update man page in markdown support (currently unused)

Mention prequisite libraries in README

CMakeLists.txt

@@ -1,6 +1,6 @@
 cmake_minimum_required(VERSION 3.13)
 project(cado
-	VERSION 0.9.5
+	VERSION 0.9.6
 	DESCRIPTION "Capability Ambient DO. Provide users just the capabilities they need."
 	HOMEPAGE_URL "https://github.com/rd235/cado"
 	LANGUAGES C)

README.md

@@ -10,8 +10,11 @@ specific (ambient) capabilities.
 Cado is more selective than sudo, users can be authorized to have only specific capabilities (and not others).
 
 ## Install
-
-get the source code, from the root of the source tree run:
+Install prerequisite libraries:
+    
+    $ sudo apt install libpam0g-dev libcap-dev libmhash-dev libexecs-dev
+    
+Get the source code, from the root of the source tree run:
 ```
 $ mkdir build
 $ cd build
@@ -21,7 +24,7 @@ $ sudo make install
 ```
 
 It installs two programs in /usr/local/bin: cado and caprint.
-If you want to install the programs in /usr/bin run "cmake .. -DCMAKE_INSTALL_PREFIX:PATH=/usr" instead of "cmake ..".
+If you want to install the programs in /usr/bin run "cmake .. -DCMAKE\_INSTALL\_PREFIX:PATH=/usr" instead of "cmake ..".
 
 ## Configuration
 
@@ -29,7 +32,7 @@ Cado needs a configuration file: /etc/cado.conf with the following syntax:
 - lines beginning with # are comments
 - all the other lines have two fields separated by :, the first field is a capability or a list of
 capabilities, the second field is a list of users or groups (group names have @ as a prefix).
-Capabilities can be written with or without the cap_ prefix (net_admin means cap_net_admin).
+Capabilities can be written with or without the cap\_ prefix (net\_admin means cap\_net\_admin).
 
 Example of /etc/cado.conf file:
 ```
@@ -41,8 +44,8 @@ cap_kill: renzo
 ```
 
 The file above allows the user renzo and all the members of the group named netadmin to run programs
-neeeding the cap_net_admin capability.
-The user renzo can also run programs requiring cap_kill.
+neeeding the cap\_net\_admin capability.
+The user renzo can also run programs requiring cap\_kill.
 The file /etc/cado.conf can be owned by root and have no rw permission for users.
 
 
@@ -94,7 +97,7 @@ The syntax of cado is simple:
 $ cado [options] set_of_capabilities command [args]
 ```
 
-for example if the user renzo wants to run a shell having the cap_net_admin capability enabled he can type
+for example if the user renzo wants to run a shell having the cap\_net\_admin capability enabled he can type
 the following command:
 ```
 $ cado net_admin bash
@@ -102,11 +105,11 @@ Password:
 $
 ```
 
-the user will be requested to authenticate himself. If the user has the right to enable cap_net_admin (from the
+the user will be requested to authenticate himself. If the user has the right to enable cap\_net\_admin (from the
 cado.conf configuration file) and he typed in the correct password, cado starts a new shell with the requested
 capability enabled.
 
-It is possible define the set_of_capabilities using a list of capabilities (with or without the cap_prefix)
+It is possible define the set\_of\_capabilities using a list of capabilities (with or without the cap\_prefix)
 or exadecimal masks.
 
 In the new shell the user can do all the operations permitted by the enabled capabilities,
@@ -120,7 +123,7 @@ $ grep CapAmb /proc/$$/status
 CapAmb: 0000000000001000
 ```
 
-(cap_net_admin is the capability #12, the mask is 0x1000, i.e. 1ULL << 12)
+(cap\_net\_admin is the capability #12, the mask is 0x1000, i.e. 1ULL << 12)
 
 ## caprint
 
@@ -139,7 +142,7 @@ $ caprint -l
 There is an option -p that has been designed to add the current set of ambient capabilities to the shell prompt,
 so it is easier for the user to recognize when a shell has some "extra power", so to avoid errors.
 
-In .bashrc or .bash_profile (or in their system-side counterparts in /etc) it is possible to set rules like
+In .bashrc or .bash\_profile (or in their system-side counterparts in /etc) it is possible to set rules like
 the followings:
 ```
 if which caprint >&/dev/null ; then

man/CMakeLists.txt

@@ -1,21 +1,20 @@
-cmake_minimum_required(VERSION 3.13)
+cmake_minimum_required(VERSION 3.7)
 
-set(RONN_ORGANIZATION "VirtualSquare")
-set(RONN_ARGS --organization=${RONN_ORGANIZATION})
+set(PANDOC_ORG "VirtualSquare")
 
-# #ronn pages
+# ### pandoc pages
 
- file(GLOB VU_RONN_PAGES ${CMAKE_CURRENT_SOURCE_DIR}/*.[1-8].ronn)
+file(GLOB VU_PANDOC_PAGES ${CMAKE_CURRENT_SOURCE_DIR}/*.[1-8].md)
 set(VU_MAN_FILES)
-foreach(VU_RONN_PATH IN LISTS VU_RONN_PAGES)
-# VU_RONNPAGE: basename of VU_RONN_PATH
-	get_filename_component(VU_RONNPAGE ${VU_RONN_PATH} NAME)
-# VU_MANPAGE: VU_RONNPAGE without the suffix
-	string(REGEX REPLACE "\.ronn$" "" VU_MANPAGE ${VU_RONNPAGE})
+foreach(VU_PANDOC_PATH IN LISTS VU_PANDOC_PAGES)
+# VU_PANDOCPAGE: basename of VU_PANDOC_PATH
+	get_filename_component(VU_PANDOCPAGE ${VU_PANDOC_PATH} NAME)
+# VU_MANPAGE: VU_PANDOCPAGE without the suffix
+	string(REGEX REPLACE "\.md$" "" VU_MANPAGE ${VU_PANDOCPAGE})
 	list(APPEND VU_MAN_FILES ${VU_MANPAGE})
-endforeach(VU_RONN_PATH)
+endforeach(VU_PANDOC_PATH)
 
-add_custom_target(${PROJECT_NAME}_manpages ALL make RONN_ARGS="${RONN_ARGS}"  ${VU_MAN_FILES}
+add_custom_target(${PROJECT_NAME}_manpages ALL make PANDOC_ORG="${PANDOC_ORG}"  ${VU_MAN_FILES}
 	WORKING_DIRECTORY ${CMAKE_CURRENT_SOURCE_DIR})
 
 ### man pages

man/Makefile

@@ -1,16 +1,18 @@
-RONN=ronn
-RONNOK := $(shell command -v ${RONN} 2> /dev/null)
+PANDOC=pandoc
+PANDOCOK := $(shell command -v ${PANDOC} 2> /dev/null)
 
 none:
 
-% : %.ronn
-ifdef RONNOK
+% : %.md
+ifdef PANDOCOK
 # copy copyright notice
 		grep "^\.\\\\\"" $< > $@ || true
-# run ronn
-		$(RONN) -r ${RONN_ARGS} --pipe $< >> $@
-# delete useless trailing "" in .TH
-		sed -i '/^\.TH /s/ ""$$//' $@
+# run pandoc
+		$(eval SECTION := $(subst .,,$(suffix $@)))
+		$(eval BASENAME := $(basename $@))
+		$(eval TITLE := $(shell echo "${BASENAME}\(${SECTION}\)" | tr [:lower:] [:upper:]))
+		$(eval HEADER := "$(shell man ${SECTION} intro | head -1 | sed -e 's/^[^[:blank:]]*[[:blank:]]*//' -e 's/[[:blank:]]*[^[:blank:]]*$$//' )")
+		$(PANDOC) -standalone -M title=${TITLE} -M section=${SECTION} -M header=${HEADER} -M footer=${PANDOC_ORG} -M "date=`date +\"%B %Y\"`" --to man $< >> $@
 else
-		echo "${RONN} is not available. Manpage $@ cannot be updated" >/dev/stderr >&2
+		echo "${PANDOC} is not available. Manpage $@ cannot be updated" >/dev/stderr >&2
 endif

src/read_conf.c

@@ -1,21 +1,21 @@
-/* 
+/*
  * cado: execute a command in a capability ambient
  * Copyright (C) 2016  Renzo Davoli, University of Bologna
- * 
+ *
  * This file is part of cado.
  *
  * Cado is free software; you can redistribute it and/or
  * modify it under the terms of the GNU General Public License
  * as published by the Free Software Foundation; either version 2
  * of the License, or (at your option) any later version.
- * 
+ *
  * This program is distributed in the hope that it will be useful,
  * but WITHOUT ANY WARRANTY; without even the implied warranty of
  * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the
  * GNU General Public License for more details.
- * 
+ *
  * You should have received a copy of the GNU General Public License
- * along with this program; If not, see <http://www.gnu.org/licenses/>. 
+ * along with this program; If not, see <http://www.gnu.org/licenses/>.
  *
  */
 
@@ -96,7 +96,7 @@ uint64_t get_authorized_caps(char **user_groups, uint64_t reqset) {
 			if (user_groups == NULL) {
 				ok_caps |= capset;
 				continue;
-			} 
+			}
 			//printf("CAP %s %d\n",tok,thiscap);
 			while ((tok=strtok_r(tokenusergroup, ",\n ",&tmptok)) != NULL) {
 				//printf("XX %s\n",tok);
@@ -113,7 +113,12 @@ uint64_t get_authorized_caps(char **user_groups, uint64_t reqset) {
 			}
 			if (usermatch) {
 				if (tokencondition) {
-					if (system_execsa(tokencondition) == 0)
+					if
+#if defined(EXECS_SOVERSION) && EXECS_SOVERSION > 0
+						(system_execsqa(tokencondition) == 0)
+#else
+						(system_execsa(tokencondition) == 0)
+#endif
 						ok_caps |= capset;
 				} else
 					ok_caps |= capset;