src - OpenBSD base system

Age	Commit message (Collapse)	Author
2011-01-11	Allow su -l to login to a user that has a non-existent home directory,	Robert Nagy
	unless requirehome is specified in login.conf for the login class. If requirehome is not specified the user will be logged in with HOME=/ This is what login(1) and ssh(1) does too. ok millert@
2010-12-13	Call setusercontext() with the LOGIN_SETENV flag for "su -l" to pick up	Todd C. Miller
	environment variables specified in login.conf. Based on a diff from robert@. OK robert@ otto@
2010-12-10	- don't use memory from the session we've already cleaned in the	Martynas Venckus
	loop. fixes "login foo" and "su -L foo". ok millert@, otto@
2010-12-10	It is user/root not user.root for kerberos 5.	Todd C. Miller

2010-12-10	Try to make this a little less kerberos-centric and remove a BUGS	Todd C. Miller
	entry now that we have the -s option. OK jmc@
2010-12-09	.Bk/.Ek is required now to keep the output generated from each macro	Igor Sobrado
	input line together on one single output line. ok jmc@ and millert@, who also noticed the ugly break.
2010-12-09	spacing, no functional change.	Igor Sobrado

2010-12-09	usage should fit on a 80-column display	Igor Sobrado
	ok millert@
2010-12-09	add -s to usage	Igor Sobrado

2010-12-09	Add support for "-s shell" to su(1). This can be used by the superuser	Todd C. Miller
	to run a different shell than what the password database contains. Based on a diff from robert@. OK robert@ deraadt@
2009-10-28	rcsid[] and sccsid[] and copyright[] are essentially unmaintained (and	Theo de Raadt
	unmaintainable). these days, people use source. these id's do not provide any benefit, and do hurt the small install media (the 33,000 line diff is essentially mechanical) ok with the idea millert, ok dms
2007-10-19	do setegid() before seteuid(); see pr 5605 for more info; ok millert	Theo de Raadt

2007-05-31	convert to new .Dd format;	Jason McIntyre

2005-04-18	use a standard EXAMPLES format;	Jason McIntyre
	also there's no need for a list in here;
2005-04-18	add an example using both -c login_class and -c shell_arg;	Jason McIntyre
	requested by stuart henderson (pr #4178); ok millert@ deraadt@ beck@
2005-01-22	put -K in the right place;	Jason McIntyre
	-a and -c take args;
2003-11-09	Typos in comments from Jared Yanovich <jjy2+ at pitt dot edu>	Otto Moerbeek

2003-09-26	Typos: defintion -> definition, proccess -> process	Miod Vallat
	There are more occurences hiding in binutils, lynx and afs but I am too lazy to report them upstream at the moment.
2003-07-25	remove obsolete kerberos references;	Jason McIntyre
	ok hin@
2003-06-21	correct sign of flags; millert ok	Theo de Raadt

2003-06-20	Call setusershell() before using getusershell() to guarantee we	Todd C. Miller
	start checking on the first line of /etc/shells. Also call endusershell() when we are done. From FreeBSD.
2003-06-10	- section reorder	Jason McIntyre
	- COMPATIBILITY merge - macro cleanup - kill whitespace at EOL - new sentence, new line ssh pages ok markus@
2003-06-03	Remove the advertising clause in the UCB license which Berkeley	Todd C. Miller
	rescinded 22 July 1999. Proofed by myself and Theo.
2002-12-17	Only call setlogin() if this proccess is a session leader.	Todd C. Miller
	In practice, this means the login name will be set only if we are exec'd by a shell. This is important because otherwise the parent shell's login name would change too.
2002-12-08	GNU semantics say that if optstring begins with '-' then	Todd C. Miller
	each non-option shall be treated as arguments to option '\1'. BSD getopt match '-' in optstring with a '-' on the command line. This is used to support deprecated options like "su -" that would otherwise prevent the use of getopt(). Resolving this simply requires that the leading '-' be moved somewhere else (I moved it to the end of optstring) since position within optstring is not meaningful.
2002-12-07	Repair -a flag parsing which I broke in revision 1.47.	Todd C. Miller

2002-11-14	use $ or # before commands in examples	Theo de Raadt

2002-11-08	In login emulation mode use the same setusercontext() flags as	Todd C. Miller
	login(1). Previously, setlogin() was not being done in -L mode.
2002-10-16	Add a new flag, -L, to cause su(1) to loop asking for a login/password	Todd C. Miller
	repeatedly until the user authenticates or interrupts things. This will be used to make login(1) no longer setuid.
2002-07-22	auth_close() was not actually getting called in auth_errx?() (not	Todd C. Miller
	that it really makes much of a difference). Call vwarnx?() instead of verrx?() and then do the exit inline after auth_close(). That's what I get for doing a cut & paste from err.c...
2002-05-29	KNF	Theo de Raadt

2002-03-27	We uyse 'krb4', not 'kerberos' for the authentication type. Also	Todd C. Miller
	provide an example for -a usage. Closes PR 2423.
2002-02-19	We live in an ANSI C world. Remove lots of gratuitous #ifdef __STDC__ cruft.	Todd C. Miller

2002-02-17	mention that '-' is the deprecated form of '-l'	Todd C. Miller

2002-02-16	Part one of userland __P removal. Done with a simple regexp with some minor ↵	Todd C. Miller
	hand editing to make comments line up correctly. Another pass is forthcoming that handles the cases that could not be done automatically.
2001-09-18	check strdup() rval	Todd C. Miller

2001-09-18	Make a private copy of pwd via pw_dup() since its contents can get	Todd C. Miller
	clobbered later on. For some reason this only seems to affect YP.
2001-08-26	su(1) see also: sudo(8) - users coming fron other UNIX environments may	Heikki Korpela
	be using su for purposes where sudo would serve better. Suggested by <allenwc@home.com>. Ok millert@
2001-06-25	Instead of trying to do clever and figure out a root instance for Kerberos,	Hans Insulander
	send tell the auth program who the invoking user is, and rely on it to handle root instances for Kerberos. This makes the code much cleaner and simpler. ok millertt@
2001-06-25	Add a "login" option to allow differentiation between authentication	Todd C. Miller
	that creates a login session vs. a simple identity check. Gets passed as a -v option to the login scripts. To be used by kerberos to know when to create new tickets.
2001-05-31	nuke errant ARGSTR that I osmehow missed in the last commit	Todd C. Miller

2001-05-31	no longer need ARGSTR macro; sync usage() with man page	Todd C. Miller

2001-05-29	add support for BSD authentication	Todd C. Miller

2001-05-01	Remove completely redundant introductory sentences in ENVIRONMENT sections.	Aaron Campbell

2000-12-02	Check for symlinks before overwriting kerberos ticket files.	Hans Insulander
	While i'm at it, make sure not to use Kerberos at all if there is no local srvtab. Based on patch from Todd Miller. Reported by <jouko@solutions.fi>.
2000-09-15	check return value for setenv(3) for failure, and deal appropriately	Theo de Raadt

2000-09-03	Boring... Add :L modifier to all tweakable variables tests.	Marc Espie
	Closes PR 1246
2000-08-20	Add calls to setusercontext() and login_get*(). We basically call	Todd C. Miller
	setusercontext() in most places where previously we did a setlogin(). Add default login.conf file and put root in the "daemon" login class.
2000-06-30	warnx?/errx? paranoia (use "%s" not a bare string unless it is a	Todd C. Miller
	constant). These are not security holes but it is worth fixing them anyway both for robustness and so folks looking for examples in the tree are not misled into doing something potentially dangerous. Furthermore, it is a bad idea to assume that pathnames will not include '%' in them and that error routines don't return strings with '%' in them (especially in light of the possibility of locales).
2000-03-11	Various cleanups and standardizations.	Aaron Campbell