Merge, update from OpenBSD

Author: katakk

doas.1

@@ -88,7 +88,7 @@ It may fail for one of the following reasons:
 .Bl -bullet -compact
 .It
 The config file
-.Pa /etc/doas.conf
+.Pa /usr/local/etc/doas.conf
 could not be parsed.
 .It
 The user attempted to run a command which is not permitted.
@@ -106,4 +106,4 @@ The
 command first appeared in
 .Ox 5.8 .
 .Sh AUTHORS
-.An Ted Unangst Aq Mt tedu@openbsd.org
+.An Ted Unangst Aq Mt tedu@openbsd.org

doas.c

@@ -17,6 +17,7 @@
 
 #include <sys/types.h>
 #include <sys/stat.h>
+#include <sys/ioctl.h>
 
 #if defined(HAVE_INTTYPES_H)
 #include <inttypes.h>
@@ -39,6 +40,7 @@
 #include <grp.h>
 #include <syslog.h>
 #include <errno.h>
+#include <fcntl.h>
 
 #if defined(HAVE_LOGIN_CAP_H)
 #include <login_cap.h>
@@ -83,18 +85,6 @@ errc(int eval, int code, const char *format)
 }
 #endif
 
-size_t
-arraylen(const char **arr)
-{
-	size_t cnt = 0;
-
-	while (*arr) {
-		cnt++;
-		arr++;
-	}
-	return cnt;
-}
-
 static int
 parseuid(const char *s, uid_t *uid)
 {
@@ -254,6 +244,54 @@ checkconfig(const char *confpath, int argc, char **argv,
 	}
 }
 
+#if defined(USE_BSD_AUTH)      
+static void
+authuser(char *myname, char *login_style, int persist)
+{
+	char *challenge = NULL, *response, rbuf[1024], cbuf[128];
+	auth_session_t *as;
+	int fd = -1;
+
+	if (persist)
+		fd = open("/dev/tty", O_RDWR);
+	if (fd != -1) {
+		if (ioctl(fd, TIOCCHKVERAUTH) == 0)
+			goto good;
+	}
+
+	if (!(as = auth_userchallenge(myname, login_style, "auth-doas",
+	    &challenge)))
+		errx(1, "Authorization failed");
+	if (!challenge) {
+		char host[HOST_NAME_MAX + 1];
+		if (gethostname(host, sizeof(host)))
+			snprintf(host, sizeof(host), "?");
+		snprintf(cbuf, sizeof(cbuf),
+		    "\rdoas (%.32s@%.32s) password: ", myname, host);
+		challenge = cbuf;
+	}
+	response = readpassphrase(challenge, rbuf, sizeof(rbuf),
+	    RPP_REQUIRE_TTY);
+	if (response == NULL && errno == ENOTTY) {
+		syslog(LOG_AUTHPRIV | LOG_NOTICE,
+		    "tty required for %s", myname);
+		errx(1, "a tty is required");
+	}
+	if (!auth_userresponse(as, response, 0)) {
+		syslog(LOG_AUTHPRIV | LOG_NOTICE,
+		    "failed auth for %s", myname);
+		errc(1, EPERM, NULL);
+	}
+	explicit_bzero(rbuf, sizeof(rbuf));
+good:
+	if (fd != -1) {
+		int secs = 5 * 60;
+		ioctl(fd, TIOCSETVERAUTH, &secs);
+		close(fd);
+	}
+}
+#endif
+
 int
 main(int argc, char **argv)
 {
@@ -283,25 +321,27 @@ main(int argc, char **argv)
 	setprogname("doas");
         #endif
 
-        /*
-	if (pledge("stdio rpath getpw tty proc exec id", NULL) == -1)
-		err(1, "pledge");
-        */
-
         #ifndef linux
 	closefrom(STDERR_FILENO + 1);
         #endif
 
 	uid = getuid();
 
 	while ((ch = getopt(argc, argv, "a:C:nsu:")) != -1) {
+/*	while ((ch = getopt(argc, argv, "a:C:Lnsu:")) != -1) { */
 		switch (ch) {
 		case 'a':
 			login_style = optarg;
 			break;
 		case 'C':
 			confpath = optarg;
 			break;
+/*		case 'L':
+			i = open("/dev/tty", O_RDWR);
+			if (i != -1)
+				ioctl(i, TIOCCLRVERAUTH);
+			exit(i != -1);
+*/
 		case 'u':
 			if (parseuid(optarg, &target) != 0)
 				errx(1, "unknown user");
@@ -343,9 +383,11 @@ main(int argc, char **argv)
 
 	if (sflag) {
 		sh = getenv("SHELL");
-		if (sh == NULL || *sh == '\0')
-			shargv[0] = pw->pw_shell;
-		else
+		if (sh == NULL || *sh == '\0') {
+			shargv[0] = strdup(pw->pw_shell);
+			if (shargv[0] == NULL)
+				err(1, NULL);
+		} else
 			shargv[0] = sh;
 		argv = shargv;
 		argc = 1;
@@ -357,11 +399,14 @@ main(int argc, char **argv)
 		exit(1);	/* fail safe */
 	}
 
+	if (geteuid())
+		errx(1, "not installed setuid");
+
 	parseconfig(DOAS_CONF, 1);
 
 	/* cmdline is used only for logging, no need to abort on truncate */
         #ifndef linux
-	(void) strlcpy(cmdline, argv[0], sizeof(cmdline));
+	(void)strlcpy(cmdline, argv[0], sizeof(cmdline));
 	for (i = 1; i < argc; i++) {
 		if (strlcat(cmdline, " ", sizeof(cmdline)) >= sizeof(cmdline))
 			break;
@@ -379,44 +424,18 @@ main(int argc, char **argv)
 
 	cmd = argv[0];
 	if (!permit(uid, groups, ngroups, &rule, target, cmd,
-	    (const char**)argv + 1)) {
+	    (const char **)argv + 1)) {
 		syslog(LOG_AUTHPRIV | LOG_NOTICE,
 		    "failed command for %s: %s", myname, cmdline);
 		errc(1, EPERM, NULL);
 	}
 
 	if (!(rule->options & NOPASS)) {
 #if defined(USE_BSD_AUTH)      
-		char *challenge = NULL, *response, rbuf[1024], cbuf[128];
-		auth_session_t *as;
-
 		if (nflag)
 			errx(1, "Authorization required");
 
-		if (!(as = auth_userchallenge(myname, login_style, "auth-doas",
-		    &challenge)))
-			errx(1, "Authorization failed");
-		if (!challenge) {
-			char host[MAXHOSTNAME + 1];
-			if (gethostname(host, sizeof(host)))
-				snprintf(host, sizeof(host), "?");
-			snprintf(cbuf, sizeof(cbuf),
-			    "\rdoas (%.32s@%.32s) password: ", myname, host);
-			challenge = cbuf;
-		}
-		response = readpassphrase(challenge, rbuf, sizeof(rbuf),
-		    RPP_REQUIRE_TTY);
-		if (response == NULL && errno == ENOTTY) {
-			syslog(LOG_AUTHPRIV | LOG_NOTICE,
-			    "tty required for %s", myname);
-			errx(1, "a tty is required");
-		}
-		if (!auth_userresponse(as, response, 0)) {
-			syslog(LOG_AUTHPRIV | LOG_NOTICE,
-			    "failed auth for %s", myname);
-			errc(1, EPERM, NULL);
-		}
-		explicit_bzero(rbuf, sizeof(rbuf));
+		authuser(myname, login_style, rule->options & PERSIST);
 #elif defined(USE_PAM)
 #define PAM_END(msg) do { 						\
 	syslog(LOG_ERR, "%s: %s", msg, pam_strerror(pamh, pam_err)); 	\
@@ -518,7 +537,6 @@ main(int argc, char **argv)
 #else
 #error	No auth module!
 #endif
-
 	}
 
         /*

doas.conf.5

@@ -1,4 +1,4 @@
-.\" $OpenBSD: doas.conf.5,v 1.26 2016/06/11 17:17:10 tedu Exp $
+.\" $OpenBSD: doas.conf.5,v 1.31 2016/12/05 10:58:07 schwarze Exp $
 .\"
 .\"Copyright (c) 2015 Ted Unangst <tedu@openbsd.org>
 .\"
@@ -13,7 +13,7 @@
 .\"WHATSOEVER RESULTING FROM LOSS OF USE, DATA OR PROFITS, WHETHER IN AN
 .\"ACTION OF CONTRACT, NEGLIGENCE OR OTHER TORTIOUS ACTION, ARISING OUT OF
 .\"OR IN CONNECTION WITH THE USE OR PERFORMANCE OF THIS SOFTWARE.
-.Dd $Mdocdate: June 11 2016 $
+.Dd $Mdocdate: December 5 2016 $
 .Dt DOAS.CONF 5
 .Os
 .Sh NAME
@@ -35,7 +35,7 @@ The rules have the following format:
 .Op Ar options
 .Ar identity
 .Op Ic as Ar target
-.Op Ic cmd Ar command Op Ic args ...
+.Op Ic cmd Ar command Op Ic args No ...
 .Ed
 .Pp
 Rules consist of the following parts:
@@ -47,6 +47,9 @@ Options are:
 .Bl -tag -width keepenv
 .It Ic nopass
 The user is not required to enter a password.
+.It Ic persist
+After the user successfully authenticates, do not ask for a password
+again for some time.
 .It Ic keepenv
 The user's environment is maintained.
 The default is to reset the environment, except for the variables
@@ -59,9 +62,18 @@ The default is to reset the environment, except for the variables
 .Ev USER
 and
 .Ev USERNAME .
-.It Ic keepenv { Oo Ar variable ... Oc Ic }
+.It Ic setenv { Oo Ar variable ... Oc Oo Ar variable=value ... Oc Ic }
 In addition to the variables mentioned above, keep the space-separated
 specified variables.
+Variables may also be removed with a leading
+.Sq -
+or set using the latter syntax.
+If the first character of
+.Ar value
+is a
+.Ql $
+then the value to be set is taken from the existing environment
+variable of the same name.
 .El
 .It Ar identity
 The username to match.
@@ -78,7 +90,7 @@ Be advised that it is best to specify absolute paths.
 If a relative path is specified, only a restricted
 .Ev PATH
 will be searched.
-.It Ic args ...
+.It Ic args Op Ar argument ...
 Arguments to command.
 The command arguments provided by the user need to match those specified.
 The keyword
@@ -109,25 +121,27 @@ If quotes or backslashes are used in a word,
 it is not considered a keyword.
 .El
 .Sh EXAMPLES
-The following example permits users in group wsrc to build ports,
+The following example permits users in group wsrc to build ports;
 wheel to execute commands as any user while keeping the environment
 variables
-.Ev ENV ,
-.Ev PS1 ,
+.Ev PS1
 and
-.Ev SSH_AUTH_SOCK ,
-permits tedu to run procmap as root without a password,
+.Ev SSH_AUTH_SOCK
+and
+unsetting
+.Ev ENV ;
+permits tedu to run procmap as root without a password;
 and additionally permits root to run unrestricted commands as itself.
 .Bd -literal -offset indent
 # Non-exhaustive list of variables needed to
 # build release(8) and ports(7)
-permit nopass keepenv { \e
+permit nopass setenv { \e
         FTPMODE PKG_CACHE PKG_PATH SM_PATH SSH_AUTH_SOCK \e
         DESTDIR DISTDIR FETCH_CMD FLAVOR GROUP MAKE MAKECONF \e
         MULTI_PACKAGES NOMAN OKAY_FILES OWNER PKG_DBDIR \e
         PKG_DESTDIR PKG_TMPDIR PORTSDIR RELEASEDIR SHARED_ONLY \e
         SUBPACKAGE WRKOBJDIR SUDO_PORT_V1 } :wsrc
-permit nopass keepenv { ENV PS1 SSH_AUTH_SOCK } :wheel
+permit setenv { -ENV PS1=$DOAS_PS1 SSH_AUTH_SOCK } :wheel
 permit nopass tedu as root cmd /usr/sbin/procmap
 permit nopass keepenv root as root
 .Ed

doas.h

@@ -1,4 +1,20 @@
-/* $OpenBSD: doas.h,v 1.8 2016/06/19 19:29:43 martijn Exp $ */
+/* $OpenBSD: doas.h,v 1.12 2016/10/05 17:40:25 tedu Exp $ */
+/*
+ * Copyright (c) 2015 Ted Unangst <tedu@openbsd.org>
+ *
+ * Permission to use, copy, modify, and distribute this software for any
+ * purpose with or without fee is hereby granted, provided that the above
+ * copyright notice and this permission notice appear in all copies.
+ *
+ * THE SOFTWARE IS PROVIDED "AS IS" AND THE AUTHOR DISCLAIMS ALL WARRANTIES
+ * WITH REGARD TO THIS SOFTWARE INCLUDING ALL IMPLIED WARRANTIES OF
+ * MERCHANTABILITY AND FITNESS. IN NO EVENT SHALL THE AUTHOR BE LIABLE FOR
+ * ANY SPECIAL, DIRECT, INDIRECT, OR CONSEQUENTIAL DAMAGES OR ANY DAMAGES
+ * WHATSOEVER RESULTING FROM LOSS OF USE, DATA OR PROFITS, WHETHER IN AN
+ * ACTION OF CONTRACT, NEGLIGENCE OR OTHER TORTIOUS ACTION, ARISING OUT OF
+ * OR IN CONNECTION WITH THE USE OR PERFORMANCE OF THIS SOFTWARE.
+ */
+
 struct rule {
 	int action;
 	int options;
@@ -10,18 +26,17 @@ struct rule {
 };
 
 extern struct rule **rules;
-extern int nrules, maxrules;
+extern int nrules;
 extern int parse_errors;
 
-size_t arraylen(const char **);
-
 char **prepenv(struct rule *);
 
 #define PERMIT	1
 #define DENY	2
 
 #define NOPASS		0x1
 #define KEEPENV		0x2
+#define PERSIST		0x4
 
 #ifndef UID_MAX
 #define UID_MAX 65535