deelevate 0.1.0

Drop privileges on Windows
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
114
115
116
117
118
119
120
121
122
123

use deelevate::{BridgePtyClient, Command, PipeHandle, Token};
use std::convert::TryInto;
use std::ffi::OsString;
use std::path::PathBuf;
use structopt::*;
use winapi::um::wincon::{SetConsoleCP, SetConsoleCursorPosition, SetConsoleOutputCP, COORD};
use winapi::um::winnls::CP_UTF8;

/// A helper program for `eledo` and `normdo` that is used to
/// bridge pty and pipes between the different privilege levels.
/// This utility is not intended to be run by humans.
#[derive(StructOpt)]
#[structopt(
    version = env!("VERGEN_SEMVER_LIGHTWEIGHT")
)]
struct Opt {
    #[structopt(long, parse(from_os_str))]
    stdin: Option<PathBuf>,
    #[structopt(long, parse(from_os_str))]
    stdout: Option<PathBuf>,
    #[structopt(long, parse(from_os_str))]
    stderr: Option<PathBuf>,
    #[structopt(long, parse(from_os_str))]
    conin: Option<PathBuf>,
    #[structopt(long, parse(from_os_str))]
    conout: Option<PathBuf>,

    #[structopt(long)]
    width: Option<usize>,
    #[structopt(long)]
    height: Option<usize>,

    #[structopt(long)]
    cursor_x: Option<usize>,
    #[structopt(long)]
    cursor_y: Option<usize>,

    #[structopt(parse(from_os_str))]
    args: Vec<OsString>,
}

fn main() -> std::io::Result<()> {
    let mut opt = Opt::from_args();

    unsafe {
        SetConsoleCP(CP_UTF8);
        SetConsoleOutputCP(CP_UTF8);
    }

    let token = Token::with_current_process()?;

    if let Some(conin) = opt.conin {
        let pty_client = BridgePtyClient::with_params(
            &conin,
            &opt.conout.unwrap(),
            opt.width.unwrap(),
            opt.height.unwrap(),
        )?;

        let mut args: Vec<OsString> = vec![std::env::current_exe()?.into()];

        if let Some(stdin) = opt.stdin {
            args.push("--stdin".into());
            args.push(stdin.into());
        }
        if let Some(stdout) = opt.stdout {
            args.push("--stdout".into());
            args.push(stdout.into());
        }
        if let Some(stderr) = opt.stderr {
            args.push("--stderr".into());
            args.push(stderr.into());
        }
        if let Some(cursor_x) = opt.cursor_x {
            args.push("--cursor-x".into());
            args.push(cursor_x.to_string().into());
        }
        if let Some(cursor_y) = opt.cursor_x {
            args.push("--cursor-y".into());
            args.push(cursor_y.to_string().into());
        }

        args.push("--".into());
        args.append(&mut opt.args);

        let mut cmd = Command::with_environment_for_token(&token)?;
        cmd.set_argv(args);

        let exit_code = pty_client.run(cmd)?;
        std::process::exit(exit_code as _);
    } else {
        let mut cmd = Command::with_environment_for_token(&token)?;
        cmd.set_argv(opt.args);

        if let Some(stdin) = opt.stdin {
            cmd.set_stdin(PipeHandle::open_pipe(stdin)?)?;
        }
        if let Some(stdout) = opt.stdout {
            cmd.set_stdout(PipeHandle::open_pipe(stdout)?)?;
        }
        if let Some(stderr) = opt.stderr {
            cmd.set_stderr(PipeHandle::open_pipe(stderr)?)?;
        }

        if let Some(cursor_x) = opt.cursor_x {
            let conout = PipeHandle::open_pipe("CONOUT$")?;
            unsafe {
                SetConsoleCursorPosition(
                    conout.as_handle(),
                    COORD {
                        X: cursor_x.try_into().unwrap(),
                        Y: opt.cursor_y.unwrap().try_into().unwrap(),
                    },
                );
            }
        }

        let proc = cmd.spawn()?;
        let _ = proc.wait_for(None)?;
        let exit_code = proc.exit_code()?;
        std::process::exit(exit_code as _);
    }
}