]> git.armaanb.net Git - opendoas.git/blobdiff - doas.c
projects / opendoas.git / blobdiff
? search:
summary | shortlog | log | commit | commitdiff | tree
raw | inline | side by side
for password failure, print Authorization failed instead of EPERM. will make things...
[opendoas.git] / doas.c
diff --git a/doas.c b/doas.c
index 7757f49659969ab979367449feac2398f90a1cb0..b7248f0cf7145276bea201884020519f43a940eb 100644 (file)
--- a/doas.c
+++ b/doas.c
@@ -55,20 +55,6 @@ usage(void)
        exit(1);
 }
 
-size_t
-arraylen(const char **arr)
-{
-       size_t cnt = 0;
-
-       if (arr) {
-               while (*arr) {
-                       cnt++;
-                       arr++;
-               }
-       }
-       return cnt;
-}
-
 static int
 parseuid(const char *s, uid_t *uid)
 {
@@ -154,7 +140,7 @@ match(uid_t uid, gid_t *groups, int ngroups, uid_t target, const char *cmd,
 }
 
 static int
-permit(uid_t uid, gid_t *groups, int ngroups, struct rule **lastr,
+permit(uid_t uid, gid_t *groups, int ngroups, const struct rule **lastr,
     uid_t target, const char *cmd, const char **cmdargs)
 {
        int i;
@@ -201,7 +187,7 @@ static void __dead
 checkconfig(const char *confpath, int argc, char **argv,
     uid_t uid, gid_t *groups, int ngroups, uid_t target)
 {
-       struct rule *rule;
+       const struct rule *rule;
 
        if (setresuid(uid, uid, uid) != 0)
                err(1, "setresuid");
@@ -256,7 +242,7 @@ authuser(char *myname, char *login_style, int persist)
        if (!auth_userresponse(as, response, 0)) {
                syslog(LOG_AUTHPRIV | LOG_NOTICE,
                    "failed auth for %s", myname);
-               errc(1, EPERM, NULL);
+               errx(1, "Authorization failed");
        }
        explicit_bzero(rbuf, sizeof(rbuf));
 good:
@@ -325,7 +311,7 @@ main(int argc, char **argv)
        char cmdline[LINE_MAX];
        char myname[_PW_NAME_LEN + 1];
        struct passwd *pw;
-       struct rule *rule;
+       const struct rule *rule;
        uid_t uid;
        uid_t target = 0;
        gid_t groups[NGROUPS_MAX + 1];
@@ -426,6 +412,9 @@ main(int argc, char **argv)
                exit(1);        /* fail safe */
        }
 
+       if (geteuid())
+               errx(1, "not installed setuid");
+
        parseconfig("/etc/doas.conf", 1);
 
        /* cmdline is used only for logging, no need to abort on truncate */
Fork of OpenDoas that insults you