xref: /openbsd/distrib/special/doas/doas.c (revision 771fbea0) 
1 /* $OpenBSD: doas.c,v 1.4 2019/10/21 03:14:53 tedu Exp $ */
2 /*
3  * Copyright (c) 2015 Ted Unangst <tedu@openbsd.org>
4  *
5  * Permission to use, copy, modify, and distribute this software for any
6  * purpose with or without fee is hereby granted, provided that the above
7  * copyright notice and this permission notice appear in all copies.
8  *
9  * THE SOFTWARE IS PROVIDED "AS IS" AND THE AUTHOR DISCLAIMS ALL WARRANTIES
10  * WITH REGARD TO THIS SOFTWARE INCLUDING ALL IMPLIED WARRANTIES OF
11  * MERCHANTABILITY AND FITNESS. IN NO EVENT SHALL THE AUTHOR BE LIABLE FOR
12  * ANY SPECIAL, DIRECT, INDIRECT, OR CONSEQUENTIAL DAMAGES OR ANY DAMAGES
13  * WHATSOEVER RESULTING FROM LOSS OF USE, DATA OR PROFITS, WHETHER IN AN
14  * ACTION OF CONTRACT, NEGLIGENCE OR OTHER TORTIOUS ACTION, ARISING OUT OF
15  * OR IN CONNECTION WITH THE USE OR PERFORMANCE OF THIS SOFTWARE.
16  */
17 
18 #include <sys/types.h>
19 #include <sys/stat.h>
20 
21 #include <limits.h>
22 #include <string.h>
23 #include <stdio.h>
24 #include <stdlib.h>
25 #include <err.h>
26 #include <unistd.h>
27 #include <pwd.h>
28 #include <grp.h>
29 #include <syslog.h>
30 #include <errno.h>
31 
32 static void __dead
33 usage(void)
34 {
35 	fprintf(stderr, "usage: doas [-u user] command [args]\n");
36 	exit(1);
37 }
38 
39 static int
40 parseuid(const char *s, uid_t *uid)
41 {
42 	struct passwd *pw;
43 	const char *errstr;
44 
45 	if ((pw = getpwnam(s)) != NULL) {
46 		*uid = pw->pw_uid;
47 		if (*uid == UID_MAX)
48 			return -1;
49 		return 0;
50 	}
51 	*uid = strtonum(s, 0, UID_MAX - 1, &errstr);
52 	if (errstr)
53 		return -1;
54 	return 0;
55 }
56 
57 int
58 main(int argc, char **argv)
59 {
60 	const char *cmd;
61 	struct passwd *pw;
62 	uid_t uid;
63 	uid_t target = 0;
64 	gid_t groups[1];
65 	int ch;
66 
67 	setprogname("doas");
68 
69 	closefrom(STDERR_FILENO + 1);
70 
71 	uid = getuid();
72 	if (uid != 0)
73 		errc(1, EPERM, "root only");
74 
75 	while ((ch = getopt(argc, argv, "u:")) != -1) {
76 		switch (ch) {
77 		case 'u':
78 			if (parseuid(optarg, &target) != 0)
79 				errx(1, "unknown user");
80 			break;
81 		default:
82 			usage();
83 			break;
84 		}
85 	}
86 	argv += optind;
87 	argc -= optind;
88 
89 	if (!argc)
90 		usage();
91 
92 	cmd = argv[0];
93 
94 	pw = getpwuid(target);
95 	if (!pw)
96 		errx(1, "no passwd entry for target");
97 	groups[0] = pw->pw_gid;
98 
99 	if (setgroups(1, groups) ||
100 	    setresgid(pw->pw_gid, pw->pw_gid, pw->pw_gid) ||
101 	    setresuid(pw->pw_uid, pw->pw_uid, pw->pw_uid))
102 		err(1, "failed to change user");
103 
104 	execvp(cmd, argv);
105 	if (errno == ENOENT)
106 		errx(1, "%s: command not found", cmd);
107 	err(1, "%s", cmd);
108 }
109