On 08/24/2015 11:15 AM, Renaud Allard wrote:
Hello,
Is there a plan to make it possible to specify the authentication type
in doas, like "sudo -a" does?
This is useful in the case you are using a login.conf with something
like: "auth-defaults:auth=yubikey,passwd;".
Regards
Here is the patch
diff -ur src.orig/usr.bin/doas/doas.c src/usr.bin/doas/doas.c
--- src.orig/usr.bin/doas/doas.c 2015-08-24 12:58:35.589668049 +0200
+++ src/usr.bin/doas/doas.c 2015-08-24 15:37:50.993618022 +0200
@@ -36,7 +36,7 @@
static void __dead
usage(void)
{
- fprintf(stderr, "usage: doas [-ns] [-C config] [-u user] command [args]\n");
+ fprintf(stderr, "usage: doas [-ans] [-C config] [-u user] command [args]\n");
exit(1);
}
@@ -318,6 +318,7 @@
const char *cmd;
char cmdline[LINE_MAX];
char myname[_PW_NAME_LEN + 1];
+ char *login_style = NULL;
struct passwd *pw;
struct rule *rule;
uid_t uid;
@@ -332,8 +333,11 @@
uid = getuid();
- while ((ch = getopt(argc, argv, "C:nsu:")) != -1) {
+ while ((ch = getopt(argc, argv, "a:C:nsu:")) != -1) {
switch (ch) {
+ case 'a':
+ login_style = optarg;
+ break;
case 'C':
confpath = optarg;
break;
@@ -409,7 +413,7 @@
if (!(rule->options & NOPASS)) {
if (nflag)
errx(1, "Authorization required");
- if (!auth_userokay(myname, NULL, NULL, NULL)) {
+ if (!auth_userokay(myname, login_style, NULL, NULL)) {
syslog(LOG_AUTHPRIV | LOG_NOTICE,
"failed password for %s", myname);
permfail();
