~armaan/opendoas

bump to version v0.3.2
45d57dad — Duncaen 5 years ago
fix --with(out)-pam configure option
c05e559c — Duncaen 5 years ago
fix pamcleanup
aedbe76e — Duncaen 5 years ago
fix sys/tree.h test
bump version 0.3.1
1606730a — Duncaen 5 years ago
remove pam_timestamp from pam config
e0c0b370 — Duncaen 5 years ago
remove unnecessary warning output
3f6bcbaf — Duncaen 5 years ago v0.3
bump version 0.3
e88a0096 — Duncaen 5 years ago
add --without-pam configure option to allow passwd/shadow auth
788dd4b6 — Duncaen 5 years ago
fix err messages
f4a7d364 — Duncaen 5 years ago
some more cleanup and refactoring of pam code
0473a9be — Duncaen 5 years ago
rename doas_pam.c to pam.c
03b3cb7f — Duncaen 5 years ago
import sys-tree.h from openssh-portable
a3ceebbc — martijn 5 years ago
Move the RB_ code from doas.h to env.c, and limit the environment interface to a simple prepenv function.

OK tedu@
the environment handling code was showing its age. just because environ is a char** array doesn't mean we must exclusively operate on such. convert to a red-black tree, manipulate as desired, then flatten to array. potentially overkill for the current operations, but reading the tea leaves i see that more manipulations are desired. ok tb (and some thought provoking disagreement from martijn)
don't use specified twice in a sentence, noticed by jmc
clarify some wording
specify that default is deny if no rule matches
f577047e — Duncaen 5 years ago
remove pledge seccomp shim

This will never work, seccomp can't filter for paths (pointer) and all
rules are inherited by child processes.
pledge does not limit processes executed by execve.
4f7ed385 — Duncaen 5 years ago
open pam sessions with right user and remove setusercontext shim

before this change the sessions were opened as the user running doas.
Now it sets its uid to root and then opens a pam session for the target
user.
The setusercontext shim was removed, because pam handles all this and
its easier to just call setresuid and setresgid instead.
Next