check return value of setresuid

[opendoas.git] / doas.c

diff --git a/doas.c b/doas.c
index 8094aad4efd7cd0826b68929456f06a4a4d078ef..3e158246a2a42c7356a5ce5951364b3dd489318e 100644 (file)
--- a/doas.c
+++ b/doas.c
@@ -32,7 +32,6 @@
 #include "includes.h"
 
 #include "doas.h"
-#include "version.h"
 
 static void __dead
 version(void)
@@ -296,7 +295,9 @@ checkconfig(const char *confpath, int argc, char **argv,
 {
        struct rule *rule;
 
-       setresuid(uid, uid, uid);
+       if (setresuid(uid, uid, uid) != 0)
+               err(1, "setresuid");
+
        parseconfig(confpath, 0);
        if (!argc)
                exit(0);
@@ -438,11 +439,11 @@ main(int argc, char **argv, char **envp)
                errc(1, EPERM, NULL);
        }
 
+#ifdef HAVE_BSD_AUTH_H
        if (!(rule->options & NOPASS)) {
                if (nflag)
                        errx(1, "Authorization required");
 
-#ifdef HAVE_BSD_AUTH_H
                char *challenge = NULL, *response, rbuf[1024], cbuf[128];
                auth_session_t *as;
 
@@ -470,14 +471,17 @@ main(int argc, char **argv, char **envp)
                        errc(1, EPERM, NULL);
                }
                explicit_bzero(rbuf, sizeof(rbuf));
+       }
+#elif HAVE_PAM_APPL_H
+       if (!doas_pam(myname, !nflag, rule->options & NOPASS)) {
+               syslog(LOG_AUTHPRIV | LOG_NOTICE,
+                               "failed auth for %s", myname);
+               errc(1, EPERM, NULL);
+       }
 #else
-               if (!auth_userokay(myname, NULL, NULL, NULL)) {
-                       syslog(LOG_AUTHPRIV | LOG_NOTICE,
-                           "failed auth for %s", myname);
-                       errc(1, EPERM, NULL);
-               }
+       if (!(rule->options & NOPASS)) {
+                       errx(1, "Authorization required");
 #endif /* HAVE_BSD_AUTH_H */
-       }
 
        if (pledge("stdio rpath getpw exec id", NULL) == -1)
                err(1, "pledge");