Commit Graph

151 Commits

Author SHA1 Message Date
David Xu
e9da86cbbe Fix long standing job control bug. SIGTSTP shouldn't be ignored.
Special instructions tested:
suspend
stop $$
2003-03-11 00:10:22 +00:00
Dag-Erling Smørgrav
84c03427b4 Pass the correct, verified username to PAM instead of getlogin(). 2003-02-06 14:29:28 +00:00
Ruslan Ermilov
06e482e60a mdoc(7) police: markup polishing.
Approved by:	re
2002-11-26 17:33:37 +00:00
Robert Watson
1494905bb6 Add a new '-s' option to su(1): if the flag is present, attempt to
also set the user's MAC label as part of the user credential setup
by setting setusercontext(3)'s SETMAC flag.  By default, change only
traditional process properties.

Approved by:	re
Obtained from:	TrustedBSD Project
Sponsored by:	DARPA, Network Associates Laboratories
2002-10-23 03:19:34 +00:00
Mark Murray
ed5fc39f22 When a user gets refused because the password is wrong, use the
older "BAD SU" syslog message that folks prefer. There is quite
a bit more tweaking that can be done with other similar messages.

Asked for by:	tjr
2002-10-18 08:23:24 +00:00
Tim J. Robbins
505b28166c Style: use sa_handler instead of __sigaction_u.__sa_handler. 2002-10-17 23:32:44 +00:00
Poul-Henning Kamp
81af0b570e Remove an unused variable. 2002-10-14 08:54:08 +00:00
Andrey A. Chernov
3e2322fcff Fix typing error in prev. commit 2002-08-12 17:24:42 +00:00
Andrey A. Chernov
09d932cf40 Fix style bug in prev. commit 2002-08-12 17:23:06 +00:00
Andrey A. Chernov
54c93e4f4d Fix su job control (recently introduced for PAM cleanup purposes) to not
kill login shell on either "suspend/fg" or "stop $$/fg" for tcsh. Since
this bug occurse on -stable too, it is not kernel threads bug.

Submitted by:	 David Xu <bsddiy@yahoo.com>
2002-08-12 10:49:01 +00:00
Andrey A. Chernov
04a0be1f97 Back out workaround of fixing "suspend/fg" by price of breaking "stop $$/fg".
This is real kernel bug (threads) and don't attempt to mask it by
workarounds to increase chances to fix it in the kernel.
2002-08-07 05:44:50 +00:00
Andrey A. Chernov
831ab44e67 Remove tcsetpgrp() stuff across suspend/continue because it cause upper level
tcsh killed on resume (fg). It is because tcsh is interactive itself and
do its own things with terminal group.
2002-07-09 19:11:12 +00:00
Matthew Dillon
b22ac97b33 This is Alexander Kabaev's patch to solve the signal problem with su
(see 'zsh exits upon ^C' thread).  This may be temporary be he's been
running it for a year without incident so we should be golden with it.

Approved by:	des
2002-06-26 00:42:40 +00:00
Matthew Dillon
6592cfde7a Backout 1.51 on DES's request.
Approved by:	des
2002-06-26 00:38:39 +00:00
Dag-Erling Smørgrav
743ea2081c Make our child the leader of its own process group to avoid receiving
signals in its stead.  This fixes the dread "zsh exits upon ^C" bug.
2002-05-29 03:32:17 +00:00
Dag-Erling Smørgrav
a1bdb05cce Drive-by whitespace cleanup & add NAI copyright 2002-05-28 06:47:32 +00:00
Philippe Charnier
e8937ba009 Use `The .Nm utility' 2002-04-20 12:18:28 +00:00
Giorgos Keramidas
997f6e03b8 Fix a few typos.
as a user ID -> has a user ID
	command constitutes of -> command consists of

PR:		misc/36523
Submitted by:	Chris Pepper <pepper@mail.rockefeller.edu>
MFC after:	3 days
2002-03-30 11:47:18 +00:00
Dag-Erling Smørgrav
17e623ac97 Belatedly OpenPAMify. I forgot this patch in last night's megacommit.
Sponsored by:	DARPA, NAI Labs
2002-03-06 12:46:56 +00:00
Dag-Erling Smørgrav
905fd6f3ee Don't set PAM_RHOST, this is a local login.
Sponsored by:	DARPA, NAI Labs
2002-01-24 16:20:17 +00:00
Mark Murray
d3f6a11798 Remove to-be-default WARNS?=2 2001-12-12 23:29:13 +00:00
Ruslan Ermilov
cda2a9b2f0 Set BINOWN=root explicitly for setuid root binaries.
This is not "useless", as one may have non-default
setting for BINOWN in make.conf, and we still want
these to be installed setuid root in this case.
2001-09-13 06:48:18 +00:00
Mark Murray
69ebfe3495 Reinstate complete (and now correctly functioning) WARNS=2. 2001-09-12 19:15:02 +00:00
Mark Murray
73bd08dda4 Back out (with prejudice) the last WARNS=2 fix. I cannot understand
its failure mode, and will revisit it later.
2001-09-07 16:20:38 +00:00
Mark Murray
4239cf1c01 WARNS=2 fixes.
The remaining problem of converting highly incompatible pointer types
is done by "laundering" the value through a union.

This solves the problem (in my own mind) of how a "const char *" _ever_
actually gets a value in a WARNS=2 world.
2001-09-04 17:10:57 +00:00
Mark Murray
b174363035 Very minor stylistic nit.
Discussed with:	ru
2001-08-20 12:46:11 +00:00
Ruslan Ermilov
bf1bf89163 Substitute ARGSTR in-place.
Forgot trailing newline in usage().
2001-08-15 15:24:08 +00:00
Ruslan Ermilov
d143364652 Fixed the usage() string.
This also reverts change in rev. 1.36 to the documented
style of writing usage().

PR:		bin/29730
Submitted by:	Joseph Mallett <jmallett@xMach.org>
2001-08-15 15:11:52 +00:00
Mark Murray
788222e410 Set the RUSER for PAM so that (eg) kerberos can set up tickets properly. 2001-08-11 14:24:13 +00:00
Mark Murray
8cc3b02f98 WARNS=2 type cleanup.
WARNS=2 cannot be enable because of an unresolvable conflict in arg 2
of execv(). Document this in the Makefile.

Reviewed by:	bde (su.c only)
2001-08-11 14:22:32 +00:00
Ruslan Ermilov
94ba280c59 mdoc(7) police: join split punctuation to macro calls. 2001-08-10 17:35:21 +00:00
Dima Dorfman
f247324df7 Remove whitespace at EOL. 2001-07-15 08:06:20 +00:00
Mark Murray
5b3771f13c Deconvolute the authentication mess, and hand total responsiblity
for authentication to PAM. This meens that WHEELSU-type logic can
now be effected in the pam.conf "su" configuration stack. While here,
clean up the mess that the code had assumed over years of hacking by
folks using different styles. ANSIfy.

There is more policy in here that can be handed over to PAM. This will
be revisited.
2001-05-26 09:52:36 +00:00
David E. O'Brien
af32b80c65 Tell the user what group they must be in to su to root.
Submitted by:	Seth Kingsley <sethk@osd.bsdi.com>
2001-05-10 07:37:25 +00:00
Mark Murray
42792ad958 Dike out Kerberos(IV) support on the grounds that better kerberos
support can be gotten via PAM.
2001-04-28 13:44:14 +00:00
Mark Murray
1351464cc7 Dike out the Kerberos(IV) support on the grounds that better kerberos
support can be already obtained via PAM.
2001-04-28 13:40:52 +00:00
Mark Murray
5bc9d93db3 Add full PAM support for account management and sessions.
The PAM_FAIL_CHECK and PAM_END macros in su.c came from the util-linux
package's PAM patches to the BSD login.c

Submitted by:	"David J. MacKenzie" <djm@web.us.uu.net>
2001-03-27 19:40:51 +00:00
Robert Watson
e292984cd3 o Make comment match reality, synch code with comment.
o In practice: the comment indicates that all but umask and
  environmental variables of the users login class are applied when su
  occurs, unless -m is used to specify a class.  This was incorrect;
  in practice, the uid, gids, resources, and priority were set, and
  then resources and priority were selectively removed.  This meant
  that some aspects of the user context were not set, including handling
  of login events (wtmp, utmp), as well as the path specified in
  login.conf.
o I changed it so that the behavior is the same, but instead,
  LOGIN_SETALL is used, and appropriate flags are removed, including
  the LOGIN_SETLOGIN and LOGIN_SETPATH entries that were implicitly
  not present before.  I also updated the comment to reflect
  reality, selecting reality as the "correct" behavior.
o This has the practical benefit that as new LOGIN_SET* flags are
  introduced, they are supported by su unless specifically disabled.
  For example, of a LOGIN_SETLABEL flag is introduced to support
  MAC labels determined by the user's login class, then su no longer
  has to be modified.
o It might be desirable to have su use LOGIN_SETPATH depending on
  its command line parameters, as it might or might not be
  considered part of the "environment".

Obtained from:	TrustedBSD Project
2000-11-30 23:14:55 +00:00
Ruslan Ermilov
8fe908ef0c mdoc(7) police: use the new features of the Nm macro. 2000-11-20 19:21:22 +00:00
Mark Ovens
54af9cb58f Document the ``-'' option and minor re-wording in EXAMPLES 2000-08-05 23:03:12 +00:00
Sheldon Hearn
87faa07bec Remove single-space hard sentence breaks. These degrade the quality
of the typeset output, tend to make diffs harder to read and provide
bad examples for new-comers to mdoc.
2000-03-01 12:20:22 +00:00
Mark Murray
0ed9356caf Use libcrypto in place of libdes. 2000-02-24 21:06:22 +00:00
Peter Wemm
6e2578e4c4 Revert the libcrypt/libmd stuff back to how it was. This should not have
happened as it was working around problems elsewhere (ie: binutils/ld
not doing the right thing according to the ELF design).  libcrypt has
been adjusted to not need the runtime -lmd.  It's still not quite right
(ld is supposed to work damnit) but at least it doesn't impact all the
users of libcrypt in Marcel's cross-build model.
1999-12-18 13:55:17 +00:00
Marcel Moolenaar
7c99ddf2cc Add libmd (or move it after libcrypt). We don't want the linker to be
smart because it will definitely get it wrong. This popped up during
cross-linking.
1999-12-16 10:55:45 +00:00
Mark Murray
f7f09ffb6c Change edistribution to krb4 in preaparation for K5 1999-09-19 22:26:02 +00:00
Mark Murray
b255e811b2 Fix Common Error brokenness. 1999-09-06 20:22:47 +00:00
Peter Wemm
c3aac50f28 $Id$ -> $FreeBSD$ 1999-08-28 01:08:13 +00:00
Bruce Evans
c619831eb1 Fixed editing error in previous commit. -lmd' (link libmd) became -md'
(emulate the 'd' linker (?)).  This was most harmful for the NOSHARED=yes
case since libskey.o isn't linked to libmd.a.

Fixed the usual disorder of DPADD and LDADD, and some tab lossage.
1999-08-15 13:14:50 +00:00
Sheldon Hearn
7312edcec3 Axe LOGIN_CAP_AUTH.
PR:	10115
Reported by:	Gene Skonicki <gene@cif.rochester.edu>
Requested by:	jdp
1999-08-13 16:51:40 +00:00
Bruce Evans
95103bc098 Actually fixed ambiguous else. The previous revision had no effect. 1999-07-02 11:20:59 +00:00
Bill Fumerola
f32e012b12 Fix ambigious else.
Reviewed By:	eivind
1999-07-01 17:59:17 +00:00
Mark Murray
98eb1c311d Add JKH's auth.conf parser to turn on/off Kerberos in userland 1998-10-09 20:14:48 +00:00
Ollivier Robert
d6bc2e88c1 Fix bad option processing.
PR:		bin/7986
Submitted by:	Dan Nelson <dnelson@emsphone.com>
1998-09-21 07:47:53 +00:00
David E. O'Brien
be0cde6f10 Remove useless `BINOWN=root' now that it is the default. 1998-09-19 22:42:06 +00:00
Bruce Evans
83294a65d7 Removed a buggy ifdef for not linking libmd explicitly. Explicit
linkage is needed for the NOSHARED=YES case, so it is simplest to
never depend on the automagic linkage for elf shared libraries.

Reviewed by:	jdp
1998-09-02 14:46:20 +00:00
Gary Palmer
175ae25003 Add $Id$ 1998-08-30 17:02:51 +00:00
Gary Palmer
521e091823 Still need -lmd on the alpha as it doesn't have shlibs yet 1998-08-30 16:07:18 +00:00
John Birrell
839de40e6e BINFORMAT -> OBJFORMAT ready for E-day. 1998-08-30 02:52:04 +00:00
Mark Murray
448bbb5805 Fix LIBDIR (for aout/ELF). 1998-08-06 21:41:13 +00:00
Joseph Koshy
5a41edb419 Reword to remove confusion between su(1)'s "-c" option and that of the shell
being invoked.  Add example that clarifies usage of "-c".

PR: 6859
1998-06-08 05:29:51 +00:00
Daniel O'Callaghan
c6a24f8623 PR: 1904
Abort if given uname is > MAXLOGNAME-1
1998-05-26 06:39:08 +00:00
Steve Price
37253803e6 Allow a user in group 0 to su(1) to root if their primary
group is 0 in /etc/passwd even if they aren't listed
as a member in /etc/group.  This is more inline with
what the group manpage says.

PR:		6696
Submitted by:	Max Euston <meuston@jmrodgers.com>
1998-05-25 03:34:52 +00:00
Guido van Rooij
098eef7a15 I wonder how I managed to get the krb.h include wrong. Anyway: correct it. 1997-10-28 21:20:21 +00:00
Guido van Rooij
7a853dfffc Add -c option that allows root to specify a login_class. 1997-10-27 22:05:12 +00:00
Mark Murray
301afdb85c Changes for KTH KerberosIV.
Quieten -Wall a bit.

From Joe Traister:
 The previous patch did not propogate the KRBTKFILE environment variable
 into the new environment when -l is given to su, making it impossible
 for kdestroy to find the ticket file.  This patch corrects that problem
 as well as the original segfault problem.
(Fixes PR 3903)
1997-09-28 09:02:16 +00:00
Wolfram Schneider
fab8812d17 PR: docs/4383
su manpage ambiguous regarding command prompt

Submitted by: sheldonh@iafrica.com
1997-09-13 17:44:20 +00:00
Peter Wemm
00974e2521 If elf, don't add libmd.a just because we link against libskey.so.
A
1997-09-05 12:04:31 +00:00
John-Mark Gurney
46657c7e77 fix a few spelling changes
Submitted by: Josh Gilliam

Closes PR's: 4429, 4431-4438

PS: He has agreed to submit all contrib fixes back to the original author.
1997-08-30 12:22:49 +00:00
Joerg Wunsch
84c2e30193 Prevent a NULL dereferencation when given a garbage command line.
PR:		bin/3206
Submitted by:	blank@fox.uni-trier.de
1997-08-23 14:09:36 +00:00
Philippe Charnier
7be91299b0 Add usage(). 1997-08-12 06:45:43 +00:00
Andrey A. Chernov
a1eed73d33 Move libmd after all libraries to keep natural libraries order 1997-05-23 21:18:00 +00:00
David Nugent
5d0bfe39ec login_getclass() -> login_getpwclass(). 1997-05-10 19:02:03 +00:00
Warner Losh
1c8af87873 compare return value from getopt against -1 rather than EOF, per the final
posix standard on the topic.
1997-03-29 04:34:07 +00:00
Guido van Rooij
e8694bc269 When group wheel is empty, allow everyone to su to root. This has normally
no conseqeunces as we ship with a non-empty wheel.

Closes PR/1882
Submitted by:	Arne Henrik Juul <arnej@frida.imf.unit.no>
1997-02-24 20:32:24 +00:00
Peter Wemm
c115df18cd Revert $FreeBSD$ to $Id$ 1997-02-22 19:58:13 +00:00
Wolfram Schneider
da1ff3cb8a Sort cross references. 1997-01-15 23:25:55 +00:00
David Nugent
a564e85582 Fix problem with mask passwd to setusercontext() which
prevented uid/group change with non-root target.
1997-01-14 09:24:09 +00:00
Jordan K. Hubbard
1130b656e5 Make the long-awaited change from $Id$ to $FreeBSD$
This will make a number of things easier in the future, as well as (finally!)
avoiding the Id-smashing problem which has plagued developers for so long.

Boy, I'm glad we're not using sup anymore.  This update would have been
insane otherwise.
1997-01-14 07:20:47 +00:00
David Nugent
e888e45a99 Document effect of login class capabilities. 1997-01-13 06:52:24 +00:00
David Nugent
91bcac64b4 Make su login_cap savvy.
As with login(1), LOGIN_CAP_AUTH is not yet enabled since we don't
yet have authorisation modules.
1997-01-13 06:39:19 +00:00
Joerg Wunsch
40a8a5cf5c Export $TERM only if it has been set in our environment.
Detected by: Amancio Hasty
1996-10-07 10:00:58 +00:00
Wolfram Schneider
b8923d4cc0 [HISTORY] command appeared in Version 1 AT&T UNIX
Obtained from: A Quarter Century of UNIX, Peter H. Salus, page 41
1996-08-29 18:06:19 +00:00
Mark Murray
1a98a0fb5b Make su a little less fascist about using Kerberos if it is not
configured or available.

Also fix a _nasty_ bug that would let one in if su -K was used.
Any old password would work :-( :-(.
1996-03-11 22:14:52 +00:00
Mark Murray
5a453b0ef3 Better integrate kerberos into su so that if an incorrect Kerberos
password is entered, the user is not prompted for a password a second
time.

This closes pr-bin/1006.
1996-03-09 14:57:43 +00:00
Mark Murray
bbff7ca556 #include <kerberosIV/des.h> -> #include <des.h> 1996-02-11 09:18:18 +00:00
Garrett Wollman
eb034ce46a Make it possible to enable WHEELSU from /etc/make.conf. 1995-10-12 17:25:58 +00:00
Justin T. Gibbs
f4390542d7 Kerberos can now deal with multi-homed clients.
Kerberos obtains a network address for the local host from the routing
tables and uses it consistently for all Kerberos transactions.  This ensures
that packets only leave the *authenticated* interface.  Clients who open
and use their own sockets for encrypted or authenticated correspondance
to kerberos services should bind their sockets to the same address as that
used by kerberos.  krb_get_local_addr() and krb_bind_local_addr() allow
clients to obtain the local address or bind a socket to the local address
used by Kerberos respectively.

Reviewed by: Mark Murray <markm>, Garrett Wollman <wollman>
Obtained from: concept by Dieter Dworkin Muller <dworkin@village.org>
1995-10-05 21:30:21 +00:00
Joerg Wunsch
76ba1af23f Bring Barry Morris' changes from FreeBSD 1.1.5.1 back: pass arguments
to the target login's shell.  This allows for "su -c".

Do it right this time and also explain this behaviour in the man
page. :)

Obtained from:	bsm's work in FreeBSD 1.1.5.1
1995-09-06 12:38:53 +00:00
Mike Pritchard
ae532ecb79 Check for expired passwords before allowing access to the system. 1995-08-28 21:30:59 +00:00
Garrett Wollman
99005ad98e Added support for an LCS-style `wheel su' which allows users in group wheel
to su to root by authenticating as themselves (using a password or S/Key)
rather than by using the root password.  This is useful in contexts like
ours, where a large group of people need root access to a set of machines.
(However, the security implications are such that this should not be
enabled by default.)

The code is conditionalized on WHEELSU.
1995-07-12 20:11:19 +00:00
Rodney W. Grimes
7799f52a32 Remove trailing whitespace. 1995-05-30 06:41:30 +00:00
Jordan K. Hubbard
ce0436e7a6 It has always bugged me that ps and w did not display su with tcsh
properly.  I know, tcsh is not a "Real Shell".

jc       p2 :0.0             Tue04PM     - -u (tcsh)
                                           ^^^
7173 p2  S+     0:01.33 -u (tcsh)
			^^^

Submitted by:	John Capo <jc@irbs.com>
1995-04-06 06:06:47 +00:00
Nate Williams
e6fc505e8f Change the library order so libcrypt is the last library in the list.
libskey contains references to _crypt and can't resolve it unless
-lcrypt occurs after it in the link command.  This only occurs when
linking statically.
1995-03-18 17:36:30 +00:00
Garrett Wollman
a38c3127e1 Add distribution=krb for P-HK 1994-11-20 23:23:28 +00:00
Andreas Schulz
0b293ea528 Fixed the PATH and cleanenv setting in su. This was totally broken in the
4.4BSD Lite source.
1994-11-17 16:56:58 +00:00
Paul Traina
2ddadf840c Include most of the logdaemon v4.4 S/key changes 1994-10-19 00:03:45 +00:00
Paul Traina
122c9247d4 Add support for s/keys 1994-09-29 20:54:41 +00:00
Geoff Rehmet
c368d11dd2 First level of changes for bringing in eBones (kerberos).
- Get rid of inverse logic (NOKERBEROS and NOEBONES) in src/makefile,
and replace with MAKE_KERBEROS and MAKE_EBONES.  (Far fewer contortions,
and both default to off.)  IF YOU WANT KERBEROS, YOU HAVE TO EXPLICITLY
DEFINE ONE OF THESE.
- Make Makefiles kerberos-aware.
1994-09-29 13:06:54 +00:00
Geoff Rehmet
fa1313397e LDADD= -lcrypt
Submitted by:	Geoff
1994-08-20 21:29:33 +00:00
Garrett Wollman
5d92ed776d Don't use kerberos yet, we aren't ready. 1994-08-05 20:43:31 +00:00