diff options
| author | Nicholas Marriott <nicm@cvs.openbsd.org> | 2015-07-18 06:33:24 +0000 |
|---|---|---|
| committer | Nicholas Marriott <nicm@cvs.openbsd.org> | 2015-07-18 06:33:24 +0000 |
| commit | 2ffc25b0aaaac92ef0cb7f2ed856967e696049c0 (patch) | |
| tree | 6b39d32e9d314cc95d1bb6c9e1b1509addc49d71 /usr.bin/doas | |
| parent | 0b6c15f2442a8a56b1ad29c3c72a767eb0189407 (diff) | |
Add doas -s as a shorthand for doas $SHELL. ok tedu
Diffstat (limited to 'usr.bin/doas')
| -rw-r--r-- | usr.bin/doas/doas.1 | 10 | ||||
| -rw-r--r-- | usr.bin/doas/doas.c | 44 |
2 files changed, 38 insertions, 16 deletions
diff --git a/usr.bin/doas/doas.1 b/usr.bin/doas/doas.1 index 93dfe4ec680..31b013e5733 100644 --- a/usr.bin/doas/doas.1 +++ b/usr.bin/doas/doas.1 @@ -1,4 +1,4 @@ -.\" $OpenBSD: doas.1,v 1.4 2015/07/17 20:50:31 schwarze Exp $ +.\" $OpenBSD: doas.1,v 1.5 2015/07/18 06:33:23 nicm Exp $ .\" .\"Copyright (c) 2015 Ted Unangst <tedu@openbsd.org> .\" @@ -13,7 +13,7 @@ .\"WHATSOEVER RESULTING FROM LOSS OF USE, DATA OR PROFITS, WHETHER IN AN .\"ACTION OF CONTRACT, NEGLIGENCE OR OTHER TORTIOUS ACTION, ARISING OUT OF .\"OR IN CONNECTION WITH THE USE OR PERFORMANCE OF THIS SOFTWARE. -.Dd $Mdocdate: July 17 2015 $ +.Dd $Mdocdate: July 18 2015 $ .Dt DOAS 1 .Os .Sh NAME @@ -21,6 +21,7 @@ .Nd execute commands as another user .Sh SYNOPSIS .Nm doas +.Op Fl s .Op Fl u Ar user .Ar command .Op Ar args @@ -31,6 +32,11 @@ utility executes the given command as another user. .Pp The options are as follows: .Bl -tag -width tenletters +.It Fl s +Execute the shell from +.Ev SHELL +or +.Pa /etc/passwd . .It Fl u Ar user Execute the command as .Ar user . diff --git a/usr.bin/doas/doas.c b/usr.bin/doas/doas.c index c7e84c95c69..9740425e532 100644 --- a/usr.bin/doas/doas.c +++ b/usr.bin/doas/doas.c @@ -1,4 +1,4 @@ -/* $OpenBSD: doas.c,v 1.7 2015/07/18 00:19:38 doug Exp $ */ +/* $OpenBSD: doas.c,v 1.8 2015/07/18 06:33:23 nicm Exp $ */ /* * Copyright (c) 2015 Ted Unangst <tedu@openbsd.org> * @@ -35,7 +35,7 @@ static void __dead usage(void) { - fprintf(stderr, "usage: doas [-u user] command [args]\n"); + fprintf(stderr, "usage: doas [-s] [-u user] command [args]\n"); exit(1); } @@ -255,15 +255,21 @@ main(int argc, char **argv, char **envp) int i, ch; const char *safepath = "/bin:/sbin:/usr/bin:/usr/sbin:" "/usr/local/bin:/usr/local/sbin"; + int sflag = 0; + char *shargv[] = { NULL, NULL }; + char *sh; parseconfig("/etc/doas.conf"); - while ((ch = getopt(argc, argv, "u:")) != -1) { + while ((ch = getopt(argc, argv, "su:")) != -1) { switch (ch) { case 'u': if (parseuid(optarg, &target) != 0) errx(1, "unknown user"); break; + case 's': + sflag = 1; + break; default: usage(); break; @@ -272,19 +278,9 @@ main(int argc, char **argv, char **envp) argv += optind; argc -= optind; - if (!argc) + if ((!sflag && !argc) || (sflag && argc)) usage(); - cmd = argv[0]; - if (strlcpy(cmdline, argv[0], sizeof(cmdline)) >= sizeof(cmdline)) - errx(1, "command line too long"); - for (i = 1; i < argc; i++) { - if (strlcat(cmdline, " ", sizeof(cmdline)) >= sizeof(cmdline)) - errx(1, "command line too long"); - if (strlcat(cmdline, argv[i], sizeof(cmdline)) >= sizeof(cmdline)) - errx(1, "command line too long"); - } - uid = getuid(); pw = getpwuid(uid); if (!pw) @@ -296,6 +292,26 @@ main(int argc, char **argv, char **envp) err(1, "can't get groups"); groups[ngroups++] = getgid(); + if (sflag) { + sh = getenv("SHELL"); + if (sh == NULL || *sh == '\0') + shargv[0] = pw->pw_shell; + else + shargv[0] = sh; + argv = shargv; + argc = 1; + } + + cmd = argv[0]; + if (strlcpy(cmdline, argv[0], sizeof(cmdline)) >= sizeof(cmdline)) + errx(1, "command line too long"); + for (i = 1; i < argc; i++) { + if (strlcat(cmdline, " ", sizeof(cmdline)) >= sizeof(cmdline)) + errx(1, "command line too long"); + if (strlcat(cmdline, argv[i], sizeof(cmdline)) >= sizeof(cmdline)) + errx(1, "command line too long"); + } + if (!permit(uid, groups, ngroups, &rule, target, cmd)) { syslog(LOG_AUTHPRIV | LOG_NOTICE, "failed command for %s: %s", myname, cmdline); |