$SHELL if no arg in cado (tnx Davide)

cado.1

@@ -6,8 +6,8 @@ cado \- Capability Ambient DO
 [
 .I OPTIONS
 ]
-[
 .I capability_list
+[
 .I command
 [
 .I args
@@ -29,6 +29,9 @@ If it is allowed for the current user to run processes with the requested capabi
 type their password (or to authenticate themselves as required by pam unless \fB-S\fR or \fB--scado\fR).
 Once the authentication succeeds, \fBcado\fR executes the command granting the required ambient capabilities.
 
+If \fIcommand\fR is omitted cado launch the command specified in the environment
+variable $SHELL.
+
 The file /etc/cado.conf (see \fBcado.conf\fR(5)) defines which capabilities can be provided by \fBcado\fR to each user.
 Cado itself is not a setuid executable, it uses the capability mechanism and it has an option to
 set its own capabilities. So after each change in the /etc/cado.conf, the capability set should be

cado.c

@@ -64,7 +64,7 @@ struct option long_options[]={
 
 void usage(char *progname) {
 	fprintf(stderr,"%s - execute a command in a different capability ambient\n\n",progname);
-	fprintf(stderr,"usage: %s OPTIONS capability_list command [args]\n\n",progname);
+	fprintf(stderr,"usage: %s OPTIONS capability_list [command [args]]\n\n",progname);
 	fprintf(stderr,"Options:\n");
 	fprintf(stderr,"  -h, --help         display help message and exit\n");
 	fprintf(stderr,"  -f, --force        do not display warnings, do what is allowed\n");
@@ -87,6 +87,8 @@ int main(int argc, char*argv[])
 	int scado=0;
 	int pam_check_required = 1;
 	char copy_path[PATH_MAX] = "";
+	char *argvsh[]={getenv("SHELL"),NULL};
+	char **cmdargv;
 
 	while (1) {
 		int c=getopt_long(argc, argv, OPTSTRING, long_options, NULL);
@@ -139,7 +141,7 @@ int main(int argc, char*argv[])
 		exit(0);
 	}
 
-	if (argc - optind < 2)
+	if (argc - optind < 1)
 		usage(progname);
 
 	/* parse the set of requested capabilities */
@@ -158,11 +160,22 @@ int main(int argc, char*argv[])
 
 	optind++;
 
+	if (optind < argc)
+		cmdargv = argv + optind;
+	else {
+		cmdargv = argvsh;
+		if (cmdargv[0] == NULL) {
+			fprintf(stderr, "Error: $SHELL env variable not set.\n");
+			exit(1);
+		}
+	}
+
+
 	/* scado mode, check if there is a pre-authorization for the command */
 	if (scado) {
-		uint64_t scado_caps = cado_scado_check(user_groups[0], argv[optind], copy_path);
+		uint64_t scado_caps = cado_scado_check(user_groups[0], cmdargv[0], copy_path);
 		if (verbose) {
-			printf("Scado permitted capabilities for %s:\n", argv[optind]);
+			printf("Scado permitted capabilities for %s:\n", cmdargv[0]);
 			printcapset(scado_caps, "  ");
 		}
 		okcaps &= scado_caps;
@@ -203,6 +216,6 @@ int main(int argc, char*argv[])
 	}
 
 	/* exec the command in the new ambient capability environment */
-	execvp(copy_path[0] == 0 ? argv[optind] : copy_path, argv+optind);
+	execvp(copy_path[0] == 0 ? cmdargv[0] : copy_path, cmdargv);
 	exit(2);
 }

cadrop.c

@@ -57,7 +57,13 @@ int main(int argc, char *argv[]) {
 			argv+=2;
 			break;
 	}
-	if (*argv == NULL) argv = argvsh;
+	if (*argv == NULL) {
+		if (*argvsh == NULL) {
+			fprintf(stderr, "Error: $SHELL env variable not set.\n");
+			exit(1);
+		}
+		argv = argvsh;
+	}
 	drop_ambient_cap(capset);
 	execvp(argv[0],argv);
 	perror("exec");