Age | Commit message (Collapse) | Author | |
---|---|---|---|
2017-04-06 | a little const here and there to prevent rules from changing | Ted Unangst | |
2017-04-06 | prepenv can take a const rule | Ted Unangst | |
2017-03-20 | simplify example. list of ports variables was non-exahustive, which means | Ted Unangst | |
what exactly? there should be a better place for such lists. | |||
2017-03-09 | exit test for -L was reversed. spotted by Michael Forney | Ted Unangst | |
2017-01-14 | add a geteuid check to make sure we're root before plowing into setauth. | Ted Unangst | |
spare some debugging effort in case doas is not installed setuid. | |||
2017-01-02 | envlist and arglist are both string lists; simplify | Ted Unangst | |
ok benno | |||
2016-12-29 | it has been six months and two days... remove keepenv { obsolete } syntax | Ted Unangst | |
2016-12-05 | Be more explicit about the "args" syntax. | Ingo Schwarze | |
In part from a patch from Anton dot Lindqvist at gmail dot com. OK tedu@ | |||
2016-11-10 | missing semicolon at end of rule. yacc doesn't seem to mind, though. | Ted Unangst | |
from Edakawa | |||
2016-10-05 | Add back the call to yyparse() that was accidentally dropped in the | Theo Buehler | |
previous commit. Fortunately, doas fails closed... ok tedu | |||
2016-10-05 | move yyparse decl next to yyfp | Ted Unangst | |
2016-10-05 | as a result of the env rework, arraylen() is only used in parse.y. | Ted Unangst | |
move it there and make it static. | |||
2016-09-15 | use static in the right places to seperate modules better | Theo de Raadt | |
ok tedu | |||
2016-09-04 | -L means no command | Ted Unangst | |
2016-09-04 | don't allow combining nopass and persist in a single rule | Ted Unangst | |
2016-09-03 | the sudo timeout was 5 minutes i believe, so we'll match that. | Ted Unangst | |
2016-09-02 | clarify that -L will exit without running a command. | Ted Unangst | |
2016-09-02 | add support for the verified auth ioctls using 'persist' rules. | Ted Unangst | |
ok deraadt henning | |||
2016-09-01 | unconst these parameters; i won't be changing bsd auth today. | Ted Unangst | |
2016-09-01 | move the authentication code to a function | Ted Unangst | |
2016-07-18 | The string with path to shell could be taken directly from struct passwd. | Vadim Zhukov | |
At some point later the data it points to is overridden by getpwuid() call, resulting in garbage. The problem could be easily demonstreated by double doas call: $ doas doas -su _sndio doas: mpty: command not found The fix is easy: just strdup() the pw_shell field value. okay tedu@, tweaks from & okay natano@ | |||
2016-07-12 | add "recvfd" to doas(1) for use with skey. | Sebastien Marie | |
ok tb@ deraadt@ | |||
2016-07-10 | rename variable for consistency | Ted Unangst | |
2016-06-27 | minor tweaks; ok tedu | Jason McIntyre | |
2016-06-27 | somehow nopass snuck onto the :wheel example. i think it's better without. | Ted Unangst | |
2016-06-27 | revise environment handling. | Ted Unangst | |
Add a setenv keyword for manipulating the environment. keepenv now means only retain everything. (for one release, the old use of keepenv will still work.) Allow setting variables to new or existing values, and also removing vars when keepenv is used. ok djm martijn tb | |||
2016-06-24 | move a space to the correct spot | Ted Unangst | |
2016-06-19 | Move the RB_ code from doas.h to env.c, and limit the environment interface to a | Martijn van Duren | |
simple prepenv function. OK tedu@ | |||
2016-06-16 | the environment handling code was showing its age. just because environ | Ted Unangst | |
is a char** array doesn't mean we must exclusively operate on such. convert to a red-black tree, manipulate as desired, then flatten to array. potentially overkill for the current operations, but reading the tea leaves i see that more manipulations are desired. ok tb (and some thought provoking disagreement from martijn) | |||
2016-06-11 | don't use specified twice in a sentence, noticed by jmc | Ted Unangst | |
2016-06-11 | clarify some wording | Ted Unangst | |
2016-06-11 | specify that default is deny if no rule matches | Ted Unangst | |
2016-06-11 | expand contractions | Ted Unangst | |
2016-06-11 | tighten up some wording | Ted Unangst | |
2016-06-07 | revert recent changes to allow setenv. everybody now has an idea about | Ted Unangst | |
how to do things better, so let's take a step back and reconsider. | |||
2016-06-07 | merge setenv feature into keepenv. less grammar, more better. | Ted Unangst | |
minimal changes to implementation for now, but some refinement to the way in which the new environment is constructed would be nice. ok djm | |||
2016-06-05 | spelling fix; | Jason McIntyre | |
2016-06-05 | add a doas.conf setenv directive that allows setting environment | Damien Miller | |
variables explicitly and by copying existing environment variables of a different name. E.g. permit nopass setenv { PS1=$SUDO_PS1 FOO=bar } keepenv :wheel ok tedu@ benno@ | |||
2016-04-28 | set progname to doas so users can't create bizarro fake logs | Ted Unangst | |
2016-04-27 | adjust yyerror() to precede with "progname: " the error message string | Gleydson Soares | |
OK tedu@ phessler@ | |||
2016-02-15 | Do a carriage return before password prompt. | martijn | |
OK tedu@ | |||
2016-02-07 | require a tty for the password. | Ted Unangst | |
sudo regression noted by miod, fix by millert | |||
2016-01-24 | make sure of cleaning rbuf with explicit_bzero(3) | Gleydson Soares | |
OK tedu@ | |||
2016-01-02 | tweak previous; | Jason McIntyre | |
2016-01-01 | doas.conf lives in /etc. from Amit Kulkarni | Ted Unangst | |
2015-12-08 | semarie noticed that auth failures don't set errno. just print a generic | Ted Unangst | |
message and leave it to the user to find the tea leaves. | |||
2015-12-08 | Support -a <auth_style> in doas(1). Allows specifying a non-default auth | Stuart Henderson | |
style, for example if you have "auth-doas=yubikey,passwd" in login.conf, doas will usually want yubikey authentication, but will allow a fallback of "doas -a passwd". Avoids the need for sudo in a number of cases, at the expense of 5 added lines of code (and one of those is only to avoid >80 columns). Adapted from a diff by Renaud Allard, ok dlg@ tedu@ | |||
2015-12-04 | espie reminds me that EOF can happen for errors as well, so check for that | Ted Unangst | |
happening and print a message. | |||
2015-12-03 | use the more direct auth interfaces so we can provide a custom password | Ted Unangst | |
prompt to the user (including username and host) so it's always clear what program is asking. request from henning with a hint from millert. ok deraadt jung zhuk | |||
2015-11-27 | after reading a too long line, restart at the beginning of the buffer so | Ted Unangst | |
we don't keep writing past the end. (the perils of trying to recover from parse errors.) noticed by Jan Schreiber |