Fix pam condition

2026-05-28 07:59:41 +00:00 · 2017-02-13 11:36:29 +01:00
parent 70369a0b32
commit 70e00ac696
1 changed files with 18 additions and 15 deletions
--- a/butterfly/terminal.py
+++ b/butterfly/terminal.py
@@ -232,10 +232,17 @@ class Terminal(object):
            os.execvpe(args[0], args, env)
            # This process has been replaced

+        if server.root and tornado.options.options.pam_profile:
+            pam_path = os.path.join(
+                os.path.dirname(os.path.realpath(__file__)), 'pam.py')
+            os.execvpe(sys.executable, [
+                sys.executable, pam_path, self.callee.name,
+                tornado.options.options.pam_profile], env)
+
        # Unsecure connection with su
        if server.root:
            if self.socket.local:
-                if self.callee != self.caller and tornado.options.options.pam_profile == "":
+                if self.callee != self.caller:
                    # Force password prompt by dropping rights
                    # to the daemon user
                    os.setuid(daemon.uid)
@@ -246,21 +253,17 @@ class Terminal(object):
                    sys.exit(1)
                os.setuid(daemon.uid)

-        if (not server.root) or tornado.options.options.pam_profile == "":
-            if os.path.exists('/usr/bin/su'):
-                args = ['/usr/bin/su']
-            else:
-                args = ['/bin/su']
-
-            args.append('-l')
-            if sys.platform == 'linux' and tornado.options.options.shell:
-                args.append('-s')
-                args.append(tornado.options.options.shell)
-            args.append(self.callee.name)
-            os.execvpe(args[0], args, env)
+        if os.path.exists('/usr/bin/su'):
+            args = ['/usr/bin/su']
        else:
-            pam_path = os.path.join(os.path.dirname(os.path.realpath(__file__)), 'pam.py')
-            os.execvpe(sys.executable, [sys.executable, pam_path, self.callee.name, tornado.options.options.pam_profile], env)
+            args = ['/bin/su']
+
+        args.append('-l')
+        if sys.platform == 'linux' and tornado.options.options.shell:
+            args.append('-s')
+            args.append(tornado.options.options.shell)
+        args.append(self.callee.name)
+        os.execvpe(args[0], args, env)

    def communicate(self):
        fcntl.fcntl(self.fd, fcntl.F_SETFL, os.O_NONBLOCK)