Commit Graph

79 Commits

Author SHA1 Message Date
Brian Somers
cd17a1f7ba Fix the other su bug reintroduced two commits ago, namely
$ su
    % kill -STOP $$

where su is executing (t)csh.  csh's job handling is a little more
special than that of (a)sh, bash and even zsh and blows up a little
more spectacularly.  This modification restores the original mucking
about with the tty pgrp, but is careful to only do it when su (or
su's child) is the foreground process.

While I'm here, fix a STDERR_FILENO spelling as suggested by bde.
2006-01-03 09:17:04 +00:00
Brian Somers
d039c62baa Handle the case (that I just broke) where the following hangs:
$ su
    # kill -STOP $$

Pointed out by:	David Xu <davidxu@freebsd.org>
2006-01-02 09:46:38 +00:00
Brian Somers
d43e192e7d Remove broken code that mucks about with tcsetpgrp() -- even if
su isn't the foreground process.  Hopefully this won't break PAM,
but I couldn't find any useful information about ache's theory
that it will.

Specifically, this change fixes the following:

    # sh
    # echo $$
    # su - root -c id &
    # echo $$

The PID output changes as su seems to be kill -STOP'ing itself
and catching the parent shell in the process.  This is especially
bad if you add a ``su - user -c command &'' to an rc script!

Sponsored by:		Sophos/Activestate
Not objected to by:	des
2006-01-02 08:51:21 +00:00
Robert Watson
c8fbd1ec9b If su(1) is run without an effective uid of 0, generate an error to
the user indicating that su is not running setuid, which may help
suggest to the user that it should be setuid, or should not be
running from a file system mounted nosuid.

Suggsted by:	Ivan Voras <ivoras at fer dot hr>
MFC after:	2 weeks
2005-01-17 19:57:59 +00:00
Mark Murray
b90e600892 Oops. My last commit included a bug that would make "su -m" always
use /bin/sh. Fix this.
2004-06-15 20:23:02 +00:00
Mark Murray
953cb3ecc8 Paranoia, WARNS fixes and lint. 2004-06-13 11:21:06 +00:00
Philippe Charnier
d6d62d8d63 Add FBSDID. Do not dot terminate errx(3) string. 2004-04-04 18:56:53 +00:00
Dag-Erling Smørgrav
60f4b54d8f When root tries to su to a non-existent user, pam_authenticate() will
normally succeed (because root can su to anyone), but pam_acct_mgmt()
will most likely fail, causing su to log a confusing "pam_acct_mgmt:
error in service module" message.  To avoid this, call getpwnam()
before pam_acct_mgmt().

Sponsored by:	registrar.no
2004-01-06 09:47:24 +00:00
David Xu
7430623f55 Be sure to restore foreground group to parent su before parent su
exits, otherwise shell will be confused and does not set foreground
group correctly for next su command. This sounds like a bug in sh.
2003-11-04 14:51:34 +00:00
David Xu
bcf123b3f6 It seems when su executes in a shell scripts, there is a timing race,
sometimes, su will receive a SIGTTOU when parent su tries to set child
su's process group as foreground group, and su will be stopped unexpectly,
ignoring SIGTTOU fixes the problem.

Noticed by: fjoe
2003-11-03 23:54:55 +00:00
Olivier Houchard
f6a43a2b50 Fix broken su -m behaviour :
chshell must return 0 if the shell is not a standard shell, or else it is
possible to use an account without a valid shell.

Reviewed by:	des
2003-10-19 02:09:36 +00:00
Dag-Erling Smørgrav
60b28daa8d PAM-related improvements:
- if operating "as them" (su -l), use pam_{open,close}_session()
 - allow PAM to override $HOME (pam_chroot needs this)
 - chdir early, because later on we may be chrooted and chdir will fail

Also use pid_t instead of int where applicable.
2003-04-08 16:59:53 +00:00
David Xu
a75fd4bf6e Put child process in a different process group, ensure that the broadcast
signal never affects su directly, some shells changes its pgrp at running
or suspended time, so a broadcast SIGTSTP from child will mess up su's job
control.

Discussed with: bde
2003-03-27 01:32:51 +00:00
Dag-Erling Smørgrav
7a179eb40f Fix style bugs in the previous commit (which weren't in bde's patch) 2003-03-11 11:35:24 +00:00
David Xu
658d3a6bf5 Reset SIGTSTP handler to default both for parent and child process.
Submitted by: bde
2003-03-11 09:16:51 +00:00
David Xu
e9da86cbbe Fix long standing job control bug. SIGTSTP shouldn't be ignored.
Special instructions tested:
suspend
stop $$
2003-03-11 00:10:22 +00:00
Dag-Erling Smørgrav
84c03427b4 Pass the correct, verified username to PAM instead of getlogin(). 2003-02-06 14:29:28 +00:00
Robert Watson
1494905bb6 Add a new '-s' option to su(1): if the flag is present, attempt to
also set the user's MAC label as part of the user credential setup
by setting setusercontext(3)'s SETMAC flag.  By default, change only
traditional process properties.

Approved by:	re
Obtained from:	TrustedBSD Project
Sponsored by:	DARPA, Network Associates Laboratories
2002-10-23 03:19:34 +00:00
Mark Murray
ed5fc39f22 When a user gets refused because the password is wrong, use the
older "BAD SU" syslog message that folks prefer. There is quite
a bit more tweaking that can be done with other similar messages.

Asked for by:	tjr
2002-10-18 08:23:24 +00:00
Tim J. Robbins
505b28166c Style: use sa_handler instead of __sigaction_u.__sa_handler. 2002-10-17 23:32:44 +00:00
Poul-Henning Kamp
81af0b570e Remove an unused variable. 2002-10-14 08:54:08 +00:00
Andrey A. Chernov
3e2322fcff Fix typing error in prev. commit 2002-08-12 17:24:42 +00:00
Andrey A. Chernov
09d932cf40 Fix style bug in prev. commit 2002-08-12 17:23:06 +00:00
Andrey A. Chernov
54c93e4f4d Fix su job control (recently introduced for PAM cleanup purposes) to not
kill login shell on either "suspend/fg" or "stop $$/fg" for tcsh. Since
this bug occurse on -stable too, it is not kernel threads bug.

Submitted by:	 David Xu <bsddiy@yahoo.com>
2002-08-12 10:49:01 +00:00
Andrey A. Chernov
04a0be1f97 Back out workaround of fixing "suspend/fg" by price of breaking "stop $$/fg".
This is real kernel bug (threads) and don't attempt to mask it by
workarounds to increase chances to fix it in the kernel.
2002-08-07 05:44:50 +00:00
Andrey A. Chernov
831ab44e67 Remove tcsetpgrp() stuff across suspend/continue because it cause upper level
tcsh killed on resume (fg). It is because tcsh is interactive itself and
do its own things with terminal group.
2002-07-09 19:11:12 +00:00
Matthew Dillon
b22ac97b33 This is Alexander Kabaev's patch to solve the signal problem with su
(see 'zsh exits upon ^C' thread).  This may be temporary be he's been
running it for a year without incident so we should be golden with it.

Approved by:	des
2002-06-26 00:42:40 +00:00
Matthew Dillon
6592cfde7a Backout 1.51 on DES's request.
Approved by:	des
2002-06-26 00:38:39 +00:00
Dag-Erling Smørgrav
743ea2081c Make our child the leader of its own process group to avoid receiving
signals in its stead.  This fixes the dread "zsh exits upon ^C" bug.
2002-05-29 03:32:17 +00:00
Dag-Erling Smørgrav
a1bdb05cce Drive-by whitespace cleanup & add NAI copyright 2002-05-28 06:47:32 +00:00
Dag-Erling Smørgrav
17e623ac97 Belatedly OpenPAMify. I forgot this patch in last night's megacommit.
Sponsored by:	DARPA, NAI Labs
2002-03-06 12:46:56 +00:00
Dag-Erling Smørgrav
905fd6f3ee Don't set PAM_RHOST, this is a local login.
Sponsored by:	DARPA, NAI Labs
2002-01-24 16:20:17 +00:00
Mark Murray
69ebfe3495 Reinstate complete (and now correctly functioning) WARNS=2. 2001-09-12 19:15:02 +00:00
Mark Murray
73bd08dda4 Back out (with prejudice) the last WARNS=2 fix. I cannot understand
its failure mode, and will revisit it later.
2001-09-07 16:20:38 +00:00
Mark Murray
4239cf1c01 WARNS=2 fixes.
The remaining problem of converting highly incompatible pointer types
is done by "laundering" the value through a union.

This solves the problem (in my own mind) of how a "const char *" _ever_
actually gets a value in a WARNS=2 world.
2001-09-04 17:10:57 +00:00
Mark Murray
b174363035 Very minor stylistic nit.
Discussed with:	ru
2001-08-20 12:46:11 +00:00
Ruslan Ermilov
bf1bf89163 Substitute ARGSTR in-place.
Forgot trailing newline in usage().
2001-08-15 15:24:08 +00:00
Ruslan Ermilov
d143364652 Fixed the usage() string.
This also reverts change in rev. 1.36 to the documented
style of writing usage().

PR:		bin/29730
Submitted by:	Joseph Mallett <jmallett@xMach.org>
2001-08-15 15:11:52 +00:00
Mark Murray
788222e410 Set the RUSER for PAM so that (eg) kerberos can set up tickets properly. 2001-08-11 14:24:13 +00:00
Mark Murray
8cc3b02f98 WARNS=2 type cleanup.
WARNS=2 cannot be enable because of an unresolvable conflict in arg 2
of execv(). Document this in the Makefile.

Reviewed by:	bde (su.c only)
2001-08-11 14:22:32 +00:00
Mark Murray
5b3771f13c Deconvolute the authentication mess, and hand total responsiblity
for authentication to PAM. This meens that WHEELSU-type logic can
now be effected in the pam.conf "su" configuration stack. While here,
clean up the mess that the code had assumed over years of hacking by
folks using different styles. ANSIfy.

There is more policy in here that can be handed over to PAM. This will
be revisited.
2001-05-26 09:52:36 +00:00
David E. O'Brien
af32b80c65 Tell the user what group they must be in to su to root.
Submitted by:	Seth Kingsley <sethk@osd.bsdi.com>
2001-05-10 07:37:25 +00:00
Mark Murray
1351464cc7 Dike out the Kerberos(IV) support on the grounds that better kerberos
support can be already obtained via PAM.
2001-04-28 13:40:52 +00:00
Mark Murray
5bc9d93db3 Add full PAM support for account management and sessions.
The PAM_FAIL_CHECK and PAM_END macros in su.c came from the util-linux
package's PAM patches to the BSD login.c

Submitted by:	"David J. MacKenzie" <djm@web.us.uu.net>
2001-03-27 19:40:51 +00:00
Robert Watson
e292984cd3 o Make comment match reality, synch code with comment.
o In practice: the comment indicates that all but umask and
  environmental variables of the users login class are applied when su
  occurs, unless -m is used to specify a class.  This was incorrect;
  in practice, the uid, gids, resources, and priority were set, and
  then resources and priority were selectively removed.  This meant
  that some aspects of the user context were not set, including handling
  of login events (wtmp, utmp), as well as the path specified in
  login.conf.
o I changed it so that the behavior is the same, but instead,
  LOGIN_SETALL is used, and appropriate flags are removed, including
  the LOGIN_SETLOGIN and LOGIN_SETPATH entries that were implicitly
  not present before.  I also updated the comment to reflect
  reality, selecting reality as the "correct" behavior.
o This has the practical benefit that as new LOGIN_SET* flags are
  introduced, they are supported by su unless specifically disabled.
  For example, of a LOGIN_SETLABEL flag is introduced to support
  MAC labels determined by the user's login class, then su no longer
  has to be modified.
o It might be desirable to have su use LOGIN_SETPATH depending on
  its command line parameters, as it might or might not be
  considered part of the "environment".

Obtained from:	TrustedBSD Project
2000-11-30 23:14:55 +00:00
Mark Murray
0ed9356caf Use libcrypto in place of libdes. 2000-02-24 21:06:22 +00:00
Peter Wemm
c3aac50f28 $Id$ -> $FreeBSD$ 1999-08-28 01:08:13 +00:00
Sheldon Hearn
7312edcec3 Axe LOGIN_CAP_AUTH.
PR:	10115
Reported by:	Gene Skonicki <gene@cif.rochester.edu>
Requested by:	jdp
1999-08-13 16:51:40 +00:00
Bruce Evans
95103bc098 Actually fixed ambiguous else. The previous revision had no effect. 1999-07-02 11:20:59 +00:00
Bill Fumerola
f32e012b12 Fix ambigious else.
Reviewed By:	eivind
1999-07-01 17:59:17 +00:00