# Copyright 2015 Nathan Holstein
-BINDIR?=/usr/bin
-MANDIR?=/usr/share/man
-
default: ${PROG}
-OPENBSD:=reallocarray.c strtonum.c execvpe.c setresuid.c \
- auth_userokay.c setusercontext.c explicit_bzero.c
+include config.mk
+
OPENBSD:=$(addprefix libopenbsd/,${OPENBSD:.c=.o})
libopenbsd.a: ${OPENBSD}
${AR} -r $@ $?
.%.chmod: %
cp $< $@
- chmod ${BINMODE} $@
chown ${BINOWN}:${BINGRP} $@
+ chmod ${BINMODE} $@
-${BINDIR}:
+${DESTRDIR}${BINDIR} ${DESTRDIR}${PAMDIR}:
mkdir -pm 0755 $@
-${BINDIR}/${PROG}: .${PROG}.chmod ${BINDIR}
+${DESTDIR}${BINDIR}/${PROG}: .${PROG}.chmod ${BINDIR}
mv $< $@
+${DESTDIR}${PAMDIR}/doas: ${PAM_DOAS}
+ cp $< $@
+
VERSION:=\#define VERSION "$(shell git describe --dirty --tags --long --always)"
OLDVERSION:=$(shell [ -f version.h ] && cat version.h)
version.h: ; @echo '$(VERSION)' > $@
.PHONY: version.h
endif
-MAN:=$(join $(addprefix ${MANDIR}/man,$(patsubst .%,%/,$(suffix ${MAN}))),${MAN})
+MAN:=$(join $(addprefix ${DESTDIR}${MANDIR}/man,$(patsubst .%,%/,$(suffix ${MAN}))),${MAN})
$(foreach M,${MAN},$(eval $M: $(notdir $M); cp $$< $$@))
-install: ${BINDIR}/${PROG} ${MAN}
+install: ${DESTDIR}${BINDIR}/${PROG} ${DESTDIR}${PAMDIR}/doas ${MAN}
clean:
rm -f version.h
--- /dev/null
+#!/bin/sh
+
+for x; do
+ opt=${x%%=*}
+ var=${x#*=}
+ case "$opt" in
+ --enable-debug) DEBUG=yes;;
+ --prefix) PREFIX=$var;;
+ --exec-prefix) EPREFIX=$var;;
+ --bindir) BINDIR=$var;;
+ --mandir) MANDIR=$var;;
+ --datadir) SHAREDIR=$var;;
+ --build) BUILD=$var;;
+ --host) HOST=$var;;
+ --target) TARGET=$var;;
+ --includedir) INCLUDEDIR=$var;;
+ --sysconfdir) SYSCONFDIR=$var;;
+ --pamdir) PAMDIR=$var;;
+ --localstatedir) LOCALSTATEDIR=$var;;
+ --libdir) LIBDIR=$var;;
+ --datadir|--infodir) ;; # ignore autotools
+ --verbose) unset SILENT;;
+ --pkgconfigdir) PKGCONFIGDIR=$var;;
+ --enable-static) BUILD_STATIC=yes;;
+ --enable-seccomp) BUILD_SECCOMP=yes;;
+ --help) usage;;
+ *) echo "$0: WARNING: unknown option $opt" >&2;;
+ esac
+done
+
+CONFIG_MK=config.mk
+rm -f "$CONFIG_MK"
+
+cat <<EOF >>$CONFIG_MK
+DESTDIR ?= /
+PREFIX ?= ${PREFIX:="/usr"}
+EPREFIX ?= ${EPREFIX:="${PREFIX}"}
+SHAREDIR ?= ${SHAREDIR:="${PREFIX}/share"}
+BINDIR ?= ${BINDIR:="${PREFIX}/bin"}
+MANDIR ?= ${MANDIR:="${SHAREDIR}/man"}
+SYSCONFDIR?= ${SYSCONFDIR:="/etc"}
+PAMDIR ?= ${PAMDIR:="${SYSCONFDIR}/pam.d"}
+EOF
+
+if [ -z "$BUILD" ]; then
+ BUILD="$(uname -m)-unknown-$(uname -s | tr '[:upper:]' '[:lower:]')"
+fi
+if [ -z "$HOST" ]; then
+ [ -z "$TARGET" ] && TARGET=$BUILD
+ HOST=$TARGET
+fi
+if [ -z "$TARGET" ]; then
+ [ -z "$HOST" ] && HOST=$BUILD
+ TARGET=$HOST
+fi
+
+if [ -z "$OS" ]; then
+ # Derive OS from cpu-manufacturer-os-kernel
+ CPU=${TARGET%%-*}
+ REST=${TARGET#*-}
+ MANU=${REST%%-*}
+ REST=${REST#*-}
+ OS=${REST%%-*}
+ REST=${REST#*-}
+ KERNEL=${REST%%-*}
+fi
+
+case "$OS" in
+ linux)
+ OS_CFLAGS="-D_DEFAULT_SOURCE -D_GNU_SOURCE -DUID_MAX=60000 -DGID_MAX=60000"
+ printf 'CURDIR := .\n' >>$CONFIG_MK
+ printf 'PAM_DOAS = pam.d__doas__linux\n' >>$CONFIG_MK
+ ;;
+esac
+
+[ -n "$OS_CFLAGS" ] && \
+ printf 'CFLAGS += %s\n' "$OS_CFLAGS" >>$CONFIG_MK
+
+# Add CPPFLAGS/CFLAGS/LDFLAGS to CC for testing features
+XCC="${CC:=clang} $CFLAGS $OS_CFLAGS $CPPFLAGS $LDFLAGS"
+# Make sure to disable --as-needed for CC tests.
+XCC="$XCC -Wl,--no-as-needed"
+
+check_func() {
+ func="$1"; src="$2"; shift 2
+ printf 'Checking for %-14s\t\t' "$func ..."
+ printf '%s\n' "$src" >"_$func.c"
+ if $XCC "_$func.c" -o "_$func" 2>/dev/null; then
+ printf 'yes.\n'
+ upperfunc="$(printf '%s\n' "$func" | tr '[[:lower:]]' '[[:upper:]]')"
+ printf 'CFLAGS += -DHAVE_%s\n' "$upperfunc" >>$CONFIG_MK
+ else
+ printf 'no.\n'
+ fi
+ rm -f "_$func.c" "_$func"
+}
+
+src='
+#include <string.h>
+int main(void) {
+ explicit_bzero(NULL, 0);
+ return 0;
+}'
+check_func "explicit_bzero" "$src" || {
+ printf 'OPENBSD += explicit_bzero.c\n' >>$CONFIG_MK
+}
+
+
+#
+# Check for strlcat().
+#
+src='
+#include <string.h>
+int main(void) {
+ const char s1[] = "foo";
+ char s2[10];
+ strlccat(s2, s1, sizeof(s2));
+ return 0;
+}'
+check_func "strlcat" "$src" || {
+ printf 'OPENBSD += strlcat.c\n' >>$CONFIG_MK
+}
+
+#
+# Check for strlcpy().
+#
+src='
+#include <string.h>
+int main(void) {
+ const char s1[] = "foo";
+ char s2[10];
+ strlcpy(s2, s1, sizeof(s2));
+ return 0;
+}'
+check_func "strlcpy" "$src" || {
+ printf 'OPENBSD += strlcpy.c\n' >>$CONFIG_MK
+}
+
+#
+# Check for errc().
+#
+src='
+#include <err.h>
+int main(void) {
+ errc(0, 0, "");
+ return 0;
+}'
+check_func "errc" "$src" || {
+ printf 'OPENBSD += errc.c\n' >>$CONFIG_MK
+}
+
+#
+# Check for verrc().
+#
+src='
+#include <err.h>
+int main(void) {
+ verrc(0, 0, "");
+ return 0;
+}'
+check_func "verrc" "$src" || {
+ printf 'OPENBSD += verrc.c\n' >>$CONFIG_MK
+}
+
+#
+# Check for setprogname().
+#
+src='
+#include <stdlib.h>
+int main(void) {
+ setprogname("");
+ return 0;
+}'
+check_func "setprogname" "$src" || {
+ printf 'OPENBSD += progname.c\n' >>$CONFIG_MK
+}
+
+#
+# Check for readpassphrase().
+#
+src='
+#include <readpassphrase.h>
+int main(void) {
+ char buf[12];
+ readpassphrase("", buf, sizeof(buf), 0);
+ return 0;
+}'
+check_func "readpassphrase" "$src" || {
+ printf 'OPENBSD += readpassphrase.c\n' >>$CONFIG_MK
+}
+
+#
+# Check for strtonum().
+#
+src='
+#include <stdlib.h>
+int main(void) {
+ const char *errstr;
+ strtonum("", 1, 64, &errstr);
+ return 0;
+}'
+check_func "strtonum" "$src" || {
+ printf 'OPENBSD += strtonum.c\n' >>$CONFIG_MK
+}
+
+#
+# Check for reallocarray().
+#
+src='
+#include <stdlib.h>
+int main(void) {
+ reallocarray(NULL, 0, 0);
+ return 0;
+}'
+check_func "reallocarray" "$src" || {
+ printf 'OPENBSD += reallocarray.c\n' >>$CONFIG_MK
+}
+
+#
+# Check for bsd_auth.h.
+#
+src='
+#include <bsd_auth.h>
+int main(void) {
+ return 0;
+}'
+check_func "bsd_auth_h" "$src" || {
+ printf 'OPENBSD += auth_userokay.c\n' >>$CONFIG_MK
+}
+
+#
+# Check for login_cap.h.
+#
+src='
+#include <login_cap.h>
+int main(void) {
+ return 0;
+}'
+check_func "login_cap_h" "$src" || {
+ printf 'OPENBSD += setusercontext.c\n' >>$CONFIG_MK
+}
+
+#
+# Check for execvpe().
+#
+src='
+#include <unistd.h>
+int main(void) {
+ const char *p = { "", NULL };
+ execvpe("", p, p);
+ return 0;
+}'
+check_func "execvpe" "$src" || {
+ printf 'OPENBSD += execvpe.c\n' >>$CONFIG_MK
+}
+
+#
+# Check for setresuid().
+#
+src='
+#include <unistd.h>
+int main(void) {
+ setresuid(0, 0, 0);
+ return 0;
+}'
+check_func "setresuid" "$src" || {
+ printf 'OPENBSD += setresuid.c\n' >>$CONFIG_MK
+}
+
+#
+# Check for pledge().
+#
+src='
+#include <unistd.h>
+int main(void) {
+ pledge("", NULL);
+ return 0;
+}'
+check_func "pledge" "$src" && {
+ have_pledge=1
+}
+
+#
+# Check for seccomp.h
+#
+src='
+#include <linux/seccomp.h>
+#include <sys/prctl.h>
+#include <unistd.h>
+int main(void) {
+ prctl(PR_SET_SECCOMP, SECCOMP_MODE_FILTER, NULL);
+ return 0;
+}'
+if [ -n "$have_pledge" -a -n "$BUILD_SECCOMP" ]; then
+ check_func "seccomp_h" "$src" && {
+ printf 'OPENBSD += pledge-seccomp.c\n' >>$CONFIG_MK
+ }
+elif [ -n "$have_pledge" ]; then
+ printf 'OPENBSD += pledge-noop.c\n' >>$CONFIG_MK
+fi
#ifndef _LIB_OPENBSD_H_
#define _LIB_OPENBSD_H_
+#include <stdarg.h>
#include <sys/types.h>
+#include <sys/cdefs.h>
+
+#include "readpassphrase.h"
/* API definitions lifted from OpenBSD src/include */
/* bsd_auth.h */
+#ifndef HAVE_BSD_AUTH_H
int auth_userokay(char *, char *, char *, char *);
+#endif /* !HAVE_BSD_AUTH_H */
/* login_cap.h */
+#ifndef HAVE_LOGIN_CAP_H
#define LOGIN_SETGROUP 0x0001 /* Set group */
#define LOGIN_SETLOGIN 0x0002 /* Set login */
#define LOGIN_SETPATH 0x0004 /* Set path */
typedef struct login_cap login_cap_t;
struct passwd;
int setusercontext(login_cap_t *, struct passwd *, uid_t, unsigned int);
+#endif /* !HAVE_LOGIN_CAP_H */
/* pwd.h */
#define _PW_NAME_LEN 63
/* stdlib.h */
+#ifndef HAVE_REALLOCARRAY
void * reallocarray(void *optr, size_t nmemb, size_t size);
+#endif /* HAVE_REALLOCARRAY */
+#ifndef HAVE_STRTONUM
long long strtonum(const char *numstr, long long minval,
long long maxval, const char **errstrp);
+#endif /* !HAVE_STRTONUM */
/* string.h */
+#ifndef HAVE_EXPLICIT_BZERO
void explicit_bzero(void *, size_t);
+#endif
+#ifndef HAVE_STRLCAT
+size_t strlcat(char *dst, const char *src, size_t dsize);
+#endif /* !HAVE_STRLCAT */
+#ifndef HAVE_STRLCPY
+size_t strlcpy(char *dst, const char *src, size_t dsize);
+#endif /* !HAVE_STRLCPY */
/* unistd.h */
+#ifndef HAVE_EXECVPE
int execvpe(const char *, char *const *, char *const *);
+#endif /* !HAVE_EXECVPE */
+#ifndef HAVE_SETRESUID
int setresuid(uid_t, uid_t, uid_t);
+#endif /* !HAVE_SETRESUID */
+#ifndef HAVE_PLEDGE
+int pledge(const char *promises, const char *paths[]);
+#endif /* !HAVE_PLEDGE */
-#endif
+/* err.h */
+#ifndef HAVE_VERRC
+void verrc(int eval, int code, const char *fmt, va_list ap);
+#endif /* !HAVE_VERRC */
+#ifndef HAVE_ERRC
+void errc(int eval, int code, const char *fmt, ...);
+#endif /* !HAVE_ERRC */
+
+#ifndef HAVE_SETPROGNAME
+const char * getprogname(void);
+void setprogname(const char *progname);
+#endif /* !HAVE_SETPROGNAME */
+
+#endif /* _LIB_OPENBSD_H_ */