Aren/NetBSD
1
0
Fork 0
Code Issues Pull Requests Packages Projects Releases Wiki Activity

Normalize the program's compilation options so they are all of the form SU_

Browse Source 
and document them.
This commit is contained in:
christos 2003-08-20 14:11:17 +00:00
parent 7847549d35
commit 791007d1e3
3 changed files with 42 additions and 16 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

8
usr.bin/su/Makefile
View File

@ -1,4 +1,4 @@
# $NetBSD: Makefile,v 1.31 2003/07/24 16:18:21 tron Exp $ # $NetBSD: Makefile,v 1.32 2003/08/20 14:11:17 christos Exp $
# from: @(#)Makefile 8.1 (Berkeley) 7/19/93 # from: @(#)Makefile 8.1 (Berkeley) 7/19/93
.include <bsd.own.mk> .include <bsd.own.mk>
@ -12,7 +12,7 @@ CPPFLAGS+=-DLOGIN_CAP
# Uncomment the following line to change the group that may su root to "sugroup" # Uncomment the following line to change the group that may su root to "sugroup"
# #
#CPPFLAGS+=-DSUGROUP=\"sugroup\" #CPPFLAGS+=-DSU_GROUP=\"sugroup\"
# Uncomment the following line to make su # Uncomment the following line to make su
# treat group wheel (SUGROUP) and/or ROOTAUTH as an indirect # treat group wheel (SUGROUP) and/or ROOTAUTH as an indirect
@ -49,6 +49,6 @@ DPADD+= ${LIBSKEY}
LDADD+= -lskey LDADD+= -lskey
.endif .endif
.ifdef SUROOTAUTH .ifdef SU_ROOTAUTH
CPPFLAGS+=-DROOTAUTH=\"${SUROOTAUTH}\" CPPFLAGS+=-DSU_ROOTAUTH=\"${SU_ROOTAUTH}\"
.endif .endif

28
usr.bin/su/su.1
View File

@ -26,7 +26,7 @@
.\" SUCH DAMAGE. .\" SUCH DAMAGE.
.\" .\"
.\" from: @(#)su.1 8.2 (Berkeley) 4/18/94 .\" from: @(#)su.1 8.2 (Berkeley) 4/18/94
.\" $NetBSD: su.1,v 1.33 2003/08/07 11:15:56 agc Exp $ .\" $NetBSD: su.1,v 1.34 2003/08/20 14:11:17 christos Exp $
.\" .\"
.Dd April 27, 2003 .Dd April 27, 2003
.Dt SU 1 .Dt SU 1
@ -197,10 +197,36 @@ By default (unless the prompt is reset by a startup file) the super-user
prompt is set to prompt is set to
.Dq Sy \&# .Dq Sy \&#
to remind one of its awesome power. to remind one of its awesome power.
.Sh COMPILATION OPTIONS
.Pp
Several compilation time options are available that alter the program's
behavior.
These options are:
.Bl -tag -width "SU_INDIRECT_GROUP"
.It SU_GROUP
If defined, it changes the default group that is allowed to become
.Dq root ,
from
.Dq wheel
to the specified string.
.It SU_ROOTAUTH
If defined, it specifies a group whose members are allowed to become
.Dq root ,
by supplying their own password instead of the
.Dq root
one.
.It SU_INDIRECT_GROOP
If defined, the
.Ar SU_GROUP
and
.Ar SU_ROOTAUTH
groups are treated as indirect groups.
The group members of those two groups, are treated as groups themselves.
.Sh EXIT STATUS .Sh EXIT STATUS
.Nm .Nm
returns the exit status of the executed subshell, or 1 if any error returns the exit status of the executed subshell, or 1 if any error
occurred while switching privileges. occurred while switching privileges.
.El
.Sh ENVIRONMENT .Sh ENVIRONMENT
Environment variables used by Environment variables used by
.Nm : .Nm :

22
usr.bin/su/su.c
View File

@ -1,4 +1,4 @@
/* $NetBSD: su.c,v 1.56 2003/08/07 11:15:57 agc Exp $ */ /* $NetBSD: su.c,v 1.57 2003/08/20 14:11:17 christos Exp $ */
/* /*
* Copyright (c) 1988 The Regents of the University of California. * Copyright (c) 1988 The Regents of the University of California.
@ -40,7 +40,7 @@ __COPYRIGHT(
#if 0 #if 0
static char sccsid[] = "@(#)su.c 8.3 (Berkeley) 4/2/94";*/ static char sccsid[] = "@(#)su.c 8.3 (Berkeley) 4/2/94";*/
#else #else
__RCSID("$NetBSD: su.c,v 1.56 2003/08/07 11:15:57 agc Exp $"); __RCSID("$NetBSD: su.c,v 1.57 2003/08/20 14:11:17 christos Exp $");
#endif #endif
#endif /* not lint */ #endif /* not lint */
@ -94,8 +94,8 @@ int use_kerberos = 1;
#define ARGSTRX "-dflm" #define ARGSTRX "-dflm"
#endif #endif
#ifndef SUGROUP #ifndef SU_GROUP
#define SUGROUP "wheel" #define SU_GROUP "wheel"
#endif #endif
#ifdef LOGIN_CAP #ifdef LOGIN_CAP
@ -239,30 +239,30 @@ main(argc, argv)
char *pass = pwd->pw_passwd; char *pass = pwd->pw_passwd;
int ok = pwd->pw_uid != 0; int ok = pwd->pw_uid != 0;
#ifdef ROOTAUTH #ifdef SU_ROOTAUTH
/* /*
* Allow those in group rootauth to su to root, by supplying * Allow those in group rootauth to su to root, by supplying
* their own password. * their own password.
*/ */
if (!ok) { if (!ok) {
if ((ok = check_ingroup(-1, ROOTAUTH, username, 0))) { if ((ok = check_ingroup(-1, SU_ROOTAUTH, username, 0))) {
pass = userpass; pass = userpass;
user = username; user = username;
} }
} }
#endif #endif
/* /*
* Only allow those in group SUGROUP to su to root, * Only allow those in group SU_GROUP to su to root,
* but only if that group has any members. * but only if that group has any members.
* If SUGROUP has no members, allow anyone to su root * If SU_GROUP has no members, allow anyone to su root
*/ */
if (!ok) { if (!ok) {
ok = check_ingroup(-1, SUGROUP, username, 1); ok = check_ingroup(-1, SU_GROUP, username, 1);
} }
if (!ok) if (!ok)
errx(1, errx(1,
"you are not listed in the correct secondary group (%s) to su %s.", "you are not listed in the correct secondary group (%s) to su %s.",
SUGROUP, user); SU_GROUP, user);
/* if target requires a password, verify it */ /* if target requires a password, verify it */
if (*pass) { if (*pass) {
p = getpass("Password:"); p = getpass("Password:");
@ -694,7 +694,7 @@ check_ingroup (gid, gname, user, ifempty)
/* /*
* XXX we are relying on the fact that we only set ifempty when * XXX we are relying on the fact that we only set ifempty when
* calling to check for SUGROUP and that is the only time a * calling to check for SU_GROUP and that is the only time a
* missing group is acceptable. * missing group is acceptable.
*/ */
if (gr == NULL) if (gr == NULL)