Commit Graph

134 Commits

Author SHA1 Message Date
christos 85e611dd01 Goodbye KerberosIV 2006-03-20 04:03:10 +00:00
christos dcf51e5c6a Use LOGIN_CAP even in the pam case. 2005-12-15 14:03:34 +00:00
christos 04095b6d82 PR/32307: Jason V. Miller: su fails to set umask correctly when using pam
and simulating a full login (-, -d, -l)
2005-12-15 14:01:31 +00:00
hubertf 9df5e26cc9 Give a general description what this command does before going into
all the details.
2005-12-15 05:26:36 +00:00
kleink 99dffcffea Set LOGNAME in the new environment (in addition to USER);
fixes PR bin/30670 from Pavel Cahyna.
2005-07-05 20:15:13 +00:00
wiz 76f0e20b24 Use groff macros instead of troff ones. 2005-06-19 17:34:03 +00:00
wiz 2e770dfdda Drop trailing whitespace. 2005-06-19 17:26:30 +00:00
christos 1246ae1e23 check for pwd != NULL 2005-04-19 03:17:35 +00:00
christos dac720be4f Update with pam descriptions.
XXX: needs more work.
1. code needs to be added in pam_group.so to handle indirect groups and
   documented.
2. the indirect group description outside before the customization section
   does not work with pam, but could be made to work once [1] is implemented.
2005-04-05 18:46:33 +00:00
he 65525e6df1 Put declaration of pwbuf[] back before any code, so this compiles with
older versions of gcc again.
2005-04-02 16:12:52 +00:00
christos bbb7e01ae0 - Use the getpw*_r methods.
- KNF.
2005-03-30 01:16:22 +00:00
christos 93bf0b6883 Deal with signals and process groups (from FreeBSD)
Fixes issues with kill -STOP $$ in the su'd shell, and setting up signals
for the child process properly.
2005-03-23 20:02:28 +00:00
he 8e8728c45c Introduce PAM_STATIC_LDADD and PAM_STATIC_DPADD. When compiling
with MKPIC=no, possibly because the target does not support shared
libraries, these include libraries required to resolve all symbols
which end up referenced from PAM-using applications.  The libraries
presently required are -lcrypt, -lrpcsvc and -lutil.

Add use of these variables which are currently set up to use PAM,
so that they compile when MKPIC=no.

Also, in the telnetd case, reorder the order of the libraries, so
that libtelnet.a comes before -ltermcap and -lutil, again to fix
link error when MKPIC=no.

Discussed with thorpej and christos.
2005-03-04 20:41:08 +00:00
christos c1fe2057f5 Fix unmatched .El warning. 2005-02-28 02:30:54 +00:00
christos dc9dbb2ac7 Don't wait for any process, just our child. pam sessions can fork other
processes (such as the ssh pam agent handler) and the wrong process ends
up reaped, wreaking havoc.
2005-02-25 21:49:43 +00:00
christos 479c8052bb Add commented out notes on how we support the special compilation options
under pam.
2005-02-01 22:54:33 +00:00
manu 0d884d9738 Remove unneeded \ at the end of line, style 2005-01-18 21:39:11 +00:00
thorpej c829edc516 Test USE_PAM, not MKPAM. 2005-01-13 00:13:33 +00:00
christos b2f0c10f07 undo accidental commit with MKPAM=yes 2005-01-12 01:46:03 +00:00
christos f8b8ae274a Always print pam error in messages 2005-01-12 01:45:32 +00:00
christos 6c0f1bcc27 :x 2005-01-12 01:45:31 +00:00
christos 81b53d0cfa - make LOGIN_CAP mandatory
- eliminate global pamh
- use setusercontext() properly (ideas borrowed from FreeBSD)
- remove stray debugging.

This now works.
2005-01-10 23:33:53 +00:00
christos 6b47b9b52a LOGIN_CAP is mandatory for PAM. 2005-01-10 23:31:34 +00:00
christos 2ef14ae88a Restore su.c to version 1.58, plus minor prototyping. Split pam
into su_pam.c, and turn it off by default in the Makefile until it
is tested and actually works. The current pam version does not set ruid
properly anymore.
2005-01-10 03:11:50 +00:00
manu d37a5aac85 Rewrite PAMification of su.
- don't try to fallback to plain old authentication. It could lead to unix
  authentication to be used while the administrator wanted to forbid it.
  Moreover, a broken PAM setup can be fixed by just rebooting in single user.
- In order to make the code more readable, make two main(), with and aithout
  PAM.
- Outstanding issues that seem impossible to fix:
  The -K flag die with PAM.
  -c cause PAM credentials to be ignored.
2005-01-09 21:32:38 +00:00
manu 02a0830983 Don't fallback to plain old authentication on "normal" errors such as
authentication failure.
2005-01-08 22:16:23 +00:00
christos e52488f22f if we are using pam and it succeeded, don't re-initialize kerberos needlessly. 2005-01-08 18:12:35 +00:00
lukem ed83e0847a add DPADD 2005-01-08 09:54:36 +00:00
christos 68adb09d42 - avoid calling pam_end twice if pam failed in fatal
- make fatal proper macros
- fix typos in comments
- fix logical error initializing pam
XXX: Seems to work now, but the whole process is awkward.
Asking for an ssh passphrase and using this to do unix authentication is wrong.
Falling back to the old style auth is awkward. We should really provide a
pam_rootauth module if we want to support that.
2005-01-08 08:45:53 +00:00
manu e628e84aaa Add PAM support to su 2005-01-07 22:34:20 +00:00
kleink 7c84af2ef7 Remove a leftover line apparently from rev. 1.17; also from Juha Hyttinen
in PR bin/25347.
2004-04-27 10:26:22 +00:00
cjep 4d862106fe Fix typo (SU_INDIRECT_GROOP -> SU_INDIRECT_GROUP). PR#25347 from
Juha Hyttinen.
2004-04-27 10:12:51 +00:00
jmmv b635f565e7 Homogenize usage messages: make the 'usage' word all lowercase, as this seems
to be the most common practice in our tree.
2004-01-05 23:23:32 +00:00
dyoung 4758291178 Fix the checkflist for builds without Kerberos 4 (MKKERBEROS4=no)
and without Kerberos 4 & 5 (MKKERBEROS=no). Previously checkflist
complained of missing files.

* move kerberos- and kerberos 4-only files into new flists,
  distrib/sets/lists/*/krb.*

* make the flist generators grok MKKERBEROS{,4} variables

* fix Makefiles which treat MKKERBEROS=no as MKKERBEROS5=no.
  9 out of 10 experts agree that it is ludicrous to build w/
  KERBEROS4 and w/o KERBEROS5.

* fix header files, also, which treat MKKERBEROS=no as MKKERBEROS5=no.

* omit some Kerberos-only subdirectories from the build as
  MKKERBEROS{,4} indicate

(I acknowledge the sentiment that flists are the wrong way to go,
and that the makefiles should produce the metalog directly.  That
sounds to me like the right way to go, but I am not prepared to do
revamp all the makefiles.  While my approach is expedient, it fits
painlessly within the current build architecture until we are
delivered from flist purgatory, and it does not postpone our
delivery. Fair enough?)
2003-12-11 09:46:26 +00:00
atatat 08e63b9e97 Hey, wiz! Doesn't this need a comma? 2003-09-17 05:34:15 +00:00
lha afad8d1f7c libkrb depends on libdes, patch in private mail from
Harold Gutch logix at foobar franken de
2003-08-23 23:03:42 +00:00
wiz ad921c5f25 Comma and Pp police. Bump date for last. 2003-08-23 22:31:24 +00:00
christos 791007d1e3 Normalize the program's compilation options so they are all of the form SU_
and document them.
2003-08-20 14:11:17 +00:00
agc 89aaa1bb64 Move UCB-licensed code from 4-clause to 3-clause licence.
Patches provided by Joel Baker in PR 22365, verified by myself.
2003-08-07 11:13:06 +00:00
tron 86b35822ff Backout previous and revert su(1) to dynamic linking instead. 2003-07-24 16:18:21 +00:00
tron b2df6d93aa Link with "libdes" if Kerberos IV support is enabled. 2003-07-24 16:06:45 +00:00
itojun e63468d8cc split MKKERBEROS4 from MKKERBEROS. based on work by lha at stacken.kth.se
(build confirmed with both MKKERBEROS4=yes and MKKERBEROS4=no)
2003-07-23 08:01:24 +00:00
jrf 285b019fd8 This addresses PR21693. Under certain conditions, su -m will fail because
the pointer to /etc/shells is pointing to the second entry. This change
resets the pointer before looping through the file again. FreeBSD does
this as well. Commit approved by christos and thanks to Geoff Adams for
catching and reporting it.
2003-06-18 21:02:03 +00:00
wiz aa64771356 Drop trailing space. 2003-04-27 11:09:29 +00:00
jmmv ab753cc4ce Implement the `-d' option, which behaves as `-l' but does not change the
current directory.  Idea suggested by dsl@ in source-changes.
2003-04-27 08:46:25 +00:00
mycroft 3ba2d8197a Only unset ENV if -f was used, AS THE CHANGE WAS DOCUMENTED.
I'm not convinced this is a good idea at all, but at least this fixed my usage.
2003-04-25 08:04:14 +00:00
wiz 287057db85 Bump date for last. 2003-04-24 12:19:06 +00:00
christos c71d457343 PR/5803: Gregg A. Woods: su doesn't support it's "-f" option for sh and/or ksh
fixed by unsetenv("ENV") when -f is set and the shell is not csh.
2003-04-20 20:13:20 +00:00
wiz 990562bfef .Nm does not need a dummy argument ("") before punctuation or
for correct formatting of the SYNOPSIS any longer.
2003-02-25 10:34:36 +00:00
jmmv 7eda74b7a6 Add missing dot to the `-' option. Ok'ed by wiz. 2003-02-21 11:17:50 +00:00