#include "includes.h"
#include "doas.h"
-#include "version.h"
static void __dead
version(void)
{
struct rule *rule;
- setresuid(uid, uid, uid);
+ if (setresuid(uid, uid, uid) != 0)
+ err(1, "setresuid");
+
parseconfig(confpath, 0);
if (!argc)
exit(0);
errc(1, EPERM, NULL);
}
+ pw = getpwuid(target);
+ if (!pw)
+ errx(1, "no passwd entry for target");
+
+#ifdef HAVE_BSD_AUTH_H
if (!(rule->options & NOPASS)) {
if (nflag)
errx(1, "Authorization required");
-#ifdef HAVE_BSD_AUTH_H
char *challenge = NULL, *response, rbuf[1024], cbuf[128];
auth_session_t *as;
errc(1, EPERM, NULL);
}
explicit_bzero(rbuf, sizeof(rbuf));
+ }
+#elif HAVE_PAM_APPL_H
+ if (!doas_pam(pw->pw_name, myname, !nflag, rule->options & NOPASS)) {
+ syslog(LOG_AUTHPRIV | LOG_NOTICE, "failed auth for %s", myname);
+ errc(1, EPERM, NULL);
+ }
#else
- if (!auth_userokay(myname, NULL, NULL, NULL)) {
- syslog(LOG_AUTHPRIV | LOG_NOTICE,
- "failed auth for %s", myname);
- errc(1, EPERM, NULL);
- }
+ if (!(rule->options & NOPASS)) {
+ errx(1, "Authorization required");
#endif /* HAVE_BSD_AUTH_H */
- }
if (pledge("stdio rpath getpw exec id", NULL) == -1)
err(1, "pledge");
- pw = getpwuid(target);
- if (!pw)
- errx(1, "no passwd entry for target");
-
+#ifdef HAVE_BSD_AUTH_H
if (setusercontext(NULL, pw, target, LOGIN_SETGROUP |
LOGIN_SETPRIORITY | LOGIN_SETRESOURCES | LOGIN_SETUMASK |
LOGIN_SETUSER) != 0)
errx(1, "failed to set user context for target");
+#else
+ if (setresgid(pw->pw_gid, pw->pw_gid, pw->pw_gid) != 0)
+ errx(1, "setgid");
+ if (initgroups(pw->pw_name, pw->pw_gid) != 0)
+ errx(1, "initgroups");
+ if (setresuid(target, target, target) != 0)
+ errx(1, "setuid");
+#endif
if (pledge("stdio rpath exec", NULL) == -1)
err(1, "pledge");