Feat: conditional permissions behavior (#28)

* Fix: don't need sudo if we're root + other aesthetics * Heavy refactoring, see PR #28 * Fix: avoid silent fatalities demo: https://tcp.ac/i/JMSUc.gif * Fix: Inverse check on `IsRoot` * D.R.Y: check for permissions error in `common.ErrorCheck` Reduce cognitive complexity. * Fix: Issue with copying * Resolve https://github.com/HikariKnight/quickpassthrough/pull/28#discussion_r1646535918 * Resolve https://github.com/HikariKnight/quickpassthrough/pull/28#discussion_r1646606680 and https://github.com/HikariKnight/quickpassthrough/pull/28#discussion_r1646594105 * Revert "Resolve https://github.com/HikariKnight/quickpassthrough/pull/28#discussion_r1646606680 and https://github.com/HikariKnight/quickpassthrough/pull/28#discussion_r1646594105" This reverts commit ce15213009. * Resolve https://github.com/HikariKnight/quickpassthrough/pull/28#discussion_r1646730751
2024-07-27 08:38:39 -07:00 · 2024-07-27 08:38:39 -07:00 · 6c48a35180
commit 6c48a35180
parent 4d0086df41
21 changed files with 604 additions and 255 deletions
--- a/pkg/command/command.go
+++ b/pkg/command/command.go
@ -3,12 +3,15 @@ package command
 import (
 	"bytes"
 	"encoding/base64"
+	"fmt"
 	"io"
 	"os"
 	"os/exec"
+	"strings"
 	"time"

-	"github.com/HikariKnight/ls-iommu/pkg/errorcheck"
+	"github.com/HikariKnight/quickpassthrough/internal/common"
+	"github.com/HikariKnight/quickpassthrough/internal/logger"
 )

 // Run a command and return STDOUT
@ -27,14 +30,14 @@ func Run(binary string, args ...string) ([]string, error) {
 	output, _ := io.ReadAll(&stdout)

 	// Get the output
-	outputs := []string{}
+	outputs := make([]string, 0, 1)
 	outputs = append(outputs, string(output))

 	// Return our list of items
 	return outputs, err
 }

-// This function is just like command.Run() but also returns STDERR
+// RunErr is just like command.Run() but also returns STDERR
 func RunErr(binary string, args ...string) ([]string, []string, error) {
 	var stdout, stderr bytes.Buffer

@ -59,8 +62,18 @@ func RunErr(binary string, args ...string) ([]string, []string, error) {
 	return outputs, outerrs, err
 }

-// This functions runs the command "sudo -Sk -- echo", this forces sudo
-// to re-authenticate and lets us enter the password to STDIN
+func RunErrSudo(isRoot bool, binary string, args ...string) ([]string, []string, error) {
+	if !isRoot && binary != "sudo" {
+		args = append([]string{binary}, args...)
+		binary = "sudo"
+	}
+	logger.Printf("Executing (elevated): %s %s\n", binary, strings.Join(args, " "))
+	fmt.Printf("Executing (elevated): %s %s\n", binary, strings.Join(args, " "))
+	return RunErr(binary, args...)
+}
+
+// Elevate elevates this functions runs the command "sudo -Sk -- echo",
+// this forces sudo to re-authenticate and lets us enter the password to STDIN
 // giving us the ability to run sudo commands
 func Elevate(password string) {
 	// Do a simple sudo command to just authenticate with sudo
@ -71,29 +84,83 @@ func Elevate(password string) {

 	// Open STDIN
 	stdin, err := cmd.StdinPipe()
-	errorcheck.ErrorCheck(err, "\nFailed to get sudo STDIN")
+	common.ErrorCheck(err, "\nFailed to get sudo STDIN")

 	// Start the authentication
-	cmd.Start()
+	err = cmd.Start()
+	common.ErrorCheck(err, "\nFailed to start sudo command")

 	// Get the passed password
 	pw, _ := base64.StdEncoding.DecodeString(password)
 	_, err = stdin.Write([]byte(string(pw) + "\n"))
-	errorcheck.ErrorCheck(err, "\nFailed at typing to STDIN")
+	common.ErrorCheck(err, "\nFailed at typing to STDIN")
 	// Clear the password
 	pw = nil
 	password = ""

-	stdin.Close()
+	_ = stdin.Close()

 	// Wait for the sudo prompt (If the correct password was given, it will not stay behind)
 	err = cmd.Wait()
-	errorcheck.ErrorCheck(err, "\nError, password given was wrong")
+	common.ErrorCheck(err, "\nError, password given was wrong")
 }

-// Function to just clear the terminal
+// Clear clears the terminal.
 func Clear() {
 	c := exec.Command("clear")
 	c.Stdout = os.Stdout
-	c.Run()
+	_ = c.Run()
+}
+
+// ExecAndLogSudo executes an elevated command and logs the output.
+//
+// * if we're root, the command is executed directly
+// * if we're not root, the command is prefixed with "sudo"
+//
+//   - noisy determines if we should print the command to the user
+//     noisy isn't set to true by our copy caller, as it logs differently,
+//     but other callers set it.
+func ExecAndLogSudo(isRoot, noisy bool, exe string, args ...string) error {
+	if !isRoot && exe != "sudo" {
+		og := exe
+		exe = "sudo"
+		newArgs := make([]string, 0)
+		newArgs = append(newArgs, og)
+		newArgs = append(newArgs, args...)
+		args = newArgs
+	}
+
+	// Write to logger
+	logger.Printf("Executing (elevated): %s %s\n", exe, strings.Join(args, " "))
+
+	if noisy {
+		// Print to the user
+		fmt.Printf("Executing (elevated): %s %s\nSee debug.log for detailed output\n", exe, strings.Join(args, " "))
+	}
+
+	wd, err := os.Getwd()
+	if err != nil {
+		return err
+	}
+
+	r := exec.Command(exe, args...)
+	r.Dir = wd
+
+	cmdCombinedOut, err := r.CombinedOutput()
+	outStr := string(cmdCombinedOut)
+
+	// Write to logger, tabulate output
+	// tabulation denotes it's hierarchy as a child of the command
+	outStr = strings.ReplaceAll(outStr, "\n", "\n\t")
+	logger.Printf("\t" + string(cmdCombinedOut) + "\n")
+	if noisy {
+		// Print to the user
+		fmt.Printf("%s\n", outStr)
+	}
+
+	if err != nil {
+		err = fmt.Errorf("failed to execute %s: %w\n%s", exe, err, outStr)
+	}
+
+	return err
 }
--- a/pkg/command/command_test.go
+++ b/pkg/command/command_test.go
@ -0,0 +1,61 @@
+package command
+
+import (
+	"os"
+	"path/filepath"
+	"strings"
+	"testing"
+)
+
+const fakeSudo = `#!/bin/sh
+"$@" -qptest`
+
+const fakeUtil = `#!/bin/sh
+echo "$@"
+if [ "$4" = "-qptest" ]; then exit 0; else exit 1; fi`
+
+func setupExecTestEnv(t *testing.T) (string, string) {
+	t.Helper()
+
+	tmpDir := t.TempDir()
+	fakeSudoPath := filepath.Join(tmpDir, "sudo")
+	fakeUtilPath := filepath.Join(tmpDir, "util")
+
+	if err := os.WriteFile(fakeSudoPath, []byte(fakeSudo), 0755); err != nil {
+		t.Fatalf("failed to write fake sudo stub: %s", err.Error())
+	}
+	if err := os.WriteFile(fakeUtilPath, []byte(fakeUtil), 0755); err != nil {
+		t.Fatalf("failed to write fake util stub: %s", err.Error())
+	}
+	t.Setenv("PATH", tmpDir+":"+os.Getenv("PATH"))
+
+	return fakeSudoPath, fakeUtilPath
+}
+
+func TestExecAndLogSudo(t *testing.T) {
+	_, fakeUtilPath := setupExecTestEnv(t)
+
+	args := []string{"i am a string with spaces", "i came to ruin parsers and chew bubble gum", "and I'm all out of bubblegum."}
+
+	t.Run("is_not_root", func(t *testing.T) {
+		if err := ExecAndLogSudo(false, false, "util", args...); err != nil {
+			t.Errorf("unexpected error: %s", err.Error())
+		}
+	})
+
+	t.Run("is_root", func(t *testing.T) {
+		newFakeUtil := strings.Replace(fakeUtil, "exit 1", "exit 0", 1)
+		newFakeUtil = strings.Replace(newFakeUtil, "exit 0", "exit 1", 1)
+		if err := os.WriteFile(fakeUtilPath, []byte(newFakeUtil), 0755); err != nil {
+			t.Fatalf("failed to overwrite fake util with modified stub: %s", err.Error())
+		}
+		if err := ExecAndLogSudo(false, false, "util", args...); err == nil {
+			t.Errorf("expected error when using modified util with sudo, got nil")
+		}
+
+		if err := ExecAndLogSudo(true, true, "util", args...); err != nil {
+			t.Errorf("unexpected error: %s", err.Error())
+		}
+	})
+
+}