Commit Graph

28 Commits

Author SHA1 Message Date
Guido van Rooij
e8694bc269 When group wheel is empty, allow everyone to su to root. This has normally
no conseqeunces as we ship with a non-empty wheel.

Closes PR/1882
Submitted by:	Arne Henrik Juul <arnej@frida.imf.unit.no>
1997-02-24 20:32:24 +00:00
Peter Wemm
c115df18cd Revert $FreeBSD$ to $Id$ 1997-02-22 19:58:13 +00:00
Wolfram Schneider
da1ff3cb8a Sort cross references. 1997-01-15 23:25:55 +00:00
David Nugent
a564e85582 Fix problem with mask passwd to setusercontext() which
prevented uid/group change with non-root target.
1997-01-14 09:24:09 +00:00
Jordan K. Hubbard
1130b656e5 Make the long-awaited change from $Id$ to $FreeBSD$
This will make a number of things easier in the future, as well as (finally!)
avoiding the Id-smashing problem which has plagued developers for so long.

Boy, I'm glad we're not using sup anymore.  This update would have been
insane otherwise.
1997-01-14 07:20:47 +00:00
David Nugent
e888e45a99 Document effect of login class capabilities. 1997-01-13 06:52:24 +00:00
David Nugent
91bcac64b4 Make su login_cap savvy.
As with login(1), LOGIN_CAP_AUTH is not yet enabled since we don't
yet have authorisation modules.
1997-01-13 06:39:19 +00:00
Joerg Wunsch
40a8a5cf5c Export $TERM only if it has been set in our environment.
Detected by: Amancio Hasty
1996-10-07 10:00:58 +00:00
Wolfram Schneider
b8923d4cc0 [HISTORY] command appeared in Version 1 AT&T UNIX
Obtained from: A Quarter Century of UNIX, Peter H. Salus, page 41
1996-08-29 18:06:19 +00:00
Mark Murray
1a98a0fb5b Make su a little less fascist about using Kerberos if it is not
configured or available.

Also fix a _nasty_ bug that would let one in if su -K was used.
Any old password would work :-( :-(.
1996-03-11 22:14:52 +00:00
Mark Murray
5a453b0ef3 Better integrate kerberos into su so that if an incorrect Kerberos
password is entered, the user is not prompted for a password a second
time.

This closes pr-bin/1006.
1996-03-09 14:57:43 +00:00
Mark Murray
bbff7ca556 #include <kerberosIV/des.h> -> #include <des.h> 1996-02-11 09:18:18 +00:00
Garrett Wollman
eb034ce46a Make it possible to enable WHEELSU from /etc/make.conf. 1995-10-12 17:25:58 +00:00
Justin T. Gibbs
f4390542d7 Kerberos can now deal with multi-homed clients.
Kerberos obtains a network address for the local host from the routing
tables and uses it consistently for all Kerberos transactions.  This ensures
that packets only leave the *authenticated* interface.  Clients who open
and use their own sockets for encrypted or authenticated correspondance
to kerberos services should bind their sockets to the same address as that
used by kerberos.  krb_get_local_addr() and krb_bind_local_addr() allow
clients to obtain the local address or bind a socket to the local address
used by Kerberos respectively.

Reviewed by: Mark Murray <markm>, Garrett Wollman <wollman>
Obtained from: concept by Dieter Dworkin Muller <dworkin@village.org>
1995-10-05 21:30:21 +00:00
Joerg Wunsch
76ba1af23f Bring Barry Morris' changes from FreeBSD 1.1.5.1 back: pass arguments
to the target login's shell.  This allows for "su -c".

Do it right this time and also explain this behaviour in the man
page. :)

Obtained from:	bsm's work in FreeBSD 1.1.5.1
1995-09-06 12:38:53 +00:00
Mike Pritchard
ae532ecb79 Check for expired passwords before allowing access to the system. 1995-08-28 21:30:59 +00:00
Garrett Wollman
99005ad98e Added support for an LCS-style `wheel su' which allows users in group wheel
to su to root by authenticating as themselves (using a password or S/Key)
rather than by using the root password.  This is useful in contexts like
ours, where a large group of people need root access to a set of machines.
(However, the security implications are such that this should not be
enabled by default.)

The code is conditionalized on WHEELSU.
1995-07-12 20:11:19 +00:00
Rodney W. Grimes
7799f52a32 Remove trailing whitespace. 1995-05-30 06:41:30 +00:00
Jordan K. Hubbard
ce0436e7a6 It has always bugged me that ps and w did not display su with tcsh
properly.  I know, tcsh is not a "Real Shell".

jc       p2 :0.0             Tue04PM     - -u (tcsh)
                                           ^^^
7173 p2  S+     0:01.33 -u (tcsh)
			^^^

Submitted by:	John Capo <jc@irbs.com>
1995-04-06 06:06:47 +00:00
Nate Williams
e6fc505e8f Change the library order so libcrypt is the last library in the list.
libskey contains references to _crypt and can't resolve it unless
-lcrypt occurs after it in the link command.  This only occurs when
linking statically.
1995-03-18 17:36:30 +00:00
Garrett Wollman
a38c3127e1 Add distribution=krb for P-HK 1994-11-20 23:23:28 +00:00
Andreas Schulz
0b293ea528 Fixed the PATH and cleanenv setting in su. This was totally broken in the
4.4BSD Lite source.
1994-11-17 16:56:58 +00:00
Paul Traina
2ddadf840c Include most of the logdaemon v4.4 S/key changes 1994-10-19 00:03:45 +00:00
Paul Traina
122c9247d4 Add support for s/keys 1994-09-29 20:54:41 +00:00
Geoff Rehmet
c368d11dd2 First level of changes for bringing in eBones (kerberos).
- Get rid of inverse logic (NOKERBEROS and NOEBONES) in src/makefile,
and replace with MAKE_KERBEROS and MAKE_EBONES.  (Far fewer contortions,
and both default to off.)  IF YOU WANT KERBEROS, YOU HAVE TO EXPLICITLY
DEFINE ONE OF THESE.
- Make Makefiles kerberos-aware.
1994-09-29 13:06:54 +00:00
Geoff Rehmet
fa1313397e LDADD= -lcrypt
Submitted by:	Geoff
1994-08-20 21:29:33 +00:00
Garrett Wollman
5d92ed776d Don't use kerberos yet, we aren't ready. 1994-08-05 20:43:31 +00:00
Rodney W. Grimes
9b50d90275 BSD 4.4 Lite Usr.bin Sources 1994-05-27 12:33:43 +00:00