The string with path to shell could be taken directly from struct passwd. At some point later the data it points to is overridden by getpwuid() call, resulting in garbage. The problem could be easily demonstreated by double doas call:
$ doas doas -su _sndio
doas: mpty: command not found
The fix is easy: just strdup() the pw_shell field value.
tedu [Mon, 27 Jun 2016 15:41:17 +0000 (15:41 +0000)]
revise environment handling. Add a setenv keyword for manipulating the environment. keepenv now means only retain everything. (for one release, the old use of keepenv will still work.) Allow setting variables to new or existing values, and also removing vars when keepenv is used. ok djm martijn tb
tedu [Thu, 16 Jun 2016 17:40:30 +0000 (17:40 +0000)]
the environment handling code was showing its age. just because environ is a char** array doesn't mean we must exclusively operate on such. convert to a red-black tree, manipulate as desired, then flatten to array. potentially overkill for the current operations, but reading the tea leaves i see that more manipulations are desired. ok tb (and some thought provoking disagreement from martijn)
Duncaen [Wed, 8 Jun 2016 16:01:25 +0000 (18:01 +0200)]
remove pledge seccomp shim
This will never work, seccomp can't filter for paths (pointer) and all
rules are inherited by child processes.
pledge does not limit processes executed by execve.
Duncaen [Wed, 8 Jun 2016 15:50:28 +0000 (17:50 +0200)]
open pam sessions with right user and remove setusercontext shim
before this change the sessions were opened as the user running doas.
Now it sets its uid to root and then opens a pam session for the target
user.
The setusercontext shim was removed, because pam handles all this and
its easier to just call setresuid and setresgid instead.
Duncaen [Sun, 5 Jun 2016 11:33:36 +0000 (13:33 +0200)]
sync with upstream (setenv)
add a doas.conf setenv directive that allows setting environment
variables explicitly and by copying existing environment variables
of a different name. E.g.
Duncaen [Sun, 8 May 2016 20:55:52 +0000 (22:55 +0200)]
Add doas style prompt for pam authentication
The doas style prompt "doas ($USER@$HOST) password:" is used if pam
gives back a prompt that matches "Password:[ ]" in other cases the
prompt provided by pam is used.
Nathan Holstein [Sun, 9 Aug 2015 21:52:39 +0000 (17:52 -0400)]
Generate a version header file from Git.
This adds a rule to create the version.h file from the Git version. This
enables automatically embedding the Git version information into the
executable.
Nathan Holstein [Thu, 6 Aug 2015 04:40:10 +0000 (00:40 -0400)]
Implement PAM authentication.
This now lets us check for a password. This still needs some error
checking logic within pam_conv(). The current state could fail an IO
operation but still return PAM_SUCCESS.
Nathan Holstein [Wed, 5 Aug 2015 04:38:16 +0000 (00:38 -0400)]
Fix memory corruption bug in rules parsing.
Various yacc rules for optional configuration items weren't properly
setting the empty items to NULL. As a result, the rules list ends up
with invalid contents, including invalid string pointers.
This bug doesn't occur with OpenBSD's yacc, since it memset()s yyval
upon each reduce. GNU Bison doesn't have the matching memset(), and
thus the difference in behaviors.
Nathan Holstein [Sun, 2 Aug 2015 17:30:58 +0000 (13:30 -0400)]
Add compatibility functions from OpenBSD.
This adds a shim library to mimic features of OpenBSD. Some of these
functions are written from scratch, others are simply copies of their
OpenBSD namesakes.
Current implementation of the from-scratch variants are simply shims
that intentionally fail. They'll need to be extended with secure
implementations.