Commit Graph

154 Commits

Author SHA1 Message Date
pgoyette 3a4bfc9ee9 Note that 'su -l' does not update utmp and related databases. 2012-11-21 19:30:53 +00:00
christos a675bef13d make this compile again. 2012-04-12 15:35:07 +00:00
joerg 66dd2755f5 Add __printflike attribution to use vprintf and friends with an argument
as format string.
2012-03-15 02:02:20 +00:00
plunky 9f61b80465 NULL does not need a cast 2011-08-31 16:24:54 +00:00
elric 07b0c75a48 We no longer need -I/usr/include/krb5. 2011-04-24 21:42:06 +00:00
tron c71ba331c0 Don't free memory that was succesfully passed to putenv(3) which takes
ownership of the memory.
2010-10-02 10:55:36 +00:00
wiz ea548d35a5 Sort options. 2009-05-18 09:37:44 +00:00
lukem 98e5374ccb Remove the \n and tabs from the __COPYRIGHT() strings.
Tweak to use a consistent format.
2008-07-21 14:19:20 +00:00
lukem 050e20c6d5 Be consistent about making USE_PAM!=no be exclusive to USE_SKEY!=no. 2008-04-06 09:54:37 +00:00
christos 327d0b0912 call setprogname(), from Anon Ymous 2008-04-05 15:59:39 +00:00
christos b4403619e0 bump date. 2007-10-27 18:43:37 +00:00
christos 59604b5887 uncomment the group handling documentation. 2007-10-27 18:42:42 +00:00
christos 3670ce19dd - move grutil code to newgrp.
- enable user:group and :group code.
2007-10-27 15:37:45 +00:00
christos 40a10c757f From Anon Ymous:
- Fix a memory leak in newgrp().  (Noted by ginsbach@.)

- If the new and old groups are the same, addgrp() does nothing so
  exit early.  (Noted by ginsbach@.)

- In newgrp(), if the new group isn't found in the in-core, check the
  group membership list anyway as the in-core list may be full or
  /etc/groups may have been edited since login.  (Requested by
  ginsbach@.)

- Deal with a full in-core group[] array in addgid() rather than
  silently ignoring it and ending up with a group[] array that is
  inconsistent with the current group.

- More explicit error handling in addgroup().
2007-10-27 15:33:25 +00:00
christos 1b946384ef Make the license match to grutil.c 2007-10-18 15:41:50 +00:00
christos e16da7f1bc Put the proper license on this file, using the newgrp.c one. 2007-10-18 13:04:06 +00:00
christos 40d5720e00 From Anon Ymous:
- general cleanup [e-funcs, lint fixes, exit values, more error checking]
- add the ability to change the primary group group as login:group, or :group
  *disabled*, until it is discussed.
- remove krb4 code since there is no more krb4 code in the tree.
- also make the old su behave like the pam su: su to the same user, does
  not ask for a password.
- split out shared code into a separate file.
2007-10-17 21:05:39 +00:00
tls 4147a3c54a Add new Makefile knob, USE_FORT, which extends USE_SSP by turning on the
FORTIFY_SOURCE feature of libssp, thus checking the size of arguments to
various string and memory copy and set functions (as well as a few system
calls and other miscellany) where known at function entry.  RedHat has
evidently built all "core system packages" with this option for some time.

This option should be used at the top of Makefiles (or Makefile.inc where
this is used for subdirectories) but after any setting of LIB.

This is only useful for userland code, and cannot be used in libc or in
any code which includes the libc internals, because it overrides certain
libc functions with macros.  Some effort has been made to make USE_FORT=yes
work correctly for a full-system build by having the bsd.sys.mk logic
disable the feature where it should not be used (libc, libssp iteself,
the kernel) but no attempt has been made to build the entire system with
USE_FORT and doing so will doubtless expose numerous bugs and misfeatures.

Adjust the system build so that all programs and libraries that are setuid,
directly handle network data (including serial comm data), perform
authentication, or appear likely to have (or have a history of having)
data-driven bugs (e.g. file(1)) are built with USE_FORT=yes by default,
with the exception of libc, which cannot use USE_FORT and thus uses
only USE_SSP by default.  Tested on i386 with no ill results; USE_FORT=no
per-directory or in a system build will disable if desired.
2007-05-28 12:06:17 +00:00
christos 2b91c98c21 remove PAM_DEBUG 2006-07-13 18:18:09 +00:00
mlelstv bad43188a8 restore elevated priority before launching command in
user context. Fixes PR 33479.
2006-05-14 21:18:31 +00:00
christos 85e611dd01 Goodbye KerberosIV 2006-03-20 04:03:10 +00:00
christos dcf51e5c6a Use LOGIN_CAP even in the pam case. 2005-12-15 14:03:34 +00:00
christos 04095b6d82 PR/32307: Jason V. Miller: su fails to set umask correctly when using pam
and simulating a full login (-, -d, -l)
2005-12-15 14:01:31 +00:00
hubertf 9df5e26cc9 Give a general description what this command does before going into
all the details.
2005-12-15 05:26:36 +00:00
kleink 99dffcffea Set LOGNAME in the new environment (in addition to USER);
fixes PR bin/30670 from Pavel Cahyna.
2005-07-05 20:15:13 +00:00
wiz 76f0e20b24 Use groff macros instead of troff ones. 2005-06-19 17:34:03 +00:00
wiz 2e770dfdda Drop trailing whitespace. 2005-06-19 17:26:30 +00:00
christos 1246ae1e23 check for pwd != NULL 2005-04-19 03:17:35 +00:00
christos dac720be4f Update with pam descriptions.
XXX: needs more work.
1. code needs to be added in pam_group.so to handle indirect groups and
   documented.
2. the indirect group description outside before the customization section
   does not work with pam, but could be made to work once [1] is implemented.
2005-04-05 18:46:33 +00:00
he 65525e6df1 Put declaration of pwbuf[] back before any code, so this compiles with
older versions of gcc again.
2005-04-02 16:12:52 +00:00
christos bbb7e01ae0 - Use the getpw*_r methods.
- KNF.
2005-03-30 01:16:22 +00:00
christos 93bf0b6883 Deal with signals and process groups (from FreeBSD)
Fixes issues with kill -STOP $$ in the su'd shell, and setting up signals
for the child process properly.
2005-03-23 20:02:28 +00:00
he 8e8728c45c Introduce PAM_STATIC_LDADD and PAM_STATIC_DPADD. When compiling
with MKPIC=no, possibly because the target does not support shared
libraries, these include libraries required to resolve all symbols
which end up referenced from PAM-using applications.  The libraries
presently required are -lcrypt, -lrpcsvc and -lutil.

Add use of these variables which are currently set up to use PAM,
so that they compile when MKPIC=no.

Also, in the telnetd case, reorder the order of the libraries, so
that libtelnet.a comes before -ltermcap and -lutil, again to fix
link error when MKPIC=no.

Discussed with thorpej and christos.
2005-03-04 20:41:08 +00:00
christos c1fe2057f5 Fix unmatched .El warning. 2005-02-28 02:30:54 +00:00
christos dc9dbb2ac7 Don't wait for any process, just our child. pam sessions can fork other
processes (such as the ssh pam agent handler) and the wrong process ends
up reaped, wreaking havoc.
2005-02-25 21:49:43 +00:00
christos 479c8052bb Add commented out notes on how we support the special compilation options
under pam.
2005-02-01 22:54:33 +00:00
manu 0d884d9738 Remove unneeded \ at the end of line, style 2005-01-18 21:39:11 +00:00
thorpej c829edc516 Test USE_PAM, not MKPAM. 2005-01-13 00:13:33 +00:00
christos b2f0c10f07 undo accidental commit with MKPAM=yes 2005-01-12 01:46:03 +00:00
christos f8b8ae274a Always print pam error in messages 2005-01-12 01:45:32 +00:00
christos 6c0f1bcc27 :x 2005-01-12 01:45:31 +00:00
christos 81b53d0cfa - make LOGIN_CAP mandatory
- eliminate global pamh
- use setusercontext() properly (ideas borrowed from FreeBSD)
- remove stray debugging.

This now works.
2005-01-10 23:33:53 +00:00
christos 6b47b9b52a LOGIN_CAP is mandatory for PAM. 2005-01-10 23:31:34 +00:00
christos 2ef14ae88a Restore su.c to version 1.58, plus minor prototyping. Split pam
into su_pam.c, and turn it off by default in the Makefile until it
is tested and actually works. The current pam version does not set ruid
properly anymore.
2005-01-10 03:11:50 +00:00
manu d37a5aac85 Rewrite PAMification of su.
- don't try to fallback to plain old authentication. It could lead to unix
  authentication to be used while the administrator wanted to forbid it.
  Moreover, a broken PAM setup can be fixed by just rebooting in single user.
- In order to make the code more readable, make two main(), with and aithout
  PAM.
- Outstanding issues that seem impossible to fix:
  The -K flag die with PAM.
  -c cause PAM credentials to be ignored.
2005-01-09 21:32:38 +00:00
manu 02a0830983 Don't fallback to plain old authentication on "normal" errors such as
authentication failure.
2005-01-08 22:16:23 +00:00
christos e52488f22f if we are using pam and it succeeded, don't re-initialize kerberos needlessly. 2005-01-08 18:12:35 +00:00
lukem ed83e0847a add DPADD 2005-01-08 09:54:36 +00:00
christos 68adb09d42 - avoid calling pam_end twice if pam failed in fatal
- make fatal proper macros
- fix typos in comments
- fix logical error initializing pam
XXX: Seems to work now, but the whole process is awkward.
Asking for an ssh passphrase and using this to do unix authentication is wrong.
Falling back to the old style auth is awkward. We should really provide a
pam_rootauth module if we want to support that.
2005-01-08 08:45:53 +00:00
manu e628e84aaa Add PAM support to su 2005-01-07 22:34:20 +00:00