version 1.3, 2015/07/16 21:55:03 |
version 1.4, 2015/07/16 21:57:54 |
|
|
} |
} |
|
|
static int |
static int |
copyenvhelper(const char **oldenvp, const char **safeset, int nsafe, char **envp, int ei) |
copyenvhelper(const char **oldenvp, const char **safeset, int nsafe, |
|
char **envp, int ei) |
{ |
{ |
int i; |
int i; |
for (i = 0; i < nsafe; i++) { |
for (i = 0; i < nsafe; i++) { |
|
|
struct rule *rule; |
struct rule *rule; |
const char *cmd; |
const char *cmd; |
int i, ch; |
int i, ch; |
const char *safepath = "/bin:/sbin:/usr/bin:/usr/sbin:/usr/local/bin:/usr/local/sbin"; |
const char *safepath = "/bin:/sbin:/usr/bin:/usr/sbin:" |
|
"/usr/local/bin:/usr/local/sbin"; |
|
|
parseconfig("/etc/doas.conf"); |
parseconfig("/etc/doas.conf"); |
|
|
|
|
groups[ngroups++] = getgid(); |
groups[ngroups++] = getgid(); |
|
|
if (!permit(uid, groups, ngroups, &rule, target, cmd)) { |
if (!permit(uid, groups, ngroups, &rule, target, cmd)) { |
syslog(LOG_AUTHPRIV | LOG_NOTICE, "failed command for %s: %s", myname, cmdline); |
syslog(LOG_AUTHPRIV | LOG_NOTICE, |
|
"failed command for %s: %s", myname, cmdline); |
fail(); |
fail(); |
} |
} |
|
|
if (!(rule->options & NOPASS)) { |
if (!(rule->options & NOPASS)) { |
if (!auth_userokay(myname, NULL, NULL, NULL)) { |
if (!auth_userokay(myname, NULL, NULL, NULL)) { |
syslog(LOG_AUTHPRIV | LOG_NOTICE, "failed password for %s", myname); |
syslog(LOG_AUTHPRIV | LOG_NOTICE, |
|
"failed password for %s", myname); |
fail(); |
fail(); |
} |
} |
} |
} |
|
|
LOGIN_SETUSER) != 0) |
LOGIN_SETUSER) != 0) |
errx(1, "failed to set user context for target"); |
errx(1, "failed to set user context for target"); |
|
|
syslog(LOG_AUTHPRIV | LOG_INFO, "%s ran command as %s: %s", myname, pw->pw_name, cmdline); |
syslog(LOG_AUTHPRIV | LOG_INFO, "%s ran command as %s: %s", |
|
myname, pw->pw_name, cmdline); |
setenv("PATH", safepath, 1); |
setenv("PATH", safepath, 1); |
execvpe(cmd, argv, envp); |
execvpe(cmd, argv, envp); |
err(1, "%s", cmd); |
err(1, "%s", cmd); |