fe7d4299f5
Add EXIT STATUS section.
2003-01-19 19:15:38 +00:00
5f2d0b666f
error handling on strdup failure
2002-11-16 15:59:26 +00:00
d118467d1c
use strlcpy
2002-11-16 13:45:10 +00:00
e91a21c27c
add DPADD.
2002-10-23 01:25:35 +00:00
600dcccfab
New sentence, new line; drop trailing whitespace.
2002-10-13 00:55:17 +00:00
6991e21be2
Make example clearer, that the -c _after_ the login is passed to the shell.
...
Addresses PR 18538 by reed@reedmedia.net
2002-10-05 14:07:04 +00:00
f51456c273
err/errx/warn/warnx do not need \n at the end
2002-06-11 06:06:18 +00:00
9c33b55e7c
Split the notion of building Hesiod, Kerberos, S/key, and YP
...
infrastructure and using that infrastructure in programs.
* MKHESIOD, MKKERBEROS, MKSKEY, and MKYP control building
of the infratsructure (libraries, support programs, etc.)
* USE_HESIOD, USE_KERBEROS, USE_SKEY, and USE_YP control
building of support for using the corresponding API
in various libraries/programs that can use it.
As discussed on tech-toolchain.
2002-03-22 18:10:19 +00:00
3e5626e0f8
Sort sections, sort SEE ALSO, use .Pp instead of empty lines.
2001-12-08 19:17:03 +00:00
69184ba957
Revert to previous, less offensive, error message when a malloc fails.
2001-04-23 06:52:22 +00:00
53dcd3f4a2
kerberos(1) -> (8). Sort SEE ALSO.
2001-04-04 09:44:35 +00:00
a672ba6fd5
Correct the HISTORY section, per PR 11192 and Robert Elz.
2001-03-08 02:59:25 +00:00
a8ec668ddf
convert to use getprogname()
2001-02-19 23:03:42 +00:00
e5aa080165
SU_INDIRECT_GROUP should not be on by default.
2001-01-11 00:54:57 +00:00
91d1372fc6
If SU_INDIRECT_GROUP is defined (it is by default), then su will
...
consider that SUGROUP and ROOTAUTH group contain the names of
users and groups. If user is not found in the list check_ingroup()
recurses on each member until either user is found or end of chain
is reached.
The above allows su's use of the wheel group to be extended to a large
number of users without necessarily putting them in group wheel, and
in a way that will work over NIS that simply extending the line length
limit in getgrent.c cannot.
2001-01-10 21:33:13 +00:00
cc029dd772
- don't use LOG_CONS
...
- by default log to LOG_AUTH (so no need to specify LOG_AUTH at each syslog())
- log all unsuccessful attempts (for whatever reason) to LOG_WARNING
- log all successful attempts to LOG_NOTICE
2001-01-10 12:30:19 +00:00
9b22175a26
Remove INSTALLFLAGS=-fschg, as per change to usr.bin/ssh/ssh/Makefile.
2000-10-18 00:24:18 +00:00
d2f1d733d5
Switch to the user we're su-ing to sooner. This allows su to actually access the user's home directory in cases where root can't. (i.e. root=nobody NFS mounts). Also, avoid inadvertently raising the priority.
2000-09-09 18:13:05 +00:00
aa97fc7fa5
set the correct owner on the krb5 ccache
2000-08-09 02:15:27 +00:00
6d7f2da1a1
remove -lvers, it's not used
2000-08-03 22:56:29 +00:00
549a4d9cdc
update build infrastructure for heimdal 0.3a
2000-08-03 04:02:29 +00:00
98987090cb
Fix library order.
2000-07-23 22:23:14 +00:00
b4c7f0f535
fix the krb5 su to ordinary user case, from Mark Davies
...
<mark@MCS.VUW.AC.NZ>
2000-07-13 08:37:10 +00:00
8d33b0b319
add Kerberos5 support
2000-07-10 02:09:15 +00:00
66ba16788d
repair, simplify, and improve the Kerberos part
2000-07-10 01:45:24 +00:00
df83a2a3cd
Add MK... variables to enable/disable various aspects of building
...
crypto support into the system. See share/mk/bsd.README for more
a full description.
2000-06-23 06:01:10 +00:00
e7d6b96938
Merge a bunch of things from crypto-us and crypto-intl into basesrc,
...
adding support for Heimdal/KTH Kerberos where easy to do so. Eliminate
bsd.crypto.mk.
There is still a bunch more work to do, but crypto is now more-or-less
fully merged into the base NetBSD distribution.
2000-06-20 06:00:24 +00:00
03cdaf03c9
Add some examples of usage. Modelled after what is in Solaris manpage,
...
though no text has been actually copied from there (for legal reasons).
2000-05-10 19:04:36 +00:00
ddcdaa6b45
Set SU_FROM environment variable. This can be used to determine a 'su -'
...
shell from a real login shell (but only if you care).
2000-02-11 00:30:07 +00:00
8cb2edab13
Removed code that would squash root's path when suing to root,
...
restores old behaviour of su.
2000-01-25 02:19:19 +00:00
e6ac440ed4
Implement login_cap capability lookup.
2000-01-14 02:39:14 +00:00
85cbf55d16
Since our gcc doesn't warn about NULL format strings anymore, we can
...
fix the incorrect err(1, "%s", "") et al.
Closes PR bin/7592 by cgd.
1999-11-09 15:06:30 +00:00
d6634fdb48
Mention "-" is the same as "-l". Closes PR/8499 by Matthew Aldous.
1999-09-27 19:41:33 +00:00
36dc48ce6e
Amazing how this worked for so long. setenv(3) expects environ(7) to be
...
a malloc'ed pointer and it tries to realloc(3) it if it had to grow it
before. su(1) gave it a pointer from the stack which caused realloc to
core dump.
1999-08-29 04:21:55 +00:00
51a96a002f
optionally include CRYPTOPATH Makefile.frag files.
1999-07-20 09:35:18 +00:00
9630ed475e
Use bsd.crypto.mk.
1999-07-12 22:11:37 +00:00
bfb603392a
Allow people in group wheel to use the ROOTAUTH group.
...
Pick up SUROOTAUTH (presumably from /etc/mk.conf).
1999-07-11 23:41:10 +00:00
3ea864fcc0
Bring $PATH information in sync with _PATH_DEFPATH.
1999-05-02 18:35:30 +00:00
3191b7662f
Looks like some recent changes broke the 'anyone can su if wheel is not present
...
or empty' rule. Fix.
1999-03-22 03:25:33 +00:00
0b0b4e5f58
Revert - handling; it is done as part of getopt.
1999-03-15 18:56:12 +00:00
b0a604e893
Remove Solaris shadow password support... Better to do this in the
...
compatibility library. Suggested by Matt.
1999-03-15 09:30:51 +00:00
024eb1b8d7
- Add support for Solaris style shadow password files
...
- Enable su - option if BSD4_4 is not defined
- Add compile time option ROOTAUTH (not enabled), where people belonging
to the ROOTAUTH group can su to root by supplying their own password.
1999-03-15 08:05:07 +00:00
96df5ccdbf
Don't warn about being in a user's ACL if Kerberos appears to be
...
unconfigured. We determine this the same way that passwd(1) does.
1999-02-20 00:20:59 +00:00
8481f548e2
Remove the crypto-related bits until such time as we have a fully-
...
integrated source tree. Export-controlled versions of these are now
built during the domestic build process.
1999-02-18 21:22:51 +00:00
664c0d224c
ifdef the pw_change and pw_expire stuff with BSD4_4
1998-12-19 22:24:18 +00:00
b9e3650e39
Add #ifdef SKEY around SKEY-specific code.
1998-10-14 00:56:48 +00:00
f670fa10c5
Add { and } to shut up egcs. Reformat the more questionable code.
1998-08-25 20:59:36 +00:00
66427701ea
const poisoning.
1998-07-26 15:23:39 +00:00
1f7e36a738
fix error in previous.
1998-07-06 11:44:49 +00:00
e2014db084
remove some (almost) duplicated (and thankfully harmless) code left from lite2 merge. KNFnits.
1998-07-06 11:36:14 +00:00
2beab49a06
- use an array MAXHOSTNAMELEN+1 size to hold hostnames
...
- ensure hostname from gethostname() is nul-terminated in all cases
- minor KNF
- use MAXHOSTNAMELEN over various other values/defines
- be safe will buffers that hold hostnames
1998-07-06 06:45:41 +00:00
67a9ef6f17
Need <time.h> for ctime() prototype.
1998-04-02 11:13:33 +00:00
8f62ebfab2
Cleanup warnings when -DKERBEROS
1997-10-24 14:44:35 +00:00
49e5f15617
WARNSify, fix .Nm usage, deprecate register, getopt returns -1 not EOF
1997-10-19 23:30:38 +00:00
d91c72fbd3
Minor changes.
1997-10-12 13:10:16 +00:00
4163fb775c
Make this compile without SKEY.
1997-10-12 12:54:20 +00:00
aaa55367ba
As per discussion with mrg, back out parts of previous change.
...
The appropriate entry in /etc/group as returned by getgrnam() is
used to determine if 'su root' may be permitted, rather than
checking if membership exists in the result of getgroups().
The following changes were made regarding the behaviour of the special
group for 'su root'
* allow for definition of SUGROUP (defaults to "wheel") to override group name.
* use getgrnam(SUGROUP) instead of getgrgid(0).
* only scan getgrnam(SUGROUP)->gr_mem when checking for group membership.
* be more specific as to why 'su root' failed
NOTE: If a user's primary group is SUGROUP, and they're not a member
of SUGROUP in /etc/group, they will not be able to su.
1997-07-02 05:42:11 +00:00
8d846dbbd1
* Notify of impending password or account expiry (check against
...
_PASSWORD_WARNDAYS from <pwd.h>). For non-root users, enforce expiry when
it happens. From Simon Gerraty <sjg@zen.void.oz.au> in [bin/935].
* Check for group 0 in process's current group membership (as returned by
getgroups(2)), instead of just looking at the entry for wheel in /etc/group.
Based on code by Dan Caresone <dan@oink.geek.com.au> in [bin/792], and
also solves [bin/2466].
* Clean up to pass -Wall
1997-06-27 17:01:53 +00:00
650ee578da
alternate -> alternative, per PR 2643
1997-03-08 14:13:54 +00:00
1a20e46715
s/strcnpy/strncpy/ typo
1997-03-04 00:21:13 +00:00
fc8700736a
remove possibly dangerous sprintf and strcpy calls.
1997-02-11 08:39:23 +00:00
b440233d15
Document the recent change in group wheel semantics. Also, it wasn't
...
previously documented that anyone could su to root if group 0 didn't
exist.
1997-01-31 23:12:17 +00:00
1b6b85b894
As discussed on tech-userlevel, allow anyone to su if group wheel has
...
no members (if you have just "root" as a member, which is the shipped
default, then no one can su, as before).
1997-01-31 22:22:47 +00:00
7e342b5f92
Add list of bugs: relies only on /etc/group for group membership,
...
sets policy in code.
1997-01-20 07:14:35 +00:00
9d225a1783
RCS ID police
1997-01-09 20:18:21 +00:00
653b58e924
Sync to 4.4BSD-Lite2
1997-01-09 11:43:05 +00:00
76ef973082
- Fix previous commit; shells require -c "command"
...
- RCSid police.
1996-10-15 14:35:41 +00:00
17b3a275d4
Fix PR/2837: su [login [args]] had the wrong usage and did not work properly. Build the correct argument list and add -c for the shells.
...
Fix PR/2839: su will not build with Kerberos.
- Also:
-Don't coredump when $TERM is not set.
-Add prototypes, remove local old style declarations of system
functions.
-Recognize shells that contain "csh" as being csh alike.
-Don't build with SKEY unconditionally. Obey bsd.own.mk.
1996-10-12 23:54:38 +00:00
bc4780b3bf
Document usage of additional arguments after login name, as suggested by
...
Peter da Silva (slightly edited).
1994-09-05 00:27:10 +00:00
1a3b9af761
add skey support
1994-05-24 06:52:17 +00:00
e8d19a7a32
fix bin/120: "su -" buglet when empty "shell" field in passwd
1994-02-12 07:06:07 +00:00
4f5c7cccc2
Fix spelling errors.
1994-01-11 18:36:16 +00:00
179f4cbf14
Fix bizarre handling of cleanenv, and set the subshells argv[0] according
...
to standard practice. Changes from Alan Batie, David Greenman, and myself.
1994-01-07 16:05:42 +00:00
4b30c543a0
always use libcrypt
1993-10-07 02:16:39 +00:00
f7c6bf575a
Minor tweaks: including header files to bring prototypes into scope,
...
explicitly declaring function return values, etc. to make gcc -Wall
shut up.
1993-08-27 22:30:10 +00:00
e9d867ef50
Add RCS identifiers.
1993-08-01 17:54:45 +00:00
c3e42d1c64
Add RCS indentifiers.
1993-08-01 07:22:47 +00:00
75ff3a90bd
Add RCS identifiers.
1993-07-30 23:49:23 +00:00
04b4a7f853
Back out last change until I can get an official interpretation.
1993-07-28 20:22:53 +00:00
851cc8482a
Update LOGNAME as well as USER environment variables to keep POSIX utilities
...
that only understand LOGNAME happy.
1993-07-28 17:53:26 +00:00
86677cb02a
changed to use new libcrypt scheme.
1993-04-26 14:42:34 +00:00
583bdd93e4
Allow 'su foo -c command'. MAY BE BUGGY! (So sayeth Keith Bostic.)
...
I have noticed no problems yet, however. Since Keith never did it
"properly" ...
1993-04-17 01:10:19 +00:00
649bd7ccc5
added support for using real crypt
1993-03-22 23:27:33 +00:00
61f282557f
initial import of 386bsd-0.1 sources
1993-03-21 09:45:37 +00:00
jmmv