]>
git.armaanb.net Git - opendoas.git/log
Duncan Overbruck [Thu, 12 Nov 2020 16:11:09 +0000 (17:11 +0100)]
configure: define CURDIR for all targets
Duncan Overbruck [Thu, 12 Nov 2020 16:02:05 +0000 (17:02 +0100)]
fix portability issues with configure script
Duncan Overbruck [Thu, 12 Nov 2020 15:55:16 +0000 (16:55 +0100)]
link libutil for setusercontext on NetBSD
Duncan Overbruck [Thu, 12 Nov 2020 15:49:13 +0000 (16:49 +0100)]
set _OPENBSD_SOURCE on NetBSD
Duncan Overbruck [Thu, 12 Nov 2020 15:22:16 +0000 (16:22 +0100)]
pam.c: free rsp in case of failure
Duncan Overbruck [Thu, 12 Nov 2020 15:21:04 +0000 (16:21 +0100)]
pam.c: remove dead assignment
Duncan Overbruck [Thu, 12 Nov 2020 15:17:42 +0000 (16:17 +0100)]
remove includes.h and move the prototypes to doas.h
Duncan Overbruck [Thu, 12 Nov 2020 15:15:04 +0000 (16:15 +0100)]
libopenbsd: clean up readpassphrase compat and fix ifdefs
Duncan Overbruck [Thu, 12 Nov 2020 15:11:40 +0000 (16:11 +0100)]
use config.h and link objects instead of libopenbsd.a
Sunil Nimmagadda [Thu, 12 Nov 2020 12:32:47 +0000 (18:02 +0530)]
opendoas: Fallback for setresuid(2).
This approach borrows from openssh-portable. The bsd-setres_id.c
is adapted with openssh-portable specific bits (log.h inclusion
and error() function) removed.
Closes: #40 [via git-merge-pr]
Duncan Overbruck [Thu, 12 Nov 2020 13:11:05 +0000 (14:11 +0100)]
move HOST_NAME_MAX to the top and add it to shadow.c
Duncan Overbruck [Thu, 5 Nov 2020 20:00:16 +0000 (21:00 +0100)]
check for login_cap.h and use setusercontext if available
jmc [Fri, 9 Oct 2020 10:24:33 +0000 (10:24 +0000)]
fix SEE ALSO;
kn [Fri, 9 Oct 2020 07:43:38 +0000 (07:43 +0000)]
Add nolog option to avoid syslog(3)
doas(1) unconditionally logs all executions but syslog.conf(5) provides no
means to filter messages by user, target or command.
Add the "nolog" option to doas.conf(5) such that syslog becomes an opt-out
feature; this keeps configuration simple enough yet powerful since rule
definition is the best place to decide whether to log commands or not on a
per rule basis - this also aoids duplicating information or logic in any
other log processing tool.
OK tedu martijn
kn [Fri, 9 Oct 2020 00:04:05 +0000 (00:04 +0000)]
Improve error message on missing permission
In case "cmd" (and "args") in doas.conf(5) mismatch, the log syslog(3)
message might be read as if the command was executed but failed, i.e.
returned non-zero.
Be unambiguous and help admins spot execution *attempts* as such:
-Oct 9 01:05:20 eru doas: failed command for kn: echo bar
+Oct 9 01:05:20 eru doas: command not permitted for kn: echo bar
OK tedu deraadt
jmc [Sat, 16 May 2020 16:58:11 +0000 (16:58 +0000)]
list example files in FILES with a short description: generally, "Example configuration file.", but occasionally something else fit better; at the same time, try to make the format for FILES more consistent;
original diff from clematis
schwarze [Mon, 10 Feb 2020 13:18:20 +0000 (13:18 +0000)]
briefly mention /etc/examples/ in the FILES section of all the manual pages that document the corresponding configuration files; OK jmc@, and general direction discussed with many
Sunil Nimmagadda [Thu, 5 Nov 2020 07:03:09 +0000 (12:33 +0530)]
Fallback definition for HOST_NAME_MAX.
On some platforms(NetBSD) where HOST_NAME_MAX is not defined,
provide a fallback definition to _POSIX_HOST_NAME_MAX.
Sunil Nimmagadda [Mon, 2 Nov 2020 06:24:29 +0000 (11:54 +0530)]
Honor --sysconfdir option for doas.conf path.
Some distributions may choose to place configuration files in a different
directory than /etc. The configure script provides --sysconfdir
option already, use it to find doas.conf path instead of hardcoding
'/etc/doas.conf'.
Duncan Overbruck [Mon, 3 Feb 2020 21:26:55 +0000 (22:26 +0100)]
timestamp.c: remove warning for normal case
Duncan Overbruck [Mon, 3 Feb 2020 21:19:45 +0000 (22:19 +0100)]
timestamp.c: check fstat(2) instead of separate stat(2)
Duncan Overbruck [Mon, 3 Feb 2020 21:17:43 +0000 (22:17 +0100)]
timestamp.c: correctly NUL terminate buffer read from /proc/pid/stat
This solves buf #28.
Duncan Overbruck [Mon, 3 Feb 2020 21:11:34 +0000 (22:11 +0100)]
timestamp.c: add some more error/warning messages
This might help to identify bugs/misbehaving systems
or attempts to mess with timestamp files.
Duncan Overbruck [Fri, 6 Dec 2019 01:45:22 +0000 (02:45 +0100)]
timestamp.c: already return on 22th field of /proc/ppid/stat
this is the last field we are interested in and if we didn't reach it,
return an error.
Duncan Overbruck [Fri, 6 Dec 2019 01:44:46 +0000 (02:44 +0100)]
doas.c: initialize mygetpwuid_r result
This can't happen really happen, but makes scan-build happy.
Duncan Overbruck [Fri, 6 Dec 2019 01:43:57 +0000 (02:43 +0100)]
libopenbsd: define __dead as noreturn
Ivy Foster [Wed, 8 Jan 2020 17:33:51 +0000 (11:33 -0600)]
Change binary permissions to 4755. Closes #26
The owner can be trusted to read and write their own files, and
there's no reason not to let others read the file.
Duncan Overbruck [Sat, 23 Nov 2019 15:21:04 +0000 (16:21 +0100)]
configure: remove version
Duncan Overbruck [Sat, 23 Nov 2019 14:18:44 +0000 (15:18 +0100)]
doas.c: remove dead ifdefs to unclutter code
Duncan Overbruck [Thu, 21 Nov 2019 17:01:36 +0000 (18:01 +0100)]
timestamp: simplify
Duncan Overbruck [Thu, 21 Nov 2019 16:14:43 +0000 (17:14 +0100)]
configure: make {UID,GID}_MAX configurable
tedu [Fri, 18 Oct 2019 17:15:45 +0000 (17:15 +0000)]
add some checks to avoid UID_MAX (-1) here. this is not problematic with the current code, but it's probably safer this way. ok deraadt
semarie [Sat, 14 Sep 2019 17:47:00 +0000 (17:47 +0000)]
correct some unveil(2) violations due to "login.conf.db" access (the .db version of "login.conf"), and stat(2) on _PATH_MASTERPASSWD_LOCK (via pw_mkdb(3)).
problem initially noted by myself for passwd(1)
millert@ reported similar problem on chpass(1), su(1), doas(1) and encrypt(1)
mestre@ noted chpass(1) too
ok mestre@ millert@
Duncan Overbruck [Sat, 19 Oct 2019 13:02:58 +0000 (15:02 +0200)]
fixup unveil
tedu [Sun, 7 Jul 2019 19:21:28 +0000 (19:21 +0000)]
fix one last edge case regarding PATH, allows simpler config.
tedu [Thu, 4 Jul 2019 19:04:17 +0000 (19:04 +0000)]
note that authentication is required, unless otherwise configured. ok sthen
deraadt [Wed, 3 Jul 2019 03:24:02 +0000 (03:24 +0000)]
snprintf/vsnprintf return < 0 on error, rather than -1.
tedu [Sat, 29 Jun 2019 22:35:37 +0000 (22:35 +0000)]
fix some more fallout from setting path in setusercontext. restore previous behavior of using user PATH if no cmd restriction in the rule. run into by espie
tedu [Mon, 24 Jun 2019 14:45:52 +0000 (14:45 +0000)]
add an example hint that shows how original path can be retained
tedu [Fri, 21 Jun 2019 17:02:27 +0000 (17:02 +0000)]
tweak wording a bit. always talk about creating a new environment. also document DOAS_USER. ok deraadt jmc
schwarze [Wed, 19 Jun 2019 09:55:55 +0000 (09:55 +0000)]
more precisely describe what happens to the environment without keepenv; OK tedu@
schwarze [Wed, 19 Jun 2019 09:50:13 +0000 (09:50 +0000)]
mention that doas(1) resets the umask(2); OK tedu@
tedu [Mon, 17 Jun 2019 19:51:23 +0000 (19:51 +0000)]
setusercontext resets PATH (which we want). but then it becomes impossible to access the old PATH. save a copy in case we need it later. bug report from espie.
tedu [Mon, 17 Jun 2019 18:44:44 +0000 (18:44 +0000)]
mention environment resetting here as well. ok millert
tedu [Mon, 17 Jun 2019 16:01:26 +0000 (16:01 +0000)]
always reset the "su" variables, which is more consistent and predictable. ok martijn millert
tedu [Sun, 16 Jun 2019 18:16:34 +0000 (18:16 +0000)]
redo the environment inheritance to not inherit. it was intended to make life easier, but it can be surprising or even unsafe. instead, reset just about everything to the target user's values. ok deraadt martijn Thanks to Sander Bos in particular for pointing out some nasty edge cases.
tedu [Wed, 12 Jun 2019 02:50:29 +0000 (02:50 +0000)]
a few cleanups and simplifications possible now that static pw is gone. noted by martijn. ok martijn.
tedu [Mon, 10 Jun 2019 18:11:27 +0000 (18:11 +0000)]
use getpwuid_r to avoid problems with hidden static storage. ok deraadt lteo martijn
Duncan Overbruck [Fri, 26 Jul 2019 15:46:17 +0000 (17:46 +0200)]
libopenbsd/closefrom.c: remove config.h include
Duncan Overbruck [Fri, 26 Jul 2019 15:39:27 +0000 (17:39 +0200)]
README.md: update the readme to match the current state
Duncan Overbruck [Fri, 26 Jul 2019 15:13:55 +0000 (17:13 +0200)]
libopenbsd: remove MacOSX compat functions, its not supported anyways
Duncan Overbruck [Fri, 26 Jul 2019 15:01:54 +0000 (17:01 +0200)]
libopenbsd/closefrom.c: sync with sudo
Duncan Overbruck [Fri, 26 Jul 2019 14:39:36 +0000 (16:39 +0200)]
timestamp: error out if fstat and lstat st_ino and st_dev are not the same
Duncaen [Wed, 30 Jan 2019 22:43:12 +0000 (23:43 +0100)]
pam: close timestamp fd in both both processes
Duncaen [Wed, 30 Jan 2019 22:35:25 +0000 (23:35 +0100)]
shadow: clear phassphrase earlier
Ivy Foster [Wed, 30 Jan 2019 19:39:50 +0000 (13:39 -0600)]
Add generated file parse.c to .gitignore and 'make clean'
Closes: #24 [via git-merge-pr]
Ivy Foster [Wed, 30 Jan 2019 19:35:14 +0000 (13:35 -0600)]
configure: list --with-timestamp in help, since without is default
Duncaen [Wed, 30 Jan 2019 22:17:49 +0000 (23:17 +0100)]
shadow: clear the password even after a mismatch
tedu [Thu, 17 Jan 2019 05:35:35 +0000 (05:35 +0000)]
clear the password even after a mismatch
krw [Wed, 11 Jul 2018 07:39:22 +0000 (07:39 +0000)]
Do for most running out of memory err() what was done for most running out of memory log_warn(). i.e. ("%s", __func__) instead of manual function names and redundant verbiage about which wrapper detected the out of memory condition.
ok henning@
Duncaen [Wed, 30 Jan 2019 22:07:19 +0000 (23:07 +0100)]
pam: add timestamp support
Duncaen [Wed, 30 Jan 2019 21:31:47 +0000 (22:31 +0100)]
timestamp: rename and simplify
Duncaen [Wed, 30 Jan 2019 21:29:11 +0000 (22:29 +0100)]
libopenbsd: minor cleanup
Duncaen [Wed, 30 Jan 2019 21:28:22 +0000 (22:28 +0100)]
doas: remove unnecessary configure checks, move shadow to its own file
Duncaen [Wed, 30 Jan 2019 20:19:37 +0000 (21:19 +0100)]
doas: remove v flag, not neccessary, upstream doesn't have it and __DATE__ is bad for reproducible builds
Duncaen [Wed, 30 Jan 2019 20:06:15 +0000 (21:06 +0100)]
libopenbsd/closefrom: correctly handle snprintf truncation
Duncaen [Wed, 30 Jan 2019 19:59:40 +0000 (20:59 +0100)]
libopenbsd/readpassphrase: update to latest version from openssh-portable
gsoares [Wed, 30 Jan 2019 19:49:19 +0000 (20:49 +0100)]
adjust yyerror() to precede with "progname: " the error message string
OK tedu@ phessler@
Ivy Foster [Wed, 30 Jan 2019 19:23:40 +0000 (13:23 -0600)]
doas.c: put login_style in ifdef to compile on Linux
Closes: #23 [via git-merge-pr]
tedu [Wed, 7 Feb 2018 05:13:57 +0000 (05:13 +0000)]
lowercase doas ee cummings style
tedu [Wed, 7 Feb 2018 05:05:46 +0000 (05:05 +0000)]
not necessarily the same name, but the indicated name
Duncaen [Fri, 6 Apr 2018 16:16:30 +0000 (18:16 +0200)]
pam: check watch child pid
Duncaen [Fri, 6 Apr 2018 16:10:26 +0000 (18:10 +0200)]
persist_timestamp: add start time and document implementation details
Duncaen [Tue, 12 Dec 2017 16:14:45 +0000 (17:14 +0100)]
persist_timestamp: move timespec macros to libopenbsd
Duncaen [Tue, 12 Dec 2017 15:42:11 +0000 (16:42 +0100)]
persist_timestamp: create timestamp file with O_NOFOLLOW and don't leak the name
Duncaen [Tue, 12 Dec 2017 15:38:08 +0000 (16:38 +0100)]
persist_timestamp: remove goto from persist_open
Duncaen [Tue, 12 Dec 2017 15:36:35 +0000 (16:36 +0100)]
persist_timestamp: persist_check was only used internally, make it static
Duncaen [Tue, 12 Dec 2017 15:25:33 +0000 (16:25 +0100)]
persist_timestamp: use open directory fd to check and work with timestamp files
Duncaen [Tue, 12 Dec 2017 14:29:03 +0000 (15:29 +0100)]
persist_timestamp: add session id to timestamps
Duncaen [Tue, 12 Dec 2017 13:57:50 +0000 (14:57 +0100)]
persist_timestamp: make tmpfs requirement optional and only available on linux
Duncaen [Tue, 12 Dec 2017 02:07:52 +0000 (03:07 +0100)]
persist_timestamp: use CLOCK_MONOTONIC_RAW
Duncaen [Tue, 12 Dec 2017 01:17:09 +0000 (02:17 +0100)]
persist_timestamp: don't allow og+rwx permission for timestamp directory
Duncaen [Tue, 12 Dec 2017 01:13:29 +0000 (02:13 +0100)]
persist_timestamp: cleanup
Duncaen [Tue, 12 Dec 2017 01:08:30 +0000 (02:08 +0100)]
persist_timestamp: use /proc/self/stat to get tty_nr
Duncaen [Mon, 11 Dec 2017 19:20:57 +0000 (20:20 +0100)]
add initial timestamp file support, disabled by default and only with shadow auth
Duncaen [Mon, 11 Dec 2017 14:45:05 +0000 (15:45 +0100)]
configure: update version
Duncaen [Mon, 11 Dec 2017 14:44:52 +0000 (15:44 +0100)]
configure: fix usage
jmc [Thu, 13 Jul 2017 19:16:33 +0000 (19:16 +0000)]
man pages with pseudo synopses which list filenames end up creating very ugly output in man -k; after some discussion with ingo, we feel the simplest fix is to remove such SYNOPSIS sections: the info is hardly helpful at page top, is contained already in FILES, and there are sufficiently few that just zapping them is simple;
ok schwarze, who also helpfully ran things through a build to check
output;
espie [Mon, 3 Jul 2017 22:21:47 +0000 (22:21 +0000)]
no need to generate y.tab.h if nothing uses it, set YFLAGS to nothing instead of CLEANFILES += y.tab.h
okay millert@
tedu [Sat, 27 May 2017 09:51:07 +0000 (09:51 +0000)]
for password failure, print Authorization failed instead of EPERM. will make things less confusing with commands rejected by config file.
tedu [Thu, 6 Apr 2017 21:14:12 +0000 (21:14 +0000)]
a little const here and there to prevent rules from changing
tedu [Thu, 6 Apr 2017 21:12:06 +0000 (21:12 +0000)]
prepenv can take a const rule
tedu [Mon, 20 Mar 2017 14:35:06 +0000 (14:35 +0000)]
simplify example. list of ports variables was non-exahustive, which means what exactly? there should be a better place for such lists.
tedu [Sat, 14 Jan 2017 18:51:24 +0000 (18:51 +0000)]
add a geteuid check to make sure we're root before plowing into setauth. spare some debugging effort in case doas is not installed setuid.
tedu [Mon, 2 Jan 2017 01:40:20 +0000 (01:40 +0000)]
envlist and arglist are both string lists; simplify ok benno
tedu [Thu, 29 Dec 2016 19:12:42 +0000 (19:12 +0000)]
it has been six months and two days... remove keepenv { obsolete } syntax
schwarze [Mon, 5 Dec 2016 10:58:07 +0000 (10:58 +0000)]
Be more explicit about the "args" syntax. In part from a patch from Anton dot Lindqvist at gmail dot com. OK tedu@
tedu [Thu, 10 Nov 2016 16:00:40 +0000 (16:00 +0000)]
missing semicolon at end of rule. yacc doesn't seem to mind, though. from Edakawa
tb [Wed, 5 Oct 2016 23:28:28 +0000 (23:28 +0000)]
Add back the call to yyparse() that was accidentally dropped in the previous commit. Fortunately, doas fails closed...
ok tedu
tedu [Wed, 5 Oct 2016 17:40:25 +0000 (17:40 +0000)]
move yyparse decl next to yyfp