1
// SPDX-FileCopyrightText: Copyright The Lima Authors
2
// SPDX-License-Identifier: Apache-2.0
3

4
package main
5

6
import (
7
	"context"
8
	"errors"
9
	"fmt"
10
	"io"
11

12
	"github.com/sirupsen/logrus"
13
	"github.com/spf13/cobra"
14

15
	"github.com/lima-vm/lima/v2/pkg/networks"
16
)
17

18
func sudoersAction(cmd *cobra.Command, args []string) error {
19
	ctx := cmd.Context()
20
	nwCfg, err := networks.LoadConfig()
21
	if err != nil {
22
		return err
23
	}
24
	// Make sure the current network configuration is secure
25
	if err := nwCfg.Validate(); err != nil {
26
		logrus.Infof("Please check %s for more information.", socketVMNetURL)
27
		return err
28
	}
29
	check, err := cmd.Flags().GetBool("check")
30
	if err != nil {
31
		return err
32
	}
33
	if check {
34
		return verifySudoAccess(ctx, nwCfg, args, cmd.OutOrStdout())
35
	}
36
	switch len(args) {
37
	case 0:
38
		// NOP
39
	case 1:
40
		return errors.New("the file argument can be specified only for --check mode")
41
	default:
42
		return fmt.Errorf("unexpected arguments %v", args)
43
	}
44
	sudoers, err := networks.Sudoers()
45
	if err != nil {
46
		return err
47
	}
48
	fmt.Fprint(cmd.OutOrStdout(), sudoers)
49
	return nil
50
}
51

52
func verifySudoAccess(ctx context.Context, nwCfg networks.Config, args []string, stdout io.Writer) error {
53
	var file string
54
	switch len(args) {
55
	case 0:
56
		file = nwCfg.Paths.Sudoers
57
		if file == "" {
58
			cfgFile, _ := networks.ConfigFile()
59
			return fmt.Errorf("no sudoers file defined in %q", cfgFile)
60
		}
61
	case 1:
62
		file = args[0]
63
	default:
64
		return errors.New("can check only a single sudoers file")
65
	}
66
	if err := nwCfg.VerifySudoAccess(ctx, file); err != nil {
67
		return err
68
	}
69
	fmt.Fprintf(stdout, "%q is up-to-date (or sudo doesn't require a password)\n", file)
70
	return nil
71
}
72

73