mirror of
https://github.com/nushell/nushell
synced 2024-12-29 06:23:11 +00:00
Make auto-cd check for permissions (#12342)
<!-- if this PR closes one or more issues, you can automatically link the PR with them by using one of the [*linking keywords*](https://docs.github.com/en/issues/tracking-your-work-with-issues/linking-a-pull-request-to-an-issue#linking-a-pull-request-to-an-issue-using-a-keyword), e.g. - this PR should close #xxxx - fixes #xxxx you can also mention related issues, PRs or discussions! --> # Description <!-- Thank you for improving Nushell. Please, check our [contributing guide](../CONTRIBUTING.md) and talk to the core team before making major changes. Description of your pull request goes here. **Provide examples and/or screenshots** if your changes affect the user experience. --> I was playing around with auto-cd and realised it didn't check for permissions before cd'ing. This PR fixes that. ``` ~/CodingProjects/nushell> /root Error: nu:🐚:io_error × I/O error help: Cannot change directory to /root: You are neither the owner, in the group, nor the super user and do not have permission ``` This PR also refactors some of the filesystem utilities to nu-utils, specifically the permissions checking and users. # User-Facing Changes <!-- List of all changes that impact the user experience here. This helps us keep track of breaking changes. --> # Tests + Formatting <!-- Don't forget to add tests that cover your changes. Make sure you've run and fixed any issues with these commands: - `cargo fmt --all -- --check` to check standard code formatting (`cargo fmt --all` applies these changes) - `cargo clippy --workspace -- -D warnings -D clippy::unwrap_used` to check that you're using the standard code style - `cargo test --workspace` to check that all tests pass (on Windows make sure to [enable developer mode](https://learn.microsoft.com/en-us/windows/apps/get-started/developer-mode-features-and-debugging)) - `cargo run -- -c "use std testing; testing run-tests --path crates/nu-std"` to run the tests for the standard library > **Note** > from `nushell` you can also use the `toolkit` as follows > ```bash > use toolkit.nu # or use an `env_change` hook to activate it automatically > toolkit check pr > ``` --> # After Submitting <!-- If your PR had any user-facing changes, update [the documentation](https://github.com/nushell/nushell.github.io) after the PR is merged, if necessary. This will help us keep the docs up to date. -->
This commit is contained in:
parent
16cbed7d6e
commit
12b897b149
8 changed files with 234 additions and 213 deletions
1
Cargo.lock
generated
1
Cargo.lock
generated
|
@ -3172,6 +3172,7 @@ dependencies = [
|
||||||
"crossterm_winapi",
|
"crossterm_winapi",
|
||||||
"log",
|
"log",
|
||||||
"lscolors",
|
"lscolors",
|
||||||
|
"nix",
|
||||||
"num-format",
|
"num-format",
|
||||||
"strip-ansi-escapes",
|
"strip-ansi-escapes",
|
||||||
"sys-locale",
|
"sys-locale",
|
||||||
|
|
|
@ -23,7 +23,10 @@ use nu_protocol::{
|
||||||
report_error_new, HistoryConfig, HistoryFileFormat, PipelineData, ShellError, Span, Spanned,
|
report_error_new, HistoryConfig, HistoryFileFormat, PipelineData, ShellError, Span, Spanned,
|
||||||
Value, NU_VARIABLE_ID,
|
Value, NU_VARIABLE_ID,
|
||||||
};
|
};
|
||||||
use nu_utils::utils::perf;
|
use nu_utils::{
|
||||||
|
filesystem::{have_permission, PermissionResult},
|
||||||
|
utils::perf,
|
||||||
|
};
|
||||||
use reedline::{
|
use reedline::{
|
||||||
CursorConfig, CwdAwareHinter, DefaultCompleter, EditCommand, Emacs, FileBackedHistory,
|
CursorConfig, CwdAwareHinter, DefaultCompleter, EditCommand, Emacs, FileBackedHistory,
|
||||||
HistorySessionId, Reedline, SqliteBackedHistory, Vi,
|
HistorySessionId, Reedline, SqliteBackedHistory, Vi,
|
||||||
|
@ -761,6 +764,16 @@ fn do_auto_cd(
|
||||||
path.to_string_lossy().to_string()
|
path.to_string_lossy().to_string()
|
||||||
};
|
};
|
||||||
|
|
||||||
|
if let PermissionResult::PermissionDenied(reason) = have_permission(path.clone()) {
|
||||||
|
report_error_new(
|
||||||
|
engine_state,
|
||||||
|
&ShellError::IOError {
|
||||||
|
msg: format!("Cannot change directory to {path}: {reason}"),
|
||||||
|
},
|
||||||
|
);
|
||||||
|
return;
|
||||||
|
}
|
||||||
|
|
||||||
stack.add_env_var("OLDPWD".into(), Value::string(cwd.clone(), Span::unknown()));
|
stack.add_env_var("OLDPWD".into(), Value::string(cwd.clone(), Span::unknown()));
|
||||||
|
|
||||||
//FIXME: this only changes the current scope, but instead this environment variable
|
//FIXME: this only changes the current scope, but instead this environment variable
|
||||||
|
|
|
@ -1,21 +1,5 @@
|
||||||
use nu_engine::{command_prelude::*, current_dir};
|
use nu_engine::{command_prelude::*, current_dir};
|
||||||
use std::path::Path;
|
use nu_utils::filesystem::{have_permission, PermissionResult};
|
||||||
#[cfg(unix)]
|
|
||||||
use {
|
|
||||||
crate::filesystem::util::users,
|
|
||||||
nix::{
|
|
||||||
sys::stat::{mode_t, Mode},
|
|
||||||
unistd::{Gid, Uid},
|
|
||||||
},
|
|
||||||
std::os::unix::fs::MetadataExt,
|
|
||||||
};
|
|
||||||
|
|
||||||
// The result of checking whether we have permission to cd to a directory
|
|
||||||
#[derive(Debug)]
|
|
||||||
enum PermissionResult<'a> {
|
|
||||||
PermissionOk,
|
|
||||||
PermissionDenied(&'a str),
|
|
||||||
}
|
|
||||||
|
|
||||||
#[derive(Clone)]
|
#[derive(Clone)]
|
||||||
pub struct Cd;
|
pub struct Cd;
|
||||||
|
@ -149,89 +133,3 @@ impl Command for Cd {
|
||||||
]
|
]
|
||||||
}
|
}
|
||||||
}
|
}
|
||||||
|
|
||||||
// TODO: Maybe we should use file_attributes() from https://doc.rust-lang.org/std/os/windows/fs/trait.MetadataExt.html
|
|
||||||
// More on that here: https://learn.microsoft.com/en-us/windows/win32/fileio/file-attribute-constants
|
|
||||||
#[cfg(windows)]
|
|
||||||
fn have_permission(dir: impl AsRef<Path>) -> PermissionResult<'static> {
|
|
||||||
match dir.as_ref().read_dir() {
|
|
||||||
Err(e) => {
|
|
||||||
if matches!(e.kind(), std::io::ErrorKind::PermissionDenied) {
|
|
||||||
PermissionResult::PermissionDenied("Folder is unable to be read")
|
|
||||||
} else {
|
|
||||||
PermissionResult::PermissionOk
|
|
||||||
}
|
|
||||||
}
|
|
||||||
Ok(_) => PermissionResult::PermissionOk,
|
|
||||||
}
|
|
||||||
}
|
|
||||||
|
|
||||||
#[cfg(unix)]
|
|
||||||
fn have_permission(dir: impl AsRef<Path>) -> PermissionResult<'static> {
|
|
||||||
match dir.as_ref().metadata() {
|
|
||||||
Ok(metadata) => {
|
|
||||||
let mode = Mode::from_bits_truncate(metadata.mode() as mode_t);
|
|
||||||
let current_user_uid = users::get_current_uid();
|
|
||||||
if current_user_uid.is_root() {
|
|
||||||
return PermissionResult::PermissionOk;
|
|
||||||
}
|
|
||||||
let current_user_gid = users::get_current_gid();
|
|
||||||
let owner_user = Uid::from_raw(metadata.uid());
|
|
||||||
let owner_group = Gid::from_raw(metadata.gid());
|
|
||||||
match (
|
|
||||||
current_user_uid == owner_user,
|
|
||||||
current_user_gid == owner_group,
|
|
||||||
) {
|
|
||||||
(true, _) => {
|
|
||||||
if mode.contains(Mode::S_IXUSR) {
|
|
||||||
PermissionResult::PermissionOk
|
|
||||||
} else {
|
|
||||||
PermissionResult::PermissionDenied(
|
|
||||||
"You are the owner but do not have execute permission",
|
|
||||||
)
|
|
||||||
}
|
|
||||||
}
|
|
||||||
(false, true) => {
|
|
||||||
if mode.contains(Mode::S_IXGRP) {
|
|
||||||
PermissionResult::PermissionOk
|
|
||||||
} else {
|
|
||||||
PermissionResult::PermissionDenied(
|
|
||||||
"You are in the group but do not have execute permission",
|
|
||||||
)
|
|
||||||
}
|
|
||||||
}
|
|
||||||
(false, false) => {
|
|
||||||
if mode.contains(Mode::S_IXOTH)
|
|
||||||
|| (mode.contains(Mode::S_IXGRP)
|
|
||||||
&& any_group(current_user_gid, owner_group))
|
|
||||||
{
|
|
||||||
PermissionResult::PermissionOk
|
|
||||||
} else {
|
|
||||||
PermissionResult::PermissionDenied(
|
|
||||||
"You are neither the owner, in the group, nor the super user and do not have permission",
|
|
||||||
)
|
|
||||||
}
|
|
||||||
}
|
|
||||||
}
|
|
||||||
}
|
|
||||||
Err(_) => PermissionResult::PermissionDenied("Could not retrieve file metadata"),
|
|
||||||
}
|
|
||||||
}
|
|
||||||
|
|
||||||
#[cfg(any(target_os = "linux", target_os = "freebsd", target_os = "android"))]
|
|
||||||
fn any_group(_current_user_gid: Gid, owner_group: Gid) -> bool {
|
|
||||||
users::current_user_groups()
|
|
||||||
.unwrap_or_default()
|
|
||||||
.contains(&owner_group)
|
|
||||||
}
|
|
||||||
|
|
||||||
#[cfg(all(
|
|
||||||
unix,
|
|
||||||
not(any(target_os = "linux", target_os = "freebsd", target_os = "android"))
|
|
||||||
))]
|
|
||||||
fn any_group(current_user_gid: Gid, owner_group: Gid) -> bool {
|
|
||||||
users::get_current_username()
|
|
||||||
.and_then(|name| users::get_user_groups(&name, current_user_gid))
|
|
||||||
.unwrap_or_default()
|
|
||||||
.contains(&owner_group)
|
|
||||||
}
|
|
||||||
|
|
|
@ -509,7 +509,7 @@ pub(crate) fn dir_entry_dict(
|
||||||
|
|
||||||
#[cfg(unix)]
|
#[cfg(unix)]
|
||||||
{
|
{
|
||||||
use crate::filesystem::util::users;
|
use nu_utils::filesystem::users;
|
||||||
use std::os::unix::fs::MetadataExt;
|
use std::os::unix::fs::MetadataExt;
|
||||||
|
|
||||||
let mode = md.permissions().mode();
|
let mode = md.permissions().mode();
|
||||||
|
|
|
@ -90,114 +90,6 @@ pub fn is_older(src: &Path, dst: &Path) -> Option<bool> {
|
||||||
}
|
}
|
||||||
}
|
}
|
||||||
|
|
||||||
#[cfg(unix)]
|
|
||||||
pub mod users {
|
|
||||||
use nix::unistd::{Gid, Group, Uid, User};
|
|
||||||
|
|
||||||
pub fn get_user_by_uid(uid: Uid) -> Option<User> {
|
|
||||||
User::from_uid(uid).ok().flatten()
|
|
||||||
}
|
|
||||||
|
|
||||||
pub fn get_group_by_gid(gid: Gid) -> Option<Group> {
|
|
||||||
Group::from_gid(gid).ok().flatten()
|
|
||||||
}
|
|
||||||
|
|
||||||
pub fn get_current_uid() -> Uid {
|
|
||||||
Uid::current()
|
|
||||||
}
|
|
||||||
|
|
||||||
pub fn get_current_gid() -> Gid {
|
|
||||||
Gid::current()
|
|
||||||
}
|
|
||||||
|
|
||||||
#[cfg(not(any(target_os = "linux", target_os = "freebsd", target_os = "android")))]
|
|
||||||
pub fn get_current_username() -> Option<String> {
|
|
||||||
get_user_by_uid(get_current_uid()).map(|user| user.name)
|
|
||||||
}
|
|
||||||
|
|
||||||
#[cfg(any(target_os = "linux", target_os = "freebsd", target_os = "android"))]
|
|
||||||
pub fn current_user_groups() -> Option<Vec<Gid>> {
|
|
||||||
if let Ok(mut groups) = nix::unistd::getgroups() {
|
|
||||||
groups.sort_unstable_by_key(|id| id.as_raw());
|
|
||||||
groups.dedup();
|
|
||||||
Some(groups)
|
|
||||||
} else {
|
|
||||||
None
|
|
||||||
}
|
|
||||||
}
|
|
||||||
|
|
||||||
/// Returns groups for a provided user name and primary group id.
|
|
||||||
///
|
|
||||||
/// # libc functions used
|
|
||||||
///
|
|
||||||
/// - [`getgrouplist`](https://docs.rs/libc/*/libc/fn.getgrouplist.html)
|
|
||||||
///
|
|
||||||
/// # Examples
|
|
||||||
///
|
|
||||||
/// ```ignore
|
|
||||||
/// use users::get_user_groups;
|
|
||||||
///
|
|
||||||
/// for group in get_user_groups("stevedore", 1001).expect("Error looking up groups") {
|
|
||||||
/// println!("User is a member of group #{group}");
|
|
||||||
/// }
|
|
||||||
/// ```
|
|
||||||
#[cfg(not(any(target_os = "linux", target_os = "freebsd", target_os = "android")))]
|
|
||||||
pub fn get_user_groups(username: &str, gid: Gid) -> Option<Vec<Gid>> {
|
|
||||||
use nix::libc::{c_int, gid_t};
|
|
||||||
use std::ffi::CString;
|
|
||||||
|
|
||||||
// MacOS uses i32 instead of gid_t in getgrouplist for unknown reasons
|
|
||||||
#[cfg(target_os = "macos")]
|
|
||||||
let mut buff: Vec<i32> = vec![0; 1024];
|
|
||||||
#[cfg(not(target_os = "macos"))]
|
|
||||||
let mut buff: Vec<gid_t> = vec![0; 1024];
|
|
||||||
|
|
||||||
let name = CString::new(username).ok()?;
|
|
||||||
|
|
||||||
let mut count = buff.len() as c_int;
|
|
||||||
|
|
||||||
// MacOS uses i32 instead of gid_t in getgrouplist for unknown reasons
|
|
||||||
// SAFETY:
|
|
||||||
// int getgrouplist(const char *user, gid_t group, gid_t *groups, int *ngroups);
|
|
||||||
//
|
|
||||||
// `name` is valid CStr to be `const char*` for `user`
|
|
||||||
// every valid value will be accepted for `group`
|
|
||||||
// The capacity for `*groups` is passed in as `*ngroups` which is the buffer max length/capacity (as we initialize with 0)
|
|
||||||
// Following reads from `*groups`/`buff` will only happen after `buff.truncate(*ngroups)`
|
|
||||||
#[cfg(target_os = "macos")]
|
|
||||||
let res = unsafe {
|
|
||||||
nix::libc::getgrouplist(
|
|
||||||
name.as_ptr(),
|
|
||||||
gid.as_raw() as i32,
|
|
||||||
buff.as_mut_ptr(),
|
|
||||||
&mut count,
|
|
||||||
)
|
|
||||||
};
|
|
||||||
|
|
||||||
#[cfg(not(target_os = "macos"))]
|
|
||||||
let res = unsafe {
|
|
||||||
nix::libc::getgrouplist(name.as_ptr(), gid.as_raw(), buff.as_mut_ptr(), &mut count)
|
|
||||||
};
|
|
||||||
|
|
||||||
if res < 0 {
|
|
||||||
None
|
|
||||||
} else {
|
|
||||||
buff.truncate(count as usize);
|
|
||||||
buff.sort_unstable();
|
|
||||||
buff.dedup();
|
|
||||||
// allow trivial cast: on macos i is i32, on linux it's already gid_t
|
|
||||||
#[allow(trivial_numeric_casts)]
|
|
||||||
Some(
|
|
||||||
buff.into_iter()
|
|
||||||
.map(|id| Gid::from_raw(id as gid_t))
|
|
||||||
.filter_map(get_group_by_gid)
|
|
||||||
.map(|group| group.gid)
|
|
||||||
.collect(),
|
|
||||||
)
|
|
||||||
}
|
|
||||||
}
|
|
||||||
}
|
|
||||||
|
|
||||||
/// Get rest arguments from given `call`, starts with `starting_pos`.
|
/// Get rest arguments from given `call`, starts with `starting_pos`.
|
||||||
///
|
///
|
||||||
/// It's similar to `call.rest`, except that it always returns NuGlob. And if input argument has
|
/// It's similar to `call.rest`, except that it always returns NuGlob. And if input argument has
|
||||||
|
|
|
@ -26,3 +26,6 @@ unicase = "2.7.0"
|
||||||
|
|
||||||
[target.'cfg(windows)'.dependencies]
|
[target.'cfg(windows)'.dependencies]
|
||||||
crossterm_winapi = "0.9"
|
crossterm_winapi = "0.9"
|
||||||
|
|
||||||
|
[target.'cfg(unix)'.dependencies]
|
||||||
|
nix = { workspace = true, default-features = false, features = ["user"] }
|
210
crates/nu-utils/src/filesystem.rs
Normal file
210
crates/nu-utils/src/filesystem.rs
Normal file
|
@ -0,0 +1,210 @@
|
||||||
|
use std::path::Path;
|
||||||
|
#[cfg(unix)]
|
||||||
|
use {
|
||||||
|
nix::{
|
||||||
|
sys::stat::{mode_t, Mode},
|
||||||
|
unistd::{Gid, Uid},
|
||||||
|
},
|
||||||
|
std::os::unix::fs::MetadataExt,
|
||||||
|
};
|
||||||
|
|
||||||
|
// The result of checking whether we have permission to cd to a directory
|
||||||
|
#[derive(Debug)]
|
||||||
|
pub enum PermissionResult<'a> {
|
||||||
|
PermissionOk,
|
||||||
|
PermissionDenied(&'a str),
|
||||||
|
}
|
||||||
|
|
||||||
|
// TODO: Maybe we should use file_attributes() from https://doc.rust-lang.org/std/os/windows/fs/trait.MetadataExt.html
|
||||||
|
// More on that here: https://learn.microsoft.com/en-us/windows/win32/fileio/file-attribute-constants
|
||||||
|
#[cfg(windows)]
|
||||||
|
pub fn have_permission(dir: impl AsRef<Path>) -> PermissionResult<'static> {
|
||||||
|
match dir.as_ref().read_dir() {
|
||||||
|
Err(e) => {
|
||||||
|
if matches!(e.kind(), std::io::ErrorKind::PermissionDenied) {
|
||||||
|
PermissionResult::PermissionDenied("Folder is unable to be read")
|
||||||
|
} else {
|
||||||
|
PermissionResult::PermissionOk
|
||||||
|
}
|
||||||
|
}
|
||||||
|
Ok(_) => PermissionResult::PermissionOk,
|
||||||
|
}
|
||||||
|
}
|
||||||
|
|
||||||
|
#[cfg(unix)]
|
||||||
|
pub fn have_permission(dir: impl AsRef<Path>) -> PermissionResult<'static> {
|
||||||
|
match dir.as_ref().metadata() {
|
||||||
|
Ok(metadata) => {
|
||||||
|
let mode = Mode::from_bits_truncate(metadata.mode() as mode_t);
|
||||||
|
let current_user_uid = users::get_current_uid();
|
||||||
|
if current_user_uid.is_root() {
|
||||||
|
return PermissionResult::PermissionOk;
|
||||||
|
}
|
||||||
|
let current_user_gid = users::get_current_gid();
|
||||||
|
let owner_user = Uid::from_raw(metadata.uid());
|
||||||
|
let owner_group = Gid::from_raw(metadata.gid());
|
||||||
|
match (
|
||||||
|
current_user_uid == owner_user,
|
||||||
|
current_user_gid == owner_group,
|
||||||
|
) {
|
||||||
|
(true, _) => {
|
||||||
|
if mode.contains(Mode::S_IXUSR) {
|
||||||
|
PermissionResult::PermissionOk
|
||||||
|
} else {
|
||||||
|
PermissionResult::PermissionDenied(
|
||||||
|
"You are the owner but do not have execute permission",
|
||||||
|
)
|
||||||
|
}
|
||||||
|
}
|
||||||
|
(false, true) => {
|
||||||
|
if mode.contains(Mode::S_IXGRP) {
|
||||||
|
PermissionResult::PermissionOk
|
||||||
|
} else {
|
||||||
|
PermissionResult::PermissionDenied(
|
||||||
|
"You are in the group but do not have execute permission",
|
||||||
|
)
|
||||||
|
}
|
||||||
|
}
|
||||||
|
(false, false) => {
|
||||||
|
if mode.contains(Mode::S_IXOTH)
|
||||||
|
|| (mode.contains(Mode::S_IXGRP)
|
||||||
|
&& any_group(current_user_gid, owner_group))
|
||||||
|
{
|
||||||
|
PermissionResult::PermissionOk
|
||||||
|
} else {
|
||||||
|
PermissionResult::PermissionDenied(
|
||||||
|
"You are neither the owner, in the group, nor the super user and do not have permission",
|
||||||
|
)
|
||||||
|
}
|
||||||
|
}
|
||||||
|
}
|
||||||
|
}
|
||||||
|
Err(_) => PermissionResult::PermissionDenied("Could not retrieve file metadata"),
|
||||||
|
}
|
||||||
|
}
|
||||||
|
|
||||||
|
#[cfg(any(target_os = "linux", target_os = "freebsd", target_os = "android"))]
|
||||||
|
fn any_group(_current_user_gid: Gid, owner_group: Gid) -> bool {
|
||||||
|
users::current_user_groups()
|
||||||
|
.unwrap_or_default()
|
||||||
|
.contains(&owner_group)
|
||||||
|
}
|
||||||
|
|
||||||
|
#[cfg(all(
|
||||||
|
unix,
|
||||||
|
not(any(target_os = "linux", target_os = "freebsd", target_os = "android"))
|
||||||
|
))]
|
||||||
|
fn any_group(current_user_gid: Gid, owner_group: Gid) -> bool {
|
||||||
|
users::get_current_username()
|
||||||
|
.and_then(|name| users::get_user_groups(&name, current_user_gid))
|
||||||
|
.unwrap_or_default()
|
||||||
|
.contains(&owner_group)
|
||||||
|
}
|
||||||
|
|
||||||
|
#[cfg(unix)]
|
||||||
|
pub mod users {
|
||||||
|
use nix::unistd::{Gid, Group, Uid, User};
|
||||||
|
|
||||||
|
pub fn get_user_by_uid(uid: Uid) -> Option<User> {
|
||||||
|
User::from_uid(uid).ok().flatten()
|
||||||
|
}
|
||||||
|
|
||||||
|
pub fn get_group_by_gid(gid: Gid) -> Option<Group> {
|
||||||
|
Group::from_gid(gid).ok().flatten()
|
||||||
|
}
|
||||||
|
|
||||||
|
pub fn get_current_uid() -> Uid {
|
||||||
|
Uid::current()
|
||||||
|
}
|
||||||
|
|
||||||
|
pub fn get_current_gid() -> Gid {
|
||||||
|
Gid::current()
|
||||||
|
}
|
||||||
|
|
||||||
|
#[cfg(not(any(target_os = "linux", target_os = "freebsd", target_os = "android")))]
|
||||||
|
pub fn get_current_username() -> Option<String> {
|
||||||
|
get_user_by_uid(get_current_uid()).map(|user| user.name)
|
||||||
|
}
|
||||||
|
|
||||||
|
#[cfg(any(target_os = "linux", target_os = "freebsd", target_os = "android"))]
|
||||||
|
pub fn current_user_groups() -> Option<Vec<Gid>> {
|
||||||
|
if let Ok(mut groups) = nix::unistd::getgroups() {
|
||||||
|
groups.sort_unstable_by_key(|id| id.as_raw());
|
||||||
|
groups.dedup();
|
||||||
|
Some(groups)
|
||||||
|
} else {
|
||||||
|
None
|
||||||
|
}
|
||||||
|
}
|
||||||
|
|
||||||
|
/// Returns groups for a provided user name and primary group id.
|
||||||
|
///
|
||||||
|
/// # libc functions used
|
||||||
|
///
|
||||||
|
/// - [`getgrouplist`](https://docs.rs/libc/*/libc/fn.getgrouplist.html)
|
||||||
|
///
|
||||||
|
/// # Examples
|
||||||
|
///
|
||||||
|
/// ```ignore
|
||||||
|
/// use users::get_user_groups;
|
||||||
|
///
|
||||||
|
/// for group in get_user_groups("stevedore", 1001).expect("Error looking up groups") {
|
||||||
|
/// println!("User is a member of group #{group}");
|
||||||
|
/// }
|
||||||
|
/// ```
|
||||||
|
#[cfg(not(any(target_os = "linux", target_os = "freebsd", target_os = "android")))]
|
||||||
|
pub fn get_user_groups(username: &str, gid: Gid) -> Option<Vec<Gid>> {
|
||||||
|
use nix::libc::{c_int, gid_t};
|
||||||
|
use std::ffi::CString;
|
||||||
|
|
||||||
|
// MacOS uses i32 instead of gid_t in getgrouplist for unknown reasons
|
||||||
|
#[cfg(target_os = "macos")]
|
||||||
|
let mut buff: Vec<i32> = vec![0; 1024];
|
||||||
|
#[cfg(not(target_os = "macos"))]
|
||||||
|
let mut buff: Vec<gid_t> = vec![0; 1024];
|
||||||
|
|
||||||
|
let name = CString::new(username).ok()?;
|
||||||
|
|
||||||
|
let mut count = buff.len() as c_int;
|
||||||
|
|
||||||
|
// MacOS uses i32 instead of gid_t in getgrouplist for unknown reasons
|
||||||
|
// SAFETY:
|
||||||
|
// int getgrouplist(const char *user, gid_t group, gid_t *groups, int *ngroups);
|
||||||
|
//
|
||||||
|
// `name` is valid CStr to be `const char*` for `user`
|
||||||
|
// every valid value will be accepted for `group`
|
||||||
|
// The capacity for `*groups` is passed in as `*ngroups` which is the buffer max length/capacity (as we initialize with 0)
|
||||||
|
// Following reads from `*groups`/`buff` will only happen after `buff.truncate(*ngroups)`
|
||||||
|
#[cfg(target_os = "macos")]
|
||||||
|
let res = unsafe {
|
||||||
|
nix::libc::getgrouplist(
|
||||||
|
name.as_ptr(),
|
||||||
|
gid.as_raw() as i32,
|
||||||
|
buff.as_mut_ptr(),
|
||||||
|
&mut count,
|
||||||
|
)
|
||||||
|
};
|
||||||
|
|
||||||
|
#[cfg(not(target_os = "macos"))]
|
||||||
|
let res = unsafe {
|
||||||
|
nix::libc::getgrouplist(name.as_ptr(), gid.as_raw(), buff.as_mut_ptr(), &mut count)
|
||||||
|
};
|
||||||
|
|
||||||
|
if res < 0 {
|
||||||
|
None
|
||||||
|
} else {
|
||||||
|
buff.truncate(count as usize);
|
||||||
|
buff.sort_unstable();
|
||||||
|
buff.dedup();
|
||||||
|
// allow trivial cast: on macos i is i32, on linux it's already gid_t
|
||||||
|
#[allow(trivial_numeric_casts)]
|
||||||
|
Some(
|
||||||
|
buff.into_iter()
|
||||||
|
.map(|id| Gid::from_raw(id as gid_t))
|
||||||
|
.filter_map(get_group_by_gid)
|
||||||
|
.map(|group| group.gid)
|
||||||
|
.collect(),
|
||||||
|
)
|
||||||
|
}
|
||||||
|
}
|
||||||
|
}
|
|
@ -2,6 +2,7 @@ mod casing;
|
||||||
pub mod ctrl_c;
|
pub mod ctrl_c;
|
||||||
mod deansi;
|
mod deansi;
|
||||||
pub mod emoji;
|
pub mod emoji;
|
||||||
|
pub mod filesystem;
|
||||||
pub mod locale;
|
pub mod locale;
|
||||||
pub mod utils;
|
pub mod utils;
|
||||||
|
|
||||||
|
@ -16,3 +17,6 @@ pub use deansi::{
|
||||||
strip_ansi_likely, strip_ansi_string_likely, strip_ansi_string_unlikely, strip_ansi_unlikely,
|
strip_ansi_likely, strip_ansi_string_likely, strip_ansi_string_unlikely, strip_ansi_unlikely,
|
||||||
};
|
};
|
||||||
pub use emoji::contains_emoji;
|
pub use emoji::contains_emoji;
|
||||||
|
|
||||||
|
#[cfg(unix)]
|
||||||
|
pub use filesystem::users;
|
||||||
|
|
Loading…
Reference in a new issue