remove pam_timestamp from pam config
remove unnecessary warning output
add --without-pam configure option to allow passwd/shadow auth
some more cleanup and refactoring of pam code
rename doas_pam.c to pam.c
import sys-tree.h from openssh-portable
Move the RB_ code from doas.h to env.c, and limit the environment interface to a simple prepenv function.
the environment handling code was showing its age. just because environ is a char** array doesn't mean we must exclusively operate on such. convert to a red-black tree, manipulate as desired, then flatten to array. potentially overkill for the current operations, but reading the tea leaves i see that more manipulations are desired. ok tb (and some thought provoking disagreement from martijn)
don't use specified twice in a sentence, noticed by jmc
specify that default is deny if no rule matches
remove pledge seccomp shim
This will never work, seccomp can't filter for paths (pointer) and all
rules are inherited by child processes.
pledge does not limit processes executed by execve.
open pam sessions with right user and remove setusercontext shim
before this change the sessions were opened as the user running doas.
Now it sets its uid to root and then opens a pam session for the target
The setusercontext shim was removed, because pam handles all this and
its easier to just call setresuid and setresgid instead.
Revert "sync with upstream (setenv)"
This reverts commit 7f11114f0f07c653e0ea3d4ae093d7dcdda4a4ef.
add more restrictive permissions and root:root as owner for binary