* [PATCH] Improve _su
@ 2020-02-12 21:26 dana
2020-02-12 23:28 ` dana
0 siblings, 1 reply; 2+ messages in thread
From: dana @ 2020-02-12 21:26 UTC (permalink / raw)
To: Zsh hackers list
I was looking at _su for workers/45410 and noticed a few things:
* Fetching the user's shell often doesn't work on macOS, because normal users
don't appear in passwd; we can use Directory Service for this
* We try to use -s to set the shell even for implementations that don't
support that; we should skip those
* For the getent passwd case, we weren't escaping the user name before passing
it to eval
* For the non-getent passwd case, we were doing a prefix match on the user
name (i don't think that was intended?)
dana
diff --git a/Completion/Unix/Command/_su b/Completion/Unix/Command/_su
index 900905632..ea0beab94 100644
--- a/Completion/Unix/Command/_su
+++ b/Completion/Unix/Command/_su
@@ -58,12 +58,22 @@ fi
_arguments $args ${(e)first} "*:shell arguments:= ->rest" && return
usr=${line[norm]/--/root}
-if (( $#opt_args[(i)-(s|-shell)] )); then
+
+# Normal users generally don't appear in passwd on macOS; try the Directory
+# Service first
+if [[ $OSTYPE == darwin* ]] && (( $+commands[dscl] )); then
+ shell=${"$(
+ _call_program shells dscl . -read /Users/${(q)usr} UserShell
+ )"#UserShell: }
+fi
+
+[[ -z $shell ]] &&
+if (( ${#${(@M)args:#*-s\[*\]:*}} && $#opt_args[(i)-(s|-shell)] )); then
shell=${(v)opt_args[(i)-(s|-shell)]}
elif (( ${+commands[getent]} )); then
- shell="${$(_call_program shells getent passwd $usr)##*:}"
+ shell="${$(_call_program shells getent passwd ${(q)usr})##*:}"
else
- shell="${${(M@)${(@f)$(</etc/passwd)}:#$usr*}##*:}"
+ shell="${${(M@)${(@f)$(</etc/passwd)}:#${usr}:*}##*:}"
fi
case $state in
^ permalink raw reply [flat|nested] 2+ messages in thread
* Re: [PATCH] Improve _su
2020-02-12 21:26 [PATCH] Improve _su dana
@ 2020-02-12 23:28 ` dana
0 siblings, 0 replies; 2+ messages in thread
From: dana @ 2020-02-12 23:28 UTC (permalink / raw)
To: Zsh hackers list
On 12 Feb 2020, at 15:26, dana <dana@dana.is> wrote:
> I was looking at _su for workers/45410 and noticed a few things:
Sorry, noticed more things:
* Short options that take optargs should use -x+ form
* $_comp_priv_prefix can be used to show util-linux group options
* macOS doesn't support -c
* OpenBSD supports adding a log-in method after the user name; it should be
removed before looking up the shell
* OpenBSD log-in methods are listed in login.conf (though i think there are
others too)
dana
diff --git a/Completion/Unix/Command/_su b/Completion/Unix/Command/_su
index 900905632..8233296a2 100644
--- a/Completion/Unix/Command/_su
+++ b/Completion/Unix/Command/_su
@@ -9,36 +9,44 @@ local shell usr
(( $words[(i)-(l|-login)] < CURRENT )) || args=( '-[use a login shell]' )
case $OSTYPE in
linux*)
+ # Some of these options only apply to util-linux, not shadow-utils
args=( -S $args
- '(-c --command --session-command *)'{-c,--command=}'[pass command to shell]:command string:_cmdstring'
+ '(-c --command --session-command *)'{-c+,--command=}'[pass command to shell]:command string:_cmdstring'
"(-c --command *)--session-command=[pass command to shell and don't create a new session]:command string:_cmdstring"
'(--fast -f)'{-f,--fast}'[pass -f to shell]'
'(-l --login -m -p --preserve-environment)'{-l,--login}'[use a login shell]'
'(-l --login -m -p --preserve-environment)'{-m,-p,--preserve-environment}"[don't reset environment]"
- '(-s --shell)'{-s,--shell=}'[run the specified shell]:shell:->shells'
+ '(-s --shell)'{-s+,--shell=}'[run the specified shell]:shell:->shells'
'(-)--help[display help information]'
'(-)--version[display version information]'
)
- (( EUID )) || args+=(
- '(-g --group)'{-g,--group=}'[specify primary group]:group:_groups'
- \*{-G,--supp-group=}'[specify supplemental group]:group:_groups'
+ (( $#_comp_priv_prefix || EUID == 0 )) && args+=(
+ '(-g --group)'{-g+,--group=}'[specify primary group]:group:_groups'
+ \*{-G+,--supp-group=}'[specify supplemental group]:group:_groups'
)
first="(--help --version)${first#???}"
;;
*bsd*|darwin*|dragonfly*)
args+=(
- '-c[use settings from specified login class]:class'
'-f[if the invoked shell is csh, prevent it from reading .cshrc]'
'(-m)-l[use a login shell]'
"(-l)-m[don't reset environment]"
)
;|
+ *bsd*|dragonfly*)
+ args+=(
+ '-c+[use settings from specified login class]:class'
+ )
+ ;|
freebsd*) args+=( '-s[set the MAC label]' ) ;;
openbsd*)
args+=(
- '(-K)-a[specify authentication type]:authentication type'
+ # See login.conf(5)
+ '(-K)-a+[specify authentication type]:authentication type:(
+ activ chpass crypto lchpass passwd radius reject skey snk token yubikey
+ )'
'(-a)-K[shorthand for -a passwd]'
- '-s[run the specified shell]:shell:->shells'
+ '-s+[run the specified shell]:shell:->shells'
'-L[loop until login succeeds]'
)
;;
@@ -58,12 +66,24 @@ fi
_arguments $args ${(e)first} "*:shell arguments:= ->rest" && return
usr=${line[norm]/--/root}
-if (( $#opt_args[(i)-(s|-shell)] )); then
+# OpenBSD supports appending a log-in method to the user name, as in usr:radius
+[[ $OSTYPE == openbsd* ]] && usr=${usr%:*}
+
+# Normal users generally don't appear in passwd on macOS; try the Directory
+# Service first
+if [[ $OSTYPE == darwin* ]] && (( $+commands[dscl] )); then
+ shell=${"$(
+ _call_program shells dscl . -read /Users/${(q)usr} UserShell
+ )"#UserShell: }
+fi
+
+[[ -z $shell ]] &&
+if (( ${#${(@M)args:#*-s[+\[]*:*}} && $#opt_args[(i)-(s|-shell)] )); then
shell=${(v)opt_args[(i)-(s|-shell)]}
elif (( ${+commands[getent]} )); then
- shell="${$(_call_program shells getent passwd $usr)##*:}"
+ shell="${$(_call_program shells getent passwd ${(q)usr})##*:}"
else
- shell="${${(M@)${(@f)$(</etc/passwd)}:#$usr*}##*:}"
+ shell="${${(M@)${(@f)$(</etc/passwd)}:#${usr}:*}##*:}"
fi
case $state in
^ permalink raw reply [flat|nested] 2+ messages in thread
end of thread, other threads:[~2020-02-12 23:29 UTC | newest]
Thread overview: 2+ messages (download: mbox.gz / follow: Atom feed)
-- links below jump to the message on this page --
2020-02-12 21:26 [PATCH] Improve _su dana
2020-02-12 23:28 ` dana
Code repositories for project(s) associated with this public inbox
https://git.vuxu.org/mirror/zsh/
This is a public inbox, see mirroring instructions
for how to clone and mirror all data and code used for this inbox;
as well as URLs for NNTP newsgroup(s).