sudo-rs 0.1.0-dev.20230620

A memory safe implementation of sudo and su.
Documentation 
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104

pub type GroupId = libc::gid_t;
pub type UserId = libc::uid_t;
pub type ProcessId = libc::pid_t;
pub type DeviceId = libc::dev_t;

/// This trait/module is here to not make this crate independent (at the present time) in the idiosyncracies of user representation details
/// (which we may decide over time), as well as to make explicit what functionality a user-representation must have; this
/// interface is not set in stone and "easy" to change.
pub trait UnixUser {
    fn has_name(&self, _name: &str) -> bool {
        false
    }
    fn has_uid(&self, _uid: libc::uid_t) -> bool {
        false
    }
    fn is_root(&self) -> bool {
        false
    }
    fn in_group_by_name(&self, _name: &str) -> bool {
        false
    }
    fn in_group_by_gid(&self, _gid: GroupId) -> bool {
        false
    }
}

pub trait UnixGroup {
    fn as_gid(&self) -> GroupId;
    fn try_as_name(&self) -> Option<&str>;
}

impl UnixUser for super::User {
    fn has_name(&self, name: &str) -> bool {
        self.name == name
    }
    fn has_uid(&self, uid: GroupId) -> bool {
        self.uid == uid
    }
    fn is_root(&self) -> bool {
        self.has_uid(0)
    }
    fn in_group_by_name(&self, name: &str) -> bool {
        if let Ok(Some(group)) = super::Group::from_name(name) {
            self.in_group_by_gid(group.gid)
        } else {
            false
        }
    }
    fn in_group_by_gid(&self, gid: GroupId) -> bool {
        self.groups.contains(&gid)
    }
}

impl UnixGroup for super::Group {
    fn as_gid(&self) -> GroupId {
        self.gid
    }

    fn try_as_name(&self) -> Option<&str> {
        Some(&self.name)
    }
}

#[cfg(test)]
mod test {
    use crate::system::{Group, User};

    use super::*;

    fn test_user(user: impl UnixUser, name: &str, uid: libc::uid_t) {
        assert!(user.has_name(name));
        assert!(user.has_uid(uid));
        assert!(user.in_group_by_name(name));
        assert_eq!(user.is_root(), name == "root");
    }

    fn test_group(group: impl UnixGroup, name: &str, gid: libc::gid_t) {
        assert_eq!(group.as_gid(), gid);
        assert_eq!(group.try_as_name(), Some(name));
    }

    #[test]
    fn test_unix_user() {
        let user = |name| User::from_name(name).unwrap().unwrap();
        test_user(user("root"), "root", 0);
        test_user(user("daemon"), "daemon", 1);
    }

    #[test]
    fn test_unix_group() {
        let group = |name| Group::from_name(name).unwrap().unwrap();
        test_group(group("root"), "root", 0);
        test_group(group("daemon"), "daemon", 1);
    }

    #[test]
    fn test_default() {
        impl UnixUser for () {}
        assert!(!().has_name("root"));
        assert!(!().has_uid(0));
        assert!(!().is_root());
        assert!(!().in_group_by_name("root"));
    }
}