From 8011fe8a582bd3c018a98e0e2c08f65233bcf0fc Mon Sep 17 00:00:00 2001 From: Oliver Kiddle Date: Sun, 11 Sep 2016 13:22:35 +0200 Subject: 39261 (tweaked cf. Daniel: 39275): don't unconditionally elevate privileges with sudo in completion functions A new gain-privileges style enables it and a _comp_priv_prefix array added for tracking how to match privileges for the current command --- Completion/Unix/Command/_sudo | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) (limited to 'Completion/Unix/Command/_sudo') diff --git a/Completion/Unix/Command/_sudo b/Completion/Unix/Command/_sudo index 63ac37f62..21b1ef4c6 100644 --- a/Completion/Unix/Command/_sudo +++ b/Completion/Unix/Command/_sudo @@ -48,7 +48,7 @@ else '(-H --set-home -i --login -s --shell -e --edit)'{-H,--set-home}"[set HOME variable to target user's home dir]" \ '(-P --preserve-groups -i -login -s --shell -e --edit)'{-P,--preserve-groups}"[preserve group vector instead of setting to target's]" \ '(-)1:command: _command_names -e' - '*::arguments: _normal' + '*::arguments:{ _comp_priv_prefix=( $words[1] -n ${(kv)opt_args[(I)(-[ugHEP]|--(user|group|set-home|preserve-env|preserve-groups))]} ) ; _normal }' ) fi -- cgit v1.2.3 From b870ff85a0bcda9d38a734aa86bb6aee3d76983e Mon Sep 17 00:00:00 2001 From: Oliver Kiddle Date: Fri, 16 Sep 2016 00:05:10 +0200 Subject: 39333: include name of command used to gain priviliges in context for command and gain-priviliges styles --- ChangeLog | 5 +++++ Completion/Base/Utility/_call_program | 9 ++++++--- Completion/Solaris/Command/_pfexec | 2 +- Completion/Unix/Command/_sudo | 5 +++-- Doc/Zsh/compsys.yo | 4 +++- 5 files changed, 18 insertions(+), 7 deletions(-) (limited to 'Completion/Unix/Command/_sudo') diff --git a/ChangeLog b/ChangeLog index f54d78ca3..0faf7b9ca 100644 --- a/ChangeLog +++ b/ChangeLog @@ -1,5 +1,10 @@ 2016-09-15 Oliver Kiddle + * 39333: Completion/Base/Utility/_call_program, + Doc/Zsh/compsys.yo, Completion/Solaris/Command/_pfexec, + Completion/Unix/Command/_sudo: include name of command used to + gain priviliges in context for command and gain-priviliges styles + * 39332: Doc/Zsh/cond.yo, Src/cond.c, Src/params.c, Src/parse.c, Completion/Zsh/Context/_condition, Test/C02cond.ztst: support ksh's [[ -v varname ]] condition for checking if variables are set diff --git a/Completion/Base/Utility/_call_program b/Completion/Base/Utility/_call_program index 95c761e65..9a44f2d8e 100644 --- a/Completion/Base/Utility/_call_program +++ b/Completion/Base/Utility/_call_program @@ -1,12 +1,15 @@ #autoload +X -local tmp err_fd=-1 +local curcontext="${curcontext}" tmp err_fd=-1 local -a prefix if [[ "$1" = -p ]]; then shift - zstyle -t ":completion:${curcontext}:${1}" gain-privileges && - prefix=( $_comp_priv_prefix ) + if (( $#_comp_priv_prefix )); then + curcontext="${curcontext%:*}/${${(@M)_comp_priv_prefix:#^*[^\\]=*}[1]}:" + zstyle -t ":completion:${curcontext}:${1}" gain-privileges && + prefix=( $_comp_priv_prefix ) + fi fi if (( ${debug_fd:--1} > 2 )) || [[ ! -t 2 ]] diff --git a/Completion/Solaris/Command/_pfexec b/Completion/Solaris/Command/_pfexec index 3f1f3e733..2afaf317b 100644 --- a/Completion/Solaris/Command/_pfexec +++ b/Completion/Solaris/Command/_pfexec @@ -25,7 +25,7 @@ _pfexec() { _arguments \ '-P[privileges to acquire]:privspec:_privset' \ '(-):command name: _command_names -e' \ - '*::arguments:{ _comp_priv_prefix=( $words[1] ${(kv)opt_args[-P]} ) ; _normal }' + '*::arguments:{ _comp_priv_prefix=( pfexec ${(kv)opt_args[-P]} ) ; _normal }' } _pfexec "$@" diff --git a/Completion/Unix/Command/_sudo b/Completion/Unix/Command/_sudo index 21b1ef4c6..0a212b723 100644 --- a/Completion/Unix/Command/_sudo +++ b/Completion/Unix/Command/_sudo @@ -2,7 +2,7 @@ setopt localoptions extended_glob -local environ e +local environ e cmd local -a args zstyle -a ":completion:${curcontext}:" environ environ @@ -39,6 +39,7 @@ args=( if [[ $service = sudoedit ]] || (( $words[(i)-e] < $words[(i)^(*sudo|-[^-]*)] )) ; then args=( -A "-*" $args '!(-V --version -h --help)-e' '*:file:_files' ) else + cmd="$words[1]" args+=( '(-e --edit 1 *)'{-e,--edit}'[edit files instead of running a command]' \ '(-s --shell)'{-s,--shell}'[run shell as the target user; a command may also be specified]' \ @@ -48,7 +49,7 @@ else '(-H --set-home -i --login -s --shell -e --edit)'{-H,--set-home}"[set HOME variable to target user's home dir]" \ '(-P --preserve-groups -i -login -s --shell -e --edit)'{-P,--preserve-groups}"[preserve group vector instead of setting to target's]" \ '(-)1:command: _command_names -e' - '*::arguments:{ _comp_priv_prefix=( $words[1] -n ${(kv)opt_args[(I)(-[ugHEP]|--(user|group|set-home|preserve-env|preserve-groups))]} ) ; _normal }' + '*::arguments:{ _comp_priv_prefix=( $cmd -n ${(kv)opt_args[(I)(-[ugHEP]|--(user|group|set-home|preserve-env|preserve-groups))]} ) ; _normal }' ) fi diff --git a/Doc/Zsh/compsys.yo b/Doc/Zsh/compsys.yo index cab665b1c..260ace4ac 100644 --- a/Doc/Zsh/compsys.yo +++ b/Doc/Zsh/compsys.yo @@ -4191,7 +4191,9 @@ output is influenced by the permissions it is run with. If the tt(gain-privileges) style is set to true, tt(_call_program) will make use of commands such as tt(sudo), if present on the command-line, to match the permissions to whatever the final command is likely to run -under. +under. When looking up the tt(gain-privileges) and tt(command) styles, +the command component of the zstyle context will end with a slash +(`tt(/)') followed by the command that would be used to gain privileges. ) findex(_combination) item(tt(_combination) [ tt(-s) var(pattern) ] var(tag) var(style) var(spec) ... var(field) var(opts) ...)( -- cgit v1.2.3 From 1955cceec79107b6571646b695d334df8e4a6cd8 Mon Sep 17 00:00:00 2001 From: Daniel Shahaf Date: Thu, 24 Nov 2016 07:02:11 +0000 Subject: 40011: Make $_comp_priv_prefix only declared when required, and use that to have chgrp offer all groups under doas, ssh, etc as well. --- ChangeLog | 8 ++++++++ Completion/Base/Core/_main_complete | 4 +++- Completion/Solaris/Command/_pfexec | 1 + Completion/Solaris/Command/_zlogin | 3 +-- Completion/Unix/Command/_chown | 4 ++-- Completion/Unix/Command/_doas | 1 + Completion/Unix/Command/_sudo | 1 + 7 files changed, 17 insertions(+), 5 deletions(-) (limited to 'Completion/Unix/Command/_sudo') diff --git a/ChangeLog b/ChangeLog index 53dcc07de..1c0d3673c 100644 --- a/ChangeLog +++ b/ChangeLog @@ -1,5 +1,13 @@ 2016-11-28 Daniel Shahaf + * 40011: Completion/Base/Core/_main_complete, + Completion/Solaris/Command/_pfexec, + Completion/Solaris/Command/_zlogin, + Completion/Unix/Command/_chown, Completion/Unix/Command/_doas, + Completion/Unix/Command/_sudo: Make $_comp_priv_prefix only + declared when required, and use that to have chgrp offer all + groups under doas, ssh, etc as well. + * 40010: Src/builtin.c, Test/A02alias.ztst: builtins: Say 'bad option: +x', not 'bad option: -x', when +x was passed. diff --git a/Completion/Base/Core/_main_complete b/Completion/Base/Core/_main_complete index c292ce7d7..aa2486236 100644 --- a/Completion/Base/Core/_main_complete +++ b/Completion/Base/Core/_main_complete @@ -38,7 +38,9 @@ local func funcs ret=1 tmp _compskip format nm call match min max i num\ _saved_colors="$ZLS_COLORS" \ _saved_colors_set=${+ZLS_COLORS} \ _ambiguous_color='' -local -a _comp_priv_prefix +# Hide any '_comp_priv_prefix' variable that happens to be defined in the calling scope. +local _comp_priv_prefix +unset _comp_priv_prefix # _precommand sets this to indicate we are following a precommand modifier local -a precommands diff --git a/Completion/Solaris/Command/_pfexec b/Completion/Solaris/Command/_pfexec index 2afaf317b..2519c3cdc 100644 --- a/Completion/Solaris/Command/_pfexec +++ b/Completion/Solaris/Command/_pfexec @@ -22,6 +22,7 @@ _privset() { } _pfexec() { + local -a _comp_priv_prefix _arguments \ '-P[privileges to acquire]:privspec:_privset' \ '(-):command name: _command_names -e' \ diff --git a/Completion/Solaris/Command/_zlogin b/Completion/Solaris/Command/_zlogin index 065f55b03..74cbafe82 100644 --- a/Completion/Solaris/Command/_zlogin +++ b/Completion/Solaris/Command/_zlogin @@ -1,9 +1,8 @@ #compdef zlogin # Synced with the Nevada build 162 man page -local -a _comp_priv_prefix - _zlogin() { + local -a _comp_priv_prefix _arguments -s \ '-E[Disable escape character]' \ '-e[Specify escape character]:character:' \ diff --git a/Completion/Unix/Command/_chown b/Completion/Unix/Command/_chown index 641b5a773..5750c65ab 100644 --- a/Completion/Unix/Command/_chown +++ b/Completion/Unix/Command/_chown @@ -45,8 +45,8 @@ _arguments -C -s "$args[@]" '*:files:->files' && ret=0 case $state in owner) if [[ $service = chgrp ]] || compset -P '*[:.]'; then - if (( EGID && $+commands[groups] && ! $+funcstack[(r)_sudo] )); then # except for root - _wanted groups expl 'group' compadd $(groups) && return 0 + if (( EGID && $+commands[groups] && ! $+_comp_priv_prefix )); then # except for sudo + _wanted groups expl 'group' compadd -- $(groups) && return 0 fi _groups && ret=0 else diff --git a/Completion/Unix/Command/_doas b/Completion/Unix/Command/_doas index b36388ead..94395557c 100644 --- a/Completion/Unix/Command/_doas +++ b/Completion/Unix/Command/_doas @@ -1,6 +1,7 @@ #compdef doas local environ e cmd +local -a _comp_priv_prefix zstyle -a ":completion:${curcontext}:" environ environ diff --git a/Completion/Unix/Command/_sudo b/Completion/Unix/Command/_sudo index 0a212b723..aa7a1a498 100644 --- a/Completion/Unix/Command/_sudo +++ b/Completion/Unix/Command/_sudo @@ -4,6 +4,7 @@ setopt localoptions extended_glob local environ e cmd local -a args +local -a _comp_priv_prefix zstyle -a ":completion:${curcontext}:" environ environ -- cgit v1.2.3