Ruslan Ermilov
557b7fa148
Deal with double whitespace.
2004-07-03 00:24:45 +00:00
Ruslan Ermilov
6a3e8b0adc
Mechanically kill hard sentence breaks.
2004-07-02 22:22:35 +00:00
Mark Murray
b90e600892
Oops. My last commit included a bug that would make "su -m" always
...
use /bin/sh. Fix this.
2004-06-15 20:23:02 +00:00
Mark Murray
953cb3ecc8
Paranoia, WARNS fixes and lint.
2004-06-13 11:21:06 +00:00
Ruslan Ermilov
47a49bc2b5
Bumped the document date.
...
Fixed the grammar nit.
2004-05-19 09:53:41 +00:00
Philippe Charnier
d6d62d8d63
Add FBSDID. Do not dot terminate errx(3) string.
2004-04-04 18:56:53 +00:00
Ruslan Ermilov
6ec2f175f9
Fixed style of assignments.
2004-02-02 18:01:19 +00:00
Dag-Erling Smørgrav
60f4b54d8f
When root tries to su to a non-existent user, pam_authenticate() will
...
normally succeed (because root can su to anyone), but pam_acct_mgmt()
will most likely fail, causing su to log a confusing "pam_acct_mgmt:
error in service module" message. To avoid this, call getpwnam()
before pam_acct_mgmt().
Sponsored by: registrar.no
2004-01-06 09:47:24 +00:00
David Xu
7430623f55
Be sure to restore foreground group to parent su before parent su
...
exits, otherwise shell will be confused and does not set foreground
group correctly for next su command. This sounds like a bug in sh.
2003-11-04 14:51:34 +00:00
David Xu
bcf123b3f6
It seems when su executes in a shell scripts, there is a timing race,
...
sometimes, su will receive a SIGTTOU when parent su tries to set child
su's process group as foreground group, and su will be stopped unexpectly,
ignoring SIGTTOU fixes the problem.
Noticed by: fjoe
2003-11-03 23:54:55 +00:00
Olivier Houchard
f6a43a2b50
Fix broken su -m behaviour :
...
chshell must return 0 if the shell is not a standard shell, or else it is
possible to use an account without a valid shell.
Reviewed by: des
2003-10-19 02:09:36 +00:00
Ken Smith
bec725403c
- Clarification to how command line arguments are processed.
...
PR: docs/55613
Submitted by: gshapiro@freebsd.org
Approved by: blackend (mentor)
2003-09-28 17:54:48 +00:00
Philippe Charnier
196604d77e
typo
2003-06-08 13:51:40 +00:00
Dag-Erling Smørgrav
60b28daa8d
PAM-related improvements:
...
- if operating "as them" (su -l), use pam_{open,close}_session()
- allow PAM to override $HOME (pam_chroot needs this)
- chdir early, because later on we may be chrooted and chdir will fail
Also use pid_t instead of int where applicable.
2003-04-08 16:59:53 +00:00
David Xu
a75fd4bf6e
Put child process in a different process group, ensure that the broadcast
...
signal never affects su directly, some shells changes its pgrp at running
or suspended time, so a broadcast SIGTSTP from child will mess up su's job
control.
Discussed with: bde
2003-03-27 01:32:51 +00:00
Dag-Erling Smørgrav
7a179eb40f
Fix style bugs in the previous commit (which weren't in bde's patch)
2003-03-11 11:35:24 +00:00
David Xu
658d3a6bf5
Reset SIGTSTP handler to default both for parent and child process.
...
Submitted by: bde
2003-03-11 09:16:51 +00:00
David Xu
e9da86cbbe
Fix long standing job control bug. SIGTSTP shouldn't be ignored.
...
Special instructions tested:
suspend
stop $$
2003-03-11 00:10:22 +00:00
Dag-Erling Smørgrav
84c03427b4
Pass the correct, verified username to PAM instead of getlogin().
2003-02-06 14:29:28 +00:00
Ruslan Ermilov
06e482e60a
mdoc(7) police: markup polishing.
...
Approved by: re
2002-11-26 17:33:37 +00:00
Robert Watson
1494905bb6
Add a new '-s' option to su(1): if the flag is present, attempt to
...
also set the user's MAC label as part of the user credential setup
by setting setusercontext(3)'s SETMAC flag. By default, change only
traditional process properties.
Approved by: re
Obtained from: TrustedBSD Project
Sponsored by: DARPA, Network Associates Laboratories
2002-10-23 03:19:34 +00:00
Mark Murray
ed5fc39f22
When a user gets refused because the password is wrong, use the
...
older "BAD SU" syslog message that folks prefer. There is quite
a bit more tweaking that can be done with other similar messages.
Asked for by: tjr
2002-10-18 08:23:24 +00:00
Tim J. Robbins
505b28166c
Style: use sa_handler instead of __sigaction_u.__sa_handler.
2002-10-17 23:32:44 +00:00
Poul-Henning Kamp
81af0b570e
Remove an unused variable.
2002-10-14 08:54:08 +00:00
Andrey A. Chernov
3e2322fcff
Fix typing error in prev. commit
2002-08-12 17:24:42 +00:00
Andrey A. Chernov
09d932cf40
Fix style bug in prev. commit
2002-08-12 17:23:06 +00:00
Andrey A. Chernov
54c93e4f4d
Fix su job control (recently introduced for PAM cleanup purposes) to not
...
kill login shell on either "suspend/fg" or "stop $$/fg" for tcsh. Since
this bug occurse on -stable too, it is not kernel threads bug.
Submitted by: David Xu <bsddiy@yahoo.com>
2002-08-12 10:49:01 +00:00
Andrey A. Chernov
04a0be1f97
Back out workaround of fixing "suspend/fg" by price of breaking "stop $$/fg".
...
This is real kernel bug (threads) and don't attempt to mask it by
workarounds to increase chances to fix it in the kernel.
2002-08-07 05:44:50 +00:00
Andrey A. Chernov
831ab44e67
Remove tcsetpgrp() stuff across suspend/continue because it cause upper level
...
tcsh killed on resume (fg). It is because tcsh is interactive itself and
do its own things with terminal group.
2002-07-09 19:11:12 +00:00
Matthew Dillon
b22ac97b33
This is Alexander Kabaev's patch to solve the signal problem with su
...
(see 'zsh exits upon ^C' thread). This may be temporary be he's been
running it for a year without incident so we should be golden with it.
Approved by: des
2002-06-26 00:42:40 +00:00
Matthew Dillon
6592cfde7a
Backout 1.51 on DES's request.
...
Approved by: des
2002-06-26 00:38:39 +00:00
Dag-Erling Smørgrav
743ea2081c
Make our child the leader of its own process group to avoid receiving
...
signals in its stead. This fixes the dread "zsh exits upon ^C" bug.
2002-05-29 03:32:17 +00:00
Dag-Erling Smørgrav
a1bdb05cce
Drive-by whitespace cleanup & add NAI copyright
2002-05-28 06:47:32 +00:00
Philippe Charnier
e8937ba009
Use `The .Nm utility'
2002-04-20 12:18:28 +00:00
Giorgos Keramidas
997f6e03b8
Fix a few typos.
...
as a user ID -> has a user ID
command constitutes of -> command consists of
PR: misc/36523
Submitted by: Chris Pepper <pepper@mail.rockefeller.edu>
MFC after: 3 days
2002-03-30 11:47:18 +00:00
Dag-Erling Smørgrav
17e623ac97
Belatedly OpenPAMify. I forgot this patch in last night's megacommit.
...
Sponsored by: DARPA, NAI Labs
2002-03-06 12:46:56 +00:00
Dag-Erling Smørgrav
905fd6f3ee
Don't set PAM_RHOST, this is a local login.
...
Sponsored by: DARPA, NAI Labs
2002-01-24 16:20:17 +00:00
Mark Murray
d3f6a11798
Remove to-be-default WARNS?=2
2001-12-12 23:29:13 +00:00
Ruslan Ermilov
cda2a9b2f0
Set BINOWN=root explicitly for setuid root binaries.
...
This is not "useless", as one may have non-default
setting for BINOWN in make.conf, and we still want
these to be installed setuid root in this case.
2001-09-13 06:48:18 +00:00
Mark Murray
69ebfe3495
Reinstate complete (and now correctly functioning) WARNS=2.
2001-09-12 19:15:02 +00:00
Mark Murray
73bd08dda4
Back out (with prejudice) the last WARNS=2 fix. I cannot understand
...
its failure mode, and will revisit it later.
2001-09-07 16:20:38 +00:00
Mark Murray
4239cf1c01
WARNS=2 fixes.
...
The remaining problem of converting highly incompatible pointer types
is done by "laundering" the value through a union.
This solves the problem (in my own mind) of how a "const char *" _ever_
actually gets a value in a WARNS=2 world.
2001-09-04 17:10:57 +00:00
Mark Murray
b174363035
Very minor stylistic nit.
...
Discussed with: ru
2001-08-20 12:46:11 +00:00
Ruslan Ermilov
bf1bf89163
Substitute ARGSTR in-place.
...
Forgot trailing newline in usage().
2001-08-15 15:24:08 +00:00
Ruslan Ermilov
d143364652
Fixed the usage() string.
...
This also reverts change in rev. 1.36 to the documented
style of writing usage().
PR: bin/29730
Submitted by: Joseph Mallett <jmallett@xMach.org>
2001-08-15 15:11:52 +00:00
Mark Murray
788222e410
Set the RUSER for PAM so that (eg) kerberos can set up tickets properly.
2001-08-11 14:24:13 +00:00
Mark Murray
8cc3b02f98
WARNS=2 type cleanup.
...
WARNS=2 cannot be enable because of an unresolvable conflict in arg 2
of execv(). Document this in the Makefile.
Reviewed by: bde (su.c only)
2001-08-11 14:22:32 +00:00
Ruslan Ermilov
94ba280c59
mdoc(7) police: join split punctuation to macro calls.
2001-08-10 17:35:21 +00:00
Dima Dorfman
f247324df7
Remove whitespace at EOL.
2001-07-15 08:06:20 +00:00
Mark Murray
5b3771f13c
Deconvolute the authentication mess, and hand total responsiblity
...
for authentication to PAM. This meens that WHEELSU-type logic can
now be effected in the pam.conf "su" configuration stack. While here,
clean up the mess that the code had assumed over years of hacking by
folks using different styles. ANSIfy.
There is more policy in here that can be handed over to PAM. This will
be revisited.
2001-05-26 09:52:36 +00:00