| version 1.62, 2016/09/01 17:30:52 |
version 1.63, 2016/09/02 18:12:30 |
|
|
| |
|
| #include <sys/types.h> |
#include <sys/types.h> |
| #include <sys/stat.h> |
#include <sys/stat.h> |
| |
#include <sys/ioctl.h> |
| |
|
| #include <limits.h> |
#include <limits.h> |
| #include <login_cap.h> |
#include <login_cap.h> |
|
|
| #include <grp.h> |
#include <grp.h> |
| #include <syslog.h> |
#include <syslog.h> |
| #include <errno.h> |
#include <errno.h> |
| |
#include <fcntl.h> |
| |
|
| #include "doas.h" |
#include "doas.h" |
| |
|
| static void __dead |
static void __dead |
| usage(void) |
usage(void) |
| { |
{ |
| fprintf(stderr, "usage: doas [-ns] [-a style] [-C config] [-u user]" |
fprintf(stderr, "usage: doas [-Lns] [-a style] [-C config] [-u user]" |
| " command [args]\n"); |
" command [args]\n"); |
| exit(1); |
exit(1); |
| } |
} |
|
|
| } |
} |
| |
|
| static void |
static void |
| authuser(char *myname, char *login_style) |
authuser(char *myname, char *login_style, int persist) |
| { |
{ |
| char *challenge = NULL, *response, rbuf[1024], cbuf[128]; |
char *challenge = NULL, *response, rbuf[1024], cbuf[128]; |
| auth_session_t *as; |
auth_session_t *as; |
| |
int fd = -1; |
| |
|
| |
if (persist) |
| |
fd = open("/dev/tty", O_RDWR); |
| |
if (fd != -1) { |
| |
if (ioctl(fd, TIOCCHKVERAUTH) == 0) |
| |
goto good; |
| |
} |
| |
|
| if (!(as = auth_userchallenge(myname, login_style, "auth-doas", |
if (!(as = auth_userchallenge(myname, login_style, "auth-doas", |
| &challenge))) |
&challenge))) |
| errx(1, "Authorization failed"); |
errx(1, "Authorization failed"); |
|
|
| errc(1, EPERM, NULL); |
errc(1, EPERM, NULL); |
| } |
} |
| explicit_bzero(rbuf, sizeof(rbuf)); |
explicit_bzero(rbuf, sizeof(rbuf)); |
| |
good: |
| |
if (fd != -1) { |
| |
int secs = 10 * 60; |
| |
ioctl(fd, TIOCSETVERAUTH, &secs); |
| |
close(fd); |
| |
} |
| } |
} |
| |
|
| int |
int |
|
|
| |
|
| setprogname("doas"); |
setprogname("doas"); |
| |
|
| if (pledge("stdio rpath getpw tty recvfd proc exec id", NULL) == -1) |
|
| err(1, "pledge"); |
|
| |
|
| closefrom(STDERR_FILENO + 1); |
closefrom(STDERR_FILENO + 1); |
| |
|
| uid = getuid(); |
uid = getuid(); |
| |
|
| while ((ch = getopt(argc, argv, "a:C:nsu:")) != -1) { |
while ((ch = getopt(argc, argv, "a:C:Lnsu:")) != -1) { |
| switch (ch) { |
switch (ch) { |
| case 'a': |
case 'a': |
| login_style = optarg; |
login_style = optarg; |
|
|
| case 'C': |
case 'C': |
| confpath = optarg; |
confpath = optarg; |
| break; |
break; |
| |
case 'L': |
| |
i = open("/dev/tty", O_RDWR); |
| |
if (i != -1) |
| |
ioctl(i, TIOCCLRVERAUTH); |
| |
exit(i != -1); |
| case 'u': |
case 'u': |
| if (parseuid(optarg, &target) != 0) |
if (parseuid(optarg, &target) != 0) |
| errx(1, "unknown user"); |
errx(1, "unknown user"); |
|
|
| if (nflag) |
if (nflag) |
| errx(1, "Authorization required"); |
errx(1, "Authorization required"); |
| |
|
| authuser(myname, login_style); |
authuser(myname, login_style, rule->options & PERSIST); |
| } |
} |
| |
|
| if (pledge("stdio rpath getpw exec id", NULL) == -1) |
if (pledge("stdio rpath getpw exec id", NULL) == -1) |
![[BACK]](/icons/back.gif){kind=icon}
Return to doas.c CVS log ![[TXT]](/icons/text.gif){kind=icon}
![[DIR]](/icons/dir.gif){kind=icon}
Up to [local] / src / usr.bin / doas