I don't think it falls on the side of bloat, and it's a pretty nifty option
to sudo...
Index: doas.1
===================================================================
RCS file: /build/data/openbsd/cvs/src/usr.bin/doas/doas.1,v
retrieving revision 1.10
diff -u -p -r1.10 doas.1
--- doas.1 21 Jul 2015 17:49:33 -0000 1.10
+++ doas.1 26 Jul 2015 11:13:52 -0000
@@ -21,7 +21,7 @@
.Nd execute commands as another user
.Sh SYNOPSIS
.Nm doas
-.Op Fl s
+.Op Fl ns
.Op Fl C Ar config
.Op Fl u Ar user
.Ar command
@@ -38,6 +38,10 @@ Parse and check the configuration file
.Ar config ,
then exit.
No command is executed.
+.It Fl n
+Non interactive mode, fail if
+.Nm
+would prompt for password.
.It Fl s
Execute the shell from
.Ev SHELL
Index: doas.c
===================================================================
RCS file: /build/data/openbsd/cvs/src/usr.bin/doas/doas.c,v
retrieving revision 1.21
diff -u -p -r1.21 doas.c
--- doas.c 24 Jul 2015 06:36:42 -0000 1.21
+++ doas.c 26 Jul 2015 11:13:52 -0000
@@ -295,9 +295,10 @@ main(int argc, char **argv, char **envp)
int ngroups;
int i, ch;
int sflag = 0;
+ int nflag = 0;
uid = getuid();
- while ((ch = getopt(argc, argv, "C:su:")) != -1) {
+ while ((ch = getopt(argc, argv, "C:nsu:")) != -1) {
switch (ch) {
case 'C':
setresuid(uid, uid, uid);
@@ -307,6 +308,9 @@ main(int argc, char **argv, char **envp)
if (parseuid(optarg, &target) != 0)
errx(1, "unknown user");
break;
+ case 'n':
+ nflag = 1;
+ break;
case 's':
sflag = 1;
break;
@@ -361,7 +365,7 @@ main(int argc, char **argv, char **envp)
}
if (!(rule->options & NOPASS)) {
- if (!auth_userokay(myname, NULL, NULL, NULL)) {
+ if (nflag || !auth_userokay(myname, NULL, NULL, NULL)) {
syslog(LOG_AUTHPRIV | LOG_NOTICE,
"failed password for %s", myname);
fail();
