Commit Graph

68 Commits

Author SHA1 Message Date
lukem 98e5374ccb Remove the \n and tabs from the __COPYRIGHT() strings.
Tweak to use a consistent format.
2008-07-21 14:19:20 +00:00
christos 327d0b0912 call setprogname(), from Anon Ymous 2008-04-05 15:59:39 +00:00
christos 40d5720e00 From Anon Ymous:
- general cleanup [e-funcs, lint fixes, exit values, more error checking]
- add the ability to change the primary group group as login:group, or :group
  *disabled*, until it is discussed.
- remove krb4 code since there is no more krb4 code in the tree.
- also make the old su behave like the pam su: su to the same user, does
  not ask for a password.
- split out shared code into a separate file.
2007-10-17 21:05:39 +00:00
kleink 99dffcffea Set LOGNAME in the new environment (in addition to USER);
fixes PR bin/30670 from Pavel Cahyna.
2005-07-05 20:15:13 +00:00
christos 2ef14ae88a Restore su.c to version 1.58, plus minor prototyping. Split pam
into su_pam.c, and turn it off by default in the Makefile until it
is tested and actually works. The current pam version does not set ruid
properly anymore.
2005-01-10 03:11:50 +00:00
manu d37a5aac85 Rewrite PAMification of su.
- don't try to fallback to plain old authentication. It could lead to unix
  authentication to be used while the administrator wanted to forbid it.
  Moreover, a broken PAM setup can be fixed by just rebooting in single user.
- In order to make the code more readable, make two main(), with and aithout
  PAM.
- Outstanding issues that seem impossible to fix:
  The -K flag die with PAM.
  -c cause PAM credentials to be ignored.
2005-01-09 21:32:38 +00:00
manu 02a0830983 Don't fallback to plain old authentication on "normal" errors such as
authentication failure.
2005-01-08 22:16:23 +00:00
christos e52488f22f if we are using pam and it succeeded, don't re-initialize kerberos needlessly. 2005-01-08 18:12:35 +00:00
christos 68adb09d42 - avoid calling pam_end twice if pam failed in fatal
- make fatal proper macros
- fix typos in comments
- fix logical error initializing pam
XXX: Seems to work now, but the whole process is awkward.
Asking for an ssh passphrase and using this to do unix authentication is wrong.
Falling back to the old style auth is awkward. We should really provide a
pam_rootauth module if we want to support that.
2005-01-08 08:45:53 +00:00
manu e628e84aaa Add PAM support to su 2005-01-07 22:34:20 +00:00
jmmv b635f565e7 Homogenize usage messages: make the 'usage' word all lowercase, as this seems
to be the most common practice in our tree.
2004-01-05 23:23:32 +00:00
christos 791007d1e3 Normalize the program's compilation options so they are all of the form SU_
and document them.
2003-08-20 14:11:17 +00:00
agc 89aaa1bb64 Move UCB-licensed code from 4-clause to 3-clause licence.
Patches provided by Joel Baker in PR 22365, verified by myself.
2003-08-07 11:13:06 +00:00
jrf 285b019fd8 This addresses PR21693. Under certain conditions, su -m will fail because
the pointer to /etc/shells is pointing to the second entry. This change
resets the pointer before looping through the file again. FreeBSD does
this as well. Commit approved by christos and thanks to Geoff Adams for
catching and reporting it.
2003-06-18 21:02:03 +00:00
jmmv ab753cc4ce Implement the `-d' option, which behaves as `-l' but does not change the
current directory.  Idea suggested by dsl@ in source-changes.
2003-04-27 08:46:25 +00:00
mycroft 3ba2d8197a Only unset ENV if -f was used, AS THE CHANGE WAS DOCUMENTED.
I'm not convinced this is a good idea at all, but at least this fixed my usage.
2003-04-25 08:04:14 +00:00
christos c71d457343 PR/5803: Gregg A. Woods: su doesn't support it's "-f" option for sh and/or ksh
fixed by unsetenv("ENV") when -f is set and the shell is not csh.
2003-04-20 20:13:20 +00:00
itojun 5f2d0b666f error handling on strdup failure 2002-11-16 15:59:26 +00:00
itojun d118467d1c use strlcpy 2002-11-16 13:45:10 +00:00
itojun f51456c273 err/errx/warn/warnx do not need \n at the end 2002-06-11 06:06:18 +00:00
simonb 69184ba957 Revert to previous, less offensive, error message when a malloc fails. 2001-04-23 06:52:22 +00:00
cgd a8ec668ddf convert to use getprogname() 2001-02-19 23:03:42 +00:00
sjg 91d1372fc6 If SU_INDIRECT_GROUP is defined (it is by default), then su will
consider that SUGROUP and ROOTAUTH group contain the names of
users and groups.  If user is not found in the list check_ingroup()
recurses on each member until either user is found or end of chain
is reached.

The above allows su's use of the wheel group to be extended to a large
number of users without necessarily putting them in group wheel, and
in a way that will work over NIS that simply extending the line length
limit in getgrent.c cannot.
2001-01-10 21:33:13 +00:00
lukem cc029dd772 - don't use LOG_CONS
- by default log to LOG_AUTH (so no need to specify LOG_AUTH at each syslog())
- log all unsuccessful attempts (for whatever reason) to LOG_WARNING
- log all successful attempts to LOG_NOTICE
2001-01-10 12:30:19 +00:00
erh d2f1d733d5 Switch to the user we're su-ing to sooner. This allows su to actually access the user's home directory in cases where root can't. (i.e. root=nobody NFS mounts). Also, avoid inadvertently raising the priority. 2000-09-09 18:13:05 +00:00
assar aa97fc7fa5 set the correct owner on the krb5 ccache 2000-08-09 02:15:27 +00:00
assar b4c7f0f535 fix the krb5 su to ordinary user case, from Mark Davies
<mark@MCS.VUW.AC.NZ>
2000-07-13 08:37:10 +00:00
assar 8d33b0b319 add Kerberos5 support 2000-07-10 02:09:15 +00:00
assar 66ba16788d repair, simplify, and improve the Kerberos part 2000-07-10 01:45:24 +00:00
abs ddcdaa6b45 Set SU_FROM environment variable. This can be used to determine a 'su -'
shell from a real login shell (but only if you care).
2000-02-11 00:30:07 +00:00
mjl 8cb2edab13 Removed code that would squash root's path when suing to root,
restores old behaviour of su.
2000-01-25 02:19:19 +00:00
mjl e6ac440ed4 Implement login_cap capability lookup. 2000-01-14 02:39:14 +00:00
drochner 85cbf55d16 Since our gcc doesn't warn about NULL format strings anymore, we can
fix the incorrect err(1, "%s", "") et al.
Closes PR bin/7592 by cgd.
1999-11-09 15:06:30 +00:00
christos 36dc48ce6e Amazing how this worked for so long. setenv(3) expects environ(7) to be
a malloc'ed pointer and it tries to realloc(3) it if it had to grow it
before. su(1) gave it a pointer from the stack which caused realloc to
core dump.
1999-08-29 04:21:55 +00:00
kim bfb603392a Allow people in group wheel to use the ROOTAUTH group.
Pick up SUROOTAUTH (presumably from /etc/mk.conf).
1999-07-11 23:41:10 +00:00
abs 3191b7662f Looks like some recent changes broke the 'anyone can su if wheel is not present
or empty' rule. Fix.
1999-03-22 03:25:33 +00:00
christos 0b0b4e5f58 Revert - handling; it is done as part of getopt. 1999-03-15 18:56:12 +00:00
christos b0a604e893 Remove Solaris shadow password support... Better to do this in the
compatibility library. Suggested by Matt.
1999-03-15 09:30:51 +00:00
christos 024eb1b8d7 - Add support for Solaris style shadow password files
- Enable su - option if BSD4_4 is not defined
- Add compile time option ROOTAUTH (not enabled), where people belonging
  to the ROOTAUTH group can su to root by supplying their own password.
1999-03-15 08:05:07 +00:00
scottr 96df5ccdbf Don't warn about being in a user's ACL if Kerberos appears to be
unconfigured.  We determine this the same way that passwd(1) does.
1999-02-20 00:20:59 +00:00
christos 664c0d224c ifdef the pw_change and pw_expire stuff with BSD4_4 1998-12-19 22:24:18 +00:00
wsanchez b9e3650e39 Add #ifdef SKEY around SKEY-specific code. 1998-10-14 00:56:48 +00:00
ross f670fa10c5 Add { and } to shut up egcs. Reformat the more questionable code. 1998-08-25 20:59:36 +00:00
mycroft 66427701ea const poisoning. 1998-07-26 15:23:39 +00:00
mrg 1f7e36a738 fix error in previous. 1998-07-06 11:44:49 +00:00
mrg e2014db084 remove some (almost) duplicated (and thankfully harmless) code left from lite2 merge. KNFnits. 1998-07-06 11:36:14 +00:00
mrg 2beab49a06 - use an array MAXHOSTNAMELEN+1 size to hold hostnames
- ensure hostname from gethostname() is nul-terminated in all cases
- minor KNF
- use MAXHOSTNAMELEN over various other values/defines
- be safe will buffers that hold hostnames
1998-07-06 06:45:41 +00:00
kleink 67a9ef6f17 Need <time.h> for ctime() prototype. 1998-04-02 11:13:33 +00:00
christos 8f62ebfab2 Cleanup warnings when -DKERBEROS 1997-10-24 14:44:35 +00:00
lukem 49e5f15617 WARNSify, fix .Nm usage, deprecate register, getopt returns -1 not EOF 1997-10-19 23:30:38 +00:00