14 maxId = 1<<31 - 1 //for 32-bit systems compatibility
18 ErrRange = fmt.Errorf("Uids and gids must be in range %d-%d", minId, maxId)
38 func parseLine(line string, v ...interface{}) {
43 parts := strings.Split(line, ":")
44 for i, p := range parts {
46 // if we have more "parts" than we have places to put them, bail for great "tolerance" of naughty configuration files
50 switch e := v[i].(type) {
52 // "root", "adm", "/bin/bash"
56 // ignore string to int conversion errors, for great "tolerance" of naughty configuration files
57 *e, _ = strconv.Atoi(p)
59 // "", "root", "root,adm,daemon"
61 *e = strings.Split(p, ",")
66 // panic, because this is a programming/logic error, not a runtime one
67 panic("parseLine expects only pointers! argument " + strconv.Itoa(i) + " is not a pointer!")
72 func ParsePasswdFile(path string) ([]User, error) {
73 passwd, err := os.Open(path)
78 return ParsePasswd(passwd)
81 func ParsePasswd(passwd io.Reader) ([]User, error) {
82 return ParsePasswdFilter(passwd, nil)
85 func ParsePasswdFileFilter(path string, filter func(User) bool) ([]User, error) {
86 passwd, err := os.Open(path)
91 return ParsePasswdFilter(passwd, filter)
94 func ParsePasswdFilter(r io.Reader, filter func(User) bool) ([]User, error) {
96 return nil, fmt.Errorf("nil source for passwd-formatted data")
100 s = bufio.NewScanner(r)
105 if err := s.Err(); err != nil {
109 text := strings.TrimSpace(s.Text())
115 // name:password:UID:GID:GECOS:directory:shell
116 // Name:Pass:Uid:Gid:Gecos:Home:Shell
117 // root:x:0:0:root:/root:/bin/bash
118 // adm:x:3:4:adm:/var/adm:/bin/false
122 &p.Name, &p.Pass, &p.Uid, &p.Gid, &p.Gecos, &p.Home, &p.Shell,
125 if filter == nil || filter(p) {
133 func ParseGroupFile(path string) ([]Group, error) {
134 group, err := os.Open(path)
139 return ParseGroup(group)
142 func ParseGroup(group io.Reader) ([]Group, error) {
143 return ParseGroupFilter(group, nil)
146 func ParseGroupFileFilter(path string, filter func(Group) bool) ([]Group, error) {
147 group, err := os.Open(path)
152 return ParseGroupFilter(group, filter)
155 func ParseGroupFilter(r io.Reader, filter func(Group) bool) ([]Group, error) {
157 return nil, fmt.Errorf("nil source for group-formatted data")
161 s = bufio.NewScanner(r)
166 if err := s.Err(); err != nil {
176 // group_name:password:GID:user_list
177 // Name:Pass:Gid:List
179 // adm:x:4:root,adm,daemon
183 &p.Name, &p.Pass, &p.Gid, &p.List,
186 if filter == nil || filter(p) {
194 type ExecUser struct {
200 // GetExecUserPath is a wrapper for GetExecUser. It reads data from each of the
201 // given file paths and uses that data as the arguments to GetExecUser. If the
202 // files cannot be opened for any reason, the error is ignored and a nil
203 // io.Reader is passed instead.
204 func GetExecUserPath(userSpec string, defaults *ExecUser, passwdPath, groupPath string) (*ExecUser, error) {
205 passwd, err := os.Open(passwdPath)
212 group, err := os.Open(groupPath)
219 return GetExecUser(userSpec, defaults, passwd, group)
222 // GetExecUser parses a user specification string (using the passwd and group
223 // readers as sources for /etc/passwd and /etc/group data, respectively). In
224 // the case of blank fields or missing data from the sources, the values in
227 // GetExecUser will return an error if a user or group literal could not be
228 // found in any entry in passwd and group respectively.
230 // Examples of valid user specifications are:
238 func GetExecUser(userSpec string, defaults *ExecUser, passwd, group io.Reader) (*ExecUser, error) {
240 userArg, groupArg string
245 defaults = new(ExecUser)
248 // Copy over defaults.
252 Sgids: defaults.Sgids,
256 // Sgids slice *cannot* be nil.
257 if user.Sgids == nil {
261 // allow for userArg to have either "user" syntax, or optionally "user:group" syntax
262 parseLine(userSpec, &userArg, &groupArg)
264 users, err := ParsePasswdFilter(passwd, func(u User) bool {
266 return u.Uid == user.Uid
268 return u.Name == userArg || strconv.Itoa(u.Uid) == userArg
270 if err != nil && passwd != nil {
272 userArg = strconv.Itoa(user.Uid)
274 return nil, fmt.Errorf("Unable to find user %v: %v", userArg, err)
277 haveUser := users != nil && len(users) > 0
279 // if we found any user entries that matched our filter, let's take the first one as "correct"
281 user.Uid = users[0].Uid
282 user.Gid = users[0].Gid
283 user.Home = users[0].Home
284 } else if userArg != "" {
285 // we asked for a user but didn't find them... let's check to see if we wanted a numeric user
286 user.Uid, err = strconv.Atoi(userArg)
288 // not numeric - we have to bail
289 return nil, fmt.Errorf("Unable to find user %v", userArg)
292 // Must be inside valid uid range.
293 if user.Uid < minId || user.Uid > maxId {
297 // if userArg couldn't be found in /etc/passwd but is numeric, just roll with it - this is legit
300 if groupArg != "" || name != "" {
301 groups, err := ParseGroupFilter(group, func(g Group) bool {
302 // Explicit group format takes precedence.
304 return g.Name == groupArg || strconv.Itoa(g.Gid) == groupArg
307 // Check if user is a member.
308 for _, u := range g.List {
316 if err != nil && group != nil {
317 return nil, fmt.Errorf("Unable to find groups for user %v: %v", users[0].Name, err)
320 haveGroup := groups != nil && len(groups) > 0
323 // if we found any group entries that matched our filter, let's take the first one as "correct"
324 user.Gid = groups[0].Gid
326 // we asked for a group but didn't find id... let's check to see if we wanted a numeric group
327 user.Gid, err = strconv.Atoi(groupArg)
329 // not numeric - we have to bail
330 return nil, fmt.Errorf("Unable to find group %v", groupArg)
333 // Ensure gid is inside gid range.
334 if user.Gid < minId || user.Gid > maxId {
338 // if groupArg couldn't be found in /etc/group but is numeric, just roll with it - this is legit
340 } else if haveGroup {
341 // If implicit group format, fill supplementary gids.
342 user.Sgids = make([]int, len(groups))
343 for i, group := range groups {
344 user.Sgids[i] = group.Gid
352 // GetAdditionalGroups looks up a list of groups by name or group id
353 // against the given /etc/group formatted data. If a group name cannot
354 // be found, an error will be returned. If a group id cannot be found,
355 // or the given group data is nil, the id will be returned as-is
356 // provided it is in the legal range.
357 func GetAdditionalGroups(additionalGroups []string, group io.Reader) ([]int, error) {
358 var groups = []Group{}
361 groups, err = ParseGroupFilter(group, func(g Group) bool {
362 for _, ag := range additionalGroups {
363 if g.Name == ag || strconv.Itoa(g.Gid) == ag {
370 return nil, fmt.Errorf("Unable to find additional groups %v: %v", additionalGroups, err)
374 gidMap := make(map[int]struct{})
375 for _, ag := range additionalGroups {
377 for _, g := range groups {
378 // if we found a matched group either by name or gid, take the
379 // first matched as correct
380 if g.Name == ag || strconv.Itoa(g.Gid) == ag {
381 if _, ok := gidMap[g.Gid]; !ok {
382 gidMap[g.Gid] = struct{}{}
388 // we asked for a group but didn't find it. let's check to see
389 // if we wanted a numeric group
391 gid, err := strconv.Atoi(ag)
393 return nil, fmt.Errorf("Unable to find group %s", ag)
395 // Ensure gid is inside gid range.
396 if gid < minId || gid > maxId {
399 gidMap[gid] = struct{}{}
403 for gid := range gidMap {
404 gids = append(gids, gid)
409 // GetAdditionalGroupsPath is a wrapper around GetAdditionalGroups
410 // that opens the groupPath given and gives it as an argument to
411 // GetAdditionalGroups.
412 func GetAdditionalGroupsPath(additionalGroups []string, groupPath string) ([]int, error) {
413 group, err := os.Open(groupPath)
417 return GetAdditionalGroups(additionalGroups, group)
projects / github / fretlink / terraform-provider-statuscake.git / blob