On 02/14/17 16:29, Sebastian Benoit wrote:
> Paul de Weerd([email protected]) on 2017.02.14 15:57:43 +0100:
>> Consider the following:
>>
>> 1 [weerd@despair] $ doas true
>> 2 doas ([email protected]) password:
>> 3 [weerd@despair] $ doas true
>> 4 [weerd@despair] $ doas -n true
>> 5 doas: Authorization required
>>
>> I have 'persist' to allow doas to not prompt for a password on
>> subsequent invocations. However, then using 'doas -n' complains
>> "Authorization required" while the manpage says for -n: "Non
>> interactive mode, fail if doas would prompt for password."
>>
>> Doas wouldn't prompt for a password if -n wasn't specified (see line
>> 3), so why does it fail in line 4?
>>
>> Is this a bug in doas or in the manpage?
>
> The -n option helps to use doas non-interactively.
> Its debateable wether 'persist' is useful with non-interactive usage, but
> this fixes it:
OK martijn@
>
> diff --git usr.bin/doas/doas.c usr.bin/doas/doas.c
> index 98f06aa1165..a1666530166 100644
> --- usr.bin/doas/doas.c
> +++ usr.bin/doas/doas.c
> @@ -194,7 +194,7 @@ checkconfig(const char *confpath, int argc, char **argv,
> }
>
> static void
> -authuser(char *myname, char *login_style, int persist)
> +authuser(char *myname, char *login_style, int persist, int nflag)
> {
> char *challenge = NULL, *response, rbuf[1024], cbuf[128];
> auth_session_t *as;
> @@ -207,6 +207,9 @@ authuser(char *myname, char *login_style, int persist)
> goto good;
> }
>
> + if (nflag)
> + errx(1, "Authorization required");
> +
> if (!(as = auth_userchallenge(myname, login_style, "auth-doas",
> &challenge)))
> errx(1, "Authorization failed");
> @@ -357,12 +360,8 @@ main(int argc, char **argv)
> errc(1, EPERM, NULL);
> }
>
> - if (!(rule->options & NOPASS)) {
> - if (nflag)
> - errx(1, "Authorization required");
> -
> - authuser(myname, login_style, rule->options & PERSIST);
> - }
> + if (!(rule->options & NOPASS))
> + authuser(myname, login_style, rule->options & PERSIST, nflag);
>
> if (pledge("stdio rpath getpw exec id", NULL) == -1)
> err(1, "pledge");
>
