diff options
Diffstat (limited to 'usr.bin/doas')
| -rw-r--r-- | usr.bin/doas/CVS/Entries | 14 | ||||
| -rw-r--r-- | usr.bin/doas/doas.1 | 12 | ||||
| -rw-r--r-- | usr.bin/doas/doas.c | 25 | ||||
| -rw-r--r-- | usr.bin/doas/doas.conf.5 | 10 | ||||
| -rw-r--r-- | usr.bin/doas/doas.h | 5 | ||||
| -rw-r--r-- | usr.bin/doas/parse.c | 146 | ||||
| -rw-r--r-- | usr.bin/doas/parse.tab.h | 9 | ||||
| -rw-r--r-- | usr.bin/doas/parse.y | 25 | 
8 files changed, 140 insertions, 106 deletions
| diff --git a/usr.bin/doas/CVS/Entries b/usr.bin/doas/CVS/Entries index 0b2860e..bda4789 100644 --- a/usr.bin/doas/CVS/Entries +++ b/usr.bin/doas/CVS/Entries @@ -1,8 +1,8 @@ -/Makefile/1.3/Mon Jul  3 22:21:47 2017// -/doas.1/1.23/Thu Jul  4 19:04:17 2019// -/doas.c/1.82/Fri Oct 18 17:15:45 2019// -/doas.conf.5/1.43/Sat May 16 16:58:11 2020// -/doas.h/1.15/Mon Jun 17 19:51:23 2019// -/env.c/1.10/Sun Jul  7 19:21:28 2019// -/parse.y/1.27/Wed Jul 11 07:39:22 2018// +/Makefile/1.3/Mon Oct 19 10:36:43 2020// +/doas.1/1.25/Result of merge// +/doas.c/1.90/Result of merge+Wed Jul 14 11:14:15 2021// +/doas.conf.5/1.45/Wed Jul 14 11:14:15 2021// +/doas.h/1.17/Result of merge// +/env.c/1.10/Mon Oct 19 10:36:43 2020// +/parse.y/1.29/Result of merge//  D diff --git a/usr.bin/doas/doas.1 b/usr.bin/doas/doas.1 index c7196e3..a91705e 100644 --- a/usr.bin/doas/doas.1 +++ b/usr.bin/doas/doas.1 @@ -1,4 +1,4 @@ -.\" $OpenBSD: doas.1,v 1.23 2019/07/04 19:04:17 tedu Exp $ +.\" $OpenBSD: doas.1,v 1.25 2021/01/16 09:18:41 martijn Exp $  .\"  .\"Copyright (c) 2015 Ted Unangst <tedu@openbsd.org>  .\" @@ -13,7 +13,7 @@  .\"WHATSOEVER RESULTING FROM LOSS OF USE, DATA OR PROFITS, WHETHER IN AN  .\"ACTION OF CONTRACT, NEGLIGENCE OR OTHER TORTIOUS ACTION, ARISING OUT OF  .\"OR IN CONNECTION WITH THE USE OR PERFORMANCE OF THIS SOFTWARE. -.Dd $Mdocdate: July 4 2019 $ +.Dd $Mdocdate: January 16 2021 $  .Dt DOAS 1  .Os  .Sh NAME @@ -85,13 +85,13 @@ will be printed on standard output, depending on command  matching results.  No command is executed.  .It Fl L -Clear any persisted authorizations from previous invocations, +Clear any persisted authentications from previous invocations,  then immediately exit.  No command is executed.  .It Fl n -Non interactive mode, fail if -.Nm -would prompt for password. +Non interactive mode, fail if the matching rule doesn't have the +.Ic nopass +option.  .It Fl s  Execute the shell from  .Ev SHELL diff --git a/usr.bin/doas/doas.c b/usr.bin/doas/doas.c index 15220e4..799373c 100644 --- a/usr.bin/doas/doas.c +++ b/usr.bin/doas/doas.c @@ -1,4 +1,4 @@ -/* $OpenBSD: doas.c,v 1.82 2019/10/18 17:15:45 tedu Exp $ */ +/* $OpenBSD: doas.c,v 1.90 2021/07/12 15:09:19 beck Exp $ */  /*   * Copyright (c) 2015 Ted Unangst <tedu@openbsd.org>   * @@ -147,7 +147,7 @@ static int  permit(uid_t uid, gid_t *groups, int ngroups, const struct rule **lastr,      uid_t target, const char *cmd, const char **cmdargs)  { -	int i; +	size_t i;  	*lastr = NULL;  	for (i = 0; i < nrules; i++) { @@ -194,6 +194,8 @@ checkconfig(const char *confpath, int argc, char **argv,  	const struct rule *rule;  	setresuid(uid, uid, uid); +	if (pledge("stdio rpath getpw", NULL) == -1) +		err(1, "pledge");  	parseconfig(confpath, 0);  	if (!argc)  		exit(0); @@ -254,8 +256,9 @@ authuser(char *myname, int persist)  	}  	if (!verifypasswd(myname, response)) {  		explicit_bzero(rbuf, sizeof(rbuf)); -		syslog(LOG_NOTICE, "failed auth for %s", myname); -		errx(1, "Authorization failed"); +		syslog(LOG_AUTHPRIV | LOG_NOTICE, +		    "failed auth for %s", myname); +		errx(1, "Authentication failed");  	}  	explicit_bzero(rbuf, sizeof(rbuf));  good: @@ -385,6 +388,8 @@ main(int argc, char **argv)  	}  	if (confpath) { +		if (pledge("stdio rpath getpw id", NULL) == -1) +			err(1, "pledge");  		checkconfig(confpath, argc, argv, uid, groups, ngroups,  		    target);  		exit(1);	/* fail safe */ @@ -407,14 +412,15 @@ main(int argc, char **argv)  	cmd = argv[0];  	if (!permit(uid, groups, ngroups, &rule, target, cmd,  	    (const char **)argv + 1)) { -		syslog(LOG_NOTICE, "failed command for %s: %s", mypw->pw_name, cmdline); +		syslog(LOG_AUTHPRIV | LOG_NOTICE, +		    "command not permitted for %s: %s", mypw->pw_name, cmdline);  		errno = EPERM;  		err(1, NULL);  	}  	if (!(rule->options & NOPASS)) {  		if (nflag) -			errx(1, "Authorization required"); +			errx(1, "Authentication required");  		authuser(mypw->pw_name, rule->options & PERSIST);  	} @@ -461,8 +467,11 @@ main(int argc, char **argv)  	if (pledge("stdio exec", NULL) == -1)  		err(1, "pledge"); -	syslog(LOG_INFO, "%s ran command %s as %s from %s", -	    mypw->pw_name, cmdline, targpw->pw_name, cwd); +	if (!(rule->options & NOLOG)) { +		syslog(LOG_AUTHPRIV | LOG_INFO, +		    "%s ran command %s as %s from %s", +		    mypw->pw_name, cmdline, targpw->pw_name, cwd); +	}  	envp = prepenv(rule, mypw, targpw); diff --git a/usr.bin/doas/doas.conf.5 b/usr.bin/doas/doas.conf.5 index 4adb94e..e98bfbe 100644 --- a/usr.bin/doas/doas.conf.5 +++ b/usr.bin/doas/doas.conf.5 @@ -1,4 +1,4 @@ -.\" $OpenBSD: doas.conf.5,v 1.43 2020/05/16 16:58:11 jmc Exp $ +.\" $OpenBSD: doas.conf.5,v 1.45 2020/10/09 10:24:33 jmc Exp $  .\"  .\"Copyright (c) 2015 Ted Unangst <tedu@openbsd.org>  .\" @@ -13,7 +13,7 @@  .\"WHATSOEVER RESULTING FROM LOSS OF USE, DATA OR PROFITS, WHETHER IN AN  .\"ACTION OF CONTRACT, NEGLIGENCE OR OTHER TORTIOUS ACTION, ARISING OUT OF  .\"OR IN CONNECTION WITH THE USE OR PERFORMANCE OF THIS SOFTWARE. -.Dd $Mdocdate: May 16 2020 $ +.Dd $Mdocdate: October 9 2020 $  .Dt DOAS.CONF 5  .Os  .Sh NAME @@ -45,6 +45,9 @@ Options are:  .Bl -tag -width keepenv  .It Ic nopass  The user is not required to enter a password. +.It Ic nolog +Do not log successful command execution to +.Xr syslogd 8 .  .It Ic persist  After the user successfully authenticates, do not ask for a password  again for some time. @@ -139,7 +142,8 @@ permit nopass tedu as root cmd /usr/sbin/procmap  permit nopass keepenv setenv { PATH } root as root  .Ed  .Sh SEE ALSO -.Xr doas 1 +.Xr doas 1 , +.Xr syslogd 8  .Sh HISTORY  The  .Nm diff --git a/usr.bin/doas/doas.h b/usr.bin/doas/doas.h index c97986e..58b2215 100644 --- a/usr.bin/doas/doas.h +++ b/usr.bin/doas/doas.h @@ -1,4 +1,4 @@ -/* $OpenBSD: doas.h,v 1.15 2019/06/17 19:51:23 tedu Exp $ */ +/* $OpenBSD: doas.h,v 1.17 2021/01/27 17:02:50 millert Exp $ */  /*   * Copyright (c) 2015 Ted Unangst <tedu@openbsd.org>   * @@ -26,7 +26,7 @@ struct rule {  };  extern struct rule **rules; -extern int nrules; +extern size_t nrules;  extern int parse_errors;  extern const char *formerpath; @@ -46,3 +46,4 @@ int clearpersist(void);  #define NOPASS		0x1  #define KEEPENV		0x2  #define PERSIST		0x4 +#define NOLOG		0x8 diff --git a/usr.bin/doas/parse.c b/usr.bin/doas/parse.c index abebdb2..9291da5 100644 --- a/usr.bin/doas/parse.c +++ b/usr.bin/doas/parse.c @@ -5,7 +5,7 @@  #define YYBYACC 1  #define YYMAJOR 2  #define YYMINOR 0 -#define YYPATCH 20200910 +#define YYPATCH 20210619  #define YYEMPTY        (-1)  #define yyclearin      (yychar = YYEMPTY) @@ -50,8 +50,8 @@ typedef struct {  FILE *yyfp;  struct rule **rules; -int nrules; -static int maxrules; +size_t nrules; +static size_t maxrules;  int parse_errors = 0; @@ -119,48 +119,52 @@ extern int YYPARSE_DECL();  #define TCMD 260  #define TARGS 261  #define TNOPASS 262 -#define TPERSIST 263 -#define TKEEPENV 264 -#define TSETENV 265 -#define TSTRING 266 +#define TNOLOG 263 +#define TPERSIST 264 +#define TKEEPENV 265 +#define TSETENV 266 +#define TSTRING 267  #define YYERRCODE 256 -typedef short YYINT; +typedef int YYINT;  static const YYINT yylhs[] = {                           -1,      0,    0,    0,    0,    1,    2,    2,    6,    6,    7, -    7,    7,    7,    8,    8,    3,    4,    4,    5,    5, -    9,    9, +    7,    7,    7,    7,    8,    8,    3,    4,    4,    5, +    5,    9,    9,  };  static const YYINT yylen[] = {                            2,      0,    2,    3,    2,    4,    2,    1,    0,    2,    1, -    1,    1,    4,    0,    2,    1,    0,    2,    0,    3, -    0,    2, +    1,    1,    1,    4,    0,    2,    1,    0,    2,    0, +    3,    0,    2,  };  static const YYINT yydefred[] = {                         0,      0,    0,    4,    8,    7,    2,    0,    0,    0,    3, -   16,    0,   10,   11,   12,    0,    9,    0,    0,   14, -   18,    0,    5,    0,    0,   15,   13,   14,   20,    0, +   17,    0,   10,   11,   12,   13,    0,    9,    0,    0, +   15,   19,    0,    5,    0,    0,   16,   14,   15,   21, +    0,  };  static const YYINT yydgoto[] = {                          2, -    7,    8,   12,   19,   23,    9,   17,   24,   29, +    7,    8,   12,   20,   24,    9,   18,   25,   30,  };  static const YYINT yysindex[] = {                      -253, -   -1,   -6,    0,    0,    0,    0,    2, -256, -257,    0, -    0, -246,    0,    0,    0, -109,    0, -251, -244,    0, -    0, -249,    0, -123, -243,    0,    0,    0,    0, -247, +    2,   -6,    0,    0,    0,    0,    3, -252, -257,    0, +    0, -249,    0,    0,    0,    0, -109,    0, -251, -243, +    0,    0, -248,    0, -123, -241,    0,    0,    0,    0, + -246,  };  static const YYINT yyrindex[] = {                         1,      0,    0,    0,    0,    0,    0,    0,    0, -245,    0, -    0,  -10,    0,    0,    0,    0,    0,    0,   10,    0, -    0,    0,    0,    0,   12,    0,    0,    0,    0,   13, +    0,  -10,    0,    0,    0,    0,    0,    0,    0,    8, +    0,    0,    0,    0,    0,   13,    0,    0,    0,    0, +   14,  };  static const YYINT yygindex[] = {                         0,      0,    0,    0,    0,    0,    0,    0,   -4,    0,  };  #define YYTABLESIZE 259 -static const YYINT yytable[] = {                         17, -    1,   27,    1,    6,   13,   14,   15,   16,    3,   11, -    1,   10,   18,   20,   21,   22,   25,   28,   26,   19, -    6,   21,   22,   30,    0,    0,    0,    0,    0,    0, +static const YYINT yytable[] = {                         18, +    1,   28,    1,    6,   13,   14,   15,   16,   17,   19, +    1,    3,   10,   21,   11,   22,   23,   20,   26,   29, +   27,    6,   22,   23,   31,    0,    0,    0,    0,    0,      0,    0,    0,    0,    0,    0,    0,    0,    0,    0,      0,    0,    0,    0,    0,    0,    0,    0,    0,    0,      0,    0,    0,    0,    0,    0,    0,    0,    0,    0, @@ -172,7 +176,7 @@ static const YYINT yytable[] = {                         17,      0,    0,    0,    0,    0,    0,    0,    0,    0,    0,      0,    0,    0,    0,    0,    0,    0,    0,    0,    0,      0,    0,    0,    0,    0,    0,    0,    0,    0,    0, -    0,    0,   26,    0,    0,    0,    0,    0,    0,    0, +    0,    0,    0,   27,    0,    0,    0,    0,    0,    0,      0,    0,    0,    0,    0,    0,    0,    0,    0,    0,      0,    0,    0,    0,    0,    0,    0,    0,    0,    0,      0,    0,    0,    0,    0,    0,    0,    0,    0,    0, @@ -182,13 +186,13 @@ static const YYINT yytable[] = {                         17,      0,    0,    0,    0,    0,    0,    0,    0,    0,    0,      0,    0,    0,    0,    0,    0,    0,    0,    0,    0,      0,    0,    0,    0,    0,    0,    0,    0,    0,    0, -    0,    0,    0,    0,    0,    0,    0,    0,    0,   17, +    0,    0,    0,    0,    0,    0,    0,    0,    0,   18,      4,    5,    0,    0,    0,    0,    0,    1,    1,  };  static const YYINT yycheck[] = {                         10, -    0,  125,  256,   10,  262,  263,  264,  265,   10,  266, -   10,   10,  259,  123,  266,  260,  266,  261,  266,   10, -  266,   10,   10,   28,   -1,   -1,   -1,   -1,   -1,   -1, +    0,  125,  256,   10,  262,  263,  264,  265,  266,  259, +   10,   10,   10,  123,  267,  267,  260,   10,  267,  261, +  267,  267,   10,   10,   29,   -1,   -1,   -1,   -1,   -1,     -1,   -1,   -1,   -1,   -1,   -1,   -1,   -1,   -1,   -1,     -1,   -1,   -1,   -1,   -1,   -1,   -1,   -1,   -1,   -1,     -1,   -1,   -1,   -1,   -1,   -1,   -1,   -1,   -1,   -1, @@ -200,7 +204,7 @@ static const YYINT yycheck[] = {                         10,     -1,   -1,   -1,   -1,   -1,   -1,   -1,   -1,   -1,   -1,     -1,   -1,   -1,   -1,   -1,   -1,   -1,   -1,   -1,   -1,     -1,   -1,   -1,   -1,   -1,   -1,   -1,   -1,   -1,   -1, -   -1,   -1,  266,   -1,   -1,   -1,   -1,   -1,   -1,   -1, +   -1,   -1,   -1,  267,   -1,   -1,   -1,   -1,   -1,   -1,     -1,   -1,   -1,   -1,   -1,   -1,   -1,   -1,   -1,   -1,     -1,   -1,   -1,   -1,   -1,   -1,   -1,   -1,   -1,   -1,     -1,   -1,   -1,   -1,   -1,   -1,   -1,   -1,   -1,   -1, @@ -217,8 +221,8 @@ static const YYINT yycheck[] = {                         10,  #ifndef YYDEBUG  #define YYDEBUG 0  #endif -#define YYMAXTOKEN 266 -#define YYUNDFTOKEN 278 +#define YYMAXTOKEN 267 +#define YYUNDFTOKEN 279  #define YYTRANSLATE(a) ((a) > YYMAXTOKEN ? YYUNDFTOKEN : (a))  #if YYDEBUG  static const char *const yyname[] = { @@ -230,8 +234,8 @@ static const char *const yyname[] = {  0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,  0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,  0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,"TPERMIT","TDENY", -"TAS","TCMD","TARGS","TNOPASS","TPERSIST","TKEEPENV","TSETENV","TSTRING",0,0,0, -0,0,0,0,0,0,0,0,"illegal-symbol", +"TAS","TCMD","TARGS","TNOPASS","TNOLOG","TPERSIST","TKEEPENV","TSETENV", +"TSTRING",0,0,0,0,0,0,0,0,0,0,0,"illegal-symbol",  };  static const char *const yyrule[] = {  "$accept : grammar", @@ -245,6 +249,7 @@ static const char *const yyrule[] = {  "options :",  "options : options option",  "option : TNOPASS", +"option : TNOLOG",  "option : TPERSIST",  "option : TKEEPENV",  "option : TSETENV '{' strlist '}'", @@ -296,7 +301,7 @@ typedef struct {  } YYSTACKDATA;  /* variables for the parser stack */  static YYSTACKDATA yystack; -#line 189 "usr.bin/doas/parse.y" +#line 192 "usr.bin/doas/parse.y"  void  yyerror(const char *fmt, ...) @@ -321,6 +326,7 @@ static struct keyword {  	{ "cmd", TCMD },  	{ "args", TARGS },  	{ "nopass", TNOPASS }, +	{ "nolog", TNOLOG },  	{ "persist", TPERSIST },  	{ "keepenv", TKEEPENV },  	{ "setenv", TSETENV }, @@ -330,7 +336,8 @@ int  yylex(void)  {  	char buf[1024], *ebuf, *p, *str; -	int i, c, quotes = 0, escape = 0, qpos = -1, nonkw = 0; +	int c, quotes = 0, escape = 0, qpos = -1, nonkw = 0; +	size_t i;  	p = buf;  	ebuf = buf + sizeof(buf); @@ -452,7 +459,7 @@ eof:  		yyerror("input error reading config");  	return 0;  } -#line 456 "usr.bin/doas/parse.c" +#line 463 "usr.bin/doas/parse.c"  #if YYDEBUG  #include <stdio.h>	/* needed for printf */ @@ -527,12 +534,12 @@ YYPARSE_DECL()      }  #endif -    yym = 0; -    yyn = 0; +    /* yym is set below */ +    /* yyn is set below */      yynerrs = 0;      yyerrflag = 0;      yychar = YYEMPTY; -    yystate = 0; +    /* yystate is set below */  #if YYPURE      memset(&yystack, 0, sizeof(yystack)); @@ -667,12 +674,12 @@ case 5:  			r->cmdargs = yystack.l_mark[0].cmdargs;  			if (nrules == maxrules) {  				if (maxrules == 0) -					maxrules = 63; -				else -					maxrules *= 2; -				if (!(rules = reallocarray(rules, maxrules, -				    sizeof(*rules)))) +					maxrules = 32; +				rules = reallocarray(rules, maxrules, +				    2 * sizeof(*rules)); +				if (!rules)  					errx(1, "can't allocate rules"); +				maxrules *= 2;  			}  			rules[nrules++] = r;  		} @@ -728,33 +735,40 @@ break;  case 11:  #line 140 "usr.bin/doas/parse.y"  	{ -			yyval.options = PERSIST; +			yyval.options = NOLOG;  			yyval.envlist = NULL;  		}  break;  case 12:  #line 143 "usr.bin/doas/parse.y"  	{ -			yyval.options = KEEPENV; +			yyval.options = PERSIST;  			yyval.envlist = NULL;  		}  break;  case 13:  #line 146 "usr.bin/doas/parse.y"  	{ +			yyval.options = KEEPENV; +			yyval.envlist = NULL; +		} +break; +case 14: +#line 149 "usr.bin/doas/parse.y" +	{  			yyval.options = 0;  			yyval.envlist = yystack.l_mark[-1].strlist;  		}  break; -case 14: -#line 151 "usr.bin/doas/parse.y" +case 15: +#line 154 "usr.bin/doas/parse.y"  	{  			if (!(yyval.strlist = calloc(1, sizeof(char *))))  				errx(1, "can't allocate strlist");  		}  break; -case 15: -#line 154 "usr.bin/doas/parse.y" +case 16: +#line 157 "usr.bin/doas/parse.y"  	{  			int nstr = arraylen(yystack.l_mark[-1].strlist);  			if (!(yyval.strlist = reallocarray(yystack.l_mark[-1].strlist, nstr + 2, @@ -764,51 +778,51 @@ case 15:  			yyval.strlist[nstr + 1] = NULL;  		}  break; -case 16: -#line 164 "usr.bin/doas/parse.y" +case 17: +#line 167 "usr.bin/doas/parse.y"  	{  			yyval.str = yystack.l_mark[0].str;  		}  break; -case 17: -#line 168 "usr.bin/doas/parse.y" +case 18: +#line 171 "usr.bin/doas/parse.y"  	{  			yyval.str = NULL;  		}  break; -case 18: -#line 170 "usr.bin/doas/parse.y" +case 19: +#line 173 "usr.bin/doas/parse.y"  	{  			yyval.str = yystack.l_mark[0].str;  		}  break; -case 19: -#line 174 "usr.bin/doas/parse.y" +case 20: +#line 177 "usr.bin/doas/parse.y"  	{  			yyval.cmd = NULL;  			yyval.cmdargs = NULL;  		}  break; -case 20: -#line 177 "usr.bin/doas/parse.y" +case 21: +#line 180 "usr.bin/doas/parse.y"  	{  			yyval.cmd = yystack.l_mark[-1].str;  			yyval.cmdargs = yystack.l_mark[0].cmdargs;  		}  break; -case 21: -#line 182 "usr.bin/doas/parse.y" +case 22: +#line 185 "usr.bin/doas/parse.y"  	{  			yyval.cmdargs = NULL;  		}  break; -case 22: -#line 184 "usr.bin/doas/parse.y" +case 23: +#line 187 "usr.bin/doas/parse.y"  	{  			yyval.cmdargs = yystack.l_mark[0].strlist;  		}  break; -#line 812 "usr.bin/doas/parse.c" +#line 826 "usr.bin/doas/parse.c"      }      yystack.s_mark -= yym;      yystate = *yystack.s_mark; diff --git a/usr.bin/doas/parse.tab.h b/usr.bin/doas/parse.tab.h index dfa6b41..c2ce6f9 100644 --- a/usr.bin/doas/parse.tab.h +++ b/usr.bin/doas/parse.tab.h @@ -4,7 +4,8 @@  #define TCMD 260  #define TARGS 261  #define TNOPASS 262 -#define TPERSIST 263 -#define TKEEPENV 264 -#define TSETENV 265 -#define TSTRING 266 +#define TNOLOG 263 +#define TPERSIST 264 +#define TKEEPENV 265 +#define TSETENV 266 +#define TSTRING 267 diff --git a/usr.bin/doas/parse.y b/usr.bin/doas/parse.y index d1f698c..587fd2c 100644 --- a/usr.bin/doas/parse.y +++ b/usr.bin/doas/parse.y @@ -1,4 +1,4 @@ -/* $OpenBSD: parse.y,v 1.27 2018/07/11 07:39:22 krw Exp $ */ +/* $OpenBSD: parse.y,v 1.29 2021/01/27 17:02:50 millert Exp $ */  /*   * Copyright (c) 2015 Ted Unangst <tedu@openbsd.org>   * @@ -48,8 +48,8 @@ typedef struct {  FILE *yyfp;  struct rule **rules; -int nrules; -static int maxrules; +size_t nrules; +static size_t maxrules;  int parse_errors = 0; @@ -71,7 +71,7 @@ arraylen(const char **arr)  %}  %token TPERMIT TDENY TAS TCMD TARGS -%token TNOPASS TPERSIST TKEEPENV TSETENV +%token TNOPASS TNOLOG TPERSIST TKEEPENV TSETENV  %token TSTRING  %% @@ -96,12 +96,12 @@ rule:		action ident target cmd {  			r->cmdargs = $4.cmdargs;  			if (nrules == maxrules) {  				if (maxrules == 0) -					maxrules = 63; -				else -					maxrules *= 2; -				if (!(rules = reallocarray(rules, maxrules, -				    sizeof(*rules)))) +					maxrules = 32; +				rules = reallocarray(rules, maxrules, +				    2 * sizeof(*rules)); +				if (!rules)  					errx(1, "can't allocate rules"); +				maxrules *= 2;  			}  			rules[nrules++] = r;  		} ; @@ -137,6 +137,9 @@ options:	/* none */ {  option:		TNOPASS {  			$$.options = NOPASS;  			$$.envlist = NULL; +		} | TNOLOG { +			$$.options = NOLOG; +			$$.envlist = NULL;  		} | TPERSIST {  			$$.options = PERSIST;  			$$.envlist = NULL; @@ -210,6 +213,7 @@ static struct keyword {  	{ "cmd", TCMD },  	{ "args", TARGS },  	{ "nopass", TNOPASS }, +	{ "nolog", TNOLOG },  	{ "persist", TPERSIST },  	{ "keepenv", TKEEPENV },  	{ "setenv", TSETENV }, @@ -219,7 +223,8 @@ int  yylex(void)  {  	char buf[1024], *ebuf, *p, *str; -	int i, c, quotes = 0, escape = 0, qpos = -1, nonkw = 0; +	int c, quotes = 0, escape = 0, qpos = -1, nonkw = 0; +	size_t i;  	p = buf;  	ebuf = buf + sizeof(buf); | 
