| version 1.45, 2015/10/24 19:23:48 |
version 1.46, 2015/12/03 08:12:15 |
|
|
| #include <limits.h> |
#include <limits.h> |
| #include <login_cap.h> |
#include <login_cap.h> |
| #include <bsd_auth.h> |
#include <bsd_auth.h> |
| |
#include <readpassphrase.h> |
| #include <string.h> |
#include <string.h> |
| #include <stdio.h> |
#include <stdio.h> |
| #include <stdlib.h> |
#include <stdlib.h> |
|
|
| char cwdpath[PATH_MAX]; |
char cwdpath[PATH_MAX]; |
| const char *cwd; |
const char *cwd; |
| |
|
| if (pledge("stdio rpath getpw proc exec id", NULL) == -1) |
if (pledge("stdio rpath getpw tty proc exec id", NULL) == -1) |
| err(1, "pledge"); |
err(1, "pledge"); |
| |
|
| closefrom(STDERR_FILENO + 1); |
closefrom(STDERR_FILENO + 1); |
|
|
| } |
} |
| |
|
| if (!(rule->options & NOPASS)) { |
if (!(rule->options & NOPASS)) { |
| |
char *challenge = NULL, *response, rbuf[1024], cbuf[128]; |
| |
auth_session_t *as; |
| |
|
| if (nflag) |
if (nflag) |
| errx(1, "Authorization required"); |
errx(1, "Authorization required"); |
| if (!auth_userokay(myname, NULL, "auth-doas", NULL)) { |
|
| |
if (!(as = auth_userchallenge(myname, NULL, "auth-doas", |
| |
&challenge))) |
| |
err(1, "auth challenge failed"); |
| |
if (!challenge) { |
| |
char host[HOST_NAME_MAX + 1]; |
| |
if (gethostname(host, sizeof(host))) |
| |
snprintf(host, sizeof(host), "?"); |
| |
snprintf(cbuf, sizeof(cbuf), |
| |
"doas (%.32s@%.32s) password: ", myname, host); |
| |
challenge = cbuf; |
| |
} |
| |
response = readpassphrase(challenge, rbuf, sizeof(rbuf), 0); |
| |
if (!auth_userresponse(as, response, 0)) { |
| syslog(LOG_AUTHPRIV | LOG_NOTICE, |
syslog(LOG_AUTHPRIV | LOG_NOTICE, |
| "failed password for %s", myname); |
"failed auth for %s", myname); |
| errc(1, EPERM, NULL); |
errc(1, EPERM, NULL); |
| } |
} |
| } |
} |
![[BACK]](/icons/back.gif){kind=icon}
Return to doas.c CVS log ![[TXT]](/icons/text.gif){kind=icon}
![[DIR]](/icons/dir.gif){kind=icon}
Up to [local] / src / usr.bin / doas