aboutsummaryrefslogtreecommitdiff
diff options
context:
space:
mode:
authorMarc Espie <espie@openbsd.org>2015-07-26 20:47:01 +0000
committerMarc Espie <espie@openbsd.org>2015-07-26 20:47:01 +0000
commit0697c3f0aabce204786241c6f2e6e217d06d66d7 (patch)
tree7c28b44e5585f279161bddff05c1d7542b616248
parent3511e7798c17a7f6c73825f09a39a26aeaaad17d (diff)
downloadopendoas-0697c3f0aabce204786241c6f2e6e217d06d66d7.tar.gz
nflag (as in sudo, force non-interactive mode)
as discussed with ted@
-rw-r--r--doas.110
-rw-r--r--doas.c11
2 files changed, 16 insertions, 5 deletions
diff --git a/doas.1 b/doas.1
index 63153c6..52d846a 100644
--- a/doas.1
+++ b/doas.1
@@ -1,4 +1,4 @@
-.\" $OpenBSD: doas.1,v 1.10 2015/07/21 17:49:33 jmc Exp $
+.\" $OpenBSD: doas.1,v 1.11 2015/07/26 17:24:02 zhuk Exp $
.\"
.\"Copyright (c) 2015 Ted Unangst <tedu@openbsd.org>
.\"
@@ -13,7 +13,7 @@
.\"WHATSOEVER RESULTING FROM LOSS OF USE, DATA OR PROFITS, WHETHER IN AN
.\"ACTION OF CONTRACT, NEGLIGENCE OR OTHER TORTIOUS ACTION, ARISING OUT OF
.\"OR IN CONNECTION WITH THE USE OR PERFORMANCE OF THIS SOFTWARE.
-.Dd $Mdocdate: July 21 2015 $
+.Dd $Mdocdate: July 26 2015 $
.Dt DOAS 1
.Os
.Sh NAME
@@ -21,7 +21,7 @@
.Nd execute commands as another user
.Sh SYNOPSIS
.Nm doas
-.Op Fl s
+.Op Fl ns
.Op Fl C Ar config
.Op Fl u Ar user
.Ar command
@@ -58,6 +58,10 @@ or
will be printed on standard output, depending on command
matching results.
No command is executed.
+.It Fl n
+Non interactive mode, fail if
+.Nm
+would prompt for password.
.It Fl s
Execute the shell from
.Ev SHELL
diff --git a/doas.c b/doas.c
index fb571e6..93b79c7 100644
--- a/doas.c
+++ b/doas.c
@@ -1,4 +1,4 @@
-/* $OpenBSD: doas.c,v 1.24 2015/07/26 19:14:46 tedu Exp $ */
+/* $OpenBSD: doas.c,v 1.25 2015/07/26 19:49:11 zhuk Exp $ */
/*
* Copyright (c) 2015 Ted Unangst <tedu@openbsd.org>
*
@@ -322,8 +322,10 @@ main(int argc, char **argv, char **envp)
int ngroups;
int i, ch;
int sflag = 0;
+ int nflag = 0;
- while ((ch = getopt(argc, argv, "C:su:")) != -1) {
+ uid = getuid();
+ while ((ch = getopt(argc, argv, "C:nsu:")) != -1) {
switch (ch) {
case 'C':
confpath = optarg;
@@ -332,6 +334,9 @@ main(int argc, char **argv, char **envp)
if (parseuid(optarg, &target) != 0)
errx(1, "unknown user");
break;
+ case 'n':
+ nflag = 1;
+ break;
case 's':
sflag = 1;
break;
@@ -396,6 +401,8 @@ main(int argc, char **argv, char **envp)
}
if (!(rule->options & NOPASS)) {
+ if (nflag)
+ errx(1, "Authorization required");
if (!auth_userokay(myname, NULL, NULL, NULL)) {
syslog(LOG_AUTHPRIV | LOG_NOTICE,
"failed password for %s", myname);