fixup unveil

[opendoas.git] / doas.c

diff --git a/doas.c b/doas.c
index 75882746e9ef7a95dc4b023bcb37e683ad48c4a9..bc03abda2a33bc50b2d6fc663d4552bc962ad84a 100644 (file)
--- a/doas.c
+++ b/doas.c
@@ -249,6 +249,46 @@ good:
 }
 #endif
 
+#ifdef __OpenBSD__
+int
+unveilcommands(const char *ipath, const char *cmd)
+{
+       char *path = NULL, *p;
+       int unveils = 0;
+
+       if (strchr(cmd, '/') != NULL) {
+               if (unveil(cmd, "x") != -1)
+                       unveils++;
+               goto done;
+       }
+
+       if (!ipath) {
+               errno = ENOENT;
+               goto done;
+       }
+       path = strdup(ipath);
+       if (!path) {
+               errno = ENOENT;
+               goto done;
+       }
+       for (p = path; p && *p; ) {
+               char buf[PATH_MAX];
+               char *cp = strsep(&p, ":");
+
+               if (cp) {
+                       int r = snprintf(buf, sizeof buf, "%s/%s", cp, cmd);
+                       if (r >= 0 && r < sizeof buf) {
+                               if (unveil(buf, "x") != -1)
+                                       unveils++;
+                       }
+               }
+       }
+done:
+       free(path);
+       return (unveils);
+}
+#endif
+
 int
 main(int argc, char **argv)
 {
@@ -418,8 +458,7 @@ main(int argc, char **argv)
                formerpath = "";
 
 # ifdef __OpenBSD__
-       if (unveil(_PATH_LOGIN_CONF, "r") == -1 ||
-           unveil(_PATH_LOGIN_CONF ".db", "r") == -1)
+       if (unveil(_PATH_LOGIN_CONF, "r") == -1)
                err(1, "unveil");
 # endif
        if (rule->cmd) {