Merge branch 'master' of https://github.com/slicer69/doas

Makefile

@@ -1,15 +1,17 @@
-AWK?=awk
+CAT?=cat
+SED?=sed
 CC?=clang
 YACC?=yacc
 BIN=doas
 PREFIX?=/usr/local
 MANDIR?=$(DESTDIR)$(PREFIX)/man
 SYSCONFDIR?=$(DESTDIR)$(PREFIX)/etc
+DOAS_CONF=$(SYSCONFDIR)/doas.conf
 OBJECTS=doas.o env.o compat/execvpe.o compat/reallocarray.o y.tab.o 
 OPT?=-O2
 # Can set GLOBAL_PATH here to set PATH for target user.
 # TARGETPATH=-DGLOBAL_PATH=\"/usr/local/sbin:/usr/local/bin:/usr/sbin:/usr/bin:/sbin:/bin:\"
-CFLAGS+=-Wall $(OPT) -DUSE_PAM -DDOAS_CONF=\"${SYSCONFDIR}/doas.conf\" $(TARGETPATH)
+CFLAGS+=-Wall $(OPT) -DUSE_PAM -DDOAS_CONF=\"$(DOAS_CONF)\" $(TARGETPATH)
 CPPFLAGS+=-include compat/compat.h
 LDFLAGS+=-lpam
 UNAME_S := $(shell uname -s)
@@ -45,7 +47,11 @@ ifeq ($(UNAME_S),Darwin)
     MANDIR=$(DESTDIR)$(PREFIX)/share/man
 endif
 
-all: $(OBJECTS) doas.1.final doas.conf.5.final
+FINALS=doas.1.final doas.conf.5.final vidoas.final vidoas.8.final
+
+all: $(BIN) $(FINALS)
+
+$(BIN): $(OBJECTS)
 	$(CC) -o $(BIN) $(OBJECTS) $(LDFLAGS)
 
 env.o: doas.h env.c
@@ -60,21 +66,25 @@ y.tab.o: parse.y
 	$(YACC) parse.y
 	$(CC) $(CPPFLAGS) $(CFLAGS) -c y.tab.c
 
-install: $(BIN)
+install: $(BIN) $(FINALS)
 	mkdir -p $(DESTDIR)$(PREFIX)/bin
 	cp $(BIN) $(DESTDIR)$(PREFIX)/bin/
-	cp vidoas $(DESTDIR)$(PREFIX)/bin/
 	chmod 4755 $(DESTDIR)$(PREFIX)/bin/$(BIN)
+	cp vidoas.final $(DESTDIR)$(PREFIX)/bin/vidoas
+	chmod 755 $(DESTDIR)$(PREFIX)/bin/vidoas
 	mkdir -p $(MANDIR)/man1
 	cp doas.1.final $(MANDIR)/man1/doas.1
 	mkdir -p $(MANDIR)/man5
 	cp doas.conf.5.final $(MANDIR)/man5/doas.conf.5
+	mkdir -p $(MANDIR)/man8
+	cp vidoas.8.final $(MANDIR)/man8/vidoas.8
 
 uninstall:
 	rm -f $(DESTDIR)$(PREFIX)/bin/doas
 	rm -f $(DESTDIR)$(PREFIX)/bin/vidoas
 	rm -f $(MANDIR)/man1/doas.1
 	rm -f $(MANDIR)/man5/doas.conf.5
+	rm -f $(MANDIR)/man8/vidoas.8
 
 clean:
 	rm -f $(BIN) $(OBJECTS) y.tab.c
@@ -82,8 +92,9 @@ clean:
 
 # Doing it this way allows to change the original files
 # only partially instead of renaming them.
-doas.1.final:
-	$(AWK) -v pfx="$(SYSCONFDIR)" '{gsub("@SUBSTSYSCONFDIR@",pfx); print $$0}' < doas.1 > doas.1.final
-
-doas.conf.5.final:
-	$(AWK) -v pfx="$(SYSCONFDIR)" '{gsub("@SUBSTSYSCONFDIR@",pfx); print $$0}' < doas.conf.5 > doas.conf.5.final
+doas.1.final: doas.1
+doas.conf.5.final: doas.conf.5
+vidoas.final: vidoas
+vidoas.8.final: vidoas.8
+$(FINALS):
+	$(CAT) $^ | $(SED) 's,@DOAS_CONF@,$(DOAS_CONF),g' > $@

README.md

@@ -8,10 +8,26 @@ The doas program offers two benefits over sudo: its configuration file has a sim
 This port of doas has been made to work on FreeBSD 11.x and newer, most distributions of Linux, NetBSD 8.x and newer, and most illumos distributions (tested on OmniOS and SmartOS). It also works on macOS Catalina.
 
 Installing doas is accomplished in three steps:
+
+0. Optionally install the package/port for your operating system, OR
 1. Installing build tools.
 2. Compiling and installing the doas utility.
 3. Creating a configuration file for doas.
 
+## Installation via packages/repositories:
+
+[For Arch Linux users (and Arch-based distributions) there is a package available in the AUR:](https://aur.archlinux.org/packages/doas/)
+```
+ ~ git clone https://aur.archlinux.org/doas.git
+ ~ cd doas
+ ~ makepkg -si
+```
+
+The doas command is in FreeBSD's ports collection and may be installed by simply running the following command as the root user:
+
+      pkg install doas
+
+
 ## Installing build tools
 
 1 - The doas program has virtually no dependencies. So long as you have a compiler (such as the GNU Compiler or Clang) installed and GNU make (gmake on NetBSD, FreeBSD, and illumos). On illumos, the build-essential package will install all the necessary build tools. 
@@ -71,9 +87,6 @@ Note: By default macOS blocks doas from using PAM modules, causing doas authenti
 
      PREFIX=/opt/local gmake install
 
-Note: The doas command is in FreeBSD's ports collection and may be installed by simply running the following command as the root user:
-
-      pkg install doas
 
 ## Creating a configuration file
 

doas.1

@@ -87,7 +87,7 @@ Execute the command as
 .Ar user .
 The default is root.
 .It Fl -
-Any dashes after a combined double dash (--) will be interpreted as part of the command to be run or its paramters. Not an argument passed to doas itself.
+Any dashes after a combined double dash (--) will be interpreted as part of the command to be run or its parameters. Not an argument passed to doas itself.
 .El
 .Sh EXIT STATUS
 .Ex -std doas
@@ -96,7 +96,7 @@ It may fail for one of the following reasons:
 .Bl -bullet -compact
 .It
 The config file
-.Pa @SUBSTSYSCONFDIR@/doas.conf
+.Pa @DOAS_CONF@
 could not be parsed.
 .It
 The user attempted to run a command which is not permitted.

doas.conf.5

@@ -20,7 +20,7 @@
 .Nm doas.conf
 .Nd doas configuration file
 .Sh SYNOPSIS
-.Nm @SUBSTSYSCONFDIR@/doas.conf
+.Nm @DOAS_CONF@
 .Sh DESCRIPTION
 The
 .Xr doas 1

doas.conf.sample

@@ -14,5 +14,5 @@ permit keepenv bob as root
 
 # Permit user cindy to run only the pkg package manager as root
 # to perform package updates and upgrades.
-permit cindy as root cmd pkg update
-permit cindy as root cmd pkg upgrade
+permit cindy as root cmd pkg args update
+permit cindy as root cmd pkg args upgrade

vidoas

@@ -1,8 +1,22 @@
 #!/bin/sh
 
-# This script edits a temporary copy of the doas.conf file and
-# automatically checks it for syntax errors before installing
-# the new copy of doas.conf.
+# Copyright (c) 2020 Kimmo Suominen <kim@netbsd.org>
+#
+# Permission to use, copy, modify, and distribute this software for any
+# purpose with or without fee is hereby granted, provided that the above
+# copyright notice and this permission notice appear in all copies.
+#
+# THE SOFTWARE IS PROVIDED "AS IS" AND THE AUTHOR DISCLAIMS ALL
+# WARRANTIES WITH REGARD TO THIS SOFTWARE INCLUDING ALL IMPLIED
+# WARRANTIES OF MERCHANTABILITY AND FITNESS. IN NO EVENT SHALL THE
+# AUTHOR BE LIABLE FOR ANY SPECIAL, DIRECT, INDIRECT, OR CONSEQUENTIAL
+# DAMAGES OR ANY DAMAGES WHATSOEVER RESULTING FROM LOSS OF USE, DATA
+# OR PROFITS, WHETHER IN AN ACTION OF CONTRACT, NEGLIGENCE OR OTHER
+# TORTIOUS ACTION, ARISING OUT OF OR IN CONNECTION WITH THE USE OR
+# PERFORMANCE OF THIS SOFTWARE.
+
+# Edit a temporary copy of the doas.conf file and check it for syntax
+# errors before installing it as the actual doas.conf file.
 
 set -eu
 
@@ -11,15 +25,9 @@ export PATH
 
 PROG="${0##*/}"
 
-umask 077
+umask 022
 
-WRK_DIR=/var/tmp
-INSTALL_DIR=/usr/local/etc
-
-doas_conf_mode=0644
-
-doas_lock_file="${WRK_DIR}/doas.conf"
-installed_doas="${INSTALL_DIR}/doas.conf"
+DOAS_CONF=@DOAS_CONF@
 
 die()
 {
@@ -44,6 +52,20 @@ get_intr()
     '
 }
 
+owner_of()
+{
+    local file
+    file="${1}"
+
+    if stat --version >/dev/null 2>&1
+    then
+	stat -c '%U' "${file}"
+    else
+	stat -f '%Su' "${file}"
+    fi \
+    | awk '{print $1; exit}'
+}
+
 set_trap_rm()
 {
     local file file_list
@@ -58,28 +80,135 @@ set_trap_rm()
     fi
 }
 
-tmp_doas="$(mktemp "${WRK_DIR}/doas.conf.XXXXXXXXXX")"
+usage()
+{
+    cat <<EOF
+Usage:	${PROG} [-n] [file]
+	${PROG} -h
+
+Edit a temporary copy of a doas configuration file and check it for
+syntax errors before installing it as the actual configuration file.
+
+When no file is named, ${PROG} will edit the default configuration file
+for doas(1): @DOAS_CONF@
+
+Options:
+-h	Show this usage.
+-n	Do not edit the file, just perform prerequisite checks. If this
+	switch is repeated, all output will be suppressed and the check
+	result is only indicated by the exit status.
+EOF
+}
+
+noop=0
+
+while getopts hn opt
+do
+    case "${opt}" in
+    h) usage; exit 0;;
+    n) noop=$((${noop} + 1));;
+    *) usage 1>&2; exit 1;;
+    esac
+done
+shift $((${OPTIND} - 1))
+
+case ${#} in
+0) ;;
+1) DOAS_CONF="${1}";;
+*) usage 1>&2; exit 1;;
+esac
+
+case ${noop} in
+0) noop=false;;
+1) noop=true;;
+*) noop=true; exec >/dev/null 2>&1;;
+esac
+
+case "${DOAS_CONF}" in
+-*)
+    warn "Invalid filename: ${DOAS_CONF}"
+    die  "Try using './${DOAS_CONF}' instead"
+    ;;
+esac
+
+doas_conf_dir="$(dirname "${DOAS_CONF}")"
+doas_conf_base="$(basename "${DOAS_CONF}")"
+DOAS_CONF="${doas_conf_dir}/${doas_conf_base}"
+doas_lock_file="${DOAS_CONF}.lck"
+
+# These checks are only for producing nicer diagnostic messages to the
+# user.  They are not relied on by the rest of the code.
+
+if [ ! -e "${doas_conf_dir}" ]
+then
+    die "${doas_conf_dir} does not exist"
+fi
+
+if [ ! -d "${doas_conf_dir}" ]
+then
+    die "${doas_conf_dir} is not a directory"
+fi
+
+if [ ! -w "${doas_conf_dir}" ]
+then
+    owner="$(owner_of "${doas_conf_dir}")"
+    warn "${doas_conf_dir} is not writable"
+    die "You probably need to run ${PROG} as ${owner:-root}"
+fi
+
+tmp_doas="$(mktemp "${DOAS_CONF}.XXXXXXXXXX")" \
+|| die "You probably need to run ${PROG} as root"
 set_trap_rm "${tmp_doas}"
 
-# Check to see if an existing configuration file is installed.
-if [ -f "${installed_doas}" ]
+# It is important that the ln(1) command fails if the target already
+# exists.  Some versions are known to behave like "ln -f" by default
+# (removing any existing target).  Adjust PATH to avoid such ln(1)
+# implementations.
+
+tmp_test_ln="$(mktemp "${DOAS_CONF}.XXXXXXXXXX")"
+set_trap_rm "${tmp_doas}" "${tmp_test_ln}"
+
+if ln "${tmp_doas}" "${tmp_test_ln}" 2>/dev/null
 then
-    if [ -r "${installed_doas}" ]
+    die 'ln(1) is not safe for creating lock files, bailing'
+fi
+
+# If a doas.conf file exists, copy it into the temporary file for
+# editing.  If none exist, the editor will open with an empty file.
+
+if [ -f "${DOAS_CONF}" ]
+then
+    if [ -r "${DOAS_CONF}" ]
     then
-	cp "${installed_doas}" "${tmp_doas}"
+	cp "${DOAS_CONF}" "${tmp_doas}"
     else
-	die "Cannot read ${installed_doas}"
+	die "${DOAS_CONF} is not readable"
     fi
 fi
 
-# Check to see if existing temporary doas.conf file exists.
+if ${noop}
+then
+    if ! doas -C "${DOAS_CONF}"
+    then
+        die "${DOAS_CONF} contains syntax errors."
+    fi
+    warn 'OK: Prerequisite checks passed'
+    exit 0
+fi
+
+# Link the temporary file to the lock file.
+
 if ln "${tmp_doas}" "${doas_lock_file}"
 then
-    set_trap_rm "${tmp_doas}" "${doas_lock_file}"
+    set_trap_rm "${tmp_doas}" "${tmp_test_ln}" "${doas_lock_file}"
 else
-    die "The doas.conf file is already locked"
+    die "${DOAS_CONF} is already locked"
 fi
 
+# Some versions of vi(1) exit with a code that reflects the number of
+# editing errors made.  This is why we ignore the exit code from the
+# editor.
+
 "${EDITOR:-vi}" "${tmp_doas}" || true
 
 while ! doas -C "${tmp_doas}"
@@ -90,12 +219,16 @@ do
     "${EDITOR:-vi}" "${tmp_doas}" || true
 done
 
+# Use mv(1) to rename the temporary file to doas.conf as it is atomic.
+# Update: No longer use mv as it messes up permissions on the doas.conf file.
+# Use install with ownership set to root.
+
 if [ -s "${tmp_doas}" ]
 then
-    if cmp -s "${tmp_doas}" "${installed_doas}"
+    if cmp -s "${tmp_doas}" "${DOAS_CONF}"
     then
 	warn "No changes made"
-	warn "${installed_doas} unchanged"
+	warn "${DOAS_CONF} unchanged"
     else
 	doas -- install -o root -m "${doas_conf_mode}" \
 	    "${tmp_doas}" "${installed_doas}" \
@@ -103,5 +236,5 @@ then
     fi
 else
     warn "Not installing an empty doas.conf file"
-    warn "${installed_doas} unchanged"
+    warn "${DOAS_CONF} unchanged"
 fi

vidoas.8

@@ -0,0 +1,70 @@
+.\"
+.\" Copyright (c) 2020 Kimmo Suominen <kim@netbsd.org>
+.\"
+.\" Permission to use, copy, modify, and distribute this software for
+.\" any purpose with or without fee is hereby granted, provided that
+.\" the above copyright notice and this permission notice appear in all
+.\" copies.
+.\"
+.\" THE SOFTWARE IS PROVIDED "AS IS" AND THE AUTHOR DISCLAIMS ALL
+.\" WARRANTIES WITH REGARD TO THIS SOFTWARE INCLUDING ALL IMPLIED
+.\" WARRANTIES OF MERCHANTABILITY AND FITNESS. IN NO EVENT SHALL THE
+.\" AUTHOR BE LIABLE FOR ANY SPECIAL, DIRECT, INDIRECT, OR CONSEQUENTIAL
+.\" DAMAGES OR ANY DAMAGES WHATSOEVER RESULTING FROM LOSS OF USE, DATA
+.\" OR PROFITS, WHETHER IN AN ACTION OF CONTRACT, NEGLIGENCE OR OTHER
+.\" TORTIOUS ACTION, ARISING OUT OF OR IN CONNECTION WITH THE USE OR
+.\" PERFORMANCE OF THIS SOFTWARE.
+.\"
+.Dd November 9, 2020
+.Dt VIDOAS 1
+.Os
+.Sh NAME
+.Nm vidoas
+.Nd edit a doas configuration file
+.Sh SYNOPSIS
+.Nm
+.Op Fl n
+.Op Ar file
+.Nm
+.Fl h
+.Sh DESCRIPTION
+The
+.Nm
+utility opens an editor on a temporary copy of a
+.Xr doas 1
+configuration file and checks it for syntax errors before installing it
+as the actual configuration file.
+.Pp
+The options are as follows:
+.Bl -tag -width EDITOR
+.It Fl h
+Show a usage message.
+.It Fl n
+Do not edit the file, just perform prerequisite checks.
+If this switch is repeated, all output will be suppressed and the check
+result is only indicated by the exit status.
+.El
+.Sh EXIT STATUS
+.Ex -std
+.Sh ENVIRONMENT
+.Bl -tag -width EDITOR
+.It Ev EDITOR
+The editor command used for editing the configuration file.
+If the
+.Ev EDITOR
+environment variable is null or not set, the
+.Xr vi 1
+editor program will be used.
+.El
+.Sh FILES
+.Bl -tag -width EDITOR
+.It Pa @DOAS_CONF@
+The default configuration file to edit, when no
+.Ar file
+argument is specified.
+.El
+.Sh SEE ALSO
+.Xr doas 1 ,
+.Xr doas.conf 5
+.Sh AUTHORS
+.An Kimmo Suominen Aq Mt kim@netbsd.org