Up to [local] / src / usr.bin / su
Request diff between arbitrary revisions
Default branch: MAIN
Revision 1.89 / (download) - annotate - [select for diffs], Thu Dec 22 19:53:23 2022 UTC (17 months, 2 weeks ago) by kn
Branch: MAIN
CVS Tags: OPENBSD_7_5_BASE,
OPENBSD_7_5,
OPENBSD_7_4_BASE,
OPENBSD_7_4,
OPENBSD_7_3_BASE,
OPENBSD_7_3,
HEAD
Changes since 1.88: +2 -2 lines
Diff to previous 1.88 (colored) to selected 1.10 (colored)
Denote multiple arguments with 'arg ...' not 'args' A few programs used the plural in their synopsis which doesn't read as clear as the obvious triple-dot notation. mdoc(7) .Ar defaults to "file ..." if no arguments are given and consistent use of 'arg ...' matches that behaviour. Cleanup a few markups of the same argument so the text keeps reading naturally; omit unhelpful parts like 'if optional arguments are given, they are passed along' for tools like time(1) and timeout(1) that obviously execute commands with whatever arguments where given -- just like doas(1) which doesn't mention arguments in its DESCRIPTION in the first place. For expr(1) the difference between 'expressions' and 'expression ...' is crucial, as arguments must be passed as individual words. Feedback millert jmc schwarze deraadt OK jmc
Revision 1.88 / (download) - annotate - [select for diffs], Wed Mar 23 02:18:22 2022 UTC (2 years, 2 months ago) by deraadt
Branch: MAIN
CVS Tags: OPENBSD_7_2_BASE,
OPENBSD_7_2,
OPENBSD_7_1_BASE,
OPENBSD_7_1
Changes since 1.87: +3 -1 lines
Diff to previous 1.87 (colored) to selected 1.10 (colored)
Now that libc setusercontext() handling of setrtable is repaired, su(8) can set LOGIN_SETRTABLE once again. ok millert
Revision 1.87 / (download) - annotate - [select for diffs], Sat Mar 19 10:28:38 2022 UTC (2 years, 2 months ago) by sthen
Branch: MAIN
Changes since 1.86: +0 -2 lines
Diff to previous 1.86 (colored) to selected 1.10 (colored)
backout r1.86 "login class routing table should be honored when doing a full login with su -l", it breaks rc.d(8) daemon_rtable
Revision 1.86 / (download) - annotate - [select for diffs], Tue Mar 15 17:13:50 2022 UTC (2 years, 2 months ago) by solene
Branch: MAIN
Changes since 1.85: +3 -1 lines
Diff to previous 1.85 (colored) to selected 1.10 (colored)
login class routing table should be honored when doing a full login with su -l ok millert@ patch from Matthew Martin < phy1729 at gmail dot com >
Revision 1.85 / (download) - annotate - [select for diffs], Thu Feb 10 13:06:46 2022 UTC (2 years, 3 months ago) by robert
Branch: MAIN
Changes since 1.84: +3 -1 lines
Diff to previous 1.84 (colored) to selected 1.10 (colored)
unveil _PATH_LOGIN_CONF_D
Revision 1.84 / (download) - annotate - [select for diffs], Mon Jul 12 15:09:20 2021 UTC (2 years, 10 months ago) by beck
Branch: MAIN
CVS Tags: OPENBSD_7_0_BASE,
OPENBSD_7_0
Changes since 1.83: +10 -10 lines
Diff to previous 1.83 (colored) to selected 1.10 (colored)
Change the error reporting pattern throughout the tree when unveil fails to report the path that the failure occured on. Suggested by deraadt@ after some tech discussion. Work done and verified by Ashton Fagg <ashton@fagg.id.au> ok deraadt@ semarie@ claudio@
Revision 1.83 / (download) - annotate - [select for diffs], Fri Oct 30 16:23:57 2020 UTC (3 years, 7 months ago) by millert
Branch: MAIN
CVS Tags: OPENBSD_6_9_BASE,
OPENBSD_6_9
Changes since 1.82: +2 -2 lines
Diff to previous 1.82 (colored) to selected 1.10 (colored)
auth_approval() does not necessarily set errno on failure. From Piotr Durlej.
Revision 1.82 / (download) - annotate - [select for diffs], Mon Aug 17 18:12:12 2020 UTC (3 years, 9 months ago) by semarie
Branch: MAIN
CVS Tags: OPENBSD_6_8_BASE,
OPENBSD_6_8
Changes since 1.81: +3 -1 lines
Diff to previous 1.81 (colored) to selected 1.10 (colored)
honor /etc/nologin by unveiled it ok deraadt@
Revision 1.81 / (download) - annotate - [select for diffs], Wed Jul 8 15:36:35 2020 UTC (3 years, 11 months ago) by jca
Branch: MAIN
Changes since 1.80: +10 -9 lines
Diff to previous 1.80 (colored) to selected 1.10 (colored)
Simplify csh vs other shells setup code ok millert@
Revision 1.80 / (download) - annotate - [select for diffs], Wed Jul 8 10:35:06 2020 UTC (3 years, 11 months ago) by jca
Branch: MAIN
Changes since 1.79: +6 -4 lines
Diff to previous 1.79 (colored) to selected 1.10 (colored)
Teach su -l -f how to start a regular shell for non-csh shells su -l does nice things like reset the environment and change the home directory, but it also always starts the user's shell as a login shell (argv[0] == '-'). This is a problem for su -l consumers like rc.d, where e.g. /root/.profile is read by the shell before starting a daemon as root. This tends to blow up if the admin introduces side effects to /root/.profile (or /etc/profile). csh supports an -f flag to skip reading .cshrc and .login, and su already has special support for it. Similarly, teach su -l -f how to start a regular shell (not a login shell) for non-csh shells. Discussion started by robert@ during p2k19 and revived by ajacoutot@, help and ok kn@ millert@
Revision 1.73.2.2 / (download) - annotate - [select for diffs], Mon Dec 9 04:51:48 2019 UTC (4 years, 6 months ago) by tb
Branch: OPENBSD_6_5
Changes since 1.73.2.1: +7 -5 lines
Diff to previous 1.73.2.1 (colored) to branchpoint 1.73 (colored) next main 1.74 (colored) to selected 1.10 (colored)
In -L (loop) mode, reset the login class each time through the loop. Otherwise, it is possible to log in with another user's login class. Fixes CVE-2019-19519. OK deraadt@ markus@ OpenBSD 6.5 errata 023
Revision 1.77.2.2 / (download) - annotate - [select for diffs], Mon Dec 9 04:50:42 2019 UTC (4 years, 6 months ago) by tb
Branch: OPENBSD_6_6
Changes since 1.77.2.1: +7 -5 lines
Diff to previous 1.77.2.1 (colored) to branchpoint 1.77 (colored) next main 1.78 (colored) to selected 1.10 (colored)
In -L (loop) mode, reset the login class each time through the loop. Otherwise, it is possible to log in with another user's login class. Fixes CVE-2019-19519. OK deraadt@ markus@ OpenBSD 6.6 errata 012
Revision 1.79 / (download) - annotate - [select for diffs], Sat Dec 7 19:23:21 2019 UTC (4 years, 6 months ago) by millert
Branch: MAIN
CVS Tags: OPENBSD_6_7_BASE,
OPENBSD_6_7
Changes since 1.78: +7 -5 lines
Diff to previous 1.78 (colored) to selected 1.10 (colored)
In -L (loop) mode, reset the login class each time through the loop. Otherwise, it is possible to log in with another user's login class. Fixes CVE-2019-19519. OK deraadt@ markus@
Revision 1.77.2.1 / (download) - annotate - [select for diffs], Wed Dec 4 09:52:22 2019 UTC (4 years, 6 months ago) by deraadt
Branch: OPENBSD_6_6
Changes since 1.77: +7 -5 lines
Diff to previous 1.77 (colored) to selected 1.10 (colored)
This is 6.6/010_libcauth.patch.sig libc's authentication privsep layer performed insufficient username validation. Repair work mostly by markus and millert, first of all solving the primary problem, then adding some additional validation points. And then futher validation in login and su. Reported by Qualys
Revision 1.73.2.1 / (download) - annotate - [select for diffs], Wed Dec 4 09:51:49 2019 UTC (4 years, 6 months ago) by deraadt
Branch: OPENBSD_6_5
Changes since 1.73: +7 -5 lines
Diff to previous 1.73 (colored) to selected 1.10 (colored)
This is 6.5/021_libcauth.patch.sig libc's authentication privsep layer performed insufficient username validation. Repair work mostly by markus and millert, first of all solving the primary problem, then adding some additional validation points. And then futher validation in login and su. Reported by Qualys
Revision 1.78 / (download) - annotate - [select for diffs], Wed Dec 4 09:51:09 2019 UTC (4 years, 6 months ago) by deraadt
Branch: MAIN
Changes since 1.77: +7 -5 lines
Diff to previous 1.77 (colored) to selected 1.10 (colored)
libc's authentication privsep layer performed insufficient username validation. Repair work mostly by markus and millert, first of all solving the primary problem, then adding some additional validation points. And then futher validation in login and su. This will be 6.5/021_libcauth.patch.sig and 6.6/010_libcauth.patch.sig Reported by Qualys
Revision 1.77 / (download) - annotate - [select for diffs], Sat Sep 14 17:47:01 2019 UTC (4 years, 8 months ago) by semarie
Branch: MAIN
CVS Tags: OPENBSD_6_6_BASE
Branch point for: OPENBSD_6_6
Changes since 1.76: +3 -1 lines
Diff to previous 1.76 (colored) to selected 1.10 (colored)
correct some unveil(2) violations due to "login.conf.db" access (the .db version of "login.conf"), and stat(2) on _PATH_MASTERPASSWD_LOCK (via pw_mkdb(3)). problem initially noted by myself for passwd(1) millert@ reported similar problem on chpass(1), su(1), doas(1) and encrypt(1) mestre@ noted chpass(1) too ok mestre@ millert@
Revision 1.76 / (download) - annotate - [select for diffs], Fri Jun 28 13:35:04 2019 UTC (4 years, 11 months ago) by deraadt
Branch: MAIN
Changes since 1.75: +3 -3 lines
Diff to previous 1.75 (colored) to selected 1.10 (colored)
When system calls indicate an error they return -1, not some arbitrary value < 0. errno is only updated in this case. Change all (most?) callers of syscalls to follow this better, and let's see if this strictness helps us in the future.
Revision 1.75 / (download) - annotate - [select for diffs], Thu Jun 20 00:41:18 2019 UTC (4 years, 11 months ago) by deraadt
Branch: MAIN
Changes since 1.74: +2 -2 lines
Diff to previous 1.74 (colored) to selected 1.10 (colored)
auth_approval() returns 0 on failure, so don't test for <= 0 (error has no effect. just striving for an accurate following of contract) ok millert
Revision 1.74 / (download) - annotate - [select for diffs], Wed Jun 19 16:26:27 2019 UTC (4 years, 11 months ago) by millert
Branch: MAIN
Changes since 1.73: +3 -3 lines
Diff to previous 1.73 (colored) to selected 1.10 (colored)
Fix regression introduced in rev. 1.59 where the wrong shell is checked in -m mode for non-root. The intent is that non-root shouldn't be able to run their own shell as the target user if the target user has a shell that is not listed in /etc/shells. This makes the code match the manual once again. OK schwarze@
Revision 1.73 / (download) - annotate - [select for diffs], Mon Jan 28 01:38:06 2019 UTC (5 years, 4 months ago) by deraadt
Branch: MAIN
CVS Tags: OPENBSD_6_5_BASE
Branch point for: OPENBSD_6_5
Changes since 1.72: +3 -1 lines
Diff to previous 1.72 (colored) to selected 1.10 (colored)
ttyname() is used, therefore must unveil _PATH_DEVDB. from Anton Borowka
Revision 1.72 / (download) - annotate - [select for diffs], Sun Oct 21 13:18:19 2018 UTC (5 years, 7 months ago) by deraadt
Branch: MAIN
Changes since 1.71: +3 -1 lines
Diff to previous 1.71 (colored) to selected 1.10 (colored)
need to unveil() /etc/shells also for -m option; ok florian
Revision 1.71 / (download) - annotate - [select for diffs], Thu Aug 23 16:52:13 2018 UTC (5 years, 9 months ago) by deraadt
Branch: MAIN
CVS Tags: OPENBSD_6_4_BASE,
OPENBSD_6_4
Changes since 1.70: +17 -3 lines
Diff to previous 1.70 (colored) to selected 1.10 (colored)
A sequence of increasingly restrictive pledges was already present in su. Rearrange them slightly, so that a unveil's can be added also. (Sometimes you only learn a required path late in the game, you don't know them upfront at program start. That is the tricky bit)
Revision 1.70 / (download) - annotate - [select for diffs], Fri Oct 30 19:45:03 2015 UTC (8 years, 7 months ago) by miod
Branch: MAIN
CVS Tags: OPENBSD_6_3_BASE,
OPENBSD_6_3,
OPENBSD_6_2_BASE,
OPENBSD_6_2,
OPENBSD_6_1_BASE,
OPENBSD_6_1,
OPENBSD_6_0_BASE,
OPENBSD_6_0,
OPENBSD_5_9_BASE,
OPENBSD_5_9
Changes since 1.69: +4 -4 lines
Diff to previous 1.69 (colored) to selected 1.10 (colored)
Redo 1.69, but correctly, so that this really works for yp setups.
Revision 1.69 / (download) - annotate - [select for diffs], Sat Oct 24 19:47:44 2015 UTC (8 years, 7 months ago) by miod
Branch: MAIN
Changes since 1.68: +4 -4 lines
Diff to previous 1.68 (colored) to selected 1.10 (colored)
Move removal of "getpw" pledge after all setusercontext() calls, for yp sake. Noticed by matthieu@
Revision 1.68 / (download) - annotate - [select for diffs], Fri Oct 23 03:44:59 2015 UTC (8 years, 7 months ago) by deraadt
Branch: MAIN
Changes since 1.67: +11 -1 lines
Diff to previous 1.67 (colored) to selected 1.10 (colored)
pledge "stdio rpath getpw proc exec id" at start, much like doas. 2 further pledges are possible, not as many as doas can do, because the order of some su operations is a bit different. also it is trying harder to please non-root nfs mounts?
Revision 1.67 / (download) - annotate - [select for diffs], Wed Apr 15 02:12:00 2015 UTC (9 years, 1 month ago) by deraadt
Branch: MAIN
CVS Tags: OPENBSD_5_8_BASE,
OPENBSD_5_8
Changes since 1.66: +7 -7 lines
Diff to previous 1.66 (colored) to selected 1.10 (colored)
remove historical (void)foo (which were only here to hide lint's undrenchable thirst for false positives)
Revision 1.66 / (download) - annotate - [select for diffs], Fri Jan 16 06:40:13 2015 UTC (9 years, 4 months ago) by deraadt
Branch: MAIN
CVS Tags: OPENBSD_5_7_BASE,
OPENBSD_5_7
Changes since 1.65: +4 -4 lines
Diff to previous 1.65 (colored) to selected 1.10 (colored)
Replace <sys/param.h> with <limits.h> and other less dirty headers where possible. Annotate <sys/param.h> lines with their current reasons. Switch to PATH_MAX, NGROUPS_MAX, HOST_NAME_MAX+1, LOGIN_NAME_MAX, etc. Change MIN() and MAX() to local definitions of MINIMUM() and MAXIMUM() where sensible to avoid pulling in the pollution. These are the files confirmed through binary verification. ok guenther, millert, doug (helped with the verification protocol)
Revision 1.65 / (download) - annotate - [select for diffs], Tue Jan 11 10:07:56 2011 UTC (13 years, 5 months ago) by robert
Branch: MAIN
CVS Tags: OPENBSD_5_6_BASE,
OPENBSD_5_6,
OPENBSD_5_5_BASE,
OPENBSD_5_5,
OPENBSD_5_4_BASE,
OPENBSD_5_4,
OPENBSD_5_3_BASE,
OPENBSD_5_3,
OPENBSD_5_2_BASE,
OPENBSD_5_2,
OPENBSD_5_1_BASE,
OPENBSD_5_1,
OPENBSD_5_0_BASE,
OPENBSD_5_0,
OPENBSD_4_9_BASE,
OPENBSD_4_9
Changes since 1.64: +16 -6 lines
Diff to previous 1.64 (colored) to selected 1.10 (colored)
Allow su -l to login to a user that has a non-existent home directory, unless requirehome is specified in login.conf for the login class. If requirehome is not specified the user will be logged in with HOME=/ This is what login(1) and ssh(1) does too. ok millert@
Revision 1.64 / (download) - annotate - [select for diffs], Mon Dec 13 14:46:19 2010 UTC (13 years, 6 months ago) by millert
Branch: MAIN
Changes since 1.63: +6 -4 lines
Diff to previous 1.63 (colored) to selected 1.10 (colored)
Call setusercontext() with the LOGIN_SETENV flag for "su -l" to pick up environment variables specified in login.conf. Based on a diff from robert@. OK robert@ otto@
Revision 1.63 / (download) - annotate - [select for diffs], Fri Dec 10 19:55:37 2010 UTC (13 years, 6 months ago) by martynas
Branch: MAIN
Changes since 1.62: +2 -2 lines
Diff to previous 1.62 (colored) to selected 1.10 (colored)
- don't use memory from the session we've already cleaned in the loop. fixes "login foo" and "su -L foo". ok millert@, otto@
Revision 1.62 / (download) - annotate - [select for diffs], Thu Dec 9 16:10:00 2010 UTC (13 years, 6 months ago) by sobrado
Branch: MAIN
Changes since 1.61: +2 -2 lines
Diff to previous 1.61 (colored) to selected 1.10 (colored)
spacing, no functional change.
Revision 1.61 / (download) - annotate - [select for diffs], Thu Dec 9 16:02:42 2010 UTC (13 years, 6 months ago) by sobrado
Branch: MAIN
Changes since 1.60: +4 -2 lines
Diff to previous 1.60 (colored) to selected 1.10 (colored)
usage should fit on a 80-column display ok millert@
Revision 1.60 / (download) - annotate - [select for diffs], Thu Dec 9 15:50:55 2010 UTC (13 years, 6 months ago) by sobrado
Branch: MAIN
Changes since 1.59: +2 -2 lines
Diff to previous 1.59 (colored) to selected 1.10 (colored)
add -s to usage
Revision 1.59 / (download) - annotate - [select for diffs], Thu Dec 9 15:45:30 2010 UTC (13 years, 6 months ago) by millert
Branch: MAIN
Changes since 1.58: +27 -14 lines
Diff to previous 1.58 (colored) to selected 1.10 (colored)
Add support for "-s shell" to su(1). This can be used by the superuser to run a different shell than what the password database contains. Based on a diff from robert@. OK robert@ deraadt@
Revision 1.58 / (download) - annotate - [select for diffs], Tue Oct 27 23:59:44 2009 UTC (14 years, 7 months ago) by deraadt
Branch: MAIN
CVS Tags: OPENBSD_4_8_BASE,
OPENBSD_4_8,
OPENBSD_4_7_BASE,
OPENBSD_4_7
Changes since 1.57: +1 -15 lines
Diff to previous 1.57 (colored) to selected 1.10 (colored)
rcsid[] and sccsid[] and copyright[] are essentially unmaintained (and unmaintainable). these days, people use source. these id's do not provide any benefit, and do hurt the small install media (the 33,000 line diff is essentially mechanical) ok with the idea millert, ok dms
Revision 1.57 / (download) - annotate - [select for diffs], Fri Oct 19 21:03:51 2007 UTC (16 years, 7 months ago) by deraadt
Branch: MAIN
CVS Tags: OPENBSD_4_6_BASE,
OPENBSD_4_6,
OPENBSD_4_5_BASE,
OPENBSD_4_5,
OPENBSD_4_4_BASE,
OPENBSD_4_4,
OPENBSD_4_3_BASE,
OPENBSD_4_3
Changes since 1.56: +4 -4 lines
Diff to previous 1.56 (colored) to selected 1.10 (colored)
do setegid() before seteuid(); see pr 5605 for more info; ok millert
Revision 1.56 / (download) - annotate - [select for diffs], Sun Nov 9 20:13:58 2003 UTC (20 years, 7 months ago) by otto
Branch: MAIN
CVS Tags: OPENBSD_4_2_BASE,
OPENBSD_4_2,
OPENBSD_4_1_BASE,
OPENBSD_4_1,
OPENBSD_4_0_BASE,
OPENBSD_4_0,
OPENBSD_3_9_BASE,
OPENBSD_3_9,
OPENBSD_3_8_BASE,
OPENBSD_3_8,
OPENBSD_3_7_BASE,
OPENBSD_3_7,
OPENBSD_3_6_BASE,
OPENBSD_3_6,
OPENBSD_3_5_BASE,
OPENBSD_3_5
Changes since 1.55: +3 -3 lines
Diff to previous 1.55 (colored) to selected 1.10 (colored)
Typos in comments from Jared Yanovich <jjy2+ at pitt dot edu>
Revision 1.55 / (download) - annotate - [select for diffs], Fri Sep 26 21:43:32 2003 UTC (20 years, 8 months ago) by miod
Branch: MAIN
Changes since 1.54: +3 -3 lines
Diff to previous 1.54 (colored) to selected 1.10 (colored)
Typos: defintion -> definition, proccess -> process There are more occurences hiding in binutils, lynx and afs but I am too lazy to report them upstream at the moment.
Revision 1.54 / (download) - annotate - [select for diffs], Sat Jun 21 23:27:33 2003 UTC (20 years, 11 months ago) by deraadt
Branch: MAIN
CVS Tags: OPENBSD_3_4_BASE,
OPENBSD_3_4
Changes since 1.53: +4 -3 lines
Diff to previous 1.53 (colored) to selected 1.10 (colored)
correct sign of flags; millert ok
Revision 1.53 / (download) - annotate - [select for diffs], Fri Jun 20 18:15:35 2003 UTC (20 years, 11 months ago) by millert
Branch: MAIN
Changes since 1.52: +14 -8 lines
Diff to previous 1.52 (colored) to selected 1.10 (colored)
Call setusershell() before using getusershell() to guarantee we start checking on the first line of /etc/shells. Also call endusershell() when we are done. From FreeBSD.
Revision 1.52 / (download) - annotate - [select for diffs], Tue Jun 3 02:56:17 2003 UTC (21 years ago) by millert
Branch: MAIN
Changes since 1.51: +3 -7 lines
Diff to previous 1.51 (colored) to selected 1.10 (colored)
Remove the advertising clause in the UCB license which Berkeley rescinded 22 July 1999. Proofed by myself and Theo.
Revision 1.51 / (download) - annotate - [select for diffs], Tue Dec 17 19:52:02 2002 UTC (21 years, 5 months ago) by millert
Branch: MAIN
CVS Tags: OPENBSD_3_3_BASE,
OPENBSD_3_3
Changes since 1.50: +12 -4 lines
Diff to previous 1.50 (colored) to selected 1.10 (colored)
Only call setlogin() if this proccess is a session leader. In practice, this means the login name will be set only if we are exec'd by a shell. This is important because otherwise the parent shell's login name would change too.
Revision 1.50 / (download) - annotate - [select for diffs], Sun Dec 8 16:50:07 2002 UTC (21 years, 6 months ago) by millert
Branch: MAIN
Changes since 1.49: +3 -3 lines
Diff to previous 1.49 (colored) to selected 1.10 (colored)
GNU semantics say that if optstring begins with '-' then each non-option shall be treated as arguments to option '\1'. BSD getopt match '-' in optstring with a '-' on the command line. This is used to support deprecated options like "su -" that would otherwise prevent the use of getopt(). Resolving this simply requires that the leading '-' be moved somewhere else (I moved it to the end of optstring) since position within optstring is not meaningful.
Revision 1.49 / (download) - annotate - [select for diffs], Sat Dec 7 22:54:13 2002 UTC (21 years, 6 months ago) by millert
Branch: MAIN
Changes since 1.48: +4 -5 lines
Diff to previous 1.48 (colored) to selected 1.10 (colored)
Repair -a flag parsing which I broke in revision 1.47.
Revision 1.48 / (download) - annotate - [select for diffs], Fri Nov 8 23:20:19 2002 UTC (21 years, 7 months ago) by millert
Branch: MAIN
Changes since 1.47: +9 -6 lines
Diff to previous 1.47 (colored) to selected 1.10 (colored)
In login emulation mode use the same setusercontext() flags as login(1). Previously, setlogin() was not being done in -L mode.
Revision 1.47 / (download) - annotate - [select for diffs], Wed Oct 16 01:06:32 2002 UTC (21 years, 8 months ago) by millert
Branch: MAIN
Changes since 1.46: +148 -65 lines
Diff to previous 1.46 (colored) to selected 1.10 (colored)
Add a new flag, -L, to cause su(1) to loop asking for a login/password repeatedly until the user authenticates or interrupts things. This will be used to make login(1) no longer setuid.
Revision 1.46 / (download) - annotate - [select for diffs], Mon Jul 22 04:51:17 2002 UTC (21 years, 10 months ago) by millert
Branch: MAIN
CVS Tags: OPENBSD_3_2_BASE,
OPENBSD_3_2
Changes since 1.45: +10 -6 lines
Diff to previous 1.45 (colored) to selected 1.10 (colored)
auth_close() was not actually getting called in auth_errx?() (not that it really makes much of a difference). Call vwarnx?() instead of verrx?() and then do the exit inline after auth_close(). That's what I get for doing a cut & paste from err.c...
Revision 1.45 / (download) - annotate - [select for diffs], Wed May 29 10:47:10 2002 UTC (22 years ago) by deraadt
Branch: MAIN
Changes since 1.44: +15 -19 lines
Diff to previous 1.44 (colored) to selected 1.10 (colored)
KNF
Revision 1.44 / (download) - annotate - [select for diffs], Tue Feb 19 19:39:39 2002 UTC (22 years, 3 months ago) by millert
Branch: MAIN
CVS Tags: OPENBSD_3_1_BASE,
OPENBSD_3_1
Changes since 1.43: +2 -38 lines
Diff to previous 1.43 (colored) to selected 1.10 (colored)
We live in an ANSI C world. Remove lots of gratuitous #ifdef __STDC__ cruft.
Revision 1.43 / (download) - annotate - [select for diffs], Sat Feb 16 21:27:54 2002 UTC (22 years, 3 months ago) by millert
Branch: MAIN
Changes since 1.42: +7 -7 lines
Diff to previous 1.42 (colored) to selected 1.10 (colored)
Part one of userland __P removal. Done with a simple regexp with some minor hand editing to make comments line up correctly. Another pass is forthcoming that handles the cases that could not be done automatically.
Revision 1.42 / (download) - annotate - [select for diffs], Tue Sep 18 16:37:59 2001 UTC (22 years, 8 months ago) by millert
Branch: MAIN
CVS Tags: OPENBSD_3_0_BASE,
OPENBSD_3_0
Changes since 1.41: +4 -3 lines
Diff to previous 1.41 (colored) to selected 1.10 (colored)
check strdup() rval
Revision 1.41 / (download) - annotate - [select for diffs], Tue Sep 18 04:41:09 2001 UTC (22 years, 8 months ago) by millert
Branch: MAIN
Changes since 1.40: +14 -11 lines
Diff to previous 1.40 (colored) to selected 1.10 (colored)
Make a private copy of pwd via pw_dup() since its contents can get clobbered later on. For some reason this only seems to affect YP.
Revision 1.40 / (download) - annotate - [select for diffs], Mon Jun 25 21:29:31 2001 UTC (22 years, 11 months ago) by hin
Branch: MAIN
Changes since 1.39: +7 -10 lines
Diff to previous 1.39 (colored) to selected 1.10 (colored)
Instead of trying to do clever and figure out a root instance for Kerberos, send tell the auth program who the invoking user is, and rely on it to handle root instances for Kerberos. This makes the code much cleaner and simpler. ok millertt@
Revision 1.39 / (download) - annotate - [select for diffs], Mon Jun 25 16:18:38 2001 UTC (22 years, 11 months ago) by millert
Branch: MAIN
Changes since 1.38: +4 -3 lines
Diff to previous 1.38 (colored) to selected 1.10 (colored)
Add a "login" option to allow differentiation between authentication that creates a login session vs. a simple identity check. Gets passed as a -v option to the login scripts. To be used by kerberos to know when to create new tickets.
Revision 1.38 / (download) - annotate - [select for diffs], Thu May 31 18:41:16 2001 UTC (23 years ago) by millert
Branch: MAIN
Changes since 1.37: +3 -3 lines
Diff to previous 1.37 (colored) to selected 1.10 (colored)
nuke errant ARGSTR that I osmehow missed in the last commit
Revision 1.37 / (download) - annotate - [select for diffs], Thu May 31 17:34:17 2001 UTC (23 years ago) by millert
Branch: MAIN
Changes since 1.36: +5 -7 lines
Diff to previous 1.36 (colored) to selected 1.10 (colored)
no longer need ARGSTR macro; sync usage() with man page
Revision 1.36 / (download) - annotate - [select for diffs], Tue May 29 21:40:36 2001 UTC (23 years ago) by millert
Branch: MAIN
Changes since 1.35: +153 -265 lines
Diff to previous 1.35 (colored) to selected 1.10 (colored)
add support for BSD authentication
Revision 1.34.2.1 / (download) - annotate - [select for diffs], Fri Dec 8 09:03:15 2000 UTC (23 years, 6 months ago) by hin
Branch: OPENBSD_2_8
Changes since 1.34: +22 -5 lines
Diff to previous 1.34 (colored) next main 1.35 (colored) to selected 1.10 (colored)
Bring recent kerberos fix into -stable
Revision 1.35 / (download) - annotate - [select for diffs], Sat Dec 2 22:44:49 2000 UTC (23 years, 6 months ago) by hin
Branch: MAIN
CVS Tags: OPENBSD_2_9_BASE,
OPENBSD_2_9
Changes since 1.34: +22 -5 lines
Diff to previous 1.34 (colored) to selected 1.10 (colored)
Check for symlinks before overwriting kerberos ticket files. While i'm at it, make sure not to use Kerberos at all if there is no local srvtab. Based on patch from Todd Miller. Reported by <jouko@solutions.fi>.
Revision 1.31.10.1 / (download) - annotate - [select for diffs], Fri Oct 6 20:20:59 2000 UTC (23 years, 8 months ago) by jason
Branch: OPENBSD_2_7
Changes since 1.31: +3 -3 lines
Diff to previous 1.31 (colored) next main 1.32 (colored) to selected 1.10 (colored)
Pull in patch from current: Fix (millert): warnx?/errx? paranoia (use "%s" not a bare string unless it is a constant). These are not security holes but it is worth fixing them anyway both for robustness and so folks looking for examples in the tree are not misled into doing something potentially dangerous. Furthermore, it is a bad idea to assume that pathnames will not include '%' in them and that error routines don't return strings with '%' in them (especially in light of the possibility of locales).
Revision 1.34 / (download) - annotate - [select for diffs], Fri Sep 15 07:13:50 2000 UTC (23 years, 9 months ago) by deraadt
Branch: MAIN
CVS Tags: OPENBSD_2_8_BASE
Branch point for: OPENBSD_2_8
Changes since 1.33: +16 -10 lines
Diff to previous 1.33 (colored) to selected 1.10 (colored)
check return value for setenv(3) for failure, and deal appropriately
Revision 1.33 / (download) - annotate - [select for diffs], Sun Aug 20 18:42:41 2000 UTC (23 years, 9 months ago) by millert
Branch: MAIN
Changes since 1.32: +34 -20 lines
Diff to previous 1.32 (colored) to selected 1.10 (colored)
Add calls to setusercontext() and login_get*(). We basically call setusercontext() in most places where previously we did a setlogin(). Add default login.conf file and put root in the "daemon" login class.
Revision 1.32 / (download) - annotate - [select for diffs], Fri Jun 30 16:00:21 2000 UTC (23 years, 11 months ago) by millert
Branch: MAIN
Changes since 1.31: +3 -3 lines
Diff to previous 1.31 (colored) to selected 1.10 (colored)
warnx?/errx? paranoia (use "%s" not a bare string unless it is a constant). These are not security holes but it is worth fixing them anyway both for robustness and so folks looking for examples in the tree are not misled into doing something potentially dangerous. Furthermore, it is a bad idea to assume that pathnames will not include '%' in them and that error routines don't return strings with '%' in them (especially in light of the possibility of locales).
Revision 1.31 / (download) - annotate - [select for diffs], Wed Mar 25 21:27:27 1998 UTC (26 years, 2 months ago) by art
Branch: MAIN
CVS Tags: OPENBSD_2_7_BASE,
OPENBSD_2_6_BASE,
OPENBSD_2_6,
OPENBSD_2_5_BASE,
OPENBSD_2_5,
OPENBSD_2_4_BASE,
OPENBSD_2_4,
OPENBSD_2_3_BASE,
OPENBSD_2_3
Branch point for: OPENBSD_2_7
Changes since 1.30: +12 -7 lines
Diff to previous 1.30 (colored) to selected 1.10 (colored)
explicit braces to avoid ambigious `else', some small -Wall fixes and prettier output when asking for kerberos passwd.
Revision 1.30 / (download) - annotate - [select for diffs], Thu Sep 11 11:21:55 1997 UTC (26 years, 9 months ago) by deraadt
Branch: MAIN
CVS Tags: OPENBSD_2_2_BASE,
OPENBSD_2_2
Changes since 1.29: +7 -5 lines
Diff to previous 1.29 (colored) to selected 1.10 (colored)
cleanup -Wall
Revision 1.29 / (download) - annotate - [select for diffs], Sun Jun 29 11:10:35 1997 UTC (26 years, 11 months ago) by provos
Branch: MAIN
Changes since 1.28: +3 -3 lines
Diff to previous 1.28 (colored) to selected 1.10 (colored)
new location of des.h
Revision 1.28 / (download) - annotate - [select for diffs], Fri Jun 27 06:59:58 1997 UTC (26 years, 11 months ago) by deraadt
Branch: MAIN
Changes since 1.27: +27 -21 lines
Diff to previous 1.27 (colored) to selected 1.10 (colored)
fix up KRBTKFILE confusion; dm@ and traister@gate.net
Revision 1.27 / (download) - annotate - [select for diffs], Mon Jun 23 09:23:12 1997 UTC (26 years, 11 months ago) by deraadt
Branch: MAIN
Changes since 1.26: +3 -3 lines
Diff to previous 1.26 (colored) to selected 1.10 (colored)
long != int
Revision 1.26 / (download) - annotate - [select for diffs], Sun Jun 22 23:03:10 1997 UTC (26 years, 11 months ago) by deraadt
Branch: MAIN
Changes since 1.25: +3 -3 lines
Diff to previous 1.25 (colored) to selected 1.10 (colored)
%u for uid
Revision 1.25 / (download) - annotate - [select for diffs], Sat Jun 21 12:18:05 1997 UTC (26 years, 11 months ago) by deraadt
Branch: MAIN
Changes since 1.24: +5 -3 lines
Diff to previous 1.24 (colored) to selected 1.10 (colored)
push KRBTKFILE only if new ticket; dm@openbsd.org and traister@gate.net
Revision 1.24 / (download) - annotate - [select for diffs], Fri Jun 20 22:09:53 1997 UTC (26 years, 11 months ago) by deraadt
Branch: MAIN
Changes since 1.23: +6 -3 lines
Diff to previous 1.23 (colored) to selected 1.10 (colored)
worry about #ifdef KERBEROS
Revision 1.23 / (download) - annotate - [select for diffs], Fri Jun 20 21:59:17 1997 UTC (26 years, 11 months ago) by deraadt
Branch: MAIN
Changes since 1.22: +11 -5 lines
Diff to previous 1.22 (colored) to selected 1.10 (colored)
when building new environment, do not destroy KRBTKFILE; traister@gate.net
Revision 1.22 / (download) - annotate - [select for diffs], Fri Jun 20 02:12:40 1997 UTC (26 years, 11 months ago) by deraadt
Branch: MAIN
Changes since 1.21: +5 -4 lines
Diff to previous 1.21 (colored) to selected 1.10 (colored)
do not conflict with realloc() in setenv(); traister@gate.net
Revision 1.21 / (download) - annotate - [select for diffs], Tue Feb 18 20:07:56 1997 UTC (27 years, 3 months ago) by tholo
Branch: MAIN
CVS Tags: OPENBSD_2_1_BASE,
OPENBSD_2_1
Changes since 1.20: +4 -98 lines
Diff to previous 1.20 (colored) to selected 1.10 (colored)
Undo last changes; it makes it impossible to suspect su in Kerberos mode, and also interferes with multiple sessions by removing tickets potentially in use by those other sessions.
Revision 1.20 / (download) - annotate - [select for diffs], Tue Feb 11 18:26:32 1997 UTC (27 years, 4 months ago) by millert
Branch: MAIN
Changes since 1.19: +4 -4 lines
Diff to previous 1.19 (colored) to selected 1.10 (colored)
Fix for non-kerberos.
Revision 1.19 / (download) - annotate - [select for diffs], Tue Feb 11 05:00:55 1997 UTC (27 years, 4 months ago) by tholo
Branch: MAIN
Changes since 1.18: +97 -3 lines
Diff to previous 1.18 (colored) to selected 1.10 (colored)
Handle tickets the same way as login(1) does; remove when session ends
Revision 1.18 / (download) - annotate - [select for diffs], Wed Jan 15 23:43:16 1997 UTC (27 years, 5 months ago) by millert
Branch: MAIN
Changes since 1.17: +3 -3 lines
Diff to previous 1.17 (colored) to selected 1.10 (colored)
getopt(3) returns -1 when out of args, not EOF, whee!
Revision 1.17 / (download) - annotate - [select for diffs], Sun Dec 22 03:26:03 1996 UTC (27 years, 5 months ago) by tholo
Branch: MAIN
Changes since 1.16: +6 -2 lines
Diff to previous 1.16 (colored) to selected 1.10 (colored)
Deal with _POSIX_SAVED_IDS when relinquishing privileges
Revision 1.16 / (download) - annotate - [select for diffs], Sun Oct 27 16:49:17 1996 UTC (27 years, 7 months ago) by millert
Branch: MAIN
Changes since 1.15: +4 -2 lines
Diff to previous 1.15 (colored) to selected 1.10 (colored)
Don't use "user" arg verbatim from argv, use the sanitized one in struct passwd just to be safe.
Revision 1.15 / (download) - annotate - [select for diffs], Sat Oct 26 03:19:31 1996 UTC (27 years, 7 months ago) by millert
Branch: MAIN
Changes since 1.14: +5 -3 lines
Diff to previous 1.14 (colored) to selected 1.10 (colored)
Now sets $LOGNAME as per POSIX.
Revision 1.14 / (download) - annotate - [select for diffs], Wed Oct 23 01:28:57 1996 UTC (27 years, 7 months ago) by millert
Branch: MAIN
Changes since 1.13: +3 -5 lines
Diff to previous 1.13 (colored) to selected 1.10 (colored)
skey_authenticate() now fakes up a challenge if user does not have an entry in the keys file. Don't want to give info to information gathering attack.
Revision 1.13 / (download) - annotate - [select for diffs], Mon Oct 21 19:33:36 1996 UTC (27 years, 7 months ago) by deraadt
Branch: MAIN
Changes since 1.12: +2 -2 lines
Diff to previous 1.12 (colored) to selected 1.10 (colored)
compile
Revision 1.12 / (download) - annotate - [select for diffs], Mon Oct 21 19:31:04 1996 UTC (27 years, 7 months ago) by millert
Branch: MAIN
Changes since 1.11: +3 -3 lines
Diff to previous 1.11 (colored) to selected 1.10 (colored)
Test first, then commit, eh?
Revision 1.11 / (download) - annotate - [select for diffs], Mon Oct 21 19:26:24 1996 UTC (27 years, 7 months ago) by millert
Branch: MAIN
Changes since 1.10: +9 -9 lines
Diff to previous 1.10 (colored)
save a cycle on strncpy() -- pointed out by Theo
Revision 1.10 / (download) - annotate - [selected], Mon Oct 21 18:55:56 1996 UTC (27 years, 7 months ago) by millert
Branch: MAIN
Changes since 1.9: +23 -13 lines
Diff to previous 1.9 (colored)
sheer raging paranoia -- possible buf olfow. Does not look exploitable.
Revision 1.9 / (download) - annotate - [select for diffs], Wed Oct 16 00:37:11 1996 UTC (27 years, 8 months ago) by millert
Branch: MAIN
Changes since 1.8: +7 -6 lines
Diff to previous 1.8 (colored) to selected 1.10 (colored)
Check ret val of strdup(3) -- may be NULL.
Revision 1.8 / (download) - annotate - [select for diffs], Sat Oct 12 20:40:37 1996 UTC (27 years, 8 months ago) by millert
Branch: MAIN
Changes since 1.7: +58 -76 lines
Diff to previous 1.7 (colored) to selected 1.10 (colored)
su.c: minor cleanup, some from FreeBSD su.1: Examples from FreeBSD + minor nits fixed.
Revision 1.7 / (download) - annotate - [select for diffs], Sat Oct 12 17:13:57 1996 UTC (27 years, 8 months ago) by millert
Branch: MAIN
Changes since 1.6: +4 -3 lines
Diff to previous 1.6 (colored) to selected 1.10 (colored)
Fix suage string to match man page. NetBSD PR #2837
Revision 1.6 / (download) - annotate - [select for diffs], Tue Oct 8 18:36:56 1996 UTC (27 years, 8 months ago) by deraadt
Branch: MAIN
CVS Tags: OPENBSD_2_0_BASE,
OPENBSD_2_0
Changes since 1.5: +4 -3 lines
Diff to previous 1.5 (colored) to selected 1.10 (colored)
export $TERM only if passed in; joerg@freebsd.org
Revision 1.5 / (download) - annotate - [select for diffs], Mon Jul 22 01:58:55 1996 UTC (27 years, 10 months ago) by deraadt
Branch: MAIN
Changes since 1.4: +7 -2 lines
Diff to previous 1.4 (colored) to selected 1.10 (colored)
seteuid for chdir
Revision 1.4 / (download) - annotate - [select for diffs], Wed Jun 26 05:39:34 1996 UTC (27 years, 11 months ago) by deraadt
Branch: MAIN
Changes since 1.3: +3 -1 lines
Diff to previous 1.3 (colored) to selected 1.10 (colored)
rcsid
Revision 1.3 / (download) - annotate - [select for diffs], Sun Jan 7 09:51:22 1996 UTC (28 years, 5 months ago) by deraadt
Branch: MAIN
Changes since 1.2: +3 -2 lines
Diff to previous 1.2 (colored) to selected 1.10 (colored)
more traditional semantics. if wheel group has no listed users, anyone can su to root. default wheel group lists "root" as a user, thus defaulting to a secure envirment. from arnej@pvv.unit.no; netbsd pr#1894
Revision 1.2 / (download) - annotate - [select for diffs], Sat Dec 16 22:20:38 1995 UTC (28 years, 6 months ago) by tholo
Branch: MAIN
Changes since 1.1: +1 -2 lines
Diff to previous 1.1 (colored) to selected 1.10 (colored)
Make it possible to build without SKEY support Add support for building with kerberosIV
Revision 1.1.1.1 / (download) - annotate - [select for diffs] (vendor branch), Wed Oct 18 08:46:10 1995 UTC (28 years, 7 months ago) by deraadt
CVS Tags: netbsd_1_1
Changes since 1.1: +0 -0 lines
Diff to previous 1.1 (colored) to selected 1.10 (colored)
initial import of NetBSD tree
Revision 1.1 / (download) - annotate - [select for diffs], Wed Oct 18 08:46:10 1995 UTC (28 years, 7 months ago) by deraadt
Branch: MAIN
Diff to selected 1.10 (colored)
Initial revision