3 files changed, 25 insertions, 49 deletions
diff --git a/usr.bin/doas/doas.c b/usr.bin/doas/doas.c
index 72d3429a667..f3dc984fef0 100644
--- a/usr.bin/doas/doas.c
+++ b/usr.bin/doas/doas.c
@@ -1,4 +1,4 @@
-/* $OpenBSD: doas.c,v 1.53 2016/06/05 00:46:34 djm Exp $ */
+/* $OpenBSD: doas.c,v 1.54 2016/06/07 14:11:16 tedu Exp $ */
 /*
  * Copyright (c) 2015 Ted Unangst <tedu@openbsd.org>
  *
@@ -193,6 +193,8 @@ copyenvhelper(const char **oldenvp, const char **safeset, int nsafe,
 
 	for (i = 0; i < nsafe; i++) {
 		const char **oe = oldenvp;
+		if (strchr(safeset[i], '='))
+			continue;
 		while (*oe) {
 			size_t len = strlen(safeset[i]);
 			if (strncmp(*oe, safeset[i], len) == 0 &&
@@ -297,7 +299,7 @@ findenv(const char **envp, const char *name, size_t namelen)
 	return -1;
 }
 
-/* merge rule->setenvlist into environment list; frees oldenvp */
+/* merge rule->envlist into environment list; frees oldenvp */
 static char **
 dosetenv(char **oldenvp, struct rule *rule)
 {
@@ -308,16 +310,16 @@ dosetenv(char **oldenvp, struct rule *rule)
 	if (!(rule->options & SETENV))
 		return oldenvp;
 
-	nset = arraylen(rule->setenvlist);
+	nset = arraylen(rule->envlist);
 	nold = arraylen((const char**)oldenvp);
 
 	/* insert new variables */
 	n = 0;
 	envp = NULL;
 	for (i = 0; i < nset; i++) {
-		if ((cp = strchr(rule->setenvlist[i], '=')) == NULL)
-			errx(1, "invalid setenv"); /* shouldn't happen */
-		if (cp[1] == '\0' || cp - rule->setenvlist[i] > INT_MAX)
+		if ((cp = strchr(rule->envlist[i], '=')) == NULL)
+			continue;
+		if (cp[1] == '\0' || cp - rule->envlist[i] > INT_MAX)
 			continue; /* skip variables with empty values */
 		if ((envp = reallocarray(envp, n + 2, sizeof(*envp))) == NULL)
 			errx(1, "reallocarray failed");
@@ -326,13 +328,13 @@ dosetenv(char **oldenvp, struct rule *rule)
 			if ((cp2 = getenv(cp + 2)) == NULL)
 				continue; /* not found; skip */
 			if (asprintf(&(envp[n++]), "%.*s=%s",
-			    (int)(cp - rule->setenvlist[i]),
-			    rule->setenvlist[i], cp2) == -1)
+			    (int)(cp - rule->envlist[i]),
+			    rule->envlist[i], cp2) == -1)
 				errx(1, "asprintf failed");
 			continue;
 		} else {
 			/* plain setenv */
-			if ((envp[n++] = strdup(rule->setenvlist[i])) == NULL)
+			if ((envp[n++] = strdup(rule->envlist[i])) == NULL)
 				errx(1, "strdup failed");
 		}
 	}
@@ -340,7 +342,7 @@ dosetenv(char **oldenvp, struct rule *rule)
 	for (i = 0; i < nold; i++) {
 		if ((cp = strchr(oldenvp[i], '=')) == NULL)
 			errx(1, "invalid env"); /* shouldn't happen */
-		found = findenv(rule->setenvlist, oldenvp[i], cp - oldenvp[i]);
+		found = findenv(rule->envlist, oldenvp[i], cp - oldenvp[i]);
 		if (found != -1)
 			free(oldenvp[i]); /* discard */
 		else {
diff --git a/usr.bin/doas/doas.conf.5 b/usr.bin/doas/doas.conf.5
index d258042e1c6..28207147277 100644
--- a/usr.bin/doas/doas.conf.5
+++ b/usr.bin/doas/doas.conf.5
@@ -1,4 +1,4 @@
-.\" $OpenBSD: doas.conf.5,v 1.20 2016/06/05 07:22:25 jmc Exp $
+.\" $OpenBSD: doas.conf.5,v 1.21 2016/06/07 14:11:16 tedu Exp $
 .\"
 .\"Copyright (c) 2015 Ted Unangst <tedu@openbsd.org>
 .\"
@@ -13,7 +13,7 @@
 .\"WHATSOEVER RESULTING FROM LOSS OF USE, DATA OR PROFITS, WHETHER IN AN
 .\"ACTION OF CONTRACT, NEGLIGENCE OR OTHER TORTIOUS ACTION, ARISING OUT OF
 .\"OR IN CONNECTION WITH THE USE OR PERFORMANCE OF THIS SOFTWARE.
-.Dd $Mdocdate: June 5 2016 $
+.Dd $Mdocdate: June 7 2016 $
 .Dt DOAS.CONF 5
 .Os
 .Sh NAME
@@ -59,20 +59,16 @@ The default is to reset the environment, except for the variables
 .Ev USER
 and
 .Ev USERNAME .
-.It Ic keepenv { Oo Ar variable ... Oc Ic }
+.It Ic keepenv { Oo Ar variable ... Oc Ic Oo Ar variable=value ... Oc Ic }
 In addition to the variables mentioned above, keep the space-separated
 specified variables.
-.It Ic setenv { Oo Ar variable=value ... Oc Ic }
-Sets one or more environment variables to the specified values.
+Variables may also be set using the latter syntax.
 If the first character of
 .Ar value
 is a
 .Ql $
 then the value to be set is taken from the existing environment
 variable of the same name.
-.Cm setenv
-directives override environment variables copied via
-.Cm keepenv .
 .El
 .It Ar identity
 The username to match.
@@ -138,10 +134,9 @@ permit nopass keepenv { \e
         MULTI_PACKAGES NOMAN OKAY_FILES OWNER PKG_DBDIR \e
         PKG_DESTDIR PKG_TMPDIR PORTSDIR RELEASEDIR SHARED_ONLY \e
         SUBPACKAGE WRKOBJDIR SUDO_PORT_V1 } :wsrc
-permit nopass keepenv { ENV PS1 SSH_AUTH_SOCK } :wheel
+permit nopass keepenv { ENV PS1=$DOAS_PS1 SSH_AUTH_SOCK } :wheel
 permit nopass tedu as root cmd /usr/sbin/procmap
 permit nopass keepenv root as root
-permit nopass setenv { PS1=$DOAS_PS1 } :staff
 .Ed
 .Sh SEE ALSO
 .Xr doas 1
diff --git a/usr.bin/doas/parse.y b/usr.bin/doas/parse.y
index 270e8d93466..b134bde6519 100644
--- a/usr.bin/doas/parse.y
+++ b/usr.bin/doas/parse.y
@@ -1,4 +1,4 @@
-/* $OpenBSD: parse.y,v 1.16 2016/06/05 00:46:34 djm Exp $ */
+/* $OpenBSD: parse.y,v 1.17 2016/06/07 14:11:16 tedu Exp $ */
 /*
  * Copyright (c) 2015 Ted Unangst <tedu@openbsd.org>
  *
@@ -35,7 +35,6 @@ typedef struct {
 			const char *cmd;
 			const char **cmdargs;
 			const char **envlist;
-			const char **setenvlist;
 		};
 		const char *str;
 	};
@@ -57,7 +56,7 @@ int yyparse(void);
 %}
 
 %token TPERMIT TDENY TAS TCMD TARGS
-%token TNOPASS TKEEPENV TSETENV
+%token TNOPASS TKEEPENV
 %token TSTRING
 
 %%
@@ -76,7 +75,6 @@ rule:		action ident target cmd {
 			r->action = $1.action;
 			r->options = $1.options;
 			r->envlist = $1.envlist;
-			r->setenvlist = $1.setenvlist;
 			r->ident = $2.str;
 			r->target = $3.str;
 			r->cmd = $4.cmd;
@@ -97,7 +95,6 @@ action:		TPERMIT options {
 			$$.action = PERMIT;
 			$$.options = $2.options;
 			$$.envlist = $2.envlist;
-			$$.setenvlist = $2.setenvlist;
 		} | TDENY {
 			$$.action = DENY;
 		} ;
@@ -113,14 +110,6 @@ options:	/* none */
 				} else
 					$$.envlist = $2.envlist;
 			}
-			$$.setenvlist = $1.setenvlist;
-			if ($2.setenvlist) {
-				if ($$.setenvlist) {
-					yyerror("can't have two setenv sections");
-					YYERROR;
-				} else
-					$$.setenvlist = $2.setenvlist;
-			}
 		} ;
 
 option:		TNOPASS {
@@ -130,9 +119,6 @@ option:		TNOPASS {
 		} | TKEEPENV '{' envlist '}' {
 			$$.options = KEEPENV;
 			$$.envlist = $3.envlist;
-		} | TSETENV '{' setenvlist '}' {
-			$$.options = SETENV;
-			$$.setenvlist = $3.setenvlist;
 		} ;
 
 envlist:	/* empty */ {
@@ -145,31 +131,25 @@ envlist:	/* empty */ {
 				errx(1, "can't allocate envlist");
 			$$.envlist[nenv] = $2.str;
 			$$.envlist[nenv + 1] = NULL;
-		}
-
-setenvlist:	/* empty */ {
-			if (!($$.setenvlist = calloc(1, sizeof(char *))))
-				errx(1, "can't allocate setenvlist");
-		} | setenvlist TSTRING '=' TSTRING {
-			int nenv = arraylen($1.setenvlist);
+		} | envlist TSTRING '=' TSTRING {
+			int nenv = arraylen($1.envlist);
 			char *cp = NULL;
 
 			if (*$2.str == '\0' || strchr($2.str, '=') != NULL) {
 				yyerror("invalid setenv expression");
 				YYERROR;
 			}
-			if (!($$.setenvlist = reallocarray($1.setenvlist,
+			if (!($$.envlist = reallocarray($1.envlist,
 			    nenv + 2, sizeof(char *))))
 				errx(1, "can't allocate envlist");
-			$$.setenvlist[nenv] = NULL;
+			$$.envlist[nenv] = NULL;
 			if (asprintf(&cp, "%s=%s", $2.str, $4.str) <= 0 ||
 			    cp == NULL)
 				errx(1,"asprintf failed");
-			$$.setenvlist[nenv] = cp;
-			$$.setenvlist[nenv + 1] = NULL;
+			$$.envlist[nenv] = cp;
+			$$.envlist[nenv + 1] = NULL;
 		}
 
-
 ident:		TSTRING {
 			$$.str = $1.str;
 		} ;
@@ -232,7 +212,6 @@ struct keyword {
 	{ "args", TARGS },
 	{ "nopass", TNOPASS },
 	{ "keepenv", TKEEPENV },
-	{ "setenv", TSETENV },
 };
 
 int