diff options
| author | Ted Unangst <tedu@cvs.openbsd.org> | 2016-06-07 16:49:24 +0000 |
|---|---|---|
| committer | Ted Unangst <tedu@cvs.openbsd.org> | 2016-06-07 16:49:24 +0000 |
| commit | 2add52c21a22083f19e8761c28c5569819025477 (patch) | |
| tree | aced9be989c361a42d53efdd69c7ad3b9dfd1f90 | |
| parent | 82d55aa33f9f917063b5becf98694e1ef05bb204 (diff) | |
revert recent changes to allow setenv. everybody now has an idea about
how to do things better, so let's take a step back and reconsider.
| -rw-r--r-- | usr.bin/doas/doas.c | 81 | ||||
| -rw-r--r-- | usr.bin/doas/doas.conf.5 | 13 | ||||
| -rw-r--r-- | usr.bin/doas/doas.h | 4 | ||||
| -rw-r--r-- | usr.bin/doas/parse.y | 23 |
4 files changed, 7 insertions, 114 deletions
diff --git a/usr.bin/doas/doas.c b/usr.bin/doas/doas.c index f3dc984fef0..2998936ea36 100644 --- a/usr.bin/doas/doas.c +++ b/usr.bin/doas/doas.c @@ -1,4 +1,4 @@ -/* $OpenBSD: doas.c,v 1.54 2016/06/07 14:11:16 tedu Exp $ */ +/* $OpenBSD: doas.c,v 1.55 2016/06/07 16:49:23 tedu Exp $ */ /* * Copyright (c) 2015 Ted Unangst <tedu@openbsd.org> * @@ -193,8 +193,6 @@ copyenvhelper(const char **oldenvp, const char **safeset, int nsafe, for (i = 0; i < nsafe; i++) { const char **oe = oldenvp; - if (strchr(safeset[i], '=')) - continue; while (*oe) { size_t len = strlen(safeset[i]); if (strncmp(*oe, safeset[i], len) == 0 && @@ -283,81 +281,6 @@ copyenv(const char **oldenvp, struct rule *rule) return envp; } -/* find index of 'name' in environment envp */ -static int -findenv(const char **envp, const char *name, size_t namelen) -{ - int i; - - for (i = 0 ; envp[i] != NULL; i++) { - if (strlen(envp[i]) < namelen + 1) - continue; - if (strncmp(envp[i], name, namelen) == 0 && - envp[i][namelen] == '=') - return i; - } - return -1; -} - -/* merge rule->envlist into environment list; frees oldenvp */ -static char ** -dosetenv(char **oldenvp, struct rule *rule) -{ - size_t n, i, nset, nold; - char **envp, *cp, *cp2; - int found; - - if (!(rule->options & SETENV)) - return oldenvp; - - nset = arraylen(rule->envlist); - nold = arraylen((const char**)oldenvp); - - /* insert new variables */ - n = 0; - envp = NULL; - for (i = 0; i < nset; i++) { - if ((cp = strchr(rule->envlist[i], '=')) == NULL) - continue; - if (cp[1] == '\0' || cp - rule->envlist[i] > INT_MAX) - continue; /* skip variables with empty values */ - if ((envp = reallocarray(envp, n + 2, sizeof(*envp))) == NULL) - errx(1, "reallocarray failed"); - if (cp[1] == '$') { - /* FOO=$BAR: lookup and copy */ - if ((cp2 = getenv(cp + 2)) == NULL) - continue; /* not found; skip */ - if (asprintf(&(envp[n++]), "%.*s=%s", - (int)(cp - rule->envlist[i]), - rule->envlist[i], cp2) == -1) - errx(1, "asprintf failed"); - continue; - } else { - /* plain setenv */ - if ((envp[n++] = strdup(rule->envlist[i])) == NULL) - errx(1, "strdup failed"); - } - } - /* move old variables, dropping ones already set */ - for (i = 0; i < nold; i++) { - if ((cp = strchr(oldenvp[i], '=')) == NULL) - errx(1, "invalid env"); /* shouldn't happen */ - found = findenv(rule->envlist, oldenvp[i], cp - oldenvp[i]); - if (found != -1) - free(oldenvp[i]); /* discard */ - else { - if ((envp = reallocarray(envp, n + 2, - sizeof(*envp))) == NULL) - errx(1, "reallocarray failed"); - envp[n++] = oldenvp[i]; /* move */ - } - } - free(oldenvp); - if (n > 0) - envp[n] = NULL; - return envp; -} - static void __dead checkconfig(const char *confpath, int argc, char **argv, uid_t uid, gid_t *groups, int ngroups, uid_t target) @@ -550,8 +473,6 @@ main(int argc, char **argv, char **envp) envp = copyenv((const char **)envp, rule); - envp = dosetenv(envp, rule); - if (rule->cmd) { if (setenv("PATH", safepath, 1) == -1) err(1, "failed to set PATH '%s'", safepath); diff --git a/usr.bin/doas/doas.conf.5 b/usr.bin/doas/doas.conf.5 index 28207147277..4c5d1368a34 100644 --- a/usr.bin/doas/doas.conf.5 +++ b/usr.bin/doas/doas.conf.5 @@ -1,4 +1,4 @@ -.\" $OpenBSD: doas.conf.5,v 1.21 2016/06/07 14:11:16 tedu Exp $ +.\" $OpenBSD: doas.conf.5,v 1.22 2016/06/07 16:49:23 tedu Exp $ .\" .\"Copyright (c) 2015 Ted Unangst <tedu@openbsd.org> .\" @@ -59,16 +59,9 @@ The default is to reset the environment, except for the variables .Ev USER and .Ev USERNAME . -.It Ic keepenv { Oo Ar variable ... Oc Ic Oo Ar variable=value ... Oc Ic } +.It Ic keepenv { Oo Ar variable ... Oc Ic } In addition to the variables mentioned above, keep the space-separated specified variables. -Variables may also be set using the latter syntax. -If the first character of -.Ar value -is a -.Ql $ -then the value to be set is taken from the existing environment -variable of the same name. .El .It Ar identity The username to match. @@ -134,7 +127,7 @@ permit nopass keepenv { \e MULTI_PACKAGES NOMAN OKAY_FILES OWNER PKG_DBDIR \e PKG_DESTDIR PKG_TMPDIR PORTSDIR RELEASEDIR SHARED_ONLY \e SUBPACKAGE WRKOBJDIR SUDO_PORT_V1 } :wsrc -permit nopass keepenv { ENV PS1=$DOAS_PS1 SSH_AUTH_SOCK } :wheel +permit nopass keepenv { ENV PS1 SSH_AUTH_SOCK } :wheel permit nopass tedu as root cmd /usr/sbin/procmap permit nopass keepenv root as root .Ed diff --git a/usr.bin/doas/doas.h b/usr.bin/doas/doas.h index 70005eec8cb..559d72a21f7 100644 --- a/usr.bin/doas/doas.h +++ b/usr.bin/doas/doas.h @@ -1,4 +1,4 @@ -/* $OpenBSD: doas.h,v 1.5 2016/06/05 00:46:34 djm Exp $ */ +/* $OpenBSD: doas.h,v 1.6 2016/06/07 16:49:23 tedu Exp $ */ struct rule { int action; @@ -8,7 +8,6 @@ struct rule { const char *cmd; const char **cmdargs; const char **envlist; - const char **setenvlist; }; extern struct rule **rules; @@ -22,4 +21,3 @@ size_t arraylen(const char **); #define NOPASS 0x1 #define KEEPENV 0x2 -#define SETENV 0x4 diff --git a/usr.bin/doas/parse.y b/usr.bin/doas/parse.y index b134bde6519..702b45729d3 100644 --- a/usr.bin/doas/parse.y +++ b/usr.bin/doas/parse.y @@ -1,4 +1,4 @@ -/* $OpenBSD: parse.y,v 1.17 2016/06/07 14:11:16 tedu Exp $ */ +/* $OpenBSD: parse.y,v 1.18 2016/06/07 16:49:23 tedu Exp $ */ /* * Copyright (c) 2015 Ted Unangst <tedu@openbsd.org> * @@ -111,7 +111,6 @@ options: /* none */ $$.envlist = $2.envlist; } } ; - option: TNOPASS { $$.options = NOPASS; } | TKEEPENV { @@ -131,25 +130,9 @@ envlist: /* empty */ { errx(1, "can't allocate envlist"); $$.envlist[nenv] = $2.str; $$.envlist[nenv + 1] = NULL; - } | envlist TSTRING '=' TSTRING { - int nenv = arraylen($1.envlist); - char *cp = NULL; - - if (*$2.str == '\0' || strchr($2.str, '=') != NULL) { - yyerror("invalid setenv expression"); - YYERROR; - } - if (!($$.envlist = reallocarray($1.envlist, - nenv + 2, sizeof(char *)))) - errx(1, "can't allocate envlist"); - $$.envlist[nenv] = NULL; - if (asprintf(&cp, "%s=%s", $2.str, $4.str) <= 0 || - cp == NULL) - errx(1,"asprintf failed"); - $$.envlist[nenv] = cp; - $$.envlist[nenv + 1] = NULL; } + ident: TSTRING { $$.str = $1.str; } ; @@ -236,7 +219,6 @@ repeat: /* FALLTHROUGH */ case '{': case '}': - case '=': return c; case '#': /* skip comments; NUL is allowed; no continuation */ @@ -289,7 +271,6 @@ repeat: case '#': case ' ': case '\t': - case '=': if (!escape && !quotes) goto eow; break; |