|
Neohapsis is currently accepting applications for employment. For more information, please visit our website www.neohapsis.com or email hr@neohapsis.com |
From: Nickolay A. Kritsky (nkritsky
internethelp.ru)Date: Thu Mar 28 2002 - 06:43:22 CST
Hello Radzivilyuk,
Thursday, March 28, 2002, 2:51:39 PM, you wrote:
RVO> $ls -l /usr/bin/su
RVO> -r-sr-xr-x 1 root wheel 8168 Apr 21 2001 /usr/bin/su
RVO> for that who don't understand me -
RVO> *i am in wheel group*
/usr/src/usr.bin/su/su.c is quite simple. Why don't you add some
debugging strings in there?
grepping su.c for "Sorry" you can see the only one reason for
stderring this string:
;---------------begin cut from su.c--------------------
/* if target requires a password, verify it */
if (*pwd->pw_passwd) {
#ifdef SKEY
#ifdef WHEELSU
if (iswheelsu) {
pwd = getpwnam(username);
}
#endif /* WHEELSU */
p = skey_getpass("Password:", pwd, 1);
if (!(!strcmp(pwd->pw_passwd, skey_crypt(p, pwd->pw_passwd, pwd, 1))
#ifdef WHEELSU
|| (iswheelsu && !strcmp(targetpass, crypt(p,targetpass)))
#endif /* WHEELSU */
)) {
#else
p = getpass("Password:");
if (strcmp(pwd->pw_passwd, crypt(p, pwd->pw_passwd))) {
#endif
#ifdef KERBEROS
if (!use_kerberos || (use_kerberos && kerberos(username, user, pwd->pw_uid, p)))
#endif
{
fprintf(stderr, "Sorry\n");
syslog(LOG_AUTH|LOG_WARNING, "BAD SU %s to %s%s", username, user, ontty());
exit(1);
}
}
#ifdef WHEELSU
if (iswheelsu) {
pwd = getpwnam(user);
}
#endif /* WHEELSU */
}
;----------------end cut ---------------------------------
Depending on your values of WHEELSU, SKEY and KERBEROS you need to add
only 2-3 debug strings. Try this. I hope it will help you. It helps me
quite often.
;-------------------------------------------
; NKritsky
; mailto:nkritskyinternethelp.ru
To Unsubscribe: send mail to majordomoFreeBSD.org
with "unsubscribe freebsd-security" in the body of the message
- Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]