From 72d91a04b935aa24bbb4b046fb93c9ab6023e137 Mon Sep 17 00:00:00 2001 From: Miraty Date: Wed, 7 Apr 2021 20:49:14 +0200 Subject: [PATCH] Check that user which ran maniver is root --- Cargo.toml | 1 + src/main.rs | 108 +++++++++++++++++++++++++++++++--------------------- 2 files changed, 66 insertions(+), 43 deletions(-) diff --git a/Cargo.toml b/Cargo.toml index 983b37e..622d1c6 100755 --- a/Cargo.toml +++ b/Cargo.toml @@ -8,3 +8,4 @@ edition = "2018" [dependencies] regex = "1" +users = "0" diff --git a/src/main.rs b/src/main.rs index e981cdc..264731b 100755 --- a/src/main.rs +++ b/src/main.rs @@ -3,45 +3,70 @@ use regex::Regex; use std::io::prelude::*; use std::process::{Command, Stdio, Output}; use std::fs; +use users::get_current_username; +use std::ffi::OsString; + +fn exit(error: String) { + eprintln!("Error: {}", error); + std::process::exit(0); +} fn main() { + + let superuser = OsString::from("root"); + + match get_current_username() { + Some(user) => match user { + _ if user == superuser => println!("root: right user"), + _ => exit("must be run as root".to_string()), + } + None => exit("the current user does not exist".to_string()), + } + let args: Vec = env::args().collect(); - let tool = args[1].to_string(); - match tool.as_ref() { + match args[1].as_ref() { "setup-user" => setup_user(args[2].to_string(), args[3].to_string()), "reload-nginx" => reload_nginx(), "reload-tor" => reload_tor(), + "restart-gmnisrv" => restart_gmnisrv(), "le-install" => le_install(args[2].to_string()), "export-tor" => export_tor(args[2].to_string(), args[3].to_string()), - _ => println!("ERROR"), + _ => println!("ERROR: You must specify a subcommand"), } } fn export_tor(username: String, dir: String) { + if is_string_lowercase(username.to_string()) { + if is_string_lowercase(dir.to_string()) { + let mut src_path: String = "/var/lib/tor/niver/".to_owned(); + src_path += &dir.to_string(); + src_path += &"/hostname".to_string().to_owned(); - let mut src_path: String = "/var/lib/tor/niver/".to_owned(); - src_path += &dir.to_string(); - src_path += &"/hostname".to_string().to_owned(); + let mut dest_path: String = "/srv/hyper/".to_owned(); + dest_path += &username.to_string(); + dest_path += &"/hyper/".to_string().to_owned(); + dest_path += &dir.to_string(); + dest_path += &"/hostname".to_string().to_owned(); - let mut dest_path: String = "/srv/hyper/".to_owned(); - dest_path += &username.to_string(); - dest_path += &"/hyper/".to_string().to_owned(); - dest_path += &dir.to_string(); - dest_path += &"/hostname".to_string().to_owned(); + match fs::copy(src_path, &dest_path) { + Err(why) => panic!("Erreur lors d'une copie de fichier (fs::copy) : {}", why), + Ok(process) => process, + }; - match fs::copy(src_path, &dest_path) { - Err(why) => panic!("Erreur lors d'une copie de fichier (fs::copy) : {}", why), - Ok(process) => process, - }; + let output = Command::new("/usr/bin/chown") + .arg("www-data:www-data") + .arg(dest_path) + .output() + .expect("failed to execute process"); - let output = Command::new("/usr/bin/chown") - .arg("www-data:www-data") - .arg(dest_path) - .output() - .expect("failed to execute process"); - - print_output(output); + print_output(output); + } else { + println!("ERROR: The dirname must be composed only of lowercase letters"); + } + } else { + println!("ERROR: The username must be composed only of lowercase letters"); + } } fn le_install(domain: String) { @@ -62,37 +87,33 @@ fn le_install(domain: String) { .arg(&domain) .output() .expect("failed to execute process"); - print_output(output); } fn reload_nginx() { - let output = Command::new("/usr/bin/systemctl") .arg("reload") .arg("nginx") .output() .expect("Error while reloading Nginx config"); - print_output(output); } -fn print_output(output: Output) { - println!("status: {}", output.status); - println!("stdout: {}", String::from_utf8_lossy(&output.stdout)); - println!("stderr: {}", String::from_utf8_lossy(&output.stderr)); - - assert!(output.status.success()); -} - fn reload_tor() { - let output = Command::new("/usr/bin/systemctl") .arg("reload") .arg("tor@default") .output() .expect("Error while reloading Tor config"); + print_output(output); +} +fn restart_gmnisrv() { + let output = Command::new("/usr/bin/systemctl") + .arg("restart") + .arg("gmnisrv") + .output() + .expect("Error while restarting Gmnisrv"); print_output(output); } @@ -112,26 +133,24 @@ fn setup_user(username: String, password: String) { quota(username4.to_string()); } else { - println!("Erreur : l'username doit être composé de lettres minuscules uniquement"); + println!("ERROR: The dirname must be composed only of lowercase letters"); } } else { - println!("Erreur : le mot de passe doit faire moins de 1024 caractères"); + println!("ERROR: The password must be shorter than 1024 characters"); } } else { - println!("Erreur : l'username doit faire moins de 32 caractères"); + println!("ERROR: The username must be shorter than 32 characters"); } } // Set disk usage limit to the user by copying another user quota fn quota(username: String) { - let output = Command::new("/usr/sbin/edquota") .arg("-p") .arg("testfract") .arg(&username) .output() .expect("failed to execute process"); - print_output(output); } @@ -149,7 +168,6 @@ fn chroot(username: String) { .arg(&path) .output() .expect("Failed to chown /srv/hyper/ to root:root"); - print_output(output); let output = Command::new("/usr/bin/chmod") @@ -157,7 +175,6 @@ fn chroot(username: String) { .arg(path) .output() .expect("Failed to chmod /srv/hyper/ to 755"); - print_output(output); } else { @@ -167,7 +184,6 @@ fn chroot(username: String) { // Creates a new user in the group 'hyper', which is available only over SFTP fn newser(username: String) { - let output = Command::new("/usr/sbin/useradd") .arg(&username) .arg("--create-home") @@ -179,7 +195,6 @@ fn newser(username: String) { .arg("/usr/sbin/nologin") .output() .expect("failed to execute process"); - print_output(output); } @@ -221,3 +236,10 @@ fn is_string_lowercase(stri: String) -> bool { return false; } } + +fn print_output(output: Output) { + println!("status: {}", output.status); + println!("stdout: {}", String::from_utf8_lossy(&output.stdout)); + println!("stderr: {}", String::from_utf8_lossy(&output.stderr)); + assert!(output.status.success()); +}