===================================================================
RCS file: /cvsrepo/anoncvs/cvs/src/usr.bin/doas/env.c,v
retrieving revision 1.6
retrieving revision 1.7
diff -c -r1.6 -r1.7
*** src/usr.bin/doas/env.c	2017/04/06 21:12:06	1.6
--- src/usr.bin/doas/env.c	2019/06/16 18:16:34	1.7
***************
*** 1,4 ****
! /* $OpenBSD: env.c,v 1.6 2017/04/06 21:12:06 tedu Exp $ */
  /*
   * Copyright (c) 2016 Ted Unangst <tedu@openbsd.org>
   *
--- 1,4 ----
! /* $OpenBSD: env.c,v 1.7 2019/06/16 18:16:34 tedu Exp $ */
  /*
   * Copyright (c) 2016 Ted Unangst <tedu@openbsd.org>
   *
***************
*** 24,29 ****
--- 24,30 ----
  #include <err.h>
  #include <unistd.h>
  #include <errno.h>
+ #include <pwd.h>
  
  #include "doas.h"
  
***************
*** 38,43 ****
--- 39,46 ----
  	u_int count;
  };
  
+ static void fillenv(struct env *env, const char **envlist);
+ 
  static int
  envcmp(struct envnode *a, struct envnode *b)
  {
***************
*** 68,75 ****
  	free(node);
  }
  
  static struct env *
! createenv(const struct rule *rule)
  {
  	struct env *env;
  	u_int i;
--- 71,89 ----
  	free(node);
  }
  
+ static void
+ addnode(struct env *env, const char *key, const char *value)
+ {
+ 	struct envnode *node;
+ 
+ 	node = createnode(key, value);
+ 	RB_INSERT(envtree, &env->root, node);
+ 	env->count++;
+ }
+ 
  static struct env *
! createenv(const struct rule *rule, const struct passwd *mypw,
!     const struct passwd *targpw)
  {
  	struct env *env;
  	u_int i;
***************
*** 80,85 ****
--- 94,101 ----
  	RB_INIT(&env->root);
  	env->count = 0;
  
+ 	addnode(env, "DOAS_USER", mypw->pw_name);
+ 
  	if (rule->options & KEEPENV) {
  		extern const char **environ;
  
***************
*** 108,113 ****
--- 124,142 ----
  				env->count++;
  			}
  		}
+ 	} else {
+ 		static const char *copyset[] = {
+ 			"DISPLAY", "TERM",
+ 			NULL
+ 		};
+ 
+ 		addnode(env, "HOME", targpw->pw_dir);
+ 		addnode(env, "LOGNAME", targpw->pw_name);
+ 		addnode(env, "PATH", getenv("PATH"));
+ 		addnode(env, "SHELL", targpw->pw_shell);
+ 		addnode(env, "USER", targpw->pw_name);
+ 
+ 		fillenv(env, copyset);
  	}
  
  	return env;
***************
*** 186,205 ****
  }
  
  char **
! prepenv(const struct rule *rule)
  {
- 	static const char *safeset[] = {
- 		"DISPLAY", "HOME", "LOGNAME", "MAIL",
- 		"PATH", "TERM", "USER", "USERNAME",
- 		NULL
- 	};
  	struct env *env;
  
! 	env = createenv(rule);
! 
! 	/* if we started with blank, fill some defaults then apply rules */
! 	if (!(rule->options & KEEPENV))
! 		fillenv(env, safeset);
  	if (rule->envlist)
  		fillenv(env, rule->envlist);
  
--- 215,226 ----
  }
  
  char **
! prepenv(const struct rule *rule, const struct passwd *mypw,
!     const struct passwd *targpw)
  {
  	struct env *env;
  
! 	env = createenv(rule, mypw, targpw);
  	if (rule->envlist)
  		fillenv(env, rule->envlist);