| Age | Commit message (Collapse) | Author | |
|---|---|---|---|
| 2019-09-14 | correct some unveil(2) violations due to "login.conf.db" access (the .db version | Sebastien Marie | |
| of "login.conf"), and stat(2) on _PATH_MASTERPASSWD_LOCK (via pw_mkdb(3)). problem initially noted by myself for passwd(1) millert@ reported similar problem on chpass(1), su(1), doas(1) and encrypt(1) mestre@ noted chpass(1) too ok mestre@ millert@ | |||
| 2019-07-07 | fix one last edge case regarding PATH, allows simpler config. | Ted Unangst | |
| 2019-07-04 | note that authentication is required, unless otherwise configured. | Ted Unangst | |
| ok sthen | |||
| 2019-07-03 | snprintf/vsnprintf return < 0 on error, rather than -1. | Theo de Raadt | |
| 2019-06-29 | fix some more fallout from setting path in setusercontext. restore | Ted Unangst | |
| previous behavior of using user PATH if no cmd restriction in the rule. run into by espie | |||
| 2019-06-24 | add an example hint that shows how original path can be retained | Ted Unangst | |
| 2019-06-21 | tweak wording a bit. always talk about creating a new environment. | Ted Unangst | |
| also document DOAS_USER. ok deraadt jmc | |||
| 2019-06-19 | more precisely describe what happens to the environment without keepenv; | Ingo Schwarze | |
| OK tedu@ | |||
| 2019-06-19 | mention that doas(1) resets the umask(2); | Ingo Schwarze | |
| OK tedu@ | |||
| 2019-06-17 | setusercontext resets PATH (which we want). but then it becomes | Ted Unangst | |
| impossible to access the old PATH. save a copy in case we need it later. bug report from espie. | |||
| 2019-06-17 | mention environment resetting here as well. ok millert | Ted Unangst | |
| 2019-06-17 | always reset the "su" variables, which is more consistent and predictable. | Ted Unangst | |
| ok martijn millert | |||
| 2019-06-16 | redo the environment inheritance to not inherit. it was intended to make | Ted Unangst | |
| life easier, but it can be surprising or even unsafe. instead, reset just about everything to the target user's values. ok deraadt martijn Thanks to Sander Bos in particular for pointing out some nasty edge cases. | |||
| 2019-06-12 | a few cleanups and simplifications possible now that static pw is gone. | Ted Unangst | |
| noted by martijn. ok martijn. | |||
| 2019-06-10 | use getpwuid_r to avoid problems with hidden static storage. | Ted Unangst | |
| ok deraadt lteo martijn | |||
| 2019-01-17 | clear the password even after a mismatch | Ted Unangst | |
| 2018-08-08 | After authentication is complete, unveil login.conf "r" (to discover | Theo de Raadt | |
| login tweaks), and walk the path (would could be $PATH, or not) adding an unveil "x" to each possible executable which execvpe() could later be tried by execvpe. It would be great if we could do some unveil before authentication, but I failed to determine all the possibilities. Some problem reports by bluhm, tb, florian, and others during development In snaps for about 3 weeks. ok florian | |||
| 2018-07-11 | Do for most running out of memory err() what was done for most running | Kenneth R Westerback | |
| out of memory log_warn(). i.e. ("%s", __func__) instead of manual function names and redundant verbiage about which wrapper detected the out of memory condition. ok henning@ | |||
| 2018-02-07 | lowercase doas ee cummings style | Ted Unangst | |
| 2018-02-07 | not necessarily the same name, but the indicated name | Ted Unangst | |
| 2017-07-13 | man pages with pseudo synopses which list filenames end up creating | Jason McIntyre | |
| very ugly output in man -k; after some discussion with ingo, we feel the simplest fix is to remove such SYNOPSIS sections: the info is hardly helpful at page top, is contained already in FILES, and there are sufficiently few that just zapping them is simple; ok schwarze, who also helpfully ran things through a build to check output; | |||
| 2017-07-03 | no need to generate y.tab.h if nothing uses it, set YFLAGS to nothing | Marc Espie | |
| instead of CLEANFILES += y.tab.h okay millert@ | |||
| 2017-05-27 | for password failure, print Authorization failed instead of EPERM. | Ted Unangst | |
| will make things less confusing with commands rejected by config file. | |||
| 2017-04-06 | a little const here and there to prevent rules from changing | Ted Unangst | |
| 2017-04-06 | prepenv can take a const rule | Ted Unangst | |
| 2017-03-20 | simplify example. list of ports variables was non-exahustive, which means | Ted Unangst | |
| what exactly? there should be a better place for such lists. | |||
| 2017-03-09 | exit test for -L was reversed. spotted by Michael Forney | Ted Unangst | |
| 2017-01-14 | add a geteuid check to make sure we're root before plowing into setauth. | Ted Unangst | |
| spare some debugging effort in case doas is not installed setuid. | |||
| 2017-01-02 | envlist and arglist are both string lists; simplify | Ted Unangst | |
| ok benno | |||
| 2016-12-29 | it has been six months and two days... remove keepenv { obsolete } syntax | Ted Unangst | |
| 2016-12-05 | Be more explicit about the "args" syntax. | Ingo Schwarze | |
| In part from a patch from Anton dot Lindqvist at gmail dot com. OK tedu@ | |||
| 2016-11-10 | missing semicolon at end of rule. yacc doesn't seem to mind, though. | Ted Unangst | |
| from Edakawa | |||
| 2016-10-05 | Add back the call to yyparse() that was accidentally dropped in the | Theo Buehler | |
| previous commit. Fortunately, doas fails closed... ok tedu | |||
| 2016-10-05 | move yyparse decl next to yyfp | Ted Unangst | |
| 2016-10-05 | as a result of the env rework, arraylen() is only used in parse.y. | Ted Unangst | |
| move it there and make it static. | |||
| 2016-09-15 | use static in the right places to seperate modules better | Theo de Raadt | |
| ok tedu | |||
| 2016-09-04 | -L means no command | Ted Unangst | |
| 2016-09-04 | don't allow combining nopass and persist in a single rule | Ted Unangst | |
| 2016-09-03 | the sudo timeout was 5 minutes i believe, so we'll match that. | Ted Unangst | |
| 2016-09-02 | clarify that -L will exit without running a command. | Ted Unangst | |
| 2016-09-02 | add support for the verified auth ioctls using 'persist' rules. | Ted Unangst | |
| ok deraadt henning | |||
| 2016-09-01 | unconst these parameters; i won't be changing bsd auth today. | Ted Unangst | |
| 2016-09-01 | move the authentication code to a function | Ted Unangst | |
| 2016-07-18 | The string with path to shell could be taken directly from struct passwd. | Vadim Zhukov | |
| At some point later the data it points to is overridden by getpwuid() call, resulting in garbage. The problem could be easily demonstreated by double doas call: $ doas doas -su _sndio doas: mpty: command not found The fix is easy: just strdup() the pw_shell field value. okay tedu@, tweaks from & okay natano@ | |||
| 2016-07-12 | add "recvfd" to doas(1) for use with skey. | Sebastien Marie | |
| ok tb@ deraadt@ | |||
| 2016-07-10 | rename variable for consistency | Ted Unangst | |
| 2016-06-27 | minor tweaks; ok tedu | Jason McIntyre | |
| 2016-06-27 | somehow nopass snuck onto the :wheel example. i think it's better without. | Ted Unangst | |
| 2016-06-27 | revise environment handling. | Ted Unangst | |
| Add a setenv keyword for manipulating the environment. keepenv now means only retain everything. (for one release, the old use of keepenv will still work.) Allow setting variables to new or existing values, and also removing vars when keepenv is used. ok djm martijn tb | |||
| 2016-06-24 | move a space to the correct spot | Ted Unangst | |
 |
index : src | |
| OpenBSD base system |
| summaryrefslogtreecommitdiff |