* src/su.c: Define shellstr before the environment so that

	restricted_shell is called only once. This will allow moving the
	environment definition after the switch to the new user.

diff --git a/ChangeLog b/ChangeLog
index 28c6c9f2d9f2750a4e3537b1592ae4aa92b15125..9e482fe76dcb6901c5251d724c0d8e9c194c121a 100644 (file)
--- a/ChangeLog
+++ b/ChangeLog
@@ -13,6 +13,9 @@
        reset to false).
        * src/su.c: No need to change the user's shell in case of
        subsystem root. Update the comments.
+       * src/su.c: Define shellstr before the environment so that
+       restricted_shell is called only once. This will allow moving the
+       environment definition after the switch to the new user.
 
 2011-06-10  Nicolas François  <nicolas.francois@centraliens.net>
 

diff --git a/src/su.c b/src/su.c
index c4b5ccbd7157012cb7c5d98ed4bd52108651884e..f1b0fde6164c450730e2d80561bba6b4a1f1b8a4 100644 (file)
--- a/src/su.c
+++ b/src/su.c
@@ -804,10 +804,37 @@ int main (int argc, char **argv)
                goto top;               /* authenticate in the subsystem */
        }
 
-       /* If su is not called by root, and the target user has a restricted
-        * shell, the environment must be changed.
+       /* If the user do not want to change the environment,
+        * use the current SHELL.
+        * (unless another shell is required by the command line)
+        */
+       if ((NULL == shellstr) && !change_environment) {
+               shellstr = getenv ("SHELL");
+       }
+
+       /* If su is not called by root, and the target user has a
+        * restricted shell, the environment must be changed and the shell
+        * must be the one specified in /etc/passwd.
+        */
+       if (   !amroot
+           && restricted_shell (pwent.pw_shell)) {
+               shellstr = NULL;
+               change_environment = true;
+       }
+
+       /* If the shell is not set at this time, use the shell specified
+        * in /etc/passwd.
         */
-       change_environment |= (restricted_shell (pwent.pw_shell) && !amroot);
+       if (NULL == shellstr) {
+               shellstr = (char *) strdup (pwent.pw_shell);
+       }
+
+       /*
+        * Set the default shell.
+        */
+       if ((NULL == shellstr) || ('\0' == shellstr[0])) {
+               shellstr = SHELL;
+       }
 
        /*
         * If a new login is being set up, the old environment will be
@@ -870,35 +897,6 @@ int main (int argc, char **argv)
                }
        }
 
-       /* If the user do not want to change the environment,
-        * use the current SHELL.
-        * (unless another shell is required by the command line)
-        */
-       if ((NULL == shellstr) && !change_environment) {
-               shellstr = getenv ("SHELL");
-       }
-       /* For users with non null UID, if this user has a restricted
-        * shell, the shell must be the one specified in /etc/passwd
-        */
-       if (   (NULL != shellstr)
-           && !amroot
-           && restricted_shell (pwent.pw_shell)) {
-               shellstr = NULL;
-       }
-       /* If the shell is not set at this time, use the shell specified
-        * in /etc/passwd.
-        */
-       if (NULL == shellstr) {
-               shellstr = (char *) strdup (pwent.pw_shell);
-       }
-
-       /*
-        * Set the default shell.
-        */
-       if ((NULL == shellstr) || ('\0' == shellstr[0])) {
-               shellstr = SHELL;
-       }
-
        cp = getdef_str ((pwent.pw_uid == 0) ? "ENV_SUPATH" : "ENV_PATH");
        if (NULL == cp) {
                addenv ((pwent.pw_uid == 0) ? "PATH=/sbin:/bin:/usr/sbin:/usr/bin" : "PATH=/bin:/usr/bin", NULL);