Commit Graph

111 Commits

Author SHA1 Message Date
des
77da48ef10 When root tries to su to a non-existent user, pam_authenticate() will
normally succeed (because root can su to anyone), but pam_acct_mgmt()
will most likely fail, causing su to log a confusing "pam_acct_mgmt:
error in service module" message.  To avoid this, call getpwnam()
before pam_acct_mgmt().

Sponsored by:	registrar.no
2004-01-06 09:47:24 +00:00
davidxu
b5882bdf82 Be sure to restore foreground group to parent su before parent su
exits, otherwise shell will be confused and does not set foreground
group correctly for next su command. This sounds like a bug in sh.
2003-11-04 14:51:34 +00:00
davidxu
8792262eee It seems when su executes in a shell scripts, there is a timing race,
sometimes, su will receive a SIGTTOU when parent su tries to set child
su's process group as foreground group, and su will be stopped unexpectly,
ignoring SIGTTOU fixes the problem.

Noticed by: fjoe
2003-11-03 23:54:55 +00:00
cognet
eb4121cb0d Fix broken su -m behaviour :
chshell must return 0 if the shell is not a standard shell, or else it is
possible to use an account without a valid shell.

Reviewed by:	des
2003-10-19 02:09:36 +00:00
kensmith
9c75463c34 - Clarification to how command line arguments are processed.
PR:		docs/55613
Submitted by:	gshapiro@freebsd.org
Approved by:	blackend (mentor)
2003-09-28 17:54:48 +00:00
charnier
32299344de typo 2003-06-08 13:51:40 +00:00
des
e3a20d4e48 PAM-related improvements:
- if operating "as them" (su -l), use pam_{open,close}_session()
 - allow PAM to override $HOME (pam_chroot needs this)
 - chdir early, because later on we may be chrooted and chdir will fail

Also use pid_t instead of int where applicable.
2003-04-08 16:59:53 +00:00
davidxu
e173b93e2a Put child process in a different process group, ensure that the broadcast
signal never affects su directly, some shells changes its pgrp at running
or suspended time, so a broadcast SIGTSTP from child will mess up su's job
control.

Discussed with: bde
2003-03-27 01:32:51 +00:00
des
118ffeb10c Fix style bugs in the previous commit (which weren't in bde's patch) 2003-03-11 11:35:24 +00:00
davidxu
59af771a3e Reset SIGTSTP handler to default both for parent and child process.
Submitted by: bde
2003-03-11 09:16:51 +00:00
davidxu
5bae8e4c5d Fix long standing job control bug. SIGTSTP shouldn't be ignored.
Special instructions tested:
suspend
stop $$
2003-03-11 00:10:22 +00:00
des
c4a7a7ecc1 Pass the correct, verified username to PAM instead of getlogin(). 2003-02-06 14:29:28 +00:00
ru
b67068895d mdoc(7) police: markup polishing.
Approved by:	re
2002-11-26 17:33:37 +00:00
rwatson
22d94f8404 Add a new '-s' option to su(1): if the flag is present, attempt to
also set the user's MAC label as part of the user credential setup
by setting setusercontext(3)'s SETMAC flag.  By default, change only
traditional process properties.

Approved by:	re
Obtained from:	TrustedBSD Project
Sponsored by:	DARPA, Network Associates Laboratories
2002-10-23 03:19:34 +00:00
markm
c955f36e2f When a user gets refused because the password is wrong, use the
older "BAD SU" syslog message that folks prefer. There is quite
a bit more tweaking that can be done with other similar messages.

Asked for by:	tjr
2002-10-18 08:23:24 +00:00
tjr
a09fdd84e6 Style: use sa_handler instead of __sigaction_u.__sa_handler. 2002-10-17 23:32:44 +00:00
phk
95d3ce583e Remove an unused variable. 2002-10-14 08:54:08 +00:00
ache
d95ba53c2b Fix typing error in prev. commit 2002-08-12 17:24:42 +00:00
ache
54c34d65e7 Fix style bug in prev. commit 2002-08-12 17:23:06 +00:00
ache
3ad9cb5821 Fix su job control (recently introduced for PAM cleanup purposes) to not
kill login shell on either "suspend/fg" or "stop $$/fg" for tcsh. Since
this bug occurse on -stable too, it is not kernel threads bug.

Submitted by:	 David Xu <bsddiy@yahoo.com>
2002-08-12 10:49:01 +00:00
ache
376dbc34ba Back out workaround of fixing "suspend/fg" by price of breaking "stop $$/fg".
This is real kernel bug (threads) and don't attempt to mask it by
workarounds to increase chances to fix it in the kernel.
2002-08-07 05:44:50 +00:00
ache
d9db561695 Remove tcsetpgrp() stuff across suspend/continue because it cause upper level
tcsh killed on resume (fg). It is because tcsh is interactive itself and
do its own things with terminal group.
2002-07-09 19:11:12 +00:00
dillon
ccc122e85a This is Alexander Kabaev's patch to solve the signal problem with su
(see 'zsh exits upon ^C' thread).  This may be temporary be he's been
running it for a year without incident so we should be golden with it.

Approved by:	des
2002-06-26 00:42:40 +00:00
dillon
ed0d76e1e4 Backout 1.51 on DES's request.
Approved by:	des
2002-06-26 00:38:39 +00:00
des
4ba107a215 Make our child the leader of its own process group to avoid receiving
signals in its stead.  This fixes the dread "zsh exits upon ^C" bug.
2002-05-29 03:32:17 +00:00
des
0b10af209d Drive-by whitespace cleanup & add NAI copyright 2002-05-28 06:47:32 +00:00
charnier
ad8a79e6a5 Use `The .Nm utility' 2002-04-20 12:18:28 +00:00
keramida
ef538de24e Fix a few typos.
as a user ID -> has a user ID
	command constitutes of -> command consists of

PR:		misc/36523
Submitted by:	Chris Pepper <pepper@mail.rockefeller.edu>
MFC after:	3 days
2002-03-30 11:47:18 +00:00
des
912fe80624 Belatedly OpenPAMify. I forgot this patch in last night's megacommit.
Sponsored by:	DARPA, NAI Labs
2002-03-06 12:46:56 +00:00
des
9816fc1afb Don't set PAM_RHOST, this is a local login.
Sponsored by:	DARPA, NAI Labs
2002-01-24 16:20:17 +00:00
markm
00e6a12e4a Remove to-be-default WARNS?=2 2001-12-12 23:29:13 +00:00
ru
bc205d4152 Set BINOWN=root explicitly for setuid root binaries.
This is not "useless", as one may have non-default
setting for BINOWN in make.conf, and we still want
these to be installed setuid root in this case.
2001-09-13 06:48:18 +00:00
markm
12c7e49b74 Reinstate complete (and now correctly functioning) WARNS=2. 2001-09-12 19:15:02 +00:00
markm
0c5fbd643b Back out (with prejudice) the last WARNS=2 fix. I cannot understand
its failure mode, and will revisit it later.
2001-09-07 16:20:38 +00:00
markm
8fd9133a9f WARNS=2 fixes.
The remaining problem of converting highly incompatible pointer types
is done by "laundering" the value through a union.

This solves the problem (in my own mind) of how a "const char *" _ever_
actually gets a value in a WARNS=2 world.
2001-09-04 17:10:57 +00:00
markm
3812f01803 Very minor stylistic nit.
Discussed with:	ru
2001-08-20 12:46:11 +00:00
ru
d26a0abd70 Substitute ARGSTR in-place.
Forgot trailing newline in usage().
2001-08-15 15:24:08 +00:00
ru
1d3bb7d67f Fixed the usage() string.
This also reverts change in rev. 1.36 to the documented
style of writing usage().

PR:		bin/29730
Submitted by:	Joseph Mallett <jmallett@xMach.org>
2001-08-15 15:11:52 +00:00
markm
77f1de760e Set the RUSER for PAM so that (eg) kerberos can set up tickets properly. 2001-08-11 14:24:13 +00:00
markm
69d76f8cf4 WARNS=2 type cleanup.
WARNS=2 cannot be enable because of an unresolvable conflict in arg 2
of execv(). Document this in the Makefile.

Reviewed by:	bde (su.c only)
2001-08-11 14:22:32 +00:00
ru
f858dca3dc mdoc(7) police: join split punctuation to macro calls. 2001-08-10 17:35:21 +00:00
dd
911ca14c87 Remove whitespace at EOL. 2001-07-15 08:06:20 +00:00
markm
bcb0f2f3e2 Deconvolute the authentication mess, and hand total responsiblity
for authentication to PAM. This meens that WHEELSU-type logic can
now be effected in the pam.conf "su" configuration stack. While here,
clean up the mess that the code had assumed over years of hacking by
folks using different styles. ANSIfy.

There is more policy in here that can be handed over to PAM. This will
be revisited.
2001-05-26 09:52:36 +00:00
obrien
c5e2cc3302 Tell the user what group they must be in to su to root.
Submitted by:	Seth Kingsley <sethk@osd.bsdi.com>
2001-05-10 07:37:25 +00:00
markm
b28ae3ab9a Dike out Kerberos(IV) support on the grounds that better kerberos
support can be gotten via PAM.
2001-04-28 13:44:14 +00:00
markm
200ed6ce48 Dike out the Kerberos(IV) support on the grounds that better kerberos
support can be already obtained via PAM.
2001-04-28 13:40:52 +00:00
markm
f767ca7e60 Add full PAM support for account management and sessions.
The PAM_FAIL_CHECK and PAM_END macros in su.c came from the util-linux
package's PAM patches to the BSD login.c

Submitted by:	"David J. MacKenzie" <djm@web.us.uu.net>
2001-03-27 19:40:51 +00:00
rwatson
0b2373aa5c o Make comment match reality, synch code with comment.
o In practice: the comment indicates that all but umask and
  environmental variables of the users login class are applied when su
  occurs, unless -m is used to specify a class.  This was incorrect;
  in practice, the uid, gids, resources, and priority were set, and
  then resources and priority were selectively removed.  This meant
  that some aspects of the user context were not set, including handling
  of login events (wtmp, utmp), as well as the path specified in
  login.conf.
o I changed it so that the behavior is the same, but instead,
  LOGIN_SETALL is used, and appropriate flags are removed, including
  the LOGIN_SETLOGIN and LOGIN_SETPATH entries that were implicitly
  not present before.  I also updated the comment to reflect
  reality, selecting reality as the "correct" behavior.
o This has the practical benefit that as new LOGIN_SET* flags are
  introduced, they are supported by su unless specifically disabled.
  For example, of a LOGIN_SETLABEL flag is introduced to support
  MAC labels determined by the user's login class, then su no longer
  has to be modified.
o It might be desirable to have su use LOGIN_SETPATH depending on
  its command line parameters, as it might or might not be
  considered part of the "environment".

Obtained from:	TrustedBSD Project
2000-11-30 23:14:55 +00:00
ru
0d1334ca0c mdoc(7) police: use the new features of the Nm macro. 2000-11-20 19:21:22 +00:00
marko
38baa3d84a Document the ``-'' option and minor re-wording in EXAMPLES 2000-08-05 23:03:12 +00:00