clarify some wording

[opendoas.git] / doas.c

diff --git a/doas.c b/doas.c
index 643d3d809235d8dead863739fcf4b6e17fdd4dff..f1b2ec058be2bb7d992679c523ca0b08334e094a 100644 (file)
--- a/doas.c
+++ b/doas.c
@@ -32,7 +32,6 @@
 #include "includes.h"
 
 #include "doas.h"
-#include "version.h"
 
 static void __dead
 version(void)
@@ -296,7 +295,9 @@ checkconfig(const char *confpath, int argc, char **argv,
 {
        struct rule *rule;
 
-       setresuid(uid, uid, uid);
+       if (setresuid(uid, uid, uid) != 0)
+               err(1, "setresuid");
+
        parseconfig(confpath, 0);
        if (!argc)
                exit(0);
@@ -334,7 +335,9 @@ main(int argc, char **argv, char **envp)
        int vflag = 0;
        char cwdpath[PATH_MAX];
        const char *cwd;
+#ifdef HAVE_BSD_AUTH_H
        char *login_style = NULL;
+#endif
 
        setprogname("doas");
 
@@ -345,11 +348,19 @@ main(int argc, char **argv, char **envp)
 
        uid = getuid();
 
-       while ((ch = getopt(argc, argv, "a:C:nsu:v")) != -1) {
+#ifdef HAVE_BSD_AUTH_H
+# define OPTSTRING "a:C:nsu:v"
+#else
+# define OPTSTRING "C:nsu:v"
+#endif
+
+       while ((ch = getopt(argc, argv, OPTSTRING)) != -1) {
                switch (ch) {
+#ifdef HAVE_BSD_AUTH_H
                case 'a':
                        login_style = optarg;
                        break;
+#endif
                case 'C':
                        confpath = optarg;
                        break;
@@ -428,11 +439,15 @@ main(int argc, char **argv, char **envp)
                errc(1, EPERM, NULL);
        }
 
+       pw = getpwuid(target);
+       if (!pw)
+               errx(1, "no passwd entry for target");
+
+#ifdef HAVE_BSD_AUTH_H
        if (!(rule->options & NOPASS)) {
                if (nflag)
                        errx(1, "Authorization required");
 
-#ifdef HAVE_BSD_AUTH_H
                char *challenge = NULL, *response, rbuf[1024], cbuf[128];
                auth_session_t *as;
 
@@ -460,26 +475,33 @@ main(int argc, char **argv, char **envp)
                        errc(1, EPERM, NULL);
                }
                explicit_bzero(rbuf, sizeof(rbuf));
+       }
+#elif HAVE_PAM_APPL_H
+       if (!doas_pam(pw->pw_name, myname, !nflag, rule->options & NOPASS)) {
+               syslog(LOG_AUTHPRIV | LOG_NOTICE, "failed auth for %s", myname);
+               errc(1, EPERM, NULL);
+       }
 #else
-               if (!auth_userokay(myname, NULL, NULL, NULL)) {
-                       syslog(LOG_AUTHPRIV | LOG_NOTICE,
-                           "failed auth for %s", myname);
-                       errc(1, EPERM, NULL);
-               }
+       if (!(rule->options & NOPASS)) {
+                       errx(1, "Authorization required");
 #endif /* HAVE_BSD_AUTH_H */
-       }
 
        if (pledge("stdio rpath getpw exec id", NULL) == -1)
                err(1, "pledge");
 
-       pw = getpwuid(target);
-       if (!pw)
-               errx(1, "no passwd entry for target");
-
+#ifdef HAVE_BSD_AUTH_H
        if (setusercontext(NULL, pw, target, LOGIN_SETGROUP |
            LOGIN_SETPRIORITY | LOGIN_SETRESOURCES | LOGIN_SETUMASK |
            LOGIN_SETUSER) != 0)
                errx(1, "failed to set user context for target");
+#else
+       if (setresgid(pw->pw_gid, pw->pw_gid, pw->pw_gid) != 0)
+               errx(1, "setgid");
+       if (initgroups(pw->pw_name, pw->pw_gid) != 0)
+               errx(1, "initgroups");
+       if (setresuid(target, target, target) != 0)
+               errx(1, "setuid");
+#endif
 
        if (pledge("stdio rpath exec", NULL) == -1)
                err(1, "pledge");