9nf $RPM_BUILD_ROOT/usr/info/sh-utils.info

install %{SOURCE1} $RPM_BUILD_ROOT/etc/pam.d/su

strip $RPM_BUILD_ROOT/{bin/*,usr/{bin/*,sbin/*}} || :

%clean
rm -rf $RPM_BUILD_ROOT

%post
/sbin/install-info /usr/info/sh-utils.info.gz /usr/info/dir

%preun
if [ $1 = 0 ]; then
    /sbin/install-info --delete /usr/info/sh-utils.info.gz /usr/info/dir
fi

%files
%defattr(644, root, root, 755)
%doc NEWS README
%attr(0640, root, root) %config %verify(not size mtime md5) /etc/pam.d/su
%attr(0711, root, root) /bin/basename
%attr(0711, root, root) /bin/date
%attr(0711, root, root) /bin/echo
%attr(0755, root, root) /bin/false
%attr(0711, root, root) /bin/nice
%attr(0711, root, root) /bin/pwd
%attr(0711, root, root) /bin/sleep
%attr(0711, root, root) /bin/stty
%attr(4711, root, root) /bin/su
%attr(0755, root, root) /bin/true
%attr(0711, root, root) /bin/uname
%attr(0711, root, root) /usr/bin/[
%attr(0711, root, root) /usr/bin/dirname
%attr(0711, root, root) /usr/bin/env
%attr(0711, root, root) /usr/bin/expr
%attr(0711, root, root) /usr/bin/factor
%attr(0755, root, root) /usr/bin/groups
%attr(0711, root, root) /usr/bin/id
%attr(0711, root, root) /usr/bin/logname
%attr(0755, root, root) /usr/bin/nohup
%attr(0711, root, root) /usr/bin/pathchk
%attr(0711, root, root) /usr/bin/printenv
%attr(0711, root, root) /usr/bin/printf
%attr(0711, root, root) /usr/bin/seq
%attr(0711, root, root) /usr/bin/tee
%attr(0711, root, root) /usr/bin/test
%attr(0711, root, root) /usr/bin/tty
%attr(0711, root, root) /usr/bin/users
%attr(0711, root, root) /usr/bin/who
%attr(0711, root, root) /usr/bin/whoami
%attr(0711, root, root) /usr/bin/yes
%attr(0644, root,  man) /usr/man/man1/*
/usr/info/sh-utils.info.gz
%lang(de) /usr/share/locale/de/LC_MESSAGES/sh-utils.mo
%lang(fr) /usr/share/locale/fr/LC_MESSAGES/sh-utils.mo
%lang(nl) /usr/share/locale/nl/LC_MESSAGES/sh-utils.mo
%lang(pl) /usr/share/locale/pl/LC_MESSAGES/sh-utils.mo
%lang(pt) /usr/share/locale/pt/LC_MESSAGES/sh-utils.mo
%lang(sv) /usr/share/locale/sv/LC_MESSAGES/sh-utils.mo

%changelog
* Mon Oct 19 1998 Arkadiusz Miśkiewicz <misiek at misiek.eu.org>
[1.16-3d]
- added su-pam-limits patch
- added Group(pl)
- added unset LINGUAS

* Wed Aug 26 1998 Konrad Stepień <konrad at interdata.com.pl>
[1.16-2d]
- added pl locale and translation,
- remove -s flag in install,
- added full %attr description in %files,
- changed permission to 600 on /etc/pam.d/su,
- added %lang macros for /usr/share/locale/*/LC_MESSAGES/sh-utils.mo files,
- removed chroot (also is in util-linux),
- fix problem with su when building non root.

* Thu Jul 23 1998 Wojtek Ślusarczyk <wojtek at shadow.eu.org>
[1.16-1d]
- build against glibc-2.1,
- restricted ELF binaries permissions.

* Mon Jun  8 1998 Michal Jaegermann <michal at harddata.com>
- fixed reversed test for when to allocate in who.c and an incorrect
  use of xrealloc.

* Thu Apr 30 1998 Donnie Barnes <djb at redhat.com>
- moved /usr/bin/nice to /bin/nice

* Fri Apr 24 1998 Prospector System <bugs at redhat.com>
- translations modified for de, fr, tr

* Sat Apr 11 1998 Cristian Gafton <gafton at redhat.com>
- manhattan rebuild

* Wed Oct 22 1997 Michael K. Johnson <johnsonm at redhat.com>
- added minor patch for glibc 2.1

* Wed Oct 21 1997 Cristian Gafton <gafton at redhat.com>
- fixed the URLs in spec file
- cleaned up the spec file

* Thu Oct 02 1997 Michael K. Johnson <johnsonm at redhat.com>
- BuildRoot
- New pam standard.

* Sun Sep 14 1997 Erik Troan <ewt at redhat.com>
- uses install-info

* Mon Jun 02 1997 Erik Troan <ewt at redhat.com>
- built against glibc

* Fri Apr 18 1997 Michael K. Johnson <johnsonm at redhat.com>
- Fixed the sense of the user and root default paths.

* Mon Apr 14 1997 Erik Troan <ewt at redhat.com>
- Fixed getutent patch to define UTMP_READ_INCR
- Modified su.c to define default paths w/o regard to other header files or
  -D style definitions

* Wed Apr 02 1997 Erik Troan <ewt at redhat.com>
- Updated getutent patch for 1.16
- Added mktime patch for 64bit time_t

* Tue Mar 25 1997 Michael K. Johnson <johnsonm at redhat.com>
- DEFPATH handling moved from ...path.patch to _PATH_DEFPATH*

* Mon Mar 03 1997 Michael K. Johnson <johnsonm at redhat.com>
- Moved from pam.conf to pam.d
-------------- next part --------------
diff -urN sh-utils-1.16.orig/src/su.c sh-utils-1.16/src/su.c

--- sh-utils-1.16.orig/src/su.c	Mon Oct 19 22:04:52 1998
+++ sh-utils-1.16/src/su.c	Mon Oct 19 22:05:39 1998
@@ -502,7 +502,7 @@
    arguments.  */
 
 static void
-run_shell (const char *shell, const char *command, char **additional_args)
+run_shell (struct passwd *pw, const char *shell, const char *command, char **additional_args)
 {
   const char **args;
   int argno = 1;
@@ -512,6 +512,7 @@
   int status;
 
   retval = pam_open_session(pamh,0);
+  change_identity(pw);
   if (retval != PAM_SUCCESS) {
     fprintf (stderr, "could not open session\n");
     exit (1);
@@ -774,9 +775,8 @@
     }
   modify_environment (pw, shell);
 
-  change_identity (pw);
   if (simulate_login && chdir (pw->pw_dir))
     error (0, errno, _("warning: cannot change directory to %s"), pw->pw_dir);
 
-  run_shell (shell, command, additional_args);
+  run_shell (pw, shell, command, additional_args);
 }
