Merge branch 'sudo_improvements' into 'master'
Cleanup the source of sudo a bit See merge request redox-os/userutils!49
This commit is contained in:
+43
-41
@@ -1,18 +1,19 @@
|
||||
extern crate extra;
|
||||
extern crate termion;
|
||||
extern crate redox_users;
|
||||
extern crate termion;
|
||||
|
||||
use std::env;
|
||||
use std::io::{self, Write};
|
||||
use std::os::unix::process::CommandExt;
|
||||
use std::process::{Command, exit};
|
||||
use std::process::{exit, Command};
|
||||
|
||||
use extra::option::OptionalExt;
|
||||
use redox_users::{get_uid, All, AllGroups, AllUsers, Config};
|
||||
use termion::input::TermRead;
|
||||
use redox_users::{get_uid, All, AllUsers, AllGroups, Config};
|
||||
|
||||
const MAX_ATTEMPTS: u16 = 3;
|
||||
const _MAN_PAGE: &'static str = /* @MANSTART{sudo} */ r#"
|
||||
const _MAN_PAGE: &'static str = /* @MANSTART{sudo} */
|
||||
r#"
|
||||
NAME
|
||||
sudo - execute a command as another user
|
||||
|
||||
@@ -52,50 +53,51 @@ pub fn main() {
|
||||
|
||||
let user = users.get_by_id(uid).unwrap_or_exit(1);
|
||||
|
||||
if uid != 0 {
|
||||
let sudo_group = groups.get_by_name("sudo").unwrap_or_exit(1);
|
||||
if uid == 0 {
|
||||
run_command_as_root(&cmd, &args.collect::<Vec<String>>());
|
||||
exit(0);
|
||||
}
|
||||
|
||||
if sudo_group.users.iter().any(|name| name == &user.user) {
|
||||
//If the user's password is not empty...
|
||||
if !user.is_passwd_blank() {
|
||||
let mut attempts = 0;
|
||||
let sudo_group = groups.get_by_name("sudo").unwrap_or_exit(1);
|
||||
if !sudo_group.users.iter().any(|name| name == &user.user) {
|
||||
eprintln!("sudo: '{}' not in sudo group", user.user);
|
||||
exit(1);
|
||||
}
|
||||
|
||||
loop {
|
||||
print!("[sudo] password for {}: ", user.user);
|
||||
let _ = stdout.flush();
|
||||
if user.is_passwd_blank() {
|
||||
// FIXME: We should not be doing this as provides access to any
|
||||
// user w/o auth to run stuff as root. We should be doing something like:
|
||||
// eprintln!("sudo: '{}' is in sudo group but does not have a password set", user.user);
|
||||
// exit(1);
|
||||
run_command_as_root(&cmd, &args.collect::<Vec<String>>());
|
||||
exit(0);
|
||||
}
|
||||
|
||||
match stdin.read_passwd(&mut stdout).unwrap() {
|
||||
Some(password) => {
|
||||
write!(stdout, "\n").unwrap();
|
||||
let _ = stdout.flush();
|
||||
let mut attempts = 0;
|
||||
|
||||
if user.verify_passwd(&password) {
|
||||
break;
|
||||
} else {
|
||||
attempts += 1;
|
||||
eprintln!("sudo: incorrect password ({}/{})", attempts, MAX_ATTEMPTS);
|
||||
if attempts >= MAX_ATTEMPTS {
|
||||
exit(1);
|
||||
}
|
||||
}
|
||||
},
|
||||
None => {
|
||||
write!(stdout, "\n").unwrap();
|
||||
exit(1);
|
||||
}
|
||||
loop {
|
||||
print!("[sudo] password for {}: ", user.user);
|
||||
let _ = stdout.flush();
|
||||
|
||||
match stdin.read_passwd(&mut stdout).unwrap() {
|
||||
Some(password) => {
|
||||
write!(stdout, "\n").unwrap();
|
||||
let _ = stdout.flush();
|
||||
|
||||
if user.verify_passwd(&password) {
|
||||
break;
|
||||
} else {
|
||||
attempts += 1;
|
||||
eprintln!("sudo: incorrect password ({}/{})", attempts, MAX_ATTEMPTS);
|
||||
if attempts >= MAX_ATTEMPTS {
|
||||
exit(1);
|
||||
}
|
||||
}
|
||||
} else {
|
||||
// FIXME: We should not be doing this as provides access to any
|
||||
// user w/o auth to run stuff as root. We should be doing something like:
|
||||
// eprintln!("sudo: '{}' is in sudo group but does not have a password set", user.user);
|
||||
// exit(1);
|
||||
run_command_as_root(&cmd, &args.collect::<Vec<String>>());
|
||||
exit(0);
|
||||
}
|
||||
} else {
|
||||
eprintln!("sudo: '{}' not in sudo group", user.user);
|
||||
exit(1);
|
||||
None => {
|
||||
write!(stdout, "\n").unwrap();
|
||||
exit(1);
|
||||
}
|
||||
}
|
||||
}
|
||||
|
||||
|
||||
Reference in New Issue
Block a user