summaryrefslogtreecommitdiffstats
path: root/usr.bin/su
Commit message (Collapse)AuthorAgeFilesLines
* o Make comment match reality, synch code with comment.rwatson2000-11-301-2/+10
| | | | | | | | | | | | | | | | | | | | | | | | | | o In practice: the comment indicates that all but umask and environmental variables of the users login class are applied when su occurs, unless -m is used to specify a class. This was incorrect; in practice, the uid, gids, resources, and priority were set, and then resources and priority were selectively removed. This meant that some aspects of the user context were not set, including handling of login events (wtmp, utmp), as well as the path specified in login.conf. o I changed it so that the behavior is the same, but instead, LOGIN_SETALL is used, and appropriate flags are removed, including the LOGIN_SETLOGIN and LOGIN_SETPATH entries that were implicitly not present before. I also updated the comment to reflect reality, selecting reality as the "correct" behavior. o This has the practical benefit that as new LOGIN_SET* flags are introduced, they are supported by su unless specifically disabled. For example, of a LOGIN_SETLABEL flag is introduced to support MAC labels determined by the user's login class, then su no longer has to be modified. o It might be desirable to have su use LOGIN_SETPATH depending on its command line parameters, as it might or might not be considered part of the "environment". Obtained from: TrustedBSD Project
* mdoc(7) police: use the new features of the Nm macro.ru2000-11-201-2/+2
|
* Document the ``-'' option and minor re-wording in EXAMPLESmarko2000-08-051-2/+12
|
* Remove single-space hard sentence breaks. These degrade the qualitysheldonh2000-03-011-1/+2
| | | | | of the typeset output, tend to make diffs harder to read and provide bad examples for new-comers to mdoc.
* Use libcrypto in place of libdes.markm2000-02-242-3/+3
|
* Revert the libcrypt/libmd stuff back to how it was. This should not havepeter1999-12-181-2/+2
| | | | | | | | happened as it was working around problems elsewhere (ie: binutils/ld not doing the right thing according to the ELF design). libcrypt has been adjusted to not need the runtime -lmd. It's still not quite right (ld is supposed to work damnit) but at least it doesn't impact all the users of libcrypt in Marcel's cross-build model.
* Add libmd (or move it after libcrypt). We don't want the linker to bemarcel1999-12-161-2/+2
| | | | | smart because it will definitely get it wrong. This popped up during cross-linking.
* Change edistribution to krb4 in preaparation for K5markm1999-09-191-1/+1
|
* Fix Common Error brokenness.markm1999-09-061-2/+2
|
* $Id$ -> $FreeBSD$peter1999-08-283-3/+3
|
* Fixed editing error in previous commit. `-lmd' (link libmd) became `-md'bde1999-08-151-4/+4
| | | | | | | (emulate the 'd' linker (?)). This was most harmful for the NOSHARED=yes case since libskey.o isn't linked to libmd.a. Fixed the usual disorder of DPADD and LDADD, and some tab lossage.
* Axe LOGIN_CAP_AUTH.sheldonh1999-08-132-65/+6
| | | | | | PR: 10115 Reported by: Gene Skonicki <gene@cif.rochester.edu> Requested by: jdp
* Actually fixed ambiguous else. The previous revision had no effect.bde1999-07-021-4/+4
|
* Fix ambigious else.billf1999-07-011-2/+3
| | | | Reviewed By: eivind
* Add JKH's auth.conf parser to turn on/off Kerberos in userlandmarkm1998-10-092-2/+13
|
* Fix bad option processing.roberto1998-09-211-7/+4
| | | | | PR: bin/7986 Submitted by: Dan Nelson <dnelson@emsphone.com>
* Remove useless `BINOWN=root' now that it is the default.obrien1998-09-191-2/+1
|
* Removed a buggy ifdef for not linking libmd explicitly. Explicitbde1998-09-021-9/+3
| | | | | | | linkage is needed for the NOSHARED=YES case, so it is simplest to never depend on the automagic linkage for elf shared libraries. Reviewed by: jdp
* Add $Id$gpalmer1998-08-301-0/+1
|
* Still need -lmd on the alpha as it doesn't have shlibs yetgpalmer1998-08-301-1/+1
|
* BINFORMAT -> OBJFORMAT ready for E-day.jb1998-08-301-1/+1
|
* Fix LIBDIR (for aout/ELF).markm1998-08-061-1/+1
|
* Reword to remove confusion between su(1)'s "-c" option and that of the shelljkoshy1998-06-081-9/+16
| | | | | | being invoked. Add example that clarifies usage of "-c". PR: 6859
* PR: 1904danny1998-05-261-1/+6
| | | | Abort if given uname is > MAXLOGNAME-1
* Allow a user in group 0 to su(1) to root if their primarysteve1998-05-252-9/+21
| | | | | | | | | group is 0 in /etc/passwd even if they aren't listed as a member in /etc/group. This is more inline with what the group manpage says. PR: 6696 Submitted by: Max Euston <meuston@jmrodgers.com>
* I wonder how I managed to get the krb.h include wrong. Anyway: correct it.guido1997-10-281-2/+2
|
* Add -c option that allows root to specify a login_class.guido1997-10-272-19/+35
|
* Changes for KTH KerberosIV.markm1997-09-282-11/+22
| | | | | | | | | | | Quieten -Wall a bit. From Joe Traister: The previous patch did not propogate the KRBTKFILE environment variable into the new environment when -l is given to su, making it impossible for kdestroy to find the ticket file. This patch corrects that problem as well as the original segfault problem. (Fixes PR 3903)
* PR: docs/4383wosch1997-09-131-5/+14
| | | | | | su manpage ambiguous regarding command prompt Submitted by: sheldonh@iafrica.com
* If elf, don't add libmd.a just because we link against libskey.so.peter1997-09-051-0/+3
| | | | A
* fix a few spelling changesjmg1997-08-301-2/+2
| | | | | | | | Submitted by: Josh Gilliam Closes PR's: 4429, 4431-4438 PS: He has agreed to submit all contrib fixes back to the original author.
* Prevent a NULL dereferencation when given a garbage command line.joerg1997-08-231-2/+5
| | | | | PR: bin/3206 Submitted by: blank@fox.uni-trier.de
* Add usage().charnier1997-08-122-14/+20
|
* Move libmd after all libraries to keep natural libraries orderache1997-05-231-3/+3
|
* login_getclass() -> login_getpwclass().davidn1997-05-101-2/+2
|
* compare return value from getopt against -1 rather than EOF, per the finalimp1997-03-291-2/+2
| | | | posix standard on the topic.
* When group wheel is empty, allow everyone to su to root. This has normallyguido1997-02-242-5/+7
| | | | | | | no conseqeunces as we ship with a non-empty wheel. Closes PR/1882 Submitted by: Arne Henrik Juul <arnej@frida.imf.unit.no>
* Revert $FreeBSD$ to $Id$peter1997-02-221-1/+1
|
* Sort cross references.wosch1997-01-151-4/+4
|
* Fix problem with mask passwd to setusercontext() whichdavidn1997-01-141-4/+4
| | | | prevented uid/group change with non-root target.
* Make the long-awaited change from $Id$ to $FreeBSD$jkh1997-01-142-2/+2
| | | | | | | | This will make a number of things easier in the future, as well as (finally!) avoiding the Id-smashing problem which has plagued developers for so long. Boy, I'm glad we're not using sup anymore. This update would have been insane otherwise.
* Document effect of login class capabilities.davidn1997-01-131-1/+10
|
* Make su login_cap savvy.davidn1997-01-132-32/+121
| | | | | As with login(1), LOGIN_CAP_AUTH is not yet enabled since we don't yet have authorisation modules.
* Export $TERM only if it has been set in our environment.joerg1996-10-071-2/+3
| | | | Detected by: Amancio Hasty
* [HISTORY] command appeared in Version 1 AT&T UNIXwosch1996-08-291-1/+2
| | | | Obtained from: A Quarter Century of UNIX, Peter H. Salus, page 41
* Make su a little less fascist about using Kerberos if it is notmarkm1996-03-111-6/+7
| | | | | | | configured or available. Also fix a _nasty_ bug that would let one in if su -K was used. Any old password would work :-( :-(.
* Better integrate kerberos into su so that if an incorrect Kerberosmarkm1996-03-092-32/+53
| | | | | | | password is entered, the user is not prompted for a password a second time. This closes pr-bin/1006.
* #include <kerberosIV/des.h> -> #include <des.h>markm1996-02-111-1/+1
|
* Make it possible to enable WHEELSU from /etc/make.conf.wollman1995-10-121-1/+4
|
* Kerberos can now deal with multi-homed clients.gibbs1995-10-051-4/+5
| | | | | | | | | | | | | | Kerberos obtains a network address for the local host from the routing tables and uses it consistently for all Kerberos transactions. This ensures that packets only leave the *authenticated* interface. Clients who open and use their own sockets for encrypted or authenticated correspondance to kerberos services should bind their sockets to the same address as that used by kerberos. krb_get_local_addr() and krb_bind_local_addr() allow clients to obtain the local address or bind a socket to the local address used by Kerberos respectively. Reviewed by: Mark Murray <markm>, Garrett Wollman <wollman> Obtained from: concept by Dieter Dworkin Muller <dworkin@village.org>
OpenPOWER on IntegriCloud