sysusers: Import nameservice code from rpm-ostree

This imports the code from
https://github.com/coreos/rpm-ostree/tree/main/rust/src/nameservice
as of commit
coreos/rpm-ostree@e1d43ae

Signed-off-by: Colin Walters <[email protected]>

Author: cgwalters

Cargo.lock

@@ -6,17 +6,18 @@ edition = "2021"
 publish = false
 
 [dependencies]
+anyhow = { workspace = true }
 camino = { workspace = true }
 fn-error-context = { workspace = true }
 cap-std-ext = { version = "4" }
+hex = "0.4"
 thiserror = { workspace = true }
 tempfile = { workspace = true }
 bootc-utils = { path = "../utils" }
 rustix = { workspace = true }
 uzers = "0.12"
 
 [dev-dependencies]
-anyhow = { workspace = true }
 indoc = { workspace = true }
 similar-asserts = { workspace = true }
 

sysusers/Cargo.toml

@@ -1,6 +1,9 @@
 //! Parse and generate systemd sysusers.d entries.
 // SPDX-License-Identifier: Apache-2.0 OR MIT
 
+#[allow(dead_code)]
+mod nameservice;
+
 use std::path::PathBuf;
 
 use thiserror::Error;

sysusers/src/lib.rs

@@ -0,0 +1,124 @@
+//! Helpers for [user passwd file](https://man7.org/linux/man-pages/man5/passwd.5.html).
+// SPDX-License-Identifier: Apache-2.0 OR MIT
+
+use anyhow::{anyhow, Context, Result};
+use std::io::{BufRead, Write};
+
+// Entry from group file.
+#[derive(Debug, Clone, PartialEq, Eq)]
+pub(crate) struct GroupEntry {
+    pub(crate) name: String,
+    pub(crate) passwd: String,
+    pub(crate) gid: u32,
+    pub(crate) users: Vec<String>,
+}
+
+impl GroupEntry {
+    /// Parse a single group entry.
+    pub fn parse_line(s: impl AsRef<str>) -> Option<Self> {
+        let mut parts = s.as_ref().splitn(4, ':');
+        let entry = Self {
+            name: parts.next()?.to_string(),
+            passwd: parts.next()?.to_string(),
+            gid: parts.next().and_then(|s| s.parse().ok())?,
+            users: {
+                let users = parts.next()?;
+                users.split(',').map(String::from).collect()
+            },
+        };
+        Some(entry)
+    }
+
+    /// Serialize entry to writer, as a group line.
+    pub fn to_writer(&self, writer: &mut impl Write) -> Result<()> {
+        let users: String = self.users.join(",");
+        std::writeln!(
+            writer,
+            "{}:{}:{}:{}",
+            self.name,
+            self.passwd,
+            self.gid,
+            users,
+        )
+        .with_context(|| "failed to write passwd entry")
+    }
+}
+
+pub(crate) fn parse_group_content(content: impl BufRead) -> Result<Vec<GroupEntry>> {
+    let mut groups = vec![];
+    for (line_num, line) in content.lines().enumerate() {
+        let input =
+            line.with_context(|| format!("failed to read group entry at line {}", line_num))?;
+
+        // Skip empty and comment lines
+        if input.is_empty() || input.starts_with('#') {
+            continue;
+        }
+        // Skip NSS compat lines, see "Compatibility mode" in
+        // https://man7.org/linux/man-pages/man5/nsswitch.conf.5.html
+        if input.starts_with('+') || input.starts_with('-') {
+            continue;
+        }
+
+        let entry = GroupEntry::parse_line(&input).ok_or_else(|| {
+            anyhow!(
+                "failed to parse group entry at line {}, content: {}",
+                line_num,
+                &input
+            )
+        })?;
+        groups.push(entry);
+    }
+    Ok(groups)
+}
+
+#[cfg(test)]
+mod tests {
+    use super::*;
+    use std::io::Cursor;
+
+    fn mock_group_entry() -> GroupEntry {
+        GroupEntry {
+            name: "staff".to_string(),
+            passwd: "x".to_string(),
+            gid: 50,
+            users: vec!["operator".to_string()],
+        }
+    }
+
+    #[test]
+    fn test_parse_lines() {
+        let content = r#"
++groupA
+-groupB
+
+root:x:0:
+daemon:x:1:
+bin:x:2:
+sys:x:3:
+adm:x:4:
+www-data:x:33:
+backup:x:34:
+operator:x:37:
+
+# Dummy comment
+staff:x:50:operator
+
++
+"#;
+
+        let input = Cursor::new(content);
+        let groups = parse_group_content(input).unwrap();
+        assert_eq!(groups.len(), 9);
+        assert_eq!(groups[8], mock_group_entry());
+    }
+
+    #[test]
+    fn test_write_entry() {
+        let entry = mock_group_entry();
+        let expected = b"staff:x:50:operator\n";
+        let mut buf = Vec::new();
+        entry.to_writer(&mut buf).unwrap();
+        assert_eq!(&buf, expected);
+    }
+}

sysusers/src/nameservice/group.rs

@@ -0,0 +1,7 @@
+//! Linux name-service information helpers.
+// SPDX-License-Identifier: Apache-2.0 OR MIT
+// TODO(lucab): consider moving this to its own crate.
+
+pub(crate) mod group;
+pub(crate) mod passwd;
+pub(crate) mod shadow;

sysusers/src/nameservice/mod.rs

@@ -0,0 +1,131 @@
+//! Helpers for [password file](https://man7.org/linux/man-pages/man5/passwd.5.html).
+// SPDX-License-Identifier: Apache-2.0 OR MIT
+
+use anyhow::{anyhow, Context, Result};
+use std::io::{BufRead, Write};
+
+// Entry from passwd file.
+#[derive(Debug, Clone, PartialEq, Eq)]
+pub(crate) struct PasswdEntry {
+    pub(crate) name: String,
+    pub(crate) passwd: String,
+    pub(crate) uid: u32,
+    pub(crate) gid: u32,
+    pub(crate) gecos: String,
+    pub(crate) home_dir: String,
+    pub(crate) shell: String,
+}
+
+impl PasswdEntry {
+    /// Parse a single passwd entry.
+    pub fn parse_line(s: impl AsRef<str>) -> Option<Self> {
+        let mut parts = s.as_ref().splitn(7, ':');
+        let entry = Self {
+            name: parts.next()?.to_string(),
+            passwd: parts.next()?.to_string(),
+            uid: parts.next().and_then(|s| s.parse().ok())?,
+            gid: parts.next().and_then(|s| s.parse().ok())?,
+            gecos: parts.next()?.to_string(),
+            home_dir: parts.next()?.to_string(),
+            shell: parts.next()?.to_string(),
+        };
+        Some(entry)
+    }
+
+    /// Serialize entry to writer, as a passwd line.
+    pub fn to_writer(&self, writer: &mut impl Write) -> Result<()> {
+        std::writeln!(
+            writer,
+            "{}:{}:{}:{}:{}:{}:{}",
+            self.name,
+            self.passwd,
+            self.uid,
+            self.gid,
+            self.gecos,
+            self.home_dir,
+            self.shell
+        )
+        .with_context(|| "failed to write passwd entry")
+    }
+}
+
+pub(crate) fn parse_passwd_content(content: impl BufRead) -> Result<Vec<PasswdEntry>> {
+    let mut passwds = vec![];
+    for (line_num, line) in content.lines().enumerate() {
+        let input =
+            line.with_context(|| format!("failed to read passwd entry at line {}", line_num))?;
+
+        // Skip empty and comment lines
+        if input.is_empty() || input.starts_with('#') {
+            continue;
+        }
+        // Skip NSS compat lines, see "Compatibility mode" in
+        // https://man7.org/linux/man-pages/man5/nsswitch.conf.5.html
+        if input.starts_with('+') || input.starts_with('-') {
+            continue;
+        }
+
+        let entry = PasswdEntry::parse_line(&input).ok_or_else(|| {
+            anyhow!(
+                "failed to parse passwd entry at line {}, content: {}",
+                line_num,
+                &input
+            )
+        })?;
+        passwds.push(entry);
+    }
+    Ok(passwds)
+}
+
+#[cfg(test)]
+mod tests {
+    use super::*;
+    use std::io::Cursor;
+
+    fn mock_passwd_entry() -> PasswdEntry {
+        PasswdEntry {
+            name: "someuser".to_string(),
+            passwd: "x".to_string(),
+            uid: 1000,
+            gid: 1000,
+            gecos: "Foo BAR,,,".to_string(),
+            home_dir: "/home/foobar".to_string(),
+            shell: "/bin/bash".to_string(),
+        }
+    }
+
+    #[test]
+    fn test_parse_lines() {
+        let content = r#"
+root:x:0:0:root:/root:/bin/bash
+
++userA
+-userB
+
+daemon:x:1:1:daemon:/usr/sbin:/usr/sbin/nologin
+systemd-coredump:x:1:1:systemd Core Dumper:/:/usr/sbin/nologin
+
++@groupA
+-@groupB
+
+# Dummy comment
+someuser:x:1000:1000:Foo BAR,,,:/home/foobar:/bin/bash
+
++
+"#;
+
+        let input = Cursor::new(content);
+        let groups = parse_passwd_content(input).unwrap();
+        assert_eq!(groups.len(), 4);
+        assert_eq!(groups[3], mock_passwd_entry());
+    }
+
+    #[test]
+    fn test_write_entry() {
+        let entry = mock_passwd_entry();
+        let expected = b"someuser:x:1000:1000:Foo BAR,,,:/home/foobar:/bin/bash\n";
+        let mut buf = Vec::new();
+        entry.to_writer(&mut buf).unwrap();
+        assert_eq!(&buf, expected);
+    }
+}