mirror of
https://github.com/nushell/nushell
synced 2024-12-27 13:33:16 +00:00
fix cd permissions when user belongs to folder group (#9531)
# Description Fixes: #9498 Actually we don't need this pr if the upstream pr is merged: https://github.com/ogham/rust-users/pull/45 But it doesn't have any commit since 2021, and the author seems not active on github now, I think we have to copy the function into nushell to get relative issue fixed...
This commit is contained in:
parent
e6b4e59c0f
commit
cd56b97587
1 changed files with 65 additions and 18 deletions
|
@ -272,27 +272,74 @@ fn have_permission(dir: impl AsRef<Path>) -> PermissionResult<'static> {
|
||||||
}
|
}
|
||||||
}
|
}
|
||||||
|
|
||||||
|
// NOTE: it's a re-export of https://github.com/ogham/rust-users crate
|
||||||
|
// we need to use it because the upstream pr isn't merged: https://github.com/ogham/rust-users/pull/45
|
||||||
|
// once it's merged, we can remove this module
|
||||||
|
#[cfg(unix)]
|
||||||
|
mod nu_users {
|
||||||
|
use libc::c_int;
|
||||||
|
use std::ffi::{CString, OsStr};
|
||||||
|
use std::os::unix::ffi::OsStrExt;
|
||||||
|
use users::{gid_t, Group};
|
||||||
|
/// Returns groups for a provided user name and primary group id.
|
||||||
|
///
|
||||||
|
/// # libc functions used
|
||||||
|
///
|
||||||
|
/// - [`getgrouplist`](https://docs.rs/libc/*/libc/fn.getgrouplist.html)
|
||||||
|
///
|
||||||
|
/// # Examples
|
||||||
|
///
|
||||||
|
/// ```no_run
|
||||||
|
/// use users::get_user_groups;
|
||||||
|
///
|
||||||
|
/// for group in get_user_groups("stevedore", 1001).expect("Error looking up groups") {
|
||||||
|
/// println!("User is a member of group #{} ({:?})", group.gid(), group.name());
|
||||||
|
/// }
|
||||||
|
/// ```
|
||||||
|
pub fn get_user_groups<S: AsRef<OsStr> + ?Sized>(
|
||||||
|
username: &S,
|
||||||
|
gid: gid_t,
|
||||||
|
) -> Option<Vec<Group>> {
|
||||||
|
// MacOS uses i32 instead of gid_t in getgrouplist for unknown reasons
|
||||||
|
#[cfg(all(unix, target_os = "macos"))]
|
||||||
|
let mut buff: Vec<i32> = vec![0; 1024];
|
||||||
|
#[cfg(all(unix, not(target_os = "macos")))]
|
||||||
|
let mut buff: Vec<gid_t> = vec![0; 1024];
|
||||||
|
let name = CString::new(username.as_ref().as_bytes()).expect("OsStr is guaranteed to be zero-free, which is the condition for CString::new to succeed");
|
||||||
|
let mut count = buff.len() as c_int;
|
||||||
|
// MacOS uses i32 instead of gid_t in getgrouplist for unknown reasons
|
||||||
|
// SAFETY:
|
||||||
|
// int getgrouplist(const char *user, gid_t group, gid_t *groups, int *ngroups);
|
||||||
|
//
|
||||||
|
// `name` is valid CStr to be `const char*` for `user`
|
||||||
|
// every valid value will be accepted for `group`
|
||||||
|
// The capacity for `*groups` is passed in as `*ngroups` which is the buffer max length/capacity (as we initialize with 0)
|
||||||
|
// Following reads from `*groups`/`buff` will only happen after `buff.truncate(*ngroups)`
|
||||||
|
#[cfg(all(unix, target_os = "macos"))]
|
||||||
|
let res =
|
||||||
|
unsafe { libc::getgrouplist(name.as_ptr(), gid as i32, buff.as_mut_ptr(), &mut count) };
|
||||||
|
#[cfg(all(unix, not(target_os = "macos")))]
|
||||||
|
let res = unsafe { libc::getgrouplist(name.as_ptr(), gid, buff.as_mut_ptr(), &mut count) };
|
||||||
|
if res < 0 {
|
||||||
|
None
|
||||||
|
} else {
|
||||||
|
buff.truncate(count as usize);
|
||||||
|
buff.sort_unstable();
|
||||||
|
buff.dedup();
|
||||||
|
// allow trivial cast: on macos i is i32, on linux it's already gid_t
|
||||||
|
#[allow(trivial_numeric_casts)]
|
||||||
|
buff.into_iter()
|
||||||
|
.filter_map(|i| users::get_group_by_gid(i as gid_t))
|
||||||
|
.collect::<Vec<_>>()
|
||||||
|
.into()
|
||||||
|
}
|
||||||
|
}
|
||||||
|
}
|
||||||
|
|
||||||
#[cfg(unix)]
|
#[cfg(unix)]
|
||||||
fn any_group(current_user_gid: gid_t, owner_group: u32) -> bool {
|
fn any_group(current_user_gid: gid_t, owner_group: u32) -> bool {
|
||||||
users::get_current_username()
|
users::get_current_username()
|
||||||
.map(|name| {
|
.map(|name| nu_users::get_user_groups(&name, current_user_gid).unwrap_or_default())
|
||||||
users::get_user_groups(&name, current_user_gid)
|
|
||||||
.map(|mut groups| {
|
|
||||||
// Fixes https://github.com/ogham/rust-users/issues/44
|
|
||||||
// If a user isn't in more than one group then this fix won't work,
|
|
||||||
// However its common for a user to be in more than one group, so this should work for most.
|
|
||||||
if groups.len() == 2 && groups[1].gid() == 0 {
|
|
||||||
// We have no way of knowing if this is due to the issue or the user is actually in the root group
|
|
||||||
// So we will assume they are in the root group and leave it.
|
|
||||||
// It's not the end of the world if we are wrong, they will just get a permission denied error once inside.
|
|
||||||
} else {
|
|
||||||
groups.pop();
|
|
||||||
}
|
|
||||||
|
|
||||||
groups
|
|
||||||
})
|
|
||||||
.unwrap_or_default()
|
|
||||||
})
|
|
||||||
.unwrap_or_default()
|
.unwrap_or_default()
|
||||||
.into_iter()
|
.into_iter()
|
||||||
.any(|group| group.gid() == owner_group)
|
.any(|group| group.gid() == owner_group)
|
||||||
|
|
Loading…
Reference in a new issue