summaryrefslogtreecommitdiffstats
path: root/usr.bin/su
Commit message (Collapse)AuthorAgeFilesLines
* Deconvolute the authentication mess, and hand total responsiblitymarkm2001-05-263-358/+226
| | | | | | | | | | for authentication to PAM. This meens that WHEELSU-type logic can now be effected in the pam.conf "su" configuration stack. While here, clean up the mess that the code had assumed over years of hacking by folks using different styles. ANSIfy. There is more policy in here that can be handed over to PAM. This will be revisited.
* Tell the user what group they must be in to su to root.obrien2001-05-101-1/+4
| | | | Submitted by: Seth Kingsley <sethk@osd.bsdi.com>
* Dike out Kerberos(IV) support on the grounds that better kerberosmarkm2001-04-281-7/+0
| | | | support can be gotten via PAM.
* Dike out the Kerberos(IV) support on the grounds that better kerberosmarkm2001-04-282-189/+14
| | | | support can be already obtained via PAM.
* Add full PAM support for account management and sessions.markm2001-03-273-64/+230
| | | | | | | The PAM_FAIL_CHECK and PAM_END macros in su.c came from the util-linux package's PAM patches to the BSD login.c Submitted by: "David J. MacKenzie" <djm@web.us.uu.net>
* o Make comment match reality, synch code with comment.rwatson2000-11-301-2/+10
| | | | | | | | | | | | | | | | | | | | | | | | | | o In practice: the comment indicates that all but umask and environmental variables of the users login class are applied when su occurs, unless -m is used to specify a class. This was incorrect; in practice, the uid, gids, resources, and priority were set, and then resources and priority were selectively removed. This meant that some aspects of the user context were not set, including handling of login events (wtmp, utmp), as well as the path specified in login.conf. o I changed it so that the behavior is the same, but instead, LOGIN_SETALL is used, and appropriate flags are removed, including the LOGIN_SETLOGIN and LOGIN_SETPATH entries that were implicitly not present before. I also updated the comment to reflect reality, selecting reality as the "correct" behavior. o This has the practical benefit that as new LOGIN_SET* flags are introduced, they are supported by su unless specifically disabled. For example, of a LOGIN_SETLABEL flag is introduced to support MAC labels determined by the user's login class, then su no longer has to be modified. o It might be desirable to have su use LOGIN_SETPATH depending on its command line parameters, as it might or might not be considered part of the "environment". Obtained from: TrustedBSD Project
* mdoc(7) police: use the new features of the Nm macro.ru2000-11-201-2/+2
|
* Document the ``-'' option and minor re-wording in EXAMPLESmarko2000-08-051-2/+12
|
* Remove single-space hard sentence breaks. These degrade the qualitysheldonh2000-03-011-1/+2
| | | | | of the typeset output, tend to make diffs harder to read and provide bad examples for new-comers to mdoc.
* Use libcrypto in place of libdes.markm2000-02-242-3/+3
|
* Revert the libcrypt/libmd stuff back to how it was. This should not havepeter1999-12-181-2/+2
| | | | | | | | happened as it was working around problems elsewhere (ie: binutils/ld not doing the right thing according to the ELF design). libcrypt has been adjusted to not need the runtime -lmd. It's still not quite right (ld is supposed to work damnit) but at least it doesn't impact all the users of libcrypt in Marcel's cross-build model.
* Add libmd (or move it after libcrypt). We don't want the linker to bemarcel1999-12-161-2/+2
| | | | | smart because it will definitely get it wrong. This popped up during cross-linking.
* Change edistribution to krb4 in preaparation for K5markm1999-09-191-1/+1
|
* Fix Common Error brokenness.markm1999-09-061-2/+2
|
* $Id$ -> $FreeBSD$peter1999-08-283-3/+3
|
* Fixed editing error in previous commit. `-lmd' (link libmd) became `-md'bde1999-08-151-4/+4
| | | | | | | (emulate the 'd' linker (?)). This was most harmful for the NOSHARED=yes case since libskey.o isn't linked to libmd.a. Fixed the usual disorder of DPADD and LDADD, and some tab lossage.
* Axe LOGIN_CAP_AUTH.sheldonh1999-08-132-65/+6
| | | | | | PR: 10115 Reported by: Gene Skonicki <gene@cif.rochester.edu> Requested by: jdp
* Actually fixed ambiguous else. The previous revision had no effect.bde1999-07-021-4/+4
|
* Fix ambigious else.billf1999-07-011-2/+3
| | | | Reviewed By: eivind
* Add JKH's auth.conf parser to turn on/off Kerberos in userlandmarkm1998-10-092-2/+13
|
* Fix bad option processing.roberto1998-09-211-7/+4
| | | | | PR: bin/7986 Submitted by: Dan Nelson <dnelson@emsphone.com>
* Remove useless `BINOWN=root' now that it is the default.obrien1998-09-191-2/+1
|
* Removed a buggy ifdef for not linking libmd explicitly. Explicitbde1998-09-021-9/+3
| | | | | | | linkage is needed for the NOSHARED=YES case, so it is simplest to never depend on the automagic linkage for elf shared libraries. Reviewed by: jdp
* Add $Id$gpalmer1998-08-301-0/+1
|
* Still need -lmd on the alpha as it doesn't have shlibs yetgpalmer1998-08-301-1/+1
|
* BINFORMAT -> OBJFORMAT ready for E-day.jb1998-08-301-1/+1
|
* Fix LIBDIR (for aout/ELF).markm1998-08-061-1/+1
|
* Reword to remove confusion between su(1)'s "-c" option and that of the shelljkoshy1998-06-081-9/+16
| | | | | | being invoked. Add example that clarifies usage of "-c". PR: 6859
* PR: 1904danny1998-05-261-1/+6
| | | | Abort if given uname is > MAXLOGNAME-1
* Allow a user in group 0 to su(1) to root if their primarysteve1998-05-252-9/+21
| | | | | | | | | group is 0 in /etc/passwd even if they aren't listed as a member in /etc/group. This is more inline with what the group manpage says. PR: 6696 Submitted by: Max Euston <meuston@jmrodgers.com>
* I wonder how I managed to get the krb.h include wrong. Anyway: correct it.guido1997-10-281-2/+2
|
* Add -c option that allows root to specify a login_class.guido1997-10-272-19/+35
|
* Changes for KTH KerberosIV.markm1997-09-282-11/+22
| | | | | | | | | | | Quieten -Wall a bit. From Joe Traister: The previous patch did not propogate the KRBTKFILE environment variable into the new environment when -l is given to su, making it impossible for kdestroy to find the ticket file. This patch corrects that problem as well as the original segfault problem. (Fixes PR 3903)
* PR: docs/4383wosch1997-09-131-5/+14
| | | | | | su manpage ambiguous regarding command prompt Submitted by: sheldonh@iafrica.com
* If elf, don't add libmd.a just because we link against libskey.so.peter1997-09-051-0/+3
| | | | A
* fix a few spelling changesjmg1997-08-301-2/+2
| | | | | | | | Submitted by: Josh Gilliam Closes PR's: 4429, 4431-4438 PS: He has agreed to submit all contrib fixes back to the original author.
* Prevent a NULL dereferencation when given a garbage command line.joerg1997-08-231-2/+5
| | | | | PR: bin/3206 Submitted by: blank@fox.uni-trier.de
* Add usage().charnier1997-08-122-14/+20
|
* Move libmd after all libraries to keep natural libraries orderache1997-05-231-3/+3
|
* login_getclass() -> login_getpwclass().davidn1997-05-101-2/+2
|
* compare return value from getopt against -1 rather than EOF, per the finalimp1997-03-291-2/+2
| | | | posix standard on the topic.
* When group wheel is empty, allow everyone to su to root. This has normallyguido1997-02-242-5/+7
| | | | | | | no conseqeunces as we ship with a non-empty wheel. Closes PR/1882 Submitted by: Arne Henrik Juul <arnej@frida.imf.unit.no>
* Revert $FreeBSD$ to $Id$peter1997-02-221-1/+1
|
* Sort cross references.wosch1997-01-151-4/+4
|
* Fix problem with mask passwd to setusercontext() whichdavidn1997-01-141-4/+4
| | | | prevented uid/group change with non-root target.
* Make the long-awaited change from $Id$ to $FreeBSD$jkh1997-01-142-2/+2
| | | | | | | | This will make a number of things easier in the future, as well as (finally!) avoiding the Id-smashing problem which has plagued developers for so long. Boy, I'm glad we're not using sup anymore. This update would have been insane otherwise.
* Document effect of login class capabilities.davidn1997-01-131-1/+10
|
* Make su login_cap savvy.davidn1997-01-132-32/+121
| | | | | As with login(1), LOGIN_CAP_AUTH is not yet enabled since we don't yet have authorisation modules.
* Export $TERM only if it has been set in our environment.joerg1996-10-071-2/+3
| | | | Detected by: Amancio Hasty
* [HISTORY] command appeared in Version 1 AT&T UNIXwosch1996-08-291-1/+2
| | | | Obtained from: A Quarter Century of UNIX, Peter H. Salus, page 41
OpenPOWER on IntegriCloud