[PATCH] kdesu for FreeBSD non-wheel users

Adriaan de Groot adridg at cs.kun.nl
Wed Nov 12 06:05:51 GMT 2003 

Attached a patch for the following problem:

Users that are not in the group wheel (and that's all of them except root,
by default) may not su root at all. su(1) reports this with "su: you are
not allowed to su root", which the parser in su.cpp recognizes as a
password prompt (after all, there's a colon in there). My previous fix
broke Linux so Waldo fixed it back, but the effect is that non-wheel users
who use kdesu _can_ hang kdesu.

The patch - idea by Andy - checks if the user could possibly su root, and
if not, it bails out early. This might possibly apply to other BSDs as
well. I've only tested that this compiles, not if it works, though. Once
my current build of HEAD finishes I'll check, but I'd appreciate it if
some other folks could look at it as well.

OK to commit? Please CC: me on reply.

-- 
 Adriaan de Groot    adridg at cs.kun.nl     Kamer A6020     024-3652272
GPG Key Fingerprint 934E 31AA 80A7 723F 54F9  50ED 76AC EE01 FEA2 A3FE
               http://www.cs.kun.nl/~adridg/research/
-------------- next part --------------
Index: su.h
===================================================================
RCS file: /home/kde/kdelibs/kdesu/su.h,v
retrieving revision 1.16
diff -r1.16 su.h
30c30,34
<     enum Errors { SuNotFound=1, SuNotAllowed, SuIncorrectPassword };
---
>     enum Errors { SuNotFound=1, 
>         SuNotAllowed, 
>         SuIncorrectPassword, 
>         SuOtherError=-1 
>     };
33a38
>      * Returns one of the values in Errors.
Index: su.cpp
===================================================================
RCS file: /home/kde/kdelibs/kdesu/su.cpp,v
retrieving revision 1.31
diff -r1.31 su.cpp
36a37,40
> #ifdef Q_OS_FREEBSD
> #include <sys/param.h>
> #endif
> 
89c93
<           return check ? SuNotFound : -1;
---
>           return check ? SuNotFound : SuOtherError;
91a96,131
> #ifdef Q_OS_FREEBSD
>     // If a user isn't in wheel, then they're not going to be
>     // able to su root _anyway_, ever. So bail out early (and
>     // this saves us having to hack up the parser so that it
>     // actually recognizes perror() style error messages).
>     {
>         gid_t gids[NGROUPS_MAX];
>         int r,i;
>         bool success=false;
>         r=getgroups(NGROUPS_MAX,gids);
>         if (r<0)
>         {
>             // Probably bad. But since we can't tell for
>             // sure that this user is (or isn't) in wheel,
>             // assume that they are, and accept hangs
>             // in this weird case.
>         }
>         else
>         {
>             for (i=0; i<r; i++)
>             {
>                 if (gids[i]==0)
>                 {
>                     success=true;
>                     break;
>                 }
>             }
>         }
> 
>         if (!success)
>         {
>             return SuNotAllowed;
>         }
>     }
> #endif
> 
95c135
< 	return check ? SuNotFound : -1;
---
> 	return check ? SuNotFound : SuOtherError;
-------------- next part --------------
_______________________________________________
kde-freebsd mailing list
kde-freebsd at lists.csociety.org
https://lists.csociety.org/listinfo/kde-freebsd

More information about the kde-core-devel mailing list