From mboxrd@z Thu Jan 1 00:00:00 1970 Return-Path: X-Spam-Checker-Version: SpamAssassin 3.4.2 (2018-09-13) on inbox.vuxu.org X-Spam-Level: X-Spam-Status: No, score=-1.0 required=5.0 tests=MAILING_LIST_MULTI, RCVD_IN_DNSWL_NONE autolearn=ham autolearn_force=no version=3.4.2 Received: from primenet.com.au (ns1.primenet.com.au [203.24.36.2]) by inbox.vuxu.org (OpenSMTPD) with ESMTP id faceda1a for ; Thu, 13 Feb 2020 01:21:53 +0000 (UTC) Received: (qmail 19574 invoked by alias); 13 Feb 2020 01:21:46 -0000 Mailing-List: contact zsh-workers-help@zsh.org; run by ezmlm Precedence: bulk X-No-Archive: yes List-Id: Zsh Workers List List-Post: List-Help: List-Unsubscribe: X-Seq: 45424 Received: (qmail 8846 invoked by uid 1010); 13 Feb 2020 01:21:46 -0000 X-Qmail-Scanner-Diagnostics: from mail-yw1-f52.google.com by f.primenet.com.au (envelope-from , uid 7791) with qmail-scanner-2.11 (clamdscan: 0.102.1/25718. spamassassin: 3.4.2. Clear:RC:0(209.85.161.52):SA:0(-1.9/5.0):. Processed in 2.249962 secs); 13 Feb 2020 01:21:46 -0000 X-Envelope-From: dana@dana.is X-Qmail-Scanner-Mime-Attachments: | X-Qmail-Scanner-Zip-Files: | Received-SPF: pass (ns1.primenet.com.au: SPF record at _netblocks.google.com designates 209.85.161.52 as permitted sender) X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20161025; h=x-gm-message-state:mime-version:subject:from:in-reply-to:date:cc :content-transfer-encoding:message-id:references:to; bh=ularr6aWThJJlLvkYcHuWbXsBWN4+sOlbwoFC2OxqGQ=; b=MrxNEQ2yy2cY8ySnn6HKDzki9XLj6roDUydh/IhrPr7VdXLbu+9wnqNm5o7/JCQTRJ kr2aXbI/uJLFvNF4RbOXmEmgoTtHT4Fz6AEcvxanAWABsB2DjCyncP09Fjh0MwyUrsqC 6LeFus8PJhIBzcGs+iwRtKtHfRF41LsXACVcUlslzsN38V8cq3DKo/+iwzqqiRfr+XUa v/hMAW8vIXDP3bZHZGIPGF+UbjVW+shP1A9boVl4rv9rYR7FficFGJMrumdwQCITY60Q UEwpYrClm1KOicMATIAQt/uC6sIr9MZnOicezxsaoCvNWWEWSi5GPFYMDi5o7etelta9 SJxg== X-Gm-Message-State: APjAAAUsu0fNP2ibSlp9bgGI/5v4/gAK83O8CrReIgPU5AlB3QLawyaj 5HRXgFe+ReG8duH30m1fp5hMZA== X-Google-Smtp-Source: APXvYqwA+0iO1Ny+tAsvwJ9vyHcfhGZ25jJZ7qUXklak/do9sZFGjhuCt2hP2CT30cZZrLzAD+sz9Q== X-Received: by 2002:a81:9bc2:: with SMTP id s185mr12215704ywg.55.1581556870636; Wed, 12 Feb 2020 17:21:10 -0800 (PST) Content-Type: text/plain; charset=utf-8 Mime-Version: 1.0 (Mac OS X Mail 12.4 \(3445.104.11\)) Subject: Re: sudo autocompletion From: dana In-Reply-To: <17405-1581415941.062275@CNCV.ghXS.ifR-> Date: Wed, 12 Feb 2020 19:21:08 -0600 Cc: Zsh hackers list , Daniel Shahaf Content-Transfer-Encoding: quoted-printable Message-Id: References: <912d22db-8a8f-90f2-6738-f9f395994dcb@gmail.com> <1770be62-54d8-70a6-8b05-cfc98faa9b9f@gmail.com> <20200210030219.527a3ccf@tarpaulin.shahaf.local2> <20200210192033.1bae83dc@tarpaulin.shahaf.local2> <17405-1581415941.062275@CNCV.ghXS.ifR-> To: Oliver Kiddle X-Mailer: Apple Mail (2.3445.104.11) On 11 Feb 2020, at 04:12, Oliver Kiddle wrote: > We already set _comp_priv_prefix, _command_names could detect that > and adjust a local $path if it is set. I made some related changes here that i can break out into separate = patches if it makes it easier. But this is the summary: * Have _command_names append the sbin variants if command-path is not = set but _comp_priv_prefix is * Add some indirection around setting _c_p_p in _doas, _pfexec, and = _sudo =E2=80=94 i think the purpose of delaying the assignment is to make sure that = opt_args has been populated * Have _doas call `_command_names -e` separately like _sudo and _pfexec = do (it can't complete shell commands) * Have _pfexec use $words[1] for _c_p_p (the $cmd indirection is there = because $words is changed by the *:: spec) * Fix broken opt_args references in _doas and _pfexec =E2=80=94 they = need the (I) flag, and using argument sets in _doas makes it ugly to extract = options, so i have it just using exclusion lists now instead * Change -P to -P+ in _pfexec Does this make sense? PS: This does not fix `su -c` =E2=80=94 _su doesn't set _c_p_p, = presumably because it always prompts for a password. But since _c_p_p is passed directly to = eval, we *could* make it set _c_p_p=3D( '' ), which would trick _command_names = into doing the right thing. Is that too silly? dana diff --git a/Completion/Solaris/Command/_pfexec = b/Completion/Solaris/Command/_pfexec index 2519c3cdc..fc2bca835 100644 --- a/Completion/Solaris/Command/_pfexec +++ b/Completion/Solaris/Command/_pfexec @@ -22,11 +22,15 @@ _privset() { } =20 _pfexec() { + local cmd cpp local -a _comp_priv_prefix + local -A opt_args + cmd=3D"$words[1]" + cpp=3D'_comp_priv_prefix=3D( $cmd ${(kv)opt_args[(I)-P]} )' _arguments \ - '-P[privileges to acquire]:privspec:_privset' \ - '(-):command name: _command_names -e' \ - '*::arguments:{ _comp_priv_prefix=3D( pfexec = ${(kv)opt_args[-P]} ) ; _normal }' + '-P+[privileges to acquire]:privspec:_privset' \ + "(-): :{ $cpp; _command_names -e }" \ + "*:: :{ $cpp; _normal }" } =20 _pfexec "$@" diff --git a/Completion/Unix/Command/_doas = b/Completion/Unix/Command/_doas index 94395557c..2494f1c5f 100644 --- a/Completion/Unix/Command/_doas +++ b/Completion/Unix/Command/_doas @@ -1,7 +1,8 @@ #compdef doas =20 -local environ e cmd +local environ e cmd cpp local -a _comp_priv_prefix +local -A opt_args =20 zstyle -a ":completion:${curcontext}:" environ environ =20 @@ -10,13 +11,13 @@ do local -x "$e" done =20 cmd=3D"$words[1]" +cpp=3D'_comp_priv_prefix=3D( $cmd -n ${(kv)opt_args[(I)-u]} )' _arguments -s -S -A '-*' : \ - - optL \ - '-L[clear any persisted authorizations]' \ - - default \ - '-a+[specify authentication style]:authentication style' \ - '(-n -s)-C+[check config file and report on command = matching]:config:_files' \ - '(-C)-n[non-interactive: fail rather than prompt for a password]' \ - '(-C *)-s[run a shell]' \ - '-u+[run command as specified user]:user:_users' \ - '*::arguments:{ _comp_priv_prefix=3D( $cmd -n ${(kv)opt_args[-u]} ) ; = _normal }' + '(: * -)-L[clear any persisted authorizations]' \ + '(-L)-a+[specify authentication style]:authentication style' \ + '(-L -n -s)-C+[check config file and report on command = matching]:config:_files' \ + '(-C -L)-n[non-interactive: fail rather than prompt for a password]' = \ + '(-C -L *)-s[run a shell]' \ + '(-L)-u+[run command as specified user]:user:_users' \ + "(-)1: :{ $cpp; _command_names -e }" \ + "*:: :{ $cpp; _normal }" diff --git a/Completion/Unix/Command/_sudo = b/Completion/Unix/Command/_sudo index 41e32cbae..e3d12d72f 100644 --- a/Completion/Unix/Command/_sudo +++ b/Completion/Unix/Command/_sudo @@ -2,9 +2,9 @@ =20 setopt localoptions extended_glob =20 -local environ e cmd -local -a args -local -a _comp_priv_prefix +local environ e cmd cpp +local -a args _comp_priv_prefix +local -A opt_args =20 zstyle -a ":completion:${curcontext}:" environ environ =20 @@ -42,6 +42,10 @@ if [[ $service =3D sudoedit ]] || (( $words[(i)-e] < = $words[(i)^(*sudo|-[^-]*)] )) args=3D( -A "-*" $args '!(-V --version -h --help)-e' '*:file:_files' = ) else cmd=3D"$words[1]" + cpp=3D'_comp_priv_prefix=3D( + $cmd -n + = ${(kv)opt_args[(I)(-[ugHEP]|--(user|group|set-home|preserve-env|preserve-g= roups))]} + )' args+=3D( '(-e --edit 1 *)'{-e,--edit}'[edit files instead of running a = command]' \ '(-s --shell)'{-s,--shell}'[run shell as the target user; a command = may also be specified]' \ @@ -51,8 +55,8 @@ else '(-E -i --login -s --shell -e --edit)--preserve-env=3D-[preserve = user environment when running command]::environment variable:_sequence = _parameters -g "*export*"' \ '(-H --set-home -i --login -s --shell -e = --edit)'{-H,--set-home}"[set HOME variable to target user's home dir]" \ '(-P --preserve-groups -i -login -s --shell -e = --edit)'{-P,--preserve-groups}"[preserve group vector instead of setting = to target's]" \ - '(-)1:command: _command_names -e' - '*::arguments:{ _comp_priv_prefix=3D( $cmd -n = ${(kv)opt_args[(I)(-[ugHEP]|--(user|group|set-home|preserve-env|preserve-g= roups))]} ) ; _normal }' + "(-)1: :{ $cpp; _command_names -e }" + "*:: :{ $cpp; _normal }" ) fi =20 diff --git a/Completion/Zsh/Type/_command_names = b/Completion/Zsh/Type/_command_names index cd630b7a4..b1c35f013 100644 --- a/Completion/Zsh/Type/_command_names +++ b/Completion/Zsh/Type/_command_names @@ -41,11 +41,24 @@ fi args=3D( "$@" ) =20 local -a cmdpath -if zstyle -a ":completion:${curcontext}" command-path cmdpath && - [[ $#cmdpath -gt 0 ]] -then + +zstyle -a ":completion:${curcontext}" command-path cmdpath + +# Using the current PATH doesn't necessarily make sense when completing = commands +# to tools like sudo, which might set a different one. A common issue = is that +# /**/sbin appear in the PATH used by the tool, but not in the one used = by the +# unprivileged user who calls it. To do the right thing in the most = common +# cases, we'll simply ensure that the sbin variants always appear here = when not +# otherwise overridden (bash-completion's _sudo does something similar) +if (( ! $#cmdpath && $#_comp_priv_prefix )); then + cmdpath=3D( $path ${path/%\/bin//sbin} ) + cmdpath=3D( ${(u)^cmdpath}(/-N) ) +fi + +if (( $#cmdpath )); then local -a +h path local -A +h commands path=3D( $cmdpath ) fi + _alternative -O args "$defs[@]"