1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
114
115
116
117
118
119
120
#![deny(missing_docs)]
#![doc = include_str!("../README.md")]
#![cfg_attr(test, deny(warnings))]
use clap::Parser;
#[cfg(unix)]
extern crate privdrop;
use std::ffi::OsString;
#[cfg(feature = "chroot")]
use std::path::PathBuf;
#[derive(Debug, thiserror::Error)]
pub enum Error {
#[cfg(unix)]
#[error("Privileges could not be dropped")]
PrivDrop(#[from] privdrop::PrivDropError),
}
#[cfg(unix)]
mod supported {
use super::*;
#[derive(Parser, Debug)]
pub struct Permission {
#[clap(short = 'u', long = "user", value_parser)]
user: Option<OsString>,
#[clap(short = 'g', long = "group", value_parser)]
group: Option<OsString>,
#[cfg(feature = "chroot")]
#[clap(long = "chroot", value_parser)]
chroot: Option<PathBuf>,
}
impl Permission {
pub fn drop(self) -> Result<(), Error> {
let mut drop = privdrop::PrivDrop::default();
if let Some(user) = self.user {
drop = drop.user(&user);
}
if let Some(group) = self.group {
drop = drop.group(&group);
}
#[cfg(feature = "chroot")]
{
if let Some(chroot) = self.chroot {
drop = drop.chroot(&chroot);
}
}
drop.apply()?;
Ok(())
}
pub fn user(&self) -> &Option<OsString> {
&self.user
}
pub fn group(&self) -> &Option<OsString> {
&self.group
}
#[cfg(feature = "chroot")]
pub fn chroot(&self) -> &Option<PathBuf> {
&self.chroot
}
}
}
#[cfg(not(unix))]
mod stub {
use super::*;
#[derive(Parser, Debug)]
pub struct Permission {}
impl Permission {
pub fn drop(self) -> Result<(), Error> {
Ok(())
}
pub fn user(&self) -> &Option<OsString> {
&None
}
pub fn group(&self) -> &Option<OsString> {
&None
}
#[cfg(feature = "chroot")]
pub fn chroot(&self) -> &Option<PathBuf> {
&None
}
}
}
#[cfg(unix)]
pub use supported::*;
#[cfg(not(unix))]
pub use stub::*;
