3f6bcbaf — Duncaen 5 years ago v0.3
bump version 0.3
e88a0096 — Duncaen 5 years ago
add --without-pam configure option to allow passwd/shadow auth
788dd4b6 — Duncaen 5 years ago
fix err messages
f4a7d364 — Duncaen 5 years ago
some more cleanup and refactoring of pam code
0473a9be — Duncaen 5 years ago
rename doas_pam.c to pam.c
03b3cb7f — Duncaen 5 years ago
import sys-tree.h from openssh-portable
a3ceebbc — martijn 5 years ago
Move the RB_ code from doas.h to env.c, and limit the environment interface to a simple prepenv function.

OK tedu@
the environment handling code was showing its age. just because environ is a char** array doesn't mean we must exclusively operate on such. convert to a red-black tree, manipulate as desired, then flatten to array. potentially overkill for the current operations, but reading the tea leaves i see that more manipulations are desired. ok tb (and some thought provoking disagreement from martijn)
don't use specified twice in a sentence, noticed by jmc
clarify some wording
specify that default is deny if no rule matches
f577047e — Duncaen 5 years ago
remove pledge seccomp shim

This will never work, seccomp can't filter for paths (pointer) and all
rules are inherited by child processes.
pledge does not limit processes executed by execve.
4f7ed385 — Duncaen 5 years ago
open pam sessions with right user and remove setusercontext shim

before this change the sessions were opened as the user running doas.
Now it sets its uid to root and then opens a pam session for the target
The setusercontext shim was removed, because pam handles all this and
its easier to just call setresuid and setresgid instead.
21c6e427 — Duncaen 5 years ago
Revert "sync with upstream (setenv)"

This reverts commit 7f11114f0f07c653e0ea3d4ae093d7dcdda4a4ef.
63a642ef — Duncaen 5 years ago v0.2
bump version to 0.2
5c50281b — Duncaen 5 years ago
add more restrictive permissions and root:root as owner for binary
e939687b — Duncaen 5 years ago
fix ld and cflags
7f11114f — Duncaen 5 years ago
sync with upstream (setenv)

add a doas.conf setenv directive that allows setting environment
variables explicitly and by copying existing environment variables
of a different name. E.g.

permit nopass setenv { PS1=$SUDO_PS1 FOO=bar } keepenv :wheel

ok tedu@ benno@
a55cefe3 — Duncaen 5 years ago
remove version.h and define VERSION in configure script
e4bf599c — Duncaen 5 years ago
check return value of setresuid