-/* $OpenBSD: doas.c,v 1.13 2015/07/20 01:00:48 tedu Exp $ */
+/* $OpenBSD: doas.c,v 1.14 2015/07/20 01:04:37 tedu Exp $ */
/*
* Copyright (c) 2015 Ted Unangst <tedu@openbsd.org>
*
static int
match(uid_t uid, gid_t *groups, int ngroups, uid_t target, const char *cmd,
- struct rule *r)
+ const char **cmdargs, struct rule *r)
{
int i;
}
if (r->target && uidcheck(r->target, target) != 0)
return 0;
- if (r->cmd && strcmp(r->cmd, cmd) != 0)
- return 0;
+ if (r->cmd) {
+ if (strcmp(r->cmd, cmd))
+ return 0;
+ if (r->cmdargs) {
+ /* if arguments were given, they should match explicitly */
+ for (i = 0; r->cmdargs[i]; i++) {
+ if (!cmdargs[i])
+ return 0;
+ if (strcmp(r->cmdargs[i], cmdargs[i]))
+ return 0;
+ }
+ if (cmdargs[i])
+ return 0;
+ }
+ }
return 1;
}
static int
permit(uid_t uid, gid_t *groups, int ngroups, struct rule **lastr,
- uid_t target, const char *cmd)
+ uid_t target, const char *cmd, const char **cmdargs)
{
int i;
*lastr = NULL;
for (i = 0; i < nrules; i++) {
- if (match(uid, groups, ngroups, target, cmd, rules[i]))
+ if (match(uid, groups, ngroups, target, cmd, cmdargs, rules[i]))
*lastr = rules[i];
}
if (!*lastr)
errx(1, "command line too long");
}
- if (!permit(uid, groups, ngroups, &rule, target, cmd)) {
+ if (!permit(uid, groups, ngroups, &rule, target, cmd,
+ (const char**)argv + 1)) {
syslog(LOG_AUTHPRIV | LOG_NOTICE,
"failed command for %s: %s", myname, cmdline);
fail();
-.\" $OpenBSD: doas.conf.5,v 1.6 2015/07/20 07:43:27 jmc Exp $
+.\" $OpenBSD: doas.conf.5,v 1.7 2015/07/20 20:18:45 tedu Exp $
.\"
.\"Copyright (c) 2015 Ted Unangst <tedu@openbsd.org>
.\"
.Op Ar options
.Ar identity
.Op Ic as Ar target
-.Op Ic cmd Ar command
+.Oo
+.Ic cmd Ar command Op Ic args ...
+.Oc
.Ed
.Pp
Rules consist of the following parts:
The command the user is allowed or denied to run.
The default is all commands.
Be advised that it's best to specify absolute paths.
+.It Ic args Op ...
+Arguments to command.
+If specified, the command arguments set provided by user and
+the command arguments set in rule should be the same for successful
+rule match.
+Specifying
+.Ic args
+alone means that command should be run without any arguments.
.El
.Pp
The last matching rule determines the action taken.
-/* $OpenBSD: parse.y,v 1.5 2015/07/19 22:09:08 benno Exp $ */
+/* $OpenBSD: parse.y,v 1.6 2015/07/19 22:11:41 benno Exp $ */
/*
* Copyright (c) 2015 Ted Unangst <tedu@openbsd.org>
*
struct {
int action;
int options;
+ const char *cmd;
+ const char **cmdargs;
const char **envlist;
};
const char *str;
%}
-%token TPERMIT TDENY TAS TCMD
+%token TPERMIT TDENY TAS TCMD TARGS
%token TNOPASS TKEEPENV
%token TSTRING
r->envlist = $1.envlist;
r->ident = $2.str;
r->target = $3.str;
- r->cmd = $4.str;
+ r->cmd = $4.cmd;
+ r->cmdargs = $4.cmdargs;
if (nrules == maxrules) {
if (maxrules == 0)
maxrules = 63;
} ;
cmd: /* optional */ {
- $$.str = NULL;
- } | TCMD TSTRING {
- $$.str = $2.str;
+ $$.cmd = NULL;
+ $$.cmdargs = NULL;
+ } | TCMD TSTRING args {
+ $$.cmd = $2.str;
+ $$.cmdargs = $3.cmdargs;
+ } ;
+
+args: /* empty */ {
+ $$.cmdargs = NULL;
+ } | TARGS argslist {
+ $$.cmdargs = $2.cmdargs;
+ } ;
+
+argslist: /* empty */ {
+ if (!($$.cmdargs = calloc(1, sizeof(char *))))
+ errx(1, "can't allocate args");
+ } | argslist TSTRING {
+ int nargs = arraylen($1.cmdargs);
+ if (!($$.cmdargs = reallocarray($1.cmdargs, nargs + 2, sizeof(char *))))
+ errx(1, "can't allocate args");
+ $$.cmdargs[nargs] = $2.str;
+ $$.cmdargs[nargs + 1] = NULL;
} ;
%%
{ "permit", TPERMIT },
{ "as", TAS },
{ "cmd", TCMD },
+ { "args", TARGS },
{ "nopass", TNOPASS },
{ "keepenv", TKEEPENV },
};