Normalize the program's compilation options so they are all of the form SU_
and document them.
This commit is contained in:
christos
parent
7847549d35
commit
791007d1e3
@ -1,4 +1,4 @@
|
||||
# $NetBSD: Makefile,v 1.31 2003/07/24 16:18:21 tron Exp $
|
||||
# $NetBSD: Makefile,v 1.32 2003/08/20 14:11:17 christos Exp $
|
||||
# from: @(#)Makefile 8.1 (Berkeley) 7/19/93
|
||||
|
||||
.include <bsd.own.mk>
|
||||
@ -12,7 +12,7 @@ CPPFLAGS+=-DLOGIN_CAP
|
||||
|
||||
# Uncomment the following line to change the group that may su root to "sugroup"
|
||||
#
|
||||
#CPPFLAGS+=-DSUGROUP=\"sugroup\"
|
||||
#CPPFLAGS+=-DSU_GROUP=\"sugroup\"
|
||||
|
||||
# Uncomment the following line to make su
|
||||
# treat group wheel (SUGROUP) and/or ROOTAUTH as an indirect
|
||||
@ -49,6 +49,6 @@ DPADD+= ${LIBSKEY}
|
||||
LDADD+= -lskey
|
||||
.endif
|
||||
|
||||
.ifdef SUROOTAUTH
|
||||
CPPFLAGS+=-DROOTAUTH=\"${SUROOTAUTH}\"
|
||||
.ifdef SU_ROOTAUTH
|
||||
CPPFLAGS+=-DSU_ROOTAUTH=\"${SU_ROOTAUTH}\"
|
||||
.endif
|
||||
|
||||
@ -26,7 +26,7 @@
|
||||
.\" SUCH DAMAGE.
|
||||
.\"
|
||||
.\" from: @(#)su.1 8.2 (Berkeley) 4/18/94
|
||||
.\" $NetBSD: su.1,v 1.33 2003/08/07 11:15:56 agc Exp $
|
||||
.\" $NetBSD: su.1,v 1.34 2003/08/20 14:11:17 christos Exp $
|
||||
.\"
|
||||
.Dd April 27, 2003
|
||||
.Dt SU 1
|
||||
@ -197,10 +197,36 @@ By default (unless the prompt is reset by a startup file) the super-user
|
||||
prompt is set to
|
||||
.Dq Sy \&#
|
||||
to remind one of its awesome power.
|
||||
.Sh COMPILATION OPTIONS
|
||||
.Pp
|
||||
Several compilation time options are available that alter the program's
|
||||
behavior.
|
||||
These options are:
|
||||
.Bl -tag -width "SU_INDIRECT_GROUP"
|
||||
.It SU_GROUP
|
||||
If defined, it changes the default group that is allowed to become
|
||||
.Dq root ,
|
||||
from
|
||||
.Dq wheel
|
||||
to the specified string.
|
||||
.It SU_ROOTAUTH
|
||||
If defined, it specifies a group whose members are allowed to become
|
||||
.Dq root ,
|
||||
by supplying their own password instead of the
|
||||
.Dq root
|
||||
one.
|
||||
.It SU_INDIRECT_GROOP
|
||||
If defined, the
|
||||
.Ar SU_GROUP
|
||||
and
|
||||
.Ar SU_ROOTAUTH
|
||||
groups are treated as indirect groups.
|
||||
The group members of those two groups, are treated as groups themselves.
|
||||
.Sh EXIT STATUS
|
||||
.Nm
|
||||
returns the exit status of the executed subshell, or 1 if any error
|
||||
occurred while switching privileges.
|
||||
.El
|
||||
.Sh ENVIRONMENT
|
||||
Environment variables used by
|
||||
.Nm :
|
||||
|
||||
@ -1,4 +1,4 @@
|
||||
/* $NetBSD: su.c,v 1.56 2003/08/07 11:15:57 agc Exp $ */
|
||||
/* $NetBSD: su.c,v 1.57 2003/08/20 14:11:17 christos Exp $ */
|
||||
|
||||
/*
|
||||
* Copyright (c) 1988 The Regents of the University of California.
|
||||
@ -40,7 +40,7 @@ __COPYRIGHT(
|
||||
#if 0
|
||||
static char sccsid[] = "@(#)su.c 8.3 (Berkeley) 4/2/94";*/
|
||||
#else
|
||||
__RCSID("$NetBSD: su.c,v 1.56 2003/08/07 11:15:57 agc Exp $");
|
||||
__RCSID("$NetBSD: su.c,v 1.57 2003/08/20 14:11:17 christos Exp $");
|
||||
#endif
|
||||
#endif /* not lint */
|
||||
|
||||
@ -94,8 +94,8 @@ int use_kerberos = 1;
|
||||
#define ARGSTRX "-dflm"
|
||||
#endif
|
||||
|
||||
#ifndef SUGROUP
|
||||
#define SUGROUP "wheel"
|
||||
#ifndef SU_GROUP
|
||||
#define SU_GROUP "wheel"
|
||||
#endif
|
||||
|
||||
#ifdef LOGIN_CAP
|
||||
@ -239,30 +239,30 @@ main(argc, argv)
|
||||
char *pass = pwd->pw_passwd;
|
||||
int ok = pwd->pw_uid != 0;
|
||||
|
||||
#ifdef ROOTAUTH
|
||||
#ifdef SU_ROOTAUTH
|
||||
/*
|
||||
* Allow those in group rootauth to su to root, by supplying
|
||||
* their own password.
|
||||
*/
|
||||
if (!ok) {
|
||||
if ((ok = check_ingroup(-1, ROOTAUTH, username, 0))) {
|
||||
if ((ok = check_ingroup(-1, SU_ROOTAUTH, username, 0))) {
|
||||
pass = userpass;
|
||||
user = username;
|
||||
}
|
||||
}
|
||||
#endif
|
||||
/*
|
||||
* Only allow those in group SUGROUP to su to root,
|
||||
* Only allow those in group SU_GROUP to su to root,
|
||||
* but only if that group has any members.
|
||||
* If SUGROUP has no members, allow anyone to su root
|
||||
* If SU_GROUP has no members, allow anyone to su root
|
||||
*/
|
||||
if (!ok) {
|
||||
ok = check_ingroup(-1, SUGROUP, username, 1);
|
||||
ok = check_ingroup(-1, SU_GROUP, username, 1);
|
||||
}
|
||||
if (!ok)
|
||||
errx(1,
|
||||
"you are not listed in the correct secondary group (%s) to su %s.",
|
||||
SUGROUP, user);
|
||||
SU_GROUP, user);
|
||||
/* if target requires a password, verify it */
|
||||
if (*pass) {
|
||||
p = getpass("Password:");
|
||||
@ -694,7 +694,7 @@ check_ingroup (gid, gname, user, ifempty)
|
||||
|
||||
/*
|
||||
* XXX we are relying on the fact that we only set ifempty when
|
||||
* calling to check for SUGROUP and that is the only time a
|
||||
* calling to check for SU_GROUP and that is the only time a
|
||||
* missing group is acceptable.
|
||||
*/
|
||||
if (gr == NULL)
|
||||
|
||||
Loading…
Reference in New Issue
Block a user