Re: doas -n fails even when no password would be requested

Tue, 14 Feb 2017 07:35:56 -0800 

On 02/14/17 16:29, Sebastian Benoit wrote:
> Paul de Weerd(we...@weirdnet.nl) on 2017.02.14 15:57:43 +0100:
>> Consider the following:
>>
>>        1 [weerd@despair] $ doas true
>>        2 doas (we...@despair.weirdnet.nl) password: 
>>        3 [weerd@despair] $ doas true
>>        4 [weerd@despair] $ doas -n true
>>        5 doas: Authorization required
>>
>> I have 'persist' to allow doas to not prompt for a password on
>> subsequent invocations.  However, then using 'doas -n' complains
>> "Authorization required" while the manpage says for -n: "Non
>> interactive mode, fail if doas would prompt for password."
>>
>> Doas wouldn't prompt for a password if -n wasn't specified (see line
>> 3), so why does it fail in line 4?
>>
>> Is this a bug in doas or in the manpage?
> 
> The -n option helps to use doas non-interactively.
> Its debateable wether 'persist' is useful with non-interactive usage, but
> this fixes it:

OK martijn@
> 
> diff --git usr.bin/doas/doas.c usr.bin/doas/doas.c
> index 98f06aa1165..a1666530166 100644
> --- usr.bin/doas/doas.c
> +++ usr.bin/doas/doas.c
> @@ -194,7 +194,7 @@ checkconfig(const char *confpath, int argc, char **argv,
>  }
>  
>  static void
> -authuser(char *myname, char *login_style, int persist)
> +authuser(char *myname, char *login_style, int persist, int nflag)
>  {
>       char *challenge = NULL, *response, rbuf[1024], cbuf[128];
>       auth_session_t *as;
> @@ -207,6 +207,9 @@ authuser(char *myname, char *login_style, int persist)
>                       goto good;
>       }
>  
> +     if (nflag)
> +             errx(1, "Authorization required");
> +
>       if (!(as = auth_userchallenge(myname, login_style, "auth-doas",
>           &challenge)))
>               errx(1, "Authorization failed");
> @@ -357,12 +360,8 @@ main(int argc, char **argv)
>               errc(1, EPERM, NULL);
>       }
>  
> -     if (!(rule->options & NOPASS)) {
> -             if (nflag)
> -                     errx(1, "Authorization required");
> -
> -             authuser(myname, login_style, rule->options & PERSIST);
> -     }
> +     if (!(rule->options & NOPASS))
> +             authuser(myname, login_style, rule->options & PERSIST, nflag);
>  
>       if (pledge("stdio rpath getpw exec id", NULL) == -1)
>               err(1, "pledge");
>

Reply via email to