Commit Graph

29 Commits

Author SHA1 Message Date
markm
bad4fa82c9 Add JKH's auth.conf parser to turn on/off Kerberos in userland 1998-10-09 20:14:48 +00:00
roberto
b65a162445 Fix bad option processing.
PR:		bin/7986
Submitted by:	Dan Nelson <dnelson@emsphone.com>
1998-09-21 07:47:53 +00:00
danny
360b2c0bec PR: 1904
Abort if given uname is > MAXLOGNAME-1
1998-05-26 06:39:08 +00:00
steve
3b0c6ff2d7 Allow a user in group 0 to su(1) to root if their primary
group is 0 in /etc/passwd even if they aren't listed
as a member in /etc/group.  This is more inline with
what the group manpage says.

PR:		6696
Submitted by:	Max Euston <meuston@jmrodgers.com>
1998-05-25 03:34:52 +00:00
guido
ee40c84c0b I wonder how I managed to get the krb.h include wrong. Anyway: correct it. 1997-10-28 21:20:21 +00:00
guido
631fc64480 Add -c option that allows root to specify a login_class. 1997-10-27 22:05:12 +00:00
markm
2f9637f84c Changes for KTH KerberosIV.
Quieten -Wall a bit.

From Joe Traister:
 The previous patch did not propogate the KRBTKFILE environment variable
 into the new environment when -l is given to su, making it impossible
 for kdestroy to find the ticket file.  This patch corrects that problem
 as well as the original segfault problem.
(Fixes PR 3903)
1997-09-28 09:02:16 +00:00
joerg
6f8d503759 Prevent a NULL dereferencation when given a garbage command line.
PR:		bin/3206
Submitted by:	blank@fox.uni-trier.de
1997-08-23 14:09:36 +00:00
charnier
6c11a55082 Add usage(). 1997-08-12 06:45:43 +00:00
davidn
f766bd31c5 login_getclass() -> login_getpwclass(). 1997-05-10 19:02:03 +00:00
imp
141381e1cb compare return value from getopt against -1 rather than EOF, per the final
posix standard on the topic.
1997-03-29 04:34:07 +00:00
guido
a174a13af3 When group wheel is empty, allow everyone to su to root. This has normally
no conseqeunces as we ship with a non-empty wheel.

Closes PR/1882
Submitted by:	Arne Henrik Juul <arnej@frida.imf.unit.no>
1997-02-24 20:32:24 +00:00
davidn
bf89ef0f2c Fix problem with mask passwd to setusercontext() which
prevented uid/group change with non-root target.
1997-01-14 09:24:09 +00:00
jkh
808a36ef65 Make the long-awaited change from $Id$ to $FreeBSD$
This will make a number of things easier in the future, as well as (finally!)
avoiding the Id-smashing problem which has plagued developers for so long.

Boy, I'm glad we're not using sup anymore.  This update would have been
insane otherwise.
1997-01-14 07:20:47 +00:00
davidn
2f2f2bb699 Make su login_cap savvy.
As with login(1), LOGIN_CAP_AUTH is not yet enabled since we don't
yet have authorisation modules.
1997-01-13 06:39:19 +00:00
joerg
94ef229c15 Export $TERM only if it has been set in our environment.
Detected by: Amancio Hasty
1996-10-07 10:00:58 +00:00
markm
f51e87f98c Make su a little less fascist about using Kerberos if it is not
configured or available.

Also fix a _nasty_ bug that would let one in if su -K was used.
Any old password would work :-( :-(.
1996-03-11 22:14:52 +00:00
markm
1eb18fd3ec Better integrate kerberos into su so that if an incorrect Kerberos
password is entered, the user is not prompted for a password a second
time.

This closes pr-bin/1006.
1996-03-09 14:57:43 +00:00
markm
532cda9998 #include <kerberosIV/des.h> -> #include <des.h> 1996-02-11 09:18:18 +00:00
gibbs
2734551417 Kerberos can now deal with multi-homed clients.
Kerberos obtains a network address for the local host from the routing
tables and uses it consistently for all Kerberos transactions.  This ensures
that packets only leave the *authenticated* interface.  Clients who open
and use their own sockets for encrypted or authenticated correspondance
to kerberos services should bind their sockets to the same address as that
used by kerberos.  krb_get_local_addr() and krb_bind_local_addr() allow
clients to obtain the local address or bind a socket to the local address
used by Kerberos respectively.

Reviewed by: Mark Murray <markm>, Garrett Wollman <wollman>
Obtained from: concept by Dieter Dworkin Muller <dworkin@village.org>
1995-10-05 21:30:21 +00:00
joerg
6ff265052f Bring Barry Morris' changes from FreeBSD 1.1.5.1 back: pass arguments
to the target login's shell.  This allows for "su -c".

Do it right this time and also explain this behaviour in the man
page. :)

Obtained from:	bsm's work in FreeBSD 1.1.5.1
1995-09-06 12:38:53 +00:00
mpp
684146e8ce Check for expired passwords before allowing access to the system. 1995-08-28 21:30:59 +00:00
wollman
f6045b7610 Added support for an LCS-style `wheel su' which allows users in group wheel
to su to root by authenticating as themselves (using a password or S/Key)
rather than by using the root password.  This is useful in contexts like
ours, where a large group of people need root access to a set of machines.
(However, the security implications are such that this should not be
enabled by default.)

The code is conditionalized on WHEELSU.
1995-07-12 20:11:19 +00:00
rgrimes
a14d555c87 Remove trailing whitespace. 1995-05-30 06:41:30 +00:00
jkh
02d736ad6e It has always bugged me that ps and w did not display su with tcsh
properly.  I know, tcsh is not a "Real Shell".

jc       p2 :0.0             Tue04PM     - -u (tcsh)
                                           ^^^
7173 p2  S+     0:01.33 -u (tcsh)
			^^^

Submitted by:	John Capo <jc@irbs.com>
1995-04-06 06:06:47 +00:00
ats
b31e23ee83 Fixed the PATH and cleanenv setting in su. This was totally broken in the
4.4BSD Lite source.
1994-11-17 16:56:58 +00:00
pst
3bbaa5903c Include most of the logdaemon v4.4 S/key changes 1994-10-19 00:03:45 +00:00
pst
def775d41d Add support for s/keys 1994-09-29 20:54:41 +00:00
rgrimes
f9ab90d9d6 BSD 4.4 Lite Usr.bin Sources 1994-05-27 12:33:43 +00:00