diff --git a/butterfly/terminal.py b/butterfly/terminal.py index a58d664..7957347 100644 --- a/butterfly/terminal.py +++ b/butterfly/terminal.py @@ -232,10 +232,17 @@ class Terminal(object): os.execvpe(args[0], args, env) # This process has been replaced + if server.root and tornado.options.options.pam_profile: + pam_path = os.path.join( + os.path.dirname(os.path.realpath(__file__)), 'pam.py') + os.execvpe(sys.executable, [ + sys.executable, pam_path, self.callee.name, + tornado.options.options.pam_profile], env) + # Unsecure connection with su if server.root: if self.socket.local: - if self.callee != self.caller and tornado.options.options.pam_profile == "": + if self.callee != self.caller: # Force password prompt by dropping rights # to the daemon user os.setuid(daemon.uid) @@ -246,21 +253,17 @@ class Terminal(object): sys.exit(1) os.setuid(daemon.uid) - if (not server.root) or tornado.options.options.pam_profile == "": - if os.path.exists('/usr/bin/su'): - args = ['/usr/bin/su'] - else: - args = ['/bin/su'] - - args.append('-l') - if sys.platform == 'linux' and tornado.options.options.shell: - args.append('-s') - args.append(tornado.options.options.shell) - args.append(self.callee.name) - os.execvpe(args[0], args, env) + if os.path.exists('/usr/bin/su'): + args = ['/usr/bin/su'] else: - pam_path = os.path.join(os.path.dirname(os.path.realpath(__file__)), 'pam.py') - os.execvpe(sys.executable, [sys.executable, pam_path, self.callee.name, tornado.options.options.pam_profile], env) + args = ['/bin/su'] + + args.append('-l') + if sys.platform == 'linux' and tornado.options.options.shell: + args.append('-s') + args.append(tornado.options.options.shell) + args.append(self.callee.name) + os.execvpe(args[0], args, env) def communicate(self): fcntl.fcntl(self.fd, fcntl.F_SETFL, os.O_NONBLOCK)