summaryrefslogtreecommitdiff
path: root/usr.bin/doas
AgeCommit message (Expand)Author
2016-10-05Add back the call to yyparse() that was accidentally dropped in theTheo Buehler
2016-10-05move yyparse decl next to yyfpTed Unangst
2016-10-05as a result of the env rework, arraylen() is only used in parse.y.Ted Unangst
2016-09-15use static in the right places to seperate modules betterTheo de Raadt
2016-09-04-L means no commandTed Unangst
2016-09-04don't allow combining nopass and persist in a single ruleTed Unangst
2016-09-03the sudo timeout was 5 minutes i believe, so we'll match that.Ted Unangst
2016-09-02clarify that -L will exit without running a command.Ted Unangst
2016-09-02add support for the verified auth ioctls using 'persist' rules.Ted Unangst
2016-09-01unconst these parameters; i won't be changing bsd auth today.Ted Unangst
2016-09-01move the authentication code to a functionTed Unangst
2016-07-18The string with path to shell could be taken directly from struct passwd.Vadim Zhukov
2016-07-12add "recvfd" to doas(1) for use with skey.Sebastien Marie
2016-07-10rename variable for consistencyTed Unangst
2016-06-27minor tweaks; ok teduJason McIntyre
2016-06-27somehow nopass snuck onto the :wheel example. i think it's better without.Ted Unangst
2016-06-27revise environment handling.Ted Unangst
2016-06-24move a space to the correct spotTed Unangst
2016-06-19Move the RB_ code from doas.h to env.c, and limit the environment interface to aMartijn van Duren
2016-06-16the environment handling code was showing its age. just because environTed Unangst
2016-06-11don't use specified twice in a sentence, noticed by jmcTed Unangst
2016-06-11clarify some wordingTed Unangst
2016-06-11specify that default is deny if no rule matchesTed Unangst
2016-06-11expand contractionsTed Unangst
2016-06-11tighten up some wordingTed Unangst
2016-06-07revert recent changes to allow setenv. everybody now has an idea aboutTed Unangst
2016-06-07merge setenv feature into keepenv. less grammar, more better.Ted Unangst
2016-06-05spelling fix;Jason McIntyre
2016-06-05add a doas.conf setenv directive that allows setting environmentDamien Miller
2016-04-28set progname to doas so users can't create bizarro fake logsTed Unangst
2016-04-27adjust yyerror() to precede with "progname: " the error message stringGleydson Soares
2016-02-15Do a carriage return before password prompt.martijn
2016-02-07require a tty for the password.Ted Unangst
2016-01-24make sure of cleaning rbuf with explicit_bzero(3)Gleydson Soares
2016-01-02tweak previous;Jason McIntyre
2016-01-01doas.conf lives in /etc. from Amit KulkarniTed Unangst
2015-12-08semarie noticed that auth failures don't set errno. just print a genericTed Unangst
2015-12-08Support -a <auth_style> in doas(1). Allows specifying a non-default authStuart Henderson
2015-12-04espie reminds me that EOF can happen for errors as well, so check for thatTed Unangst
2015-12-03use the more direct auth interfaces so we can provide a custom passwordTed Unangst
2015-11-27after reading a too long line, restart at the beginning of the buffer soTed Unangst
2015-10-24setusercontext() may still need "getpw" pledge rights; unbreaks doas on ypMiod Vallat
2015-10-22copying of the environment can be done later, as the user runningTed Unangst
2015-10-22pledge in doas. startup pledge "stdio rpath getpw proc exec id". 4Theo de Raadt
2015-09-19doas doesn't need any files to be passed in. closefrom STDERR+1. ok bennoTed Unangst
2015-09-03replace permfail calls with errc. the permfail calls had been retained forTed Unangst
2015-09-01increment the line number after the line continuation; ok teduMike Belopuhov
2015-09-01only need to restrict exec path if the rule specifies a command.Ted Unangst
2015-08-28Document an example that lets root run unrestricted doas commands asReyk Floeter
2015-08-27add a type of "auth-doas" to the perm check to allow login.conf fiddlingTed Unangst