forked from Plemya-x/ALR
feat: migrate to system cache with changing core logic
This commit is contained in:
186
internal/utils/cmd.go
Normal file
186
internal/utils/cmd.go
Normal file
@ -0,0 +1,186 @@
|
||||
// ALR - Any Linux Repository
|
||||
// Copyright (C) 2025 Евгений Храмов
|
||||
//
|
||||
// This program is free software: you can redistribute it and/or modify
|
||||
// it under the terms of the GNU General Public License as published by
|
||||
// the Free Software Foundation, either version 3 of the License, or
|
||||
// (at your option) any later version.
|
||||
//
|
||||
// This program is distributed in the hope that it will be useful,
|
||||
// but WITHOUT ANY WARRANTY; without even the implied warranty of
|
||||
// MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
|
||||
// GNU General Public License for more details.
|
||||
//
|
||||
// You should have received a copy of the GNU General Public License
|
||||
// along with this program. If not, see <http://www.gnu.org/licenses/>.
|
||||
|
||||
package utils
|
||||
|
||||
import (
|
||||
"errors"
|
||||
"os"
|
||||
"os/user"
|
||||
"strconv"
|
||||
"syscall"
|
||||
|
||||
"github.com/leonelquinteros/gotext"
|
||||
"github.com/urfave/cli/v2"
|
||||
|
||||
"gitea.plemya-x.ru/Plemya-x/ALR/internal/cliutils"
|
||||
"gitea.plemya-x.ru/Plemya-x/ALR/internal/constants"
|
||||
)
|
||||
|
||||
func GetUidGidAlrUserString() (string, string, error) {
|
||||
u, err := user.Lookup("alr")
|
||||
if err != nil {
|
||||
return "", "", err
|
||||
}
|
||||
|
||||
return u.Uid, u.Gid, nil
|
||||
}
|
||||
|
||||
func GetUidGidAlrUser() (int, int, error) {
|
||||
strUid, strGid, err := GetUidGidAlrUserString()
|
||||
if err != nil {
|
||||
return 0, 0, err
|
||||
}
|
||||
|
||||
uid, err := strconv.Atoi(strUid)
|
||||
if err != nil {
|
||||
return 0, 0, err
|
||||
}
|
||||
gid, err := strconv.Atoi(strGid)
|
||||
if err != nil {
|
||||
return 0, 0, err
|
||||
}
|
||||
|
||||
return uid, gid, nil
|
||||
}
|
||||
|
||||
func DropCapsToAlrUser() error {
|
||||
uid, gid, err := GetUidGidAlrUser()
|
||||
if err != nil {
|
||||
return err
|
||||
}
|
||||
err = syscall.Setgid(gid)
|
||||
if err != nil {
|
||||
return err
|
||||
}
|
||||
err = syscall.Setuid(uid)
|
||||
if err != nil {
|
||||
return err
|
||||
}
|
||||
return EnsureIsAlrUser()
|
||||
}
|
||||
|
||||
func ExitIfCantDropGidToAlr() cli.ExitCoder {
|
||||
_, gid, err := GetUidGidAlrUser()
|
||||
if err != nil {
|
||||
return cliutils.FormatCliExit("cannot get gid alr", err)
|
||||
}
|
||||
err = syscall.Setgid(gid)
|
||||
if err != nil {
|
||||
return cliutils.FormatCliExit("cannot get setgid alr", err)
|
||||
}
|
||||
return nil
|
||||
}
|
||||
|
||||
// ExitIfCantDropCapsToAlrUser attempts to drop capabilities to the already
|
||||
// running user. Returns a cli.ExitCoder with an error if the operation fails.
|
||||
// See also [ExitIfCantDropCapsToAlrUserNoPrivs] for a version that also applies
|
||||
// no-new-privs.
|
||||
func ExitIfCantDropCapsToAlrUser() cli.ExitCoder {
|
||||
err := DropCapsToAlrUser()
|
||||
if err != nil {
|
||||
return cliutils.FormatCliExit(gotext.Get("Error dropping capabilities"), err)
|
||||
}
|
||||
return nil
|
||||
}
|
||||
|
||||
func ExitIfCantSetNoNewPrivs() cli.ExitCoder {
|
||||
if err := NoNewPrivs(); err != nil {
|
||||
return cliutils.FormatCliExit("error no new privs", err)
|
||||
}
|
||||
|
||||
return nil
|
||||
}
|
||||
|
||||
// ExitIfCantDropCapsToAlrUserNoPrivs combines [ExitIfCantDropCapsToAlrUser] with [ExitIfCantSetNoNewPrivs]
|
||||
func ExitIfCantDropCapsToAlrUserNoPrivs() cli.ExitCoder {
|
||||
if err := ExitIfCantDropCapsToAlrUser(); err != nil {
|
||||
return err
|
||||
}
|
||||
|
||||
if err := ExitIfCantSetNoNewPrivs(); err != nil {
|
||||
return err
|
||||
}
|
||||
|
||||
return nil
|
||||
}
|
||||
|
||||
func ExitIfNotRoot() error {
|
||||
if os.Getuid() != 0 {
|
||||
return cli.Exit(gotext.Get("You need to be root to perform this action"), 1)
|
||||
}
|
||||
return nil
|
||||
}
|
||||
|
||||
func EnsureIsAlrUser() error {
|
||||
uid, gid, err := GetUidGidAlrUser()
|
||||
if err != nil {
|
||||
return err
|
||||
}
|
||||
newUid := syscall.Getuid()
|
||||
if newUid != uid {
|
||||
return errors.New("new uid don't matches requested")
|
||||
}
|
||||
newGid := syscall.Getgid()
|
||||
if newGid != gid {
|
||||
return errors.New("new gid don't matches requested")
|
||||
}
|
||||
return nil
|
||||
}
|
||||
|
||||
func EnuseIsPrivilegedGroupMember() error {
|
||||
currentUser, err := user.Current()
|
||||
if err != nil {
|
||||
return err
|
||||
}
|
||||
|
||||
group, err := user.LookupGroup(constants.PrivilegedGroup)
|
||||
if err != nil {
|
||||
return err
|
||||
}
|
||||
|
||||
groups, err := currentUser.GroupIds()
|
||||
if err != nil {
|
||||
return err
|
||||
}
|
||||
|
||||
for _, gid := range groups {
|
||||
if gid == group.Gid {
|
||||
return nil
|
||||
}
|
||||
}
|
||||
return cliutils.FormatCliExit(gotext.Get("You need to be a %s member to perform this action", constants.PrivilegedGroup), nil)
|
||||
}
|
||||
|
||||
func EscalateToRootGid() error {
|
||||
return syscall.Setgid(0)
|
||||
}
|
||||
|
||||
func EscalateToRootUid() error {
|
||||
return syscall.Setuid(0)
|
||||
}
|
||||
|
||||
func EscalateToRoot() error {
|
||||
err := EscalateToRootUid()
|
||||
if err != nil {
|
||||
return err
|
||||
}
|
||||
err = EscalateToRootGid()
|
||||
if err != nil {
|
||||
return err
|
||||
}
|
||||
return nil
|
||||
}
|
||||
Reference in New Issue
Block a user