int vflag = 0;
char cwdpath[PATH_MAX];
const char *cwd;
+#ifdef HAVE_BSD_AUTH_H
char *login_style = NULL;
+#endif
setprogname("doas");
uid = getuid();
- while ((ch = getopt(argc, argv, "a:C:nsu:v")) != -1) {
+#ifdef HAVE_BSD_AUTH_H
+# define OPTSTRING "a:C:nsu:v"
+#else
+# define OPTSTRING "C:nsu:v"
+#endif
+
+ while ((ch = getopt(argc, argv, OPTSTRING)) != -1) {
switch (ch) {
+#ifdef HAVE_BSD_AUTH_H
case 'a':
login_style = optarg;
break;
+#endif
case 'C':
confpath = optarg;
break;
errc(1, EPERM, NULL);
}
+#ifdef HAVE_BSD_AUTH_H
if (!(rule->options & NOPASS)) {
if (nflag)
errx(1, "Authorization required");
-#ifdef HAVE_BSD_AUTH_H
char *challenge = NULL, *response, rbuf[1024], cbuf[128];
auth_session_t *as;
errc(1, EPERM, NULL);
}
explicit_bzero(rbuf, sizeof(rbuf));
+ }
+#elif HAVE_PAM_APPL_H
+ if (!doas_pam(myname, !nflag, rule->options & NOPASS)) {
+ syslog(LOG_AUTHPRIV | LOG_NOTICE,
+ "failed auth for %s", myname);
+ errc(1, EPERM, NULL);
+ }
#else
- if (!auth_userokay(myname, NULL, NULL, NULL)) {
- syslog(LOG_AUTHPRIV | LOG_NOTICE,
- "failed auth for %s", myname);
- errc(1, EPERM, NULL);
- }
+ if (!(rule->options & NOPASS)) {
+ errx(1, "Authorization required");
#endif /* HAVE_BSD_AUTH_H */
- }
if (pledge("stdio rpath getpw exec id", NULL) == -1)
err(1, "pledge");