diff --git a/src/bin/sudo.rs b/src/bin/sudo.rs index 367306f712..9564f1206d 100644 --- a/src/bin/sudo.rs +++ b/src/bin/sudo.rs @@ -1,18 +1,19 @@ extern crate extra; -extern crate termion; extern crate redox_users; +extern crate termion; use std::env; use std::io::{self, Write}; use std::os::unix::process::CommandExt; -use std::process::{Command, exit}; +use std::process::{exit, Command}; use extra::option::OptionalExt; +use redox_users::{get_uid, All, AllGroups, AllUsers, Config}; use termion::input::TermRead; -use redox_users::{get_uid, All, AllUsers, AllGroups, Config}; const MAX_ATTEMPTS: u16 = 3; -const _MAN_PAGE: &'static str = /* @MANSTART{sudo} */ r#" +const _MAN_PAGE: &'static str = /* @MANSTART{sudo} */ + r#" NAME sudo - execute a command as another user @@ -52,50 +53,51 @@ pub fn main() { let user = users.get_by_id(uid).unwrap_or_exit(1); - if uid != 0 { - let sudo_group = groups.get_by_name("sudo").unwrap_or_exit(1); + if uid == 0 { + run_command_as_root(&cmd, &args.collect::>()); + exit(0); + } - if sudo_group.users.iter().any(|name| name == &user.user) { - //If the user's password is not empty... - if !user.is_passwd_blank() { - let mut attempts = 0; + let sudo_group = groups.get_by_name("sudo").unwrap_or_exit(1); + if !sudo_group.users.iter().any(|name| name == &user.user) { + eprintln!("sudo: '{}' not in sudo group", user.user); + exit(1); + } - loop { - print!("[sudo] password for {}: ", user.user); - let _ = stdout.flush(); + if user.is_passwd_blank() { + // FIXME: We should not be doing this as provides access to any + // user w/o auth to run stuff as root. We should be doing something like: + // eprintln!("sudo: '{}' is in sudo group but does not have a password set", user.user); + // exit(1); + run_command_as_root(&cmd, &args.collect::>()); + exit(0); + } - match stdin.read_passwd(&mut stdout).unwrap() { - Some(password) => { - write!(stdout, "\n").unwrap(); - let _ = stdout.flush(); + let mut attempts = 0; - if user.verify_passwd(&password) { - break; - } else { - attempts += 1; - eprintln!("sudo: incorrect password ({}/{})", attempts, MAX_ATTEMPTS); - if attempts >= MAX_ATTEMPTS { - exit(1); - } - } - }, - None => { - write!(stdout, "\n").unwrap(); - exit(1); - } + loop { + print!("[sudo] password for {}: ", user.user); + let _ = stdout.flush(); + + match stdin.read_passwd(&mut stdout).unwrap() { + Some(password) => { + write!(stdout, "\n").unwrap(); + let _ = stdout.flush(); + + if user.verify_passwd(&password) { + break; + } else { + attempts += 1; + eprintln!("sudo: incorrect password ({}/{})", attempts, MAX_ATTEMPTS); + if attempts >= MAX_ATTEMPTS { + exit(1); } } - } else { - // FIXME: We should not be doing this as provides access to any - // user w/o auth to run stuff as root. We should be doing something like: - // eprintln!("sudo: '{}' is in sudo group but does not have a password set", user.user); - // exit(1); - run_command_as_root(&cmd, &args.collect::>()); - exit(0); } - } else { - eprintln!("sudo: '{}' not in sudo group", user.user); - exit(1); + None => { + write!(stdout, "\n").unwrap(); + exit(1); + } } }