Age | Commit message (Collapse) | Author | |
---|---|---|---|
2002-12-17 | Only call setlogin() if this proccess is a session leader. | Todd C. Miller | |
In practice, this means the login name will be set only if we are exec'd by a shell. This is important because otherwise the parent shell's login name would change too. | |||
2002-12-08 | GNU semantics say that if optstring begins with '-' then | Todd C. Miller | |
each non-option shall be treated as arguments to option '\1'. BSD getopt match '-' in optstring with a '-' on the command line. This is used to support deprecated options like "su -" that would otherwise prevent the use of getopt(). Resolving this simply requires that the leading '-' be moved somewhere else (I moved it to the end of optstring) since position within optstring is not meaningful. | |||
2002-12-07 | Repair -a flag parsing which I broke in revision 1.47. | Todd C. Miller | |
2002-11-14 | use $ or # before commands in examples | Theo de Raadt | |
2002-11-08 | In login emulation mode use the same setusercontext() flags as | Todd C. Miller | |
login(1). Previously, setlogin() was not being done in -L mode. | |||
2002-10-16 | Add a new flag, -L, to cause su(1) to loop asking for a login/password | Todd C. Miller | |
repeatedly until the user authenticates or interrupts things. This will be used to make login(1) no longer setuid. | |||
2002-07-22 | auth_close() was not actually getting called in auth_errx?() (not | Todd C. Miller | |
that it really makes much of a difference). Call vwarnx?() instead of verrx?() and then do the exit inline after auth_close(). That's what I get for doing a cut & paste from err.c... | |||
2002-05-29 | KNF | Theo de Raadt | |
2002-03-27 | We uyse 'krb4', not 'kerberos' for the authentication type. Also | Todd C. Miller | |
provide an example for -a usage. Closes PR 2423. | |||
2002-02-19 | We live in an ANSI C world. Remove lots of gratuitous #ifdef __STDC__ cruft. | Todd C. Miller | |
2002-02-17 | mention that '-' is the deprecated form of '-l' | Todd C. Miller | |
2002-02-16 | Part one of userland __P removal. Done with a simple regexp with some minor ↵ | Todd C. Miller | |
hand editing to make comments line up correctly. Another pass is forthcoming that handles the cases that could not be done automatically. | |||
2001-09-18 | check strdup() rval | Todd C. Miller | |
2001-09-18 | Make a private copy of pwd via pw_dup() since its contents can get | Todd C. Miller | |
clobbered later on. For some reason this only seems to affect YP. | |||
2001-08-26 | su(1) see also: sudo(8) - users coming fron other UNIX environments may | Heikki Korpela | |
be using su for purposes where sudo would serve better. Suggested by <allenwc@home.com>. Ok millert@ | |||
2001-06-25 | Instead of trying to do clever and figure out a root instance for Kerberos, | Hans Insulander | |
send tell the auth program who the invoking user is, and rely on it to handle root instances for Kerberos. This makes the code much cleaner and simpler. ok millertt@ | |||
2001-06-25 | Add a "login" option to allow differentiation between authentication | Todd C. Miller | |
that creates a login session vs. a simple identity check. Gets passed as a -v option to the login scripts. To be used by kerberos to know when to create new tickets. | |||
2001-05-31 | nuke errant ARGSTR that I osmehow missed in the last commit | Todd C. Miller | |
2001-05-31 | no longer need ARGSTR macro; sync usage() with man page | Todd C. Miller | |
2001-05-29 | add support for BSD authentication | Todd C. Miller | |
2001-05-01 | Remove completely redundant introductory sentences in ENVIRONMENT sections. | Aaron Campbell | |
2000-12-02 | Check for symlinks before overwriting kerberos ticket files. | Hans Insulander | |
While i'm at it, make sure not to use Kerberos at all if there is no local srvtab. Based on patch from Todd Miller. Reported by <jouko@solutions.fi>. | |||
2000-09-15 | check return value for setenv(3) for failure, and deal appropriately | Theo de Raadt | |
2000-09-03 | Boring... Add :L modifier to all tweakable variables tests. | Marc Espie | |
Closes PR 1246 | |||
2000-08-20 | Add calls to setusercontext() and login_get*(). We basically call | Todd C. Miller | |
setusercontext() in most places where previously we did a setlogin(). Add default login.conf file and put root in the "daemon" login class. | |||
2000-06-30 | warnx?/errx? paranoia (use "%s" not a bare string unless it is a | Todd C. Miller | |
constant). These are not security holes but it is worth fixing them anyway both for robustness and so folks looking for examples in the tree are not misled into doing something potentially dangerous. Furthermore, it is a bad idea to assume that pathnames will not include '%' in them and that error routines don't return strings with '%' in them (especially in light of the possibility of locales). | |||
2000-03-11 | Various cleanups and standardizations. | Aaron Campbell | |
1999-06-05 | - remove trailing white space | Aaron Campbell | |
- remove arguments from .Os macros - remove arguments from .Nm macros, where appropriate - some more Dq/Sq/Ql insanity - still lots to do in the usr.bin tree... :/ | |||
1998-09-27 | usr.bin/ man page cleanups, n-s | Aaron Campbell | |
1998-03-25 | explicit braces to avoid ambigious `else', some small -Wall fixes | Artur Grabowski | |
and prettier output when asking for kerberos passwd. | |||
1997-09-11 | cleanup -Wall | Theo de Raadt | |
1997-09-04 | clarify usage of wheel group; twp@tezcat.com | Niels Provos | |
1997-06-29 | new location of des.h | Niels Provos | |
1997-06-27 | fix up KRBTKFILE confusion; dm@ and traister@gate.net | Theo de Raadt | |
1997-06-23 | long != int | Theo de Raadt | |
1997-06-22 | %u for uid | Theo de Raadt | |
1997-06-21 | push KRBTKFILE only if new ticket; dm@openbsd.org and traister@gate.net | Theo de Raadt | |
1997-06-20 | worry about #ifdef KERBEROS | Theo de Raadt | |
1997-06-20 | when building new environment, do not destroy KRBTKFILE; traister@gate.net | Theo de Raadt | |
1997-06-20 | do not conflict with realloc() in setenv(); traister@gate.net | Theo de Raadt | |
1997-04-19 | Changed ``defined(KERBEROS)'' to ``(${KERBEROS} == "yes")'' | Todd C. Miller | |
Same change doen for SKEY, YP, and KERBEROS5. This allows people to override those setting in /etc/mk.conf. | |||
1997-03-26 | no libcrypt, fix DPADD | Theo de Raadt | |
1997-02-18 | Undo last changes; it makes it impossible to suspect su in Kerberos mode, | Thorsten Lockert | |
and also interferes with multiple sessions by removing tickets potentially in use by those other sessions. | |||
1997-02-11 | Fix for non-kerberos. | Todd C. Miller | |
1997-02-11 | Handle tickets the same way as login(1) does; remove when session ends | Thorsten Lockert | |
1997-01-15 | getopt(3) returns -1 when out of args, not EOF, whee! | Todd C. Miller | |
1996-12-22 | Deal with _POSIX_SAVED_IDS when relinquishing privileges | Thorsten Lockert | |
1996-10-27 | Don't use "user" arg verbatim from argv, use the sanitized one in | Todd C. Miller | |
struct passwd just to be safe. | |||
1996-10-26 | Now sets $LOGNAME as per POSIX. | Todd C. Miller | |
1996-10-23 | skey_authenticate() now fakes up a challenge if user does not | Todd C. Miller | |
have an entry in the keys file. Don't want to give info to information gathering attack. |