Google Git
Sign in
android / toolchain / rustc / refs/heads/main / . / vendor / redox_users-0.4.6 / src / lib.rs
blob: 223e0e333ec96ba9362268b36959d9caea18f680 [file] [log] [blame] [edit]
//! `redox-users` is designed to be a small, low-ish level interface
//! to system user and group information, as well as user password
//! authentication. It is OS-specific and will break horribly on platforms
//! that are not [Redox-OS](https://redox-os.org).
//!
//! # Permissions
//! Because this is a system level tool dealing with password
//! authentication, programs are often required to run with
//! escalated priveleges. The implementation of the crate is
//! privelege unaware. The only privelege requirements are those
//! laid down by the system administrator over these files:
//! - `/etc/group`
//! - Read: Required to access group information
//! - Write: Required to change group information
//! - `/etc/passwd`
//! - Read: Required to access user information
//! - Write: Required to change user information
//! - `/etc/shadow`
//! - Read: Required to authenticate users
//! - Write: Required to set user passwords
//!
//! # Reimplementation
//! This crate is designed to be as small as possible without
//! sacrificing critical functionality. The idea is that a small
//! enough redox-users will allow easy re-implementation based on
//! the same flexible API. This would allow more complicated authentication
//! schemes for redox in future without breakage of existing
//! software.
use std::fmt::Debug;
use std::fs::{File, OpenOptions};
use std::io::{Read, Seek, SeekFrom, Write};
#[cfg(target_os = "redox")]
use std::os::unix::fs::OpenOptionsExt;
#[cfg(not(target_os = "redox"))]
use std::os::unix::io::AsRawFd;
use std::os::unix::process::CommandExt;
use std::path::{Path, PathBuf};
use std::process::Command;
use std::slice::{Iter, IterMut};
#[cfg(not(test))]
#[cfg(feature = "auth")]
use std::thread;
use std::time::Duration;
use thiserror::Error;
#[cfg(feature = "auth")]
use zeroize::Zeroize;
//#[cfg(not(target_os = "redox"))]
//use nix::fcntl::{flock, FlockArg};
#[cfg(target_os = "redox")]
use libredox::flag::{O_EXLOCK, O_SHLOCK};
const PASSWD_FILE: &'static str = "/etc/passwd";
const GROUP_FILE: &'static str = "/etc/group";
#[cfg(feature = "auth")]
const SHADOW_FILE: &'static str = "/etc/shadow";
const MIN_ID: usize = 1000;
const MAX_ID: usize = 6000;
const DEFAULT_TIMEOUT: u64 = 3;
const USERNAME_LEN_MIN: usize = 3;
const USERNAME_LEN_MAX: usize = 32;
/// Errors that might happen while using this crate
#[derive(Debug, Error)]
#[non_exhaustive]
pub enum Error {
#[error("os error: {reason}")]
Os { reason: &'static str },
#[error(transparent)]
Io(#[from] std::io::Error),
#[error("failed to generate seed: {0}")]
Getrandom(#[from] getrandom::Error),
#[cfg(feature = "auth")]
#[error("")]
Argon(#[from] argon2::Error),
#[error("parse error line {line}: {reason}")]
Parsing { reason: String, line: usize },
#[error(transparent)]
ParseInt(#[from] std::num::ParseIntError),
#[error("user not found")]
UserNotFound,
#[error("group not found")]
GroupNotFound,
#[error("user already exists")]
UserAlreadyExists,
#[error("group already exists")]
GroupAlreadyExists,
#[error("invalid name '{name}'")]
InvalidName { name: String },
/// Used for invalid string field values of [`User`]
#[error("invalid entry element '{data}'")]
InvalidData { data: String },
}
pub type Result<T, E = Error> = core::result::Result<T, E>;
#[inline]
fn parse_error(line: usize, reason: &str) -> Error {
Error::Parsing {
reason: reason.into(),
line,
}
}
impl From<libredox::error::Error> for Error {
fn from(syscall_error: libredox::error::Error) -> Error {
Error::Io(std::io::Error::from(syscall_error))
}
}
#[derive(Clone, Copy, Debug)]
enum Lock {
Shared,
Exclusive,
}
impl Lock {
fn can_write(&self) -> bool {
match self {
Lock::Shared => false,
Lock::Exclusive => true,
}
}
#[cfg(target_os = "redox")]
fn as_olock(self) -> i32 {
(match self {
Lock::Shared => O_SHLOCK,
Lock::Exclusive => O_EXLOCK,
}) as i32
}
/*#[cfg(not(target_os = "redox"))]
fn as_flock(self) -> FlockArg {
match self {
Lock::Shared => FlockArg::LockShared,
Lock::Exclusive => FlockArg::LockExclusive,
}
}*/
}
/// Naive semi-cross platform file locking (need to support linux for tests).
#[allow(dead_code)]
fn locked_file(file: impl AsRef<Path>, lock: Lock) -> Result<File, Error> {
#[cfg(test)]
println!("Open file: {}", file.as_ref().display());
#[cfg(target_os = "redox")]
{
Ok(OpenOptions::new()
.read(true)
.write(lock.can_write())
.custom_flags(lock.as_olock())
.open(file)?)
}
#[cfg(not(target_os = "redox"))]
#[cfg_attr(rustfmt, rustfmt_skip)]
{
let file = OpenOptions::new()
.read(true)
.write(lock.can_write())
.open(file)?;
let fd = file.as_raw_fd();
eprintln!("Fd: {}", fd);
//flock(fd, lock.as_flock())?;
Ok(file)
}
}
/// Reset a file for rewriting (user/group dbs must be erased before write-out)
fn reset_file(fd: &mut File) -> Result<(), Error> {
fd.set_len(0)?;
fd.seek(SeekFrom::Start(0))?;
Ok(())
}
/// Is a string safe to write to `/etc/group` or `/etc/passwd`?
fn is_safe_string(s: &str) -> bool {
!s.contains(';')
}
const PORTABLE_FILE_NAME_CHARS: &str =
"0123456789._-abcdefghijklmnopqrstuvwxyzABCDEFGHIJKLMNOPQRSTUVWXYZ";
/// This function is used by [`UserBuilder`] and [`GroupBuilder`] to determine
/// if a name for a user/group is valid. It is provided for convenience.
///
/// Usernames must match the [POSIX standard
/// for usernames](https://pubs.opengroup.org/onlinepubs/9699919799/basedefs/V1_chap03.html#tag_03_437)
/// . The "portable filename character set" is defined as `A-Z`, `a-z`, `0-9`,
/// and `._-` (see [here](https://pubs.opengroup.org/onlinepubs/9699919799/basedefs/V1_chap03.html#tag_03_282)).
///
/// Usernames may not be more than 32 or less than 3 characters in length.
pub fn is_valid_name(name: &str) -> bool {
if name.len() < USERNAME_LEN_MIN || name.len() > USERNAME_LEN_MAX {
false
} else if let Some(first) = name.chars().next() {
first != '-' &&
name.chars().all(|c| {
PORTABLE_FILE_NAME_CHARS.contains(c)
})
} else {
false
}
}
/// Marker types for [`User`] and [`AllUsers`].
pub mod auth {
#[cfg(feature = "auth")]
use std::fmt;
#[cfg(feature = "auth")]
use zeroize::Zeroize;
#[cfg(feature = "auth")]
use crate::Error;
/// Marker type indicating that a `User` only has access to world-readable
/// user information, and cannot authenticate.
#[derive(Debug, Default)]
pub struct Basic {}
/// Marker type indicating that a `User` has access to all user
/// information, including password hashes.
#[cfg(feature = "auth")]
#[derive(Default, Zeroize)]
#[zeroize(drop)]
pub struct Full {
pub(crate) hash: String,
}
#[cfg(feature = "auth")]
impl Full {
pub(crate) fn empty() -> Full {
Full { hash: "".into() }
}
pub(crate) fn is_empty(&self) -> bool {
&self.hash == ""
}
pub(crate) fn unset() -> Full {
Full { hash: "!".into() }
}
pub(crate) fn is_unset(&self) -> bool {
&self.hash == "!"
}
pub(crate) fn passwd(pw: &str) -> Result<Full, Error> {
Ok(if pw != "" {
let mut buf = [0u8; 8];
getrandom::getrandom(&mut buf)?;
let mut salt = format!("{:X}", u64::from_ne_bytes(buf));
let config = argon2::Config::default();
let hash: String = argon2::hash_encoded(
pw.as_bytes(),
salt.as_bytes(),
&config
)?;
buf.zeroize();
salt.zeroize();
Full { hash } // note that move == shallow copy in Rust
} else {
Full::empty()
})
}
pub(crate) fn verify(&self, pw: &str) -> bool {
match self.hash.as_str() {
"" => pw == "",
"!" => false,
//TODO: When does this panic? Should this function return
// Result? Or does it need to simply fail to verify if
// verify_encoded() fails?
hash => argon2::verify_encoded(&hash, pw.as_bytes())
.expect("failed to verify hash"),
}
}
}
#[cfg(feature = "auth")]
impl fmt::Debug for Full {
fn fmt(&self, f: &mut fmt::Formatter) -> fmt::Result {
f.debug_struct("Full")
.finish()
}
}
}
/// A builder pattern for adding [`User`]s to [`AllUsers`]. Fields are verified
/// when the group is built via [`AllUsers::add_user`]. See the documentation
/// of that function for default values.
///
/// Note that this builder is not available when the `auth` feature of the
/// crate is disabled.
///
/// # Example
/// ```no_run
/// # use redox_users::{AllGroups, Config, GroupBuilder, UserBuilder};
/// let mut allgs = AllGroups::new(Config::default()).unwrap();
///
/// let g = GroupBuilder::new("foobar")
/// .user("foobar");
/// let foobar_g = allgs.add_group(g).unwrap();
///
/// let u = UserBuilder::new("foobar")
/// .gid(foobar_g.gid)
/// .name("Foo Bar")
/// // Note that this directory will not be created
/// .home("file:/home/foobar");
/// ```
#[cfg(feature = "auth")]
pub struct UserBuilder {
user: String,
uid: Option<usize>,
gid: Option<usize>,
name: Option<String>,
home: Option<String>,
shell: Option<String>,
}
#[cfg(feature = "auth")]
impl UserBuilder {
/// Create a new `UserBuilder` with the login name for the new user.
pub fn new(user: impl AsRef<str>) -> UserBuilder {
UserBuilder {
user: user.as_ref().to_string(),
uid: None,
gid: None,
name: None,
home: None,
shell: None,
}
}
/// Set the user id for this user.
pub fn uid(mut self, uid: usize) -> UserBuilder {
self.uid = Some(uid);
self
}
/// Set the primary group id for this user.
pub fn gid(mut self, gid: usize) -> UserBuilder {
self.gid = Some(gid);
self
}
/// Set the GECOS field for this user.
pub fn name(mut self, name: impl AsRef<str>) -> UserBuilder {
self.name = Some(name.as_ref().to_string());
self
}
/// Set the home directory for this user.
pub fn home(mut self, home: impl AsRef<str>) -> UserBuilder {
self.home = Some(home.as_ref().to_string());
self
}
/// Set the login shell for this user.
pub fn shell(mut self, shell: impl AsRef<str>) -> UserBuilder {
self.shell = Some(shell.as_ref().to_string());
self
}
}
/// A struct representing a Redox user.
/// Currently maps to an entry in the `/etc/passwd` file.
///
/// `A` should be a type from [`crate::auth`].
///
/// # Unset vs. Blank Passwords
/// A note on unset passwords vs. blank passwords. A blank password
/// is a hash field that is completely blank (aka, `""`). According
/// to this crate, successful login is only allowed if the input
/// password is blank as well.
///
/// An unset password is one whose hash is not empty (`""`), but
/// also not a valid serialized argon2rs hashing session. This
/// hash always returns `false` upon attempted verification. The
/// most commonly used hash for an unset password is `"!"`, but
/// this crate makes no distinction. The most common way to unset
/// the password is to use [`User::unset_passwd`].
#[derive(Debug)]
pub struct User<A> {
/// Username (login name)
pub user: String,
/// User id
pub uid: usize,
/// Group id
pub gid: usize,
/// Real name (human readable, can contain spaces)
pub name: String,
/// Home directory path
pub home: String,
/// Shell path
pub shell: String,
// Failed login delay duration
auth_delay: Duration,
#[allow(dead_code)]
auth: A,
}
impl<A: Default> User<A> {
/// Get a Command to run the user's default shell (see [`User::login_cmd`]
/// for more docs).
pub fn shell_cmd(&self) -> Command { self.login_cmd(&self.shell) }
/// Provide a login command for the user, which is any entry point for
/// starting a user's session, whether a shell (use [`User::shell_cmd`]
/// instead) or a graphical init.
///
/// The `Command` will use the user's `uid` and `gid`, its `current_dir`
/// will be set to the user's home directory, and the follwing enviroment
/// variables will be populated:
///
/// - `USER` set to the user's `user` field.
/// - `UID` set to the user's `uid` field.
/// - `GROUPS` set the user's `gid` field.
/// - `HOME` set to the user's `home` field.
/// - `SHELL` set to the user's `shell` field.
pub fn login_cmd<T>(&self, cmd: T) -> Command
where T: std::convert::AsRef<std::ffi::OsStr> + AsRef<str>
{
let mut command = Command::new(cmd);
command
.uid(self.uid as u32)
.gid(self.gid as u32)
.current_dir(&self.home)
.env("USER", &self.user)
.env("UID", format!("{}", self.uid))
.env("GROUPS", format!("{}", self.gid))
.env("HOME", &self.home)
.env("SHELL", &self.shell);
command
}
fn from_passwd_entry(s: &str, line: usize) -> Result<User<A>, Error> {
let mut parts = s.split(';');
let user = parts
.next()
.ok_or(parse_error(line, "expected user"))?;
let uid = parts
.next()
.ok_or(parse_error(line, "expected uid"))?
.parse::<usize>()?;
let gid = parts
.next()
.ok_or(parse_error(line, "expected uid"))?
.parse::<usize>()?;
let name = parts
.next()
.ok_or(parse_error(line, "expected real name"))?;
let home = parts
.next()
.ok_or(parse_error(line, "expected home dir path"))?;
let shell = parts
.next()
.ok_or(parse_error(line, "expected shell path"))?;
Ok(User::<A> {
user: user.into(),
uid,
gid,
name: name.into(),
home: home.into(),
shell: shell.into(),
auth: A::default(),
auth_delay: Duration::default(),
})
}
}
#[cfg(feature = "auth")]
impl User<auth::Full> {
/// Set the password for a user. Make **sure** that `password`
/// is actually what the user wants as their password (this doesn't).
///
/// To set the password blank, pass `""` as `password`.
///
/// Note that `password` is taken as a reference, so it is up to the caller
/// to properly zero sensitive memory (see `zeroize` on crates.io).
pub fn set_passwd(&mut self, password: impl AsRef<str>) -> Result<(), Error> {
self.auth = auth::Full::passwd(password.as_ref())?;
Ok(())
}
/// Unset the password ([`User::verify_passwd`] always returns `false`).
pub fn unset_passwd(&mut self) {
self.auth = auth::Full::unset();
}
/// Verify the password. If the hash is empty, this only returns `true` if
/// `password` is also empty.
///
/// Note that this is a blocking operation if the password is incorrect.
/// See [`Config::auth_delay`] to set the wait time. Default is 3 seconds.
///
/// Note that `password` is taken as a reference, so it is up to the caller
/// to properly zero sensitive memory (see `zeroize` on crates.io).
pub fn verify_passwd(&self, password: impl AsRef<str>) -> bool {
let verified = self.auth.verify(password.as_ref());
if !verified {
#[cfg(not(test))] // Make tests run faster
thread::sleep(self.auth_delay);
}
verified
}
/// Determine if the hash for the password is blank ([`User::verify_passwd`]
/// returns `true` *only* when the password is blank).
pub fn is_passwd_blank(&self) -> bool {
self.auth.is_empty()
}
/// Determine if the hash for the password is unset
/// ([`User::verify_passwd`] returns `false` regardless of input).
pub fn is_passwd_unset(&self) -> bool {
self.auth.is_unset()
}
/// Format this user as an entry in `/etc/passwd`.
fn passwd_entry(&self) -> Result<String, Error> {
if !is_safe_string(&self.user) {
Err(Error::InvalidName { name: self.user.to_string() })
} else if !is_safe_string(&self.name) {
Err(Error::InvalidData { data: self.name.to_string() })
} else if !is_safe_string(&self.home) {
Err(Error::InvalidData { data: self.home.to_string() })
} else if !is_safe_string(&self.shell) {
Err(Error::InvalidData { data: self.shell.to_string() })
} else {
#[cfg_attr(rustfmt, rustfmt_skip)]
Ok(format!("{};{};{};{};{};{}\n",
self.user, self.uid, self.gid, self.name, self.home, self.shell
))
}
}
fn shadow_entry(&self) -> Result<String, Error> {
if !is_safe_string(&self.user) {
Err(Error::InvalidName { name: self.user.to_string() })
} else {
Ok(format!("{};{}\n", self.user, self.auth.hash))
}
}
}
impl<A> Name for User<A> {
fn name(&self) -> &str {
&self.user
}
}
impl<A> Id for User<A> {
fn id(&self) -> usize {
self.uid
}
}
/// A builder pattern for adding [`Group`]s to [`AllGroups`]. Fields are
/// verified when the `Group` is built, via [`AllGroups::add_group`].
///
/// # Example
/// ```
/// # use redox_users::GroupBuilder;
/// // When added, this group will use the first available group id
/// let mygroup = GroupBuilder::new("group_name");
///
/// // A little more stuff:
/// let other = GroupBuilder::new("special")
/// .gid(9055)
/// .user("some_username");
/// ```
pub struct GroupBuilder {
// Group name
group: String,
gid: Option<usize>,
users: Vec<String>,
}
impl GroupBuilder {
/// Create a new `GroupBuilder` with the given group name.
pub fn new(group: impl AsRef<str>) -> GroupBuilder {
GroupBuilder {
group: group.as_ref().to_string(),
gid: None,
users: vec![],
}
}
/// Set the group id of this group.
pub fn gid(mut self, gid: usize) -> GroupBuilder {
self.gid = Some(gid);
self
}
/// Add a user to this group. Call this function multiple times to add more
/// users.
pub fn user(mut self, user: impl AsRef<str>) -> GroupBuilder {
self.users.push(user.as_ref().to_string());
self
}
}
/// A struct representing a Redox user group.
/// Currently maps to an `/etc/group` file entry.
#[derive(Debug)]
pub struct Group {
/// Group name
pub group: String,
/// Password (unused, usually "x")
pub password: String,
/// Unique group id
pub gid: usize,
/// Group members' usernames
pub users: Vec<String>,
}
impl Group {
fn from_group_entry(s: &str, line: usize) -> Result<Group, Error> {
let mut parts = s.trim()
.split(';');
let group = parts
.next()
.ok_or(parse_error(line, "expected group"))?;
let password = parts
.next()
.ok_or(parse_error(line, "expected password"))?;
let gid = parts
.next()
.ok_or(parse_error(line, "expected gid"))?
.parse::<usize>()?;
let users_str = parts.next()
.unwrap_or("");
let users = users_str.split(',')
.filter_map(|u| if u == "" {
None
} else {
Some(u.into())
})
.collect();
Ok(Group {
group: group.into(),
password: password.into(),
gid,
users,
})
}
fn group_entry(&self) -> Result<String, Error> {
if !is_safe_string(&self.group) {
Err(Error::InvalidName { name: self.group.to_string() })
} else {
for username in self.users.iter() {
if !is_safe_string(&username) {
return Err(Error::InvalidData { data: username.to_string() });
}
}
#[cfg_attr(rustfmt, rustfmt_skip)]
Ok(format!("{};{};{};{}\n",
self.group,
self.password,
self.gid,
self.users.join(",").trim_matches(',')
))
}
}
}
impl Name for Group {
fn name(&self) -> &str {
&self.group
}
}
impl Id for Group {
fn id(&self) -> usize {
self.gid
}
}
/// Gets the current process effective user ID.
///
/// This function issues the `geteuid` system call returning the process effective
/// user id.
///
/// # Examples
///
/// Basic usage:
///
/// ```no_run
/// # use redox_users::get_euid;
/// let euid = get_euid().unwrap();
/// ```
pub fn get_euid() -> Result<usize, Error> {
libredox::call::geteuid()
.map_err(From::from)
}
/// Gets the current process real user ID.
///
/// This function issues the `getuid` system call returning the process real
/// user id.
///
/// # Examples
///
/// Basic usage:
///
/// ```no_run
/// # use redox_users::get_uid;
/// let uid = get_uid().unwrap();
/// ```
pub fn get_uid() -> Result<usize, Error> {
libredox::call::getruid()
.map_err(From::from)
}
/// Gets the current process effective group ID.
///
/// This function issues the `getegid` system call returning the process effective
/// group id.
///
/// # Examples
///
/// Basic usage:
///
/// ```no_run
/// # use redox_users::get_egid;
/// let egid = get_egid().unwrap();
/// ```
pub fn get_egid() -> Result<usize, Error> {
libredox::call::getegid()
.map_err(From::from)
}
/// Gets the current process real group ID.
///
/// This function issues the `getegid` system call returning the process real
/// group id.
///
/// # Examples
///
/// Basic usage:
///
/// ```no_run
/// # use redox_users::get_gid;
/// let gid = get_gid().unwrap();
/// ```
pub fn get_gid() -> Result<usize, Error> {
libredox::call::getrgid()
.map_err(From::from)
}
/// A generic configuration that allows fine control of an [`AllUsers`] or
/// [`AllGroups`].
///
/// `auth_delay` is not used by [`AllGroups`]
///
/// In most situations, [`Config::default`](struct.Config.html#impl-Default)
/// will work just fine. The other fields are for finer control if it is
/// required.
///
/// # Example
/// ```
/// # use redox_users::Config;
/// use std::time::Duration;
///
/// let cfg = Config::default()
/// .min_id(500)
/// .max_id(1000)
/// .auth_delay(Duration::from_secs(5));
/// ```
#[derive(Clone, Debug)]
pub struct Config {
root_fs: PathBuf,
auth_delay: Duration,
min_id: usize,
max_id: usize,
lock: Lock,
}
impl Config {
/// Set the delay for a failed authentication. Default is 3 seconds.
pub fn auth_delay(mut self, delay: Duration) -> Config {
self.auth_delay = delay;
self
}
/// Set the smallest ID possible to use when finding an unused ID.
pub fn min_id(mut self, id: usize) -> Config {
self.min_id = id;
self
}
/// Set the largest possible ID to use when finding an unused ID.
pub fn max_id(mut self, id: usize) -> Config {
self.max_id = id;
self
}
/// Set the scheme relative to which the [`AllUsers`] or [`AllGroups`]
/// should be looking for its data files. This is a compromise between
/// exposing implementation details and providing fine enough
/// control over the behavior of this API.
// FIXME rename to root_fs the next time we release a breaking change
pub fn scheme(mut self, scheme: String) -> Config {
self.root_fs = PathBuf::from(scheme);
self
}
/// Allow writes to group, passwd, and shadow files
pub fn writeable(mut self, writeable: bool) -> Config {
self.lock = if writeable {
Lock::Exclusive
} else {
Lock::Shared
};
self
}
// Prepend a path with the scheme in this Config
fn in_root_fs(&self, path: impl AsRef<Path>) -> PathBuf {
let mut canonical_path = self.root_fs.clone();
// Should be a little careful here, not sure I want this behavior
if path.as_ref().is_absolute() {
// This is nasty
canonical_path.push(path.as_ref().to_string_lossy()[1..].to_string());
} else {
canonical_path.push(path);
}
canonical_path
}
}
impl Default for Config {
/// The default root filesystem is `/`.
///
/// The default auth delay is 3 seconds.
///
/// The default min and max ids are 1000 and 6000.
fn default() -> Config {
Config {
root_fs: PathBuf::from("/"),
auth_delay: Duration::new(DEFAULT_TIMEOUT, 0),
min_id: MIN_ID,
max_id: MAX_ID,
lock: Lock::Shared,
}
}
}
// Nasty hack to prevent the compiler complaining about
// "leaking" `AllInner`
mod sealed {
use crate::Config;
pub trait Name {
fn name(&self) -> &str;
}
pub trait Id {
fn id(&self) -> usize;
}
pub trait AllInner {
// Group+User, thanks Dad
type Gruser: Name + Id;
/// These functions grab internal elements so that the other
/// methods of `All` can manipulate them.
fn list(&self) -> &Vec<Self::Gruser>;
fn list_mut(&mut self) -> &mut Vec<Self::Gruser>;
fn config(&self) -> &Config;
}
}
use sealed::{AllInner, Id, Name};
/// This trait is used to remove repetitive API items from
/// [`AllGroups`] and [`AllUsers`]. It uses a hidden trait
/// so that the implementations of functions can be implemented
/// at the trait level. Do not try to implement this trait.
pub trait All: AllInner {
/// Get an iterator borrowing all [`User`]s or [`Group`]s on the system.
fn iter(&self) -> Iter<<Self as AllInner>::Gruser> {
self.list().iter()
}
/// Get an iterator mutably borrowing all [`User`]s or [`Group`]s on the
/// system.
fn iter_mut(&mut self) -> IterMut<<Self as AllInner>::Gruser> {
self.list_mut().iter_mut()
}
/// Borrow the [`User`] or [`Group`] with a given name.
///
/// # Examples
///
/// Basic usage:
///
/// ```no_run
/// # use redox_users::{All, AllUsers, Config};
/// let users = AllUsers::basic(Config::default()).unwrap();
/// let user = users.get_by_name("root").unwrap();
/// ```
fn get_by_name(&self, name: impl AsRef<str>) -> Option<&<Self as AllInner>::Gruser> {
self.iter()
.find(|gruser| gruser.name() == name.as_ref() )
}
/// Mutable version of [`All::get_by_name`].
fn get_mut_by_name(&mut self, name: impl AsRef<str>) -> Option<&mut <Self as AllInner>::Gruser> {
self.iter_mut()
.find(|gruser| gruser.name() == name.as_ref() )
}
/// Borrow the [`User`] or [`Group`] with the given ID.
///
/// # Examples
///
/// Basic usage:
///
/// ```no_run
/// # use redox_users::{All, AllUsers, Config};
/// let users = AllUsers::basic(Config::default()).unwrap();
/// let user = users.get_by_id(0).unwrap();
/// ```
fn get_by_id(&self, id: usize) -> Option<&<Self as AllInner>::Gruser> {
self.iter()
.find(|gruser| gruser.id() == id )
}
/// Mutable version of [`All::get_by_id`].
fn get_mut_by_id(&mut self, id: usize) -> Option<&mut <Self as AllInner>::Gruser> {
self.iter_mut()
.find(|gruser| gruser.id() == id )
}
/// Provides an unused id based on the min and max values in the [`Config`]
/// passed to the `All`'s constructor.
///
/// # Examples
///
/// ```no_run
/// # use redox_users::{All, AllUsers, Config};
/// let users = AllUsers::basic(Config::default()).unwrap();
/// let uid = users.get_unique_id().expect("no available uid");
/// ```
fn get_unique_id(&self) -> Option<usize> {
for id in self.config().min_id..self.config().max_id {
if !self.iter().any(|gruser| gruser.id() == id ) {
return Some(id)
}
}
None
}
/// Remove a [`User`] or [`Group`] from this `All` given it's name. If the
/// Gruser was removed return `true`, else return `false`. This ensures
/// that the Gruser no longer exists.
fn remove_by_name(&mut self, name: impl AsRef<str>) -> bool {
let list = self.list_mut();
let indx = list.iter()
.enumerate()
.find_map(|(indx, gruser)| if gruser.name() == name.as_ref() {
Some(indx)
} else {
None
});
if let Some(indx) = indx {
list.remove(indx);
true
} else {
false
}
}
/// Id version of [`All::remove_by_name`].
fn remove_by_id(&mut self, id: usize) -> bool {
let list = self.list_mut();
let indx = list.iter()
.enumerate()
.find_map(|(indx, gruser)| if gruser.id() == id {
Some(indx)
} else {
None
});
if let Some(indx) = indx {
list.remove(indx);
true
} else {
false
}
}
}
/// `AllUsers` provides (borrowed) access to all the users on the system.
/// Note that this struct implements [`All`] for all of its access functions.
///
/// # Notes
/// Note that everything in this section also applies to [`AllGroups`].
///
/// * If you mutate anything owned by an `AllUsers`, you must call the
/// [`AllUsers::save`] in order for those changes to be applied to the system.
/// * The API here is kept small. Most mutating actions can be accomplished via
/// the [`All::get_mut_by_id`] and [`All::get_mut_by_name`]
/// functions.
#[derive(Debug)]
pub struct AllUsers<A> {
users: Vec<User<A>>,
config: Config,
// Hold on to the locked fds to prevent race conditions
#[allow(dead_code)]
passwd_fd: File,
#[allow(dead_code)]
shadow_fd: Option<File>,
}
impl<A: Default> AllUsers<A> {
pub fn new(config: Config) -> Result<AllUsers<A>, Error> {
let mut passwd_fd = locked_file(config.in_root_fs(PASSWD_FILE), config.lock)?;
let mut passwd_cntnt = String::new();
passwd_fd.read_to_string(&mut passwd_cntnt)?;
let mut passwd_entries = Vec::new();
for (indx, line) in passwd_cntnt.lines().enumerate() {
let mut user = User::from_passwd_entry(line, indx)?;
user.auth_delay = config.auth_delay;
passwd_entries.push(user);
}
Ok(AllUsers::<A> {
users: passwd_entries,
config,
passwd_fd,
shadow_fd: None,
})
}
}
impl AllUsers<auth::Basic> {
/// Provide access to all user information on the system except
/// authentication. This is adequate for almost all uses of `AllUsers`.
pub fn basic(config: Config) -> Result<AllUsers<auth::Basic>, Error> {
Self::new(config)
}
}
#[cfg(feature = "auth")]
impl AllUsers<auth::Full> {
/// If access to password related methods for the [`User`]s yielded by this
/// `AllUsers` is required, use this constructor.
pub fn authenticator(config: Config) -> Result<AllUsers<auth::Full>, Error> {
let mut shadow_fd = locked_file(config.in_root_fs(SHADOW_FILE), config.lock)?;
let mut shadow_cntnt = String::new();
shadow_fd.read_to_string(&mut shadow_cntnt)?;
let shadow_entries: Vec<&str> = shadow_cntnt.lines().collect();
let mut new = Self::new(config)?;
new.shadow_fd = Some(shadow_fd);
for (indx, entry) in shadow_entries.iter().enumerate() {
let mut entry = entry.split(';');
let name = entry.next().ok_or(parse_error(indx,
"error parsing shadowfile: expected username"
))?;
let hash = entry.next().ok_or(parse_error(indx,
"error parsing shadowfile: expected hash"
))?;
new.users
.iter_mut()
.find(|user| user.user == name)
.ok_or(parse_error(indx,
"error parsing shadowfile: unkown user"
))?.auth.hash = hash.to_string();
}
shadow_cntnt.zeroize();
Ok(new)
}
/// Consumes a builder, adding a new user to this `AllUsers`. Returns a
/// reference to the created user.
///
/// Make sure to call [`AllUsers::save`] in order for the new user to be
/// applied to the system.
///
/// Note that the user's password is set unset (see
/// [Unset vs Blank Passwords](struct.User.html#unset-vs-blank-passwords))
/// during this call.
///
/// Also note that the user is not added to any groups when this builder is
/// consumed. In order to keep the system in a consistent state, it is
/// reccomended to also use an instance of [`AllGroups`] to update group
/// information when creating new users.
///
/// # Defaults
/// Fields not passed to the builder before calling this function are as
/// follows:
/// - `uid`: [`AllUsers::get_unique_id`] is called on self to get the next
/// available id.
/// - `gid`: `99`. This is the default UID for the group `nobody`. Note
/// that the user is NOT added to this group in `/etc/groups`.
/// - `name`: The login name passed to [`UserBuilder::new`].
/// - `home`: `"/"`
/// - `shell`: `file:/bin/ion`
pub fn add_user(&mut self, builder: UserBuilder) -> Result<&User<auth::Full>, Error> {
if !is_valid_name(&builder.user) {
return Err(Error::InvalidName { name: builder.user });
}
let uid = builder.uid.unwrap_or_else(||
self.get_unique_id()
.expect("no remaining unused user ids")
);
if self.iter().any(|user| user.user == builder.user || user.uid == uid) {
Err(Error::UserAlreadyExists)
} else {
self.users.push(User {
user: builder.user.clone(),
uid,
gid: builder.gid.unwrap_or(99),
name: builder.name.unwrap_or(builder.user),
home: builder.home.unwrap_or("/".to_string()),
shell: builder.shell.unwrap_or("file:/bin/ion".to_string()),
auth: auth::Full::unset(),
auth_delay: self.config.auth_delay
});
Ok(&self.users[self.users.len() - 1])
}
}
/// Syncs the data stored in the `AllUsers` instance to the filesystem.
/// To apply changes to the system from an `AllUsers`, you MUST call this
/// function!
pub fn save(&mut self) -> Result<(), Error> {
let mut userstring = String::new();
// Need to be careful to prevent allocations here so that
// shadowstring can be zeroed when this process is complete.
// 1 is suppossedly parallelism, not sure exactly what this means.
// 16 is the max length of a u64, which is used as the salt.
// 2 accounts for the semicolon separator and newline
let acfg = argon2::Config::default();
let argon_len = argon2::encoded_len(
acfg.variant, acfg.mem_cost, acfg.time_cost,
1, 16, acfg.hash_length) as usize;
let mut shadowstring = String::with_capacity(
self.users.len() * (USERNAME_LEN_MAX + argon_len + 2)
);
for user in &self.users {
userstring.push_str(&user.passwd_entry()?);
let mut shadow_entry = user.shadow_entry()?;
shadowstring.push_str(&shadow_entry);
shadow_entry.zeroize();
}
let mut shadow_fd = self.shadow_fd.as_mut()
.expect("shadow_fd should exist for AllUsers<auth::Full>");
reset_file(&mut self.passwd_fd)?;
self.passwd_fd.write_all(userstring.as_bytes())?;
reset_file(&mut shadow_fd)?;
shadow_fd.write_all(shadowstring.as_bytes())?;
shadowstring.zeroize();
Ok(())
}
}
impl<A> AllInner for AllUsers<A> {
type Gruser = User<A>;
fn list(&self) -> &Vec<Self::Gruser> {
&self.users
}
fn list_mut(&mut self) -> &mut Vec<Self::Gruser> {
&mut self.users
}
fn config(&self) -> &Config {
&self.config
}
}
impl<A> All for AllUsers<A> {}
/*
#[cfg(not(target_os = "redox"))]
impl<A> Drop for AllUsers<A> {
fn drop(&mut self) {
eprintln!("Dropping AllUsers");
let _ = flock(self.passwd_fd.as_raw_fd(), FlockArg::Unlock);
if let Some(fd) = self.shadow_fd.as_ref() {
eprintln!("Shadow");
let _ = flock(fd.as_raw_fd(), FlockArg::Unlock);
}
}
}
*/
/// `AllGroups` provides (borrowed) access to all groups on the system. Note
/// that this struct implements [`All`] for all of its access functions.
///
/// General notes that also apply to this struct may be found with
/// [`AllUsers`].
#[derive(Debug)]
pub struct AllGroups {
groups: Vec<Group>,
config: Config,
group_fd: File,
}
impl AllGroups {
/// Create a new `AllGroups`.
pub fn new(config: Config) -> Result<AllGroups, Error> {
let mut group_fd = locked_file(config.in_root_fs(GROUP_FILE), config.lock)?;
let mut group_cntnt = String::new();
group_fd.read_to_string(&mut group_cntnt)?;
let mut entries: Vec<Group> = Vec::new();
for (indx, line) in group_cntnt.lines().enumerate() {
let group = Group::from_group_entry(line, indx)?;
entries.push(group);
}
Ok(AllGroups {
groups: entries,
config,
group_fd,
})
}
/// Consumes a builder, adding a new group to this `AllGroups`. Returns a
/// reference to the created `Group`.
///
/// Make sure to call [`AllGroups::save`] in order for the new group to be
/// applied to the system.
///
/// # Defaults
/// If a builder is not passed a group id ([`GroupBuilder::gid`]) before
/// being passed to this function, [`AllGroups::get_unique_id`] is used.
///
/// If the builder is not passed any users ([`GroupBuilder::user`]), the
/// group will still be created.
pub fn add_group(&mut self, builder: GroupBuilder) -> Result<&Group, Error> {
let group_exists = self.iter()
.any(|group| {
let gid_taken = if let Some(gid) = builder.gid {
group.gid == gid
} else {
false
};
group.group == builder.group || gid_taken
});
if group_exists {
Err(Error::GroupAlreadyExists)
} else if !is_valid_name(&builder.group) {
Err(Error::InvalidName { name: builder.group })
} else {
for username in builder.users.iter() {
if !is_valid_name(username) {
return Err(Error::InvalidName { name: username.to_string() });
}
}
self.groups.push(Group {
group: builder.group,
password: "x".into(),
gid: builder.gid.unwrap_or_else(||
self.get_unique_id()
.expect("no remaining unused group IDs")
),
users: builder.users,
});
Ok(&self.groups[self.groups.len() - 1])
}
}
/// Syncs the data stored in this `AllGroups` instance to the filesystem.
/// To apply changes from an `AllGroups`, you MUST call this function!
pub fn save(&mut self) -> Result<(), Error> {
let mut groupstring = String::new();
for group in &self.groups {
groupstring.push_str(&group.group_entry()?);
}
reset_file(&mut self.group_fd)?;
self.group_fd.write_all(groupstring.as_bytes())?;
Ok(())
}
}
impl AllInner for AllGroups {
type Gruser = Group;
fn list(&self) -> &Vec<Self::Gruser> {
&self.groups
}
fn list_mut(&mut self) -> &mut Vec<Self::Gruser> {
&mut self.groups
}
fn config(&self) -> &Config {
&self.config
}
}
impl All for AllGroups {}
/*
#[cfg(not(target_os = "redox"))]
impl Drop for AllGroups {
fn drop(&mut self) {
eprintln!("Dropping AllGroups");
let _ = flock(self.group_fd.as_raw_fd(), FlockArg::Unlock);
}
}*/
#[cfg(test)]
mod test {
use super::*;
const TEST_PREFIX: &'static str = "tests";
/// Needed for the file checks, this is done by the library
fn test_prefix(filename: &str) -> String {
let mut complete = String::from(TEST_PREFIX);
complete.push_str(filename);
complete
}
#[test]
fn test_safe_string() {
assert!(is_safe_string("Hello\\$!"));
assert!(!is_safe_string("semicolons are awesome; yeah!"));
}
#[test]
fn test_portable_filename() {
let valid = |s| {
assert!(is_valid_name(s));
};
let invld = |s| {
assert!(!is_valid_name(s));
};
valid("valid");
valid("vld.io");
valid("hyphen-ated");
valid("under_scores");
valid("1334");
invld("-no_flgs");
invld("invalid!");
invld("also:invalid");
invld("coolie-o?");
invld("sh");
invld("avery_very_very_very_loooooooonnggg-username");
}
fn test_cfg() -> Config {
Config::default()
// Since all this really does is prepend `sheme` to the consts
.scheme(TEST_PREFIX.to_string())
.writeable(true)
}
fn read_locked_file(file: impl AsRef<Path>) -> Result<String, Error> {
let mut fd = locked_file(file, Lock::Shared)?;
let mut cntnt = String::new();
fd.read_to_string(&mut cntnt)?;
Ok(cntnt)
}
// *** struct.User ***
#[cfg(feature = "auth")]
#[test]
fn attempt_user_api() {
let mut users = AllUsers::authenticator(test_cfg()).unwrap();
let user = users.get_mut_by_id(1000).unwrap();
assert_eq!(user.is_passwd_blank(), true);
assert_eq!(user.is_passwd_unset(), false);
assert_eq!(user.verify_passwd(""), true);
assert_eq!(user.verify_passwd("Something"), false);
user.set_passwd("hi,i_am_passwd").unwrap();
assert_eq!(user.is_passwd_blank(), false);
assert_eq!(user.is_passwd_unset(), false);
assert_eq!(user.verify_passwd(""), false);
assert_eq!(user.verify_passwd("Something"), false);
assert_eq!(user.verify_passwd("hi,i_am_passwd"), true);
user.unset_passwd();
assert_eq!(user.is_passwd_blank(), false);
assert_eq!(user.is_passwd_unset(), true);
assert_eq!(user.verify_passwd(""), false);
assert_eq!(user.verify_passwd("Something"), false);
assert_eq!(user.verify_passwd("hi,i_am_passwd"), false);
user.set_passwd("").unwrap();
assert_eq!(user.is_passwd_blank(), true);
assert_eq!(user.is_passwd_unset(), false);
assert_eq!(user.verify_passwd(""), true);
assert_eq!(user.verify_passwd("Something"), false);
}
// *** struct.AllUsers ***
#[cfg(feature = "auth")]
#[test]
fn get_user() {
let users = AllUsers::authenticator(test_cfg()).unwrap();
let root = users.get_by_id(0).expect("'root' user missing");
assert_eq!(root.user, "root".to_string());
assert_eq!(root.auth.hash.as_str(),
"$argon2i$m=4096,t=10,p=1$Tnc4UVV0N00$ML9LIOujd3nmAfkAwEcSTMPqakWUF0OUiLWrIy0nGLk");
assert_eq!(root.uid, 0);
assert_eq!(root.gid, 0);
assert_eq!(root.name, "root".to_string());
assert_eq!(root.home, "file:/root".to_string());
assert_eq!(root.shell, "file:/bin/ion".to_string());
let user = users.get_by_name("user").expect("'user' user missing");
assert_eq!(user.user, "user".to_string());
assert_eq!(user.auth.hash.as_str(), "");
assert_eq!(user.uid, 1000);
assert_eq!(user.gid, 1000);
assert_eq!(user.name, "user".to_string());
assert_eq!(user.home, "file:/home/user".to_string());
assert_eq!(user.shell, "file:/bin/ion".to_string());
println!("{:?}", users);
let li = users.get_by_name("loip").expect("'loip' user missing");
println!("got loip");
assert_eq!(li.user, "loip");
assert_eq!(li.auth.hash.as_str(), "!");
assert_eq!(li.uid, 1007);
assert_eq!(li.gid, 1007);
assert_eq!(li.name, "Lorem".to_string());
assert_eq!(li.home, "file:/home/lorem".to_string());
assert_eq!(li.shell, "file:/bin/ion".to_string());
}
#[cfg(feature = "auth")]
#[test]
fn manip_user() {
let mut users = AllUsers::authenticator(test_cfg()).unwrap();
// NOT testing `get_unique_id`
let id = 7099;
let fb = UserBuilder::new("fbar")
.uid(id)
.gid(id)
.name("Foo Bar")
.home("/home/foob")
.shell("/bin/zsh");
users
.add_user(fb)
.expect("failed to add user 'fbar'");
// weirdo ^^^^^^^^ :P
users.save().unwrap();
let p_file_content = read_locked_file(test_prefix(PASSWD_FILE)).unwrap();
assert_eq!(
p_file_content,
concat!(
"root;0;0;root;file:/root;file:/bin/ion\n",
"user;1000;1000;user;file:/home/user;file:/bin/ion\n",
"loip;1007;1007;Lorem;file:/home/lorem;file:/bin/ion\n",
"fbar;7099;7099;Foo Bar;/home/foob;/bin/zsh\n"
)
);
let s_file_content = read_locked_file(test_prefix(SHADOW_FILE)).unwrap();
assert_eq!(s_file_content, concat!(
"root;$argon2i$m=4096,t=10,p=1$Tnc4UVV0N00$ML9LIOujd3nmAfkAwEcSTMPqakWUF0OUiLWrIy0nGLk\n",
"user;\n",
"loip;!\n",
"fbar;!\n"
));
{
println!("{:?}", users);
let fb = users.get_mut_by_name("fbar")
.expect("'fbar' user missing");
fb.shell = "/bin/fish".to_string(); // That's better
fb.set_passwd("").unwrap();
}
users.save().unwrap();
let p_file_content = read_locked_file(test_prefix(PASSWD_FILE)).unwrap();
assert_eq!(
p_file_content,
concat!(
"root;0;0;root;file:/root;file:/bin/ion\n",
"user;1000;1000;user;file:/home/user;file:/bin/ion\n",
"loip;1007;1007;Lorem;file:/home/lorem;file:/bin/ion\n",
"fbar;7099;7099;Foo Bar;/home/foob;/bin/fish\n"
)
);
let s_file_content = read_locked_file(test_prefix(SHADOW_FILE)).unwrap();
assert_eq!(s_file_content, concat!(
"root;$argon2i$m=4096,t=10,p=1$Tnc4UVV0N00$ML9LIOujd3nmAfkAwEcSTMPqakWUF0OUiLWrIy0nGLk\n",
"user;\n",
"loip;!\n",
"fbar;\n"
));
users.remove_by_id(id);
users.save().unwrap();
let file_content = read_locked_file(test_prefix(PASSWD_FILE)).unwrap();
assert_eq!(
file_content,
concat!(
"root;0;0;root;file:/root;file:/bin/ion\n",
"user;1000;1000;user;file:/home/user;file:/bin/ion\n",
"loip;1007;1007;Lorem;file:/home/lorem;file:/bin/ion\n"
)
);
}
/* struct.Group */
#[test]
fn empty_groups() {
let group_trailing = Group::from_group_entry("nobody;x;2066; ", 0).unwrap();
assert_eq!(group_trailing.users.len(), 0);
let group_no_trailing = Group::from_group_entry("nobody;x;2066;", 0).unwrap();
assert_eq!(group_no_trailing.users.len(), 0);
assert_eq!(group_trailing.group, group_no_trailing.group);
assert_eq!(group_trailing.gid, group_no_trailing.gid);
assert_eq!(group_trailing.users, group_no_trailing.users);
}
/* struct.AllGroups */
#[test]
fn get_group() {
let groups = AllGroups::new(test_cfg()).unwrap();
let user = groups.get_by_name("user").unwrap();
assert_eq!(user.group, "user");
assert_eq!(user.gid, 1000);
assert_eq!(user.users, vec!["user"]);
let wheel = groups.get_by_id(1).unwrap();
assert_eq!(wheel.group, "wheel");
assert_eq!(wheel.gid, 1);
assert_eq!(wheel.users, vec!["user", "root"]);
}
#[test]
fn manip_group() {
let id = 7099;
let mut groups = AllGroups::new(test_cfg()).unwrap();
let fb = GroupBuilder::new("fbar")
// NOT testing `get_unique_id`
.gid(id)
.user("fbar");
groups.add_group(fb).unwrap();
groups.save().unwrap();
let file_content = read_locked_file(test_prefix(GROUP_FILE)).unwrap();
assert_eq!(
file_content,
concat!(
"root;x;0;root\n",
"user;x;1000;user\n",
"wheel;x;1;user,root\n",
"loip;x;1007;loip\n",
"fbar;x;7099;fbar\n"
)
);
{
let fb = groups.get_mut_by_name("fbar").unwrap();
fb.users.push("user".to_string());
}
groups.save().unwrap();
let file_content = read_locked_file(test_prefix(GROUP_FILE)).unwrap();
assert_eq!(
file_content,
concat!(
"root;x;0;root\n",
"user;x;1000;user\n",
"wheel;x;1;user,root\n",
"loip;x;1007;loip\n",
"fbar;x;7099;fbar,user\n"
)
);
groups.remove_by_id(id);
groups.save().unwrap();
let file_content = read_locked_file(test_prefix(GROUP_FILE)).unwrap();
assert_eq!(
file_content,
concat!(
"root;x;0;root\n",
"user;x;1000;user\n",
"wheel;x;1;user,root\n",
"loip;x;1007;loip\n"
)
);
}
#[test]
fn empty_group() {
let mut groups = AllGroups::new(test_cfg()).unwrap();
let nobody = GroupBuilder::new("nobody")
.gid(2260);
groups.add_group(nobody).unwrap();
groups.save().unwrap();
let file_content = read_locked_file(test_prefix(GROUP_FILE)).unwrap();
assert_eq!(
file_content,
concat!(
"root;x;0;root\n",
"user;x;1000;user\n",
"wheel;x;1;user,root\n",
"loip;x;1007;loip\n",
"nobody;x;2260;\n",
)
);
drop(groups);
let mut groups = AllGroups::new(test_cfg()).unwrap();
groups.remove_by_name("nobody");
groups.save().unwrap();
let file_content = read_locked_file(test_prefix(GROUP_FILE)).unwrap();
assert_eq!(
file_content,
concat!(
"root;x;0;root\n",
"user;x;1000;user\n",
"wheel;x;1;user,root\n",
"loip;x;1007;loip\n"
)
);
}
// *** Misc ***
#[test]
fn users_get_unused_ids() {
let users = AllUsers::basic(test_cfg()).unwrap();
let id = users.get_unique_id().unwrap();
if id < users.config.min_id || id > users.config.max_id {
panic!("User ID is not between allowed margins")
} else if let Some(_) = users.get_by_id(id) {
panic!("User ID is used!");
}
}
#[test]
fn groups_get_unused_ids() {
let groups = AllGroups::new(test_cfg()).unwrap();
let id = groups.get_unique_id().unwrap();
if id < groups.config.min_id || id > groups.config.max_id {
panic!("Group ID is not between allowed margins")
} else if let Some(_) = groups.get_by_id(id) {
panic!("Group ID is used!");
}
}
}