WIP: rust: Add sysusers code

Prep for #49

The main thing this is starting to implement is support for "intercepting"
`useradd` etc.

Author: cgwalters

rust/Cargo.toml

@@ -13,6 +13,7 @@ glib-sys = "0.6.0"
 gio-sys = "0.6.0"
 glib = "0.5.0"
 tempfile = "3.0.3"
+clap = "~2.28"
 openat = "0.1.15"
 curl = "0.4.14"
 c_utf8 = "0.1.0"

rust/src/lib.rs

@@ -17,6 +17,7 @@
  */
 
 extern crate c_utf8;
+extern crate clap;
 extern crate curl;
 extern crate gio_sys;
 extern crate glib;
@@ -44,3 +45,5 @@ mod journal;
 pub use journal::*;
 mod utils;
 pub use utils::*;
+mod sysusers;
+pub use sysusers::*;

rust/src/sysusers.rs

@@ -0,0 +1,339 @@
+/*
+ * Copyright (C) 2018 Red Hat, Inc.
+ *
+ * This program is free software; you can redistribute it and/or modify
+ * it under the terms of the GNU General Public License as published by
+ * the Free Software Foundation; either version 2 of the License, or
+ * (at your option) any later version.
+ *
+ * This program is distributed in the hope that it will be useful,
+ * but WITHOUT ANY WARRANTY; without even the implied warranty of
+ * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
+ * GNU General Public License for more details.
+ *
+ * You should have received a copy of the GNU General Public License
+ * along with this program; if not, write to the Free Software
+ * Foundation, Inc., 51 Franklin St, Fifth Floor, Boston, MA 02110-1301 USA
+ */
+
+use clap::{App, Arg};
+use std::io;
+
+#[derive(PartialEq, Debug)]
+enum IdSpecification {
+    Unspecified,
+    Specified(u32),
+    Path(String),
+}
+
+impl IdSpecification {
+    fn parse(buf: &str) -> Result<Self, String> {
+        if buf.starts_with("/") {
+            Ok(IdSpecification::Path(buf.to_string()))
+        } else if buf == "-" {
+            Ok(IdSpecification::Unspecified)
+        } else {
+            Ok(IdSpecification::Specified(
+                buf.parse::<u32>().map_err(|e| e.to_string())?,
+            ))
+        }
+    }
+}
+
+// For now, we don't parse all of the entry data; we'd need to handle quoting
+// etc. See extract-word.c in the systemd source. All we need is the
+// user/group → {u,g}id mapping to ensure we're not creating duplicate entries.
+#[derive(PartialEq, Debug)]
+enum PartialSysuserEntry {
+    User { name: String, uid: IdSpecification },
+    Group { name: String, gid: IdSpecification },
+    GroupMember { uname: String, gname: String },
+}
+
+/// The full version that we get from `useradd`.
+#[derive(PartialEq, Debug)]
+enum SysuserEntry {
+    User {
+        name: String,
+        uid: IdSpecification,
+        gecos: Option<String>,
+        homedir: Option<String>,
+        shell: Option<String>,
+    },
+    Group {
+        name: String,
+        gid: IdSpecification,
+    },
+    GroupMember {
+        uname: String,
+        gname: String,
+    },
+}
+
+/// (Partially) parse single a single line from a sysusers.d file
+fn parse_entry(line: &str) -> Result<PartialSysuserEntry, String> {
+    let err = || { format!("Invalid sysusers entry: \"{}\"", line) };
+    let mut elts = line.split_whitespace().fuse();
+    match elts.next().ok_or_else(err)? {
+        "u" => {
+            let name = elts.next().ok_or_else(err)?.to_string();
+            let uidstr = elts.next().ok_or_else(err)?;
+            let uid = IdSpecification::parse(uidstr).map_err(|e| e.to_string())?;
+            Ok(PartialSysuserEntry::User { name, uid })
+        }
+        "g" => {
+            let name = elts.next().ok_or_else(err)?.to_string();
+            let gidstr = elts.next().ok_or_else(err)?;
+            let gid = IdSpecification::parse(gidstr).map_err(|e| e.to_string())?;
+            Ok(PartialSysuserEntry::Group { name, gid })
+        }
+        "m" => {
+            let uname = elts.next().ok_or_else(err)?.to_string();
+            let gname = elts.next().ok_or_else(err)?.to_string();
+            Ok(PartialSysuserEntry::GroupMember { uname, gname })
+        }
+        _ => Err(err())
+    }
+}
+
+/// Parse a sysusers.d file (as a stream)
+fn parse<I: io::BufRead>(stream: I) -> Result<Vec<PartialSysuserEntry>, String> {
+    let mut res = Vec::new();
+    for line in stream.lines() {
+        let line = line.map_err(|e| e.to_string())?;
+        if line.starts_with("#") || line.is_empty() {
+            continue;
+        }
+        res.push(parse_entry(&line)?);
+    }
+    Ok(res)
+}
+
+#[derive(PartialEq, Debug)]
+struct UseraddInvocation {
+    user: SysuserEntry,
+    groups: Vec<String>,
+}
+
+fn useradd<'a, I>(args: I) -> Result<UseraddInvocation, String>
+where
+    I: IntoIterator<Item = &'a str>,
+{
+    let app = App::new("useradd")
+        .version("0.1")
+        .about("rpm-ostree useradd wrapper")
+        .arg(Arg::with_name("system").short("r"))
+        .arg(Arg::with_name("uid").short("u").takes_value(true))
+        .arg(Arg::with_name("gid").short("g").takes_value(true))
+        .arg(Arg::with_name("groups").short("G").takes_value(true))
+        .arg(Arg::with_name("home-dir").short("d").takes_value(true))
+        .arg(Arg::with_name("comment").short("c").takes_value(true))
+        .arg(Arg::with_name("shell").short("s").takes_value(true))
+        .arg(Arg::with_name("username").takes_value(true).required(true));
+    let matches = app.get_matches_from(args);
+
+    let mut uid = IdSpecification::Unspecified;
+    if let Some(ref uidstr) = matches.value_of("uid") {
+        uid = IdSpecification::Specified(uidstr.parse::<u32>().map_err(|e| e.to_string())?);
+    }
+    let name = matches.value_of("username").unwrap().to_string();
+    let gecos = matches.value_of("comment").map(|s| s.to_string());
+    let homedir = matches.value_of("home-dir").map(|s| s.to_string());
+    let shell = matches.value_of("shell").map(|s| s.to_string());
+
+    let mut groups = vec![];
+    if let Some(gname) = matches.value_of("gid") {
+        groups.push(gname.to_string());
+    }
+    if let Some(gnames) = matches.value_of("groups") {
+        for gname in gnames.split(",") {
+            groups.push(gname.to_string());
+        }
+    }
+    if groups.is_empty() {
+        groups.push(name.clone())
+    }
+    Ok(UseraddInvocation {
+        user: SysuserEntry::User {
+            name,
+            uid,
+            gecos,
+            homedir,
+            shell,
+        },
+        groups: groups,
+    })
+}
+
+fn groupadd<'a, I>(args: I) -> Result<SysuserEntry, String>
+where
+    I: IntoIterator<Item = &'a str>,
+{
+    let app = App::new("useradd")
+        .version("0.1")
+        .about("rpm-ostree groupadd wrapper")
+        .arg(Arg::with_name("system").short("r"))
+        .arg(Arg::with_name("gid").short("g").takes_value(true))
+        .arg(Arg::with_name("groupname").takes_value(true).required(true));
+    let matches = app.get_matches_from(args);
+
+    let mut gid = IdSpecification::Unspecified;
+    if let Some(ref gidstr) = matches.value_of("gid") {
+        gid = IdSpecification::Specified(gidstr.parse::<u32>().map_err(|e| e.to_string())?);
+    }
+    let name = matches.value_of("groupname").unwrap().to_string();
+    Ok(SysuserEntry::Group { name, gid })
+}
+
+#[cfg(test)]
+mod tests {
+    use super::*;
+
+    // from "man sysusers.d"
+    static SYSUSERS1: &str = r###"
+u     httpd    404            "HTTP User"
+u     authd    /usr/bin/authd "Authorization user"
+u     postgres -              "Postgresql Database" /var/lib/pgsql /usr/libexec/postgresdb
+g     input    -              -
+m     authd    input
+u     root     0              "Superuser"           /root          /bin/zsh
+"###;
+
+    #[test]
+    fn test_parse() {
+        let buf = io::BufReader::new(SYSUSERS1.as_bytes());
+        let r = parse(buf).unwrap();
+        assert_eq!(
+            r[0],
+            PartialSysuserEntry::User {
+                name: "httpd".to_string(),
+                uid: IdSpecification::Specified(404)
+            }
+        );
+        assert_eq!(
+            r[1],
+            PartialSysuserEntry::User {
+                name: "authd".to_string(),
+                uid: IdSpecification::Path("/usr/bin/authd".to_string())
+            }
+        );
+        assert_eq!(
+            r[2],
+            PartialSysuserEntry::User {
+                name: "postgres".to_string(),
+                uid: IdSpecification::Unspecified
+            }
+        );
+        assert_eq!(
+            r[3],
+            PartialSysuserEntry::Group {
+                name: "input".to_string(),
+                gid: IdSpecification::Unspecified
+            }
+        );
+        assert_eq!(
+            r[4],
+            PartialSysuserEntry::GroupMember {
+                uname: "authd".to_string(),
+                gname: "input".to_string()
+            }
+        );
+        assert_eq!(
+            r[5],
+            PartialSysuserEntry::User {
+                name: "root".to_string(),
+                uid: IdSpecification::Specified(0)
+            }
+        );
+    }
+
+    #[test]
+    fn test_useradd_basics() {
+        assert_eq!(
+            useradd(
+                vec![
+                    "useradd",
+                    "-c",
+                    "Wesnoth server",
+                    "-s",
+                    "/sbin/nologin",
+                    "-r",
+                    "-d",
+                    "/var/run/wesnothd",
+                    "wesnothd"
+                ].iter()
+                .map(|v| *v)
+            ).unwrap(),
+            UseraddInvocation {
+                user: SysuserEntry::User {
+                    name: "wesnothd".to_string(),
+                    uid: IdSpecification::Unspecified,
+                    gecos: Some("Wesnoth server".to_string()),
+                    shell: Some("/sbin/nologin".to_string()),
+                    homedir: Some("/var/run/wesnothd".to_string()),
+                },
+                groups: vec!["wesnothd".to_string()],
+            }
+        );
+        assert_eq!(
+            useradd(
+                vec![
+                    "useradd",
+                    "-r",
+                    "-u",
+                    "59",
+                    "-g",
+                    "tss",
+                    "-d",
+                    "/dev/null",
+                    "-s",
+                    "/sbin/nologin",
+                    "-c",
+                    "comment",
+                    "tss"
+                ].iter()
+                .map(|v| *v)
+            ).unwrap(),
+            UseraddInvocation {
+                user: SysuserEntry::User {
+                    name: "tss".to_string(),
+                    uid: IdSpecification::Specified(59),
+                    gecos: Some("comment".to_string()),
+                    shell: Some("/sbin/nologin".to_string()),
+                    homedir: Some("/dev/null".to_string()),
+                },
+                groups: vec!["tss".to_string()]
+            }
+        );
+    }
+
+    #[test]
+    fn test_groupadd_basics() {
+        assert_eq!(
+            groupadd(vec!["groupadd", "-r", "wireshark",].iter().map(|v| *v)).unwrap(),
+            SysuserEntry::Group {
+                name: "wireshark".to_string(),
+                gid: IdSpecification::Unspecified,
+            },
+        );
+        assert_eq!(
+            groupadd(
+                vec!["groupadd", "-r", "-g", "112", "vhostmd",]
+                    .iter()
+                    .map(|v| *v)
+            ).unwrap(),
+            SysuserEntry::Group {
+                name: "vhostmd".to_string(),
+                gid: IdSpecification::Specified(112),
+            },
+        );
+    }
+}
+
+mod ffi {
+    use super::*;
+
+    #[no_mangle]
+    pub extern "C" fn ror_sysusers_main() {}
+}
+pub use self::ffi::*;