Commit Graph

41 Commits

Author SHA1 Message Date
Christian S.J. Peron
6319ad282f Integrate audit_submit(3) bits into su. This means that records for
successful and failed su attempts will be recorded using the AUE_su
event type (login or lo class) if auditing is present in the system.
Currently, the records will have a header, subject, text (with the
actual diagnostics), a return and trailer token.

See audit_submit(3) for more information.

Reviewed by:	rwatson
Obtained from:	TrustedBSD Project
2006-09-01 13:39:02 +00:00
Ruslan Ermilov
dee651eb15 Introduce the PRECIOUSPROG knob in bsd.prog.mk, similar
to PRECIOUSLIB from bsd.lib.mk.  The side effect of this
is making installing the world under jail(8) possible by
using another knob, NOFSCHG.

Reviewed by:	oliver
2004-11-03 18:01:21 +00:00
Ruslan Ermilov
6ec2f175f9 Fixed style of assignments. 2004-02-02 18:01:19 +00:00
Mark Murray
d3f6a11798 Remove to-be-default WARNS?=2 2001-12-12 23:29:13 +00:00
Ruslan Ermilov
cda2a9b2f0 Set BINOWN=root explicitly for setuid root binaries.
This is not "useless", as one may have non-default
setting for BINOWN in make.conf, and we still want
these to be installed setuid root in this case.
2001-09-13 06:48:18 +00:00
Mark Murray
69ebfe3495 Reinstate complete (and now correctly functioning) WARNS=2. 2001-09-12 19:15:02 +00:00
Mark Murray
73bd08dda4 Back out (with prejudice) the last WARNS=2 fix. I cannot understand
its failure mode, and will revisit it later.
2001-09-07 16:20:38 +00:00
Mark Murray
4239cf1c01 WARNS=2 fixes.
The remaining problem of converting highly incompatible pointer types
is done by "laundering" the value through a union.

This solves the problem (in my own mind) of how a "const char *" _ever_
actually gets a value in a WARNS=2 world.
2001-09-04 17:10:57 +00:00
Mark Murray
8cc3b02f98 WARNS=2 type cleanup.
WARNS=2 cannot be enable because of an unresolvable conflict in arg 2
of execv(). Document this in the Makefile.

Reviewed by:	bde (su.c only)
2001-08-11 14:22:32 +00:00
Mark Murray
5b3771f13c Deconvolute the authentication mess, and hand total responsiblity
for authentication to PAM. This meens that WHEELSU-type logic can
now be effected in the pam.conf "su" configuration stack. While here,
clean up the mess that the code had assumed over years of hacking by
folks using different styles. ANSIfy.

There is more policy in here that can be handed over to PAM. This will
be revisited.
2001-05-26 09:52:36 +00:00
Mark Murray
42792ad958 Dike out Kerberos(IV) support on the grounds that better kerberos
support can be gotten via PAM.
2001-04-28 13:44:14 +00:00
Mark Murray
5bc9d93db3 Add full PAM support for account management and sessions.
The PAM_FAIL_CHECK and PAM_END macros in su.c came from the util-linux
package's PAM patches to the BSD login.c

Submitted by:	"David J. MacKenzie" <djm@web.us.uu.net>
2001-03-27 19:40:51 +00:00
Mark Murray
0ed9356caf Use libcrypto in place of libdes. 2000-02-24 21:06:22 +00:00
Peter Wemm
6e2578e4c4 Revert the libcrypt/libmd stuff back to how it was. This should not have
happened as it was working around problems elsewhere (ie: binutils/ld
not doing the right thing according to the ELF design).  libcrypt has
been adjusted to not need the runtime -lmd.  It's still not quite right
(ld is supposed to work damnit) but at least it doesn't impact all the
users of libcrypt in Marcel's cross-build model.
1999-12-18 13:55:17 +00:00
Marcel Moolenaar
7c99ddf2cc Add libmd (or move it after libcrypt). We don't want the linker to be
smart because it will definitely get it wrong. This popped up during
cross-linking.
1999-12-16 10:55:45 +00:00
Mark Murray
f7f09ffb6c Change edistribution to krb4 in preaparation for K5 1999-09-19 22:26:02 +00:00
Mark Murray
b255e811b2 Fix Common Error brokenness. 1999-09-06 20:22:47 +00:00
Peter Wemm
c3aac50f28 $Id$ -> $FreeBSD$ 1999-08-28 01:08:13 +00:00
Bruce Evans
c619831eb1 Fixed editing error in previous commit. -lmd' (link libmd) became -md'
(emulate the 'd' linker (?)).  This was most harmful for the NOSHARED=yes
case since libskey.o isn't linked to libmd.a.

Fixed the usual disorder of DPADD and LDADD, and some tab lossage.
1999-08-15 13:14:50 +00:00
Sheldon Hearn
7312edcec3 Axe LOGIN_CAP_AUTH.
PR:	10115
Reported by:	Gene Skonicki <gene@cif.rochester.edu>
Requested by:	jdp
1999-08-13 16:51:40 +00:00
David E. O'Brien
be0cde6f10 Remove useless `BINOWN=root' now that it is the default. 1998-09-19 22:42:06 +00:00
Bruce Evans
83294a65d7 Removed a buggy ifdef for not linking libmd explicitly. Explicit
linkage is needed for the NOSHARED=YES case, so it is simplest to
never depend on the automagic linkage for elf shared libraries.

Reviewed by:	jdp
1998-09-02 14:46:20 +00:00
Gary Palmer
175ae25003 Add $Id$ 1998-08-30 17:02:51 +00:00
Gary Palmer
521e091823 Still need -lmd on the alpha as it doesn't have shlibs yet 1998-08-30 16:07:18 +00:00
John Birrell
839de40e6e BINFORMAT -> OBJFORMAT ready for E-day. 1998-08-30 02:52:04 +00:00
Mark Murray
448bbb5805 Fix LIBDIR (for aout/ELF). 1998-08-06 21:41:13 +00:00
Mark Murray
301afdb85c Changes for KTH KerberosIV.
Quieten -Wall a bit.

From Joe Traister:
 The previous patch did not propogate the KRBTKFILE environment variable
 into the new environment when -l is given to su, making it impossible
 for kdestroy to find the ticket file.  This patch corrects that problem
 as well as the original segfault problem.
(Fixes PR 3903)
1997-09-28 09:02:16 +00:00
Peter Wemm
00974e2521 If elf, don't add libmd.a just because we link against libskey.so.
A
1997-09-05 12:04:31 +00:00
Andrey A. Chernov
a1eed73d33 Move libmd after all libraries to keep natural libraries order 1997-05-23 21:18:00 +00:00
David Nugent
91bcac64b4 Make su login_cap savvy.
As with login(1), LOGIN_CAP_AUTH is not yet enabled since we don't
yet have authorisation modules.
1997-01-13 06:39:19 +00:00
Mark Murray
5a453b0ef3 Better integrate kerberos into su so that if an incorrect Kerberos
password is entered, the user is not prompted for a password a second
time.

This closes pr-bin/1006.
1996-03-09 14:57:43 +00:00
Garrett Wollman
eb034ce46a Make it possible to enable WHEELSU from /etc/make.conf. 1995-10-12 17:25:58 +00:00
Rodney W. Grimes
7799f52a32 Remove trailing whitespace. 1995-05-30 06:41:30 +00:00
Nate Williams
e6fc505e8f Change the library order so libcrypt is the last library in the list.
libskey contains references to _crypt and can't resolve it unless
-lcrypt occurs after it in the link command.  This only occurs when
linking statically.
1995-03-18 17:36:30 +00:00
Garrett Wollman
a38c3127e1 Add distribution=krb for P-HK 1994-11-20 23:23:28 +00:00
Paul Traina
2ddadf840c Include most of the logdaemon v4.4 S/key changes 1994-10-19 00:03:45 +00:00
Paul Traina
122c9247d4 Add support for s/keys 1994-09-29 20:54:41 +00:00
Geoff Rehmet
c368d11dd2 First level of changes for bringing in eBones (kerberos).
- Get rid of inverse logic (NOKERBEROS and NOEBONES) in src/makefile,
and replace with MAKE_KERBEROS and MAKE_EBONES.  (Far fewer contortions,
and both default to off.)  IF YOU WANT KERBEROS, YOU HAVE TO EXPLICITLY
DEFINE ONE OF THESE.
- Make Makefiles kerberos-aware.
1994-09-29 13:06:54 +00:00
Geoff Rehmet
fa1313397e LDADD= -lcrypt
Submitted by:	Geoff
1994-08-20 21:29:33 +00:00
Garrett Wollman
5d92ed776d Don't use kerberos yet, we aren't ready. 1994-08-05 20:43:31 +00:00
Rodney W. Grimes
9b50d90275 BSD 4.4 Lite Usr.bin Sources 1994-05-27 12:33:43 +00:00