-/* $OpenBSD: doas.c,v 1.53 2016/06/05 00:46:34 djm Exp $ */
+/* $OpenBSD: doas.c,v 1.52 2016/04/28 04:48:56 tedu Exp $ */
/*
* Copyright (c) 2015 Ted Unangst <tedu@openbsd.org>
*
#include <grp.h>
#include <syslog.h>
#include <errno.h>
+#if HAVE_SHADOW_H
+#include <shadow.h>
+#endif
#include "includes.h"
exit(1);
}
-/*
- * Copy the environment variables in safeset from oldenvp to envp.
- */
-static int
-copyenvhelper(const char **oldenvp, const char **safeset, size_t nsafe,
- char **envp, int ei)
-{
- size_t i;
-
- for (i = 0; i < nsafe; i++) {
- const char **oe = oldenvp;
- while (*oe) {
- size_t len = strlen(safeset[i]);
- if (strncmp(*oe, safeset[i], len) == 0 &&
- (*oe)[len] == '=') {
- if (!(envp[ei++] = strdup(*oe)))
- err(1, "strdup");
- break;
- }
- oe++;
- }
- }
- return ei;
-}
-
-static char **
-copyenv(const char **oldenvp, struct rule *rule)
-{
- const char *safeset[] = {
- "DISPLAY", "HOME", "LOGNAME", "MAIL",
- "PATH", "TERM", "USER", "USERNAME",
- NULL
- };
- const char *badset[] = {
- "ENV",
- NULL
- };
- char **envp;
- const char **extra;
- int ei;
- size_t nsafe, nbad;
- size_t nextras = 0;
-
- /* if there was no envvar whitelist, pass all except badset ones */
- nbad = arraylen(badset);
- if ((rule->options & KEEPENV) && !rule->envlist) {
- size_t iold, inew;
- size_t oldlen = arraylen(oldenvp);
- envp = reallocarray(NULL, oldlen + 1, sizeof(char *));
- if (!envp)
- err(1, "reallocarray");
- for (inew = iold = 0; iold < oldlen; iold++) {
- size_t ibad;
- for (ibad = 0; ibad < nbad; ibad++) {
- size_t len = strlen(badset[ibad]);
- if (strncmp(oldenvp[iold], badset[ibad], len) == 0 &&
- oldenvp[iold][len] == '=') {
- break;
- }
- }
- if (ibad == nbad) {
- if (!(envp[inew] = strdup(oldenvp[iold])))
- err(1, "strdup");
- inew++;
- }
- }
- envp[inew] = NULL;
- return envp;
- }
-
- nsafe = arraylen(safeset);
- if ((extra = rule->envlist)) {
- size_t isafe;
- nextras = arraylen(extra);
- for (isafe = 0; isafe < nsafe; isafe++) {
- size_t iextras;
- for (iextras = 0; iextras < nextras; iextras++) {
- if (strcmp(extra[iextras], safeset[isafe]) == 0) {
- nextras--;
- extra[iextras] = extra[nextras];
- extra[nextras] = NULL;
- iextras--;
- }
- }
- }
- }
-
- envp = reallocarray(NULL, nsafe + nextras + 1, sizeof(char *));
- if (!envp)
- err(1, "can't allocate new environment");
-
- ei = 0;
- ei = copyenvhelper(oldenvp, safeset, nsafe, envp, ei);
- ei = copyenvhelper(oldenvp, rule->envlist, nextras, envp, ei);
- envp[ei] = NULL;
-
- return envp;
-}
-
-/* find index of 'name' in environment envp */
-static int
-findenv(const char **envp, const char *name, size_t namelen)
-{
- int i;
-
- for (i = 0 ; envp[i] != NULL; i++) {
- if (strlen(envp[i]) < namelen + 1)
- continue;
- if (strncmp(envp[i], name, namelen) == 0 &&
- envp[i][namelen] == '=')
- return i;
- }
- return -1;
-}
-
-/* merge rule->setenvlist into environment list; frees oldenvp */
-static char **
-dosetenv(char **oldenvp, struct rule *rule)
-{
- size_t n, i, nset, nold;
- char **envp, *cp, *cp2;
- int found;
-
- if (!(rule->options & SETENV))
- return oldenvp;
-
- nset = arraylen(rule->setenvlist);
- nold = arraylen((const char**)oldenvp);
-
- /* insert new variables */
- n = 0;
- envp = NULL;
- for (i = 0; i < nset; i++) {
- if ((cp = strchr(rule->setenvlist[i], '=')) == NULL)
- errx(1, "invalid setenv"); /* shouldn't happen */
- if (cp[1] == '\0' || cp - rule->setenvlist[i] > INT_MAX)
- continue; /* skip variables with empty values */
- if ((envp = reallocarray(envp, n + 2, sizeof(*envp))) == NULL)
- errx(1, "reallocarray failed");
- if (cp[1] == '$') {
- /* FOO=$BAR: lookup and copy */
- if ((cp2 = getenv(cp + 2)) == NULL)
- continue; /* not found; skip */
- if (asprintf(&(envp[n++]), "%.*s=%s",
- (int)(cp - rule->setenvlist[i]),
- rule->setenvlist[i], cp2) == -1)
- errx(1, "asprintf failed");
- continue;
- } else {
- /* plain setenv */
- if ((envp[n++] = strdup(rule->setenvlist[i])) == NULL)
- errx(1, "strdup failed");
- }
- }
- /* move old variables, dropping ones already set */
- for (i = 0; i < nold; i++) {
- if ((cp = strchr(oldenvp[i], '=')) == NULL)
- errx(1, "invalid env"); /* shouldn't happen */
- found = findenv(rule->setenvlist, oldenvp[i], cp - oldenvp[i]);
- if (found != -1)
- free(oldenvp[i]); /* discard */
- else {
- if ((envp = reallocarray(envp, n + 2,
- sizeof(*envp))) == NULL)
- errx(1, "reallocarray failed");
- envp[n++] = oldenvp[i]; /* move */
- }
- }
- free(oldenvp);
- if (n > 0)
- envp[n] = NULL;
- return envp;
-}
-
static void __dead
checkconfig(const char *confpath, int argc, char **argv,
uid_t uid, gid_t *groups, int ngroups, uid_t target)
}
int
-main(int argc, char **argv, char **envp)
+main(int argc, char **argv)
{
const char *safepath = "/bin:/sbin:/usr/bin:/usr/sbin:"
"/usr/local/bin:/usr/local/sbin";
int vflag = 0;
char cwdpath[PATH_MAX];
const char *cwd;
+ char **envp;
#ifdef HAVE_BSD_AUTH_H
char *login_style = NULL;
#endif
parseconfig("/etc/doas.conf", 1);
/* cmdline is used only for logging, no need to abort on truncate */
- (void) strlcpy(cmdline, argv[0], sizeof(cmdline));
+ (void)strlcpy(cmdline, argv[0], sizeof(cmdline));
for (i = 1; i < argc; i++) {
if (strlcat(cmdline, " ", sizeof(cmdline)) >= sizeof(cmdline))
break;
cmd = argv[0];
if (!permit(uid, groups, ngroups, &rule, target, cmd,
- (const char**)argv + 1)) {
+ (const char **)argv + 1)) {
syslog(LOG_AUTHPRIV | LOG_NOTICE,
"failed command for %s: %s", myname, cmdline);
errc(1, EPERM, NULL);
explicit_bzero(rbuf, sizeof(rbuf));
}
#elif HAVE_PAM_APPL_H
- if (!doas_pam(myname, !nflag, rule->options & NOPASS)) {
- syslog(LOG_AUTHPRIV | LOG_NOTICE,
- "failed auth for %s", myname);
+ pw = getpwuid(target);
+ if (!pw)
+ errx(1, "no passwd entry for target");
+
+ if (!pamauth(pw->pw_name, myname, !nflag, rule->options & NOPASS)) {
+ syslog(LOG_AUTHPRIV | LOG_NOTICE, "failed auth for %s", myname);
errc(1, EPERM, NULL);
}
-#else
+#elif HAVE_SHADOW_H
+ const char *pass;
+
if (!(rule->options & NOPASS)) {
+ if (nflag)
errx(1, "Authorization required");
+
+ pass = pw->pw_passwd;
+ if (pass[0] == 'x' && pass[1] == '\0') {
+ struct spwd *sp;
+ if (!(sp = getspnam(myname)))
+ errx(1, "Authorization failed");
+ pass = sp->sp_pwdp;
+ }
+
+ char *challenge, *response, rbuf[1024], cbuf[128], host[HOST_NAME_MAX + 1];
+ if (gethostname(host, sizeof(host)))
+ snprintf(host, sizeof(host), "?");
+ snprintf(cbuf, sizeof(cbuf),
+ "\rdoas (%.32s@%.32s) password: ", myname, host);
+ challenge = cbuf;
+
+ response = readpassphrase(challenge, rbuf, sizeof(rbuf), RPP_REQUIRE_TTY);
+ if (response == NULL && errno == ENOTTY) {
+ syslog(LOG_AUTHPRIV | LOG_NOTICE,
+ "tty required for %s", myname);
+ errx(1, "a tty is required");
+ }
+ if (strcmp(crypt(response, pass), pass) != 0) {
+ syslog(LOG_AUTHPRIV | LOG_NOTICE, "failed auth for %s", myname);
+ errc(1, EPERM, NULL);
+ }
+ explicit_bzero(rbuf, sizeof(rbuf));
+ }
+#else
+ if (!(rule->options & NOPASS))
+ errx(1, "Authorization required");
#endif /* HAVE_BSD_AUTH_H */
if (pledge("stdio rpath getpw exec id", NULL) == -1)
if (!pw)
errx(1, "no passwd entry for target");
+#ifdef HAVE_BSD_AUTH_H
if (setusercontext(NULL, pw, target, LOGIN_SETGROUP |
LOGIN_SETPRIORITY | LOGIN_SETRESOURCES | LOGIN_SETUMASK |
LOGIN_SETUSER) != 0)
errx(1, "failed to set user context for target");
+#else
+ if (setresgid(pw->pw_gid, pw->pw_gid, pw->pw_gid) != 0)
+ errx(1, "setresgid");
+ if (initgroups(pw->pw_name, pw->pw_gid) != 0)
+ errx(1, "initgroups");
+ if (setresuid(target, target, target) != 0)
+ errx(1, "setresuid");
+#endif
if (pledge("stdio rpath exec", NULL) == -1)
err(1, "pledge");
syslog(LOG_AUTHPRIV | LOG_INFO, "%s ran command %s as %s from %s",
myname, cmdline, pw->pw_name, cwd);
- envp = copyenv((const char **)envp, rule);
-
- envp = dosetenv(envp, rule);
+ envp = prepenv(rule);
if (rule->cmd) {
if (setenv("PATH", safepath, 1) == -1)