aboutsummaryrefslogtreecommitdiff
diff options
context:
space:
mode:
authorNicholas Marriott <nicm@openbsd.org>2015-07-18 06:33:23 +0000
committerNicholas Marriott <nicm@openbsd.org>2015-07-18 06:33:23 +0000
commitc70ee87c8315be3958b968f0f3646bb2561ef4db (patch)
tree1b2930a7633c744ea9b9775cf99c9f430dadd678
parentdba0eda8cebb119477002ef8c1d1c6463c0dccb6 (diff)
downloadopendoas-c70ee87c8315be3958b968f0f3646bb2561ef4db.tar.gz
Add doas -s as a shorthand for doas $SHELL. ok tedu
-rw-r--r--doas.18
-rw-r--r--doas.c44
2 files changed, 37 insertions, 15 deletions
diff --git a/doas.1 b/doas.1
index 19d5969..0a8527e 100644
--- a/doas.1
+++ b/doas.1
@@ -1,4 +1,4 @@
-.\" $OpenBSD: doas.1,v 1.3 2015/07/17 20:24:41 tedu Exp $
+.\" $OpenBSD: doas.1,v 1.4 2015/07/17 20:50:31 schwarze Exp $
.\"
.\"Copyright (c) 2015 Ted Unangst <tedu@openbsd.org>
.\"
@@ -21,6 +21,7 @@
.Nd execute commands as another user
.Sh SYNOPSIS
.Nm doas
+.Op Fl s
.Op Fl u Ar user
.Ar command
.Op Ar args
@@ -31,6 +32,11 @@ utility executes the given command as another user.
.Pp
The options are as follows:
.Bl -tag -width tenletters
+.It Fl s
+Execute the shell from
+.Ev SHELL
+or
+.Pa /etc/passwd .
.It Fl u Ar user
Execute the command as
.Ar user .
diff --git a/doas.c b/doas.c
index 31222a6..02cc4b2 100644
--- a/doas.c
+++ b/doas.c
@@ -1,4 +1,4 @@
-/* $OpenBSD: doas.c,v 1.6 2015/07/16 23:22:08 nicm Exp $ */
+/* $OpenBSD: doas.c,v 1.7 2015/07/18 00:19:38 doug Exp $ */
/*
* Copyright (c) 2015 Ted Unangst <tedu@openbsd.org>
*
@@ -35,7 +35,7 @@
static void __dead
usage(void)
{
- fprintf(stderr, "usage: doas [-u user] command [args]\n");
+ fprintf(stderr, "usage: doas [-s] [-u user] command [args]\n");
exit(1);
}
@@ -255,15 +255,21 @@ main(int argc, char **argv, char **envp)
int i, ch;
const char *safepath = "/bin:/sbin:/usr/bin:/usr/sbin:"
"/usr/local/bin:/usr/local/sbin";
+ int sflag = 0;
+ char *shargv[] = { NULL, NULL };
+ char *sh;
parseconfig("/etc/doas.conf");
- while ((ch = getopt(argc, argv, "u:")) != -1) {
+ while ((ch = getopt(argc, argv, "su:")) != -1) {
switch (ch) {
case 'u':
if (parseuid(optarg, &target) != 0)
errx(1, "unknown user");
break;
+ case 's':
+ sflag = 1;
+ break;
default:
usage();
break;
@@ -272,19 +278,9 @@ main(int argc, char **argv, char **envp)
argv += optind;
argc -= optind;
- if (!argc)
+ if ((!sflag && !argc) || (sflag && argc))
usage();
- cmd = argv[0];
- if (strlcpy(cmdline, argv[0], sizeof(cmdline)) >= sizeof(cmdline))
- errx(1, "command line too long");
- for (i = 1; i < argc; i++) {
- if (strlcat(cmdline, " ", sizeof(cmdline)) >= sizeof(cmdline))
- errx(1, "command line too long");
- if (strlcat(cmdline, argv[i], sizeof(cmdline)) >= sizeof(cmdline))
- errx(1, "command line too long");
- }
-
uid = getuid();
pw = getpwuid(uid);
if (!pw)
@@ -296,6 +292,26 @@ main(int argc, char **argv, char **envp)
err(1, "can't get groups");
groups[ngroups++] = getgid();
+ if (sflag) {
+ sh = getenv("SHELL");
+ if (sh == NULL || *sh == '\0')
+ shargv[0] = pw->pw_shell;
+ else
+ shargv[0] = sh;
+ argv = shargv;
+ argc = 1;
+ }
+
+ cmd = argv[0];
+ if (strlcpy(cmdline, argv[0], sizeof(cmdline)) >= sizeof(cmdline))
+ errx(1, "command line too long");
+ for (i = 1; i < argc; i++) {
+ if (strlcat(cmdline, " ", sizeof(cmdline)) >= sizeof(cmdline))
+ errx(1, "command line too long");
+ if (strlcat(cmdline, argv[i], sizeof(cmdline)) >= sizeof(cmdline))
+ errx(1, "command line too long");
+ }
+
if (!permit(uid, groups, ngroups, &rule, target, cmd)) {
syslog(LOG_AUTHPRIV | LOG_NOTICE,
"failed command for %s: %s", myname, cmdline);