system/doas
system/doas
1
0
Fork 0
mirror of https://github.com/slicer69/doas synced 2024-07-01 06:54:29 +00:00
Code Issues Projects Releases Wiki Activity

Merge branch 'master' of https://github.com/slicer69/doas

Browse Source
This commit is contained in:
Jesse 2022-02-24 09:50:43 -04:00
commit 61f9fabcca
8 changed files with 182 additions and 11 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

11
Makefile
View File

@ -26,6 +26,10 @@ ifeq ($(UNAME_S),FreeBSD)
CFLAGS+=-DHAVE_LOGIN_CAP_H
LDFLAGS+=-lutil
endif
ifeq ($(UNAME_S),MidnightBSD)
CFLAGS+=-DHAVE_LOGIN_CAP_H
LDFLAGS+=-lutil
endif
ifeq ($(UNAME_S),NetBSD)
CFLAGS+=-DHAVE_LOGIN_CAP_H -D_OPENBSD_SOURCE
OBJECTS=doas.o env.o y.tab.o
@ -47,7 +51,7 @@ ifeq ($(UNAME_S),Darwin)
MANDIR=$(DESTDIR)$(PREFIX)/share/man
endif
FINALS=doas.1.final doas.conf.5.final vidoas.final vidoas.8.final
FINALS=doas.1.final doas.conf.5.final vidoas.final vidoas.8.final
all: $(BIN) $(FINALS)
@ -72,19 +76,24 @@ install: $(BIN) $(FINALS)
chmod 4755 $(DESTDIR)$(PREFIX)/bin/$(BIN)
cp vidoas.final $(DESTDIR)$(PREFIX)/bin/vidoas
chmod 755 $(DESTDIR)$(PREFIX)/bin/vidoas
cp doasedit $(DESTDIR)$(PREFIX)/bin/doasedit
chmod 755 $(DESTDIR)$(PREFIX)/bin/doasedit
mkdir -p $(MANDIR)/man1
cp doas.1.final $(MANDIR)/man1/doas.1
mkdir -p $(MANDIR)/man5
cp doas.conf.5.final $(MANDIR)/man5/doas.conf.5
mkdir -p $(MANDIR)/man8
cp vidoas.8.final $(MANDIR)/man8/vidoas.8
cp doasedit.8 $(MANDIR)/man8/doasedit.8
uninstall:
rm -f $(DESTDIR)$(PREFIX)/bin/doas
rm -f $(DESTDIR)$(PREFIX)/bin/vidoas
rm -f $(DESTDIR)$(PREFIX)/bin/doasedit
rm -f $(MANDIR)/man1/doas.1
rm -f $(MANDIR)/man5/doas.conf.5
rm -f $(MANDIR)/man8/vidoas.8
rm -f $(MANDIR)/man8/doasedit.8
clean:
rm -f $(BIN) $(OBJECTS) y.tab.c

20
README.md
View File

@ -1,5 +1,5 @@
# doas
A port of OpenBSD's doas which runs on FreeBSD, Linux, NetBSD, illumos and macOS.
A port of OpenBSD's doas which runs on FreeBSD, Linux, NetBSD, illumos, macOS and MidnightBSD.
The doas utility is a program originally written for OpenBSD which allows a user to run a command as though they were another user. Typically doas is used to allow non-privileged users to run commands as though they were the root user. The doas program acts as an alternative to sudo, which is a popular method in the Linux community for granting admin access to specific users.
@ -27,7 +27,14 @@ The doas command is in FreeBSD's ports collection and may be installed by simply
pkg install doas
The doas command may be installed from MidnightBSD's mports collection with:
mport install doas
The doas command may be installed from [Pacstall](https://github.com/pacstall/pacstall) (Debian/Ubuntu) with:
pacstall -I doas-git
## Installing build tools
1 - The doas program has virtually no dependencies. So long as you have a compiler (such as the GNU Compiler or Clang) installed and GNU make (gmake on NetBSD, FreeBSD, and illumos). On illumos, the build-essential package will install all the necessary build tools.
@ -64,7 +71,7 @@ The doas command is in FreeBSD's ports collection and may be installed by simply
make
#### FreeBSD, NetBSD and macOS
#### FreeBSD, MidnightBSD, NetBSD and macOS
gmake
@ -98,7 +105,7 @@ following lines:
After you save this file you may need to reboot in order for the change to take effect.
#### FreeBSD and NetBSD
#### FreeBSD, MidnightBSD and NetBSD
gmake install
@ -161,6 +168,11 @@ Create a new file in the root user's home:
doas touch /root/new-file
Edit a text file which requires admin access without running the text editor
as the root user:
doasedit /path/to/text/file
On Linux versions of doas prior to 6.3p1 required commands with arguments to be prefixed by a double-dash (--). From 6.3p1 and onward the double-dash is no longer required. Here we remove a directory owned by root:
doas -- rm -rf old-directory
@ -180,6 +192,6 @@ while on most other platforms, such as FreeBSD, you can run
## Contributing
Contributions, in various forms, are always welcome. If you run into a problem or have an improvement you'd like to see included, pelase use GitHub's tools to submit an issue ticket or a pull request. Should you encounter a bug you feel is a security concern, please contact the developer privately at jessefrgsmith AT yahoo DOT ca.
Contributions, in various forms, are always welcome. If you run into a problem or have an improvement you'd like to see included, please use GitHub's tools to submit an issue ticket or a pull request. Should you encounter a bug you feel is a security concern, please contact the developer privately at jessefrgsmith AT yahoo DOT ca.
Financial donations are always welcome and can be submitted via PayPal to jessefrgsmith AT yahoo DOT ca or through Patreon at https://www.patreon.com/sysvinit . Thank you for your support.

2
compat/closefrom.c
View File

@ -46,7 +46,7 @@ closefrom(int lowfd)
int i;
/* Use /proc/self/fd (or /dev/fd on FreeBSD) if it exists. */
# if defined(__FreeBSD__) || defined(__FreeBSD_kernel__) || defined(__APPLE__)
# if defined(__FreeBSD__) || defined(__FreeBSD_kernel__) || defined(__APPLE__) || defined(__MidnightBSD__)
path = "/dev/fd";
# else
path = "/proc/self/fd";

4
doas.1
View File

@ -76,7 +76,9 @@ would prompt for password.
.It Fl S
Same as
.Fl s
but simulates a full login.
but simulates a full login. Please note this may result in doas applying resource limits
to the user based on the target user's login class. However, environment variables
applicable to the target user are still stripped, unless KEEPENV is specified.
.It Fl s
Execute the shell from
.Ev SHELL

6
doas.c
View File

@ -199,7 +199,7 @@ checkconfig(const char *confpath, int argc, char **argv,
struct rule *rule;
int status;
#if defined(__linux__) || defined(__FreeBSD__)
#if defined(__linux__) || defined(__FreeBSD__) || defined(__MidnightBSD__)
status = setresuid(uid, uid, uid);
#else
status = setreuid(uid, uid);
@ -526,7 +526,7 @@ main(int argc, char **argv)
LOGIN_SETUSER) != 0)
errx(1, "failed to set user context for target");
#else
#if defined(__linux__) || defined(__FreeBSD__)
#if defined(__linux__) || defined(__FreeBSD__) || defined(__MidnightBSD__)
if (setresgid(target_pw->pw_gid, target_pw->pw_gid, target_pw->pw_gid) == -1)
err(1, "setresgid");
#else
@ -535,7 +535,7 @@ main(int argc, char **argv)
#endif
if (initgroups(target_pw->pw_name, target_pw->pw_gid) == -1)
err(1, "initgroups");
#if defined(__linux__) || defined(__FreeBSD__)
#if defined(__linux__) || defined(__FreeBSD__) || defined(__MidnightBSD__)
if (setresuid(target, target, target) == -1)
err(1, "setresuid");
#else

94
doasedit Executable file
View File

@ -0,0 +1,94 @@
#!/bin/sh
# Copy an existing text file to a temporary location. Then
# Edit the file.
# Attempt to then transfer the temporary file back to the original
# location if the temprary file has been altered.
# Conclude with a little clean-up.
# Try to avoid deleting any changes.
if [ $# -lt 1 ]
then
echo "usage: $0 text-file"
exit 1
fi
if [ ! -f "$1" ]
then
echo "File does not exist or is a special file/link."
exit 2
fi
if [ -L "$1" ]
then
echo "File is a symbolic link. Refusing to edit."
exit 2
fi
if [ ! -r "$1" ]
then
echo "This user is unable to read the specified file."
exit 3
fi
temp_file=$(mktemp --tmpdir doasedit.XXXXXXXX)
if [ ! $? ]
then
echo "Could not create temporary file."
exit 4
fi
cp "$1" "$temp_file"
if [ ! $? ]
then
echo "Unable to copy file $1"
exit 5
fi
# If $VISUAL fails, run $EDITOR.
# $EDITOR should be a line editor functional without advanced terminal features.
# $VISUAL is a more advanced editor such as vi.
"${VISUAL:-vi}" "$temp_file"
if [ ! $? ]
then
"${EDITOR:-ex}" "$temp_file"
if [ ! $? ]
then
echo "Could not run visual editor $VISUAL"
echo "Could not run editor $EDITOR"
echo "Please make sure the VISUAL and/or EDITOR variables are set."
rm -f "$temp_file"
exit 6
fi
fi
# Check to see if the file has been changed.
cmp -s "$1" "$temp_file"
status=$?
if [ $status -eq 0 ]
then
echo "File unchanged. Not writing back to original location."
rm -f "$temp_file"
exit 0
fi
# At this point the file has been changed. Make sure it still exists.
if [ -f "$temp_file" ]
then
doas cp "$temp_file" "$1"
cmp -s "$temp_file" "$1"
status=$?
# If file fails to copy, do not do clean-up
while [ $status -ne 0 ]
do
echo "Copying file back to $1 failed. Press Ctrl-C to abort or Enter to try again."
read abc
doas cp "$temp_file" "$1"
cmp -s "$temp_file" "$1"
status=$?
done
fi
# Clean up
rm -f "$temp_file"
exit 0

54
doasedit.8 Normal file
View File

@ -0,0 +1,54 @@
.\"
.\" Copyright (c) 2021 Jesse Smith <jessefrgsmith@yahoo.ca>
.\"
.\" Permission to use, copy, modify, and distribute this software for
.\" any purpose with or without fee is hereby granted, provided that
.\" the above copyright notice and this permission notice appear in all
.\" copies.
.\"
.\" THE SOFTWARE IS PROVIDED "AS IS" AND THE AUTHOR DISCLAIMS ALL
.\" WARRANTIES WITH REGARD TO THIS SOFTWARE INCLUDING ALL IMPLIED
.\" WARRANTIES OF MERCHANTABILITY AND FITNESS. IN NO EVENT SHALL THE
.\" AUTHOR BE LIABLE FOR ANY SPECIAL, DIRECT, INDIRECT, OR CONSEQUENTIAL
.\" DAMAGES OR ANY DAMAGES WHATSOEVER RESULTING FROM LOSS OF USE, DATA
.\" OR PROFITS, WHETHER IN AN ACTION OF CONTRACT, NEGLIGENCE OR OTHER
.\" TORTIOUS ACTION, ARISING OUT OF OR IN CONNECTION WITH THE USE OR
.\" PERFORMANCE OF THIS SOFTWARE.
.\"
.Dd September 13, 2021
.Dt DOASEDIT 1
.Os
.Sh NAME
.Nm doasedit
.Nd edit a text file and then write the file back to its original location with admin access
.Sh SYNOPSIS
.Nm
.Op Ar file
.Sh DESCRIPTION
The
.Nm
utility opens an editor on a temporary copy of a
text file. Once the file has been altered, it is written
back to the original location, using doas for elevated access.
This is intended for use in editing configuration files where
the user may need to be root to edit a file, but does not wish
to run their text editor as the super user.
.Pp
The doasedit utility accepts one argument, the file to
be edited. The text editor used during the editing process
is set using the VISUAL environment variable. If VISUAL fails
to run, EDITOR is tried instead.
.El
.Sh EXIT STATUS
.Ex -std
.Sh ENVIRONMENT
.Bl -tag -width EDITOR
.It Ev EDITOR
The editor command used for editing the target text file.
If no EDITOR variable is set, then the command vi is used.
.El
.Sh SEE ALSO
.Xr doas 1 ,
.Xr doas.conf 5
.Sh AUTHORS
.An Jesse Smith Aq Mt jessefrgsmith@yahoo.ca

2
env.c
View File

@ -102,7 +102,7 @@ copyenvpw(struct passwd *my_static)
new_pw->pw_passwd = strdup(my_static->pw_passwd);
new_pw->pw_uid = my_static->pw_uid;
new_pw->pw_gid = my_static->pw_gid;
#if defined(__FreeBSD__)
#if defined(__FreeBSD__) || defined(__MidnightBSD__)
new_pw->pw_class = strdup(my_static->pw_class);
#endif
new_pw->pw_gecos = strdup(my_static->pw_gecos);