version 1.45, 2015/10/24 19:23:48 |
version 1.46, 2015/12/03 08:12:15 |
|
|
#include <limits.h> |
#include <limits.h> |
#include <login_cap.h> |
#include <login_cap.h> |
#include <bsd_auth.h> |
#include <bsd_auth.h> |
|
#include <readpassphrase.h> |
#include <string.h> |
#include <string.h> |
#include <stdio.h> |
#include <stdio.h> |
#include <stdlib.h> |
#include <stdlib.h> |
|
|
char cwdpath[PATH_MAX]; |
char cwdpath[PATH_MAX]; |
const char *cwd; |
const char *cwd; |
|
|
if (pledge("stdio rpath getpw proc exec id", NULL) == -1) |
if (pledge("stdio rpath getpw tty proc exec id", NULL) == -1) |
err(1, "pledge"); |
err(1, "pledge"); |
|
|
closefrom(STDERR_FILENO + 1); |
closefrom(STDERR_FILENO + 1); |
|
|
} |
} |
|
|
if (!(rule->options & NOPASS)) { |
if (!(rule->options & NOPASS)) { |
|
char *challenge = NULL, *response, rbuf[1024], cbuf[128]; |
|
auth_session_t *as; |
|
|
if (nflag) |
if (nflag) |
errx(1, "Authorization required"); |
errx(1, "Authorization required"); |
if (!auth_userokay(myname, NULL, "auth-doas", NULL)) { |
|
|
if (!(as = auth_userchallenge(myname, NULL, "auth-doas", |
|
&challenge))) |
|
err(1, "auth challenge failed"); |
|
if (!challenge) { |
|
char host[HOST_NAME_MAX + 1]; |
|
if (gethostname(host, sizeof(host))) |
|
snprintf(host, sizeof(host), "?"); |
|
snprintf(cbuf, sizeof(cbuf), |
|
"doas (%.32s@%.32s) password: ", myname, host); |
|
challenge = cbuf; |
|
} |
|
response = readpassphrase(challenge, rbuf, sizeof(rbuf), 0); |
|
if (!auth_userresponse(as, response, 0)) { |
syslog(LOG_AUTHPRIV | LOG_NOTICE, |
syslog(LOG_AUTHPRIV | LOG_NOTICE, |
"failed password for %s", myname); |
"failed auth for %s", myname); |
errc(1, EPERM, NULL); |
errc(1, EPERM, NULL); |
} |
} |
} |
} |