diff --git a/src/shadow-core/src/lib.rs b/src/shadow-core/src/lib.rs index 773373f..a16c6a7 100644 --- a/src/shadow-core/src/lib.rs +++ b/src/shadow-core/src/lib.rs @@ -10,6 +10,7 @@ pub mod cli; pub mod error; +pub mod os_error; pub mod passwd; pub mod validate; diff --git a/src/shadow-core/src/os_error.rs b/src/shadow-core/src/os_error.rs new file mode 100644 index 0000000..bc70ae1 --- /dev/null +++ b/src/shadow-core/src/os_error.rs @@ -0,0 +1,44 @@ +// This file is part of the shadow-rs package. +// +// For the full copyright and license information, please view the LICENSE +// file that was distributed with this source code. + +//! Error text sourced from the operating system instead of hardcoded. +//! +//! Wording for conditions that map to a libc `errno` is taken from +//! `strerror` (via [`std::io::Error`]) rather than carried as a string +//! literal in our tree. This keeps the text matching the host OS and lets +//! glibc translate it on localized systems — the same way GNU coreutils +//! renders system errors (e.g. `cat: /tmp: Is a directory`). See issue #159. + +/// The operating system's message for a raw `errno`. +/// +/// For example `EACCES` renders as "Permission denied" on English locales +/// and the translated equivalent elsewhere. On targets whose libc does not +/// translate (musl), this is the untranslated English text. +#[must_use] +pub fn strerror(errno: i32) -> String { + std::io::Error::from_raw_os_error(errno).to_string() +} + +/// The OS message for `EACCES` ("Permission denied"), sourced from libc. +#[must_use] +pub fn permission_denied() -> String { + strerror(libc::EACCES) +} + +#[cfg(test)] +mod tests { + use super::*; + + #[test] + fn permission_denied_is_nonempty_and_os_sourced() { + // We assert the shape, not the exact text: the wording comes from the + // host libc and may be localized, so hardcoding it would defeat the + // purpose of this module. + let msg = permission_denied(); + assert!(!msg.is_empty()); + // Same value libc would give for EACCES directly. + assert_eq!(msg, strerror(libc::EACCES)); + } +} diff --git a/src/uu/chage/src/chage.rs b/src/uu/chage/src/chage.rs index cdaff08..801fca3 100644 --- a/src/uu/chage/src/chage.rs +++ b/src/uu/chage/src/chage.rs @@ -274,7 +274,10 @@ pub fn uumain(args: impl uucore::Args) -> UResult<()> { let current_user = shadow_core::hardening::current_username() .map_err(|e| ChageError::UnexpectedFailure(e.to_string()))?; if current_user != *login { - return Err(ChageError::PermissionDenied("Permission denied.".into()).into()); + return Err(ChageError::PermissionDenied( + shadow_core::os_error::permission_denied(), + ) + .into()); } } return cmd_list(&root, login); @@ -282,7 +285,9 @@ pub fn uumain(args: impl uucore::Args) -> UResult<()> { // All modification flags require root. if !shadow_core::hardening::caller_is_root() { - return Err(ChageError::PermissionDenied("Permission denied.".into()).into()); + return Err( + ChageError::PermissionDenied(shadow_core::os_error::permission_denied()).into(), + ); } if !has_modifications { diff --git a/src/uu/chpasswd/src/chpasswd.rs b/src/uu/chpasswd/src/chpasswd.rs index c1f6b0c..6e58be5 100644 --- a/src/uu/chpasswd/src/chpasswd.rs +++ b/src/uu/chpasswd/src/chpasswd.rs @@ -186,7 +186,9 @@ pub fn uumain(args: impl uucore::Args) -> UResult<()> { // chpasswd always requires root. if !shadow_core::hardening::caller_is_root() { - return Err(ChpasswdError::PermissionDenied("Permission denied.".into()).into()); + return Err( + ChpasswdError::PermissionDenied(shadow_core::os_error::permission_denied()).into(), + ); } let is_encrypted = matches.get_flag(options::ENCRYPTED); diff --git a/src/uu/groupadd/src/groupadd.rs b/src/uu/groupadd/src/groupadd.rs index a65644c..d83ed41 100644 --- a/src/uu/groupadd/src/groupadd.rs +++ b/src/uu/groupadd/src/groupadd.rs @@ -109,7 +109,7 @@ pub fn uumain(args: impl uucore::Args) -> UResult<()> { }; if !shadow_core::hardening::caller_is_root() { - uucore::show_error!("Permission denied."); + uucore::show_error!("{}", shadow_core::os_error::permission_denied()); return Err(GroupaddError::AlreadyPrinted(1).into()); } diff --git a/src/uu/groupdel/src/groupdel.rs b/src/uu/groupdel/src/groupdel.rs index 39d7c83..32a7da2 100644 --- a/src/uu/groupdel/src/groupdel.rs +++ b/src/uu/groupdel/src/groupdel.rs @@ -97,7 +97,7 @@ pub fn uumain(args: impl uucore::Args) -> UResult<()> { }; if !shadow_core::hardening::caller_is_root() { - uucore::show_error!("Permission denied."); + uucore::show_error!("{}", shadow_core::os_error::permission_denied()); return Err(GroupdelError::AlreadyPrinted(1).into()); } diff --git a/src/uu/groupmod/src/groupmod.rs b/src/uu/groupmod/src/groupmod.rs index dc7d337..0f326cb 100644 --- a/src/uu/groupmod/src/groupmod.rs +++ b/src/uu/groupmod/src/groupmod.rs @@ -109,7 +109,7 @@ pub fn uumain(args: impl uucore::Args) -> UResult<()> { }; if !shadow_core::hardening::caller_is_root() { - uucore::show_error!("Permission denied."); + uucore::show_error!("{}", shadow_core::os_error::permission_denied()); return Err(GroupmodError::AlreadyPrinted(1).into()); } diff --git a/src/uu/passwd/src/passwd.rs b/src/uu/passwd/src/passwd.rs index cafcf92..d3f3fd2 100644 --- a/src/uu/passwd/src/passwd.rs +++ b/src/uu/passwd/src/passwd.rs @@ -188,12 +188,18 @@ pub fn uumain(args: impl uucore::Args) -> UResult<()> { // Non-root users can only view their own status. if !shadow_core::hardening::caller_is_root() { if show_all { - return Err(PasswdError::PermissionDenied("Permission denied.".into()).into()); + return Err(PasswdError::PermissionDenied( + shadow_core::os_error::permission_denied(), + ) + .into()); } let current_user = shadow_core::hardening::current_username() .map_err(|e| PasswdError::UnexpectedFailure(e.to_string()))?; if current_user != target_user { - return Err(PasswdError::PermissionDenied("Permission denied.".into()).into()); + return Err(PasswdError::PermissionDenied( + shadow_core::os_error::permission_denied(), + ) + .into()); } } @@ -218,7 +224,9 @@ pub fn uumain(args: impl uucore::Args) -> UResult<()> { // caller to be root. Non-root users can only change their own password // (the default PAM path below). if (has_mutation || has_aging) && !shadow_core::hardening::caller_is_root() { - return Err(PasswdError::PermissionDenied("Permission denied.".into()).into()); + return Err( + PasswdError::PermissionDenied(shadow_core::os_error::permission_denied()).into(), + ); } // When a mutation flag and aging flags are both present, apply both in a diff --git a/src/uu/useradd/src/useradd.rs b/src/uu/useradd/src/useradd.rs index 4ce7a13..c6f1b9c 100644 --- a/src/uu/useradd/src/useradd.rs +++ b/src/uu/useradd/src/useradd.rs @@ -290,7 +290,7 @@ pub fn uumain(args: impl uucore::Args) -> UResult<()> { // Only root can add users. if !shadow_core::hardening::caller_is_root() { - uucore::show_error!("Permission denied."); + uucore::show_error!("{}", shadow_core::os_error::permission_denied()); return Err(UseraddError::AlreadyPrinted(1).into()); } diff --git a/src/uu/userdel/src/userdel.rs b/src/uu/userdel/src/userdel.rs index b676b4e..a00ddce 100644 --- a/src/uu/userdel/src/userdel.rs +++ b/src/uu/userdel/src/userdel.rs @@ -97,7 +97,9 @@ pub fn uumain(args: impl uucore::Args) -> UResult<()> { // Must be root. if !rustix::process::getuid().is_root() { - return Err(UserdelError::CantUpdatePasswd("Permission denied.".into()).into()); + return Err( + UserdelError::CantUpdatePasswd(shadow_core::os_error::permission_denied()).into(), + ); } // Read the user's home directory and UID from /etc/passwd BEFORE removing diff --git a/src/uu/usermod/src/usermod.rs b/src/uu/usermod/src/usermod.rs index 87d12fd..cb8d13f 100644 --- a/src/uu/usermod/src/usermod.rs +++ b/src/uu/usermod/src/usermod.rs @@ -99,7 +99,7 @@ pub fn uumain(args: impl uucore::Args) -> UResult<()> { let root = SysRoot::new(prefix); if !rustix::process::getuid().is_root() { - return Err(UsermodError::CantUpdate("Permission denied.".into()).into()); + return Err(UsermodError::CantUpdate(shadow_core::os_error::permission_denied()).into()); } // Block signals for the passwd lock→write critical section only.