summaryrefslogtreecommitdiff
path: root/usr.bin/su
AgeCommit message (Collapse)Author
2002-11-14use $ or # before commands in examplesTheo de Raadt
2002-11-08In login emulation mode use the same setusercontext() flags asTodd C. Miller
login(1). Previously, setlogin() was not being done in -L mode.
2002-10-16Add a new flag, -L, to cause su(1) to loop asking for a login/passwordTodd C. Miller
repeatedly until the user authenticates or interrupts things. This will be used to make login(1) no longer setuid.
2002-07-22auth_close() was not actually getting called in auth_errx?() (notTodd C. Miller
that it really makes much of a difference). Call vwarnx?() instead of verrx?() and then do the exit inline after auth_close(). That's what I get for doing a cut & paste from err.c...
2002-05-29KNFTheo de Raadt
2002-03-27We uyse 'krb4', not 'kerberos' for the authentication type. AlsoTodd C. Miller
provide an example for -a usage. Closes PR 2423.
2002-02-19We live in an ANSI C world. Remove lots of gratuitous #ifdef __STDC__ cruft.Todd C. Miller
2002-02-17mention that '-' is the deprecated form of '-l'Todd C. Miller
2002-02-16Part one of userland __P removal. Done with a simple regexp with some minor ↵Todd C. Miller
hand editing to make comments line up correctly. Another pass is forthcoming that handles the cases that could not be done automatically.
2001-09-18check strdup() rvalTodd C. Miller
2001-09-18Make a private copy of pwd via pw_dup() since its contents can getTodd C. Miller
clobbered later on. For some reason this only seems to affect YP.
2001-08-26su(1) see also: sudo(8) - users coming fron other UNIX environments mayHeikki Korpela
be using su for purposes where sudo would serve better. Suggested by <allenwc@home.com>. Ok millert@
2001-06-25Instead of trying to do clever and figure out a root instance for Kerberos,Hans Insulander
send tell the auth program who the invoking user is, and rely on it to handle root instances for Kerberos. This makes the code much cleaner and simpler. ok millertt@
2001-06-25Add a "login" option to allow differentiation between authenticationTodd C. Miller
that creates a login session vs. a simple identity check. Gets passed as a -v option to the login scripts. To be used by kerberos to know when to create new tickets.
2001-05-31nuke errant ARGSTR that I osmehow missed in the last commitTodd C. Miller
2001-05-31no longer need ARGSTR macro; sync usage() with man pageTodd C. Miller
2001-05-29add support for BSD authenticationTodd C. Miller
2001-05-01Remove completely redundant introductory sentences in ENVIRONMENT sections.Aaron Campbell
2000-12-02Check for symlinks before overwriting kerberos ticket files.Hans Insulander
While i'm at it, make sure not to use Kerberos at all if there is no local srvtab. Based on patch from Todd Miller. Reported by <jouko@solutions.fi>.
2000-09-15check return value for setenv(3) for failure, and deal appropriatelyTheo de Raadt
2000-09-03Boring... Add :L modifier to all tweakable variables tests.Marc Espie
Closes PR 1246
2000-08-20Add calls to setusercontext() and login_get*(). We basically callTodd C. Miller
setusercontext() in most places where previously we did a setlogin(). Add default login.conf file and put root in the "daemon" login class.
2000-06-30warnx?/errx? paranoia (use "%s" not a bare string unless it is aTodd C. Miller
constant). These are not security holes but it is worth fixing them anyway both for robustness and so folks looking for examples in the tree are not misled into doing something potentially dangerous. Furthermore, it is a bad idea to assume that pathnames will not include '%' in them and that error routines don't return strings with '%' in them (especially in light of the possibility of locales).
2000-03-11Various cleanups and standardizations.Aaron Campbell
1999-06-05- remove trailing white spaceAaron Campbell
- remove arguments from .Os macros - remove arguments from .Nm macros, where appropriate - some more Dq/Sq/Ql insanity - still lots to do in the usr.bin tree... :/
1998-09-27usr.bin/ man page cleanups, n-sAaron Campbell
1998-03-25explicit braces to avoid ambigious `else', some small -Wall fixesArtur Grabowski
and prettier output when asking for kerberos passwd.
1997-09-11cleanup -WallTheo de Raadt
1997-09-04clarify usage of wheel group; twp@tezcat.comNiels Provos
1997-06-29new location of des.hNiels Provos
1997-06-27fix up KRBTKFILE confusion; dm@ and traister@gate.netTheo de Raadt
1997-06-23long != intTheo de Raadt
1997-06-22%u for uidTheo de Raadt
1997-06-21push KRBTKFILE only if new ticket; dm@openbsd.org and traister@gate.netTheo de Raadt
1997-06-20worry about #ifdef KERBEROSTheo de Raadt
1997-06-20when building new environment, do not destroy KRBTKFILE; traister@gate.netTheo de Raadt
1997-06-20do not conflict with realloc() in setenv(); traister@gate.netTheo de Raadt
1997-04-19Changed ``defined(KERBEROS)'' to ``(${KERBEROS} == "yes")''Todd C. Miller
Same change doen for SKEY, YP, and KERBEROS5. This allows people to override those setting in /etc/mk.conf.
1997-03-26no libcrypt, fix DPADDTheo de Raadt
1997-02-18Undo last changes; it makes it impossible to suspect su in Kerberos mode,Thorsten Lockert
and also interferes with multiple sessions by removing tickets potentially in use by those other sessions.
1997-02-11Fix for non-kerberos.Todd C. Miller
1997-02-11Handle tickets the same way as login(1) does; remove when session endsThorsten Lockert
1997-01-15getopt(3) returns -1 when out of args, not EOF, whee!Todd C. Miller
1996-12-22Deal with _POSIX_SAVED_IDS when relinquishing privilegesThorsten Lockert
1996-10-27Don't use "user" arg verbatim from argv, use the sanitized one inTodd C. Miller
struct passwd just to be safe.
1996-10-26Now sets $LOGNAME as per POSIX.Todd C. Miller
1996-10-23skey_authenticate() now fakes up a challenge if user does notTodd C. Miller
have an entry in the keys file. Don't want to give info to information gathering attack.
1996-10-21compileTheo de Raadt
1996-10-21Test first, then commit, eh?Todd C. Miller
1996-10-21save a cycle on strncpy() -- pointed out by TheoTodd C. Miller