doas

https://man.openbsd.org/doas.1
git clone anongit@rnpnr.xyz:doas.git
Log | Files | Refs | Feed
Commit: 7af14d6cf8b00b908632e5e5427f4fe7439944f4
Parent: fc9077997c920173f384e90a592767520b238276
Author: Randy Palamar
Date:   Wed, 25 Jun 2025 11:22:09 -0600

bump to OpenBSD 7.7

Diffstat:

MMakefile | 3++-


Mdoas.c | 16+++++++++-------


Mdoas.h | 4++--


Menv.c | 2+-


4 files changed, 14 insertions(+), 11 deletions(-)

diff --git a/Makefile b/Makefile
@@ -3,7 +3,8 @@
 PREFIX = /usr/local
 MANPREFIX = $(PREFIX)/share/man
 
-CFLAGS = -O2 -Icompat -D_BSD_SOURCE
+CC      = cc
+CFLAGS  = -std=c11 -march=native -O3 -Icompat -D_GNU_SOURCE -D 'DEF_WEAK(n)=_Static_assert(1, "")'
 LDFLAGS = -s -static
 
 SRC = doas.c env.c persist.c y.tab.c\
diff --git a/doas.c b/doas.c
@@ -1,4 +1,4 @@
-/* $OpenBSD: doas.c,v 1.98 2022/12/22 19:53:22 kn Exp $ */
+/* $OpenBSD: doas.c,v 1.99 2024/02/15 18:57:58 tedu Exp $ */
 /*
  * Copyright (c) 2015 Ted Unangst <tedu@openbsd.org>
  *
@@ -152,8 +152,10 @@ permit(uid_t uid, gid_t *groups, int ngroups, const struct rule **lastr,
 			*lastr = rules[i];
 	}
 	if (!*lastr)
+		return -1;
+	if ((*lastr)->action == PERMIT)
 		return 0;
-	return (*lastr)->action == PERMIT;
+	return -1;
 }
 
 static void
@@ -188,6 +190,7 @@ checkconfig(const char *confpath, int argc, char **argv,
     uid_t uid, gid_t *groups, int ngroups, uid_t target)
 {
 	const struct rule *rule;
+	int rv;
 
 	setresuid(uid, uid, uid);
 	if (pledge("stdio rpath getpw", NULL) == -1)
@@ -195,9 +198,8 @@ checkconfig(const char *confpath, int argc, char **argv,
 	parseconfig(confpath, 0);
 	if (!argc)
 		exit(0);
-
-	if (permit(uid, groups, ngroups, &rule, target, argv[0],
-	    (const char **)argv + 1)) {
+	rv = permit(uid, groups, ngroups, &rule, target, argv[0], (const char **)argv + 1);
+	if (rv == 0) {
 		printf("permit%s\n", (rule->options & NOPASS) ? " nopass" : "");
 		exit(0);
 	} else {
@@ -378,8 +380,8 @@ main(int argc, char **argv)
 	}
 
 	cmd = argv[0];
-	if (!permit(uid, groups, ngroups, &rule, target, cmd,
-	    (const char **)argv + 1)) {
+	rv = permit(uid, groups, ngroups, &rule, target, cmd, (const char **)argv + 1);
+	if (rv != 0) {
 		syslog(LOG_NOTICE, "command not permitted for %s: %s", mypw->pw_name, cmdline);
 		errno = EPERM;
 		err(1, NULL);
diff --git a/doas.h b/doas.h
@@ -1,4 +1,4 @@
-/* $OpenBSD: doas.h,v 1.18 2021/09/07 13:46:07 jcs Exp $ */
+/* $OpenBSD: doas.h,v 1.20 2024/02/15 18:57:58 tedu Exp $ */
 /*
  * Copyright (c) 2015 Ted Unangst <tedu@openbsd.org>
  *
@@ -40,7 +40,7 @@ int openpersist(int *valid);
 int setpersist(int fd);
 int clearpersist(void);
 
-#define PERMIT	1
+#define PERMIT	-1
 #define DENY	2
 
 #define NOPASS		0x1
diff --git a/env.c b/env.c
@@ -110,7 +110,7 @@ createenv(const struct rule *rule, const struct passwd *mypw,
 	fillenv(env, copyset);
 
 	if (rule->options & KEEPENV) {
-		extern const char **environ;
+		extern char **environ;
 
 		for (i = 0; environ[i] != NULL; i++) {
 			struct envnode *node;