Commit Graph

50 Commits

Author SHA1 Message Date
markm
bad4fa82c9 Add JKH's auth.conf parser to turn on/off Kerberos in userland 1998-10-09 20:14:48 +00:00
roberto
b65a162445 Fix bad option processing.
PR:		bin/7986
Submitted by:	Dan Nelson <dnelson@emsphone.com>
1998-09-21 07:47:53 +00:00
obrien
18dba2fe21 Remove useless `BINOWN=root' now that it is the default. 1998-09-19 22:42:06 +00:00
bde
89d62e66b9 Removed a buggy ifdef for not linking libmd explicitly. Explicit
linkage is needed for the NOSHARED=YES case, so it is simplest to
never depend on the automagic linkage for elf shared libraries.

Reviewed by:	jdp
1998-09-02 14:46:20 +00:00
gpalmer
0cb290fe66 Add $Id$ 1998-08-30 17:02:51 +00:00
gpalmer
7f39c95951 Still need -lmd on the alpha as it doesn't have shlibs yet 1998-08-30 16:07:18 +00:00
jb
2b6505f997 BINFORMAT -> OBJFORMAT ready for E-day. 1998-08-30 02:52:04 +00:00
markm
ec4dc9550e Fix LIBDIR (for aout/ELF). 1998-08-06 21:41:13 +00:00
jkoshy
8cfd64279d Reword to remove confusion between su(1)'s "-c" option and that of the shell
being invoked.  Add example that clarifies usage of "-c".

PR: 6859
1998-06-08 05:29:51 +00:00
danny
360b2c0bec PR: 1904
Abort if given uname is > MAXLOGNAME-1
1998-05-26 06:39:08 +00:00
steve
3b0c6ff2d7 Allow a user in group 0 to su(1) to root if their primary
group is 0 in /etc/passwd even if they aren't listed
as a member in /etc/group.  This is more inline with
what the group manpage says.

PR:		6696
Submitted by:	Max Euston <meuston@jmrodgers.com>
1998-05-25 03:34:52 +00:00
guido
ee40c84c0b I wonder how I managed to get the krb.h include wrong. Anyway: correct it. 1997-10-28 21:20:21 +00:00
guido
631fc64480 Add -c option that allows root to specify a login_class. 1997-10-27 22:05:12 +00:00
markm
2f9637f84c Changes for KTH KerberosIV.
Quieten -Wall a bit.

From Joe Traister:
 The previous patch did not propogate the KRBTKFILE environment variable
 into the new environment when -l is given to su, making it impossible
 for kdestroy to find the ticket file.  This patch corrects that problem
 as well as the original segfault problem.
(Fixes PR 3903)
1997-09-28 09:02:16 +00:00
wosch
46932ae52e PR: docs/4383
su manpage ambiguous regarding command prompt

Submitted by: sheldonh@iafrica.com
1997-09-13 17:44:20 +00:00
peter
be5fa44882 If elf, don't add libmd.a just because we link against libskey.so.
A
1997-09-05 12:04:31 +00:00
jmg
416e9a71f9 fix a few spelling changes
Submitted by: Josh Gilliam

Closes PR's: 4429, 4431-4438

PS: He has agreed to submit all contrib fixes back to the original author.
1997-08-30 12:22:49 +00:00
joerg
6f8d503759 Prevent a NULL dereferencation when given a garbage command line.
PR:		bin/3206
Submitted by:	blank@fox.uni-trier.de
1997-08-23 14:09:36 +00:00
charnier
6c11a55082 Add usage(). 1997-08-12 06:45:43 +00:00
ache
948c5554d5 Move libmd after all libraries to keep natural libraries order 1997-05-23 21:18:00 +00:00
davidn
f766bd31c5 login_getclass() -> login_getpwclass(). 1997-05-10 19:02:03 +00:00
imp
141381e1cb compare return value from getopt against -1 rather than EOF, per the final
posix standard on the topic.
1997-03-29 04:34:07 +00:00
guido
a174a13af3 When group wheel is empty, allow everyone to su to root. This has normally
no conseqeunces as we ship with a non-empty wheel.

Closes PR/1882
Submitted by:	Arne Henrik Juul <arnej@frida.imf.unit.no>
1997-02-24 20:32:24 +00:00
peter
f390c26dd9 Revert $FreeBSD$ to $Id$ 1997-02-22 19:58:13 +00:00
wosch
4bcfb053ec Sort cross references. 1997-01-15 23:25:55 +00:00
davidn
bf89ef0f2c Fix problem with mask passwd to setusercontext() which
prevented uid/group change with non-root target.
1997-01-14 09:24:09 +00:00
jkh
808a36ef65 Make the long-awaited change from $Id$ to $FreeBSD$
This will make a number of things easier in the future, as well as (finally!)
avoiding the Id-smashing problem which has plagued developers for so long.

Boy, I'm glad we're not using sup anymore.  This update would have been
insane otherwise.
1997-01-14 07:20:47 +00:00
davidn
3f24215f47 Document effect of login class capabilities. 1997-01-13 06:52:24 +00:00
davidn
2f2f2bb699 Make su login_cap savvy.
As with login(1), LOGIN_CAP_AUTH is not yet enabled since we don't
yet have authorisation modules.
1997-01-13 06:39:19 +00:00
joerg
94ef229c15 Export $TERM only if it has been set in our environment.
Detected by: Amancio Hasty
1996-10-07 10:00:58 +00:00
wosch
ab0ebe585d [HISTORY] command appeared in Version 1 AT&T UNIX
Obtained from: A Quarter Century of UNIX, Peter H. Salus, page 41
1996-08-29 18:06:19 +00:00
markm
f51e87f98c Make su a little less fascist about using Kerberos if it is not
configured or available.

Also fix a _nasty_ bug that would let one in if su -K was used.
Any old password would work :-( :-(.
1996-03-11 22:14:52 +00:00
markm
1eb18fd3ec Better integrate kerberos into su so that if an incorrect Kerberos
password is entered, the user is not prompted for a password a second
time.

This closes pr-bin/1006.
1996-03-09 14:57:43 +00:00
markm
532cda9998 #include <kerberosIV/des.h> -> #include <des.h> 1996-02-11 09:18:18 +00:00
wollman
5820893213 Make it possible to enable WHEELSU from /etc/make.conf. 1995-10-12 17:25:58 +00:00
gibbs
2734551417 Kerberos can now deal with multi-homed clients.
Kerberos obtains a network address for the local host from the routing
tables and uses it consistently for all Kerberos transactions.  This ensures
that packets only leave the *authenticated* interface.  Clients who open
and use their own sockets for encrypted or authenticated correspondance
to kerberos services should bind their sockets to the same address as that
used by kerberos.  krb_get_local_addr() and krb_bind_local_addr() allow
clients to obtain the local address or bind a socket to the local address
used by Kerberos respectively.

Reviewed by: Mark Murray <markm>, Garrett Wollman <wollman>
Obtained from: concept by Dieter Dworkin Muller <dworkin@village.org>
1995-10-05 21:30:21 +00:00
joerg
6ff265052f Bring Barry Morris' changes from FreeBSD 1.1.5.1 back: pass arguments
to the target login's shell.  This allows for "su -c".

Do it right this time and also explain this behaviour in the man
page. :)

Obtained from:	bsm's work in FreeBSD 1.1.5.1
1995-09-06 12:38:53 +00:00
mpp
684146e8ce Check for expired passwords before allowing access to the system. 1995-08-28 21:30:59 +00:00
wollman
f6045b7610 Added support for an LCS-style `wheel su' which allows users in group wheel
to su to root by authenticating as themselves (using a password or S/Key)
rather than by using the root password.  This is useful in contexts like
ours, where a large group of people need root access to a set of machines.
(However, the security implications are such that this should not be
enabled by default.)

The code is conditionalized on WHEELSU.
1995-07-12 20:11:19 +00:00
rgrimes
a14d555c87 Remove trailing whitespace. 1995-05-30 06:41:30 +00:00
jkh
02d736ad6e It has always bugged me that ps and w did not display su with tcsh
properly.  I know, tcsh is not a "Real Shell".

jc       p2 :0.0             Tue04PM     - -u (tcsh)
                                           ^^^
7173 p2  S+     0:01.33 -u (tcsh)
			^^^

Submitted by:	John Capo <jc@irbs.com>
1995-04-06 06:06:47 +00:00
nate
e6facc0d0d Change the library order so libcrypt is the last library in the list.
libskey contains references to _crypt and can't resolve it unless
-lcrypt occurs after it in the link command.  This only occurs when
linking statically.
1995-03-18 17:36:30 +00:00
wollman
740456e526 Add distribution=krb for P-HK 1994-11-20 23:23:28 +00:00
ats
b31e23ee83 Fixed the PATH and cleanenv setting in su. This was totally broken in the
4.4BSD Lite source.
1994-11-17 16:56:58 +00:00
pst
3bbaa5903c Include most of the logdaemon v4.4 S/key changes 1994-10-19 00:03:45 +00:00
pst
def775d41d Add support for s/keys 1994-09-29 20:54:41 +00:00
csgr
e9bb220eef First level of changes for bringing in eBones (kerberos).
- Get rid of inverse logic (NOKERBEROS and NOEBONES) in src/makefile,
and replace with MAKE_KERBEROS and MAKE_EBONES.  (Far fewer contortions,
and both default to off.)  IF YOU WANT KERBEROS, YOU HAVE TO EXPLICITLY
DEFINE ONE OF THESE.
- Make Makefiles kerberos-aware.
1994-09-29 13:06:54 +00:00
csgr
ffa8ef6d3f LDADD= -lcrypt
Submitted by:	Geoff
1994-08-20 21:29:33 +00:00
wollman
6948441e17 Don't use kerberos yet, we aren't ready. 1994-08-05 20:43:31 +00:00
rgrimes
f9ab90d9d6 BSD 4.4 Lite Usr.bin Sources 1994-05-27 12:33:43 +00:00