version 1.91, 2021/09/07 13:46:07 |
version 1.92, 2021/10/13 17:41:14 |
|
|
} |
} |
|
|
static int |
static int |
authuser(char *myname, char *login_style, int persist) |
authuser_checkpass(char *myname, char *login_style) |
{ |
{ |
char *challenge = NULL, *response, rbuf[1024], cbuf[128]; |
char *challenge = NULL, *response, rbuf[1024], cbuf[128]; |
auth_session_t *as; |
auth_session_t *as; |
int fd = -1; |
|
|
|
if (persist) |
|
fd = open("/dev/tty", O_RDWR); |
|
if (fd != -1) { |
|
if (ioctl(fd, TIOCCHKVERAUTH) == 0) |
|
goto good; |
|
} |
|
|
|
if (!(as = auth_userchallenge(myname, login_style, "auth-doas", |
if (!(as = auth_userchallenge(myname, login_style, "auth-doas", |
&challenge))) { |
&challenge))) { |
warnx("Authentication failed"); |
warnx("Authentication failed"); |
|
|
return AUTH_FAILED; |
return AUTH_FAILED; |
} |
} |
explicit_bzero(rbuf, sizeof(rbuf)); |
explicit_bzero(rbuf, sizeof(rbuf)); |
|
return AUTH_OK; |
|
} |
|
|
|
static void |
|
authuser(char *myname, char *login_style, int persist) |
|
{ |
|
int i, fd = -1; |
|
|
|
if (persist) |
|
fd = open("/dev/tty", O_RDWR); |
|
if (fd != -1) { |
|
if (ioctl(fd, TIOCCHKVERAUTH) == 0) |
|
goto good; |
|
} |
|
for (i = 0; i < AUTH_RETRIES; i++) { |
|
if (authuser_checkpass(myname, login_style) == AUTH_OK) |
|
goto good; |
|
} |
|
exit(1); |
good: |
good: |
if (fd != -1) { |
if (fd != -1) { |
int secs = 5 * 60; |
int secs = 5 * 60; |
ioctl(fd, TIOCSETVERAUTH, &secs); |
ioctl(fd, TIOCSETVERAUTH, &secs); |
close(fd); |
close(fd); |
} |
} |
|
|
return AUTH_OK; |
|
} |
} |
|
|
int |
int |
|
|
int i, ch, rv; |
int i, ch, rv; |
int sflag = 0; |
int sflag = 0; |
int nflag = 0; |
int nflag = 0; |
int authed = AUTH_FAILED; |
|
char cwdpath[PATH_MAX]; |
char cwdpath[PATH_MAX]; |
const char *cwd; |
const char *cwd; |
char *login_style = NULL; |
char *login_style = NULL; |
|
|
if (nflag) |
if (nflag) |
errx(1, "Authentication required"); |
errx(1, "Authentication required"); |
|
|
for (i = 0; i < AUTH_RETRIES; i++) { |
authuser(mypw->pw_name, login_style, rule->options & PERSIST); |
authed = authuser(mypw->pw_name, login_style, |
|
rule->options & PERSIST); |
|
if (authed == AUTH_OK) |
|
break; |
|
} |
|
|
|
if (authed != AUTH_OK) |
|
exit(1); |
|
} |
} |
|
|
if ((p = getenv("PATH")) != NULL) |
if ((p = getenv("PATH")) != NULL) |