make visudo response reader use BufRead::Lines

and accept "y" as a universal affirmative response

Author: squell

po/sudo-rs.pot

@@ -325,12 +325,12 @@ msgstr ""
 msgid "sudoedit: truncate {path} to zero? (y/n) [n] "
 msgstr ""
 
-#: src/sudo/edit.rs:314
+#: src/sudo/edit.rs:319
 #, rust-format
 msgid "not overwriting {path}"
 msgstr ""
 
-#: src/sudo/edit.rs:318 src/sudo/edit.rs:327
+#: src/sudo/edit.rs:323 src/sudo/edit.rs:332
 #, rust-format
 msgid "failed to write data to parent: {error}"
 msgstr ""
@@ -392,6 +392,12 @@ msgid ""
 "  --                            stop processing command line arguments"
 msgstr ""
 
+#: src/sudo/cli/mod.rs:210 src/sudo/cli/mod.rs:275 src/sudo/cli/mod.rs:347
+#: src/sudo/cli/mod.rs:433 src/sudo/cli/mod.rs:446 src/sudo/cli/mod.rs:846
+#, rust-format
+msgid "{context} cannot be used together with {option}"
+msgstr ""
+
 #: src/sudo/cli/mod.rs:284
 msgid "must specify at least one file path"
 msgstr ""
@@ -443,12 +449,6 @@ msgstr ""
 msgid "sudoedit doesn't need to be run via sudo"
 msgstr ""
 
-#: src/sudo/cli/mod.rs:210 src/sudo/cli/mod.rs:275 src/sudo/cli/mod.rs:347
-#: src/sudo/cli/mod.rs:433 src/sudo/cli/mod.rs:446 src/sudo/cli/mod.rs:846
-#, rust-format
-msgid "{context} cannot be used together with {option}"
-msgstr ""
-
 #: src/sudo/cli/mod.rs:897
 msgid "command"
 msgstr ""

src/sudo/edit.rs

@@ -299,17 +299,22 @@ fn handle_child_inner(editor: &Path, mut files: Vec<ChildFileInfo<'_>>) -> Resul
         // If the file has been changed to be empty, ask the user what to do.
         if new_data.is_empty() && new_data != file.old_data {
             // TRANSLATORS: the initial letters of 'yes' and 'no' responses, in that order
-            let answers = xlat!("yn").as_bytes().get(..2).unwrap_or(b"yn");
+            let answers = xlat!("yn");
 
             match crate::visudo::ask_response(
-                xlat!(
+                &xlat!(
                     "sudoedit: truncate {path} to zero? (y/n) [n] ",
                     path = file.path.display()
-                )
-                .as_bytes(),
+                ),
                 answers,
+                answers
+                    .chars()
+                    .last()
+                    .expect("translation files are corrupted"),
             ) {
-                Ok(val) if val == answers[0] => {}
+                Ok(val) if answers.starts_with(val) => {}
+                // a fallback: also accept 'yes' based on Debian's apt behaviour
+                Ok('y') if !answers.contains('y') => {}
                 _ => {
                     user_info!("not overwriting {path}", path = file.path.display());
 

src/visudo/mod.rs

@@ -6,7 +6,7 @@ mod help;
 use std::{
     env, ffi,
     fs::{File, Permissions},
-    io::{self, Read, Seek, Write},
+    io::{self, BufRead, Read, Seek, Write},
     os::unix::prelude::{MetadataExt, PermissionsExt},
     path::{Path, PathBuf},
     process::Command,
@@ -318,8 +318,12 @@ fn edit_sudoers_file(
 
             writeln!(stderr)?;
 
-            match ask_response(b"What now? e(x)it without saving / (e)dit again: ", b"xe")? {
-                b'x' => return Ok(()),
+            match ask_response(
+                "What now? e(x)it without saving / (e)dit again: ",
+                "xe",
+                'x',
+            )? {
+                'x' => return Ok(()),
                 _ => continue,
             }
         } else {
@@ -329,11 +333,12 @@ fn edit_sudoers_file(
                     "It looks like you have removed your ability to run 'sudo visudo' again.\n"
                 )?;
                 match ask_response(
-                    b"What now? e(x)it without saving / (e)dit again / lock me out and (S)ave: ",
-                    b"xeS",
+                    "What now? e(x)it without saving / (e)dit again / lock me out and (S)ave: ",
+                    "xeS",
+                    'x',
                 )? {
-                    b'x' => return Ok(()),
-                    b'S' => {}
+                    'x' => return Ok(()),
+                    'S' => {}
                     _ => continue,
                 }
             }
@@ -384,42 +389,40 @@ fn sudo_visudo_is_allowed(mut sudoers: Sudoers, host_name: &Hostname) -> Option<
     ))
 }
 
-// Make sure that the first valid response is the "safest" choice
-pub(crate) fn ask_response(prompt: &[u8], valid_responses: &[u8]) -> io::Result<u8> {
+// This will panic if valid_responses is empty.
+pub(crate) fn ask_response(
+    prompt: &str,
+    valid_responses: &str,
+    safe_choice: char,
+) -> io::Result<char> {
     let stdin = io::stdin();
     let stdout = io::stdout();
     let mut stderr = io::stderr();
 
-    let mut stdin_handle = stdin.lock();
+    let stdin_handle = stdin.lock();
     let mut stdout_handle = stdout.lock();
 
+    let mut lines = stdin_handle.lines();
+
     loop {
-        stdout_handle.write_all(prompt)?;
+        stdout_handle.write_all(prompt.as_bytes())?;
         stdout_handle.flush()?;
 
-        let mut input = [0u8];
-        if let Err(err) = stdin_handle.read_exact(&mut input) {
-            writeln!(stderr, "visudo: cannot read user input: {err}")?;
-            return Ok(valid_responses[0]);
-        }
-
-        // read the trailing newline
-        loop {
-            let mut skipped = [0u8];
-            match stdin_handle.read_exact(&mut skipped) {
-                Ok(()) if &skipped != b"\n" => continue,
-                _ => break,
+        match lines.next() {
+            Some(Ok(answer))
+                if answer
+                    .chars()
+                    .next()
+                    .is_some_and(|input| valid_responses.contains(input)) =>
+            {
+                return Ok(answer.chars().next().unwrap());
+            }
+            Some(Ok(answer)) => writeln!(stderr, "Invalid option: '{answer}'\n",)?,
+            Some(Err(err)) => writeln!(stderr, "Invalid response: {err}\n",)?,
+            None => {
+                writeln!(stderr, "visudo: cannot read user input")?;
+                return Ok(safe_choice);
             }
-        }
-
-        if valid_responses.contains(&input[0]) {
-            return Ok(input[0]);
-        } else {
-            writeln!(
-                stderr,
-                "Invalid option: '{}'\n",
-                str::from_utf8(&input).unwrap_or("<INVALID>")
-            )?;
         }
     }
 }