opendoas

my fork of doas with custom prompt
git clone git://git.kocotian.pl/opendoas.git
Log | Files | Refs | README | LICENSE

commit fd03103c045c958756f5f3f03f13604bd80eaa1d
parent bfea01b8d21291919d2a0e1f2568de1834e67fd0
Author: Duncan Overbruck <mail@duncano.de>
Date:   Thu,  5 Nov 2020 21:00:16 +0100

check for login_cap.h and use setusercontext if available

Diffstat:
Mconfigure | 11+++++++++++
Mdoas.c | 10++++++++++
2 files changed, 21 insertions(+), 0 deletions(-)

diff --git a/configure b/configure @@ -452,6 +452,17 @@ int main(void) { check_func "ndir_h" "$src" # +# Check for login_cap.h. +# +src=' +#include <sys/types.h> +#include <login_cap.h> +int main(void) { + return 0; +}' +check_func "login_cap_h" "$src" + +# # # src=' diff --git a/doas.c b/doas.c @@ -20,6 +20,9 @@ #include <sys/ioctl.h> #include <limits.h> +#ifdef HAVE_LOGIN_CAP_H +#include <login_cap.h> +#endif #include <string.h> #include <stdio.h> #include <stdlib.h> @@ -379,12 +382,19 @@ main(int argc, char **argv) rule->options & PERSIST); #endif +#ifdef HAVE_LOGIN_CAP_H + if (setusercontext(NULL, targpw, target, LOGIN_SETGROUP | + LOGIN_SETPRIORITY | LOGIN_SETRESOURCES | LOGIN_SETUMASK | + LOGIN_SETUSER) != 0) + errx(1, "failed to set user context for target"); +#else if (setresgid(targpw->pw_gid, targpw->pw_gid, targpw->pw_gid) != 0) err(1, "setresgid"); if (initgroups(targpw->pw_name, targpw->pw_gid) != 0) err(1, "initgroups"); if (setresuid(target, target, target) != 0) err(1, "setresuid"); +#endif if (getcwd(cwdpath, sizeof(cwdpath)) == NULL) cwd = "(failed)";