X-Git-Url: http://git.iain.cx/?p=profile.git;a=blobdiff_plain;f=opt%2Fbin%2Fbecome;h=b6b2f2064da8ae8e01cb7ff015a98fe5f0401023;hp=abe1b85789b81a705bb955620d64d43651d6ec1a;hb=484d06da67a028c69e6ede83479b1bdbeccd5749;hpb=5bee6828943e63f747c510d201d0dc1b44fcd7e1

diff --git a/opt/bin/become b/opt/bin/become
index abe1b85..b6b2f20 100755
--- a/opt/bin/become
+++ b/opt/bin/become
@@ -1,13 +1,77 @@
 #!/bin/bash
 
-user="$1"
+kerberos=0
+x11=0
+while getopts ":kx" opt; do
+  case $opt in
+    k) kerberos=1;;
+    x) x11=1;;
+  esac
+done
+shift $((OPTIND-1))
+
+user="$1"; shift
 if [ -z "$user" ]; then
-  echo >&2 "Usage: become <user>"
+  echo >&2 "Usage: become [-k] [-x] <user>"
+  echo >&2 "Options: -k   Delegate Kerberos credentials even if target user is not root."
+  echo >&2 "         -x   Delegate X11 cookie even if target user is not root."
   exit 1
 fi
 
+uid=$(PATH=/usr/xpg4/bin:/usr/bin id -u "$user" 2>/dev/null)
+if [ -z "$uid" ]; then
+  echo >&2 "Who is $user?"
+  exit 2
+fi
+
+if [ $uid = 0 ]; then
+  kerberos=1
+  x11=1
+fi
+
+PRINCIPAL=$(klist 2>/dev/null | sed -n 's/^Default principal: //p')
+if [ $x11 = 1 -a -n "$DISPLAY" -a "${DISPLAY##localhost:}" = "$DISPLAY" ]; then
+  COOKIE="$(xauth list $DISPLAY)"
+fi
 BECOME="$HOME/.become"
 profile="$BECOME/$user"
 [ -f "$profile" ] || profile="$BECOME/all"
 
-exec sudo -H -u "$user" env BECOME_HOME="$HOME" /bin/bash --rcfile "$profile"
+file="${TMPDIR:-/tmp}/$USER.become.$user.$RANDOM.$$"
+umask=$(builtin umask -p)
+builtin umask 077
+if exec 3>"$file" && exec <"$file" && rm "$file"; then
+  builtin $umask
+  echo >&3 "cd"
+  echo >&3 "PROFILE_HOME='$HOME'"
+  if [ -n "$PRINCIPAL" ]; then
+    echo >&3 "PRINCIPAL='$PRINCIPAL'"
+    if [ $kerberos = 1 ]; then
+      ccname=$(klist 2>/dev/null | sed -n 's/^Ticket cache: FILE://p')
+      if [ -f "$ccname" ]; then
+        openssl=$(find_working openssl)
+        if [ -n "$openssl" ]; then
+          echo >&3 "KRB5OPENSSL='$openssl'"
+          echo >&3 "KRB5BASE64='$($openssl enc -a -in $ccname)'"
+        fi
+      fi
+    fi
+  fi
+  if [ -n "$DISPLAY" -a -n "$COOKIE" ]; then
+    echo >&3 "xauth add $COOKIE"
+  else
+    echo >&3 "unset DISPLAY"
+  fi
+else
+  exit 111
+fi
+
+echo >&3 ". $HOME/.bash_profile"
+[ -f "$BECOME/all" ] && cat >&3 2>/dev/null "$BECOME/all"
+[ -f "$BECOME/$user" ] && cat >&3 2>/dev/null "$BECOME/$user"
+
+exec 3>&-
+dir=$(dirname "$0")
+[ "$dir" = "." ] && dir="$PWD"
+exec sudo -H -u "$user" "$dir/became"
+exit 111