Replace more variables on privileges drop

Author: kitsunyan

src/feature/syncinstall.nim

@@ -252,12 +252,12 @@ proc editLoop(config: Config, base: string, repoPath: string, gitPath: Option[st
         ('a', tr"abort operation"))
       editFileLoop(file)
     elif res == 'y':
-      let visualEnv = getenv("VISUAL")
-      let editorEnv = getenv("EDITOR")
-      let editor = if visualEnv != nil and visualEnv.len > 0:
-          $visualEnv
-        elif editorEnv != nil and editorEnv.len > 0:
-          $editorEnv
+      let visualEnv = getEnv("VISUAL")
+      let editorEnv = getEnv("EDITOR")
+      let editor = if visualEnv.len > 0:
+          visualEnv
+        elif editorEnv.len > 0:
+          editorEnv
         else:
           printColonUserInput(config.color, tr"Enter editor executable name" & ":",
             noconfirm, "", "")
@@ -304,11 +304,11 @@ proc buildLoop(config: Config, pkgInfos: seq[PackageInfo], noconfirm: bool,
   let gitPath = pkgInfos[0].gitPath
   let buildPath = buildPath(repoPath, gitPath)
 
-  let confFileEnv = getenv("MAKEPKG_CONF")
-  let confFile = if confFileEnv == nil or confFileEnv.len == 0:
+  let confFileEnv = getEnv("MAKEPKG_CONF")
+  let confFile = if confFileEnv.len == 0:
       sysConfDir & "/makepkg.conf"
     else:
-      $confFileEnv
+      confFileEnv
 
   let workConfFile = config.tmpRoot & "/makepkg.conf"
 
@@ -334,20 +334,20 @@ proc buildLoop(config: Config, pkgInfos: seq[PackageInfo], noconfirm: bool,
     printError(config.color, tr"failed to copy config file '$#'" % [confFile])
     (none(BuildResult), 1)
   else:
-    let envExt = getenv("PKGEXT")
-    let confExt = if envExt == nil or envExt.len == 0:
+    let envExt = getEnv("PKGEXT")
+    let confExt = if envExt.len == 0:
         forkWaitRedirect(() => (block:
           dropPrivileges()
           execResult(bashCmd, "-c",
             "source \"$@\" && echo \"$PKGEXT\"",
             "bash", workConfFile)))
           .output.optFirst.get("")
       else:
-        $envExt
+        envExt
 
     let buildCode = forkWait(proc: int =
       if chdir(buildPath) == 0:
-        discard unsetenv("MAKEPKG_CONF")
+        discard cunsetenv("MAKEPKG_CONF")
         dropPrivileges()
 
         if not noextract:

src/main.nim

@@ -184,8 +184,8 @@ proc handleHelp(operation: OperationType) =
         discard
 
 const
-  version = $getenv("PROG_VERSION")
-  copyright = $getenv("PROG_COPYRIGHT")
+  version = getEnv("PROG_VERSION")
+  copyright = getEnv("PROG_COPYRIGHT")
 
 proc handleVersion(): int =
   echo()

src/utils.nim

@@ -18,10 +18,19 @@ type
     shell: string
   ]
 
+proc cgetenv*(name: cstring): cstring
+  {.importc: "getenv", header: "<stdlib.h>".}
+
+proc csetenv*(name: cstring, value: cstring, override: cint): cint
+  {.importc: "setenv", header: "<stdlib.h>".}
+
+proc cunsetenv*(name: cstring): cint
+  {.importc: "unsetenv", header: "<stdlib.h>".}
+
 const
-  pkgLibDir* = getenv("PROG_PKGLIBDIR")
-  localStateDir* = getenv("PROG_LOCALSTATEDIR")
-  sysConfDir* = getenv("PROG_SYSCONFDIR")
+  pkgLibDir* = getEnv("PROG_PKGLIBDIR")
+  localStateDir* = getEnv("PROG_LOCALSTATEDIR")
+  sysConfDir* = getEnv("PROG_SYSCONFDIR")
 
   bashCmd* = "/bin/bash"
   suCmd* = "/usr/bin/su"
@@ -199,12 +208,6 @@ proc forkWaitRedirect*(call: () -> int): tuple[output: seq[string], code: int] =
 
   (lines, code)
 
-proc setenv*(name: cstring, value: cstring, override: cint): cint
-  {.importc, header: "<stdlib.h>".}
-
-proc unsetenv*(name: cstring): cint
-  {.importc, header: "<stdlib.h>".}
-
 proc getgrouplist*(user: cstring, group: Gid, groups: ptr cint, ngroups: var cint): cint
   {.importc, header: "<grp.h>".}
 
@@ -232,13 +235,13 @@ proc getUser(uid: int): User =
 let currentUser* = getUser(getuid().int)
 
 let initialUser* = try:
-  let sudoUid = getenv("SUDO_UID")
-  let polkitUid = getenv("PKEXEC_UID")
+  let sudoUid = getEnv("SUDO_UID")
+  let polkitUid = getEnv("PKEXEC_UID")
 
-  let uidString = if sudoUid != nil and sudoUid.len > 0:
-      some($sudoUid)
-    elif polkitUid != nil and polkitUid.len > 0:
-      some($polkitUid)
+  let uidString = if sudoUid.len > 0:
+      some(sudoUid)
+    elif polkitUid.len > 0:
+      some(polkitUid)
     else:
       none(string)
 
@@ -257,8 +260,22 @@ proc dropPrivileges*() =
     discard setgroups(user.groups.len, addr(groups[0]));
     discard setgid((Gid) user.gid)
     discard setuid((Uid) user.uid)
-    discard setenv("HOME", user.home, 1)
-    discard setenv("SHELL", user.shell, 1)
+
+    template replaceExisting(name: string, value: string) =
+      if cgetenv(name) != nil:
+        discard csetenv(name, value, 1)
+
+    replaceExisting("USER", user.name)
+    replaceExisting("USERNAME", user.name)
+    replaceExisting("LOGNAME", user.name)
+    replaceExisting("HOME", user.home)
+    replaceExisting("SHELL", user.shell)
+
+    discard cunsetenv("SUDO_COMMAND")
+    discard cunsetenv("SUDO_USER")
+    discard cunsetenv("SUDO_UID")
+    discard cunsetenv("SUDO_GID")
+    discard cunsetenv("PKEXEC_UID")
 
 proc toString*[T](arr: array[T, char], length: Option[int]): string =
   var workLength = length.get(T.high + 1)