[1600] in Kerberos-V5-bugs
Complete diffs for K5.5 ksu/main.c
daemon@ATHENA.MIT.EDU (Joe Ramus)
Wed Aug 16 14:04:22 1995
Date: Wed, 16 Aug 95 11:04:01 PDT
From: ramus@nersc.gov (Joe Ramus)
To: krb5-bugs@MIT.EDU
Here is a complete diff for K5.5 ksu/main.c and ksu/ksu.M (man page).
The diffs appended to this message include my fixes for KSU plus those
submitted by Wolfgang Rupprecht last May.
-To: kerberos@MIT.EDU
-Date: 25 May 1995 19:44:17 -0700
-From: wolfgang@wsrcc.com (Wolfgang Rupprecht)
-Organization: W S Rupprecht Computer Consulting, Fremont CA
The bug fixes include the addition of "context" to many function
calls. I corrected two errors that caused core dumps. These
involve the use of strchr to look for a ':' in a file name.
See lines *** 377,383 **** and *** 467,473 ****
I added a new option "-w" which gives a whole new environment
similiar to the command "su - name".
Wolfgang added a new option "-s" to save the current environment and shell
similiar to "sudo".
Wolfgang Rupprecht also submitted changes to other files that are part
of the KSU tool.
I have updated the man page file ksu/ksu.M also.
----------------------------------------------------------------
| Joe Ramus NERSC Livermore (510) 423-8917 ramus@nersc.gov |
----------------------------------------------------------------
-------------------------------------------------------------------------------------
*** ksu/main.c.orig Tue Aug 15 09:44:20 1995
--- ksu/main.c Tue Aug 15 17:24:15 1995
***************
*** 53,60 ****
ill specified arguments to commands */
void usage (){
! fprintf(stderr, "Usage: %s [target user] [-n principal] [-c source cachename] [-C target cachename] [-k] [-D] [-r time] [-pf] [-l lifetime] [-zZ] [-q] [-e command [args... ] ] [-a [args... ] ] \n", prog_name);
!
}
/* for Ultrix and friends ... */
--- 53,59 ----
ill specified arguments to commands */
void usage (){
! fprintf(stderr, "Usage: %s [target user] [-n principal] [-c source cachename] [-C target cachename] [-k] [-D] [-r time] [-pf] [-l lifetime] [-zZ] [-q] [-s] [-w] [-e command [args... ] ] [-a [args... ] ] \n", prog_name);
}
/* for Ultrix and friends ... */
***************
*** 76,81 ****
--- 75,82 ----
int option=0;
int statusp=0;
int use_source_cache = 0;
+ int ksudo = 0;
+ int whole_new_env = 0;
krb5_error_code retval = 0;
krb5_principal client = NULL;
krb5_ccache cc_target = NULL;
***************
*** 168,174 ****
}
! while(!done && ((option = getopt(pargc, pargv,"n:c:C:r:a:zZDfpkql:e:")) != EOF)){
switch (option) {
case 'r':
options.opt |= KDC_OPT_RENEWABLE;
--- 169,176 ----
}
! while(!done && ((option = getopt(pargc, pargv,"n:c:C:r:a:zZDfpkqswl:e:")) != EOF))
! {
switch (option) {
case 'r':
options.opt |= KDC_OPT_RENEWABLE;
***************
*** 310,315 ****
--- 312,323 ----
fprintf(stderr,"Command to be executed: %s\n", cmd);
}
break;
+ case 's':
+ ksudo++;
+ break;
+ case 'w':
+ whole_new_env++;
+ break;
case '?':
default:
errflg++;
***************
*** 377,383 ****
--- 385,395 ----
if (cc_source_tag == NULL){
cc_source_tag = krb5_cc_default_name(ksu_context);
+ #ifdef TEST_FOR_COLON
cc_source_tag_tmp = strchr(cc_source_tag, ':') + 1;
+ #else
+ cc_source_tag_tmp = cc_source_tag;
+ #endif
}
/* get a handle for the cache */
***************
*** 421,427 ****
}else{
fprintf(stderr,
"GET_best_princ_for_target result-best principal ");
! plain_dump_principal (client);
fprintf(stderr,"\n");
}
}
--- 433,439 ----
}else{
fprintf(stderr,
"GET_best_princ_for_target result-best principal ");
! plain_dump_principal (ksu_context, client);
fprintf(stderr,"\n");
}
}
***************
*** 467,473 ****
--- 479,489 ----
do {
sprintf(cc_target_tag, "%s%d.%d", KRB5_SECONDARY_CACHE,
target_uid, gen_sym());
+ #ifdef TEST_FOR_COLON
cc_target_tag_tmp = strchr(cc_target_tag, ':') + 1;
+ #else
+ cc_target_tag_tmp = cc_target_tag;
+ #endif
}while ( !stat ( cc_target_tag_tmp, &st_temp));
/* make sure that the new ticket file does not already exist */
***************
*** 617,626 ****
--- 633,644 ----
exit(1);
}
+ if (auth_debug){
print_status("Authenticated %s\n", client_name);
syslog(LOG_NOTICE,"'%s %s' authenticated %s for %s%s",
prog_name,target_user,client_name,
source_user,ontty());
+ }
if(retval = krb5_authorization(ksu_context, client,target_user,
local_realm_name, cmd, &authorization_val, &exec_cmd)){
***************
*** 696,701 ****
--- 714,726 ----
/* get the shell of the user, this will be the shell used by su */
target_pwd = getpwnam(target_user);
+ if (ksudo)
+ {
+ shell = getenv("SHELL");
+ if (!shell)
+ shell = _DEF_CSH; /* default is cshell */
+ } else {
+
if (target_pwd->pw_shell)
shell = strdup(target_pwd->pw_shell);
else {
***************
*** 734,739 ****
--- 759,766 ----
exit(1);
}
+ }
+
/* set the cc env name to target */
if(set_env_var( KRB5_ENV_CCNAME, cc_target_tag)){
***************
*** 814,820 ****
}
if( keep_target_cache || use_source_cache ) {
! execv(params[0], params);
com_err(prog_name, errno, "while trying to execv %s",
params[0]);
sweep_up(ksu_context, use_source_cache, cc_target);
--- 841,850 ----
}
if( keep_target_cache || use_source_cache ) {
! char * execv_path;
! execv_path = strdup(params[0]);
! if (whole_new_env) params[0] = "-ksu";
! execv(execv_path, params);
com_err(prog_name, errno, "while trying to execv %s",
params[0]);
sweep_up(ksu_context, use_source_cache, cc_target);
***************
*** 839,845 ****
exit (statusp);
}else{
! execv(params[0], params);
com_err(prog_name, errno, "while trying to execv %s",
params[0]);
exit (1);
--- 869,878 ----
exit (statusp);
}else{
! char * execv_path;
! execv_path = strdup(params[0]);
! if (whole_new_env) params[0] = "-ksu";
! execv(execv_path, params);
com_err(prog_name, errno, "while trying to execv %s",
params[0]);
exit (1);
*** ksu/ksu.M.orig Tue Aug 15 17:40:54 1995
--- ksu/ksu.M Tue Aug 15 17:40:54 1995
***************
*** 55,60 ****
--- 55,64 ----
] [
.B \-q
] [
+ .B \-s
+ ] [
+ .B \-w
+ ] [
.B \-e
.I command
[
***************
*** 375,380 ****
--- 379,392 ----
.TP 10
\fB\-q
suppress the printing of status messages.
+ .TP 10
+ \fB\-s
+ save the current environment and shell.
+ This is similiar to the command "sudo".
+ .TP 10
+ \fB\-w
+ initialize a whole new environment for the target user.
+ This is similiar the command "su - name".
.TP 10
\fB\-e \fIcommand [args ...]
ksu proceeds exactly the same as if it was invoked without the
