Add doas -s as a shorthand for doas $SHELL. ok tedu

2 files changed, 38 insertions, 16 deletions

diff --git a/usr.bin/doas/doas.1 b/usr.bin/doas/doas.1
index 93dfe4ec680..31b013e5733 100644
--- a/usr.bin/doas/doas.1
+++ b/usr.bin/doas/doas.1
@@ -1,4 +1,4 @@
-.\" $OpenBSD: doas.1,v 1.4 2015/07/17 20:50:31 schwarze Exp $
+.\" $OpenBSD: doas.1,v 1.5 2015/07/18 06:33:23 nicm Exp $
 .\"
 .\"Copyright (c) 2015 Ted Unangst <tedu@openbsd.org>
 .\"
@@ -13,7 +13,7 @@
 .\"WHATSOEVER RESULTING FROM LOSS OF USE, DATA OR PROFITS, WHETHER IN AN
 .\"ACTION OF CONTRACT, NEGLIGENCE OR OTHER TORTIOUS ACTION, ARISING OUT OF
 .\"OR IN CONNECTION WITH THE USE OR PERFORMANCE OF THIS SOFTWARE.
-.Dd $Mdocdate: July 17 2015 $
+.Dd $Mdocdate: July 18 2015 $
 .Dt DOAS 1
 .Os
 .Sh NAME
@@ -21,6 +21,7 @@
 .Nd execute commands as another user
 .Sh SYNOPSIS
 .Nm doas
+.Op Fl s
 .Op Fl u Ar user
 .Ar command
 .Op Ar args
@@ -31,6 +32,11 @@ utility executes the given command as another user.
 .Pp
 The options are as follows:
 .Bl -tag -width tenletters
+.It Fl s
+Execute the shell from
+.Ev SHELL
+or
+.Pa /etc/passwd .
 .It Fl u Ar user
 Execute the command as
 .Ar user .
diff --git a/usr.bin/doas/doas.c b/usr.bin/doas/doas.c
index c7e84c95c69..9740425e532 100644
--- a/usr.bin/doas/doas.c
+++ b/usr.bin/doas/doas.c
@@ -1,4 +1,4 @@
-/* $OpenBSD: doas.c,v 1.7 2015/07/18 00:19:38 doug Exp $ */
+/* $OpenBSD: doas.c,v 1.8 2015/07/18 06:33:23 nicm Exp $ */
 /*
  * Copyright (c) 2015 Ted Unangst <tedu@openbsd.org>
  *
@@ -35,7 +35,7 @@
 static void __dead
 usage(void)
 {
-	fprintf(stderr, "usage: doas [-u user] command [args]\n");
+	fprintf(stderr, "usage: doas [-s] [-u user] command [args]\n");
 	exit(1);
 }
 
@@ -255,15 +255,21 @@ main(int argc, char **argv, char **envp)
 	int i, ch;
 	const char *safepath = "/bin:/sbin:/usr/bin:/usr/sbin:"
 	    "/usr/local/bin:/usr/local/sbin";
+	int sflag = 0;
+	char *shargv[] = { NULL, NULL };
+	char *sh;
 
 	parseconfig("/etc/doas.conf");
 
-	while ((ch = getopt(argc, argv, "u:")) != -1) {
+	while ((ch = getopt(argc, argv, "su:")) != -1) {
 		switch (ch) {
 		case 'u':
 			if (parseuid(optarg, &target) != 0)
 				errx(1, "unknown user");
 			break;
+		case 's':
+			sflag = 1;
+			break;
 		default:
 			usage();
 			break;
@@ -272,19 +278,9 @@ main(int argc, char **argv, char **envp)
 	argv += optind;
 	argc -= optind;
 
-	if (!argc)
+	if ((!sflag && !argc) || (sflag && argc))
 		usage();
 
-	cmd = argv[0];
-	if (strlcpy(cmdline, argv[0], sizeof(cmdline)) >= sizeof(cmdline))
-		errx(1, "command line too long");
-	for (i = 1; i < argc; i++) {
-		if (strlcat(cmdline, " ", sizeof(cmdline)) >= sizeof(cmdline))
-			errx(1, "command line too long");
-		if (strlcat(cmdline, argv[i], sizeof(cmdline)) >= sizeof(cmdline))
-			errx(1, "command line too long");
-	}
-
 	uid = getuid();
 	pw = getpwuid(uid);
 	if (!pw)
@@ -296,6 +292,26 @@ main(int argc, char **argv, char **envp)
 		err(1, "can't get groups");
 	groups[ngroups++] = getgid();
 
+	if (sflag) {
+		sh = getenv("SHELL");
+		if (sh == NULL || *sh == '\0')
+			shargv[0] = pw->pw_shell;
+		else
+			shargv[0] = sh;
+		argv = shargv;
+		argc = 1;
+	}
+
+	cmd = argv[0];
+	if (strlcpy(cmdline, argv[0], sizeof(cmdline)) >= sizeof(cmdline))
+		errx(1, "command line too long");
+	for (i = 1; i < argc; i++) {
+		if (strlcat(cmdline, " ", sizeof(cmdline)) >= sizeof(cmdline))
+			errx(1, "command line too long");
+		if (strlcat(cmdline, argv[i], sizeof(cmdline)) >= sizeof(cmdline))
+			errx(1, "command line too long");
+	}
+
 	if (!permit(uid, groups, ngroups, &rule, target, cmd)) {
 		syslog(LOG_AUTHPRIV | LOG_NOTICE,
 		    "failed command for %s: %s", myname, cmdline);