* Apply a few patches to make `su' behave more like the old `su' from

  coreutils:

  - Don't remove variables such as $PATH and $SHELL from the calling
    environment (from upstream).

  - When su is invoked with command line arguments for the shell
    (e.g. "su - -c 'cmd'"), set argv[0] in the shell to "-su" or
    "-<basename>" (as determined by the SU_NAME option in
    /etc/login.defs).  This is necessary to make Bash compiled with
    the NON_INTERACTIVE_LOGIN_SHELLS option to read startup files.

  - Don't set $PATH to /bin:/usr/bin but inherit the $PATH of the
    caller.

svn path=/nixpkgs/trunk/; revision=22140

4 files changed, 60 insertions, 0 deletions

diff --git a/pkgs/os-specific/linux/shadow/default.nix b/pkgs/os-specific/linux/shadow/default.nix
index b44e2d99c89d..dcaee64b03ce 100644
--- a/pkgs/os-specific/linux/shadow/default.nix
+++ b/pkgs/os-specific/linux/shadow/default.nix
@@ -9,6 +9,8 @@ stdenv.mkDerivation rec {
   };
 
   buildInputs = [ pam ];
+
+  patches = [ ./no-sanitize-env.patch ./su-name.patch ./keep-path.patch ];
   
   meta = {
     homepage = http://pkg-shadow.alioth.debian.org/;
diff --git a/pkgs/os-specific/linux/shadow/keep-path.patch b/pkgs/os-specific/linux/shadow/keep-path.patch
new file mode 100644
index 000000000000..4b8406b53b08
--- /dev/null
+++ b/pkgs/os-specific/linux/shadow/keep-path.patch
@@ -0,0 +1,22 @@
+Don't reset $PATH to /bin:/usr/bin.  This is consistent with `su' in
+coreutils and important on NixOS.
+
+diff -ru -x '*~' shadow-4.1.4.2-orig/src/su.c shadow-4.1.4.2/src/su.c
+--- shadow-4.1.4.2-orig/src/su.c	2009-07-23 22:38:56.000000000 +0200
++++ shadow-4.1.4.2/src/su.c	2010-06-04 13:23:11.000000000 +0200
+@@ -827,6 +827,7 @@
+ 	(void) signal (SIGINT, SIG_DFL);
+ 	(void) signal (SIGQUIT, SIG_DFL);
+ 
++#if 0
+ 	cp = getdef_str ((pwent.pw_uid == 0) ? "ENV_SUPATH" : "ENV_PATH");
+ 	if (NULL == cp) {
+ 		addenv ("PATH=/bin:/usr/bin", NULL);
+@@ -835,6 +836,7 @@
+ 	} else {
+ 		addenv ("PATH", cp);
+ 	}
++#endif
+ 
+ 	if (getenv ("IFS") != NULL) {	/* don't export user IFS ... */
+ 		addenv ("IFS= \t\n", NULL);	/* ... instead, set a safe IFS */
diff --git a/pkgs/os-specific/linux/shadow/no-sanitize-env.patch b/pkgs/os-specific/linux/shadow/no-sanitize-env.patch
new file mode 100644
index 000000000000..902706d137eb
--- /dev/null
+++ b/pkgs/os-specific/linux/shadow/no-sanitize-env.patch
@@ -0,0 +1,16 @@
+Don't remove environment variables such as PATH or SHELL.
+
+http://bugs.gentoo.org/show_bug.cgi?id=301957
+https://alioth.debian.org/scm/browser.php?group_id=30580
+
+--- a/src/su.c
++++ b/src/su.c
+@@ -342,7 +342,7 @@
+ #endif
+ #endif				/* !USE_PAM */
+ 
+-	sanitize_env ();
++	/* sanitize_env (); */
+ 
+ 	(void) setlocale (LC_ALL, "");
+ 	(void) bindtextdomain (PACKAGE, LOCALEDIR);
diff --git a/pkgs/os-specific/linux/shadow/su-name.patch b/pkgs/os-specific/linux/shadow/su-name.patch
new file mode 100644
index 000000000000..5873c9342748
--- /dev/null
+++ b/pkgs/os-specific/linux/shadow/su-name.patch
@@ -0,0 +1,20 @@
+When su is invoked with command line arguments for the shell (e.g. "su
+- -c 'cmd'"), set argv[0] in the shell to "-su" or "-<basename>" (as
+determined by the SU_NAME option in /etc/login.defs).  This is
+necessary to make Bash compiled with the NON_INTERACTIVE_LOGIN_SHELLS
+option to read startup files.  It is also consistent with the
+behaviour of `su' in coreutils, and with the case where there are no
+arguments ("su -").
+
+diff -ru -x '*~' shadow-4.1.4.2-orig/src/su.c shadow-4.1.4.2/src/su.c
+--- shadow-4.1.4.2-orig/src/su.c	2009-07-23 22:38:56.000000000 +0200
++++ shadow-4.1.4.2/src/su.c	2010-06-04 13:02:24.000000000 +0200
+@@ -983,7 +983,7 @@
+ 		 * Use the shell and create an argv
+ 		 * with the rest of the command line included.
+ 		 */
+-		argv[-1] = shellstr;
++		argv[-1] = cp;
+ #ifndef USE_PAM
+ 		execve_shell (shellstr, &argv[-1], environ);
+ 		err = errno;