- general cleanup [e-funcs, lint fixes, exit values, more error checking]
- add the ability to change the primary group group as login:group, or :group
*disabled*, until it is discussed.
- remove krb4 code since there is no more krb4 code in the tree.
- also make the old su behave like the pam su: su to the same user, does
not ask for a password.
- split out shared code into a separate file.
into su_pam.c, and turn it off by default in the Makefile until it
is tested and actually works. The current pam version does not set ruid
properly anymore.
- don't try to fallback to plain old authentication. It could lead to unix
authentication to be used while the administrator wanted to forbid it.
Moreover, a broken PAM setup can be fixed by just rebooting in single user.
- In order to make the code more readable, make two main(), with and aithout
PAM.
- Outstanding issues that seem impossible to fix:
The -K flag die with PAM.
-c cause PAM credentials to be ignored.
- make fatal proper macros
- fix typos in comments
- fix logical error initializing pam
XXX: Seems to work now, but the whole process is awkward.
Asking for an ssh passphrase and using this to do unix authentication is wrong.
Falling back to the old style auth is awkward. We should really provide a
pam_rootauth module if we want to support that.
the pointer to /etc/shells is pointing to the second entry. This change
resets the pointer before looping through the file again. FreeBSD does
this as well. Commit approved by christos and thanks to Geoff Adams for
catching and reporting it.
consider that SUGROUP and ROOTAUTH group contain the names of
users and groups. If user is not found in the list check_ingroup()
recurses on each member until either user is found or end of chain
is reached.
The above allows su's use of the wheel group to be extended to a large
number of users without necessarily putting them in group wheel, and
in a way that will work over NIS that simply extending the line length
limit in getgrent.c cannot.
- by default log to LOG_AUTH (so no need to specify LOG_AUTH at each syslog())
- log all unsuccessful attempts (for whatever reason) to LOG_WARNING
- log all successful attempts to LOG_NOTICE
a malloc'ed pointer and it tries to realloc(3) it if it had to grow it
before. su(1) gave it a pointer from the stack which caused realloc to
core dump.
- Enable su - option if BSD4_4 is not defined
- Add compile time option ROOTAUTH (not enabled), where people belonging
to the ROOTAUTH group can su to root by supplying their own password.
- ensure hostname from gethostname() is nul-terminated in all cases
- minor KNF
- use MAXHOSTNAMELEN over various other values/defines
- be safe will buffers that hold hostnames