X-Git-Url: https://git.armaanb.net/?p=opendoas.git;a=blobdiff_plain;f=doas.c;h=d348d2554b6f23a5c364ccccc8c8ce64cc09bf58;hp=4c2f07886d49223921dcfdecf5b807feb75c15f2;hb=HEAD;hpb=71b759e2542878de5c75a7101f2400cf35ec6299

diff --git a/doas.c b/doas.c
index 4c2f078..d348d25 100644
--- a/doas.c
+++ b/doas.c
@@ -237,11 +237,12 @@ mygetpwuid_r(uid_t uid, struct passwd *pwd, struct passwd **result)
 }
 
 void
-authfail(void)
+authfail(int opt)
 {
 
 #ifdef DOAS_INSULTS
-	printf("%s\n", getinsult());
+	if (opt)
+		printf("%s\n", getinsult());
 #endif
 
 	errx(1, "Authentication failed");
@@ -272,6 +273,11 @@ main(int argc, char **argv)
 	const char *cwd;
 	char **envp;
 
+	if (argc <= 0 || argv == NULL || argv[0] == NULL) {
+		fprintf(stderr, "doas: executed without argv\n");
+		exit(1);
+	}
+
 	setprogname("doas");
 
 	closefrom(STDERR_FILENO + 1);
@@ -361,19 +367,14 @@ main(int argc, char **argv)
 		errc(1, EPERM, NULL);
 	}
 
-#if defined(USE_SHADOW)
 	if (!(rule->options & NOPASS)) {
 		if (nflag)
 			errx(1, "Authentication required");
 
-		shadowauth(mypw->pw_name, rule->options & PERSIST);
+		int ret = shadowauth(mypw->pw_name, rule->options & PERSIST);
+		if (ret == 5)
+			authfail(rule->options & INSULT);
 	}
-#elif !defined(USE_PAM)
-	/* no authentication provider, only allow NOPASS rules */
-	(void) nflag;
-	if (!(rule->options & NOPASS))
-		errx(1, "Authentication required");
-#endif
 
 	if ((p = getenv("PATH")) != NULL)
 		formerpath = strdup(p);
@@ -391,11 +392,6 @@ main(int argc, char **argv)
 	if (targpw == NULL)
 		errx(1, "no passwd entry for target");
 
-#if defined(USE_PAM)
-	pamauth(targpw->pw_name, mypw->pw_name, !nflag, rule->options & NOPASS,
-	    rule->options & PERSIST);
-#endif
-
 #ifdef HAVE_LOGIN_CAP_H
 	if (setusercontext(NULL, targpw, target, LOGIN_SETGROUP |
 	    LOGIN_SETPATH |