4  * The contents of this file are subject to the terms of the
32  *	If SULOG is defined, all attempts to su to another user are
34  *	If CONSOLE is defined, all successful attempts to su to uid 0
80 #define	DEF_ATTEMPTS	3		/* attempts to change password */
88  * Intervals to sleep after failed su
102  * Locale variables to be propagated to "su -" environment
113 static void to(int);
227 	 * and set variables to values in password file entry fields.
231 		 * Usernames can't start with a `-', so we check for that to
271 	 * mode read/write user. Change owner and group to root
316 	/* call pam_authenticate() to authenticate the user through PAM */
321 	} else /* root user does not need to authenticate */
328 		 * 3rd step: print out message to user.
368 		message(ERR, gettext("unable to set credentials"));
429 	/* set user and group ids to specified user */
449 	 * If new user's shell field is neither NULL nor equal to /usr/bin/sh,
455 	 * Otherwise, set the shell to /usr/bin/sh and set argv[0] to '[-]su'.
547 		 * Check if TZ was found. If not then try to read it from
603 	 *	if eflag not set, change environment to that of root.
608 				(void) signal(SIGALRM, to);
639 	 * of pointers to arguments:
658 	 * Try to clean up after an administrator who has made a mistake
692  *	This routine is called when a user is su'ing to root
695  *	to the correct value for root.
704 	 *		to /bin:/etc:/usr/bin ;
705 	 * if user does not have PATH variable, add it to the user's
711 		    gettext("unable to obtain memory to expand environment"));
717 	 *		to # ;
718 	 * if user does not have PROMPT variable, add it to the user's
724 		    gettext("unable to obtain memory to expand environment"));
732  *	towho = specified user ( user being su'ed to )
763 to(int sig)
797 	free_userattr(user_entry);	/* OK to use, checks for NULL */
830 		audit_logout(ah, event_id);	/* fork to catch logout */
872 	 * The parent's sole job is to wait for child exit, write the
898 	 * directory to root and close open files so that
906 	 * Reduce privileges to just those needed.
946 			 * We need to suspend here as well and pass down
947 			 * the control to the parent process.
966 				 * SIGTTOU signal to stop us (by default).
992  *		pwd = NULL, or password entry to use.
993  *		user = username entered.  Add to record if pwd == NULL.
1001 	adt_event_data_t	*event;	/* event to generate */
1026 		free_userattr(user_entry);	/* OK to use, checks for NULL */
1072  *	a PAM authentication module to print error messages
1158  *	a PAM authentication module to print error messages
1202 			/* fall through to msg_common */
1276  * a high-bit-set character to start multibyte sequences, so
1311  * validate - Check that the account is valid for switching to.
1392  * The embedded_su protocol allows the client application to supply
1397  * the desire to cleanly ignore input lines of any length, while still
1405  * to be.
1492  * Return a pointer to the last path component of a.
1517 	 * We need to scan the argument list twice.  Save off a copy
1524 	 * vsnprintf into a dummy to get a length.  One might
1525 	 * think that passing 0 as the length to snprintf would
1526 	 * do what we want, but it's defined not to.
1529 	 * or something like that, to avoid two calls to snprintf

Indexes created Thu Sep 05 20:28:34 MDT 2024