chmod-bpf 0.5.0

Managing BPF device permissions on macOS
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
114
115
116
117
118
119
120
121
122
123
124
125
126
127
128
129
130
131
132
133
134
135
136
137
138
139
140
141
142
143
144
145
146
147
148
149
150
151
152
153
154
155
156

use anyhow::{Context, Result, anyhow};
use std::env;
use std::process::Command;
use std::str;
use uzers::{User, get_current_username, get_effective_uid, get_group_by_name, get_user_by_name};

use crate::command;

pub const MIN_GID: u32 = 100;

/// Check if the group exists.
pub fn group_exists(group_name: &str) -> bool {
    get_group_by_name(group_name).is_some()
}

pub fn get_original_user() -> Option<String> {
    env::var("SUDO_USER").ok()
}

pub fn require_root() -> Result<()> {
    if get_effective_uid() == 0 {
        Ok(())
    } else {
        Err(anyhow!(
            "This command must be executed with elevated privileges (sudo)."
        ))
    }
}

pub fn get_real_current_user() -> Option<User> {
    if let Some(user_name) = get_original_user() {
        get_user_by_name(&user_name)
    } else if let Some(user_name) = get_current_username() {
        get_user_by_name(&user_name)
    } else {
        None
    }
}

/// Creates a new group with the specified name and GID.
pub fn create_group(group_name: &str, group_real_name: &str, gid: u32) -> Result<()> {
    let mut command = Command::new("dseditgroup");
    command
        .arg("-q")
        .arg("-o")
        .arg("create")
        .arg("-i")
        .arg(gid.to_string())
        .arg("-r")
        .arg(group_real_name)
        .arg(group_name);

    command::run(
        &mut command,
        &format!("create group {group_name} with gid {gid}"),
    )
}

/// Get the first available GID starting from min_gid.
pub fn get_free_gid(min_gid: u32) -> Result<u32> {
    let output = Command::new("dscl")
        .arg(".")
        .arg("-list")
        .arg("/Groups")
        .arg("PrimaryGroupID")
        .output()
        .context("Failed to query dscl for group IDs")?;

    if !output.status.success() {
        return Err(anyhow!(
            "dscl exited with status {} while searching for a free gid",
            output.status
        ));
    }

    let output_str = str::from_utf8(&output.stdout).context("dscl output was not UTF-8")?;
    let mut gids: Vec<u32> = output_str
        .lines()
        .filter_map(|line| line.split_whitespace().nth(1))
        .filter_map(|gid| gid.parse::<u32>().ok())
        .collect::<Vec<u32>>();
    gids.sort_unstable();

    let mut current_gid = min_gid;
    for gid in gids {
        if gid != current_gid && gid >= min_gid {
            break;
        }
        current_gid += 1;
    }

    Ok(current_gid)
}

/// Adds the current user to the specified group.
pub fn add_current_user_to_group(group_name: &str) -> Result<()> {
    let user =
        get_real_current_user().ok_or_else(|| anyhow!("Unable to resolve the current user"))?;
    let username = user.name().to_string_lossy().into_owned();

    let mut command = Command::new("dseditgroup");
    command
        .arg("-q")
        .arg("-o")
        .arg("edit")
        .arg("-a")
        .arg(&username)
        .arg("-t")
        .arg("user")
        .arg(group_name);
    command::run(
        &mut command,
        &format!("add user {username} to group {group_name}"),
    )
}

/// Check if the current user is in the specified group.
pub fn current_user_in_group(group_name: &str) -> bool {
    if let Some(user_name) = get_current_username() {
        if let Some(user) = get_user_by_name(&user_name) {
            if let Some(groups) = user.groups() {
                for group in groups {
                    if group.name() == group_name {
                        return true;
                    }
                }
            }
        }
    }
    false
}

/// Adds the specified group to the specified group.
pub fn add_group_to_group(group: &str, target_group: &str) -> Result<()> {
    let mut command = Command::new("dseditgroup");
    command
        .arg("-q")
        .arg("-o")
        .arg("edit")
        .arg("-a")
        .arg(group)
        .arg("-t")
        .arg("group")
        .arg(target_group);
    command::run(
        &mut command,
        &format!("add group {group} to group {target_group}"),
    )
}

/// Deletes the specified group.
pub fn delete_group(group_name: &str) -> Result<()> {
    let mut command = Command::new("dseditgroup");
    command.arg("-o").arg("delete").arg(group_name);
    command::run(&mut command, &format!("delete group {group_name}"))
}