2 * Copyright (c) 2015 Ted Unangst <tedu@openbsd.org>
3 * Copyright (c) 2021-2022 Sergey Sushilin <sergeysushilin@protonmail.com>
5 * Permission to use, copy, modify, and distribute this software for any
6 * purpose with or without fee is hereby granted, provided that the above
7 * copyright notice and this permission notice appear in all copies.
9 * THE SOFTWARE IS PROVIDED "AS IS" AND THE AUTHOR DISCLAIMS ALL WARRANTIES
10 * WITH REGARD TO THIS SOFTWARE INCLUDING ALL IMPLIED WARRANTIES OF
11 * MERCHANTABILITY AND FITNESS. IN NO EVENT SHALL THE AUTHOR BE LIABLE FOR
12 * ANY SPECIAL, DIRECT, INDIRECT, OR CONSEQUENTIAL DAMAGES OR ANY DAMAGES
13 * WHATSOEVER RESULTING FROM LOSS OF USE, DATA OR PROFITS, WHETHER IN AN
14 * ACTION OF CONTRACT, NEGLIGENCE OR OTHER TORTIOUS ACTION, ARISING OUT OF
15 * OR IN CONNECTION WITH THE USE OR PERFORMANCE OF THIS SOFTWARE.
19 #include <readpassphrase.h>
21 void authuser(char const *doas_prompt
, char const *restrict name
, char const *restrict login_style
, bool persist
)
23 char *challenge
= NULL
, *response
, rbuf
[1024];
28 fd
= open(_PATH_TTY
, O_RDWR
);
30 if (fd
>= 0 && ioctl(fd
, TIOCCHKVERAUTH
) == 0)
33 if ((as
= auth_userchallenge(name
, login_style
, "auth-doas", &challenge
)) == NULL
)
34 errx(EXIT_FAILURE
, "Authorization failed");
36 if (challenge
== NULL
)
37 challenge
= doas_prompt
;
39 response
= readpassphrase(challenge
, rbuf
, sizeof(rbuf
), RPP_REQUIRE_TTY
);
41 if (response
== NULL
&& errno
== ENOTTY
) {
42 syslog(LOG_AUTHPRIV
| LOG_NOTICE
, "tty required for %s", name
);
43 errx(EXIT_FAILURE
, "a tty is required");
46 if (auth_userresponse(as
, response
, 0) == NULL
) {
47 syslog(LOG_AUTHPRIV
| LOG_NOTICE
, "failed auth for %s", name
);
48 errc(EXIT_FAILURE
, EPERM
, "auth_userresponse");
51 explicit_bzero(rbuf
, sizeof(rbuf
));
56 ioctl(fd
, TIOCSETVERAUTH
, &secs
);