Commit Graph

136 Commits

Author SHA1 Message Date
wiz 990562bfef .Nm does not need a dummy argument ("") before punctuation or
for correct formatting of the SYNOPSIS any longer.
2003-02-25 10:34:36 +00:00
jmmv 7eda74b7a6 Add missing dot to the `-' option. Ok'ed by wiz. 2003-02-21 11:17:50 +00:00
jmmv fe7d4299f5 Add EXIT STATUS section. 2003-01-19 19:15:38 +00:00
itojun 5f2d0b666f error handling on strdup failure 2002-11-16 15:59:26 +00:00
itojun d118467d1c use strlcpy 2002-11-16 13:45:10 +00:00
itojun e91a21c27c add DPADD. 2002-10-23 01:25:35 +00:00
wiz 600dcccfab New sentence, new line; drop trailing whitespace. 2002-10-13 00:55:17 +00:00
hubertf 6991e21be2 Make example clearer, that the -c _after_ the login is passed to the shell.
Addresses PR 18538 by reed@reedmedia.net
2002-10-05 14:07:04 +00:00
itojun f51456c273 err/errx/warn/warnx do not need \n at the end 2002-06-11 06:06:18 +00:00
thorpej 9c33b55e7c Split the notion of building Hesiod, Kerberos, S/key, and YP
infrastructure and using that infrastructure in programs.

	* MKHESIOD, MKKERBEROS, MKSKEY, and MKYP control building
	  of the infratsructure (libraries, support programs, etc.)

	* USE_HESIOD, USE_KERBEROS, USE_SKEY, and USE_YP control
	  building of support for using the corresponding API
	  in various libraries/programs that can use it.

As discussed on tech-toolchain.
2002-03-22 18:10:19 +00:00
wiz 3e5626e0f8 Sort sections, sort SEE ALSO, use .Pp instead of empty lines. 2001-12-08 19:17:03 +00:00
simonb 69184ba957 Revert to previous, less offensive, error message when a malloc fails. 2001-04-23 06:52:22 +00:00
wiz 53dcd3f4a2 kerberos(1) -> (8). Sort SEE ALSO. 2001-04-04 09:44:35 +00:00
fair a672ba6fd5 Correct the HISTORY section, per PR 11192 and Robert Elz. 2001-03-08 02:59:25 +00:00
cgd a8ec668ddf convert to use getprogname() 2001-02-19 23:03:42 +00:00
sjg e5aa080165 SU_INDIRECT_GROUP should not be on by default. 2001-01-11 00:54:57 +00:00
sjg 91d1372fc6 If SU_INDIRECT_GROUP is defined (it is by default), then su will
consider that SUGROUP and ROOTAUTH group contain the names of
users and groups.  If user is not found in the list check_ingroup()
recurses on each member until either user is found or end of chain
is reached.

The above allows su's use of the wheel group to be extended to a large
number of users without necessarily putting them in group wheel, and
in a way that will work over NIS that simply extending the line length
limit in getgrent.c cannot.
2001-01-10 21:33:13 +00:00
lukem cc029dd772 - don't use LOG_CONS
- by default log to LOG_AUTH (so no need to specify LOG_AUTH at each syslog())
- log all unsuccessful attempts (for whatever reason) to LOG_WARNING
- log all successful attempts to LOG_NOTICE
2001-01-10 12:30:19 +00:00
simonb 9b22175a26 Remove INSTALLFLAGS=-fschg, as per change to usr.bin/ssh/ssh/Makefile. 2000-10-18 00:24:18 +00:00
erh d2f1d733d5 Switch to the user we're su-ing to sooner. This allows su to actually access the user's home directory in cases where root can't. (i.e. root=nobody NFS mounts). Also, avoid inadvertently raising the priority. 2000-09-09 18:13:05 +00:00
assar aa97fc7fa5 set the correct owner on the krb5 ccache 2000-08-09 02:15:27 +00:00
assar 6d7f2da1a1 remove -lvers, it's not used 2000-08-03 22:56:29 +00:00
assar 549a4d9cdc update build infrastructure for heimdal 0.3a 2000-08-03 04:02:29 +00:00
mycroft 98987090cb Fix library order. 2000-07-23 22:23:14 +00:00
assar b4c7f0f535 fix the krb5 su to ordinary user case, from Mark Davies
<mark@MCS.VUW.AC.NZ>
2000-07-13 08:37:10 +00:00
assar 8d33b0b319 add Kerberos5 support 2000-07-10 02:09:15 +00:00
assar 66ba16788d repair, simplify, and improve the Kerberos part 2000-07-10 01:45:24 +00:00
thorpej df83a2a3cd Add MK... variables to enable/disable various aspects of building
crypto support into the system.  See share/mk/bsd.README for more
a full description.
2000-06-23 06:01:10 +00:00
thorpej e7d6b96938 Merge a bunch of things from crypto-us and crypto-intl into basesrc,
adding support for Heimdal/KTH Kerberos where easy to do so.  Eliminate
bsd.crypto.mk.

There is still a bunch more work to do, but crypto is now more-or-less
fully merged into the base NetBSD distribution.
2000-06-20 06:00:24 +00:00
jdolecek 03cdaf03c9 Add some examples of usage. Modelled after what is in Solaris manpage,
though no text has been actually copied from there (for legal reasons).
2000-05-10 19:04:36 +00:00
abs ddcdaa6b45 Set SU_FROM environment variable. This can be used to determine a 'su -'
shell from a real login shell (but only if you care).
2000-02-11 00:30:07 +00:00
mjl 8cb2edab13 Removed code that would squash root's path when suing to root,
restores old behaviour of su.
2000-01-25 02:19:19 +00:00
mjl e6ac440ed4 Implement login_cap capability lookup. 2000-01-14 02:39:14 +00:00
drochner 85cbf55d16 Since our gcc doesn't warn about NULL format strings anymore, we can
fix the incorrect err(1, "%s", "") et al.
Closes PR bin/7592 by cgd.
1999-11-09 15:06:30 +00:00
mjl d6634fdb48 Mention "-" is the same as "-l". Closes PR/8499 by Matthew Aldous. 1999-09-27 19:41:33 +00:00
christos 36dc48ce6e Amazing how this worked for so long. setenv(3) expects environ(7) to be
a malloc'ed pointer and it tries to realloc(3) it if it had to grow it
before. su(1) gave it a pointer from the stack which caused realloc to
core dump.
1999-08-29 04:21:55 +00:00
mrg 51a96a002f optionally include CRYPTOPATH Makefile.frag files. 1999-07-20 09:35:18 +00:00
thorpej 9630ed475e Use bsd.crypto.mk. 1999-07-12 22:11:37 +00:00
kim bfb603392a Allow people in group wheel to use the ROOTAUTH group.
Pick up SUROOTAUTH (presumably from /etc/mk.conf).
1999-07-11 23:41:10 +00:00
kleink 3ea864fcc0 Bring $PATH information in sync with _PATH_DEFPATH. 1999-05-02 18:35:30 +00:00
abs 3191b7662f Looks like some recent changes broke the 'anyone can su if wheel is not present
or empty' rule. Fix.
1999-03-22 03:25:33 +00:00
christos 0b0b4e5f58 Revert - handling; it is done as part of getopt. 1999-03-15 18:56:12 +00:00
christos b0a604e893 Remove Solaris shadow password support... Better to do this in the
compatibility library. Suggested by Matt.
1999-03-15 09:30:51 +00:00
christos 024eb1b8d7 - Add support for Solaris style shadow password files
- Enable su - option if BSD4_4 is not defined
- Add compile time option ROOTAUTH (not enabled), where people belonging
  to the ROOTAUTH group can su to root by supplying their own password.
1999-03-15 08:05:07 +00:00
scottr 96df5ccdbf Don't warn about being in a user's ACL if Kerberos appears to be
unconfigured.  We determine this the same way that passwd(1) does.
1999-02-20 00:20:59 +00:00
scottr 8481f548e2 Remove the crypto-related bits until such time as we have a fully-
integrated source tree.  Export-controlled versions of these are now
built during the domestic build process.
1999-02-18 21:22:51 +00:00
christos 664c0d224c ifdef the pw_change and pw_expire stuff with BSD4_4 1998-12-19 22:24:18 +00:00
wsanchez b9e3650e39 Add #ifdef SKEY around SKEY-specific code. 1998-10-14 00:56:48 +00:00
ross f670fa10c5 Add { and } to shut up egcs. Reformat the more questionable code. 1998-08-25 20:59:36 +00:00
mycroft 66427701ea const poisoning. 1998-07-26 15:23:39 +00:00
mrg 1f7e36a738 fix error in previous. 1998-07-06 11:44:49 +00:00
mrg e2014db084 remove some (almost) duplicated (and thankfully harmless) code left from lite2 merge. KNFnits. 1998-07-06 11:36:14 +00:00
mrg 2beab49a06 - use an array MAXHOSTNAMELEN+1 size to hold hostnames
- ensure hostname from gethostname() is nul-terminated in all cases
- minor KNF
- use MAXHOSTNAMELEN over various other values/defines
- be safe will buffers that hold hostnames
1998-07-06 06:45:41 +00:00
kleink 67a9ef6f17 Need <time.h> for ctime() prototype. 1998-04-02 11:13:33 +00:00
christos 8f62ebfab2 Cleanup warnings when -DKERBEROS 1997-10-24 14:44:35 +00:00
lukem 49e5f15617 WARNSify, fix .Nm usage, deprecate register, getopt returns -1 not EOF 1997-10-19 23:30:38 +00:00
mycroft d91c72fbd3 Minor changes. 1997-10-12 13:10:16 +00:00
mycroft 4163fb775c Make this compile without SKEY. 1997-10-12 12:54:20 +00:00
lukem aaa55367ba As per discussion with mrg, back out parts of previous change.
The appropriate entry in /etc/group as returned by getgrnam() is
used to determine if 'su root' may be permitted, rather than
checking if membership exists in the result of getgroups().

The following changes were made regarding the behaviour of the special
group for 'su root'
* allow for definition of SUGROUP (defaults to "wheel") to override group name.
* use getgrnam(SUGROUP) instead of getgrgid(0).
* only scan getgrnam(SUGROUP)->gr_mem when checking for group membership.
* be more specific as to why 'su root' failed

NOTE: If a user's primary group is SUGROUP, and they're not a member
of SUGROUP in /etc/group, they will not be able to su.
1997-07-02 05:42:11 +00:00
lukem 8d846dbbd1 * Notify of impending password or account expiry (check against
_PASSWORD_WARNDAYS from <pwd.h>). For non-root users, enforce expiry when
  it happens. From Simon Gerraty <sjg@zen.void.oz.au> in [bin/935].
* Check for group 0 in process's current group membership (as returned by
  getgroups(2)), instead of just looking at the entry for wheel in /etc/group.
  Based on code by Dan Caresone <dan@oink.geek.com.au> in [bin/792], and
  also solves [bin/2466].
* Clean up to pass -Wall
1997-06-27 17:01:53 +00:00
mouse 650ee578da alternate -> alternative, per PR 2643 1997-03-08 14:13:54 +00:00
explorer 1a20e46715 s/strcnpy/strncpy/ typo 1997-03-04 00:21:13 +00:00
mrg fc8700736a remove possibly dangerous sprintf and strcpy calls. 1997-02-11 08:39:23 +00:00
ghudson b440233d15 Document the recent change in group wheel semantics. Also, it wasn't
previously documented that anyone could su to root if group 0 didn't
exist.
1997-01-31 23:12:17 +00:00
ghudson 1b6b85b894 As discussed on tech-userlevel, allow anyone to su if group wheel has
no members (if you have just "root" as a member, which is the shipped
default, then no one can su, as before).
1997-01-31 22:22:47 +00:00
cjs 7e342b5f92 Add list of bugs: relies only on /etc/group for group membership,
sets policy in code.
1997-01-20 07:14:35 +00:00
tls 9d225a1783 RCS ID police 1997-01-09 20:18:21 +00:00
tls 653b58e924 Sync to 4.4BSD-Lite2 1997-01-09 11:43:05 +00:00
christos 76ef973082 - Fix previous commit; shells require -c "command"
- RCSid police.
1996-10-15 14:35:41 +00:00
christos 17b3a275d4 Fix PR/2837: su [login [args]] had the wrong usage and did not work properly. Build the correct argument list and add -c for the shells.
Fix PR/2839: su will not build with Kerberos.

- Also:
	-Don't coredump when $TERM is not set.
	-Add prototypes, remove local old style declarations of system
	 functions.
	-Recognize shells that contain "csh" as being csh alike.
	-Don't build with SKEY unconditionally. Obey bsd.own.mk.
1996-10-12 23:54:38 +00:00
mycroft bc4780b3bf Document usage of additional arguments after login name, as suggested by
Peter da Silva (slightly edited).
1994-09-05 00:27:10 +00:00
deraadt 1a3b9af761 add skey support 1994-05-24 06:52:17 +00:00
cgd e8d19a7a32 fix bin/120: "su -" buglet when empty "shell" field in passwd 1994-02-12 07:06:07 +00:00
jtc 4f5c7cccc2 Fix spelling errors. 1994-01-11 18:36:16 +00:00
mycroft 179f4cbf14 Fix bizarre handling of cleanenv, and set the subshells argv[0] according
to standard practice.  Changes from Alan Batie, David Greenman, and myself.
1994-01-07 16:05:42 +00:00
cgd 4b30c543a0 always use libcrypt 1993-10-07 02:16:39 +00:00
jtc f7c6bf575a Minor tweaks: including header files to bring prototypes into scope,
explicitly declaring function return values, etc. to make gcc -Wall
shut up.
1993-08-27 22:30:10 +00:00
mycroft e9d867ef50 Add RCS identifiers. 1993-08-01 17:54:45 +00:00
mycroft c3e42d1c64 Add RCS indentifiers. 1993-08-01 07:22:47 +00:00
mycroft 75ff3a90bd Add RCS identifiers. 1993-07-30 23:49:23 +00:00
jtc 04b4a7f853 Back out last change until I can get an official interpretation. 1993-07-28 20:22:53 +00:00
jtc 851cc8482a Update LOGNAME as well as USER environment variables to keep POSIX utilities
that only understand LOGNAME happy.
1993-07-28 17:53:26 +00:00
cgd 86677cb02a changed to use new libcrypt scheme. 1993-04-26 14:42:34 +00:00
sef 583bdd93e4 Allow 'su foo -c command'. MAY BE BUGGY! (So sayeth Keith Bostic.)
I have noticed no problems yet, however.  Since Keith never did it
"properly" ...
1993-04-17 01:10:19 +00:00
cgd 649bd7ccc5 added support for using real crypt 1993-03-22 23:27:33 +00:00
cgd 61f282557f initial import of 386bsd-0.1 sources 1993-03-21 09:45:37 +00:00