=================================================================== RCS file: /cvsrepo/anoncvs/cvs/src/usr.bin/su/su.c,v retrieving revision 1.58 retrieving revision 1.59 diff -c -r1.58 -r1.59 *** src/usr.bin/su/su.c 2009/10/27 23:59:44 1.58 --- src/usr.bin/su/su.c 2010/12/09 15:45:30 1.59 *************** *** 1,4 **** ! /* $OpenBSD: su.c,v 1.58 2009/10/27 23:59:44 deraadt Exp $ */ /* * Copyright (c) 1988 The Regents of the University of California. --- 1,4 ---- ! /* $OpenBSD: su.c,v 1.59 2010/12/09 15:45:30 millert Exp $ */ /* * Copyright (c) 1988 The Regents of the University of California. *************** *** 61,66 **** --- 61,67 ---- main(int argc, char **argv) { int asme = 0, asthem = 0, ch, fastlogin = 0, emlogin = 0, prio; + int altshell = 0; char *user, *shell = NULL, *avshell, *username, **np; char *class = NULL, *style = NULL, *p; enum { UNSET, YES, NO } iscsh = UNSET; *************** *** 72,78 **** uid_t ruid; u_int flags; ! while ((ch = getopt(argc, argv, "a:c:fKLlm-")) != -1) switch (ch) { case 'a': if (style) --- 73,79 ---- uid_t ruid; u_int flags; ! while ((ch = getopt(argc, argv, "a:c:fKLlms:-")) != -1) switch (ch) { case 'a': if (style) *************** *** 104,109 **** --- 105,114 ---- asme = 1; asthem = 0; break; + case 's': + altshell = 1; + shell = optarg; + break; default: usage(); } *************** *** 129,134 **** --- 134,142 ---- if (ruid && class) auth_errx(as, 1, "only the superuser may specify a login class"); + if (ruid && altshell) + auth_errx(as, 1, "only the superuser may specify a login shell"); + if (username != NULL) auth_setoption(as, "invokinguser", username); *************** *** 139,145 **** auth_errx(as, 1, "who are you?"); if ((username = strdup(pwd->pw_name)) == NULL) auth_errx(as, 1, "can't allocate memory"); ! if (asme) { if (pwd->pw_shell && *pwd->pw_shell) { if ((shell = strdup(pwd->pw_shell)) == NULL) auth_errx(as, 1, "can't allocate memory"); --- 147,153 ---- auth_errx(as, 1, "who are you?"); if ((username = strdup(pwd->pw_name)) == NULL) auth_errx(as, 1, "can't allocate memory"); ! if (asme && !altshell) { if (pwd->pw_shell && *pwd->pw_shell) { if ((shell = strdup(pwd->pw_shell)) == NULL) auth_errx(as, 1, "can't allocate memory"); *************** *** 204,220 **** fprintf(stderr, "Login incorrect\n"); } ! if (asme) { ! /* if asme and non-standard target shell, must be root */ ! if (!chshell(pwd->pw_shell) && ruid) ! auth_errx(as, 1, "permission denied (shell)."); ! } else if (pwd->pw_shell && *pwd->pw_shell) { ! if ((shell = strdup(pwd->pw_shell)) == NULL) ! auth_errx(as, 1, "can't allocate memory"); ! iscsh = UNSET; ! } else { ! shell = _PATH_BSHELL; ! iscsh = NO; } if ((p = strrchr(shell, '/'))) --- 212,230 ---- fprintf(stderr, "Login incorrect\n"); } ! if (!altshell) { ! if (asme) { ! /* if asme and non-std target shell, must be root */ ! if (ruid && !chshell(shell)) ! auth_errx(as, 1, "permission denied (shell)."); ! } else if (pwd->pw_shell && *pwd->pw_shell) { ! if ((shell = strdup(pwd->pw_shell)) == NULL) ! auth_errx(as, 1, "can't allocate memory"); ! iscsh = UNSET; ! } else { ! shell = _PATH_BSHELL; ! iscsh = NO; ! } } if ((p = strrchr(shell, '/'))) *************** *** 254,259 **** --- 264,272 ---- } if (setenv("HOME", pwd->pw_dir, 1) == -1 || setenv("SHELL", shell, 1) == -1) + auth_err(as, 1, "unable to set environment"); + } else if (altshell) { + if (setenv("SHELL", shell, 1) == -1) auth_err(as, 1, "unable to set environment"); }