opendoas

my fork of doas with custom prompt
git clone git://git.kocotian.pl/opendoas.git
Log | Files | Refs | README | LICENSE

DateCommit messageAuthorFiles+-
2021-02-09 09:39prompt, force timestampkocotian2+3-1
2021-02-03 19:55fix some wording in README.mdDuncan Overbruck1+2-2
2021-02-03 00:49fixed typo in README.mdLukas Hannen1+1-1
2021-01-28 23:28Replace build/installation instructions with discouragementsDuncan Overbruck1+15-9
2021-01-28 23:00remove pam.d configuration filesDuncan Overbruck5+13-20
2021-01-28 19:12apply missing man page changesDuncan Overbruck2+6-6
2015-12-04 09:41espie reminds me that EOF can happen for errors as well, so check for that happening and print a message.tedu1+8-3
2021-01-27 17:02Promote nrules/maxrules to size_t and make sure they can't overflow. reallocarray(3) will fail if nmemb * size would overflow. OK tb@ martijn@millert3+10-10
2021-01-16 09:18s/authorization/authentication/gmartijn3+10-10
2021-01-15 08:32Be more explicit by stating that the -n flag is linked to the nopass option in doas.conf instead of a generic "would prompt for password", which could lead people into believing that persist could work with this option.martijn1+3-3
2021-01-28 16:58correctly reset path for rules without specific commandDuncan Overbruck1+3-0
2015-11-27 21:10after reading a too long line, restart at the beginning of the buffer so we don't keep writing past the end. (the perils of trying to recover from parse errors.) noticed by Jan Schreibertedu1+3-1
2015-09-01 16:20increment the line number after the line continuation; ok tedumikeb1+2-0
2020-11-14 15:30remove unused pam.d fileDuncan Overbruck1+0-5
2020-11-14 15:28pam: use PAM_REINITIALIZE_CREDDuncan Overbruck1+2-2
2020-11-14 15:27configure: respect environment and make CFLAGSDuncan Overbruck2+3-5
2020-11-14 15:19pam.d: include system-auth for auth, account and sessionDuncan Overbruck1+3-6
2020-11-14 15:13configure: use LDLIBS instead of setting LDFLAGSDuncan Overbruck2+8-8
2020-11-14 15:02configure: fix verrc checkDuncan Overbruck1+2-1
2020-11-12 20:26configure: add setresgid, setreuid and setregid checksDuncan Overbruck1+40-2
2020-11-12 20:19configure: add freebsd supportDuncan Overbruck1+4-0
2020-11-12 17:29add pam.d file for MacOSXDuncan Overbruck1+5-0
2020-11-12 17:20use wheel group on MacOSXDuncan Overbruck1+3-0
2020-11-12 17:02configure: don't set --no-as-needed on MacOSX while running checksDuncan Overbruck1+5-1
2020-11-12 17:01libopenbsd/closefrom.h: include path.h for _PATH_DEV on MacOSXDuncan Overbruck1+1-0
2020-11-12 16:48add back execvpe fallbackDuncan Overbruck2+163-1
2020-11-12 16:22simplify makefileDuncan Overbruck4+69-77
2020-11-12 16:11configure: define CURDIR for all targetsDuncan Overbruck1+1-1
2020-11-12 16:02fix portability issues with configure scriptDuncan Overbruck1+15-7
2020-11-12 15:55link libutil for setusercontext on NetBSDDuncan Overbruck1+1-0
2020-11-12 15:49set _OPENBSD_SOURCE on NetBSDDuncan Overbruck1+3-0
2020-11-12 15:22pam.c: free rsp in case of failureDuncan Overbruck1+1-0
2020-11-12 15:21pam.c: remove dead assignmentDuncan Overbruck1+1-1
2020-11-12 15:17remove includes.h and move the prototypes to doas.hDuncan Overbruck8+21-26
2020-11-12 15:15libopenbsd: clean up readpassphrase compat and fix ifdefsDuncan Overbruck5+11-10
2020-11-12 15:11use config.h and link objects instead of libopenbsd.aDuncan Overbruck21+106-51
2020-11-12 12:32opendoas: Fallback for setresuid(2).Sunil Nimmagadda3+89-1
2020-11-12 13:11move HOST_NAME_MAX to the top and add it to shadow.cDuncan Overbruck2+8-3
2020-11-05 20:00check for login_cap.h and use setusercontext if availableDuncan Overbruck2+21-0
2020-10-09 10:24fix SEE ALSO;jmc1+1-1
2020-10-09 07:43Add nolog option to avoid syslog(3)kn4+15-3
2020-10-09 00:04Improve error message on missing permissionkn1+1-1
2020-05-16 16:58list example files in FILES with a short description: generally, "Example configuration file.", but occasionally something else fit better; at the same time, try to make the format for FILES more consistent;jmc1+2-2
2020-02-10 13:18briefly mention /etc/examples/ in the FILES section of all the manual pages that document the corresponding configuration files; OK jmc@, and general direction discussed with manyschwarze1+5-2
2020-11-05 07:03Fallback definition for HOST_NAME_MAX.Sunil Nimmagadda1+3-0
2020-11-02 06:24Honor --sysconfdir option for doas.conf path.Sunil Nimmagadda2+3-1
2020-02-03 21:26timestamp.c: remove warning for normal caseDuncan Overbruck1+2-3
2020-02-03 21:19timestamp.c: check fstat(2) instead of separate stat(2)Duncan Overbruck1+2-3
2020-02-03 21:17timestamp.c: correctly NUL terminate buffer read from /proc/pid/statDuncan Overbruck1+7-4
2020-02-03 21:11timestamp.c: add some more error/warning messagesDuncan Overbruck1+19-6
2019-12-06 01:45timestamp.c: already return on 22th field of /proc/ppid/statDuncan Overbruck1+2-4
2019-12-06 01:44doas.c: initialize mygetpwuid_r resultDuncan Overbruck1+2-0
2019-12-06 01:43libopenbsd: define __dead as noreturnDuncan Overbruck4+12-12
2020-01-08 17:33Change binary permissions to 4755. Closes #26Ivy Foster1+1-1
2019-11-23 15:21configure: remove versionDuncan Overbruck1+0-4
2019-11-23 14:18doas.c: remove dead ifdefs to unclutter codeDuncan Overbruck1+40-190
2019-11-21 17:01timestamp: simplifyDuncan Overbruck1+81-220
2019-11-21 16:14configure: make {UID,GID}_MAX configurableDuncan Overbruck1+10-1
2019-10-18 17:15add some checks to avoid UID_MAX (-1) here. this is not problematic with the current code, but it's probably safer this way. ok deraadttedu1+6-2
2019-09-14 17:47correct some unveil(2) violations due to "login.conf.db" access (the .db version of "login.conf"), and stat(2) on _PATH_MASTERPASSWD_LOCK (via pw_mkdb(3)).semarie1+2-1
2019-10-19 13:02fixup unveilDuncan Overbruck1+1-2
2019-07-07 19:21fix one last edge case regarding PATH, allows simpler config.tedu2+5-2
2019-07-04 19:04note that authentication is required, unless otherwise configured. ok sthentedu1+3-0
2019-07-03 03:24snprintf/vsnprintf return < 0 on error, rather than -1.deraadt1+40-0
2019-06-29 22:35fix some more fallout from setting path in setusercontext. restore previous behavior of using user PATH if no cmd restriction in the rule. run into by espietedu1+4-1
2019-06-24 14:45add an example hint that shows how original path can be retainedtedu1+3-1
2019-06-21 17:02tweak wording a bit. always talk about creating a new environment. also document DOAS_USER. ok deraadt jmctedu2+9-16
2019-06-19 09:55more precisely describe what happens to the environment without keepenv; OK tedu@schwarze1+4-4
2019-06-19 09:50mention that doas(1) resets the umask(2); OK tedu@schwarze1+2-0
2019-06-17 19:51setusercontext resets PATH (which we want). but then it becomes impossible to access the old PATH. save a copy in case we need it later. bug report from espie.tedu3+28-2
2019-06-17 18:44mention environment resetting here as well. ok millerttedu1+17-0
2019-06-17 16:01always reset the "su" variables, which is more consistent and predictable. ok martijn millerttedu2+19-13
2019-06-16 18:16redo the environment inheritance to not inherit. it was intended to make life easier, but it can be surprising or even unsafe. instead, reset just about everything to the target user's values. ok deraadt martijn Thanks to Sander Bos in particular for pointing out some nasty edge cases.tedu4+42-22
2019-06-12 02:50a few cleanups and simplifications possible now that static pw is gone. noted by martijn. ok martijn.tedu1+14-15
2019-06-10 18:11use getpwuid_r to avoid problems with hidden static storage. ok deraadt lteo martijntedu1+58-35
2019-07-26 15:46libopenbsd/closefrom.c: remove config.h includeDuncan Overbruck1+0-6
2019-07-26 15:39README.md: update the readme to match the current stateDuncan Overbruck1+22-32
2019-07-26 15:13libopenbsd: remove MacOSX compat functions, its not supported anywaysDuncan Overbruck3+2-200
2019-07-26 15:01libopenbsd/closefrom.c: sync with sudoDuncan Overbruck1+94-66
2019-07-26 14:39timestamp: error out if fstat and lstat st_ino and st_dev are not the sameDuncan Overbruck1+34-10
2019-01-30 22:43pam: close timestamp fd in both both processesDuncaen1+6-1
2019-01-30 22:35shadow: clear phassphrase earlierDuncaen1+1-3
2019-01-30 19:39Add generated file parse.c to .gitignore and 'make clean'Ivy Foster2+2-0
2019-01-30 19:35configure: list --with-timestamp in help, since without is defaultIvy Foster1+1-1
2019-01-30 22:17shadow: clear the password even after a mismatchDuncaen1+7-2
2019-01-17 05:35clear the password even after a mismatchtedu1+1-0
2018-07-11 07:39Do for most running out of memory err() what was done for most running out of memory log_warn(). i.e. ("%s", __func__) instead of manual function names and redundant verbiage about which wrapper detected the out of memory condition.krw1+1-1
2019-01-30 22:07pam: add timestamp supportDuncaen3+57-37
2019-01-30 21:31timestamp: rename and simplifyDuncaen5+410-371
2019-01-30 21:29libopenbsd: minor cleanupDuncaen6+8-17
2019-01-30 21:28doas: remove unnecessary configure checks, move shadow to its own fileDuncaen5+146-123
2019-01-30 20:19doas: remove v flag, not neccessary, upstream doesn't have it and __DATE__ is bad for reproducible buildsDuncaen1+1-15
2019-01-30 20:06libopenbsd/closefrom: correctly handle snprintf truncationDuncaen1+1-1
2019-01-30 19:59libopenbsd/readpassphrase: update to latest version from openssh-portableDuncaen1+51-54
2019-01-30 19:49adjust yyerror() to precede with "progname: " the error message string OK tedu@ phessler@gsoares1+1-0
2019-01-30 19:23doas.c: put login_style in ifdef to compile on LinuxIvy Foster1+2-0
2018-02-07 05:13lowercase doas ee cummings styletedu1+1-1
2018-02-07 05:05not necessarily the same name, but the indicated nametedu1+1-1
2018-04-06 16:16pam: check watch child pidDuncaen1+7-5
2018-04-06 16:10persist_timestamp: add start time and document implementation detailsDuncaen1+88-19
2017-12-12 16:14persist_timestamp: move timespec macros to libopenbsdDuncaen2+70-22
2017-12-12 15:42persist_timestamp: create timestamp file with O_NOFOLLOW and don't leak the nameDuncaen1+4-3
2017-12-12 15:38persist_timestamp: remove goto from persist_openDuncaen1+3-5
2017-12-12 15:36persist_timestamp: persist_check was only used internally, make it staticDuncaen1+16-13
2017-12-12 15:25persist_timestamp: use open directory fd to check and work with timestamp filesDuncaen1+85-59
2017-12-12 14:29persist_timestamp: add session id to timestampsDuncaen1+23-26
2017-12-12 13:57persist_timestamp: make tmpfs requirement optional and only available on linuxDuncaen1+9-3
2017-12-12 02:07persist_timestamp: use CLOCK_MONOTONIC_RAWDuncaen1+2-2
2017-12-12 01:17persist_timestamp: don't allow og+rwx permission for timestamp directoryDuncaen1+1-1
2017-12-12 01:13persist_timestamp: cleanupDuncaen1+12-22
2017-12-12 01:08persist_timestamp: use /proc/self/stat to get tty_nrDuncaen1+85-18
2017-12-11 19:20add initial timestamp file support, disabled by default and only with shadow authDuncaen4+266-0
2017-12-11 14:45configure: update versionDuncaen1+1-1
2017-12-11 14:44configure: fix usageDuncaen1+1-1
2017-07-13 19:16man pages with pseudo synopses which list filenames end up creating very ugly output in man -k; after some discussion with ingo, we feel the simplest fix is to remove such SYNOPSIS sections: the info is hardly helpful at page top, is contained already in FILES, and there are sufficiently few that just zapping them is simple;jmc1+5-0
2017-07-03 22:21no need to generate y.tab.h if nothing uses it, set YFLAGS to nothing instead of CLEANFILES += y.tab.hespie1+2-1
2017-05-27 09:51for password failure, print Authorization failed instead of EPERM. will make things less confusing with commands rejected by config file.tedu1+1-1
2017-04-06 21:14a little const here and there to prevent rules from changingtedu1+3-3
2017-04-06 21:12prepenv can take a const ruletedu2+3-3
2017-03-20 14:35simplify example. list of ports variables was non-exahustive, which means what exactly? there should be a better place for such lists.tedu1+4-10
2017-01-14 18:51add a geteuid check to make sure we're root before plowing into setauth. spare some debugging effort in case doas is not installed setuid.tedu1+3-0
2017-01-02 01:40envlist and arglist are both string lists; simplify ok bennotedu1+14-23
2016-12-29 19:12it has been six months and two days... remove keepenv { obsolete } syntaxtedu1+0-8
2016-12-05 10:58Be more explicit about the "args" syntax. In part from a patch from Anton dot Lindqvist at gmail dot com. OK tedu@schwarze1+2-2
2016-11-10 16:00missing semicolon at end of rule. yacc doesn't seem to mind, though. from Edakawatedu1+1-1
2016-10-05 23:28Add back the call to yyparse() that was accidentally dropped in the previous commit. Fortunately, doas fails closed...tb1+1-0
2016-10-05 17:40move yyparse decl next to yyfptedu2+1-3
2016-10-05 17:36as a result of the env rework, arraylen() is only used in parse.y. move it there and make it static.tedu3+12-16
2016-09-15 00:58use static in the right places to seperate modules better ok teduderaadt4+27-9
2016-09-04 15:20-L means no commandtedu1+2-1
2016-09-04 15:11don't allow combining nopass and persist in a single ruletedu1+4-0
2016-09-03 11:03the sudo timeout was 5 minutes i believe, so we'll match that.tedu1+1-1
2016-09-02 20:38clarify that -L will exit without running a command.tedu1+3-1
2016-09-02 18:12add support for the verified auth ioctls using 'persist' rules. ok deraadt henningtedu5+41-12
2016-09-01 17:30unconst these parameters; i won't be changing bsd auth today.tedu1+1-1
2016-09-01 13:16move the authentication code to a functiontedu1+83-67
2016-09-06 00:58bump version to v6.0Duncaen1+1-1
2016-09-06 00:56Add closefrom(2) from openssh-portableDuncaen4+222-1
2016-09-05 16:26Print -a flag in usage() only if HAVE_BSD_AUTH_HPhilip K1+5-2
2016-09-03 21:02minor configure tweaksDuncaen1+2-2
2016-09-02 18:41configure: error out if no authentication found and fix default CCDuncaen1+65-44
2016-07-18 16:46The string with path to shell could be taken directly from struct passwd. At some point later the data it points to is overridden by getpwuid() call, resulting in garbage. The problem could be easily demonstreated by double doas call:zhuk1+5-3
2016-07-12 12:10add "recvfd" to doas(1) for use with skey.semarie1+1-1
2016-06-29 23:33use posix correct optstringDuncaen1+1-1
2016-06-27 19:45minor tweaksDuncaen2+2-2
2016-06-27 17:36minor tweaks; ok tedujmc1+7-5
2016-06-27 15:47somehow nopass snuck onto the :wheel example. i think it's better without.tedu1+1-1
2016-06-27 15:41revise environment handling. Add a setenv keyword for manipulating the environment. keepenv now means only retain everything. (for one release, the old use of keepenv will still work.) Allow setting variables to new or existing values, and also removing vars when keepenv is used. ok djm martijn tbtedu3+137-89
2016-06-24 20:49move a space to the correct spottedu1+2-2
2016-06-27 19:46Merge pull request #8 from frgm/masterDuncan Overbruck2+3-3
2016-06-27 16:50bump to version v0.3.2Duncaen1+1-1
2016-06-27 16:47fix --with(out)-pam configure optionDuncaen1+24-20
2016-06-27 16:19fix pamcleanupDuncaen1+4-4
2016-06-27 16:18fix sys/tree.h testDuncaen2+12-14
2016-06-26 21:23bump version 0.3.1Duncaen1+1-1
2016-06-26 21:22remove pam_timestamp from pam configDuncaen1+0-2
2016-06-26 21:22remove unnecessary warning outputDuncaen1+0-1
2016-06-08 11:42bump version 0.3Duncaen1+1-1
2016-06-26 21:10add --without-pam configure option to allow passwd/shadow authDuncaen3+67-10
2016-06-25 15:41fix err messagesDuncaen1+2-2
2016-06-25 15:37some more cleanup and refactoring of pam codeDuncaen3+128-108
2016-06-24 14:50rename doas_pam.c to pam.cDuncaen2+1-1
2016-06-24 14:33import sys-tree.h from openssh-portableDuncaen3+769-0
2016-06-19 19:29Move the RB_ code from doas.h to env.c, and limit the environment interface to a simple prepenv function.martijn3+33-26
2016-06-16 17:40the environment handling code was showing its age. just because environ is a char** array doesn't mean we must exclusively operate on such. convert to a red-black tree, manipulate as desired, then flatten to array. potentially overkill for the current operations, but reading the tea leaves i see that more manipulations are desired. ok tb (and some thought provoking disagreement from martijn)tedu4+177-101
2016-06-11 17:17don't use specified twice in a sentence, noticed by jmctedu1+1-2
2016-06-11 05:04clarify some wordingtedu1+7-4
2016-06-11 04:56specify that default is deny if no rule matchestedu1+1-0
2016-06-08 16:01remove pledge seccomp shimDuncaen3+2-485
2016-06-08 15:50open pam sessions with right user and remove setusercontext shimDuncaen7+52-139
2016-06-08 11:41Revert "sync with upstream (setenv)"Duncaen3+11-144
2016-06-05 12:01bump version to 0.2Duncaen2+17-6
2016-06-05 11:58add more restrictive permissions and root:root as owner for binaryDuncaen1+2-2
2016-06-05 11:42fix ld and cflagsDuncaen1+2-2
2016-06-05 11:33sync with upstream (setenv)Duncaen3+144-11
2016-06-05 11:29remove version.h and define VERSION in configure scriptDuncaen2+1-1
2016-06-02 14:29check return value of setresuidDuncaen1+3-1
2016-06-02 14:27remove nonstandard sys/cdefs.hDuncaen1+0-1
2016-05-09 19:12Merge pull request #7 from frgm/masterDuncan Overbruck2+9-3
2016-05-08 20:55Add doas style prompt for pam authenticationDuncaen1+24-2
2016-05-08 20:23Make pam session handling more failsafeDuncaen1+30-31
2016-05-08 19:32More configure and make cleanupDuncaen3+27-27
2016-05-08 19:24Merge pull request #4 from frgm/masterDuncan Overbruck2+4-3
2016-05-08 18:03Fix horrible mistakeDuncaen1+1-1
2016-05-08 18:01Simply install and move version to configure scriptDuncaen4+14-28
2016-05-08 17:38set PAM_USER, PAM_RUSER and PAM_TTY if availableDuncaen1+23-0
2016-05-08 08:26configure: tune up a little bitSvyatoslav Mishyn1+44-14
2016-05-08 14:15Add proper pam session handlingDuncaen6+273-127
2016-05-07 17:02Enable style option only if bsd_auth.h is availableDuncaen1+11-1
2016-05-07 17:00Fix typos and configure pledge detectionDuncaen2+14-8
2016-05-06 01:41Testing only seccomp pledgeDuncaen2+460-0
2016-05-06 01:40Add more compatibility functions for linux supportDuncaen8+530-0
2016-05-06 01:37Actually open pam sessionsDuncaen1+7-4
2016-05-06 01:35Sync doas.cDuncaen1+78-22
2016-05-06 01:00Add configure scriptDuncaen12+392-21
2015-08-10 02:05Generate automatic header dependencies.Nathan Holstein2+6-1
2015-08-10 01:27Add version information to doas executable.Nathan Holstein2+19-2
2015-08-09 21:52Generate a version header file from Git.Nathan Holstein2+10-0
2015-08-07 04:31Change formating of comic in README.Nathan Holstein1+3-4
2015-08-07 04:28Add the XKCD comic to README.Nathan Holstein1+5-0
2015-08-06 05:16Add PAM service definition for doas.Nathan Holstein3+10-1
2015-08-06 05:07Add IO error checking to auth_userokay().Nathan Holstein1+11-7
2015-08-06 04:47Update README to match status of PAM integration.Nathan Holstein1+1-1
2015-08-06 04:40Implement PAM authentication.Nathan Holstein1+57-44
2015-08-05 15:01Merge doas.c 1.34 from OpenBSD CVS.Nathan Holstein1+2-2
2015-08-05 14:58Switch an unsigned for a size_t.Nathan Holstein1+1-1
2015-08-05 13:53Break out make functionality into utility makefile.Nathan Holstein2+47-44
2015-08-05 13:53Add installation rules for man files.Nathan Holstein1+5-2
2015-08-05 13:45Add license file.Nathan Holstein1+7-0
2015-08-05 07:11Add a make rule to create ${BINDIR}.Nathan Holstein1+4-1
2015-08-05 07:00Being integration of PAM into auth_userokay().Nathan Holstein2+62-1
2015-08-05 06:52Add README.md.Nathan Holstein1+51-0
2015-08-05 06:33Add copyright clauses to new code.Nathan Holstein3+45-3
2015-08-05 04:38Fix memory corruption bug in rules parsing.Nathan Holstein2+13-9
2015-08-03 22:28Import explicit_bzero() from OpenBSD.Nathan Holstein3+25-1
2015-08-02 19:52Implement the semantics of setusercontext().Nathan Holstein1+32-5
2015-08-02 18:54Warn when doas.conf doesn't exist.Nathan Holstein1+1-4
2015-08-02 18:53Restrict read permissions of doas binary.Nathan Holstein1+9-3
2015-08-02 17:30Add compatibility functions from OpenBSD.Nathan Holstein9+339-2
2015-08-02 16:19Fix a group of sign comparison warnings.Nathan Holstein1+4-4
2015-08-02 16:13Fix a sign comparison warning.Nathan Holstein1+2-1
2015-08-02 16:12Header file revamp to build on MacOSX.Nathan Holstein2+8-5
2015-08-02 16:11Makefile for gmake on MacOSX.Nathan Holstein2+62-3
2015-08-02 15:29Add a simple .gitignore.Nathan Holstein1+6-0
2015-08-02 15:27Add git-cvsimport author conversion file.Nathan Holstein1+11-0
2015-07-30 17:04make gid parsing look like uid parsing. from Martijn van Duren ack deraadtTed Unangst1+11-10
2015-07-30 14:02Fix usage examples.Vadim Zhukov1+3-3
2015-07-29 00:00refine a commentTed Unangst1+2-3
2015-07-28 21:36wrap some exceedingly long linesTheo de Raadt2+11-7
2015-07-28 19:49Rename some variables and add few comments in keepenv handling code. Makes the code more readable.Vadim Zhukov1+24-19
2015-07-28 14:08Fix keepenv handling. Initially reported by Ze Loff on misc@.Vadim Zhukov1+4-2
2015-07-27 21:44default permitted target is all users, not root.Ted Unangst1+3-3
2015-07-27 17:57some improvements from michael reed;Jean-Marie Cannie2+9-6
2015-07-27 15:38Add -n to usage. As noticed by Theo Buehler.Marc Espie1+2-2
2015-07-26 23:00small clarificationsTed Unangst1+3-3
2015-07-26 22:44checkconfig doesn't return anymore, noted by zhukTed Unangst1+2-2
2015-07-26 20:47nflag (as in sudo, force non-interactive mode) as discussed with ted@Marc Espie2+16-5
2015-07-26 19:49Oops, CVS mismerged changes, resulting in compilable and mostly working, but somewhat wrong code. Well, the CVS mismerged but I just missed.Vadim Zhukov1+2-4
2015-07-26 19:14tweak config checking slightlyTed Unangst1+11-7
2015-07-26 19:08Stop exiting on cmdline overflow: it's used only for logging, so aborting the whole process is stupid, and actually breaks things.Vadim Zhukov1+6-4
2015-07-26 17:24Implement command matching without execution. This just extends functionality of the -C flag, so we are not introducing more garbage.Vadim Zhukov2+68-17
2015-07-24 06:36Further improve syntax error reporting in doas:Vadim Zhukov3+36-27
2015-07-23 15:26tweak previous;Jean-Marie Cannie1+5-5
2015-07-22 20:15Implement quoting support in doas.conf. Now you can pass environment variables and arguments with almost any values.Vadim Zhukov2+104-35
2015-07-22 16:35Small tweaks:Vadim Zhukov1+4-5
2015-07-22 06:30tweak previous; ok zhukJean-Marie Cannie1+6-9
2015-07-22 05:37one whitespace out of placeTheo de Raadt1+2-2
2015-07-21 17:49options w/o args go first in SYNOPSIS, and add -C to usage();Jean-Marie Cannie2+4-4
2015-07-21 16:15oops, previous commit regarding cases should have just been for parse.y.Ted Unangst1+3-2
2015-07-21 16:12cases should line up with switch, from Dimitris PapastamosTed Unangst3+37-27
2015-07-21 11:04Add argument matching support to doas.Vadim Zhukov5+67-17
2015-07-20 20:18SHELL is out, from Michael ReedTed Unangst1+2-3
2015-07-20 07:43whitespace;Jean-Marie Cannie1+3-3
2015-07-20 01:04sf points out sudo doesn't allow SHELL in childrenTed Unangst1+2-2
2015-07-20 01:00check that badlisted env has = after the nameTed Unangst1+3-2
2015-07-20 00:57rescope and rename some variables to reduce pressure on the alphabetTed Unangst1+12-9
2015-07-20 00:54introduce a minimal badset ($ENV) for environment stripping so that root shells read the right .kshrcTed Unangst1+22-8
2015-07-19 22:11wrap long lines and kill some whitespace1+6-4
2015-07-19 22:09In the config file allow line continuations with backslashes. Document this, and comments and environment variables. ok tedu@2+49-10
2015-07-19 17:00whitespace;Jean-Marie Cannie1+3-3
2015-07-19 16:42spell out complete path to config file, okay tedu@Marc Espie1+5-3
2015-07-19 01:19sudo emulation: if execvpe fails with ENOENT, print "command not found" requested by krwTed Unangst1+4-1
2015-07-18 18:44rearrange variable decls a littleTed Unangst1+14-11
2015-07-18 07:49Add RCS ID. ok deraadt@Brian Callahan1+1-0
2015-07-18 07:03identity isn't optional.1+3-3
2015-07-18 06:33Add doas -s as a shorthand for doas $SHELL. ok teduNicholas Marriott2+37-15
2015-07-18 00:19Add more error checking and use named constants when useful.1+13-8
2015-07-17 20:50add some missing content and markup and optimize some indentation ok tedu@Ingo Schwarze2+28-15
2015-07-17 20:24tweak wordingTed Unangst1+3-3
2015-07-17 17:11improve wording, from Thanos TsouanasTed Unangst1+6-4
2015-07-16 23:22Fail if /etc/doas.conf is g+w or o+w or is not owned by root. ok teduNicholas Marriott1+12-1
2015-07-16 23:02Prototype yy* functions, and use verrx in yyerror(). ok teduNicholas Marriott1+6-6
2015-07-16 22:33Allow (almost) any non-space character to be a part of "word" in doas.conf. This allows weird commands like /bin/echo to be used for real. No command arguments handling yet, though, as well as quoting.Vadim Zhukov1+13-8
2015-07-16 22:11Missing reallocarray check in doas.c (ok tedu) and a calloc in parse.y as well.Nicholas Marriott2+6-2
2015-07-16 21:57wrap long linesTheo de Raadt1+11-6
2015-07-16 21:55doas grows up. no insults.Ted Unangst1+2-17
2015-07-16 21:24Typo: exeucte -> executeNicholas Marriott1+3-3
2015-07-16 21:00combine fprintfs and use a constant format string. hint from reykTed Unangst1+2-3
2015-07-16 20:44import doas. still subject to changes, large and small.Ted Unangst6+692-0