D52437.id161752.diff
No OneTemporary
Actions

Size

3 KB

Referenced Files

None

Subscribers

None

D52437.id161752.diff
View Options

	diff --git a/libexec/nuageinit/nuage.lua b/libexec/nuageinit/nuage.lua
	--- a/libexec/nuageinit/nuage.lua
	+++ b/libexec/nuageinit/nuage.lua
	@@ -276,6 +276,52 @@
	end
	end

	+local function adddoas(pwd)
	+ local chmodetcdir = false
	+ local chmoddoasconf = false
	+ local root = os.getenv("NUAGE_FAKE_ROOTDIR")
	+ local etcdir = "/usr/local/etc"
	+ if root then
	+ etcdir= root .. etcdir
	+ end
	+ local doasconf = etcdir .. "/doas.conf"
	+ local doasconf_attr = lfs.attributes(doasconf)
	+ if doasconf_attr == nil then
	+ chmoddoasconf = true
	+ local dirattrs = lfs.attributes(etcdir)
	+ if dirattrs == nil then
	+ local r, err = mkdir_p(etcdir)
	+ if not r then
	+ return nil, err .. " (creating " .. etcdir .. ")"
	+ end
	+ chmodetcdir = true
	+ end
	+ end
	+ local f = io.open(doasconf, "a")
	+ if not f then
	+ warnmsg("impossible to open " .. doasconf)
	+ return
	+ end
	+ if type(pwd.doas) == "string" then
	+ local rule = pwd.doas
	+ rule = rule:gsub("%%u", pwd.name)
	+ f:write(rule .. "\n")
	+ elseif type(pwd.doas) == "table" then
	+ for _, str in ipairs(pwd.doas) do
	+ local rule = str
	+ rule = rule:gsub("%%u", pwd.name)
	+ f:write(rule .. "\n")
	+ end
	+ end
	+ f:close()
	+ if chmoddoasconf then
	+ chmod(doasconf, "0640")
	+ end
	+ if chmodetcdir then
	+ chmod(etcdir, "0740")
	+ end
	+end
	+
	local function addsudo(pwd)
	local chmodsudoersd = false
	local chmodsudoers = false
	@@ -584,6 +630,7 @@
	update_packages = update_packages,
	upgrade_packages = upgrade_packages,
	addsudo = addsudo,
	+ adddoas = adddoas,
	addfile = addfile
	}

	diff --git a/libexec/nuageinit/nuageinit b/libexec/nuageinit/nuageinit
	--- a/libexec/nuageinit/nuageinit
	+++ b/libexec/nuageinit/nuageinit
	@@ -139,6 +139,9 @@
	if u.sudo then
	nuage.addsudo(u)
	end
	+ if u.doas then
	+ nuage.adddoas(u)
	+ end
	else
	nuage.warn("invalid type : " .. type(u) .. " for users entry number " .. n)
	end
	diff --git a/libexec/nuageinit/nuageinit.7 b/libexec/nuageinit/nuageinit.7
	--- a/libexec/nuageinit/nuageinit.7
	+++ b/libexec/nuageinit/nuageinit.7
	@@ -308,6 +308,13 @@
	.It Ic sudo
	A string or an array of strings which should be appended to
	.Pa /usr/local/etc/sudoers.d/90-nuageinit-users
	+.It Ic doas
	+A string or an array of strings which should be appended to
	+.Pa /usr/local/etc/doas.conf
	+.Pp
	+Instead of hardcoding the username, you can use
	+.Sy %u Ns ,
	+which will be replaced by the current username.
	.El
	.Pp
	A special case exist: if the entry is a simple string with the value
	diff --git a/libexec/nuageinit/tests/nuageinit.sh b/libexec/nuageinit/tests/nuageinit.sh
	--- a/libexec/nuageinit/tests/nuageinit.sh
	+++ b/libexec/nuageinit/tests/nuageinit.sh
	@@ -119,12 +119,16 @@
	gecos: Foo B. Bar
	primary_group: foobar
	sudo: ALL=(ALL) NOPASSWD:ALL
	+ doas: permit persist %u as root
	groups: users
	passwd: $6$j212wezy$7H/1LT4f9/N3wpgNunhsIqtMj62OKiS3nyNwuizouQc3u7MbYCarYeAHWYPYb2FT.lbioDm2RrkJPb9BZMN1O/
	- name: bla
	sudo:
	- "ALL=(ALL) NOPASSWD:/usr/sbin/pw"
	- "ALL=(ALL) ALL"
	+ doas:
	+ - "deny %u as foobar"
	+ - "permit persist %u as root cmd whoami"
	EOF
	atf_check /usr/libexec/nuageinit "${PWD}"/media/nuageinit nocloud
	atf_check /usr/libexec/nuageinit "${PWD}"/media/nuageinit postnet

File Metadata

Mime Type: text/plain
Expires: Fri, Nov 28, 10:26 PM (3 h, 58 m)
Storage Engine: blob
Storage Format: Raw Data
Storage Handle: 26305767
Default Alt Text: D52437.id161752.diff (3 KB)

D52437.id161752.diffNo OneTemporaryActions

D52437.id161752.diffView Options

File Metadata

Event Timeline

D52437.id161752.diff
No OneTemporary
Actions

D52437.id161752.diff
View Options