From: Nicholas Marriott <nicm@openbsd.org>
Date: Sat, 18 Jul 2015 06:33:23 +0000 (+0000)
Subject: Add doas -s as a shorthand for doas $SHELL. ok tedu
X-Git-Tag: v0.1~87
X-Git-Url: http://git.armaanb.net/?a=commitdiff_plain;h=c70ee87c8315be3958b968f0f3646bb2561ef4db;p=opendoas.git

Add doas -s as a shorthand for doas $SHELL. ok tedu
---

diff --git a/doas.1 b/doas.1
index 19d5969..0a8527e 100644
--- a/doas.1
+++ b/doas.1
@@ -1,4 +1,4 @@
-.\" $OpenBSD: doas.1,v 1.3 2015/07/17 20:24:41 tedu Exp $
+.\" $OpenBSD: doas.1,v 1.4 2015/07/17 20:50:31 schwarze Exp $
 .\"
 .\"Copyright (c) 2015 Ted Unangst <tedu@openbsd.org>
 .\"
@@ -21,6 +21,7 @@
 .Nd execute commands as another user
 .Sh SYNOPSIS
 .Nm doas
+.Op Fl s
 .Op Fl u Ar user
 .Ar command
 .Op Ar args
@@ -31,6 +32,11 @@ utility executes the given command as another user.
 .Pp
 The options are as follows:
 .Bl -tag -width tenletters
+.It Fl s
+Execute the shell from
+.Ev SHELL
+or
+.Pa /etc/passwd .
 .It Fl u Ar user
 Execute the command as
 .Ar user .
diff --git a/doas.c b/doas.c
index 31222a6..02cc4b2 100644
--- a/doas.c
+++ b/doas.c
@@ -1,4 +1,4 @@
-/* $OpenBSD: doas.c,v 1.6 2015/07/16 23:22:08 nicm Exp $ */
+/* $OpenBSD: doas.c,v 1.7 2015/07/18 00:19:38 doug Exp $ */
 /*
  * Copyright (c) 2015 Ted Unangst <tedu@openbsd.org>
  *
@@ -35,7 +35,7 @@
 static void __dead
 usage(void)
 {
-	fprintf(stderr, "usage: doas [-u user] command [args]\n");
+	fprintf(stderr, "usage: doas [-s] [-u user] command [args]\n");
 	exit(1);
 }
 
@@ -255,15 +255,21 @@ main(int argc, char **argv, char **envp)
 	int i, ch;
 	const char *safepath = "/bin:/sbin:/usr/bin:/usr/sbin:"
 	    "/usr/local/bin:/usr/local/sbin";
+	int sflag = 0;
+	char *shargv[] = { NULL, NULL };
+	char *sh;
 
 	parseconfig("/etc/doas.conf");
 
-	while ((ch = getopt(argc, argv, "u:")) != -1) {
+	while ((ch = getopt(argc, argv, "su:")) != -1) {
 		switch (ch) {
 		case 'u':
 			if (parseuid(optarg, &target) != 0)
 				errx(1, "unknown user");
 			break;
+		case 's':
+			sflag = 1;
+			break;
 		default:
 			usage();
 			break;
@@ -272,19 +278,9 @@ main(int argc, char **argv, char **envp)
 	argv += optind;
 	argc -= optind;
 
-	if (!argc)
+	if ((!sflag && !argc) || (sflag && argc))
 		usage();
 
-	cmd = argv[0];
-	if (strlcpy(cmdline, argv[0], sizeof(cmdline)) >= sizeof(cmdline))
-		errx(1, "command line too long");
-	for (i = 1; i < argc; i++) {
-		if (strlcat(cmdline, " ", sizeof(cmdline)) >= sizeof(cmdline))
-			errx(1, "command line too long");
-		if (strlcat(cmdline, argv[i], sizeof(cmdline)) >= sizeof(cmdline))
-			errx(1, "command line too long");
-	}
-
 	uid = getuid();
 	pw = getpwuid(uid);
 	if (!pw)
@@ -296,6 +292,26 @@ main(int argc, char **argv, char **envp)
 		err(1, "can't get groups");
 	groups[ngroups++] = getgid();
 
+	if (sflag) {
+		sh = getenv("SHELL");
+		if (sh == NULL || *sh == '\0')
+			shargv[0] = pw->pw_shell;
+		else
+			shargv[0] = sh;
+		argv = shargv;
+		argc = 1;
+	}
+
+	cmd = argv[0];
+	if (strlcpy(cmdline, argv[0], sizeof(cmdline)) >= sizeof(cmdline))
+		errx(1, "command line too long");
+	for (i = 1; i < argc; i++) {
+		if (strlcat(cmdline, " ", sizeof(cmdline)) >= sizeof(cmdline))
+			errx(1, "command line too long");
+		if (strlcat(cmdline, argv[i], sizeof(cmdline)) >= sizeof(cmdline))
+			errx(1, "command line too long");
+	}
+
 	if (!permit(uid, groups, ngroups, &rule, target, cmd)) {
 		syslog(LOG_AUTHPRIV | LOG_NOTICE,
 		    "failed command for %s: %s", myname, cmdline);