Re: doas authentication type

Wed, 26 Aug 2015 01:22:53 -0700 

On 08/26/2015 09:36 AM, Renaud Allard wrote:

On 08/26/2015 09:26 AM, Gregor Best wrote:

On Wed, Aug 26, 2015 at 08:42:31AM +0200, Renaud Allard wrote:

[...]
+    fprintf(stderr, "usage: doas [-ans] [-C config] [-u user] command
[args]\n");
[...]


The usage string should probably be

    "usage: doas [-ns] [-a style] [-C config] [-u user] command [args]"

and the new option should appear in doas(1).



True, I will change and add that



Here is the new patch with the man correct and an additional auth-doas 
as suggested by Alexander Hall


diff -ur doas.orig/doas.1 doas/doas.1
--- doas.orig/doas.1    Wed Aug 26 10:18:27 2015
+++ doas/doas.1 Wed Aug 26 10:17:21 2015
@@ -40,6 +40,12 @@
 .Pp
 The options are as follows:
 .Bl -tag -width tenletters
+.It Fl a Ar style
+The
+.Fl a
+(authentication style) option causes
+.Nm

+to use the specified authentication style when validating the user, as 
allowed by /etc/login.conf. The system administrator may specify a list 
of sudo-specific authentication methods by adding an ``auth-doas'' entry 
in /etc/login.conf.

 .It Fl C Ar config
 Parse and check the configuration file
 .Ar config ,
diff -ur doas.orig/doas.c doas/doas.c
--- doas.orig/doas.c    Wed Aug 26 10:18:27 2015
+++ doas/doas.c Wed Aug 26 10:16:14 2015
@@ -36,7 +36,7 @@
 static void __dead
 usage(void)
 {

-	fprintf(stderr, "usage: doas [-ns] [-C config] [-u user] command 
[args]\n");
+	fprintf(stderr, "usage: doas [-ns] [-a style] [-C config] [-u user] 
command [args]\n");

        exit(1);
 }

@@ -318,6 +318,7 @@
        const char *cmd;
        char cmdline[LINE_MAX];
        char myname[_PW_NAME_LEN + 1];
+       char *login_style = NULL;
        struct passwd *pw;
        struct rule *rule;
        uid_t uid;
@@ -332,8 +333,11 @@

        uid = getuid();

-       while ((ch = getopt(argc, argv, "C:nsu:")) != -1) {
+       while ((ch = getopt(argc, argv, "a:C:nsu:")) != -1) {
                switch (ch) {
+               case 'a':
+                       login_style = optarg;
+                       break;
                case 'C':
                        confpath = optarg;
                        break;
@@ -409,7 +413,7 @@
        if (!(rule->options & NOPASS)) {
                if (nflag)
                        errx(1, "Authorization required");
-               if (!auth_userokay(myname, NULL, NULL, NULL)) {
+               if (!auth_userokay(myname, login_style, "auth-doas", NULL)) {
                        syslog(LOG_AUTHPRIV | LOG_NOTICE,
                            "failed password for %s", myname);
                        permfail();


OK?























					Reply via email to