如何通过 libc::getgroups 为用户获取群组?

How do I get groups for a user via libc::getgroups? 

extern crate libc;

fn example(guid: u32) {
    unsafe {
        let ruid = libc::getuid();
        libc::seteuid(guid);
        let mut v = vec![0; 0];
        let num_groups = libc::getgroups(0, v.as_mut_ptr());
        let mut groups = Vec::with_capacity(num_groups as usize);
        libc::getgroups(num_groups, groups.as_mut_ptr());
        println!(
            "real user id {} as user id {}, as user groups {:?}, numgroups {}",
            &ruid, &guid, &groups, &num_groups
        );
    }
}

这会打印

real user id 1000 as user id 1000, as user groups [], numgroups 9

我的假设是它会显示一个包含 9 个组的向量。

您需要通过添加虚拟元素来更改 groups 的大小,而不仅仅是其容量。像这样:

unsafe {
    let ruid = libc::getuid();
    let guid = libc::getgid();
    let num_groups = libc::getgroups(0, ::std::ptr::null_mut());
    let mut groups = vec![0; num_groups as usize];
    libc::getgroups(num_groups, groups.as_mut_ptr());
    println!(
        "real user id {} as user id {}, as user groups {:?}, numgroups {}",
        &ruid, &guid, &groups, &num_groups
    );
}

  • None 您的代码检查错误! seteuidgetgroups 可以 失败 但您的代码忽略了这种可能性。您正在尝试调试失败,但甚至没有花时间检查您调用的函数是否成功。

  • 传入v.as_mut_ptr()时要非常小心。一个空的 Vec 而不是 有一个 NULL 指针。在这种情况下没问题,因为手册页说它只关心计数。

  • 您不处理第一次和第二次调用之间组数大小发生变化的情况。

  • .

除此之外,由于您只将 u32 存储在 Vec 中,您可以通过相应地调整大小和容量来避免用虚拟值填充它:

extern crate libc;

#[derive(Debug)]
struct Info {
    guid: u32,
    ruid: u32,
    groups: Vec<u32>,
    num_groups: usize,
}

fn example(guid: u32) -> Info {
    unsafe {
        let ruid = libc::getuid();
        if -1 == libc::seteuid(guid) {
            panic!("seteuid")
        }

        let mut groups = Vec::new();
        let mut attempts = 0;
        loop {
            let num_groups = libc::getgroups(groups.capacity() as i32, groups.as_mut_ptr());
            if -1 == num_groups {
                panic!("getgroups")
            }

            let num_groups = num_groups as usize;

            if num_groups <= groups.capacity() {
                groups.set_len(num_groups);
                return Info {
                    guid,
                    ruid,
                    groups,
                    num_groups,
                };
            }

            groups.reserve_exact(num_groups);

            attempts += 1;
            if attempts >= 3 {
                panic!("Unstable amount of groups")
            }
        }
    }
}

fn main() {
    println!("{:?}", example(unsafe { libc::getuid() }));
}

但是,我不会重写所有这些,我会依赖现有的工作。 nix crate 提供了很好的包装器:

extern crate nix;

use nix::unistd::{self, Uid};
use std::u32;

fn example(guid: Uid) -> nix::Result<()> {
    let ruid = unistd::getuid();
    let no_change = Uid::from_raw(u32::MAX);
    unistd::setresuid(no_change, guid, no_change)?;
    let groups = nix::unistd::getgroups()?;

    println!(
        "real user id {} as user id {}, as user groups {:?}",
        ruid, guid, groups
    );

    Ok(())
}

fn main() {
    println!("{:?}", example(Uid::current()));
}