Commit Graph

64 Commits

Author SHA1 Message Date
rwatson
0b2373aa5c o Make comment match reality, synch code with comment.
o In practice: the comment indicates that all but umask and
  environmental variables of the users login class are applied when su
  occurs, unless -m is used to specify a class.  This was incorrect;
  in practice, the uid, gids, resources, and priority were set, and
  then resources and priority were selectively removed.  This meant
  that some aspects of the user context were not set, including handling
  of login events (wtmp, utmp), as well as the path specified in
  login.conf.
o I changed it so that the behavior is the same, but instead,
  LOGIN_SETALL is used, and appropriate flags are removed, including
  the LOGIN_SETLOGIN and LOGIN_SETPATH entries that were implicitly
  not present before.  I also updated the comment to reflect
  reality, selecting reality as the "correct" behavior.
o This has the practical benefit that as new LOGIN_SET* flags are
  introduced, they are supported by su unless specifically disabled.
  For example, of a LOGIN_SETLABEL flag is introduced to support
  MAC labels determined by the user's login class, then su no longer
  has to be modified.
o It might be desirable to have su use LOGIN_SETPATH depending on
  its command line parameters, as it might or might not be
  considered part of the "environment".

Obtained from:	TrustedBSD Project
2000-11-30 23:14:55 +00:00
ru
0d1334ca0c mdoc(7) police: use the new features of the Nm macro. 2000-11-20 19:21:22 +00:00
marko
38baa3d84a Document the ``-'' option and minor re-wording in EXAMPLES 2000-08-05 23:03:12 +00:00
sheldonh
49c4458c80 Remove single-space hard sentence breaks. These degrade the quality
of the typeset output, tend to make diffs harder to read and provide
bad examples for new-comers to mdoc.
2000-03-01 12:20:22 +00:00
markm
7926f9a427 Use libcrypto in place of libdes. 2000-02-24 21:06:22 +00:00
peter
d44e2d4226 Revert the libcrypt/libmd stuff back to how it was. This should not have
happened as it was working around problems elsewhere (ie: binutils/ld
not doing the right thing according to the ELF design).  libcrypt has
been adjusted to not need the runtime -lmd.  It's still not quite right
(ld is supposed to work damnit) but at least it doesn't impact all the
users of libcrypt in Marcel's cross-build model.
1999-12-18 13:55:17 +00:00
marcel
e32efbad28 Add libmd (or move it after libcrypt). We don't want the linker to be
smart because it will definitely get it wrong. This popped up during
cross-linking.
1999-12-16 10:55:45 +00:00
markm
d8bdd85855 Change edistribution to krb4 in preaparation for K5 1999-09-19 22:26:02 +00:00
markm
1d1d38e057 Fix Common Error brokenness. 1999-09-06 20:22:47 +00:00
peter
3b842d34e8 $Id$ -> $FreeBSD$ 1999-08-28 01:08:13 +00:00
bde
3b32edfe60 Fixed editing error in previous commit. -lmd' (link libmd) became -md'
(emulate the 'd' linker (?)).  This was most harmful for the NOSHARED=yes
case since libskey.o isn't linked to libmd.a.

Fixed the usual disorder of DPADD and LDADD, and some tab lossage.
1999-08-15 13:14:50 +00:00
sheldonh
a9521339a7 Axe LOGIN_CAP_AUTH.
PR:	10115
Reported by:	Gene Skonicki <gene@cif.rochester.edu>
Requested by:	jdp
1999-08-13 16:51:40 +00:00
bde
ae73a79332 Actually fixed ambiguous else. The previous revision had no effect. 1999-07-02 11:20:59 +00:00
billf
56161029de Fix ambigious else.
Reviewed By:	eivind
1999-07-01 17:59:17 +00:00
markm
bad4fa82c9 Add JKH's auth.conf parser to turn on/off Kerberos in userland 1998-10-09 20:14:48 +00:00
roberto
b65a162445 Fix bad option processing.
PR:		bin/7986
Submitted by:	Dan Nelson <dnelson@emsphone.com>
1998-09-21 07:47:53 +00:00
obrien
18dba2fe21 Remove useless `BINOWN=root' now that it is the default. 1998-09-19 22:42:06 +00:00
bde
89d62e66b9 Removed a buggy ifdef for not linking libmd explicitly. Explicit
linkage is needed for the NOSHARED=YES case, so it is simplest to
never depend on the automagic linkage for elf shared libraries.

Reviewed by:	jdp
1998-09-02 14:46:20 +00:00
gpalmer
0cb290fe66 Add $Id$ 1998-08-30 17:02:51 +00:00
gpalmer
7f39c95951 Still need -lmd on the alpha as it doesn't have shlibs yet 1998-08-30 16:07:18 +00:00
jb
2b6505f997 BINFORMAT -> OBJFORMAT ready for E-day. 1998-08-30 02:52:04 +00:00
markm
ec4dc9550e Fix LIBDIR (for aout/ELF). 1998-08-06 21:41:13 +00:00
jkoshy
8cfd64279d Reword to remove confusion between su(1)'s "-c" option and that of the shell
being invoked.  Add example that clarifies usage of "-c".

PR: 6859
1998-06-08 05:29:51 +00:00
danny
360b2c0bec PR: 1904
Abort if given uname is > MAXLOGNAME-1
1998-05-26 06:39:08 +00:00
steve
3b0c6ff2d7 Allow a user in group 0 to su(1) to root if their primary
group is 0 in /etc/passwd even if they aren't listed
as a member in /etc/group.  This is more inline with
what the group manpage says.

PR:		6696
Submitted by:	Max Euston <meuston@jmrodgers.com>
1998-05-25 03:34:52 +00:00
guido
ee40c84c0b I wonder how I managed to get the krb.h include wrong. Anyway: correct it. 1997-10-28 21:20:21 +00:00
guido
631fc64480 Add -c option that allows root to specify a login_class. 1997-10-27 22:05:12 +00:00
markm
2f9637f84c Changes for KTH KerberosIV.
Quieten -Wall a bit.

From Joe Traister:
 The previous patch did not propogate the KRBTKFILE environment variable
 into the new environment when -l is given to su, making it impossible
 for kdestroy to find the ticket file.  This patch corrects that problem
 as well as the original segfault problem.
(Fixes PR 3903)
1997-09-28 09:02:16 +00:00
wosch
46932ae52e PR: docs/4383
su manpage ambiguous regarding command prompt

Submitted by: sheldonh@iafrica.com
1997-09-13 17:44:20 +00:00
peter
be5fa44882 If elf, don't add libmd.a just because we link against libskey.so.
A
1997-09-05 12:04:31 +00:00
jmg
416e9a71f9 fix a few spelling changes
Submitted by: Josh Gilliam

Closes PR's: 4429, 4431-4438

PS: He has agreed to submit all contrib fixes back to the original author.
1997-08-30 12:22:49 +00:00
joerg
6f8d503759 Prevent a NULL dereferencation when given a garbage command line.
PR:		bin/3206
Submitted by:	blank@fox.uni-trier.de
1997-08-23 14:09:36 +00:00
charnier
6c11a55082 Add usage(). 1997-08-12 06:45:43 +00:00
ache
948c5554d5 Move libmd after all libraries to keep natural libraries order 1997-05-23 21:18:00 +00:00
davidn
f766bd31c5 login_getclass() -> login_getpwclass(). 1997-05-10 19:02:03 +00:00
imp
141381e1cb compare return value from getopt against -1 rather than EOF, per the final
posix standard on the topic.
1997-03-29 04:34:07 +00:00
guido
a174a13af3 When group wheel is empty, allow everyone to su to root. This has normally
no conseqeunces as we ship with a non-empty wheel.

Closes PR/1882
Submitted by:	Arne Henrik Juul <arnej@frida.imf.unit.no>
1997-02-24 20:32:24 +00:00
peter
f390c26dd9 Revert $FreeBSD$ to $Id$ 1997-02-22 19:58:13 +00:00
wosch
4bcfb053ec Sort cross references. 1997-01-15 23:25:55 +00:00
davidn
bf89ef0f2c Fix problem with mask passwd to setusercontext() which
prevented uid/group change with non-root target.
1997-01-14 09:24:09 +00:00
jkh
808a36ef65 Make the long-awaited change from $Id$ to $FreeBSD$
This will make a number of things easier in the future, as well as (finally!)
avoiding the Id-smashing problem which has plagued developers for so long.

Boy, I'm glad we're not using sup anymore.  This update would have been
insane otherwise.
1997-01-14 07:20:47 +00:00
davidn
3f24215f47 Document effect of login class capabilities. 1997-01-13 06:52:24 +00:00
davidn
2f2f2bb699 Make su login_cap savvy.
As with login(1), LOGIN_CAP_AUTH is not yet enabled since we don't
yet have authorisation modules.
1997-01-13 06:39:19 +00:00
joerg
94ef229c15 Export $TERM only if it has been set in our environment.
Detected by: Amancio Hasty
1996-10-07 10:00:58 +00:00
wosch
ab0ebe585d [HISTORY] command appeared in Version 1 AT&T UNIX
Obtained from: A Quarter Century of UNIX, Peter H. Salus, page 41
1996-08-29 18:06:19 +00:00
markm
f51e87f98c Make su a little less fascist about using Kerberos if it is not
configured or available.

Also fix a _nasty_ bug that would let one in if su -K was used.
Any old password would work :-( :-(.
1996-03-11 22:14:52 +00:00
markm
1eb18fd3ec Better integrate kerberos into su so that if an incorrect Kerberos
password is entered, the user is not prompted for a password a second
time.

This closes pr-bin/1006.
1996-03-09 14:57:43 +00:00
markm
532cda9998 #include <kerberosIV/des.h> -> #include <des.h> 1996-02-11 09:18:18 +00:00
wollman
5820893213 Make it possible to enable WHEELSU from /etc/make.conf. 1995-10-12 17:25:58 +00:00
gibbs
2734551417 Kerberos can now deal with multi-homed clients.
Kerberos obtains a network address for the local host from the routing
tables and uses it consistently for all Kerberos transactions.  This ensures
that packets only leave the *authenticated* interface.  Clients who open
and use their own sockets for encrypted or authenticated correspondance
to kerberos services should bind their sockets to the same address as that
used by kerberos.  krb_get_local_addr() and krb_bind_local_addr() allow
clients to obtain the local address or bind a socket to the local address
used by Kerberos respectively.

Reviewed by: Mark Murray <markm>, Garrett Wollman <wollman>
Obtained from: concept by Dieter Dworkin Muller <dworkin@village.org>
1995-10-05 21:30:21 +00:00