Files
RedBear-OS/src/bin/sudo.rs
T
2017-12-15 18:31:25 +00:00

151 lines
4.3 KiB
Rust

#![deny(warnings)]
extern crate arg_parser;
extern crate extra;
extern crate syscall;
extern crate termion;
extern crate redox_users;
use std::env;
use std::io::{self, Write};
use std::os::unix::process::CommandExt;
use std::process::{Command, exit};
use arg_parser::ArgParser;
use extra::option::OptionalExt;
use termion::input::TermRead;
use redox_users::{get_uid, get_user_by_id, get_group_by_name};
const MAX_ATTEMPTS: u16 = 3;
const MAN_PAGE: &'static str = /* @MANSTART{sudo} */ r#"
NAME
sudo - execute a command as another user
SYNOPSIS
sudo command
sudo [ -h | --help ]
DESCRIPTION
The sudo utility allows a permitted user to execute a command as the
superuser or another user, as specified by the security policy.
OPTIONS
-h
--help
Display this help and exit.
EXIT STATUS
Upon successful execution of a command, the exit status from sudo will
be the exit status of the program that was executed. In case of error
the exit status will be >0.
AUTHOR
Written by Jeremy Soller, Jose Narvaez.
"#; /* @MANEND */
pub fn main() {
let stdin = io::stdin();
let mut stdin = stdin.lock();
let stdout = io::stdout();
let mut stdout = stdout.lock();
let mut parser = ArgParser::new(1)
.add_flag(&["h", "help"]);
parser.parse(env::args());
// Shows the help
if parser.found("help") {
let _ = stdout.write_all(MAN_PAGE.as_bytes());
let _ = stdout.flush();
exit(0);
}
let mut args = env::args().skip(1);
let cmd = args.next().unwrap_or_else(|| {
eprintln!("sudo: no command provided");
exit(1);
});
let uid = get_uid().unwrap_or_exit(1);
let user = get_user_by_id(uid).unwrap_or_exit(1);
if uid != 0 {
let sudo_group = get_group_by_name("sudo").unwrap_or_exit(1);
if sudo_group.users.iter().any(|name| name == &user.user) {
if ! user.hash.is_empty() {
let max_attempts = MAX_ATTEMPTS;
let mut attempts = 0;
loop {
print!("[sudo] password for {}: ", user.user);
let _ = stdout.flush();
match stdin.read_passwd(&mut stdout).unwrap() {
Some(password) => {
write!(stdout, "\n").unwrap();
let _ = stdout.flush();
if user.verify_passwd(&password) {
break;
} else {
attempts += 1;
eprintln!("sudo: incorrect password ({}/{})", attempts, max_attempts);
if attempts >= max_attempts {
exit(1);
}
}
},
None => {
write!(stdout, "\n").unwrap();
exit(1);
}
}
}
} else {
// FIXME: We should not be doing this as provides access to any
// user w/o auth to run stuff as root. We should be doing something like:
// eprintln!("sudo: '{}' is in sudo group but does not have a password set", user.user);
// exit(1);
run_command_as_root(&cmd, &args.collect::<Vec<String>>());
exit(0);
}
} else {
eprintln!("sudo: '{}' not in sudo group", user.user);
exit(1);
}
}
run_command_as_root(&cmd, &args.collect::<Vec<String>>());
exit(0);
}
fn run_command_as_root(cmd: &str, args: &Vec<String>) {
let mut command = Command::new(&cmd);
for arg in args {
command.arg(&arg);
}
command.uid(0);
command.gid(0);
command.env("USER", "root");
command.env("UID", "0");
command.env("GROUPS", "0");
match command.spawn() {
Ok(mut child) => match child.wait() {
Ok(status) => exit(status.code().unwrap_or(0)),
Err(err) => {
eprintln!("sudo: failed to wait for {}: {}", cmd, err);
exit(1);
}
},
Err(err) => {
eprintln!("sudo: failed to execute {}: {}", cmd, err);
exit(1);
}
}
}