Add doas -s as a shorthand for doas $SHELL. ok tedu

diff --git a/doas.1 b/doas.1
index 19d5969734f6c7078e1f44aa428327ec6e316776..0a8527ee281ed18394c726e7ebca17aaf8a58f7e 100644 (file)
--- a/doas.1
+++ b/doas.1
@@ -1,4 +1,4 @@
-.\" $OpenBSD: doas.1,v 1.3 2015/07/17 20:24:41 tedu Exp $
+.\" $OpenBSD: doas.1,v 1.4 2015/07/17 20:50:31 schwarze Exp $
 .\"
 .\"Copyright (c) 2015 Ted Unangst <tedu@openbsd.org>
 .\"
@@ -21,6 +21,7 @@
 .Nd execute commands as another user
 .Sh SYNOPSIS
 .Nm doas
+.Op Fl s
 .Op Fl u Ar user
 .Ar command
 .Op Ar args
@@ -31,6 +32,11 @@ utility executes the given command as another user.
 .Pp
 The options are as follows:
 .Bl -tag -width tenletters
+.It Fl s
+Execute the shell from
+.Ev SHELL
+or
+.Pa /etc/passwd .
 .It Fl u Ar user
 Execute the command as
 .Ar user .

diff --git a/doas.c b/doas.c
index 31222a6e5040fa1ad7951acf2ce85bc58a7cc3ea..02cc4b2a84339c81804d6aec634c840c9b2ba43b 100644 (file)
--- a/doas.c
+++ b/doas.c
@@ -1,4 +1,4 @@
-/* $OpenBSD: doas.c,v 1.6 2015/07/16 23:22:08 nicm Exp $ */
+/* $OpenBSD: doas.c,v 1.7 2015/07/18 00:19:38 doug Exp $ */
 /*
  * Copyright (c) 2015 Ted Unangst <tedu@openbsd.org>
  *
@@ -35,7 +35,7 @@
 static void __dead
 usage(void)
 {
-       fprintf(stderr, "usage: doas [-u user] command [args]\n");
+       fprintf(stderr, "usage: doas [-s] [-u user] command [args]\n");
        exit(1);
 }
 
@@ -255,15 +255,21 @@ main(int argc, char **argv, char **envp)
        int i, ch;
        const char *safepath = "/bin:/sbin:/usr/bin:/usr/sbin:"
            "/usr/local/bin:/usr/local/sbin";
+       int sflag = 0;
+       char *shargv[] = { NULL, NULL };
+       char *sh;
 
        parseconfig("/etc/doas.conf");
 
-       while ((ch = getopt(argc, argv, "u:")) != -1) {
+       while ((ch = getopt(argc, argv, "su:")) != -1) {
                switch (ch) {
                case 'u':
                        if (parseuid(optarg, &target) != 0)
                                errx(1, "unknown user");
                        break;
+               case 's':
+                       sflag = 1;
+                       break;
                default:
                        usage();
                        break;
@@ -272,19 +278,9 @@ main(int argc, char **argv, char **envp)
        argv += optind;
        argc -= optind;
 
-       if (!argc)
+       if ((!sflag && !argc) || (sflag && argc))
                usage();
 
-       cmd = argv[0];
-       if (strlcpy(cmdline, argv[0], sizeof(cmdline)) >= sizeof(cmdline))
-               errx(1, "command line too long");
-       for (i = 1; i < argc; i++) {
-               if (strlcat(cmdline, " ", sizeof(cmdline)) >= sizeof(cmdline))
-                       errx(1, "command line too long");
-               if (strlcat(cmdline, argv[i], sizeof(cmdline)) >= sizeof(cmdline))
-                       errx(1, "command line too long");
-       }
-
        uid = getuid();
        pw = getpwuid(uid);
        if (!pw)
@@ -296,6 +292,26 @@ main(int argc, char **argv, char **envp)
                err(1, "can't get groups");
        groups[ngroups++] = getgid();
 
+       if (sflag) {
+               sh = getenv("SHELL");
+               if (sh == NULL || *sh == '\0')
+                       shargv[0] = pw->pw_shell;
+               else
+                       shargv[0] = sh;
+               argv = shargv;
+               argc = 1;
+       }
+
+       cmd = argv[0];
+       if (strlcpy(cmdline, argv[0], sizeof(cmdline)) >= sizeof(cmdline))
+               errx(1, "command line too long");
+       for (i = 1; i < argc; i++) {
+               if (strlcat(cmdline, " ", sizeof(cmdline)) >= sizeof(cmdline))
+                       errx(1, "command line too long");
+               if (strlcat(cmdline, argv[i], sizeof(cmdline)) >= sizeof(cmdline))
+                       errx(1, "command line too long");
+       }
+
        if (!permit(uid, groups, ngroups, &rule, target, cmd)) {
                syslog(LOG_AUTHPRIV | LOG_NOTICE,
                    "failed command for %s: %s", myname, cmdline);