opendoas

A portable version of the OpenBSD `doas` command
git clone https://pi.duncano.de/git/opendoas.git
Log | Files | Refs | README | LICENSE

commit 0697c3f0aabce204786241c6f2e6e217d06d66d7
parent 3511e7798c17a7f6c73825f09a39a26aeaaad17d
Author: Marc Espie <espie@openbsd.org>
Date:   Sun, 26 Jul 2015 20:47:01 +0000

nflag (as in sudo, force non-interactive mode)
as discussed with ted@

Diffstat:
doas.1 | 10+++++++---
doas.c | 11+++++++++--
2 files changed, 16 insertions(+), 5 deletions(-)

diff --git a/doas.1 b/doas.1 @@ -1,4 +1,4 @@ -.\" $OpenBSD: doas.1,v 1.10 2015/07/21 17:49:33 jmc Exp $ +.\" $OpenBSD: doas.1,v 1.11 2015/07/26 17:24:02 zhuk Exp $ .\" .\"Copyright (c) 2015 Ted Unangst <tedu@openbsd.org> .\" @@ -13,7 +13,7 @@ .\"WHATSOEVER RESULTING FROM LOSS OF USE, DATA OR PROFITS, WHETHER IN AN .\"ACTION OF CONTRACT, NEGLIGENCE OR OTHER TORTIOUS ACTION, ARISING OUT OF .\"OR IN CONNECTION WITH THE USE OR PERFORMANCE OF THIS SOFTWARE. -.Dd $Mdocdate: July 21 2015 $ +.Dd $Mdocdate: July 26 2015 $ .Dt DOAS 1 .Os .Sh NAME @@ -21,7 +21,7 @@ .Nd execute commands as another user .Sh SYNOPSIS .Nm doas -.Op Fl s +.Op Fl ns .Op Fl C Ar config .Op Fl u Ar user .Ar command @@ -58,6 +58,10 @@ or will be printed on standard output, depending on command matching results. No command is executed. +.It Fl n +Non interactive mode, fail if +.Nm +would prompt for password. .It Fl s Execute the shell from .Ev SHELL diff --git a/doas.c b/doas.c @@ -1,4 +1,4 @@ -/* $OpenBSD: doas.c,v 1.24 2015/07/26 19:14:46 tedu Exp $ */ +/* $OpenBSD: doas.c,v 1.25 2015/07/26 19:49:11 zhuk Exp $ */ /* * Copyright (c) 2015 Ted Unangst <tedu@openbsd.org> * @@ -322,8 +322,10 @@ main(int argc, char **argv, char **envp) int ngroups; int i, ch; int sflag = 0; + int nflag = 0; - while ((ch = getopt(argc, argv, "C:su:")) != -1) { + uid = getuid(); + while ((ch = getopt(argc, argv, "C:nsu:")) != -1) { switch (ch) { case 'C': confpath = optarg; @@ -332,6 +334,9 @@ main(int argc, char **argv, char **envp) if (parseuid(optarg, &target) != 0) errx(1, "unknown user"); break; + case 'n': + nflag = 1; + break; case 's': sflag = 1; break; @@ -396,6 +401,8 @@ main(int argc, char **argv, char **envp) } if (!(rule->options & NOPASS)) { + if (nflag) + errx(1, "Authorization required"); if (!auth_userokay(myname, NULL, NULL, NULL)) { syslog(LOG_AUTHPRIV | LOG_NOTICE, "failed password for %s", myname);