ALR/internal/utils/cmd.go

// ALR - Any Linux Repository
// Copyright (C) 2025 Евгений Храмов
//
// This program is free software: you can redistribute it and/or modify
// it under the terms of the GNU General Public License as published by
// the Free Software Foundation, either version 3 of the License, or
// (at your option) any later version.
//
// This program is distributed in the hope that it will be useful,
// but WITHOUT ANY WARRANTY; without even the implied warranty of
// MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the
// GNU General Public License for more details.
//
// You should have received a copy of the GNU General Public License
// along with this program.  If not, see <http://www.gnu.org/licenses/>.

package utils

import (
	"errors"
	"os"
	"os/user"
	"strconv"
	"syscall"

	"github.com/leonelquinteros/gotext"
	"github.com/urfave/cli/v2"

	"gitea.plemya-x.ru/Plemya-x/ALR/internal/cliutils"
	"gitea.plemya-x.ru/Plemya-x/ALR/internal/constants"
)

func GetUidGidAlrUserString() (string, string, error) {
	u, err := user.Lookup("alr")
	if err != nil {
		return "", "", err
	}

	return u.Uid, u.Gid, nil
}

func GetUidGidAlrUser() (int, int, error) {
	strUid, strGid, err := GetUidGidAlrUserString()
	if err != nil {
		return 0, 0, err
	}

	uid, err := strconv.Atoi(strUid)
	if err != nil {
		return 0, 0, err
	}
	gid, err := strconv.Atoi(strGid)
	if err != nil {
		return 0, 0, err
	}

	return uid, gid, nil
}

func DropCapsToAlrUser() error {
	uid, gid, err := GetUidGidAlrUser()
	if err != nil {
		return err
	}
	err = syscall.Setgid(gid)
	if err != nil {
		return err
	}
	err = syscall.Setuid(uid)
	if err != nil {
		return err
	}
	return EnuseIsAlrUser()
}

func ExitIfCantDropCapsToAlrUser() cli.ExitCoder {
	err := DropCapsToAlrUser()
	if err != nil {
		return cliutils.FormatCliExit(gotext.Get("Error dropping capabilities"), err)
	}
	return nil
}

func ExitIfNotRoot() error {
	if os.Getuid() != 0 {
		return cli.Exit(gotext.Get("You need to be root to perform this action"), 1)
	}
	return nil
}

func EnuseIsAlrUser() error {
	uid, gid, err := GetUidGidAlrUser()
	if err != nil {
		return err
	}
	newUid := syscall.Getuid()
	if newUid != uid {
		return errors.New("new uid don't matches requested")
	}
	newGid := syscall.Getgid()
	if newGid != gid {
		return errors.New("new gid don't matches requested")
	}
	return nil
}

func EnuseIsPrivilegedGroupMember() error {
	currentUser, err := user.Current()
	if err != nil {
		return err
	}

	group, err := user.LookupGroup(constants.PrivilegedGroup)
	if err != nil {
		return err
	}

	groups, err := currentUser.GroupIds()
	if err != nil {
		return err
	}

	for _, gid := range groups {
		if gid == group.Gid {
			return nil
		}
	}
	return cliutils.FormatCliExit(gotext.Get("You need to be a %s member to perform this action", constants.PrivilegedGroup), nil)
}

func EscalateToRootGid() error {
	return syscall.Setgid(0)
}

func EscalateToRootUid() error {
	return syscall.Setuid(0)
}

func EscalateToRoot() error {
	err := EscalateToRootUid()
	if err != nil {
		return err
	}
	err = EscalateToRootGid()
	if err != nil {
		return err
	}
	return nil
}