summaryrefslogtreecommitdiff
path: root/usr.bin/doas/doas.c
AgeCommit message (Expand)Author
2019-10-18add some checks to avoid UID_MAX (-1) here. this is not problematic withTed Unangst
2019-09-14correct some unveil(2) violations due to "login.conf.db" access (the .db versionSebastien Marie
2019-07-03snprintf/vsnprintf return < 0 on error, rather than -1.Theo de Raadt
2019-06-29fix some more fallout from setting path in setusercontext. restoreTed Unangst
2019-06-17setusercontext resets PATH (which we want). but then it becomesTed Unangst
2019-06-16redo the environment inheritance to not inherit. it was intended to makeTed Unangst
2019-06-12a few cleanups and simplifications possible now that static pw is gone.Ted Unangst
2019-06-10use getpwuid_r to avoid problems with hidden static storage.Ted Unangst
2019-01-17clear the password even after a mismatchTed Unangst
2018-08-08After authentication is complete, unveil login.conf "r" (to discoverTheo de Raadt
2017-05-27for password failure, print Authorization failed instead of EPERM.Ted Unangst
2017-04-06a little const here and there to prevent rules from changingTed Unangst
2017-03-09exit test for -L was reversed. spotted by Michael ForneyTed Unangst
2017-01-14add a geteuid check to make sure we're root before plowing into setauth.Ted Unangst
2016-10-05Add back the call to yyparse() that was accidentally dropped in theTheo Buehler
2016-10-05move yyparse decl next to yyfpTed Unangst
2016-10-05as a result of the env rework, arraylen() is only used in parse.y.Ted Unangst
2016-09-15use static in the right places to seperate modules betterTheo de Raadt
2016-09-03the sudo timeout was 5 minutes i believe, so we'll match that.Ted Unangst
2016-09-02add support for the verified auth ioctls using 'persist' rules.Ted Unangst
2016-09-01unconst these parameters; i won't be changing bsd auth today.Ted Unangst
2016-09-01move the authentication code to a functionTed Unangst
2016-07-18The string with path to shell could be taken directly from struct passwd.Vadim Zhukov
2016-07-12add "recvfd" to doas(1) for use with skey.Sebastien Marie
2016-06-24move a space to the correct spotTed Unangst
2016-06-19Move the RB_ code from doas.h to env.c, and limit the environment interface to aMartijn van Duren
2016-06-16the environment handling code was showing its age. just because environTed Unangst
2016-06-07revert recent changes to allow setenv. everybody now has an idea aboutTed Unangst
2016-06-07merge setenv feature into keepenv. less grammar, more better.Ted Unangst
2016-06-05add a doas.conf setenv directive that allows setting environmentDamien Miller
2016-04-28set progname to doas so users can't create bizarro fake logsTed Unangst
2016-02-15Do a carriage return before password prompt.martijn
2016-02-07require a tty for the password.Ted Unangst
2016-01-24make sure of cleaning rbuf with explicit_bzero(3)Gleydson Soares
2015-12-08semarie noticed that auth failures don't set errno. just print a genericTed Unangst
2015-12-08Support -a <auth_style> in doas(1). Allows specifying a non-default authStuart Henderson
2015-12-03use the more direct auth interfaces so we can provide a custom passwordTed Unangst
2015-10-24setusercontext() may still need "getpw" pledge rights; unbreaks doas on ypMiod Vallat
2015-10-22copying of the environment can be done later, as the user runningTed Unangst
2015-10-22pledge in doas. startup pledge "stdio rpath getpw proc exec id". 4Theo de Raadt
2015-09-19doas doesn't need any files to be passed in. closefrom STDERR+1. ok bennoTed Unangst
2015-09-03replace permfail calls with errc. the permfail calls had been retained forTed Unangst
2015-09-01only need to restrict exec path if the rule specifies a command.Ted Unangst
2015-08-27add a type of "auth-doas" to the perm check to allow login.conf fiddlingTed Unangst
2015-08-22Add cwd context to syslog entry.Doug Hogan
2015-08-20Show program name for permission failure messages.Rafael Zalamena
2015-08-13and now we can unify the code. okay tedu@Marc Espie
2015-08-12more explicit warnings. Okay tedu@Marc Espie
2015-08-03remove an extra getuid call, reported by Martijn van DurenTed Unangst
2015-07-30make gid parsing look like uid parsing. from Martijn van DurenTed Unangst