allocate user info in a structure on the stack, this way memory is managed for
us and we don't have to free most things that would be difficult to free.
open and close the pam context between each authentication attempt to prevent
errors with consecutive authentications, this is a hack but I don't know a
better way.
implemented -e flag:
it copies the elements of env that we want to keep, clears the environment and
sets it to only the saved and default elements.
also removed the code for copying the environment and allocating a new one
us now changes the environment variables listed in TODO before executing the
command, also added but commented out a version where the env gets copied and
the execution happens trough the musl implementation of execvpe(3)
reworked the privilege escalation works by changing the way target user info
is passed around, now we pass struct passwd* and struct group* instead of
strings wich allows much greater flexibility.
Also now us mimics the behavior of sudo and doas regarding the shell proxies:
- commands are started under a subshell, that shell is the user's
- if no command is specified just the shell is executed
commands are now run in a subshell, this is often needed for chains of commands
where it is not the main command to need the privilege but a subcommand does,
for example
us echo 30 > /sys/class/backlight/*/brightness
it is not echo that needs the elevated privilege but the redirection '>' does.
added two files,
TODO: things that still need to be taken care of that may be too long to
write in the source code
config.template: mockups of the config file
Linux User
