diff options
| author | Ted Unangst <tedu@cvs.openbsd.org> | 2016-06-07 14:11:17 +0000 |
|---|---|---|
| committer | Ted Unangst <tedu@cvs.openbsd.org> | 2016-06-07 14:11:17 +0000 |
| commit | 45f045077e71e7b1be248070b9ac6c4749dee6c0 (patch) | |
| tree | 12298a4b7b7634eb99cf8d0ff87100de37afa176 /usr.bin | |
| parent | 8050b5780f3cbce2896544dd985e30316e0b4494 (diff) | |
merge setenv feature into keepenv. less grammar, more better.
minimal changes to implementation for now, but some refinement to the way
in which the new environment is constructed would be nice.
ok djm
Diffstat (limited to 'usr.bin')
| -rw-r--r-- | usr.bin/doas/doas.c | 22 | ||||
| -rw-r--r-- | usr.bin/doas/doas.conf.5 | 15 | ||||
| -rw-r--r-- | usr.bin/doas/parse.y | 37 |
3 files changed, 25 insertions, 49 deletions
diff --git a/usr.bin/doas/doas.c b/usr.bin/doas/doas.c index 72d3429a667..f3dc984fef0 100644 --- a/usr.bin/doas/doas.c +++ b/usr.bin/doas/doas.c @@ -1,4 +1,4 @@ -/* $OpenBSD: doas.c,v 1.53 2016/06/05 00:46:34 djm Exp $ */ +/* $OpenBSD: doas.c,v 1.54 2016/06/07 14:11:16 tedu Exp $ */ /* * Copyright (c) 2015 Ted Unangst <tedu@openbsd.org> * @@ -193,6 +193,8 @@ copyenvhelper(const char **oldenvp, const char **safeset, int nsafe, for (i = 0; i < nsafe; i++) { const char **oe = oldenvp; + if (strchr(safeset[i], '=')) + continue; while (*oe) { size_t len = strlen(safeset[i]); if (strncmp(*oe, safeset[i], len) == 0 && @@ -297,7 +299,7 @@ findenv(const char **envp, const char *name, size_t namelen) return -1; } -/* merge rule->setenvlist into environment list; frees oldenvp */ +/* merge rule->envlist into environment list; frees oldenvp */ static char ** dosetenv(char **oldenvp, struct rule *rule) { @@ -308,16 +310,16 @@ dosetenv(char **oldenvp, struct rule *rule) if (!(rule->options & SETENV)) return oldenvp; - nset = arraylen(rule->setenvlist); + nset = arraylen(rule->envlist); nold = arraylen((const char**)oldenvp); /* insert new variables */ n = 0; envp = NULL; for (i = 0; i < nset; i++) { - if ((cp = strchr(rule->setenvlist[i], '=')) == NULL) - errx(1, "invalid setenv"); /* shouldn't happen */ - if (cp[1] == '\0' || cp - rule->setenvlist[i] > INT_MAX) + if ((cp = strchr(rule->envlist[i], '=')) == NULL) + continue; + if (cp[1] == '\0' || cp - rule->envlist[i] > INT_MAX) continue; /* skip variables with empty values */ if ((envp = reallocarray(envp, n + 2, sizeof(*envp))) == NULL) errx(1, "reallocarray failed"); @@ -326,13 +328,13 @@ dosetenv(char **oldenvp, struct rule *rule) if ((cp2 = getenv(cp + 2)) == NULL) continue; /* not found; skip */ if (asprintf(&(envp[n++]), "%.*s=%s", - (int)(cp - rule->setenvlist[i]), - rule->setenvlist[i], cp2) == -1) + (int)(cp - rule->envlist[i]), + rule->envlist[i], cp2) == -1) errx(1, "asprintf failed"); continue; } else { /* plain setenv */ - if ((envp[n++] = strdup(rule->setenvlist[i])) == NULL) + if ((envp[n++] = strdup(rule->envlist[i])) == NULL) errx(1, "strdup failed"); } } @@ -340,7 +342,7 @@ dosetenv(char **oldenvp, struct rule *rule) for (i = 0; i < nold; i++) { if ((cp = strchr(oldenvp[i], '=')) == NULL) errx(1, "invalid env"); /* shouldn't happen */ - found = findenv(rule->setenvlist, oldenvp[i], cp - oldenvp[i]); + found = findenv(rule->envlist, oldenvp[i], cp - oldenvp[i]); if (found != -1) free(oldenvp[i]); /* discard */ else { diff --git a/usr.bin/doas/doas.conf.5 b/usr.bin/doas/doas.conf.5 index d258042e1c6..28207147277 100644 --- a/usr.bin/doas/doas.conf.5 +++ b/usr.bin/doas/doas.conf.5 @@ -1,4 +1,4 @@ -.\" $OpenBSD: doas.conf.5,v 1.20 2016/06/05 07:22:25 jmc Exp $ +.\" $OpenBSD: doas.conf.5,v 1.21 2016/06/07 14:11:16 tedu Exp $ .\" .\"Copyright (c) 2015 Ted Unangst <tedu@openbsd.org> .\" @@ -13,7 +13,7 @@ .\"WHATSOEVER RESULTING FROM LOSS OF USE, DATA OR PROFITS, WHETHER IN AN .\"ACTION OF CONTRACT, NEGLIGENCE OR OTHER TORTIOUS ACTION, ARISING OUT OF .\"OR IN CONNECTION WITH THE USE OR PERFORMANCE OF THIS SOFTWARE. -.Dd $Mdocdate: June 5 2016 $ +.Dd $Mdocdate: June 7 2016 $ .Dt DOAS.CONF 5 .Os .Sh NAME @@ -59,20 +59,16 @@ The default is to reset the environment, except for the variables .Ev USER and .Ev USERNAME . -.It Ic keepenv { Oo Ar variable ... Oc Ic } +.It Ic keepenv { Oo Ar variable ... Oc Ic Oo Ar variable=value ... Oc Ic } In addition to the variables mentioned above, keep the space-separated specified variables. -.It Ic setenv { Oo Ar variable=value ... Oc Ic } -Sets one or more environment variables to the specified values. +Variables may also be set using the latter syntax. If the first character of .Ar value is a .Ql $ then the value to be set is taken from the existing environment variable of the same name. -.Cm setenv -directives override environment variables copied via -.Cm keepenv . .El .It Ar identity The username to match. @@ -138,10 +134,9 @@ permit nopass keepenv { \e MULTI_PACKAGES NOMAN OKAY_FILES OWNER PKG_DBDIR \e PKG_DESTDIR PKG_TMPDIR PORTSDIR RELEASEDIR SHARED_ONLY \e SUBPACKAGE WRKOBJDIR SUDO_PORT_V1 } :wsrc -permit nopass keepenv { ENV PS1 SSH_AUTH_SOCK } :wheel +permit nopass keepenv { ENV PS1=$DOAS_PS1 SSH_AUTH_SOCK } :wheel permit nopass tedu as root cmd /usr/sbin/procmap permit nopass keepenv root as root -permit nopass setenv { PS1=$DOAS_PS1 } :staff .Ed .Sh SEE ALSO .Xr doas 1 diff --git a/usr.bin/doas/parse.y b/usr.bin/doas/parse.y index 270e8d93466..b134bde6519 100644 --- a/usr.bin/doas/parse.y +++ b/usr.bin/doas/parse.y @@ -1,4 +1,4 @@ -/* $OpenBSD: parse.y,v 1.16 2016/06/05 00:46:34 djm Exp $ */ +/* $OpenBSD: parse.y,v 1.17 2016/06/07 14:11:16 tedu Exp $ */ /* * Copyright (c) 2015 Ted Unangst <tedu@openbsd.org> * @@ -35,7 +35,6 @@ typedef struct { const char *cmd; const char **cmdargs; const char **envlist; - const char **setenvlist; }; const char *str; }; @@ -57,7 +56,7 @@ int yyparse(void); %} %token TPERMIT TDENY TAS TCMD TARGS -%token TNOPASS TKEEPENV TSETENV +%token TNOPASS TKEEPENV %token TSTRING %% @@ -76,7 +75,6 @@ rule: action ident target cmd { r->action = $1.action; r->options = $1.options; r->envlist = $1.envlist; - r->setenvlist = $1.setenvlist; r->ident = $2.str; r->target = $3.str; r->cmd = $4.cmd; @@ -97,7 +95,6 @@ action: TPERMIT options { $$.action = PERMIT; $$.options = $2.options; $$.envlist = $2.envlist; - $$.setenvlist = $2.setenvlist; } | TDENY { $$.action = DENY; } ; @@ -113,14 +110,6 @@ options: /* none */ } else $$.envlist = $2.envlist; } - $$.setenvlist = $1.setenvlist; - if ($2.setenvlist) { - if ($$.setenvlist) { - yyerror("can't have two setenv sections"); - YYERROR; - } else - $$.setenvlist = $2.setenvlist; - } } ; option: TNOPASS { @@ -130,9 +119,6 @@ option: TNOPASS { } | TKEEPENV '{' envlist '}' { $$.options = KEEPENV; $$.envlist = $3.envlist; - } | TSETENV '{' setenvlist '}' { - $$.options = SETENV; - $$.setenvlist = $3.setenvlist; } ; envlist: /* empty */ { @@ -145,31 +131,25 @@ envlist: /* empty */ { errx(1, "can't allocate envlist"); $$.envlist[nenv] = $2.str; $$.envlist[nenv + 1] = NULL; - } - -setenvlist: /* empty */ { - if (!($$.setenvlist = calloc(1, sizeof(char *)))) - errx(1, "can't allocate setenvlist"); - } | setenvlist TSTRING '=' TSTRING { - int nenv = arraylen($1.setenvlist); + } | envlist TSTRING '=' TSTRING { + int nenv = arraylen($1.envlist); char *cp = NULL; if (*$2.str == '\0' || strchr($2.str, '=') != NULL) { yyerror("invalid setenv expression"); YYERROR; } - if (!($$.setenvlist = reallocarray($1.setenvlist, + if (!($$.envlist = reallocarray($1.envlist, nenv + 2, sizeof(char *)))) errx(1, "can't allocate envlist"); - $$.setenvlist[nenv] = NULL; + $$.envlist[nenv] = NULL; if (asprintf(&cp, "%s=%s", $2.str, $4.str) <= 0 || cp == NULL) errx(1,"asprintf failed"); - $$.setenvlist[nenv] = cp; - $$.setenvlist[nenv + 1] = NULL; + $$.envlist[nenv] = cp; + $$.envlist[nenv + 1] = NULL; } - ident: TSTRING { $$.str = $1.str; } ; @@ -232,7 +212,6 @@ struct keyword { { "args", TARGS }, { "nopass", TNOPASS }, { "keepenv", TKEEPENV }, - { "setenv", TSETENV }, }; int |