persist_timestamp: add start time and document implementation details

[opendoas.git] / doas.c

diff --git a/doas.c b/doas.c
index b6a7bc10fee24bc7adfa9d63c63399d3f087f09d..7c682cfed17e313ca90385e94bad9b9e90b7411a 100644 (file)
--- a/doas.c
+++ b/doas.c
@@ -242,7 +242,7 @@ authuser(char *myname, char *login_style, int persist)
        if (!auth_userresponse(as, response, 0)) {
                syslog(LOG_AUTHPRIV | LOG_NOTICE,
                    "failed auth for %s", myname);
-               errc(1, EPERM, NULL);
+               errx(1, "Authorization failed");
        }
        explicit_bzero(rbuf, sizeof(rbuf));
 good:
@@ -261,7 +261,17 @@ authuser(const char *myname, const char *login_style, int persist)
        struct passwd *pw;
 
        (void)login_style;
+
+#ifdef PERSIST_TIMESTAMP
+       int fd = -1;
+       int valid;
+       if (persist)
+               fd = persist_open(&valid, 5 * 60);
+       if (fd != -1 && valid)
+               goto good;
+#else
        (void)persist;
+#endif
 
        if (!(pw = getpwnam(myname)))
                err(1, "getpwnam");
@@ -296,6 +306,13 @@ authuser(const char *myname, const char *login_style, int persist)
                errx(1, "Authorization failed");
        }
        explicit_bzero(rbuf, sizeof(rbuf));
+#ifdef PERSIST_TIMESTAMP
+good:
+       if (fd != -1) {
+               persist_set(fd, 5 * 60);
+               close(fd);
+       }
+#endif
 }
 #endif /* HAVE_BSD_AUTH_H */
 
@@ -353,6 +370,8 @@ main(int argc, char **argv)
                        if (i != -1)
                                ioctl(i, TIOCCLRVERAUTH);
                        exit(i == -1);
+#elif PERSIST_TIMESTAMP
+                       exit(persist_clear() != 0);
 #endif
                case 'u':
                        if (parseuid(optarg, &target) != 0)