Commit Graph

175 Commits

Author SHA1 Message Date
David Nugent
a564e85582 Fix problem with mask passwd to setusercontext() which
prevented uid/group change with non-root target.
1997-01-14 09:24:09 +00:00
Jordan K. Hubbard
1130b656e5 Make the long-awaited change from $Id$ to $FreeBSD$
This will make a number of things easier in the future, as well as (finally!)
avoiding the Id-smashing problem which has plagued developers for so long.

Boy, I'm glad we're not using sup anymore.  This update would have been
insane otherwise.
1997-01-14 07:20:47 +00:00
David Nugent
e888e45a99 Document effect of login class capabilities. 1997-01-13 06:52:24 +00:00
David Nugent
91bcac64b4 Make su login_cap savvy.
As with login(1), LOGIN_CAP_AUTH is not yet enabled since we don't
yet have authorisation modules.
1997-01-13 06:39:19 +00:00
Joerg Wunsch
40a8a5cf5c Export $TERM only if it has been set in our environment.
Detected by: Amancio Hasty
1996-10-07 10:00:58 +00:00
Wolfram Schneider
b8923d4cc0 [HISTORY] command appeared in Version 1 AT&T UNIX
Obtained from: A Quarter Century of UNIX, Peter H. Salus, page 41
1996-08-29 18:06:19 +00:00
Mark Murray
1a98a0fb5b Make su a little less fascist about using Kerberos if it is not
configured or available.

Also fix a _nasty_ bug that would let one in if su -K was used.
Any old password would work :-( :-(.
1996-03-11 22:14:52 +00:00
Mark Murray
5a453b0ef3 Better integrate kerberos into su so that if an incorrect Kerberos
password is entered, the user is not prompted for a password a second
time.

This closes pr-bin/1006.
1996-03-09 14:57:43 +00:00
Mark Murray
bbff7ca556 #include <kerberosIV/des.h> -> #include <des.h> 1996-02-11 09:18:18 +00:00
Garrett Wollman
eb034ce46a Make it possible to enable WHEELSU from /etc/make.conf. 1995-10-12 17:25:58 +00:00
Justin T. Gibbs
f4390542d7 Kerberos can now deal with multi-homed clients.
Kerberos obtains a network address for the local host from the routing
tables and uses it consistently for all Kerberos transactions.  This ensures
that packets only leave the *authenticated* interface.  Clients who open
and use their own sockets for encrypted or authenticated correspondance
to kerberos services should bind their sockets to the same address as that
used by kerberos.  krb_get_local_addr() and krb_bind_local_addr() allow
clients to obtain the local address or bind a socket to the local address
used by Kerberos respectively.

Reviewed by: Mark Murray <markm>, Garrett Wollman <wollman>
Obtained from: concept by Dieter Dworkin Muller <dworkin@village.org>
1995-10-05 21:30:21 +00:00
Joerg Wunsch
76ba1af23f Bring Barry Morris' changes from FreeBSD 1.1.5.1 back: pass arguments
to the target login's shell.  This allows for "su -c".

Do it right this time and also explain this behaviour in the man
page. :)

Obtained from:	bsm's work in FreeBSD 1.1.5.1
1995-09-06 12:38:53 +00:00
Mike Pritchard
ae532ecb79 Check for expired passwords before allowing access to the system. 1995-08-28 21:30:59 +00:00
Garrett Wollman
99005ad98e Added support for an LCS-style `wheel su' which allows users in group wheel
to su to root by authenticating as themselves (using a password or S/Key)
rather than by using the root password.  This is useful in contexts like
ours, where a large group of people need root access to a set of machines.
(However, the security implications are such that this should not be
enabled by default.)

The code is conditionalized on WHEELSU.
1995-07-12 20:11:19 +00:00
Rodney W. Grimes
7799f52a32 Remove trailing whitespace. 1995-05-30 06:41:30 +00:00
Jordan K. Hubbard
ce0436e7a6 It has always bugged me that ps and w did not display su with tcsh
properly.  I know, tcsh is not a "Real Shell".

jc       p2 :0.0             Tue04PM     - -u (tcsh)
                                           ^^^
7173 p2  S+     0:01.33 -u (tcsh)
			^^^

Submitted by:	John Capo <jc@irbs.com>
1995-04-06 06:06:47 +00:00
Nate Williams
e6fc505e8f Change the library order so libcrypt is the last library in the list.
libskey contains references to _crypt and can't resolve it unless
-lcrypt occurs after it in the link command.  This only occurs when
linking statically.
1995-03-18 17:36:30 +00:00
Garrett Wollman
a38c3127e1 Add distribution=krb for P-HK 1994-11-20 23:23:28 +00:00
Andreas Schulz
0b293ea528 Fixed the PATH and cleanenv setting in su. This was totally broken in the
4.4BSD Lite source.
1994-11-17 16:56:58 +00:00
Paul Traina
2ddadf840c Include most of the logdaemon v4.4 S/key changes 1994-10-19 00:03:45 +00:00
Paul Traina
122c9247d4 Add support for s/keys 1994-09-29 20:54:41 +00:00
Geoff Rehmet
c368d11dd2 First level of changes for bringing in eBones (kerberos).
- Get rid of inverse logic (NOKERBEROS and NOEBONES) in src/makefile,
and replace with MAKE_KERBEROS and MAKE_EBONES.  (Far fewer contortions,
and both default to off.)  IF YOU WANT KERBEROS, YOU HAVE TO EXPLICITLY
DEFINE ONE OF THESE.
- Make Makefiles kerberos-aware.
1994-09-29 13:06:54 +00:00
Geoff Rehmet
fa1313397e LDADD= -lcrypt
Submitted by:	Geoff
1994-08-20 21:29:33 +00:00
Garrett Wollman
5d92ed776d Don't use kerberos yet, we aren't ready. 1994-08-05 20:43:31 +00:00
Rodney W. Grimes
9b50d90275 BSD 4.4 Lite Usr.bin Sources 1994-05-27 12:33:43 +00:00