Replace build/installation instructions with discouragements

[opendoas.git] / doas.c

diff --git a/doas.c b/doas.c
index 5a969a0834737800f9bb01d312ae37ab08085b5b..ac3a42a3a171cd96680ed34446278f3dc1f8d473 100644 (file)
--- a/doas.c
+++ b/doas.c
@@ -36,7 +36,7 @@
 #include <errno.h>
 #include <fcntl.h>
 
-#include "includes.h"
+#include "openbsd.h"
 #include "doas.h"
 
 static void __dead
@@ -139,7 +139,7 @@ static int
 permit(uid_t uid, gid_t *groups, int ngroups, const struct rule **lastr,
     uid_t target, const char *cmd, const char **cmdargs)
 {
-       int i;
+       size_t i;
 
        *lastr = NULL;
        for (i = 0; i < nrules; i++) {
@@ -352,7 +352,7 @@ main(int argc, char **argv)
 #if defined(USE_SHADOW)
        if (!(rule->options & NOPASS)) {
                if (nflag)
-                       errx(1, "Authorization required");
+                       errx(1, "Authentication required");
 
                shadowauth(mypw->pw_name, rule->options & PERSIST);
        }
@@ -360,7 +360,7 @@ main(int argc, char **argv)
        /* no authentication provider, only allow NOPASS rules */
        (void) nflag;
        if (!(rule->options & NOPASS))
-               errx(1, "Authorization required");
+               errx(1, "Authentication required");
 #endif
 
        if ((p = getenv("PATH")) != NULL)
@@ -386,6 +386,7 @@ main(int argc, char **argv)
 
 #ifdef HAVE_LOGIN_CAP_H
        if (setusercontext(NULL, targpw, target, LOGIN_SETGROUP |
+           LOGIN_SETPATH |
            LOGIN_SETPRIORITY | LOGIN_SETRESOURCES | LOGIN_SETUMASK |
            LOGIN_SETUSER) != 0)
                errx(1, "failed to set user context for target");
@@ -396,6 +397,8 @@ main(int argc, char **argv)
                err(1, "initgroups");
        if (setresuid(target, target, target) != 0)
                err(1, "setresuid");
+       if (setenv("PATH", safepath, 1) == -1)
+               err(1, "failed to set PATH '%s'", safepath);
 #endif
 
        if (getcwd(cwdpath, sizeof(cwdpath)) == NULL)