summaryrefslogtreecommitdiff
path: root/usr.bin/su
AgeCommit message (Collapse)Author
2001-09-18check strdup() rvalTodd C. Miller
2001-09-18Make a private copy of pwd via pw_dup() since its contents can getTodd C. Miller
clobbered later on. For some reason this only seems to affect YP.
2001-08-26su(1) see also: sudo(8) - users coming fron other UNIX environments mayHeikki Korpela
be using su for purposes where sudo would serve better. Suggested by <allenwc@home.com>. Ok millert@
2001-06-25Instead of trying to do clever and figure out a root instance for Kerberos,Hans Insulander
send tell the auth program who the invoking user is, and rely on it to handle root instances for Kerberos. This makes the code much cleaner and simpler. ok millertt@
2001-06-25Add a "login" option to allow differentiation between authenticationTodd C. Miller
that creates a login session vs. a simple identity check. Gets passed as a -v option to the login scripts. To be used by kerberos to know when to create new tickets.
2001-05-31nuke errant ARGSTR that I osmehow missed in the last commitTodd C. Miller
2001-05-31no longer need ARGSTR macro; sync usage() with man pageTodd C. Miller
2001-05-29add support for BSD authenticationTodd C. Miller
2001-05-01Remove completely redundant introductory sentences in ENVIRONMENT sections.Aaron Campbell
2000-12-02Check for symlinks before overwriting kerberos ticket files.Hans Insulander
While i'm at it, make sure not to use Kerberos at all if there is no local srvtab. Based on patch from Todd Miller. Reported by <jouko@solutions.fi>.
2000-09-15check return value for setenv(3) for failure, and deal appropriatelyTheo de Raadt
2000-09-03Boring... Add :L modifier to all tweakable variables tests.Marc Espie
Closes PR 1246
2000-08-20Add calls to setusercontext() and login_get*(). We basically callTodd C. Miller
setusercontext() in most places where previously we did a setlogin(). Add default login.conf file and put root in the "daemon" login class.
2000-06-30warnx?/errx? paranoia (use "%s" not a bare string unless it is aTodd C. Miller
constant). These are not security holes but it is worth fixing them anyway both for robustness and so folks looking for examples in the tree are not misled into doing something potentially dangerous. Furthermore, it is a bad idea to assume that pathnames will not include '%' in them and that error routines don't return strings with '%' in them (especially in light of the possibility of locales).
2000-03-11Various cleanups and standardizations.Aaron Campbell
1999-06-05- remove trailing white spaceAaron Campbell
- remove arguments from .Os macros - remove arguments from .Nm macros, where appropriate - some more Dq/Sq/Ql insanity - still lots to do in the usr.bin tree... :/
1998-09-27usr.bin/ man page cleanups, n-sAaron Campbell
1998-03-25explicit braces to avoid ambigious `else', some small -Wall fixesArtur Grabowski
and prettier output when asking for kerberos passwd.
1997-09-11cleanup -WallTheo de Raadt
1997-09-04clarify usage of wheel group; twp@tezcat.comNiels Provos
1997-06-29new location of des.hNiels Provos
1997-06-27fix up KRBTKFILE confusion; dm@ and traister@gate.netTheo de Raadt
1997-06-23long != intTheo de Raadt
1997-06-22%u for uidTheo de Raadt
1997-06-21push KRBTKFILE only if new ticket; dm@openbsd.org and traister@gate.netTheo de Raadt
1997-06-20worry about #ifdef KERBEROSTheo de Raadt
1997-06-20when building new environment, do not destroy KRBTKFILE; traister@gate.netTheo de Raadt
1997-06-20do not conflict with realloc() in setenv(); traister@gate.netTheo de Raadt
1997-04-19Changed ``defined(KERBEROS)'' to ``(${KERBEROS} == "yes")''Todd C. Miller
Same change doen for SKEY, YP, and KERBEROS5. This allows people to override those setting in /etc/mk.conf.
1997-03-26no libcrypt, fix DPADDTheo de Raadt
1997-02-18Undo last changes; it makes it impossible to suspect su in Kerberos mode,Thorsten Lockert
and also interferes with multiple sessions by removing tickets potentially in use by those other sessions.
1997-02-11Fix for non-kerberos.Todd C. Miller
1997-02-11Handle tickets the same way as login(1) does; remove when session endsThorsten Lockert
1997-01-15getopt(3) returns -1 when out of args, not EOF, whee!Todd C. Miller
1996-12-22Deal with _POSIX_SAVED_IDS when relinquishing privilegesThorsten Lockert
1996-10-27Don't use "user" arg verbatim from argv, use the sanitized one inTodd C. Miller
struct passwd just to be safe.
1996-10-26Now sets $LOGNAME as per POSIX.Todd C. Miller
1996-10-23skey_authenticate() now fakes up a challenge if user does notTodd C. Miller
have an entry in the keys file. Don't want to give info to information gathering attack.
1996-10-21compileTheo de Raadt
1996-10-21Test first, then commit, eh?Todd C. Miller
1996-10-21save a cycle on strncpy() -- pointed out by TheoTodd C. Miller
1996-10-21sheer raging paranoia -- possible buf olfow. Does not look exploitable.Todd C. Miller
1996-10-16Check ret val of strdup(3) -- may be NULL.Todd C. Miller
1996-10-12su.c: minor cleanup, some from FreeBSDTodd C. Miller
su.1: Examples from FreeBSD + minor nits fixed.
1996-10-12Fix suage string to match man page. NetBSD PR #2837Todd C. Miller
1996-10-08export $TERM only if passed in; joerg@freebsd.orgTheo de Raadt
1996-07-22seteuid for chdirTheo de Raadt
1996-06-26rcsidTheo de Raadt
1996-02-15libcrypt no longer a link dependancy.etheisen
1996-01-07more traditional semantics. if wheel group has no listed users, anyoneTheo de Raadt
can su to root. default wheel group lists "root" as a user, thus defaulting to a secure envirment. from arnej@pvv.unit.no; netbsd pr#1894