sys_util/src/passwd.rs - platform/external/crosvm - Git at Google

 // Copyright 2017 The Chromium OS Authors. All rights reserved.
 // Use of this source code is governed by a BSD-style license that can be
 // found in the LICENSE file.

 //! Wrappers for passwd and group file access.

 use std::ffi::CStr;
 use std::mem;
 use std::ptr;

 use libc::{self, c_char, getgrnam_r, getpwnam_r, gid_t, uid_t};

 use crate::{errno_result, Result};

 /// Safe wrapper for getting a uid from a user name with `getpwnam_r(3)`.
 #[inline(always)]
 pub fn get_user_id(user_name: &CStr) -> Result<uid_t> {
     // libc::passwd is a C struct and can be safely initialized with zeroed memory.
     let mut passwd: libc::passwd = unsafe { mem::zeroed() };
     let mut passwd_result: *mut libc::passwd = ptr::null_mut();
     let mut buf = [0 as c_char; 256];

     // For thread-safety, use the reentrant version of this function. This allows us to give it a
     // buffer on the stack (instead of a global buffer). Unlike most libc functions, the return
     // value of this doesn't really need to be checked, since the extra result pointer that is
     // passed in indicates whether or not the function succeeded.
     //
     // This call is safe as long as it behaves as described in the man page. We pass in valid
     // pointers to stack-allocated buffers, and the length check for the scratch buffer is correct.
     unsafe {
         handle_eintr_rc!(getpwnam_r(
             user_name.as_ptr(),
             &mut passwd,
             buf.as_mut_ptr(),
             buf.len(),
             &mut passwd_result
         ))
     };

     if passwd_result.is_null() {
         errno_result()
     } else {
         Ok(passwd.pw_uid)
     }
 }

 /// Safe wrapper for getting a gid from a group name with `getgrnam_r(3)`.
 #[inline(always)]
 pub fn get_group_id(group_name: &CStr) -> Result<gid_t> {
     // libc::group is a C struct and can be safely initialized with zeroed memory.
     let mut group: libc::group = unsafe { mem::zeroed() };
     let mut group_result: *mut libc::group = ptr::null_mut();
     let mut buf = [0 as c_char; 256];

     // For thread-safety, use the reentrant version of this function. This allows us to give it a
     // buffer on the stack (instead of a global buffer). Unlike most libc functions, the return
     // value of this doesn't really need to be checked, since the extra result pointer that is
     // passed in indicates whether or not the function succeeded.
     //
     // This call is safe as long as it behaves as described in the man page. We pass in valid
     // pointers to stack-allocated buffers, and the length check for the scratch buffer is correct.
     unsafe {
         handle_eintr_rc!(getgrnam_r(
             group_name.as_ptr(),
             &mut group,
             buf.as_mut_ptr(),
             buf.len(),
             &mut group_result
         ))
     };

     if group_result.is_null() {
         errno_result()
     } else {
         Ok(group.gr_gid)
     }
 }

 #[cfg(test)]
 mod tests {
     use super::*;

     #[test]
     fn get_good_uid() {
         let root_name = CStr::from_bytes_with_nul(b"root\0").unwrap();

         // root's uid should always exist, and should be 0.
         let root_uid = get_user_id(root_name).unwrap();
         assert_eq!(root_uid, 0);
     }

     #[test]
     fn get_bad_uid() {
         let bad_name = CStr::from_bytes_with_nul(b"this better not be a user\0").unwrap();

         // This user should give us an error. As a cruel joke, the getpwnam(3) man page allows
         // ENOENT, ESRCH, EBADF, EPERM, or even 0 to be set in errno if a user isn't found. So
         // instead of checking which error we got, just see that we did get one.
         let bad_uid_result = get_user_id(bad_name);
         assert!(bad_uid_result.is_err());
     }

     #[test]
     fn get_good_gid() {
         let root_name = CStr::from_bytes_with_nul(b"root\0").unwrap();

         // root's gid should always exist, and should be 0.
         let root_gid = get_group_id(root_name).unwrap();
         assert_eq!(root_gid, 0);
     }

     #[test]
     fn get_bad_gid() {
         let bad_name = CStr::from_bytes_with_nul(b"this better not be a group\0").unwrap();

         // This group should give us an error. As a cruel joke, the getgrnam(3) man page allows
         // ENOENT, ESRCH, EBADF, EPERM, or even 0 to be set in errno if a group isn't found. So
         // instead of checking which error we got, just see that we did get one.
         let bad_gid_result = get_group_id(bad_name);
         assert!(bad_gid_result.is_err());
     }
 }
	// Copyright 2017 The Chromium OS Authors. All rights reserved.
	// Use of this source code is governed by a BSD-style license that can be
	// found in the LICENSE file.

	//! Wrappers for passwd and group file access.

	use std::ffi::CStr;
	use std::mem;
	use std::ptr;

	use libc::{self, c_char, getgrnam_r, getpwnam_r, gid_t, uid_t};

	use crate::{errno_result, Result};

	/// Safe wrapper for getting a uid from a user name with `getpwnam_r(3)`.
	#[inline(always)]
	pub fn get_user_id(user_name: &CStr) -> Result<uid_t> {
	// libc::passwd is a C struct and can be safely initialized with zeroed memory.
	let mut passwd: libc::passwd = unsafe { mem::zeroed() };
	let mut passwd_result: *mut libc::passwd = ptr::null_mut();
	let mut buf = [0 as c_char; 256];

	// For thread-safety, use the reentrant version of this function. This allows us to give it a
	// buffer on the stack (instead of a global buffer). Unlike most libc functions, the return
	// value of this doesn't really need to be checked, since the extra result pointer that is
	// passed in indicates whether or not the function succeeded.
	//
	// This call is safe as long as it behaves as described in the man page. We pass in valid
	// pointers to stack-allocated buffers, and the length check for the scratch buffer is correct.
	unsafe {
	handle_eintr_rc!(getpwnam_r(
	user_name.as_ptr(),
	&mut passwd,
	buf.as_mut_ptr(),
	buf.len(),
	&mut passwd_result
	))
	};

	if passwd_result.is_null() {
	errno_result()
	} else {
	Ok(passwd.pw_uid)
	}
	}

	/// Safe wrapper for getting a gid from a group name with `getgrnam_r(3)`.
	#[inline(always)]
	pub fn get_group_id(group_name: &CStr) -> Result<gid_t> {
	// libc::group is a C struct and can be safely initialized with zeroed memory.
	let mut group: libc::group = unsafe { mem::zeroed() };
	let mut group_result: *mut libc::group = ptr::null_mut();
	let mut buf = [0 as c_char; 256];

	// For thread-safety, use the reentrant version of this function. This allows us to give it a
	// buffer on the stack (instead of a global buffer). Unlike most libc functions, the return
	// value of this doesn't really need to be checked, since the extra result pointer that is
	// passed in indicates whether or not the function succeeded.
	//
	// This call is safe as long as it behaves as described in the man page. We pass in valid
	// pointers to stack-allocated buffers, and the length check for the scratch buffer is correct.
	unsafe {
	handle_eintr_rc!(getgrnam_r(
	group_name.as_ptr(),
	&mut group,
	buf.as_mut_ptr(),
	buf.len(),
	&mut group_result
	))
	};

	if group_result.is_null() {
	errno_result()
	} else {
	Ok(group.gr_gid)
	}
	}

	#[cfg(test)]
	mod tests {
	use super::*;

	#[test]
	fn get_good_uid() {
	let root_name = CStr::from_bytes_with_nul(b"root\0").unwrap();

	// root's uid should always exist, and should be 0.
	let root_uid = get_user_id(root_name).unwrap();
	assert_eq!(root_uid, 0);
	}

	#[test]
	fn get_bad_uid() {
	let bad_name = CStr::from_bytes_with_nul(b"this better not be a user\0").unwrap();

	// This user should give us an error. As a cruel joke, the getpwnam(3) man page allows
	// ENOENT, ESRCH, EBADF, EPERM, or even 0 to be set in errno if a user isn't found. So
	// instead of checking which error we got, just see that we did get one.
	let bad_uid_result = get_user_id(bad_name);
	assert!(bad_uid_result.is_err());
	}

	#[test]
	fn get_good_gid() {
	let root_name = CStr::from_bytes_with_nul(b"root\0").unwrap();

	// root's gid should always exist, and should be 0.
	let root_gid = get_group_id(root_name).unwrap();
	assert_eq!(root_gid, 0);
	}

	#[test]
	fn get_bad_gid() {
	let bad_name = CStr::from_bytes_with_nul(b"this better not be a group\0").unwrap();

	// This group should give us an error. As a cruel joke, the getgrnam(3) man page allows
	// ENOENT, ESRCH, EBADF, EPERM, or even 0 to be set in errno if a group isn't found. So
	// instead of checking which error we got, just see that we did get one.
	let bad_gid_result = get_group_id(bad_name);
	assert!(bad_gid_result.is_err());
	}
	}