Paul de Weerd([email protected]) on 2017.02.14 15:57:43 +0100:
> Consider the following:
>
> 1 [weerd@despair] $ doas true
> 2 doas ([email protected]) password:
> 3 [weerd@despair] $ doas true
> 4 [weerd@despair] $ doas -n true
> 5 doas: Authorization required
>
> I have 'persist' to allow doas to not prompt for a password on
> subsequent invocations. However, then using 'doas -n' complains
> "Authorization required" while the manpage says for -n: "Non
> interactive mode, fail if doas would prompt for password."
>
> Doas wouldn't prompt for a password if -n wasn't specified (see line
> 3), so why does it fail in line 4?
>
> Is this a bug in doas or in the manpage?
The -n option helps to use doas non-interactively.
Its debateable wether 'persist' is useful with non-interactive usage, but
this fixes it:
diff --git usr.bin/doas/doas.c usr.bin/doas/doas.c
index 98f06aa1165..a1666530166 100644
--- usr.bin/doas/doas.c
+++ usr.bin/doas/doas.c
@@ -194,7 +194,7 @@ checkconfig(const char *confpath, int argc, char **argv,
}
static void
-authuser(char *myname, char *login_style, int persist)
+authuser(char *myname, char *login_style, int persist, int nflag)
{
char *challenge = NULL, *response, rbuf[1024], cbuf[128];
auth_session_t *as;
@@ -207,6 +207,9 @@ authuser(char *myname, char *login_style, int persist)
goto good;
}
+ if (nflag)
+ errx(1, "Authorization required");
+
if (!(as = auth_userchallenge(myname, login_style, "auth-doas",
&challenge)))
errx(1, "Authorization failed");
@@ -357,12 +360,8 @@ main(int argc, char **argv)
errc(1, EPERM, NULL);
}
- if (!(rule->options & NOPASS)) {
- if (nflag)
- errx(1, "Authorization required");
-
- authuser(myname, login_style, rule->options & PERSIST);
- }
+ if (!(rule->options & NOPASS))
+ authuser(myname, login_style, rule->options & PERSIST, nflag);
if (pledge("stdio rpath getpw exec id", NULL) == -1)
err(1, "pledge");
