consider that SUGROUP and ROOTAUTH group contain the names of
users and groups. If user is not found in the list check_ingroup()
recurses on each member until either user is found or end of chain
is reached.
The above allows su's use of the wheel group to be extended to a large
number of users without necessarily putting them in group wheel, and
in a way that will work over NIS that simply extending the line length
limit in getgrent.c cannot.
- by default log to LOG_AUTH (so no need to specify LOG_AUTH at each syslog())
- log all unsuccessful attempts (for whatever reason) to LOG_WARNING
- log all successful attempts to LOG_NOTICE
a malloc'ed pointer and it tries to realloc(3) it if it had to grow it
before. su(1) gave it a pointer from the stack which caused realloc to
core dump.
- Enable su - option if BSD4_4 is not defined
- Add compile time option ROOTAUTH (not enabled), where people belonging
to the ROOTAUTH group can su to root by supplying their own password.
- ensure hostname from gethostname() is nul-terminated in all cases
- minor KNF
- use MAXHOSTNAMELEN over various other values/defines
- be safe will buffers that hold hostnames
The appropriate entry in /etc/group as returned by getgrnam() is
used to determine if 'su root' may be permitted, rather than
checking if membership exists in the result of getgroups().
The following changes were made regarding the behaviour of the special
group for 'su root'
* allow for definition of SUGROUP (defaults to "wheel") to override group name.
* use getgrnam(SUGROUP) instead of getgrgid(0).
* only scan getgrnam(SUGROUP)->gr_mem when checking for group membership.
* be more specific as to why 'su root' failed
NOTE: If a user's primary group is SUGROUP, and they're not a member
of SUGROUP in /etc/group, they will not be able to su.
_PASSWORD_WARNDAYS from <pwd.h>). For non-root users, enforce expiry when
it happens. From Simon Gerraty <sjg@zen.void.oz.au> in [bin/935].
* Check for group 0 in process's current group membership (as returned by
getgroups(2)), instead of just looking at the entry for wheel in /etc/group.
Based on code by Dan Caresone <dan@oink.geek.com.au> in [bin/792], and
also solves [bin/2466].
* Clean up to pass -Wall
Fix PR/2839: su will not build with Kerberos.
- Also:
-Don't coredump when $TERM is not set.
-Add prototypes, remove local old style declarations of system
functions.
-Recognize shells that contain "csh" as being csh alike.
-Don't build with SKEY unconditionally. Obey bsd.own.mk.
itojun