Merge branch 'sudo_improvements' into 'master'

Cleanup the source of sudo a bit

See merge request redox-os/userutils!49
This commit is contained in:
Jeremy Soller
2025-03-11 21:28:12 +00:00
+43 -41
View File
@@ -1,18 +1,19 @@
extern crate extra;
extern crate termion;
extern crate redox_users;
extern crate termion;
use std::env;
use std::io::{self, Write};
use std::os::unix::process::CommandExt;
use std::process::{Command, exit};
use std::process::{exit, Command};
use extra::option::OptionalExt;
use redox_users::{get_uid, All, AllGroups, AllUsers, Config};
use termion::input::TermRead;
use redox_users::{get_uid, All, AllUsers, AllGroups, Config};
const MAX_ATTEMPTS: u16 = 3;
const _MAN_PAGE: &'static str = /* @MANSTART{sudo} */ r#"
const _MAN_PAGE: &'static str = /* @MANSTART{sudo} */
r#"
NAME
sudo - execute a command as another user
@@ -52,50 +53,51 @@ pub fn main() {
let user = users.get_by_id(uid).unwrap_or_exit(1);
if uid != 0 {
let sudo_group = groups.get_by_name("sudo").unwrap_or_exit(1);
if uid == 0 {
run_command_as_root(&cmd, &args.collect::<Vec<String>>());
exit(0);
}
if sudo_group.users.iter().any(|name| name == &user.user) {
//If the user's password is not empty...
if !user.is_passwd_blank() {
let mut attempts = 0;
let sudo_group = groups.get_by_name("sudo").unwrap_or_exit(1);
if !sudo_group.users.iter().any(|name| name == &user.user) {
eprintln!("sudo: '{}' not in sudo group", user.user);
exit(1);
}
loop {
print!("[sudo] password for {}: ", user.user);
let _ = stdout.flush();
if user.is_passwd_blank() {
// FIXME: We should not be doing this as provides access to any
// user w/o auth to run stuff as root. We should be doing something like:
// eprintln!("sudo: '{}' is in sudo group but does not have a password set", user.user);
// exit(1);
run_command_as_root(&cmd, &args.collect::<Vec<String>>());
exit(0);
}
match stdin.read_passwd(&mut stdout).unwrap() {
Some(password) => {
write!(stdout, "\n").unwrap();
let _ = stdout.flush();
let mut attempts = 0;
if user.verify_passwd(&password) {
break;
} else {
attempts += 1;
eprintln!("sudo: incorrect password ({}/{})", attempts, MAX_ATTEMPTS);
if attempts >= MAX_ATTEMPTS {
exit(1);
}
}
},
None => {
write!(stdout, "\n").unwrap();
exit(1);
}
loop {
print!("[sudo] password for {}: ", user.user);
let _ = stdout.flush();
match stdin.read_passwd(&mut stdout).unwrap() {
Some(password) => {
write!(stdout, "\n").unwrap();
let _ = stdout.flush();
if user.verify_passwd(&password) {
break;
} else {
attempts += 1;
eprintln!("sudo: incorrect password ({}/{})", attempts, MAX_ATTEMPTS);
if attempts >= MAX_ATTEMPTS {
exit(1);
}
}
} else {
// FIXME: We should not be doing this as provides access to any
// user w/o auth to run stuff as root. We should be doing something like:
// eprintln!("sudo: '{}' is in sudo group but does not have a password set", user.user);
// exit(1);
run_command_as_root(&cmd, &args.collect::<Vec<String>>());
exit(0);
}
} else {
eprintln!("sudo: '{}' not in sudo group", user.user);
exit(1);
None => {
write!(stdout, "\n").unwrap();
exit(1);
}
}
}