A portable version of the OpenBSD `doas` command
git clone

DateCommit messageAuthorFiles+-
2016-09-06 00:58bump version to v6.0Duncaen1+1-1
2016-09-06 00:56Add closefrom(2) from openssh-portableDuncaen4+222-1
2016-09-03 21:02minor configure tweaksDuncaen1+2-2
2016-09-05 16:26Print -a flag in usage() only if HAVE_BSD_AUTH_HPhilip K1+5-2
2016-09-02 18:41configure: error out if no authentication found and fix default CCDuncaen1+65-44
2016-07-18 16:46The string with path to shell could be taken directly from struct passwd. At some point later the data it points to is overridden by getpwuid() call, resulting in garbage. The problem could be easily demonstreated by double doas call:zhuk1+5-3
2016-07-12 12:10add "recvfd" to doas(1) for use with skey.semarie1+1-1
2016-06-29 23:33use posix correct optstringDuncaen1+1-1
2016-06-27 19:45minor tweaksDuncaen2+2-2
2016-06-27 17:36minor tweaks; ok tedujmc1+7-5
2016-06-27 15:47somehow nopass snuck onto the :wheel example. i think it's better without.tedu1+1-1
2016-06-27 15:41revise environment handling. Add a setenv keyword for manipulating the environment. keepenv now means only retain everything. (for one release, the old use of keepenv will still work.) Allow setting variables to new or existing values, and also removing vars when keepenv is used. ok djm martijn tbtedu3+137-89
2016-06-24 20:49move a space to the correct spottedu1+2-2
2016-06-27 19:46Merge pull request #8 from frgm/masterDuncan Overbruck2+3-3
2016-06-27 16:50bump to version v0.3.2Duncaen1+1-1
2016-06-27 16:47fix --with(out)-pam configure optionDuncaen1+24-20
2016-06-27 16:19fix pamcleanupDuncaen1+4-4
2016-06-27 16:18fix sys/tree.h testDuncaen2+12-14
2016-06-26 21:23bump version 0.3.1Duncaen1+1-1
2016-06-26 21:22remove pam_timestamp from pam configDuncaen1+0-2
2016-06-26 21:22remove unnecessary warning outputDuncaen1+0-1
2016-06-08 11:42bump version 0.3Duncaen1+1-1
2016-06-26 21:10add --without-pam configure option to allow passwd/shadow authDuncaen3+67-10
2016-06-25 15:41fix err messagesDuncaen1+2-2
2016-06-25 15:37some more cleanup and refactoring of pam codeDuncaen3+128-108
2016-06-24 14:50rename doas_pam.c to pam.cDuncaen3+290-290
2016-06-11 04:56specify that default is deny if no rule matchestedu1+1-0
2016-06-24 14:33import sys-tree.h from openssh-portableDuncaen3+769-0
2016-06-19 19:29Move the RB_ code from doas.h to env.c, and limit the environment interface to a simple prepenv function.martijn3+33-26
2016-06-16 17:40the environment handling code was showing its age. just because environ is a char** array doesn't mean we must exclusively operate on such. convert to a red-black tree, manipulate as desired, then flatten to array. potentially overkill for the current operations, but reading the tea leaves i see that more manipulations are desired. ok tb (and some thought provoking disagreement from martijn)tedu4+177-101
2016-06-11 17:17don't use specified twice in a sentence, noticed by jmctedu1+1-2
2016-06-11 05:04clarify some wordingtedu1+7-4
2016-06-08 16:01remove pledge seccomp shimDuncaen3+2-485
2016-06-08 15:50open pam sessions with right user and remove setusercontext shimDuncaen7+52-139
2016-06-08 11:41Revert "sync with upstream (setenv)"Duncaen3+11-144
2016-06-05 12:01bump version to 0.2Duncaen2+17-6
2016-06-05 11:58add more restrictive permissions and root:root as owner for binaryDuncaen1+2-2
2016-06-05 11:42fix ld and cflagsDuncaen1+2-2
2016-06-05 11:33sync with upstream (setenv)Duncaen3+144-11
2016-06-05 11:29remove version.h and define VERSION in configure scriptDuncaen2+1-1
2016-06-02 14:29check return value of setresuidDuncaen1+3-1
2016-06-02 14:27remove nonstandard sys/cdefs.hDuncaen1+0-1
2016-05-09 19:12Merge pull request #7 from frgm/masterDuncan Overbruck2+9-3
2016-05-08 20:55Add doas style prompt for pam authenticationDuncaen1+24-2
2016-05-08 20:23Make pam session handling more failsafeDuncaen1+30-31
2016-05-08 19:32More configure and make cleanupDuncaen3+27-27
2016-05-08 19:24Merge pull request #4 from frgm/masterDuncan Overbruck2+4-3
2016-05-08 18:03Fix horrible mistakeDuncaen1+1-1
2016-05-08 18:01Simply install and move version to configure scriptDuncaen4+14-28
2016-05-08 17:38set PAM_USER, PAM_RUSER and PAM_TTY if availableDuncaen1+23-0
2016-05-08 08:26configure: tune up a little bitSvyatoslav Mishyn1+44-14
2016-05-08 14:15Add proper pam session handlingDuncaen6+273-127
2016-05-07 17:02Enable style option only if bsd_auth.h is availableDuncaen1+11-1
2016-05-07 17:00Fix typos and configure pledge detectionDuncaen2+14-8
2016-05-06 01:41Testing only seccomp pledgeDuncaen2+460-0
2016-05-06 01:40Add more compatibility functions for linux supportDuncaen8+530-0
2016-05-06 01:37Actually open pam sessionsDuncaen1+7-4
2016-05-06 01:35Sync doas.cDuncaen1+78-22
2016-05-06 01:00Add configure scriptDuncaen12+392-21
2015-08-10 02:05Generate automatic header dependencies.Nathan Holstein2+6-1
2015-08-10 01:27Add version information to doas executable.Nathan Holstein2+19-2
2015-08-09 21:52Generate a version header file from Git.Nathan Holstein2+10-0
2015-08-07 04:31Change formating of comic in README.Nathan Holstein1+3-4
2015-08-07 04:28Add the XKCD comic to README.Nathan Holstein1+5-0
2015-08-06 05:16Add PAM service definition for doas.Nathan Holstein3+10-1
2015-08-06 05:07Add IO error checking to auth_userokay().Nathan Holstein1+11-7
2015-08-06 04:47Update README to match status of PAM integration.Nathan Holstein1+1-1
2015-08-06 04:40Implement PAM authentication.Nathan Holstein1+57-44
2015-08-05 15:01Merge doas.c 1.34 from OpenBSD CVS.Nathan Holstein1+2-2
2015-08-05 14:58Switch an unsigned for a size_t.Nathan Holstein1+1-1
2015-08-05 13:53Break out make functionality into utility makefile.Nathan Holstein2+47-44
2015-08-05 13:53Add installation rules for man files.Nathan Holstein1+5-2
2015-08-05 13:45Add license file.Nathan Holstein1+7-0
2015-08-03 22:28Import explicit_bzero() from OpenBSD.Nathan Holstein3+25-1
2015-08-05 07:00Being integration of PAM into auth_userokay().Nathan Holstein2+62-1
2015-08-05 07:11Add a make rule to create ${BINDIR}.Nathan Holstein1+4-1
2015-08-05 06:52Add Holstein1+51-0
2015-08-05 06:33Add copyright clauses to new code.Nathan Holstein3+45-3
2015-08-05 04:38Fix memory corruption bug in rules parsing.Nathan Holstein2+13-9
2015-08-02 19:52Implement the semantics of setusercontext().Nathan Holstein1+32-5
2015-08-02 18:54Warn when doas.conf doesn't exist.Nathan Holstein1+1-4
2015-08-02 18:53Restrict read permissions of doas binary.Nathan Holstein1+9-3
2015-08-02 17:30Add compatibility functions from OpenBSD.Nathan Holstein9+339-2
2015-08-02 16:19Fix a group of sign comparison warnings.Nathan Holstein1+4-4
2015-08-02 16:13Fix a sign comparison warning.Nathan Holstein1+2-1
2015-08-02 16:12Header file revamp to build on MacOSX.Nathan Holstein2+8-5
2015-08-02 16:11Makefile for gmake on MacOSX.Nathan Holstein2+62-3
2015-08-02 15:29Add a simple .gitignore.Nathan Holstein1+6-0
2015-08-02 15:27Add git-cvsimport author conversion file.Nathan Holstein1+11-0
2015-07-30 17:04make gid parsing look like uid parsing. from Martijn van Duren ack deraadtTed Unangst1+11-10
2015-07-30 14:02Fix usage examples.Vadim Zhukov1+3-3
2015-07-29 00:00refine a commentTed Unangst1+2-3
2015-07-28 21:36wrap some exceedingly long linesTheo de Raadt2+11-7
2015-07-28 19:49Rename some variables and add few comments in keepenv handling code. Makes the code more readable.Vadim Zhukov1+24-19
2015-07-28 14:08Fix keepenv handling. Initially reported by Ze Loff on misc@.Vadim Zhukov1+4-2
2015-07-27 21:44default permitted target is all users, not root.Ted Unangst1+3-3
2015-07-27 17:57some improvements from michael reed;Jean-Marie Cannie2+9-6
2015-07-27 15:38Add -n to usage. As noticed by Theo Buehler.Marc Espie1+2-2
2015-07-26 23:00small clarificationsTed Unangst1+3-3
2015-07-26 22:44checkconfig doesn't return anymore, noted by zhukTed Unangst1+2-2
2015-07-26 20:47nflag (as in sudo, force non-interactive mode) as discussed with ted@Marc Espie2+16-5
2015-07-26 19:49Oops, CVS mismerged changes, resulting in compilable and mostly working, but somewhat wrong code. Well, the CVS mismerged but I just missed.Vadim Zhukov1+2-4
2015-07-26 19:14tweak config checking slightlyTed Unangst1+11-7
2015-07-26 19:08Stop exiting on cmdline overflow: it's used only for logging, so aborting the whole process is stupid, and actually breaks things.Vadim Zhukov1+6-4
2015-07-26 17:24Implement command matching without execution. This just extends functionality of the -C flag, so we are not introducing more garbage.Vadim Zhukov2+68-17
2015-07-24 06:36Further improve syntax error reporting in doas:Vadim Zhukov3+36-27
2015-07-23 15:26tweak previous;Jean-Marie Cannie1+5-5
2015-07-22 20:15Implement quoting support in doas.conf. Now you can pass environment variables and arguments with almost any values.Vadim Zhukov2+104-35
2015-07-22 16:35Small tweaks:Vadim Zhukov1+4-5
2015-07-22 06:30tweak previous; ok zhukJean-Marie Cannie1+6-9
2015-07-22 05:37one whitespace out of placeTheo de Raadt1+2-2
2015-07-21 17:49options w/o args go first in SYNOPSIS, and add -C to usage();Jean-Marie Cannie2+4-4
2015-07-21 16:15oops, previous commit regarding cases should have just been for parse.y.Ted Unangst1+3-2
2015-07-21 16:12cases should line up with switch, from Dimitris PapastamosTed Unangst3+37-27
2015-07-21 11:04Add argument matching support to doas.Vadim Zhukov5+67-17
2015-07-20 20:18SHELL is out, from Michael ReedTed Unangst1+2-3
2015-07-20 07:43whitespace;Jean-Marie Cannie1+3-3
2015-07-20 01:04sf points out sudo doesn't allow SHELL in childrenTed Unangst1+2-2
2015-07-20 01:00check that badlisted env has = after the nameTed Unangst1+3-2
2015-07-20 00:57rescope and rename some variables to reduce pressure on the alphabetTed Unangst1+12-9
2015-07-20 00:54introduce a minimal badset ($ENV) for environment stripping so that root shells read the right .kshrcTed Unangst1+22-8
2015-07-19 22:11wrap long lines and kill some whitespace1+6-4
2015-07-19 22:09In the config file allow line continuations with backslashes. Document this, and comments and environment variables. ok tedu@2+49-10
2015-07-19 17:00whitespace;Jean-Marie Cannie1+3-3
2015-07-19 16:42spell out complete path to config file, okay tedu@Marc Espie1+5-3
2015-07-19 01:19sudo emulation: if execvpe fails with ENOENT, print "command not found" requested by krwTed Unangst1+4-1
2015-07-18 18:44rearrange variable decls a littleTed Unangst1+14-11
2015-07-18 07:49Add RCS ID. ok deraadt@Brian Callahan1+1-0
2015-07-18 07:03identity isn't optional.1+3-3
2015-07-18 06:33Add doas -s as a shorthand for doas $SHELL. ok teduNicholas Marriott2+37-15
2015-07-18 00:19Add more error checking and use named constants when useful.1+13-8
2015-07-17 20:50add some missing content and markup and optimize some indentation ok tedu@Ingo Schwarze2+28-15
2015-07-17 20:24tweak wordingTed Unangst1+3-3
2015-07-17 17:11improve wording, from Thanos TsouanasTed Unangst1+6-4
2015-07-16 23:22Fail if /etc/doas.conf is g+w or o+w or is not owned by root. ok teduNicholas Marriott1+12-1
2015-07-16 23:02Prototype yy* functions, and use verrx in yyerror(). ok teduNicholas Marriott1+6-6
2015-07-16 22:33Allow (almost) any non-space character to be a part of "word" in doas.conf. This allows weird commands like /bin/echo to be used for real. No command arguments handling yet, though, as well as quoting.Vadim Zhukov1+13-8
2015-07-16 22:11Missing reallocarray check in doas.c (ok tedu) and a calloc in parse.y as well.Nicholas Marriott2+6-2
2015-07-16 21:57wrap long linesTheo de Raadt1+11-6
2015-07-16 21:55doas grows up. no insults.Ted Unangst1+2-17
2015-07-16 21:24Typo: exeucte -> executeNicholas Marriott1+3-3
2015-07-16 21:00combine fprintfs and use a constant format string. hint from reykTed Unangst1+2-3
2015-07-16 20:44import doas. still subject to changes, large and small.Ted Unangst6+692-0