From 0697c3f0aabce204786241c6f2e6e217d06d66d7 Mon Sep 17 00:00:00 2001 From: Marc Espie Date: Sun, 26 Jul 2015 20:47:01 +0000 Subject: [PATCH] nflag (as in sudo, force non-interactive mode) as discussed with ted@ --- doas.1 | 10 +++++++--- doas.c | 11 +++++++++-- 2 files changed, 16 insertions(+), 5 deletions(-) diff --git a/doas.1 b/doas.1 index 63153c6..52d846a 100644 --- a/doas.1 +++ b/doas.1 @@ -1,4 +1,4 @@ -.\" $OpenBSD: doas.1,v 1.10 2015/07/21 17:49:33 jmc Exp $ +.\" $OpenBSD: doas.1,v 1.11 2015/07/26 17:24:02 zhuk Exp $ .\" .\"Copyright (c) 2015 Ted Unangst .\" @@ -13,7 +13,7 @@ .\"WHATSOEVER RESULTING FROM LOSS OF USE, DATA OR PROFITS, WHETHER IN AN .\"ACTION OF CONTRACT, NEGLIGENCE OR OTHER TORTIOUS ACTION, ARISING OUT OF .\"OR IN CONNECTION WITH THE USE OR PERFORMANCE OF THIS SOFTWARE. -.Dd $Mdocdate: July 21 2015 $ +.Dd $Mdocdate: July 26 2015 $ .Dt DOAS 1 .Os .Sh NAME @@ -21,7 +21,7 @@ .Nd execute commands as another user .Sh SYNOPSIS .Nm doas -.Op Fl s +.Op Fl ns .Op Fl C Ar config .Op Fl u Ar user .Ar command @@ -58,6 +58,10 @@ or will be printed on standard output, depending on command matching results. No command is executed. +.It Fl n +Non interactive mode, fail if +.Nm +would prompt for password. .It Fl s Execute the shell from .Ev SHELL diff --git a/doas.c b/doas.c index fb571e6..93b79c7 100644 --- a/doas.c +++ b/doas.c @@ -1,4 +1,4 @@ -/* $OpenBSD: doas.c,v 1.24 2015/07/26 19:14:46 tedu Exp $ */ +/* $OpenBSD: doas.c,v 1.25 2015/07/26 19:49:11 zhuk Exp $ */ /* * Copyright (c) 2015 Ted Unangst * @@ -322,8 +322,10 @@ main(int argc, char **argv, char **envp) int ngroups; int i, ch; int sflag = 0; + int nflag = 0; - while ((ch = getopt(argc, argv, "C:su:")) != -1) { + uid = getuid(); + while ((ch = getopt(argc, argv, "C:nsu:")) != -1) { switch (ch) { case 'C': confpath = optarg; @@ -332,6 +334,9 @@ main(int argc, char **argv, char **envp) if (parseuid(optarg, &target) != 0) errx(1, "unknown user"); break; + case 'n': + nflag = 1; + break; case 's': sflag = 1; break; @@ -396,6 +401,8 @@ main(int argc, char **argv, char **envp) } if (!(rule->options & NOPASS)) { + if (nflag) + errx(1, "Authorization required"); if (!auth_userokay(myname, NULL, NULL, NULL)) { syslog(LOG_AUTHPRIV | LOG_NOTICE, "failed password for %s", myname); -- 2.39.2