]>
git.armaanb.net Git - opendoas.git/log
Duncan Overbruck [Fri, 26 Jul 2019 14:39:36 +0000 (16:39 +0200)]
timestamp: error out if fstat and lstat st_ino and st_dev are not the same
Duncaen [Wed, 30 Jan 2019 22:43:12 +0000 (23:43 +0100)]
pam: close timestamp fd in both both processes
Duncaen [Wed, 30 Jan 2019 22:35:25 +0000 (23:35 +0100)]
shadow: clear phassphrase earlier
Ivy Foster [Wed, 30 Jan 2019 19:39:50 +0000 (13:39 -0600)]
Add generated file parse.c to .gitignore and 'make clean'
Closes: #24 [via git-merge-pr]
Ivy Foster [Wed, 30 Jan 2019 19:35:14 +0000 (13:35 -0600)]
configure: list --with-timestamp in help, since without is default
Duncaen [Wed, 30 Jan 2019 22:17:49 +0000 (23:17 +0100)]
shadow: clear the password even after a mismatch
tedu [Thu, 17 Jan 2019 05:35:35 +0000 (05:35 +0000)]
clear the password even after a mismatch
krw [Wed, 11 Jul 2018 07:39:22 +0000 (07:39 +0000)]
Do for most running out of memory err() what was done for most running out of memory log_warn(). i.e. ("%s", __func__) instead of manual function names and redundant verbiage about which wrapper detected the out of memory condition.
ok henning@
Duncaen [Wed, 30 Jan 2019 22:07:19 +0000 (23:07 +0100)]
pam: add timestamp support
Duncaen [Wed, 30 Jan 2019 21:31:47 +0000 (22:31 +0100)]
timestamp: rename and simplify
Duncaen [Wed, 30 Jan 2019 21:29:11 +0000 (22:29 +0100)]
libopenbsd: minor cleanup
Duncaen [Wed, 30 Jan 2019 21:28:22 +0000 (22:28 +0100)]
doas: remove unnecessary configure checks, move shadow to its own file
Duncaen [Wed, 30 Jan 2019 20:19:37 +0000 (21:19 +0100)]
doas: remove v flag, not neccessary, upstream doesn't have it and __DATE__ is bad for reproducible builds
Duncaen [Wed, 30 Jan 2019 20:06:15 +0000 (21:06 +0100)]
libopenbsd/closefrom: correctly handle snprintf truncation
Duncaen [Wed, 30 Jan 2019 19:59:40 +0000 (20:59 +0100)]
libopenbsd/readpassphrase: update to latest version from openssh-portable
gsoares [Wed, 30 Jan 2019 19:49:19 +0000 (20:49 +0100)]
adjust yyerror() to precede with "progname: " the error message string
OK tedu@ phessler@
Ivy Foster [Wed, 30 Jan 2019 19:23:40 +0000 (13:23 -0600)]
doas.c: put login_style in ifdef to compile on Linux
Closes: #23 [via git-merge-pr]
tedu [Wed, 7 Feb 2018 05:13:57 +0000 (05:13 +0000)]
lowercase doas ee cummings style
tedu [Wed, 7 Feb 2018 05:05:46 +0000 (05:05 +0000)]
not necessarily the same name, but the indicated name
Duncaen [Fri, 6 Apr 2018 16:16:30 +0000 (18:16 +0200)]
pam: check watch child pid
Duncaen [Fri, 6 Apr 2018 16:10:26 +0000 (18:10 +0200)]
persist_timestamp: add start time and document implementation details
Duncaen [Tue, 12 Dec 2017 16:14:45 +0000 (17:14 +0100)]
persist_timestamp: move timespec macros to libopenbsd
Duncaen [Tue, 12 Dec 2017 15:42:11 +0000 (16:42 +0100)]
persist_timestamp: create timestamp file with O_NOFOLLOW and don't leak the name
Duncaen [Tue, 12 Dec 2017 15:38:08 +0000 (16:38 +0100)]
persist_timestamp: remove goto from persist_open
Duncaen [Tue, 12 Dec 2017 15:36:35 +0000 (16:36 +0100)]
persist_timestamp: persist_check was only used internally, make it static
Duncaen [Tue, 12 Dec 2017 15:25:33 +0000 (16:25 +0100)]
persist_timestamp: use open directory fd to check and work with timestamp files
Duncaen [Tue, 12 Dec 2017 14:29:03 +0000 (15:29 +0100)]
persist_timestamp: add session id to timestamps
Duncaen [Tue, 12 Dec 2017 13:57:50 +0000 (14:57 +0100)]
persist_timestamp: make tmpfs requirement optional and only available on linux
Duncaen [Tue, 12 Dec 2017 02:07:52 +0000 (03:07 +0100)]
persist_timestamp: use CLOCK_MONOTONIC_RAW
Duncaen [Tue, 12 Dec 2017 01:17:09 +0000 (02:17 +0100)]
persist_timestamp: don't allow og+rwx permission for timestamp directory
Duncaen [Tue, 12 Dec 2017 01:13:29 +0000 (02:13 +0100)]
persist_timestamp: cleanup
Duncaen [Tue, 12 Dec 2017 01:08:30 +0000 (02:08 +0100)]
persist_timestamp: use /proc/self/stat to get tty_nr
Duncaen [Mon, 11 Dec 2017 19:20:57 +0000 (20:20 +0100)]
add initial timestamp file support, disabled by default and only with shadow auth
Duncaen [Mon, 11 Dec 2017 14:45:05 +0000 (15:45 +0100)]
configure: update version
Duncaen [Mon, 11 Dec 2017 14:44:52 +0000 (15:44 +0100)]
configure: fix usage
jmc [Thu, 13 Jul 2017 19:16:33 +0000 (19:16 +0000)]
man pages with pseudo synopses which list filenames end up creating very ugly output in man -k; after some discussion with ingo, we feel the simplest fix is to remove such SYNOPSIS sections: the info is hardly helpful at page top, is contained already in FILES, and there are sufficiently few that just zapping them is simple;
ok schwarze, who also helpfully ran things through a build to check
output;
espie [Mon, 3 Jul 2017 22:21:47 +0000 (22:21 +0000)]
no need to generate y.tab.h if nothing uses it, set YFLAGS to nothing instead of CLEANFILES += y.tab.h
okay millert@
tedu [Sat, 27 May 2017 09:51:07 +0000 (09:51 +0000)]
for password failure, print Authorization failed instead of EPERM. will make things less confusing with commands rejected by config file.
tedu [Thu, 6 Apr 2017 21:14:12 +0000 (21:14 +0000)]
a little const here and there to prevent rules from changing
tedu [Thu, 6 Apr 2017 21:12:06 +0000 (21:12 +0000)]
prepenv can take a const rule
tedu [Mon, 20 Mar 2017 14:35:06 +0000 (14:35 +0000)]
simplify example. list of ports variables was non-exahustive, which means what exactly? there should be a better place for such lists.
tedu [Sat, 14 Jan 2017 18:51:24 +0000 (18:51 +0000)]
add a geteuid check to make sure we're root before plowing into setauth. spare some debugging effort in case doas is not installed setuid.
tedu [Mon, 2 Jan 2017 01:40:20 +0000 (01:40 +0000)]
envlist and arglist are both string lists; simplify ok benno
tedu [Thu, 29 Dec 2016 19:12:42 +0000 (19:12 +0000)]
it has been six months and two days... remove keepenv { obsolete } syntax
schwarze [Mon, 5 Dec 2016 10:58:07 +0000 (10:58 +0000)]
Be more explicit about the "args" syntax. In part from a patch from Anton dot Lindqvist at gmail dot com. OK tedu@
tedu [Thu, 10 Nov 2016 16:00:40 +0000 (16:00 +0000)]
missing semicolon at end of rule. yacc doesn't seem to mind, though. from Edakawa
tb [Wed, 5 Oct 2016 23:28:28 +0000 (23:28 +0000)]
Add back the call to yyparse() that was accidentally dropped in the previous commit. Fortunately, doas fails closed...
ok tedu
tedu [Wed, 5 Oct 2016 17:40:25 +0000 (17:40 +0000)]
move yyparse decl next to yyfp
tedu [Wed, 5 Oct 2016 17:36:53 +0000 (17:36 +0000)]
as a result of the env rework, arraylen() is only used in parse.y. move it there and make it static.
deraadt [Thu, 15 Sep 2016 00:58:23 +0000 (00:58 +0000)]
use static in the right places to seperate modules better ok tedu
tedu [Sun, 4 Sep 2016 15:20:37 +0000 (15:20 +0000)]
-L means no command
tedu [Sun, 4 Sep 2016 15:11:13 +0000 (15:11 +0000)]
don't allow combining nopass and persist in a single rule
tedu [Sat, 3 Sep 2016 11:03:18 +0000 (11:03 +0000)]
the sudo timeout was 5 minutes i believe, so we'll match that.
tedu [Fri, 2 Sep 2016 20:38:05 +0000 (20:38 +0000)]
clarify that -L will exit without running a command.
tedu [Fri, 2 Sep 2016 18:12:30 +0000 (18:12 +0000)]
add support for the verified auth ioctls using 'persist' rules. ok deraadt henning
tedu [Thu, 1 Sep 2016 17:30:52 +0000 (17:30 +0000)]
unconst these parameters; i won't be changing bsd auth today.
tedu [Thu, 1 Sep 2016 13:16:38 +0000 (13:16 +0000)]
move the authentication code to a function
Duncaen [Tue, 6 Sep 2016 00:58:42 +0000 (02:58 +0200)]
bump version to v6.0
Duncaen [Tue, 6 Sep 2016 00:56:34 +0000 (02:56 +0200)]
Add closefrom(2) from openssh-portable
Philip K [Mon, 5 Sep 2016 16:26:24 +0000 (18:26 +0200)]
Print -a flag in usage() only if HAVE_BSD_AUTH_H
Closes: #11 [via git-merge-pr]
Duncaen [Sat, 3 Sep 2016 21:02:49 +0000 (23:02 +0200)]
minor configure tweaks
Duncaen [Fri, 2 Sep 2016 18:41:37 +0000 (20:41 +0200)]
configure: error out if no authentication found and fix default CC
zhuk [Mon, 18 Jul 2016 16:46:30 +0000 (16:46 +0000)]
The string with path to shell could be taken directly from struct passwd. At some point later the data it points to is overridden by getpwuid() call, resulting in garbage. The problem could be easily demonstreated by double doas call:
$ doas doas -su _sndio
doas: mpty: command not found
The fix is easy: just strdup() the pw_shell field value.
okay tedu@, tweaks from & okay natano@
semarie [Tue, 12 Jul 2016 12:10:42 +0000 (12:10 +0000)]
add "recvfd" to doas(1) for use with skey.
ok tb@ deraadt@
Duncaen [Wed, 29 Jun 2016 23:33:08 +0000 (01:33 +0200)]
use posix correct optstring
Duncaen [Mon, 27 Jun 2016 19:45:26 +0000 (21:45 +0200)]
minor tweaks
jmc [Mon, 27 Jun 2016 17:36:33 +0000 (17:36 +0000)]
minor tweaks; ok tedu
tedu [Mon, 27 Jun 2016 15:47:38 +0000 (15:47 +0000)]
somehow nopass snuck onto the :wheel example. i think it's better without.
tedu [Mon, 27 Jun 2016 15:41:17 +0000 (15:41 +0000)]
revise environment handling. Add a setenv keyword for manipulating the environment. keepenv now means only retain everything. (for one release, the old use of keepenv will still work.) Allow setting variables to new or existing values, and also removing vars when keepenv is used. ok djm martijn tb
tedu [Fri, 24 Jun 2016 20:49:56 +0000 (20:49 +0000)]
move a space to the correct spot
Duncan Overbruck [Mon, 27 Jun 2016 19:46:10 +0000 (21:46 +0200)]
Merge pull request #8 from frgm/master
configure: fix usage() formatting & fix make install
Svyatoslav Mishyn [Mon, 27 Jun 2016 19:33:32 +0000 (22:33 +0300)]
fix make install
Svyatoslav Mishyn [Mon, 27 Jun 2016 19:05:56 +0000 (22:05 +0300)]
configure: fix usage() formatting
Duncaen [Mon, 27 Jun 2016 16:50:34 +0000 (18:50 +0200)]
bump to version v0.3.2
Duncaen [Mon, 27 Jun 2016 16:47:24 +0000 (18:47 +0200)]
fix --with(out)-pam configure option
Duncaen [Mon, 27 Jun 2016 16:19:31 +0000 (18:19 +0200)]
fix pamcleanup
Duncaen [Mon, 27 Jun 2016 16:18:42 +0000 (18:18 +0200)]
fix sys/tree.h test
Duncaen [Sun, 26 Jun 2016 21:23:30 +0000 (23:23 +0200)]
bump version 0.3.1
Duncaen [Sun, 26 Jun 2016 21:22:52 +0000 (23:22 +0200)]
remove pam_timestamp from pam config
Duncaen [Sun, 26 Jun 2016 21:22:27 +0000 (23:22 +0200)]
remove unnecessary warning output
Duncaen [Wed, 8 Jun 2016 11:42:17 +0000 (13:42 +0200)]
bump version 0.3
Duncaen [Sun, 26 Jun 2016 21:10:37 +0000 (23:10 +0200)]
add --without-pam configure option to allow passwd/shadow auth
Duncaen [Sat, 25 Jun 2016 15:41:04 +0000 (17:41 +0200)]
fix err messages
Duncaen [Sat, 25 Jun 2016 15:37:49 +0000 (17:37 +0200)]
some more cleanup and refactoring of pam code
Duncaen [Fri, 24 Jun 2016 14:50:17 +0000 (16:50 +0200)]
rename doas_pam.c to pam.c
Duncaen [Fri, 24 Jun 2016 14:33:42 +0000 (16:33 +0200)]
import sys-tree.h from openssh-portable
martijn [Sun, 19 Jun 2016 19:29:43 +0000 (19:29 +0000)]
Move the RB_ code from doas.h to env.c, and limit the environment interface to a simple prepenv function.
OK tedu@
tedu [Thu, 16 Jun 2016 17:40:30 +0000 (17:40 +0000)]
the environment handling code was showing its age. just because environ is a char** array doesn't mean we must exclusively operate on such. convert to a red-black tree, manipulate as desired, then flatten to array. potentially overkill for the current operations, but reading the tea leaves i see that more manipulations are desired. ok tb (and some thought provoking disagreement from martijn)
tedu [Sat, 11 Jun 2016 17:17:10 +0000 (17:17 +0000)]
don't use specified twice in a sentence, noticed by jmc
tedu [Sat, 11 Jun 2016 05:04:03 +0000 (05:04 +0000)]
clarify some wording
tedu [Sat, 11 Jun 2016 04:56:16 +0000 (04:56 +0000)]
specify that default is deny if no rule matches
Duncaen [Wed, 8 Jun 2016 16:01:25 +0000 (18:01 +0200)]
remove pledge seccomp shim
This will never work, seccomp can't filter for paths (pointer) and all
rules are inherited by child processes.
pledge does not limit processes executed by execve.
Duncaen [Wed, 8 Jun 2016 15:50:28 +0000 (17:50 +0200)]
open pam sessions with right user and remove setusercontext shim
before this change the sessions were opened as the user running doas.
Now it sets its uid to root and then opens a pam session for the target
user.
The setusercontext shim was removed, because pam handles all this and
its easier to just call setresuid and setresgid instead.
Duncaen [Wed, 8 Jun 2016 11:41:25 +0000 (13:41 +0200)]
Revert "sync with upstream (setenv)"
This reverts commit
7f11114f0f07c653e0ea3d4ae093d7dcdda4a4ef .
Duncaen [Sun, 5 Jun 2016 12:01:31 +0000 (14:01 +0200)]
bump version to 0.2
Duncaen [Sun, 5 Jun 2016 11:58:30 +0000 (13:58 +0200)]
add more restrictive permissions and root:root as owner for binary
Duncaen [Sun, 5 Jun 2016 11:42:30 +0000 (13:42 +0200)]
fix ld and cflags
Duncaen [Sun, 5 Jun 2016 11:33:36 +0000 (13:33 +0200)]
sync with upstream (setenv)
add a doas.conf setenv directive that allows setting environment
variables explicitly and by copying existing environment variables
of a different name. E.g.
permit nopass setenv { PS1=$SUDO_PS1 FOO=bar } keepenv :wheel
ok tedu@ benno@
Duncaen [Sun, 5 Jun 2016 11:29:58 +0000 (13:29 +0200)]
remove version.h and define VERSION in configure script
Duncaen [Thu, 2 Jun 2016 14:29:01 +0000 (16:29 +0200)]
check return value of setresuid