Files
RedBear-OS/src/bin/sudo.rs
T
2017-08-02 21:09:36 -06:00

174 lines
5.9 KiB
Rust

extern crate arg_parser;
extern crate extra;
extern crate syscall;
extern crate termion;
extern crate userutils;
use std::env;
use std::fs::File;
use std::io::{self, Read, Write};
use std::os::unix::process::CommandExt;
use std::process::{self, Command};
use arg_parser::ArgParser;
use termion::input::TermRead;
use userutils::{Passwd, Group};
const MAN_PAGE: &'static str = /* @MANSTART{sudo} */ r#"
NAME
sudo - execute a command as another user
SYNOPSIS
sudo command
sudo [ -h | --help ]
DESCRIPTION
The sudo utility allows a permitted user to execute a command as the
superuser or another user, as specified by the security policy.
OPTIONS
-h
--help
Display this help and exit.
EXIT STATUS
Upon successful execution of a command, the exit status from sudo will
be the exit status of the program that was executed. In case of error
the exit status will be >0.
AUTHOR
Written by Jeremy Soller.
"#;
pub fn main() {
let stdin = io::stdin();
let mut stdin = stdin.lock();
let stdout = io::stdout();
let mut stdout = stdout.lock();
let stderr = io::stderr();
let mut stderr = stderr.lock();
let mut parser = ArgParser::new(1)
.add_flag(&["h", "help"]);
parser.parse(env::args());
// Shows the help
if parser.found("help") {
let _ = stdout.write_all(MAN_PAGE.as_bytes());
let _ = stdout.flush();
process::exit(0);
}
let mut args = env::args().skip(1);
match args.next() {
None => {
writeln!(stderr, "sudo: no command provided").unwrap();
process::exit(1);
},
Some(cmd) => {
let uid = syscall::getuid().unwrap() as u32;
if uid != 0 {
let mut passwd_string = String::new();
if let Ok(mut file) = File::open("/etc/passwd") {
let _ = file.read_to_string(&mut passwd_string);
}
let mut passwd_option = None;
for line in passwd_string.lines() {
if let Ok(passwd) = Passwd::parse(line) {
if uid == passwd.uid {
passwd_option = Some(passwd);
break;
}
}
}
match passwd_option {
None => {
writeln!(stderr, "sudo: user not found in passwd").unwrap();
process::exit(1);
},
Some(passwd) => {
let mut group_string = String::new();
if let Ok(mut file) = File::open("/etc/group") {
let _ = file.read_to_string(&mut group_string);
}
let mut group_option = None;
for line in group_string.lines() {
if let Ok(group) = Group::parse(line) {
if group.group == "sudo" && group.users.split(',').any(|name| name == passwd.user) {
group_option = Some(group);
break;
}
}
}
if group_option.is_none() {
writeln!(stderr, "sudo: '{}' not in sudo group", passwd.user).unwrap();
process::exit(1);
}
if ! passwd.hash.is_empty() {
let max_attempts = 3;
let mut attempts = 0;
loop {
write!(stdout, "[sudo] password for {}: ", passwd.user).unwrap();
let _ = stdout.flush();
match stdin.read_passwd(&mut stdout).unwrap() {
Some(password) => {
write!(stdout, "\n").unwrap();
let _ = stdout.flush();
if passwd.verify(&password) {
break;
} else {
attempts += 1;
writeln!(stderr, "sudo: incorrect password ({}/{})", attempts, max_attempts).unwrap();
if attempts >= max_attempts {
process::exit(1);
}
}
},
None => {
write!(stdout, "\n").unwrap();
process::exit(1);
}
}
}
}
}
}
}
let mut command = Command::new(&cmd);
for arg in args {
command.arg(&arg);
}
command.uid(0);
command.gid(0);
command.env("USER", "root");
command.env("UID", "0");
command.env("GROUPS", "0");
match command.spawn() {
Ok(mut child) => match child.wait() {
Ok(status) => process::exit(status.code().unwrap_or(0)),
Err(err) => {
writeln!(stderr, "sudo: failed to wait for {}: {}", cmd, err).unwrap();
process::exit(1);
}
},
Err(err) => {
writeln!(stderr, "sudo: failed to execute {}: {}", cmd, err).unwrap();
process::exit(1);
}
}
}
}
}