Commit Graph

127 Commits

Author SHA1 Message Date
christos 1246ae1e23 check for pwd != NULL 2005-04-19 03:17:35 +00:00
christos dac720be4f Update with pam descriptions.
XXX: needs more work.
1. code needs to be added in pam_group.so to handle indirect groups and
   documented.
2. the indirect group description outside before the customization section
   does not work with pam, but could be made to work once [1] is implemented.
2005-04-05 18:46:33 +00:00
he 65525e6df1 Put declaration of pwbuf[] back before any code, so this compiles with
older versions of gcc again.
2005-04-02 16:12:52 +00:00
christos bbb7e01ae0 - Use the getpw*_r methods.
- KNF.
2005-03-30 01:16:22 +00:00
christos 93bf0b6883 Deal with signals and process groups (from FreeBSD)
Fixes issues with kill -STOP $$ in the su'd shell, and setting up signals
for the child process properly.
2005-03-23 20:02:28 +00:00
he 8e8728c45c Introduce PAM_STATIC_LDADD and PAM_STATIC_DPADD. When compiling
with MKPIC=no, possibly because the target does not support shared
libraries, these include libraries required to resolve all symbols
which end up referenced from PAM-using applications.  The libraries
presently required are -lcrypt, -lrpcsvc and -lutil.

Add use of these variables which are currently set up to use PAM,
so that they compile when MKPIC=no.

Also, in the telnetd case, reorder the order of the libraries, so
that libtelnet.a comes before -ltermcap and -lutil, again to fix
link error when MKPIC=no.

Discussed with thorpej and christos.
2005-03-04 20:41:08 +00:00
christos c1fe2057f5 Fix unmatched .El warning. 2005-02-28 02:30:54 +00:00
christos dc9dbb2ac7 Don't wait for any process, just our child. pam sessions can fork other
processes (such as the ssh pam agent handler) and the wrong process ends
up reaped, wreaking havoc.
2005-02-25 21:49:43 +00:00
christos 479c8052bb Add commented out notes on how we support the special compilation options
under pam.
2005-02-01 22:54:33 +00:00
manu 0d884d9738 Remove unneeded \ at the end of line, style 2005-01-18 21:39:11 +00:00
thorpej c829edc516 Test USE_PAM, not MKPAM. 2005-01-13 00:13:33 +00:00
christos b2f0c10f07 undo accidental commit with MKPAM=yes 2005-01-12 01:46:03 +00:00
christos f8b8ae274a Always print pam error in messages 2005-01-12 01:45:32 +00:00
christos 6c0f1bcc27 :x 2005-01-12 01:45:31 +00:00
christos 81b53d0cfa - make LOGIN_CAP mandatory
- eliminate global pamh
- use setusercontext() properly (ideas borrowed from FreeBSD)
- remove stray debugging.

This now works.
2005-01-10 23:33:53 +00:00
christos 6b47b9b52a LOGIN_CAP is mandatory for PAM. 2005-01-10 23:31:34 +00:00
christos 2ef14ae88a Restore su.c to version 1.58, plus minor prototyping. Split pam
into su_pam.c, and turn it off by default in the Makefile until it
is tested and actually works. The current pam version does not set ruid
properly anymore.
2005-01-10 03:11:50 +00:00
manu d37a5aac85 Rewrite PAMification of su.
- don't try to fallback to plain old authentication. It could lead to unix
  authentication to be used while the administrator wanted to forbid it.
  Moreover, a broken PAM setup can be fixed by just rebooting in single user.
- In order to make the code more readable, make two main(), with and aithout
  PAM.
- Outstanding issues that seem impossible to fix:
  The -K flag die with PAM.
  -c cause PAM credentials to be ignored.
2005-01-09 21:32:38 +00:00
manu 02a0830983 Don't fallback to plain old authentication on "normal" errors such as
authentication failure.
2005-01-08 22:16:23 +00:00
christos e52488f22f if we are using pam and it succeeded, don't re-initialize kerberos needlessly. 2005-01-08 18:12:35 +00:00
lukem ed83e0847a add DPADD 2005-01-08 09:54:36 +00:00
christos 68adb09d42 - avoid calling pam_end twice if pam failed in fatal
- make fatal proper macros
- fix typos in comments
- fix logical error initializing pam
XXX: Seems to work now, but the whole process is awkward.
Asking for an ssh passphrase and using this to do unix authentication is wrong.
Falling back to the old style auth is awkward. We should really provide a
pam_rootauth module if we want to support that.
2005-01-08 08:45:53 +00:00
manu e628e84aaa Add PAM support to su 2005-01-07 22:34:20 +00:00
kleink 7c84af2ef7 Remove a leftover line apparently from rev. 1.17; also from Juha Hyttinen
in PR bin/25347.
2004-04-27 10:26:22 +00:00
cjep 4d862106fe Fix typo (SU_INDIRECT_GROOP -> SU_INDIRECT_GROUP). PR#25347 from
Juha Hyttinen.
2004-04-27 10:12:51 +00:00
jmmv b635f565e7 Homogenize usage messages: make the 'usage' word all lowercase, as this seems
to be the most common practice in our tree.
2004-01-05 23:23:32 +00:00
dyoung 4758291178 Fix the checkflist for builds without Kerberos 4 (MKKERBEROS4=no)
and without Kerberos 4 & 5 (MKKERBEROS=no). Previously checkflist
complained of missing files.

* move kerberos- and kerberos 4-only files into new flists,
  distrib/sets/lists/*/krb.*

* make the flist generators grok MKKERBEROS{,4} variables

* fix Makefiles which treat MKKERBEROS=no as MKKERBEROS5=no.
  9 out of 10 experts agree that it is ludicrous to build w/
  KERBEROS4 and w/o KERBEROS5.

* fix header files, also, which treat MKKERBEROS=no as MKKERBEROS5=no.

* omit some Kerberos-only subdirectories from the build as
  MKKERBEROS{,4} indicate

(I acknowledge the sentiment that flists are the wrong way to go,
and that the makefiles should produce the metalog directly.  That
sounds to me like the right way to go, but I am not prepared to do
revamp all the makefiles.  While my approach is expedient, it fits
painlessly within the current build architecture until we are
delivered from flist purgatory, and it does not postpone our
delivery. Fair enough?)
2003-12-11 09:46:26 +00:00
atatat 08e63b9e97 Hey, wiz! Doesn't this need a comma? 2003-09-17 05:34:15 +00:00
lha afad8d1f7c libkrb depends on libdes, patch in private mail from
Harold Gutch logix at foobar franken de
2003-08-23 23:03:42 +00:00
wiz ad921c5f25 Comma and Pp police. Bump date for last. 2003-08-23 22:31:24 +00:00
christos 791007d1e3 Normalize the program's compilation options so they are all of the form SU_
and document them.
2003-08-20 14:11:17 +00:00
agc 89aaa1bb64 Move UCB-licensed code from 4-clause to 3-clause licence.
Patches provided by Joel Baker in PR 22365, verified by myself.
2003-08-07 11:13:06 +00:00
tron 86b35822ff Backout previous and revert su(1) to dynamic linking instead. 2003-07-24 16:18:21 +00:00
tron b2df6d93aa Link with "libdes" if Kerberos IV support is enabled. 2003-07-24 16:06:45 +00:00
itojun e63468d8cc split MKKERBEROS4 from MKKERBEROS. based on work by lha at stacken.kth.se
(build confirmed with both MKKERBEROS4=yes and MKKERBEROS4=no)
2003-07-23 08:01:24 +00:00
jrf 285b019fd8 This addresses PR21693. Under certain conditions, su -m will fail because
the pointer to /etc/shells is pointing to the second entry. This change
resets the pointer before looping through the file again. FreeBSD does
this as well. Commit approved by christos and thanks to Geoff Adams for
catching and reporting it.
2003-06-18 21:02:03 +00:00
wiz aa64771356 Drop trailing space. 2003-04-27 11:09:29 +00:00
jmmv ab753cc4ce Implement the `-d' option, which behaves as `-l' but does not change the
current directory.  Idea suggested by dsl@ in source-changes.
2003-04-27 08:46:25 +00:00
mycroft 3ba2d8197a Only unset ENV if -f was used, AS THE CHANGE WAS DOCUMENTED.
I'm not convinced this is a good idea at all, but at least this fixed my usage.
2003-04-25 08:04:14 +00:00
wiz 287057db85 Bump date for last. 2003-04-24 12:19:06 +00:00
christos c71d457343 PR/5803: Gregg A. Woods: su doesn't support it's "-f" option for sh and/or ksh
fixed by unsetenv("ENV") when -f is set and the shell is not csh.
2003-04-20 20:13:20 +00:00
wiz 990562bfef .Nm does not need a dummy argument ("") before punctuation or
for correct formatting of the SYNOPSIS any longer.
2003-02-25 10:34:36 +00:00
jmmv 7eda74b7a6 Add missing dot to the `-' option. Ok'ed by wiz. 2003-02-21 11:17:50 +00:00
jmmv fe7d4299f5 Add EXIT STATUS section. 2003-01-19 19:15:38 +00:00
itojun 5f2d0b666f error handling on strdup failure 2002-11-16 15:59:26 +00:00
itojun d118467d1c use strlcpy 2002-11-16 13:45:10 +00:00
itojun e91a21c27c add DPADD. 2002-10-23 01:25:35 +00:00
wiz 600dcccfab New sentence, new line; drop trailing whitespace. 2002-10-13 00:55:17 +00:00
hubertf 6991e21be2 Make example clearer, that the -c _after_ the login is passed to the shell.
Addresses PR 18538 by reed@reedmedia.net
2002-10-05 14:07:04 +00:00
itojun f51456c273 err/errx/warn/warnx do not need \n at the end 2002-06-11 06:06:18 +00:00