From 6f6e63f99b90f2c14337e5d0e649c8e0ba94300c Mon Sep 17 00:00:00 2001
From: Reyk Floeter <reyk@esdenera.com>
Date: Mon, 3 Jul 2017 20:04:57 +0200
Subject: [PATCH] Disable boot delay on AWS/Azure, set doas to user not wheel,
 set .forward.

---
 agent/main.c | 16 +++++++++++-----
 1 file changed, 11 insertions(+), 5 deletions(-)

diff --git a/agent/main.c b/agent/main.c
index 68df50d..98a51ce 100644
--- a/agent/main.c
+++ b/agent/main.c
@@ -495,12 +495,16 @@ agent_configure(struct system_config *sc, int noaction)
 	    "-m", sc->sc_username, NULL) != 0)
 		log_warnx("username failed");
 
+	if (fileout(sc->sc_username, "w", "/root/.forward") != 0)
+		log_warnx(".forward failed");
+
 	/* password */
 	if (sc->sc_password == NULL) {
 		str1 = "/PasswordAuthentication/"
 		    "s/.*/PasswordAuthentication no/";
-		str2 = "permit keepenv nopass :wheel as root\n"
-		    "permit keepenv nopass root\n";
+		if (asprintf(&str2, "permit keepenv nopass %s as root\n"
+		    "permit keepenv nopass root\n", sc->sc_username) == -1)
+			str2 = NULL;
 	} else {
 		if (!noaction &&
 		    shell("usermod", "-p", sc->sc_password,
@@ -509,13 +513,15 @@ agent_configure(struct system_config *sc, int noaction)
 
 		str1 = "/PasswordAuthentication/"
 		    "s/.*/PasswordAuthentication yes/";
-		str2 = "permit keepenv persist :wheel as root\n"
-		    "permit keepenv nopass root\n";
+		if (asprintf(&str2, "permit keepenv persist %s as root\n"
+		    "permit keepenv nopass root\n", sc->sc_username) == -1)
+			str2 = NULL;
 	}
 
 	/* doas */
-	if (fileout(str2, "w", "/etc/doas.conf") != 0)
+	if (str2 == NULL || fileout(str2, "w", "/etc/doas.conf") != 0)
 		log_warnx("doas failed");
+	free(str2);
 
 	/* ssh configuration */
 	if (sc->sc_password == NULL && !TAILQ_EMPTY(&sc->sc_pubkeys))