- * Get the user's real name. The current UID is used to determine
- * who has executed su. That user ID must exist.
- */
- pw = get_my_pwent ();
- if (NULL == pw) {
- fprintf (stderr, _("%s: Cannot determine your user name.\n"),
- Prog);
- SYSLOG ((LOG_WARN, "Cannot determine the user name of the caller (UID %lu)",
- (unsigned long) my_uid));
- su_failure (tty);
- }
- STRFCPY (oldname, pw->pw_name);
-
-#ifndef USE_PAM
-#ifdef SU_ACCESS
- /*
- * Sort out the password of user calling su, in case needed later
- * -- chris
- */
- spwd = getspnam (oldname); /* !USE_PAM, no need for xgetspnam */
- if (NULL != spwd) {
- pw->pw_passwd = spwd->sp_pwdp;
- }
- oldpass = xstrdup (pw->pw_passwd);
-#endif /* SU_ACCESS */
-
-#else /* USE_PAM */
- ret = pam_start ("su", name, &conv, &pamh);
- if (PAM_SUCCESS != ret) {
- SYSLOG ((LOG_ERR, "pam_start: error %d", ret);
- fprintf (stderr, _("%s: pam_start: error %d\n"),
- Prog, ret));
- exit (1);
- }
-
- ret = pam_set_item (pamh, PAM_TTY, (const void *) tty);
- if (PAM_SUCCESS == ret) {
- ret = pam_set_item (pamh, PAM_RUSER, (const void *) oldname);
- }
- if (PAM_SUCCESS != ret) {
- SYSLOG ((LOG_ERR, "pam_set_item: %s",
- pam_strerror (pamh, ret)));
- fprintf (stderr, _("%s: %s\n"), Prog, pam_strerror (pamh, ret));
- pam_end (pamh, ret);
- exit (1);
- }
-#endif /* USE_PAM */
-
- top:
- /*
- * This is the common point for validating a user whose name is
- * known. It will be reached either by normal processing, or if the
- * user is to be logged into a subsystem root.
- *
- * The password file entries for the user is gotten and the account
- * validated.
- */
- pw = xgetpwnam (name);
- if (NULL == pw) {
- (void) fprintf (stderr, _("Unknown id: %s\n"), name);
- closelog ();
- exit (1);
- }
-#ifndef USE_PAM
- spwd = NULL;
- if (strcmp (pw->pw_passwd, SHADOW_PASSWD_STRING) == 0) {
- spwd = getspnam (name); /* !USE_PAM, no need for xgetspnam */
- if (NULL != spwd) {
- pw->pw_passwd = spwd->sp_pwdp;
- }
- }
-#endif /* !USE_PAM */
- pwent = *pw;
-
- /* If su is not called by root, and the target user has a restricted
- * shell, the environment must be changed.
- */
- change_environment |= (restricted_shell (pwent.pw_shell) && !amroot);
-
- /*
- * If a new login is being set up, the old environment will be
- * ignored and a new one created later on.
- * (note: in the case of a subsystem, the shell will be restricted,
- * and this won't be executed on the first pass)