openbsd: Build doas

Use a simple sp_pwd comparison for now. Later, I might consider
implementing something similar to BSD auth for oasis.

3 files changed, 273 insertions, 0 deletions

diff --git a/pkg/openbsd/patch/0014-readpassphrase-Support-systems-without-VSTATUS-and-T.patch b/pkg/openbsd/patch/0014-readpassphrase-Support-systems-without-VSTATUS-and-T.patch
new file mode 100644
index 00000000..0fad210a
--- /dev/null
+++ b/pkg/openbsd/patch/0014-readpassphrase-Support-systems-without-VSTATUS-and-T.patch
@@ -0,0 +1,38 @@
+From d64f92d2e1242a0dbdbd58c4c2fc34375266abb9 Mon Sep 17 00:00:00 2001
+From: Michael Forney <mforney@mforney.org>
+Date: Sun, 26 Feb 2017 17:01:33 -0800
+Subject: [PATCH] readpassphrase: Support systems without VSTATUS and TCSASOFT
+
+---
+ lib/libc/gen/readpassphrase.c | 6 ++++++
+ 1 file changed, 6 insertions(+)
+
+diff --git a/lib/libc/gen/readpassphrase.c b/lib/libc/gen/readpassphrase.c
+index 3837b0881de..55fe687ed32 100644
+--- a/lib/libc/gen/readpassphrase.c
++++ b/lib/libc/gen/readpassphrase.c
+@@ -32,6 +32,10 @@
+ #include <unistd.h>
+ #include <readpassphrase.h>
+ 
++#ifndef TCSASOFT
++#define TCSASOFT 0
++#endif
++
+ static volatile sig_atomic_t signo[_NSIG];
+ 
+ static void handler(int);
+@@ -81,8 +85,10 @@ restart:
+ 		memcpy(&term, &oterm, sizeof(term));
+ 		if (!(flags & RPP_ECHO_ON))
+ 			term.c_lflag &= ~(ECHO | ECHONL);
++#ifdef VSTATUS
+ 		if (term.c_cc[VSTATUS] != _POSIX_VDISABLE)
+ 			term.c_cc[VSTATUS] = _POSIX_VDISABLE;
++#endif
+ 		(void)tcsetattr(input, TCSAFLUSH|TCSASOFT, &term);
+ 	} else {
+ 		memset(&term, 0, sizeof(term));
+-- 
+2.11.1
+
diff --git a/pkg/openbsd/patch/0015-Remove-getpass-definition.patch b/pkg/openbsd/patch/0015-Remove-getpass-definition.patch
new file mode 100644
index 00000000..aebfd49a
--- /dev/null
+++ b/pkg/openbsd/patch/0015-Remove-getpass-definition.patch
@@ -0,0 +1,36 @@
+From 0cbb9dbd472c79ecbb53e8c977955d7782fbb18b Mon Sep 17 00:00:00 2001
+From: Michael Forney <mforney@mforney.org>
+Date: Sun, 26 Feb 2017 17:12:56 -0800
+Subject: [PATCH] Remove getpass definition
+
+It is a legacy function and musl already provides an implementation.
+---
+ lib/libc/gen/readpassphrase.c | 12 ++----------
+ 1 file changed, 2 insertions(+), 10 deletions(-)
+
+diff --git a/lib/libc/gen/readpassphrase.c b/lib/libc/gen/readpassphrase.c
+index 55fe687ed32..1a327d35a6d 100644
+--- a/lib/libc/gen/readpassphrase.c
++++ b/lib/libc/gen/readpassphrase.c
+@@ -179,16 +179,8 @@ restart:
+ }
+ DEF_WEAK(readpassphrase);
+ 
+-char *
+-getpass(const char *prompt)
+-{
+-	static char buf[_PASSWORD_LEN + 1];
+-
+-	return(readpassphrase(prompt, buf, sizeof(buf), RPP_ECHO_OFF));
+-}
+-
+-static void handler(int s)
++static void
++handler(int s)
+ {
+-
+ 	signo[s] = 1;
+ }
+-- 
+2.11.1
+
diff --git a/pkg/openbsd/patch/0016-doas-Port-to-linux-musl.patch b/pkg/openbsd/patch/0016-doas-Port-to-linux-musl.patch
new file mode 100644
index 00000000..3ba1474a
--- /dev/null
+++ b/pkg/openbsd/patch/0016-doas-Port-to-linux-musl.patch
@@ -0,0 +1,199 @@
+From e03e4343423178d21fbe7a6687c199367f3252e0 Mon Sep 17 00:00:00 2001
+From: Michael Forney <mforney@mforney.org>
+Date: Sun, 26 Feb 2017 16:50:55 -0800
+Subject: [PATCH] doas: Port to linux/musl
+
+Remove -a login style option and BSD authentication. Instead, compare
+against shadow file.
+
+Use initgroups/setgid/setuid instead of setusercontext.
+
+Provide UID_MAX and GID_MAX defaults.
+
+Use LOGIN_NAME_MAX instead of _PW_NAME_LEN.
+
+Remove call to closefrom.
+
+Replace calls to errc with err after setting errno.
+---
+ usr.bin/doas/doas.1 |  9 --------
+ usr.bin/doas/doas.c | 63 ++++++++++++++++++++++++++++++++++-------------------
+ 2 files changed, 41 insertions(+), 31 deletions(-)
+
+diff --git a/usr.bin/doas/doas.1 b/usr.bin/doas/doas.1
+index c5b8e00f32c..fca943f6fc2 100644
+--- a/usr.bin/doas/doas.1
++++ b/usr.bin/doas/doas.1
+@@ -22,7 +22,6 @@
+ .Sh SYNOPSIS
+ .Nm doas
+ .Op Fl ns
+-.Op Fl a Ar style
+ .Op Fl C Ar config
+ .Op Fl u Ar user
+ .Ar command
+@@ -41,14 +40,6 @@ is specified.
+ .Pp
+ The options are as follows:
+ .Bl -tag -width tenletters
+-.It Fl a Ar style
+-Use the specified authentication style when validating the user,
+-as allowed by
+-.Pa /etc/login.conf .
+-A list of doas-specific authentication methods may be configured by adding an
+-.Sq auth-doas
+-entry in
+-.Xr login.conf 5 .
+ .It Fl C Ar config
+ Parse and check the configuration file
+ .Ar config ,
+diff --git a/usr.bin/doas/doas.c b/usr.bin/doas/doas.c
+index b17c8f13c8a..c9eb3bb3049 100644
+--- a/usr.bin/doas/doas.c
++++ b/usr.bin/doas/doas.c
+@@ -20,7 +20,6 @@
+ 
+ #include <limits.h>
+ #include <login_cap.h>
+-#include <bsd_auth.h>
+ #include <readpassphrase.h>
+ #include <string.h>
+ #include <stdio.h>
+@@ -31,9 +30,18 @@
+ #include <grp.h>
+ #include <syslog.h>
+ #include <errno.h>
++#include <shadow.h>
+ 
+ #include "doas.h"
+ 
++#ifndef UID_MAX
++#define UID_MAX 65535
++#endif
++
++#ifndef GID_MAX
++#define GID_MAX 65535
++#endif
++
+ static void __dead
+ usage(void)
+ {
+@@ -203,17 +211,34 @@ checkconfig(const char *confpath, int argc, char **argv,
+ 	}
+ }
+ 
++static int
++verifypasswd(const char *user, const char *pass)
++{
++	struct spwd *sp;
++	char *p1, *p2;
++
++	sp = getspnam(user);
++	if (!sp)
++		return 0;
++	p1 = sp->sp_pwdp;
++	if (p1[0] == '!' || p1[0] == '*')
++		return 0;
++	p2 = crypt(pass, p1);
++	if (!p2)
++		return 0;
++	return strcmp(p1, p2) == 0;
++}
++
+ int
+ main(int argc, char **argv)
+ {
+-	const char *safepath = "/bin:/sbin:/usr/bin:/usr/sbin:"
+-	    "/usr/local/bin:/usr/local/sbin";
++	const char *safepath = "/bin";
+ 	const char *confpath = NULL;
+ 	char *shargv[] = { NULL, NULL };
+ 	char *sh;
+ 	const char *cmd;
+ 	char cmdline[LINE_MAX];
+-	char myname[_PW_NAME_LEN + 1];
++	char myname[LOGIN_NAME_MAX + 1];
+ 	struct passwd *pw;
+ 	struct rule *rule;
+ 	uid_t uid;
+@@ -225,7 +250,6 @@ main(int argc, char **argv)
+ 	int nflag = 0;
+ 	char cwdpath[PATH_MAX];
+ 	const char *cwd;
+-	char *login_style = NULL;
+ 	char **envp;
+ 
+ 	setprogname("doas");
+@@ -233,15 +257,10 @@ main(int argc, char **argv)
+ 	if (pledge("stdio rpath getpw tty recvfd proc exec id", NULL) == -1)
+ 		err(1, "pledge");
+ 
+-	closefrom(STDERR_FILENO + 1);
+-
+ 	uid = getuid();
+ 
+-	while ((ch = getopt(argc, argv, "a:C:nsu:")) != -1) {
++	while ((ch = getopt(argc, argv, "C:nsu:")) != -1) {
+ 		switch (ch) {
+-		case 'a':
+-			login_style = optarg;
+-			break;
+ 		case 'C':
+ 			confpath = optarg;
+ 			break;
+@@ -313,19 +332,16 @@ main(int argc, char **argv)
+ 	    (const char **)argv + 1)) {
+ 		syslog(LOG_AUTHPRIV | LOG_NOTICE,
+ 		    "failed command for %s: %s", myname, cmdline);
+-		errc(1, EPERM, NULL);
++		errno = EPERM;
++		err(1, NULL);
+ 	}
+ 
+ 	if (!(rule->options & NOPASS)) {
+ 		char *challenge = NULL, *response, rbuf[1024], cbuf[128];
+-		auth_session_t *as;
+ 
+ 		if (nflag)
+ 			errx(1, "Authorization required");
+ 
+-		if (!(as = auth_userchallenge(myname, login_style, "auth-doas",
+-		    &challenge)))
+-			errx(1, "Authorization failed");
+ 		if (!challenge) {
+ 			char host[HOST_NAME_MAX + 1];
+ 			if (gethostname(host, sizeof(host)))
+@@ -341,10 +357,11 @@ main(int argc, char **argv)
+ 			    "tty required for %s", myname);
+ 			errx(1, "a tty is required");
+ 		}
+-		if (!auth_userresponse(as, response, 0)) {
++		if (!verifypasswd(myname, response)) {
+ 			syslog(LOG_AUTHPRIV | LOG_NOTICE,
+ 			    "failed auth for %s", myname);
+-			errc(1, EPERM, NULL);
++			errno = EPERM;
++			err(1, NULL);
+ 		}
+ 		explicit_bzero(rbuf, sizeof(rbuf));
+ 	}
+@@ -356,10 +373,12 @@ main(int argc, char **argv)
+ 	if (!pw)
+ 		errx(1, "no passwd entry for target");
+ 
+-	if (setusercontext(NULL, pw, target, LOGIN_SETGROUP |
+-	    LOGIN_SETPRIORITY | LOGIN_SETRESOURCES | LOGIN_SETUMASK |
+-	    LOGIN_SETUSER) != 0)
+-		errx(1, "failed to set user context for target");
++	if (initgroups(pw->pw_name, pw->pw_gid) < 0)
++		err(1, "initgroups");
++	if (setgid(pw->pw_gid) < 0)
++		err(1, "setgid");
++	if (setuid(pw->pw_uid) < 0)
++		err(1, "setuid");
+ 
+ 	if (pledge("stdio rpath exec", NULL) == -1)
+ 		err(1, "pledge");
+-- 
+2.11.1
+