Age | Commit message (Collapse) | Author | |
---|---|---|---|
2018-08-08 | After authentication is complete, unveil login.conf "r" (to discover | Theo de Raadt | |
login tweaks), and walk the path (would could be $PATH, or not) adding an unveil "x" to each possible executable which execvpe() could later be tried by execvpe. It would be great if we could do some unveil before authentication, but I failed to determine all the possibilities. Some problem reports by bluhm, tb, florian, and others during development In snaps for about 3 weeks. ok florian | |||
2018-07-11 | Do for most running out of memory err() what was done for most running | Kenneth R Westerback | |
out of memory log_warn(). i.e. ("%s", __func__) instead of manual function names and redundant verbiage about which wrapper detected the out of memory condition. ok henning@ | |||
2018-02-07 | lowercase doas ee cummings style | Ted Unangst | |
2018-02-07 | not necessarily the same name, but the indicated name | Ted Unangst | |
2017-07-13 | man pages with pseudo synopses which list filenames end up creating | Jason McIntyre | |
very ugly output in man -k; after some discussion with ingo, we feel the simplest fix is to remove such SYNOPSIS sections: the info is hardly helpful at page top, is contained already in FILES, and there are sufficiently few that just zapping them is simple; ok schwarze, who also helpfully ran things through a build to check output; | |||
2017-07-03 | no need to generate y.tab.h if nothing uses it, set YFLAGS to nothing | Marc Espie | |
instead of CLEANFILES += y.tab.h okay millert@ | |||
2017-05-27 | for password failure, print Authorization failed instead of EPERM. | Ted Unangst | |
will make things less confusing with commands rejected by config file. | |||
2017-04-06 | a little const here and there to prevent rules from changing | Ted Unangst | |
2017-04-06 | prepenv can take a const rule | Ted Unangst | |
2017-03-20 | simplify example. list of ports variables was non-exahustive, which means | Ted Unangst | |
what exactly? there should be a better place for such lists. | |||
2017-03-09 | exit test for -L was reversed. spotted by Michael Forney | Ted Unangst | |
2017-01-14 | add a geteuid check to make sure we're root before plowing into setauth. | Ted Unangst | |
spare some debugging effort in case doas is not installed setuid. | |||
2017-01-02 | envlist and arglist are both string lists; simplify | Ted Unangst | |
ok benno | |||
2016-12-29 | it has been six months and two days... remove keepenv { obsolete } syntax | Ted Unangst | |
2016-12-05 | Be more explicit about the "args" syntax. | Ingo Schwarze | |
In part from a patch from Anton dot Lindqvist at gmail dot com. OK tedu@ | |||
2016-11-10 | missing semicolon at end of rule. yacc doesn't seem to mind, though. | Ted Unangst | |
from Edakawa | |||
2016-10-05 | Add back the call to yyparse() that was accidentally dropped in the | Theo Buehler | |
previous commit. Fortunately, doas fails closed... ok tedu | |||
2016-10-05 | move yyparse decl next to yyfp | Ted Unangst | |
2016-10-05 | as a result of the env rework, arraylen() is only used in parse.y. | Ted Unangst | |
move it there and make it static. | |||
2016-09-15 | use static in the right places to seperate modules better | Theo de Raadt | |
ok tedu | |||
2016-09-04 | -L means no command | Ted Unangst | |
2016-09-04 | don't allow combining nopass and persist in a single rule | Ted Unangst | |
2016-09-03 | the sudo timeout was 5 minutes i believe, so we'll match that. | Ted Unangst | |
2016-09-02 | clarify that -L will exit without running a command. | Ted Unangst | |
2016-09-02 | add support for the verified auth ioctls using 'persist' rules. | Ted Unangst | |
ok deraadt henning | |||
2016-09-01 | unconst these parameters; i won't be changing bsd auth today. | Ted Unangst | |
2016-09-01 | move the authentication code to a function | Ted Unangst | |
2016-07-18 | The string with path to shell could be taken directly from struct passwd. | Vadim Zhukov | |
At some point later the data it points to is overridden by getpwuid() call, resulting in garbage. The problem could be easily demonstreated by double doas call: $ doas doas -su _sndio doas: mpty: command not found The fix is easy: just strdup() the pw_shell field value. okay tedu@, tweaks from & okay natano@ | |||
2016-07-12 | add "recvfd" to doas(1) for use with skey. | Sebastien Marie | |
ok tb@ deraadt@ | |||
2016-07-10 | rename variable for consistency | Ted Unangst | |
2016-06-27 | minor tweaks; ok tedu | Jason McIntyre | |
2016-06-27 | somehow nopass snuck onto the :wheel example. i think it's better without. | Ted Unangst | |
2016-06-27 | revise environment handling. | Ted Unangst | |
Add a setenv keyword for manipulating the environment. keepenv now means only retain everything. (for one release, the old use of keepenv will still work.) Allow setting variables to new or existing values, and also removing vars when keepenv is used. ok djm martijn tb | |||
2016-06-24 | move a space to the correct spot | Ted Unangst | |
2016-06-19 | Move the RB_ code from doas.h to env.c, and limit the environment interface to a | Martijn van Duren | |
simple prepenv function. OK tedu@ | |||
2016-06-16 | the environment handling code was showing its age. just because environ | Ted Unangst | |
is a char** array doesn't mean we must exclusively operate on such. convert to a red-black tree, manipulate as desired, then flatten to array. potentially overkill for the current operations, but reading the tea leaves i see that more manipulations are desired. ok tb (and some thought provoking disagreement from martijn) | |||
2016-06-11 | don't use specified twice in a sentence, noticed by jmc | Ted Unangst | |
2016-06-11 | clarify some wording | Ted Unangst | |
2016-06-11 | specify that default is deny if no rule matches | Ted Unangst | |
2016-06-11 | expand contractions | Ted Unangst | |
2016-06-11 | tighten up some wording | Ted Unangst | |
2016-06-07 | revert recent changes to allow setenv. everybody now has an idea about | Ted Unangst | |
how to do things better, so let's take a step back and reconsider. | |||
2016-06-07 | merge setenv feature into keepenv. less grammar, more better. | Ted Unangst | |
minimal changes to implementation for now, but some refinement to the way in which the new environment is constructed would be nice. ok djm | |||
2016-06-05 | spelling fix; | Jason McIntyre | |
2016-06-05 | add a doas.conf setenv directive that allows setting environment | Damien Miller | |
variables explicitly and by copying existing environment variables of a different name. E.g. permit nopass setenv { PS1=$SUDO_PS1 FOO=bar } keepenv :wheel ok tedu@ benno@ | |||
2016-04-28 | set progname to doas so users can't create bizarro fake logs | Ted Unangst | |
2016-04-27 | adjust yyerror() to precede with "progname: " the error message string | Gleydson Soares | |
OK tedu@ phessler@ | |||
2016-02-15 | Do a carriage return before password prompt. | martijn | |
OK tedu@ | |||
2016-02-07 | require a tty for the password. | Ted Unangst | |
sudo regression noted by miod, fix by millert | |||
2016-01-24 | make sure of cleaning rbuf with explicit_bzero(3) | Gleydson Soares | |
OK tedu@ |