timestamp: error out if fstat and lstat st_ino and st_dev are not the same

[opendoas.git] / doas.c

diff --git a/doas.c b/doas.c
index 2bdaac2529c8e4d10c6c890f6b9f9b8bed2d1e8b..6223aff219168fa87f9a38909f9f072535114c21 100644 (file)
--- a/doas.c
+++ b/doas.c
@@ -234,6 +234,7 @@ authuser(char *myname, char *login_style, int persist)
                errx(1, "a tty is required");
        }
        if (!auth_userresponse(as, response, 0)) {
+               explicit_bzero(rbuf, sizeof(rbuf));
                syslog(LOG_AUTHPRIV | LOG_NOTICE,
                    "failed auth for %s", myname);
                errx(1, "Authorization failed");
@@ -298,13 +299,15 @@ main(int argc, char **argv)
                        confpath = optarg;
                        break;
                case 'L':
-#ifdef TIOCCLRVERAUTH
+#if defined(USE_BSD_AUTH)
                        i = open("/dev/tty", O_RDWR);
                        if (i != -1)
                                ioctl(i, TIOCCLRVERAUTH);
                        exit(i == -1);
-#elif PERSIST_TIMESTAMP
-                       exit(persist_clear() != 0);
+#elif defined(USE_TIMESTAMP)
+                       exit(timestamp_clear() == -1);
+#else
+                       exit(0);
 #endif
                case 'u':
                        if (parseuid(optarg, &target) != 0)
@@ -412,10 +415,8 @@ main(int argc, char **argv)
        if (!pw)
                errx(1, "no passwd entry for target");
 
-       if (!pamauth(pw->pw_name, myname, !nflag, rule->options & NOPASS)) {
-               syslog(LOG_AUTHPRIV | LOG_NOTICE, "failed auth for %s", myname);
-               errx(1, "Authorization failed");
-       }
+       pamauth(pw->pw_name, myname, !nflag, rule->options & NOPASS,
+           rule->options & PERSIST);
 
 #else
        (void) nflag;