zsh-workers
 help / color / Atom feed
From: dana <dana@dana.is>
To: Zsh hackers list <zsh-workers@zsh.org>
Subject: Re: [PATCH] Improve _su
Date: Wed, 12 Feb 2020 17:28:25 -0600
Message-ID: <5CBC1D1A-833E-4DCD-ACE1-1756A2735ECC@dana.is> (raw)
In-Reply-To: <8CCEA689-98B4-4396-947E-A47AA7CDEE2E@dana.is>

On 12 Feb 2020, at 15:26, dana <dana@dana.is> wrote:
> I was looking at _su for workers/45410 and noticed a few things:

Sorry, noticed more things:

* Short options that take optargs should use -x+ form

* $_comp_priv_prefix can be used to show util-linux group options

* macOS doesn't support -c

* OpenBSD supports adding a log-in method after the user name; it should be
  removed before looking up the shell

* OpenBSD log-in methods are listed in login.conf (though i think there are
  others too)

dana


diff --git a/Completion/Unix/Command/_su b/Completion/Unix/Command/_su
index 900905632..8233296a2 100644
--- a/Completion/Unix/Command/_su
+++ b/Completion/Unix/Command/_su
@@ -9,36 +9,44 @@ local shell usr
 (( $words[(i)-(l|-login)] < CURRENT )) || args=( '-[use a login shell]' )
 case $OSTYPE in
   linux*)
+    # Some of these options only apply to util-linux, not shadow-utils
     args=( -S $args
-      '(-c --command --session-command *)'{-c,--command=}'[pass command to shell]:command string:_cmdstring'
+      '(-c --command --session-command *)'{-c+,--command=}'[pass command to shell]:command string:_cmdstring'
       "(-c --command *)--session-command=[pass command to shell and don't create a new session]:command string:_cmdstring"
       '(--fast -f)'{-f,--fast}'[pass -f to shell]'
       '(-l --login -m -p --preserve-environment)'{-l,--login}'[use a login shell]'
       '(-l --login -m -p --preserve-environment)'{-m,-p,--preserve-environment}"[don't reset environment]"
-      '(-s --shell)'{-s,--shell=}'[run the specified shell]:shell:->shells'
+      '(-s --shell)'{-s+,--shell=}'[run the specified shell]:shell:->shells'
       '(-)--help[display help information]'
       '(-)--version[display version information]'
     )
-    (( EUID )) || args+=(
-      '(-g --group)'{-g,--group=}'[specify primary group]:group:_groups'
-      \*{-G,--supp-group=}'[specify supplemental group]:group:_groups'
+    (( $#_comp_priv_prefix || EUID == 0 )) && args+=(
+      '(-g --group)'{-g+,--group=}'[specify primary group]:group:_groups'
+      \*{-G+,--supp-group=}'[specify supplemental group]:group:_groups'
     )
     first="(--help --version)${first#???}"
   ;;
   *bsd*|darwin*|dragonfly*)
     args+=(
-      '-c[use settings from specified login class]:class'
       '-f[if the invoked shell is csh, prevent it from reading .cshrc]'
       '(-m)-l[use a login shell]'
       "(-l)-m[don't reset environment]"
     )
   ;|
+  *bsd*|dragonfly*)
+    args+=(
+      '-c+[use settings from specified login class]:class'
+    )
+  ;|
   freebsd*) args+=( '-s[set the MAC label]' ) ;;
   openbsd*)
     args+=(
-      '(-K)-a[specify authentication type]:authentication type'
+      # See login.conf(5)
+      '(-K)-a+[specify authentication type]:authentication type:(
+        activ chpass crypto lchpass passwd radius reject skey snk token yubikey
+      )'
       '(-a)-K[shorthand for -a passwd]'
-      '-s[run the specified shell]:shell:->shells'
+      '-s+[run the specified shell]:shell:->shells'
       '-L[loop until login succeeds]'
     )
   ;;
@@ -58,12 +66,24 @@ fi
 _arguments $args ${(e)first} "*:shell arguments:= ->rest" && return
 
 usr=${line[norm]/--/root}
-if (( $#opt_args[(i)-(s|-shell)] )); then
+# OpenBSD supports appending a log-in method to the user name, as in usr:radius
+[[ $OSTYPE == openbsd* ]] && usr=${usr%:*}
+
+# Normal users generally don't appear in passwd on macOS; try the Directory
+# Service first
+if [[ $OSTYPE == darwin* ]] && (( $+commands[dscl] )); then
+  shell=${"$(
+    _call_program shells dscl . -read /Users/${(q)usr} UserShell
+  )"#UserShell: }
+fi
+
+[[ -z $shell ]] &&
+if (( ${#${(@M)args:#*-s[+\[]*:*}} && $#opt_args[(i)-(s|-shell)] )); then
   shell=${(v)opt_args[(i)-(s|-shell)]}
 elif (( ${+commands[getent]} )); then
-  shell="${$(_call_program shells getent passwd $usr)##*:}"
+  shell="${$(_call_program shells getent passwd ${(q)usr})##*:}"
 else
-  shell="${${(M@)${(@f)$(</etc/passwd)}:#$usr*}##*:}"
+  shell="${${(M@)${(@f)$(</etc/passwd)}:#${usr}:*}##*:}"
 fi
 
 case $state in


      reply index

Thread overview: 2+ messages / expand[flat|nested]  mbox.gz  Atom feed  top
2020-02-12 21:26 dana
2020-02-12 23:28 ` dana [this message]

Reply instructions:

You may reply publicly to this message via plain-text email
using any one of the following methods:

* Save the following mbox file, import it into your mail client,
  and reply-to-all from there: mbox

  Avoid top-posting and favor interleaved quoting:
  https://en.wikipedia.org/wiki/Posting_style#Interleaved_style

* Reply using the --to, --cc, and --in-reply-to
  switches of git-send-email(1):

  git send-email \
    --in-reply-to=5CBC1D1A-833E-4DCD-ACE1-1756A2735ECC@dana.is \
    --to=dana@dana.is \
    --cc=zsh-workers@zsh.org \
    /path/to/YOUR_REPLY

  https://kernel.org/pub/software/scm/git/docs/git-send-email.html

* If your mail client supports setting the In-Reply-To header
  via mailto: links, try the mailto: link

zsh-workers

Archives are clonable: git clone --mirror http://inbox.vuxu.org/zsh-workers

Example config snippet for mirrors

Newsgroup available over NNTP:
	nntp://inbox.vuxu.org/vuxu.archive.zsh.workers


AGPL code for this site: git clone https://public-inbox.org/public-inbox.git