lib/privileges.nit

   1 # This file is part of NIT ( http://www.nitlanguage.org ).
   2 #
   3 # Copyright 2013 Alexis Laferrière <alexis.laf@xymus.net>
   4 #
   5 # Licensed under the Apache License, Version 2.0 (the "License");
   6 # you may not use this file except in compliance with the License.
   7 # You may obtain a copy of the License at
   8 #
   9 #     http://www.apache.org/licenses/LICENSE-2.0
  10 #
  11 # Unless required by applicable law or agreed to in writing, software
  12 # distributed under the License is distributed on an "AS IS" BASIS,
  13 # WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
  14 # See the License for the specific language governing permissions and
  15 # limitations under the License.
  16
  17 # Process privileges management utilities
  18 #
  19 # Used mainly by daemons and such to aquire resources as su and
  20 # then drop back to a restricted user.
  21 module privileges
  22
  23 import opts
  24
  25 # Class to manage user groups
  26 class UserGroup
  27
  28         # User name
  29         var user: String
  30
  31         # Group name
  32         var group: nullable String
  33
  34         # Drop privileges of a user and set his privileges back to default (program privileges)
  35         fun drop_privileges
  36         do
  37                 var passwd = new Passwd.from_name(user)
  38                 var uid = passwd.uid
  39
  40                 var group = group
  41                 var gid
  42                 if group != null then
  43                         var gpasswd = new Group.from_name(group)
  44                         gid = gpasswd.gid
  45                 else gid = passwd.gid
  46
  47                 sys.gid = gid
  48                 sys.uid = uid
  49         end
  50 end
  51
  52 # Option to ask for a username and group
  53 class OptionUserAndGroup
  54         super OptionParameter
  55
  56         redef type VALUE: nullable UserGroup
  57
  58         init for_dropping_privileges do init("Drop privileges to user:group or simply user", "-u", "--usergroup")
  59         init(help: String, names: String...) do super(help, null, names)
  60
  61         redef fun convert(str)
  62         do
  63                 var words = str.split(":")
  64                 if words.length == 1 then
  65                         return new UserGroup(str, null)
  66                 else if words.length == 2 then
  67                         return new UserGroup(words[0], words[1])
  68                 else
  69                         errors.add("Option {names.join(", ")} expected parameter in the format \"user:group\" or simply \"user\".\n")
  70                         abort # FIXME only for nitc, remove and replace with next line when FFI is working in nitg
  71                         #return null
  72                 end
  73         end
  74 end