From 06d8d36bd25932ee14261075fa9f44ea4d5ebf99 Mon Sep 17 00:00:00 2001 From: LeChatP Date: Wed, 1 Jan 2025 11:28:56 +0100 Subject: [PATCH 1/7] fix: do not skip extra field in install --- xtask/src/util.rs | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/xtask/src/util.rs b/xtask/src/util.rs index f5ac188..802fe05 100644 --- a/xtask/src/util.rs +++ b/xtask/src/util.rs @@ -61,7 +61,7 @@ pub const RED: &str = "\x1B[31m"; pub struct SettingsFile { pub storage: Settings, #[serde(default)] - #[serde(flatten, skip)] + #[serde(flatten)] pub _extra_fields: Value, } From 713c930b37dc7d4b4c3815c2a226eccc2e783e75 Mon Sep 17 00:00:00 2001 From: LeChatP Date: Wed, 1 Jan 2025 11:39:02 +0100 Subject: [PATCH 2/7] fix: saving modification --- xtask/src/configure.rs | 6 ++++-- 1 file changed, 4 insertions(+), 2 deletions(-) diff --git a/xtask/src/configure.rs b/xtask/src/configure.rs index f15242e..c896e27 100644 --- a/xtask/src/configure.rs +++ b/xtask/src/configure.rs @@ -51,6 +51,7 @@ fn is_running_in_container() -> bool { pub fn check_filesystem() -> io::Result<()> { let config = BufReader::new(File::open(ROOTASROLE)?); let mut config: SettingsFile = serde_json::from_reader(config)?; + // Get the filesystem type if let Some(fs_type) = get_filesystem_type(ROOTASROLE)? { match fs_type.as_str() { @@ -72,6 +73,7 @@ pub fn check_filesystem() -> io::Result<()> { info!("Failed to get filesystem type, removing immutable flag"); } set_immutable(&mut config, false); + File::create(ROOTASROLE)?.write_all(serde_json::to_string_pretty(&config)?.as_bytes())?; Ok(()) } @@ -89,9 +91,9 @@ fn set_immutable(config: &mut SettingsFile, value: bool) { .unwrap() .get_mut("roles") .unwrap() - .as_object_mut() + .as_array_mut() .unwrap(); - for role in roles.values_mut() { + for role in roles { let tasks = role.as_object_mut().unwrap().get_mut("tasks"); if let Some(tasks) = tasks { for task in tasks.as_array_mut().unwrap() { From d502b26981ab2d2e87db80aee764209953a61bfd Mon Sep 17 00:00:00 2001 From: LeChatP Date: Wed, 1 Jan 2025 12:24:26 +0100 Subject: [PATCH 3/7] Refactor logging statements to use log crate instead of tracing crate --- rar-common/src/database/mod.rs | 15 +- rar-common/src/lib.rs | 4 +- src/chsr/cli/mod.rs | 322 +++++++++++++++++++-------------- src/chsr/main.rs | 2 +- src/sr/main.rs | 2 +- 5 files changed, 194 insertions(+), 151 deletions(-) diff --git a/rar-common/src/database/mod.rs b/rar-common/src/database/mod.rs index 9372553..dbcc4d3 100644 --- a/rar-common/src/database/mod.rs +++ b/rar-common/src/database/mod.rs @@ -1,3 +1,4 @@ +use std::path::Path; use std::{cell::RefCell, error::Error, rc::Rc}; use crate::save_settings; @@ -36,25 +37,23 @@ pub fn make_weak_config(config: &Rc>) { } } -pub fn read_json_config( +pub fn read_json_config>( settings: Rc>, + settings_path: P, ) -> Result>, Box> { let default_remote: RemoteStorageSettings = RemoteStorageSettings::default(); - let default = &ROOTASROLE.into(); let binding = settings.as_ref().borrow(); let path = binding .storage .settings .as_ref() .unwrap_or(&default_remote) - .path - .as_ref() - .unwrap_or(default); - if path == default { + .path.as_ref(); + if path.is_none() || path.is_some_and(|p| p == settings_path.as_ref()) { make_weak_config(&settings.as_ref().borrow().config); - Ok(settings.as_ref().borrow().config.clone()) + return Ok(settings.as_ref().borrow().config.clone()); } else { - let file = open_with_privileges(path)?; + let file = open_with_privileges(path.unwrap())?; warn_if_mutable( &file, settings diff --git a/rar-common/src/lib.rs b/rar-common/src/lib.rs index db757d0..8ae9490 100644 --- a/rar-common/src/lib.rs +++ b/rar-common/src/lib.rs @@ -183,7 +183,7 @@ impl Default for Settings { fn default() -> Self { Self { method: StorageMethod::JSON, - settings: Some(RemoteStorageSettings::default()), + settings: None, ldap: None, } } @@ -193,7 +193,7 @@ impl Default for RemoteStorageSettings { fn default() -> Self { Self { immutable: None, - path: Some(ROOTASROLE.into()), + path: None, host: None, port: None, auth: None, diff --git a/src/chsr/cli/mod.rs b/src/chsr/cli/mod.rs index 3459b3f..63ac2de 100644 --- a/src/chsr/cli/mod.rs +++ b/src/chsr/cli/mod.rs @@ -225,9 +225,10 @@ mod tests { #[test] fn test_all_main() { setup("all_main"); - let settings = get_settings(&format!("{}.{}", ROOTASROLE, "all_main")) + let path = format!("{}.{}", ROOTASROLE, "all_main"); + let settings = get_settings(&path) .expect("Failed to get settings"); - let config = read_json_config(settings.clone()).expect("Failed to read json"); + let config = read_json_config(settings.clone(), &path).expect("Failed to read json"); assert!(main(&Storage::JSON(config.clone()), vec!["--help"],) .inspect_err(|e| { error!("{}", e); @@ -237,7 +238,7 @@ mod tests { }) .is_ok_and(|b| !b)); assert!(main( - &Storage::JSON(read_json_config(settings.clone()).expect("Failed to read json")), + &Storage::JSON(read_json_config(settings.clone(), &path).expect("Failed to read json")), "r r1 create".split(" "), ) .inspect_err(|e| { @@ -248,7 +249,7 @@ mod tests { }) .is_ok_and(|b| b)); assert!(main( - &Storage::JSON(read_json_config(settings.clone()).expect("Failed to read json")), + &Storage::JSON(read_json_config(settings.clone(), &path).expect("Failed to read json")), "r complete delete".split(" "), ) .inspect_err(|e| { @@ -263,9 +264,10 @@ mod tests { #[test] fn test_r_complete_show_actors() { setup("r_complete_show_actors"); - let settings = get_settings(&format!("{}.{}", ROOTASROLE, "r_complete_show_actors")) + let path = format!("{}.{}", ROOTASROLE, "r_complete_show_actors"); + let settings = get_settings(&path) .expect("Failed to get settings"); - let config = read_json_config(settings.clone()).expect("Failed to read json"); + let config = read_json_config(settings.clone(), &path).expect("Failed to read json"); assert!(main( &Storage::JSON(config.clone()), "r complete show actors".split(" "), @@ -278,7 +280,7 @@ mod tests { }) .is_ok_and(|b| !b)); assert!(main( - &Storage::JSON(read_json_config(settings.clone()).expect("Failed to read json")), + &Storage::JSON(read_json_config(settings.clone(), &path).expect("Failed to read json")), "r complete show tasks".split(" "), ) .inspect_err(|e| { @@ -289,7 +291,7 @@ mod tests { }) .is_ok_and(|b| !b)); assert!(main( - &Storage::JSON(read_json_config(settings.clone()).expect("Failed to read json")), + &Storage::JSON(read_json_config(settings.clone(), &path).expect("Failed to read json")), "r complete show all".split(" "), ) .inspect_err(|e| { @@ -300,7 +302,7 @@ mod tests { }) .is_ok_and(|b| !b)); assert!(main( - &Storage::JSON(read_json_config(settings.clone()).expect("Failed to read json")), + &Storage::JSON(read_json_config(settings.clone(), &path).expect("Failed to read json")), "r complete purge actors".split(" "), ) .inspect_err(|e| { @@ -315,9 +317,10 @@ mod tests { #[test] fn test_purge_tasks() { setup("purge_tasks"); - let settings = get_settings(&format!("{}.{}", ROOTASROLE, "purge_tasks")) + let path = format!("{}.{}", ROOTASROLE, "purge_tasks"); + let settings = get_settings(&path) .expect("Failed to get settings"); - let config = read_json_config(settings.clone()).expect("Failed to read json"); + let config = read_json_config(settings.clone(), &path).expect("Failed to read json"); assert!(main( &Storage::JSON(config.clone()), "r complete purge tasks".split(" "), @@ -334,9 +337,10 @@ mod tests { #[test] fn test_r_complete_purge_all() { setup("r_complete_purge_all"); - let settings = get_settings(&format!("{}.{}", ROOTASROLE, "r_complete_purge_all")) + let path = format!("{}.{}", ROOTASROLE, "r_complete_purge_all"); + let settings = get_settings(&path) .expect("Failed to get settings"); - let config = read_json_config(settings.clone()).expect("Failed to read json"); + let config = read_json_config(settings.clone(), &path).expect("Failed to read json"); assert!(main( &Storage::JSON(config.clone()), "r complete purge all".split(" "), @@ -353,12 +357,13 @@ mod tests { #[test] fn test_r_complete_grant_u_user1_g_group1_g_group2_group3() { setup("r_complete_grant_u_user1_g_group1_g_group2_group3"); - let settings = get_settings(&format!( + let path = format!( "{}.{}", ROOTASROLE, "r_complete_grant_u_user1_g_group1_g_group2_group3" - )) + ); + let settings = get_settings(&path) .expect("Failed to get settings"); - let config = read_json_config(settings.clone()).expect("Failed to read json"); + let config = read_json_config(settings.clone(), &path).expect("Failed to read json"); assert!(main( &Storage::JSON(config.clone()), "r complete grant -u user1 -g group1 -g group2&group3".split(" "), @@ -416,12 +421,13 @@ mod tests { #[test] fn test_r_complete_task_t_complete_show_all() { setup("r_complete_task_t_complete_show_all"); - let settings = get_settings(&format!( + let path = format!( "{}.{}", ROOTASROLE, "r_complete_task_t_complete_show_all" - )) + ); + let settings = get_settings(&path) .expect("Failed to get settings"); - let config = read_json_config(settings.clone()).expect("Failed to read json"); + let config = read_json_config(settings.clone(), &path).expect("Failed to read json"); assert!(main( &Storage::JSON(config.clone()), "r complete task t_complete show all".split(" "), @@ -434,7 +440,7 @@ mod tests { }) .is_ok_and(|b| !b)); assert!(main( - &Storage::JSON(read_json_config(settings.clone()).expect("Failed to read json")), + &Storage::JSON(read_json_config(settings.clone(), &path).expect("Failed to read json")), "r complete task t_complete show cmd".split(" "), ) .inspect_err(|e| { @@ -445,7 +451,7 @@ mod tests { }) .is_ok_and(|b| !b)); assert!(main( - &Storage::JSON(read_json_config(settings.clone()).expect("Failed to read json")), + &Storage::JSON(read_json_config(settings.clone(), &path).expect("Failed to read json")), "r complete task t_complete show cred".split(" "), ) .inspect_err(|e| { @@ -456,7 +462,7 @@ mod tests { }) .is_ok_and(|b| !b)); assert!(main( - &Storage::JSON(read_json_config(settings.clone()).expect("Failed to read json")), + &Storage::JSON(read_json_config(settings.clone(), &path).expect("Failed to read json")), "r complete task t_complete purge all".split(" "), ) .inspect_err(|e| { @@ -471,12 +477,13 @@ mod tests { #[test] fn test_r_complete_task_t_complete_purge_cmd() { setup("r_complete_task_t_complete_purge_cmd"); - let settings = get_settings(&format!( + let path = format!( "{}.{}", ROOTASROLE, "r_complete_task_t_complete_purge_cmd" - )) + ); + let settings = get_settings(&path) .expect("Failed to get settings"); - let config = read_json_config(settings.clone()).expect("Failed to read json"); + let config = read_json_config(settings.clone(), &path).expect("Failed to read json"); assert!(main( &Storage::JSON(config.clone()), "r complete task t_complete purge cmd".split(" "), @@ -493,12 +500,13 @@ mod tests { #[test] fn test_r_complete_task_t_complete_purge_cred() { setup("r_complete_task_t_complete_purge_cred"); - let settings = get_settings(&format!( + let path = format!( "{}.{}", ROOTASROLE, "r_complete_task_t_complete_purge_cred" - )) + ); + let settings = get_settings(&path) .expect("Failed to get settings"); - let config = read_json_config(settings.clone()).expect("Failed to read json"); + let config = read_json_config(settings.clone(), &path).expect("Failed to read json"); assert!(main( &Storage::JSON(config.clone()), "r complete task t_complete purge cred".split(" "), @@ -511,12 +519,13 @@ mod tests { }) .is_ok_and(|b| b)); debug!("====="); - let settings = get_settings(&format!( + let path = format!( "{}.{}", ROOTASROLE, "r_complete_task_t_complete_purge_cred" - )) + ); + let settings = get_settings(&path) .expect("Failed to get settings"); - let config = read_json_config(settings.clone()).expect("Failed to read json"); + let config = read_json_config(settings.clone(), &path).expect("Failed to read json"); let task_count = config.as_ref().borrow()[0].as_ref().borrow().tasks.len(); assert!(main( &Storage::JSON(config.clone()), @@ -553,12 +562,13 @@ mod tests { #[test] fn test_r_complete_t_t_complete_cmd_setpolicy_deny_all() { setup("r_complete_t_t_complete_cmd_setpolicy_deny_all"); - let settings = get_settings(&format!( + let path = format!( "{}.{}", ROOTASROLE, "r_complete_t_t_complete_cmd_setpolicy_deny_all" - )) + ); + let settings = get_settings(&path) .expect("Failed to get settings"); - let config = read_json_config(settings.clone()).expect("Failed to read json"); + let config = read_json_config(settings.clone(), &path).expect("Failed to read json"); assert!(main( &Storage::JSON(config.clone()), "r complete t t_complete cmd setpolicy deny-all".split(" "), @@ -583,12 +593,13 @@ mod tests { #[test] fn test_r_complete_t_t_complete_cmd_setpolicy_allow_all() { setup("r_complete_t_t_complete_cmd_setpolicy_allow_all"); - let settings = get_settings(&format!( + let path = format!( "{}.{}", ROOTASROLE, "r_complete_t_t_complete_cmd_setpolicy_allow_all" - )) + ); + let settings = get_settings(&path) .expect("Failed to get settings"); - let config = read_json_config(settings.clone()).expect("Failed to read json"); + let config = read_json_config(settings.clone(), &path).expect("Failed to read json"); assert!(main( &Storage::JSON(config.clone()), "r complete t t_complete cmd setpolicy allow-all".split(" "), @@ -613,12 +624,13 @@ mod tests { #[test] fn test_r_complete_t_t_complete_cmd_whitelist_add_super_command_with_spaces() { setup("r_complete_t_t_complete_cmd_whitelist_add_super_command_with_spaces"); - let settings = get_settings(&format!( + let path = format!( "{}.{}", ROOTASROLE, "r_complete_t_t_complete_cmd_whitelist_add_super_command_with_spaces" - )) + ); + let settings = get_settings(&path) .expect("Failed to get settings"); - let config = read_json_config(settings.clone()).expect("Failed to read json"); + let config = read_json_config(settings.clone(), &path).expect("Failed to read json"); assert!(main( &Storage::JSON(config.clone()), "r complete t t_complete cmd whitelist add super command with spaces".split(" "), @@ -675,12 +687,13 @@ mod tests { #[test] fn test_r_complete_t_t_complete_cmd_blacklist_del_super_command_with_spaces() { setup("r_complete_t_t_complete_cmd_blacklist_del_super_command_with_spaces"); - let settings = get_settings(&format!( + let path = format!( "{}.{}", ROOTASROLE, "r_complete_t_t_complete_cmd_blacklist_del_super_command_with_spaces" - )) + ); + let settings = get_settings(&path) .expect("Failed to get settings"); - let config = read_json_config(settings.clone()).expect("Failed to read json"); + let config = read_json_config(settings.clone(), &path).expect("Failed to read json"); assert!(main( &Storage::JSON(config.clone()), vec![ @@ -716,8 +729,9 @@ mod tests { fn test_r_complete_t_t_complete_cred_set_caps_cap_dac_override_cap_sys_admin_cap_sys_boot_setuid_user1_setgid_group1_group2( ) { setup("r_complete_t_t_complete_cred_set_caps_cap_dac_override_cap_sys_admin_cap_sys_boot_setuid_user1_setgid_group1_group2"); - let settings = get_settings(&format!("{}.{}",ROOTASROLE,"r_complete_t_t_complete_cred_set_caps_cap_dac_override_cap_sys_admin_cap_sys_boot_setuid_user1_setgid_group1_group2")).expect("Failed to get settings"); - let config = read_json_config(settings.clone()).expect("Failed to read json"); + let path = format!("{}.{}",ROOTASROLE,"r_complete_t_t_complete_cred_set_caps_cap_dac_override_cap_sys_admin_cap_sys_boot_setuid_user1_setgid_group1_group2"); + let settings = get_settings(&path).expect("Failed to get settings"); + let config = read_json_config(settings.clone(), &path).expect("Failed to read json"); assert!(main(&Storage::JSON(config.clone()), "r complete t t_complete cred set --caps cap_dac_override,cap_sys_admin,cap_sys_boot --setuid user1 --setgid group1,group2".split(" "), ) .inspect_err(|e| { @@ -824,12 +838,13 @@ mod tests { #[test] fn test_r_complete_t_t_complete_cred_caps_setpolicy_deny_all() { setup("r_complete_t_t_complete_cred_caps_setpolicy_deny_all"); - let settings = get_settings(&format!( + let path = format!( "{}.{}", ROOTASROLE, "r_complete_t_t_complete_cred_caps_setpolicy_deny_all" - )) + ); + let settings = get_settings(&path) .expect("Failed to get settings"); - let config = read_json_config(settings.clone()).expect("Failed to read json"); + let config = read_json_config(settings.clone(), &path).expect("Failed to read json"); assert!(main( &Storage::JSON(config.clone()), "r complete t t_complete cred caps setpolicy deny-all".split(" "), @@ -857,12 +872,13 @@ mod tests { #[test] fn test_r_complete_t_t_complete_cred_caps_setpolicy_allow_all() { setup("r_complete_t_t_complete_cred_caps_setpolicy_allow_all"); - let settings = get_settings(&format!( + let path = format!( "{}.{}", ROOTASROLE, "r_complete_t_t_complete_cred_caps_setpolicy_allow_all" - )) + ); + let settings = get_settings(&path) .expect("Failed to get settings"); - let config = read_json_config(settings.clone()).expect("Failed to read json"); + let config = read_json_config(settings.clone(), &path).expect("Failed to read json"); assert!(main( &Storage::JSON(config.clone()), "r complete t t_complete cred caps setpolicy allow-all".split(" "), @@ -891,8 +907,9 @@ mod tests { fn test_r_complete_t_t_complete_cred_caps_whitelist_add_cap_dac_override_cap_sys_admin_cap_sys_boot( ) { setup("r_complete_t_t_complete_cred_caps_whitelist_add_cap_dac_override_cap_sys_admin_cap_sys_boot"); - let settings = get_settings(&format!("{}.{}",ROOTASROLE,"r_complete_t_t_complete_cred_caps_whitelist_add_cap_dac_override_cap_sys_admin_cap_sys_boot")).expect("Failed to get settings"); - let config = read_json_config(settings.clone()).expect("Failed to read json"); + let path = format!("{}.{}",ROOTASROLE,"r_complete_t_t_complete_cred_caps_whitelist_add_cap_dac_override_cap_sys_admin_cap_sys_boot"); + let settings = get_settings(&path).expect("Failed to get settings"); + let config = read_json_config(settings.clone(), &path).expect("Failed to read json"); assert!(main(&Storage::JSON(config.clone()), "r complete t t_complete cred caps whitelist add cap_dac_override cap_sys_admin cap_sys_boot".split(" ")) .inspect_err(|e| { error!("{}", e); @@ -934,8 +951,9 @@ mod tests { fn test_r_complete_t_t_complete_cred_caps_blacklist_add_cap_dac_override_cap_sys_admin_cap_sys_boot( ) { setup("r_complete_t_t_complete_cred_caps_blacklist_add_cap_dac_override_cap_sys_admin_cap_sys_boot"); - let settings = get_settings(&format!("{}.{}",ROOTASROLE,"r_complete_t_t_complete_cred_caps_blacklist_add_cap_dac_override_cap_sys_admin_cap_sys_boot")).expect("Failed to get settings"); - let config = read_json_config(settings.clone()).expect("Failed to read json"); + let path = format!("{}.{}",ROOTASROLE,"r_complete_t_t_complete_cred_caps_blacklist_add_cap_dac_override_cap_sys_admin_cap_sys_boot"); + let settings = get_settings(&path).expect("Failed to get settings"); + let config = read_json_config(settings.clone(), &path).expect("Failed to read json"); assert!(main(&Storage::JSON(config.clone()), "r complete t t_complete cred caps blacklist add cap_dac_override cap_sys_admin cap_sys_boot".split(" "), ) .inspect_err(|e| { @@ -1055,9 +1073,10 @@ mod tests { #[test] fn test_options_show_all() { setup("options_show_all"); - let settings = get_settings(&format!("{}.{}", ROOTASROLE, "options_show_all")) + let path = format!("{}.{}", ROOTASROLE, "options_show_all"); + let settings = get_settings(&path) .expect("Failed to get settings"); - let config = read_json_config(settings.clone()).expect("Failed to read json"); + let config = read_json_config(settings.clone(), &path).expect("Failed to read json"); assert!(main( &Storage::JSON(config.clone()), "options show all".split(" "), @@ -1070,7 +1089,7 @@ mod tests { }) .is_ok_and(|b| !b)); assert!(main( - &Storage::JSON(read_json_config(settings.clone()).expect("Failed to read json")), + &Storage::JSON(read_json_config(settings.clone(), &path).expect("Failed to read json")), "r complete options show path".split(" "), ) .inspect_err(|e| { @@ -1081,7 +1100,7 @@ mod tests { }) .is_ok_and(|b| !b)); assert!(main( - &Storage::JSON(read_json_config(settings.clone()).expect("Failed to read json")), + &Storage::JSON(read_json_config(settings.clone(), &path).expect("Failed to read json")), "r complete options show bounding".split(" "), ) .inspect_err(|e| { @@ -1096,12 +1115,13 @@ mod tests { #[test] fn test_r_complete_t_t_complete_options_show_env() { setup("r_complete_t_t_complete_options_show_env"); - let settings = get_settings(&format!( + let path = format!( "{}.{}", ROOTASROLE, "r_complete_t_t_complete_options_show_env" - )) + ); + let settings = get_settings(&path) .expect("Failed to get settings"); - let config = read_json_config(settings.clone()).expect("Failed to read json"); + let config = read_json_config(settings.clone(), &path).expect("Failed to read json"); assert!(main( &Storage::JSON(config.clone()), "r complete t t_complete options show env".split(" "), @@ -1114,7 +1134,7 @@ mod tests { }) .is_ok_and(|b| !b)); assert!(main( - &Storage::JSON(read_json_config(settings.clone()).expect("Failed to read json")), + &Storage::JSON(read_json_config(settings.clone(), &path).expect("Failed to read json")), "r complete t t_complete options show root".split(" "), ) .inspect_err(|e| { @@ -1125,7 +1145,7 @@ mod tests { }) .is_ok_and(|b| !b)); assert!(main( - &Storage::JSON(read_json_config(settings.clone()).expect("Failed to read json")), + &Storage::JSON(read_json_config(settings.clone(), &path).expect("Failed to read json")), "r complete t t_complete options show bounding".split(" "), ) .inspect_err(|e| { @@ -1136,7 +1156,7 @@ mod tests { }) .is_ok_and(|b| !b)); assert!(main( - &Storage::JSON(read_json_config(settings.clone()).expect("Failed to read json")), + &Storage::JSON(read_json_config(settings.clone(), &path).expect("Failed to read json")), "r complete t t_complete options show wildcard-denied".split(" "), ) .inspect_err(|e| { @@ -1147,7 +1167,7 @@ mod tests { }) .is_ok_and(|b| !b)); assert!(main( - &Storage::JSON(read_json_config(settings.clone()).expect("Failed to read json")), + &Storage::JSON(read_json_config(settings.clone(), &path).expect("Failed to read json")), "r complete t t_complete o path set /usr/bin:/bin".split(" "), ) .inspect_err(|e| { @@ -1162,12 +1182,13 @@ mod tests { #[test] fn test_r_complete_t_t_complete_o_path_setpolicy_delete_all() { setup("r_complete_t_t_complete_o_path_setpolicy_delete_all"); - let settings = get_settings(&format!( + let path = format!( "{}.{}", ROOTASROLE, "r_complete_t_t_complete_o_path_setpolicy_delete_all" - )) + ); + let settings = get_settings(&path) .expect("Failed to get settings"); - let config = read_json_config(settings.clone()).expect("Failed to read json"); + let config = read_json_config(settings.clone(), &path).expect("Failed to read json"); assert!(main( &Storage::JSON(config.clone()), "r complete t t_complete o path setpolicy delete-all".split(" "), @@ -1197,12 +1218,13 @@ mod tests { #[test] fn test_r_complete_t_t_complete_o_path_setpolicy_keep_unsafe() { setup("r_complete_t_t_complete_o_path_setpolicy_keep_unsafe"); - let settings = get_settings(&format!( + let path = format!( "{}.{}", ROOTASROLE, "r_complete_t_t_complete_o_path_setpolicy_keep_unsafe" - )) + ); + let settings = get_settings(&path) .expect("Failed to get settings"); - let config = read_json_config(settings.clone()).expect("Failed to read json"); + let config = read_json_config(settings.clone(), &path).expect("Failed to read json"); assert!(main( &Storage::JSON(config.clone()), "r complete t t_complete o path setpolicy keep-unsafe".split(" "), @@ -1281,12 +1303,13 @@ mod tests { #[test] fn test_r_complete_t_t_complete_o_path_whitelist_add() { setup("r_complete_t_t_complete_o_path_whitelist_add"); - let settings = get_settings(&format!( + let path = format!( "{}.{}", ROOTASROLE, "r_complete_t_t_complete_o_path_whitelist_add" - )) + ); + let settings = get_settings(&path) .expect("Failed to get settings"); - let config = read_json_config(settings.clone()).expect("Failed to read json"); + let config = read_json_config(settings.clone(), &path).expect("Failed to read json"); assert!(main( &Storage::JSON(config.clone()), "r complete t t_complete o path whitelist add /usr/bin:/bin".split(" "), @@ -1563,12 +1586,13 @@ mod tests { #[test] fn test_r_complete_t_t_complete_o_path_blacklist_purge() { setup("r_complete_t_t_complete_o_path_blacklist_purge"); - let settings = get_settings(&format!( + let path = format!( "{}.{}", ROOTASROLE, "r_complete_t_t_complete_o_path_blacklist_purge" - )) + ); + let settings = get_settings(&path) .expect("Failed to get settings"); - let config = read_json_config(settings.clone()).expect("Failed to read json"); + let config = read_json_config(settings.clone(), &path).expect("Failed to read json"); assert!(main( &Storage::JSON(config.clone()), "r complete t t_complete o path blacklist purge".split(" "), @@ -1585,12 +1609,13 @@ mod tests { #[test] fn test_r_complete_t_t_complete_o_env_keep_only_myvar_var2() { setup("r_complete_t_t_complete_o_env_keep_only_MYVAR_VAR2"); - let settings = get_settings(&format!( + let path = format!( "{}.{}", ROOTASROLE, "r_complete_t_t_complete_o_env_keep_only_MYVAR_VAR2" - )) + ); + let settings = get_settings(&path) .expect("Failed to get settings"); - let config = read_json_config(settings.clone()).expect("Failed to read json"); + let config = read_json_config(settings.clone(), &path).expect("Failed to read json"); assert!(main( &Storage::JSON(config.clone()), "r complete t t_complete o env keep-only MYVAR,VAR2".split(" "), @@ -1662,12 +1687,13 @@ mod tests { #[test] fn test_r_complete_t_t_complete_o_env_delete_only_myvar_var2() { setup("r_complete_t_t_complete_o_env_delete_only_MYVAR_VAR2"); - let settings = get_settings(&format!( + let path = format!( "{}.{}", ROOTASROLE, "r_complete_t_t_complete_o_env_delete_only_MYVAR_VAR2" - )) + ); + let settings = get_settings(&path) .expect("Failed to get settings"); - let config = read_json_config(settings.clone()).expect("Failed to read json"); + let config = read_json_config(settings.clone(), &path).expect("Failed to read json"); assert!(main( &Storage::JSON(config.clone()), "r complete t t_complete o env delete-only MYVAR,VAR2".split(" "), @@ -1739,12 +1765,13 @@ mod tests { #[test] fn test_r_complete_t_t_complete_o_env_set_myvar_value_var2_value2() { setup("r_complete_t_t_complete_o_env_set_MYVAR_value_VAR2_value2"); - let settings = get_settings(&format!( + let path = format!( "{}.{}", ROOTASROLE, "r_complete_t_t_complete_o_env_set_MYVAR_value_VAR2_value2" - )) + ); + let settings = get_settings(&path) .expect("Failed to get settings"); - let config = read_json_config(settings.clone()).expect("Failed to read json"); + let config = read_json_config(settings.clone(), &path).expect("Failed to read json"); assert!(main( &Storage::JSON(config.clone()), r#"r complete t t_complete o env set MYVAR=value,VAR2="value2""#.split(" "), @@ -1811,12 +1838,13 @@ mod tests { #[test] fn test_r_complete_t_t_complete_o_env_add_myvar_value_var2_value2() { setup("r_complete_t_t_complete_o_env_add_MYVAR_value_VAR2_value2"); - let settings = get_settings(&format!( + let path = format!( "{}.{}", ROOTASROLE, "r_complete_t_t_complete_o_env_add_MYVAR_value_VAR2_value2" - )) + ); + let settings = get_settings(&path) .expect("Failed to get settings"); - let config = read_json_config(settings.clone()).expect("Failed to read json"); + let config = read_json_config(settings.clone(), &path).expect("Failed to read json"); assert!(main( &Storage::JSON(config.clone()), r#"r complete t t_complete o env setlist set VAR3=value3"#.split(" "), @@ -1990,12 +2018,13 @@ mod tests { #[test] fn test_r_complete_t_t_complete_o_env_setpolicy_delete_all() { setup("r_complete_t_t_complete_o_env_setpolicy_delete_all"); - let settings = get_settings(&format!( + let path = format!( "{}.{}", ROOTASROLE, "r_complete_t_t_complete_o_env_setpolicy_delete_all" - )) + ); + let settings = get_settings(&path) .expect("Failed to get settings"); - let config = read_json_config(settings.clone()).expect("Failed to read json"); + let config = read_json_config(settings.clone(), &path).expect("Failed to read json"); assert!(main( &Storage::JSON(config.clone()), "r complete t t_complete o env setpolicy delete-all".split(" "), @@ -2027,12 +2056,13 @@ mod tests { #[test] fn test_r_complete_t_t_complete_o_env_setpolicy_keep_all() { setup("r_complete_t_t_complete_o_env_setpolicy_keep_all"); - let settings = get_settings(&format!( + let path = format!( "{}.{}", ROOTASROLE, "r_complete_t_t_complete_o_env_setpolicy_keep_all" - )) + ); + let settings = get_settings(&path) .expect("Failed to get settings"); - let config = read_json_config(settings.clone()).expect("Failed to read json"); + let config = read_json_config(settings.clone(), &path).expect("Failed to read json"); assert!(main( &Storage::JSON(config.clone()), "r complete t t_complete o env setpolicy keep-all".split(" "), @@ -2064,12 +2094,13 @@ mod tests { #[test] fn test_r_complete_t_t_complete_o_env_setpolicy_inherit() { setup("r_complete_t_t_complete_o_env_setpolicy_inherit"); - let settings = get_settings(&format!( + let path = format!( "{}.{}", ROOTASROLE, "r_complete_t_t_complete_o_env_setpolicy_inherit" - )) + ); + let settings = get_settings(&path) .expect("Failed to get settings"); - let config = read_json_config(settings.clone()).expect("Failed to read json"); + let config = read_json_config(settings.clone(), &path).expect("Failed to read json"); assert!(main( &Storage::JSON(config.clone()), "r complete t t_complete o env setpolicy inherit".split(" "), @@ -2101,12 +2132,13 @@ mod tests { #[test] fn test_r_complete_t_t_complete_o_env_whitelist_add_myvar() { setup("r_complete_t_t_complete_o_env_whitelist_add_MYVAR"); - let settings = get_settings(&format!( + let path = format!( "{}.{}", ROOTASROLE, "r_complete_t_t_complete_o_env_whitelist_add_MYVAR" - )) + ); + let settings = get_settings(&path) .expect("Failed to get settings"); - let config = read_json_config(settings.clone()).expect("Failed to read json"); + let config = read_json_config(settings.clone(), &path).expect("Failed to read json"); assert!(main( &Storage::JSON(config.clone()), "r complete t t_complete o env whitelist add MYVAR".split(" "), @@ -2217,12 +2249,13 @@ mod tests { #[test] fn test_r_complete_t_t_complete_o_env_whitelist_purge() { setup("r_complete_t_t_complete_o_env_whitelist_purge"); - let settings = get_settings(&format!( + let path = format!( "{}.{}", ROOTASROLE, "r_complete_t_t_complete_o_env_whitelist_purge" - )) + ); + let settings = get_settings(&path) .expect("Failed to get settings"); - let config = read_json_config(settings.clone()).expect("Failed to read json"); + let config = read_json_config(settings.clone(), &path).expect("Failed to read json"); assert!(main( &Storage::JSON(config.clone()), "r complete t t_complete o env whitelist purge".split(" "), @@ -2252,12 +2285,13 @@ mod tests { #[test] fn test_r_complete_t_t_complete_o_env_blacklist_add_myvar() { setup("r_complete_t_t_complete_o_env_blacklist_add_MYVAR"); - let settings = get_settings(&format!( + let path = format!( "{}.{}", ROOTASROLE, "r_complete_t_t_complete_o_env_blacklist_add_MYVAR" - )) + ); + let settings = get_settings(&path) .expect("Failed to get settings"); - let config = read_json_config(settings.clone()).expect("Failed to read json"); + let config = read_json_config(settings.clone(), &path).expect("Failed to read json"); assert!(main( &Storage::JSON(config.clone()), "r complete t t_complete o env blacklist add MYVAR".split(" "), @@ -2311,12 +2345,13 @@ mod tests { #[test] fn test_r_complete_t_t_complete_o_env_blacklist_set_myvar() { setup("r_complete_t_t_complete_o_env_blacklist_set_MYVAR"); - let settings = get_settings(&format!( + let path = format!( "{}.{}", ROOTASROLE, "r_complete_t_t_complete_o_env_blacklist_set_MYVAR" - )) + ); + let settings = get_settings(&path) .expect("Failed to get settings"); - let config = read_json_config(settings.clone()).expect("Failed to read json"); + let config = read_json_config(settings.clone(), &path).expect("Failed to read json"); assert!(main( &Storage::JSON(config.clone()), "r complete t t_complete o env blacklist set MYVAR".split(" "), @@ -2362,12 +2397,13 @@ mod tests { #[test] fn test_r_complete_t_t_complete_o_env_blacklist_purge() { setup("r_complete_t_t_complete_o_env_blacklist_purge"); - let settings = get_settings(&format!( + let path = format!( "{}.{}", ROOTASROLE, "r_complete_t_t_complete_o_env_blacklist_purge" - )) + ); + let settings = get_settings(&path) .expect("Failed to get settings"); - let config = read_json_config(settings.clone()).expect("Failed to read json"); + let config = read_json_config(settings.clone(), &path).expect("Failed to read json"); assert!(main( &Storage::JSON(config.clone()), "r complete t t_complete o env blacklist purge".split(" "), @@ -2397,12 +2433,13 @@ mod tests { #[test] fn test_r_complete_t_t_complete_o_env_checklist_add_myvar() { setup("r_complete_t_t_complete_o_env_checklist_add_MYVAR"); - let settings = get_settings(&format!( + let path = format!( "{}.{}", ROOTASROLE, "r_complete_t_t_complete_o_env_checklist_add_MYVAR" - )) + ); + let settings = get_settings(&path) .expect("Failed to get settings"); - let config = read_json_config(settings.clone()).expect("Failed to read json"); + let config = read_json_config(settings.clone(), &path).expect("Failed to read json"); assert!(main( &Storage::JSON(config.clone()), "r complete t t_complete o env checklist add MYVAR".split(" "), @@ -2523,12 +2560,13 @@ mod tests { #[test] fn test_r_complete_t_t_complete_o_root_privileged() { setup("r_complete_t_t_complete_o_root_privileged"); - let settings = get_settings(&format!( + let path = format!( "{}.{}", ROOTASROLE, "r_complete_t_t_complete_o_root_privileged" - )) + ); + let settings = get_settings(&path) .expect("Failed to get settings"); - let config = read_json_config(settings.clone()).expect("Failed to read json"); + let config = read_json_config(settings.clone(), &path).expect("Failed to read json"); assert!(main( &Storage::JSON(config.clone()), "r complete t t_complete o root privileged".split(" "), @@ -2611,12 +2649,13 @@ mod tests { #[test] fn test_r_complete_t_t_complete_o_bounding_strict() { setup("r_complete_t_t_complete_o_bounding_strict"); - let settings = get_settings(&format!( + let path = format!( "{}.{}", ROOTASROLE, "r_complete_t_t_complete_o_bounding_strict" - )) + ); + let settings = get_settings(&path) .expect("Failed to get settings"); - let config = read_json_config(settings.clone()).expect("Failed to read json"); + let config = read_json_config(settings.clone(), &path).expect("Failed to read json"); assert!(main( &Storage::JSON(config.clone()), "r complete t t_complete o bounding strict".split(" "), @@ -2647,12 +2686,13 @@ mod tests { #[test] fn test_r_complete_t_t_complete_o_bounding_ignore() { setup("r_complete_t_t_complete_o_bounding_ignore"); - let settings = get_settings(&format!( + let path = format!( "{}.{}", ROOTASROLE, "r_complete_t_t_complete_o_bounding_ignore" - )) + ); + let settings = get_settings(&path) .expect("Failed to get settings"); - let config = read_json_config(settings.clone()).expect("Failed to read json"); + let config = read_json_config(settings.clone(), &path).expect("Failed to read json"); assert!(main( &Storage::JSON(config.clone()), "r complete t t_complete o bounding ignore".split(" "), @@ -2683,12 +2723,13 @@ mod tests { #[test] fn test_r_complete_t_t_complete_o_bounding_inherit() { setup("r_complete_t_t_complete_o_bounding_inherit"); - let settings = get_settings(&format!( + let path = format!( "{}.{}", ROOTASROLE, "r_complete_t_t_complete_o_bounding_inherit" - )) + ); + let settings = get_settings(&path) .expect("Failed to get settings"); - let config = read_json_config(settings.clone()).expect("Failed to read json"); + let config = read_json_config(settings.clone(), &path).expect("Failed to read json"); assert!(main( &Storage::JSON(config.clone()), "r complete t t_complete o bounding inherit".split(" "), @@ -2719,12 +2760,13 @@ mod tests { #[test] fn test_r_complete_t_t_complete_o_auth_skip() { setup("r_complete_t_t_complete_o_auth_skip"); - let settings = get_settings(&format!( + let path = format!( "{}.{}", ROOTASROLE, "r_complete_t_t_complete_o_auth_skip" - )) + ); + let settings = get_settings(&path) .expect("Failed to get settings"); - let config = read_json_config(settings.clone()).expect("Failed to read json"); + let config = read_json_config(settings.clone(), &path).expect("Failed to read json"); assert!(main( &Storage::JSON(config.clone()), "r complete t t_complete o auth skip".split(" "), @@ -2807,12 +2849,13 @@ mod tests { #[test] fn test_r_complete_t_t_complete_o_wildcard_denied_set() { setup("r_complete_t_t_complete_o_wildcard_denied_set"); - let settings = get_settings(&format!( + let path = format!( "{}.{}", ROOTASROLE, "r_complete_t_t_complete_o_wildcard_denied_set" - )) + ); + let settings = get_settings(&path) .expect("Failed to get settings"); - let config = read_json_config(settings.clone()).expect("Failed to read json"); + let config = read_json_config(settings.clone(), &path).expect("Failed to read json"); assert!(main( &Storage::JSON(config.clone()), "r complete t t_complete o wildcard-denied set *".split(" "), @@ -2891,12 +2934,13 @@ mod tests { "~" ); debug!("====="); - let settings = get_settings(&format!( + let path = format!( "{}.{}", ROOTASROLE, "r_complete_t_t_complete_o_wildcard_denied_set" - )) + ); + let settings = get_settings(&path) .expect("Failed to get settings"); - let config = read_json_config(settings.clone()).expect("Failed to read json"); + let config = read_json_config(settings.clone(), &path).expect("Failed to read json"); assert!(main( &Storage::JSON(config.clone()), "r complete t t_complete o timeout set --type uid --duration 15:05:10 --max-usage 7" @@ -2959,7 +3003,7 @@ mod tests { assert!(bindingopt.timeout.as_ref().is_none()); } assert!(main( - &Storage::JSON(read_json_config(settings.clone()).expect("Failed to read json")), + &Storage::JSON(read_json_config(settings.clone(), &path).expect("Failed to read json")), "r complete tosk".split(" "), ) .inspect_err(|e| { diff --git a/src/chsr/main.rs b/src/chsr/main.rs index 7f94797..e6e1518 100644 --- a/src/chsr/main.rs +++ b/src/chsr/main.rs @@ -25,7 +25,7 @@ fn main() -> Result<(), Box> { register_plugins(); let settings = get_settings(ROOTASROLE).expect("Error on config read"); let config = match settings.clone().as_ref().borrow().storage.method { - StorageMethod::JSON => Storage::JSON(read_json_config(settings.clone())?), + StorageMethod::JSON => Storage::JSON(read_json_config(settings.clone(), ROOTASROLE)?), _ => { error!("Unsupported storage method"); std::process::exit(1); diff --git a/src/sr/main.rs b/src/sr/main.rs index c23ebd9..9a86e2d 100644 --- a/src/sr/main.rs +++ b/src/sr/main.rs @@ -210,7 +210,7 @@ fn main() -> Result<(), Box> { .unwrap_or_else(|_| panic!("{}", cap_effective_error("dac_read"))); let config = match settings.clone().as_ref().borrow().storage.method { rar_common::StorageMethod::JSON => { - Storage::JSON(read_json_config(settings).expect("Failed to read config")) + Storage::JSON(read_json_config(settings, ROOTASROLE).expect("Failed to read config")) } _ => { return Err("Unsupported storage method".into()); From 1c7f6b9a09cb37a60b6a4d87542bb3d5611c9b0a Mon Sep 17 00:00:00 2001 From: LeChatP Date: Wed, 1 Jan 2025 12:25:50 +0100 Subject: [PATCH 4/7] removing useless capable task --- resources/rootasrole.json | 16 ---------------- 1 file changed, 16 deletions(-) diff --git a/resources/rootasrole.json b/resources/rootasrole.json index c590e63..437f244 100644 --- a/resources/rootasrole.json +++ b/resources/rootasrole.json @@ -109,22 +109,6 @@ "/usr/bin/chsr .*" ] } - }, - { - "name": "t_capable", - "purpose": "access to every commands", - "cred": { - "capabilities": { - "default": "all", - "sub": ["CAP_LINUX_IMMUTABLE"] - } - }, - "commands": { - "default": "none", - "add": [ - "/usr/bin/capable .*" - ] - } } ] } From d6baaf26d95ac08655d9cb2e805625c3ba317fd5 Mon Sep 17 00:00:00 2001 From: LeChatP Date: Wed, 1 Jan 2025 12:26:36 +0100 Subject: [PATCH 5/7] update documentation --- README.md | 6 ++++++ book/src/chsr/file-config.md | 32 ++++++++++++++++++++++---------- 2 files changed, 28 insertions(+), 10 deletions(-) diff --git a/README.md b/README.md index 7dc5188..43b8716 100644 --- a/README.md +++ b/README.md @@ -33,6 +33,12 @@ * [glob](https://docs.rs/glob/latest/glob/) for binary path * [PCRE2](https://www.pcre.org/) for command arguments +If you need help to configure a RootAsRole policy, you can use our **[capable tool](https://github.com/LeChatP/RootAsRole-capable)**. This tool identifies the rights required by specific commands, making it easier to define a precise policy. + +For administrators who already use **Ansible playbooks** for their tasks and wish to implement **RootAsRole**, our tool [gensr](https://github.com/LeChatP/RootAsRole-utils) can generate an initial draft of a **RootAsRole policy**. The `gensr` tool works by running your Ansible playbook alongside the [capable tool](https://github.com/LeChatP/RootAsRole-capable), creating a draft policy based on the observed required rights. This process helps administrators to harden their Ansible tasks. It helps to verify eventual third-party supply-chain attacks. + +**Note:** The `gensr` tool is still in development and may not work with all playbooks. If you wish to contribute to this project, feel free to make issues and pull requests. + ## You can find every interesting resources using [the RootAsRole User/Knowledge/Reference Guide Book](https://lechatp.github.io/RootAsRole/). ## Installation diff --git a/book/src/chsr/file-config.md b/book/src/chsr/file-config.md index 71e0aa4..232ce82 100644 --- a/book/src/chsr/file-config.md +++ b/book/src/chsr/file-config.md @@ -23,7 +23,7 @@ The following example shows a RootAsRole config without plugins when almost ever ```json { "version": "3.0.0-alpha.4", // Version of the configuration file - "storage": { // Storage settings, where the Roles and Execution options are stored + "storage": { // Storage settings, Roles storage location "method": "json", // Storage method "settings": { // Storage settings "immutable": false, // Program return error if the file is not immutable, default is true @@ -32,7 +32,7 @@ The following example shows a RootAsRole config without plugins when almost ever }, "options": { "path": { // Path options - "default": "delete", // Default policy for path, delete-all, keep-safe, keep-unsafe, inherit + "default": "delete", // Default policy for path, delete, keep-safe, keep-unsafe, inherit "add": [ // Paths to add to the whitelist "path1", "path2" @@ -43,7 +43,7 @@ The following example shows a RootAsRole config without plugins when almost ever ] }, "env": { // Environment options - "default": "delete", // Default policy for environment, delete-all, keep-all, inherit + "default": "delete", // Default policy for environment, delete, keep, inherit "keep": [ // Environment variables to keep "env1", "env2" @@ -57,25 +57,25 @@ The following example shows a RootAsRole config without plugins when almost ever "env6" ] }, - "root": "privileged", // Default policy for root, privileged, user, inherit - "bounding": "ignore", // Default policy for bounding, strict, ignore, inherit + "root": "privileged", // Default policy for root: privileged, user, inherit + "bounding": "ignore", // Default policy for bounding: strict, ignore, inherit "wildcard-denied": "*", // Characters denied in any binary path "timeout": { - "type": "ppid", // Type of timeout, tty, ppid, uid - "duration": "15:30:30", // Duration of the timeout + "type": "ppid", // Type of timeout: tty, ppid, uid + "duration": "15:30:30", // Duration of the timeout in HH:MM:SS format "max_usage": 1 // Maximum usage before timeout expires } }, "roles": [ // Role list { "name": "complete", // Role name - "actors": [ // Actors granted + "actors": [ // Actors granted to the role { "id": 0, // ID of the actor, could be a name - "type": "user" // Type of actor, user, group + "type": "user" // Type of actor: user, group }, { - "groups": 0, // ID of the group, could be a name + "groups": 0, // ID of the group or a list of ID for AND condition "type": "group" }, { @@ -106,6 +106,14 @@ The following example shows a RootAsRole config without plugins when almost ever "CAP_SYS_ADMIN", "CAP_SYS_BOOT" ] + }, + // Dbus credentials are relied to Dbus and Polkit policies. They can be enforced using `gensr` tool + "dbus": [ + "org.freedesktop.login1.Reboot", // DBus method to allow + ], + // File credentials are relied to file permissions. They can be enforced using `gensr` tool + "file": { + "/path/to/file": "R", // File path and permission, r for read, w for write, x for execute } }, "commands": { @@ -648,3 +656,7 @@ Here is an example global configuration: ``` The `check` list is a list of environment variables that will be checked for unsafe characters. If an environment variable contains unsafe characters, it will be removed from the environment. + +## What are dbus and file credentials fields? + +the `dbus` and `file` fields are used for gensr tool from RootAsRole-utils repository. They are enforced to the DBus and file permissions. The `dbus` field is used to allow DBus methods. The `file` field is used to allow file permissions. The gensr tool will generate the DBus and file permissions in according to the `setuid` credentials. So gensr tool requires the `setuid` field to be set. \ No newline at end of file From 7340aeb81416323fca55972bf28b4bd5b279befd Mon Sep 17 00:00:00 2001 From: LeChatP Date: Wed, 1 Jan 2025 12:26:58 +0100 Subject: [PATCH 6/7] bump version to 3.0.4 across all relevant files --- Cargo.toml | 2 +- README.md | 2 +- rar-common/Cargo.toml | 2 +- rar-common/src/version.rs | 2 +- xtask/Cargo.toml | 2 +- 5 files changed, 5 insertions(+), 5 deletions(-) diff --git a/Cargo.toml b/Cargo.toml index 4974b6e..40b783d 100644 --- a/Cargo.toml +++ b/Cargo.toml @@ -4,7 +4,7 @@ members = ["xtask", "rar-common"] [package] name = "rootasrole" # The project version is managed on json file in resources/rootasrole.json -version = "3.0.3" +version = "3.0.4" rust-version = "1.76.0" authors = ["Eddie Billoir "] edition = "2021" diff --git a/README.md b/README.md index 43b8716..ef64e37 100644 --- a/README.md +++ b/README.md @@ -16,7 +16,7 @@ -# RootAsRole (V3.0.3) : A memory-safe and security-oriented alternative to sudo/su commands +# RootAsRole (V3.0.4) : A memory-safe and security-oriented alternative to sudo/su commands **RootAsRole** is a project to allow Linux/Unix administrators to delegate their administrative tasks access rights to users. Its main features are : diff --git a/rar-common/Cargo.toml b/rar-common/Cargo.toml index 0577292..56ad562 100644 --- a/rar-common/Cargo.toml +++ b/rar-common/Cargo.toml @@ -1,6 +1,6 @@ [package] name = "rootasrole-core" -version = "3.0.3" +version = "3.0.4" edition = "2021" description = "This core crate contains the RBAC and main features for the RootAsRole project." license = "GPL-3.0-or-later" diff --git a/rar-common/src/version.rs b/rar-common/src/version.rs index 904f2f0..6c7b08a 100644 --- a/rar-common/src/version.rs +++ b/rar-common/src/version.rs @@ -1,4 +1,4 @@ // This file is generated by build.rs // Do not edit this file directly // Instead edit build.rs and run cargo build -pub const PACKAGE_VERSION: &str = "3.0.3"; +pub const PACKAGE_VERSION: &str = "3.0.4"; diff --git a/xtask/Cargo.toml b/xtask/Cargo.toml index 4453a6c..b674faa 100644 --- a/xtask/Cargo.toml +++ b/xtask/Cargo.toml @@ -1,7 +1,7 @@ [package] name = "xtask" # The project version is managed on json file in resources/rootasrole.json -version = "3.0.3" +version = "3.0.4" edition = "2021" publish = false From e606250a0aba626f865783514bd8c4c3d6fc0b7f Mon Sep 17 00:00:00 2001 From: "github-actions[bot]" <41898282+github-actions[bot]@users.noreply.github.com> Date: Wed, 1 Jan 2025 11:44:27 +0000 Subject: [PATCH 7/7] Format Rust code using rustfmt --- rar-common/src/api.rs | 4 +- rar-common/src/database/finder.rs | 2 +- rar-common/src/database/migration.rs | 2 +- rar-common/src/database/mod.rs | 7 +- rar-common/src/lib.rs | 2 +- rar-common/src/plugin/hashchecker.rs | 2 +- rar-common/src/plugin/hierarchy.rs | 2 +- rar-common/src/util.rs | 4 +- src/chsr/cli/mod.rs | 151 +++++++++------------------ src/chsr/cli/pair.rs | 2 +- src/chsr/main.rs | 2 +- src/sr/main.rs | 2 +- src/sr/pam/mod.rs | 2 +- src/sr/timeout.rs | 2 +- xtask/src/configure.rs | 4 +- xtask/src/installer/build.rs | 1 - xtask/src/installer/dependencies.rs | 2 +- xtask/src/installer/install.rs | 2 +- xtask/src/installer/uninstall.rs | 2 +- xtask/src/main.rs | 5 +- xtask/src/util.rs | 2 +- 21 files changed, 75 insertions(+), 129 deletions(-) diff --git a/rar-common/src/api.rs b/rar-common/src/api.rs index 109623c..d2c14c6 100644 --- a/rar-common/src/api.rs +++ b/rar-common/src/api.rs @@ -2,11 +2,11 @@ use std::sync::Mutex; use capctl::CapSet; +#[cfg(feature = "finder")] +use log::debug; #[cfg(feature = "finder")] use serde_json::Value; use strum::EnumIs; -#[cfg(feature = "finder")] -use log::debug; #[cfg(feature = "finder")] use crate::database::finder::{Cred, ExecSettings, FilterMatcher, TaskMatch, UserMin}; diff --git a/rar-common/src/database/finder.rs b/rar-common/src/database/finder.rs index 788e063..caabd56 100644 --- a/rar-common/src/database/finder.rs +++ b/rar-common/src/database/finder.rs @@ -9,6 +9,7 @@ use std::{ use capctl::CapSet; use glob::Pattern; +use log::{debug, warn}; use nix::{ libc::dev_t, unistd::{Group, Pid, User}, @@ -16,7 +17,6 @@ use nix::{ #[cfg(feature = "pcre2")] use pcre2::bytes::RegexBuilder; use strum::EnumIs; -use log::{debug, warn}; use crate::database::{ options::{Opt, OptStack}, diff --git a/rar-common/src/database/migration.rs b/rar-common/src/database/migration.rs index 9b00fe0..f6df3be 100644 --- a/rar-common/src/database/migration.rs +++ b/rar-common/src/database/migration.rs @@ -1,7 +1,7 @@ use std::error::Error; -use semver::Version; use log::debug; +use semver::Version; use crate::version::PACKAGE_VERSION; diff --git a/rar-common/src/database/mod.rs b/rar-common/src/database/mod.rs index dbcc4d3..489b4be 100644 --- a/rar-common/src/database/mod.rs +++ b/rar-common/src/database/mod.rs @@ -7,8 +7,8 @@ use crate::version::PACKAGE_VERSION; use chrono::Duration; use linked_hash_set::LinkedHashSet; -use serde::{de, Deserialize, Serialize}; use log::debug; +use serde::{de, Deserialize, Serialize}; use self::{migration::Migration, options::EnvKey, structs::SConfig, versionning::Versioning}; @@ -37,7 +37,7 @@ pub fn make_weak_config(config: &Rc>) { } } -pub fn read_json_config>( +pub fn read_json_config>( settings: Rc>, settings_path: P, ) -> Result>, Box> { @@ -48,7 +48,8 @@ pub fn read_json_config>( .settings .as_ref() .unwrap_or(&default_remote) - .path.as_ref(); + .path + .as_ref(); if path.is_none() || path.is_some_and(|p| p == settings_path.as_ref()) { make_weak_config(&settings.as_ref().borrow().config); return Ok(settings.as_ref().borrow().config.clone()); diff --git a/rar-common/src/lib.rs b/rar-common/src/lib.rs index 8ae9490..f586b35 100644 --- a/rar-common/src/lib.rs +++ b/rar-common/src/lib.rs @@ -54,8 +54,8 @@ const ROOTASROLE: &str = "target/rootasrole.json"; use std::{cell::RefCell, error::Error, ffi::OsStr, path::PathBuf, rc::Rc}; -use serde::{Deserialize, Serialize}; use log::debug; +use serde::{Deserialize, Serialize}; pub mod api; pub mod database; diff --git a/rar-common/src/plugin/hashchecker.rs b/rar-common/src/plugin/hashchecker.rs index 06a0219..05ae188 100644 --- a/rar-common/src/plugin/hashchecker.rs +++ b/rar-common/src/plugin/hashchecker.rs @@ -6,9 +6,9 @@ use crate::{ open_with_privileges, util::{final_path, parse_conf_command}, }; +use log::{debug, warn}; use nix::unistd::{access, AccessFlags}; use serde::{Deserialize, Serialize}; -use log::{debug, warn}; use libc::FS_IOC_GETFLAGS; use sha2::Digest; diff --git a/rar-common/src/plugin/hierarchy.rs b/rar-common/src/plugin/hierarchy.rs index ca619be..1eb3314 100644 --- a/rar-common/src/plugin/hierarchy.rs +++ b/rar-common/src/plugin/hierarchy.rs @@ -8,8 +8,8 @@ use crate::{ }, }; -use serde::Deserialize; use log::{debug, warn}; +use serde::Deserialize; #[derive(Deserialize)] pub struct Parents(Vec); diff --git a/rar-common/src/util.rs b/rar-common/src/util.rs index a7075b2..6c59770 100644 --- a/rar-common/src/util.rs +++ b/rar-common/src/util.rs @@ -10,9 +10,9 @@ use std::{ use capctl::{prctl, CapState}; use capctl::{Cap, CapSet, ParseCapError}; use libc::{FS_IOC_GETFLAGS, FS_IOC_SETFLAGS}; +use log::{debug, warn}; use serde::Serialize; use strum::EnumIs; -use log::{debug, warn}; #[cfg(feature = "finder")] use crate::api::PluginManager; @@ -265,8 +265,8 @@ pub fn subsribe(tool: &str) -> Result<(), Box> { #[cfg(not(debug_assertions))] pub fn subsribe(tool: &str) -> Result<(), Box> { use env_logger::Env; - use syslog::{BasicLogger, Facility, Formatter3164}; use log::LevelFilter; + use syslog::{BasicLogger, Facility, Formatter3164}; syslog::init(Facility::LOG_AUTH, LevelFilter::Info, Some(tool))?; Ok(()) } diff --git a/src/chsr/cli/mod.rs b/src/chsr/cli/mod.rs index 63ac2de..b2391aa 100644 --- a/src/chsr/cli/mod.rs +++ b/src/chsr/cli/mod.rs @@ -7,10 +7,10 @@ use std::error::Error; use data::{Cli, Inputs, Rule}; +use log::debug; use pair::recurse_pair; use pest::Parser; use process::process_input; -use log::debug; use usage::print_usage; use crate::util::escape_parser_string_vec; @@ -61,7 +61,6 @@ mod tests { use log::error; use test_log::test; - fn setup(name: &str) { //Write json test json file let path = format!("{}.{}", ROOTASROLE, name); @@ -226,8 +225,7 @@ mod tests { fn test_all_main() { setup("all_main"); let path = format!("{}.{}", ROOTASROLE, "all_main"); - let settings = get_settings(&path) - .expect("Failed to get settings"); + let settings = get_settings(&path).expect("Failed to get settings"); let config = read_json_config(settings.clone(), &path).expect("Failed to read json"); assert!(main(&Storage::JSON(config.clone()), vec!["--help"],) .inspect_err(|e| { @@ -265,8 +263,7 @@ mod tests { fn test_r_complete_show_actors() { setup("r_complete_show_actors"); let path = format!("{}.{}", ROOTASROLE, "r_complete_show_actors"); - let settings = get_settings(&path) - .expect("Failed to get settings"); + let settings = get_settings(&path).expect("Failed to get settings"); let config = read_json_config(settings.clone(), &path).expect("Failed to read json"); assert!(main( &Storage::JSON(config.clone()), @@ -318,8 +315,7 @@ mod tests { fn test_purge_tasks() { setup("purge_tasks"); let path = format!("{}.{}", ROOTASROLE, "purge_tasks"); - let settings = get_settings(&path) - .expect("Failed to get settings"); + let settings = get_settings(&path).expect("Failed to get settings"); let config = read_json_config(settings.clone(), &path).expect("Failed to read json"); assert!(main( &Storage::JSON(config.clone()), @@ -338,8 +334,7 @@ mod tests { fn test_r_complete_purge_all() { setup("r_complete_purge_all"); let path = format!("{}.{}", ROOTASROLE, "r_complete_purge_all"); - let settings = get_settings(&path) - .expect("Failed to get settings"); + let settings = get_settings(&path).expect("Failed to get settings"); let config = read_json_config(settings.clone(), &path).expect("Failed to read json"); assert!(main( &Storage::JSON(config.clone()), @@ -361,8 +356,7 @@ mod tests { "{}.{}", ROOTASROLE, "r_complete_grant_u_user1_g_group1_g_group2_group3" ); - let settings = get_settings(&path) - .expect("Failed to get settings"); + let settings = get_settings(&path).expect("Failed to get settings"); let config = read_json_config(settings.clone(), &path).expect("Failed to read json"); assert!(main( &Storage::JSON(config.clone()), @@ -421,12 +415,8 @@ mod tests { #[test] fn test_r_complete_task_t_complete_show_all() { setup("r_complete_task_t_complete_show_all"); - let path = format!( - "{}.{}", - ROOTASROLE, "r_complete_task_t_complete_show_all" - ); - let settings = get_settings(&path) - .expect("Failed to get settings"); + let path = format!("{}.{}", ROOTASROLE, "r_complete_task_t_complete_show_all"); + let settings = get_settings(&path).expect("Failed to get settings"); let config = read_json_config(settings.clone(), &path).expect("Failed to read json"); assert!(main( &Storage::JSON(config.clone()), @@ -477,12 +467,8 @@ mod tests { #[test] fn test_r_complete_task_t_complete_purge_cmd() { setup("r_complete_task_t_complete_purge_cmd"); - let path = format!( - "{}.{}", - ROOTASROLE, "r_complete_task_t_complete_purge_cmd" - ); - let settings = get_settings(&path) - .expect("Failed to get settings"); + let path = format!("{}.{}", ROOTASROLE, "r_complete_task_t_complete_purge_cmd"); + let settings = get_settings(&path).expect("Failed to get settings"); let config = read_json_config(settings.clone(), &path).expect("Failed to read json"); assert!(main( &Storage::JSON(config.clone()), @@ -500,12 +486,8 @@ mod tests { #[test] fn test_r_complete_task_t_complete_purge_cred() { setup("r_complete_task_t_complete_purge_cred"); - let path = format!( - "{}.{}", - ROOTASROLE, "r_complete_task_t_complete_purge_cred" - ); - let settings = get_settings(&path) - .expect("Failed to get settings"); + let path = format!("{}.{}", ROOTASROLE, "r_complete_task_t_complete_purge_cred"); + let settings = get_settings(&path).expect("Failed to get settings"); let config = read_json_config(settings.clone(), &path).expect("Failed to read json"); assert!(main( &Storage::JSON(config.clone()), @@ -519,12 +501,8 @@ mod tests { }) .is_ok_and(|b| b)); debug!("====="); - let path = format!( - "{}.{}", - ROOTASROLE, "r_complete_task_t_complete_purge_cred" - ); - let settings = get_settings(&path) - .expect("Failed to get settings"); + let path = format!("{}.{}", ROOTASROLE, "r_complete_task_t_complete_purge_cred"); + let settings = get_settings(&path).expect("Failed to get settings"); let config = read_json_config(settings.clone(), &path).expect("Failed to read json"); let task_count = config.as_ref().borrow()[0].as_ref().borrow().tasks.len(); assert!(main( @@ -566,8 +544,7 @@ mod tests { "{}.{}", ROOTASROLE, "r_complete_t_t_complete_cmd_setpolicy_deny_all" ); - let settings = get_settings(&path) - .expect("Failed to get settings"); + let settings = get_settings(&path).expect("Failed to get settings"); let config = read_json_config(settings.clone(), &path).expect("Failed to read json"); assert!(main( &Storage::JSON(config.clone()), @@ -597,8 +574,7 @@ mod tests { "{}.{}", ROOTASROLE, "r_complete_t_t_complete_cmd_setpolicy_allow_all" ); - let settings = get_settings(&path) - .expect("Failed to get settings"); + let settings = get_settings(&path).expect("Failed to get settings"); let config = read_json_config(settings.clone(), &path).expect("Failed to read json"); assert!(main( &Storage::JSON(config.clone()), @@ -628,8 +604,7 @@ mod tests { "{}.{}", ROOTASROLE, "r_complete_t_t_complete_cmd_whitelist_add_super_command_with_spaces" ); - let settings = get_settings(&path) - .expect("Failed to get settings"); + let settings = get_settings(&path).expect("Failed to get settings"); let config = read_json_config(settings.clone(), &path).expect("Failed to read json"); assert!(main( &Storage::JSON(config.clone()), @@ -691,8 +666,7 @@ mod tests { "{}.{}", ROOTASROLE, "r_complete_t_t_complete_cmd_blacklist_del_super_command_with_spaces" ); - let settings = get_settings(&path) - .expect("Failed to get settings"); + let settings = get_settings(&path).expect("Failed to get settings"); let config = read_json_config(settings.clone(), &path).expect("Failed to read json"); assert!(main( &Storage::JSON(config.clone()), @@ -842,8 +816,7 @@ mod tests { "{}.{}", ROOTASROLE, "r_complete_t_t_complete_cred_caps_setpolicy_deny_all" ); - let settings = get_settings(&path) - .expect("Failed to get settings"); + let settings = get_settings(&path).expect("Failed to get settings"); let config = read_json_config(settings.clone(), &path).expect("Failed to read json"); assert!(main( &Storage::JSON(config.clone()), @@ -876,8 +849,7 @@ mod tests { "{}.{}", ROOTASROLE, "r_complete_t_t_complete_cred_caps_setpolicy_allow_all" ); - let settings = get_settings(&path) - .expect("Failed to get settings"); + let settings = get_settings(&path).expect("Failed to get settings"); let config = read_json_config(settings.clone(), &path).expect("Failed to read json"); assert!(main( &Storage::JSON(config.clone()), @@ -1074,8 +1046,7 @@ mod tests { fn test_options_show_all() { setup("options_show_all"); let path = format!("{}.{}", ROOTASROLE, "options_show_all"); - let settings = get_settings(&path) - .expect("Failed to get settings"); + let settings = get_settings(&path).expect("Failed to get settings"); let config = read_json_config(settings.clone(), &path).expect("Failed to read json"); assert!(main( &Storage::JSON(config.clone()), @@ -1119,8 +1090,7 @@ mod tests { "{}.{}", ROOTASROLE, "r_complete_t_t_complete_options_show_env" ); - let settings = get_settings(&path) - .expect("Failed to get settings"); + let settings = get_settings(&path).expect("Failed to get settings"); let config = read_json_config(settings.clone(), &path).expect("Failed to read json"); assert!(main( &Storage::JSON(config.clone()), @@ -1186,8 +1156,7 @@ mod tests { "{}.{}", ROOTASROLE, "r_complete_t_t_complete_o_path_setpolicy_delete_all" ); - let settings = get_settings(&path) - .expect("Failed to get settings"); + let settings = get_settings(&path).expect("Failed to get settings"); let config = read_json_config(settings.clone(), &path).expect("Failed to read json"); assert!(main( &Storage::JSON(config.clone()), @@ -1222,8 +1191,7 @@ mod tests { "{}.{}", ROOTASROLE, "r_complete_t_t_complete_o_path_setpolicy_keep_unsafe" ); - let settings = get_settings(&path) - .expect("Failed to get settings"); + let settings = get_settings(&path).expect("Failed to get settings"); let config = read_json_config(settings.clone(), &path).expect("Failed to read json"); assert!(main( &Storage::JSON(config.clone()), @@ -1307,8 +1275,7 @@ mod tests { "{}.{}", ROOTASROLE, "r_complete_t_t_complete_o_path_whitelist_add" ); - let settings = get_settings(&path) - .expect("Failed to get settings"); + let settings = get_settings(&path).expect("Failed to get settings"); let config = read_json_config(settings.clone(), &path).expect("Failed to read json"); assert!(main( &Storage::JSON(config.clone()), @@ -1590,8 +1557,7 @@ mod tests { "{}.{}", ROOTASROLE, "r_complete_t_t_complete_o_path_blacklist_purge" ); - let settings = get_settings(&path) - .expect("Failed to get settings"); + let settings = get_settings(&path).expect("Failed to get settings"); let config = read_json_config(settings.clone(), &path).expect("Failed to read json"); assert!(main( &Storage::JSON(config.clone()), @@ -1613,8 +1579,7 @@ mod tests { "{}.{}", ROOTASROLE, "r_complete_t_t_complete_o_env_keep_only_MYVAR_VAR2" ); - let settings = get_settings(&path) - .expect("Failed to get settings"); + let settings = get_settings(&path).expect("Failed to get settings"); let config = read_json_config(settings.clone(), &path).expect("Failed to read json"); assert!(main( &Storage::JSON(config.clone()), @@ -1691,8 +1656,7 @@ mod tests { "{}.{}", ROOTASROLE, "r_complete_t_t_complete_o_env_delete_only_MYVAR_VAR2" ); - let settings = get_settings(&path) - .expect("Failed to get settings"); + let settings = get_settings(&path).expect("Failed to get settings"); let config = read_json_config(settings.clone(), &path).expect("Failed to read json"); assert!(main( &Storage::JSON(config.clone()), @@ -1769,8 +1733,7 @@ mod tests { "{}.{}", ROOTASROLE, "r_complete_t_t_complete_o_env_set_MYVAR_value_VAR2_value2" ); - let settings = get_settings(&path) - .expect("Failed to get settings"); + let settings = get_settings(&path).expect("Failed to get settings"); let config = read_json_config(settings.clone(), &path).expect("Failed to read json"); assert!(main( &Storage::JSON(config.clone()), @@ -1842,8 +1805,7 @@ mod tests { "{}.{}", ROOTASROLE, "r_complete_t_t_complete_o_env_add_MYVAR_value_VAR2_value2" ); - let settings = get_settings(&path) - .expect("Failed to get settings"); + let settings = get_settings(&path).expect("Failed to get settings"); let config = read_json_config(settings.clone(), &path).expect("Failed to read json"); assert!(main( &Storage::JSON(config.clone()), @@ -2022,8 +1984,7 @@ mod tests { "{}.{}", ROOTASROLE, "r_complete_t_t_complete_o_env_setpolicy_delete_all" ); - let settings = get_settings(&path) - .expect("Failed to get settings"); + let settings = get_settings(&path).expect("Failed to get settings"); let config = read_json_config(settings.clone(), &path).expect("Failed to read json"); assert!(main( &Storage::JSON(config.clone()), @@ -2060,8 +2021,7 @@ mod tests { "{}.{}", ROOTASROLE, "r_complete_t_t_complete_o_env_setpolicy_keep_all" ); - let settings = get_settings(&path) - .expect("Failed to get settings"); + let settings = get_settings(&path).expect("Failed to get settings"); let config = read_json_config(settings.clone(), &path).expect("Failed to read json"); assert!(main( &Storage::JSON(config.clone()), @@ -2098,8 +2058,7 @@ mod tests { "{}.{}", ROOTASROLE, "r_complete_t_t_complete_o_env_setpolicy_inherit" ); - let settings = get_settings(&path) - .expect("Failed to get settings"); + let settings = get_settings(&path).expect("Failed to get settings"); let config = read_json_config(settings.clone(), &path).expect("Failed to read json"); assert!(main( &Storage::JSON(config.clone()), @@ -2136,8 +2095,7 @@ mod tests { "{}.{}", ROOTASROLE, "r_complete_t_t_complete_o_env_whitelist_add_MYVAR" ); - let settings = get_settings(&path) - .expect("Failed to get settings"); + let settings = get_settings(&path).expect("Failed to get settings"); let config = read_json_config(settings.clone(), &path).expect("Failed to read json"); assert!(main( &Storage::JSON(config.clone()), @@ -2253,8 +2211,7 @@ mod tests { "{}.{}", ROOTASROLE, "r_complete_t_t_complete_o_env_whitelist_purge" ); - let settings = get_settings(&path) - .expect("Failed to get settings"); + let settings = get_settings(&path).expect("Failed to get settings"); let config = read_json_config(settings.clone(), &path).expect("Failed to read json"); assert!(main( &Storage::JSON(config.clone()), @@ -2289,8 +2246,7 @@ mod tests { "{}.{}", ROOTASROLE, "r_complete_t_t_complete_o_env_blacklist_add_MYVAR" ); - let settings = get_settings(&path) - .expect("Failed to get settings"); + let settings = get_settings(&path).expect("Failed to get settings"); let config = read_json_config(settings.clone(), &path).expect("Failed to read json"); assert!(main( &Storage::JSON(config.clone()), @@ -2349,8 +2305,7 @@ mod tests { "{}.{}", ROOTASROLE, "r_complete_t_t_complete_o_env_blacklist_set_MYVAR" ); - let settings = get_settings(&path) - .expect("Failed to get settings"); + let settings = get_settings(&path).expect("Failed to get settings"); let config = read_json_config(settings.clone(), &path).expect("Failed to read json"); assert!(main( &Storage::JSON(config.clone()), @@ -2401,8 +2356,7 @@ mod tests { "{}.{}", ROOTASROLE, "r_complete_t_t_complete_o_env_blacklist_purge" ); - let settings = get_settings(&path) - .expect("Failed to get settings"); + let settings = get_settings(&path).expect("Failed to get settings"); let config = read_json_config(settings.clone(), &path).expect("Failed to read json"); assert!(main( &Storage::JSON(config.clone()), @@ -2437,8 +2391,7 @@ mod tests { "{}.{}", ROOTASROLE, "r_complete_t_t_complete_o_env_checklist_add_MYVAR" ); - let settings = get_settings(&path) - .expect("Failed to get settings"); + let settings = get_settings(&path).expect("Failed to get settings"); let config = read_json_config(settings.clone(), &path).expect("Failed to read json"); assert!(main( &Storage::JSON(config.clone()), @@ -2564,8 +2517,7 @@ mod tests { "{}.{}", ROOTASROLE, "r_complete_t_t_complete_o_root_privileged" ); - let settings = get_settings(&path) - .expect("Failed to get settings"); + let settings = get_settings(&path).expect("Failed to get settings"); let config = read_json_config(settings.clone(), &path).expect("Failed to read json"); assert!(main( &Storage::JSON(config.clone()), @@ -2653,8 +2605,7 @@ mod tests { "{}.{}", ROOTASROLE, "r_complete_t_t_complete_o_bounding_strict" ); - let settings = get_settings(&path) - .expect("Failed to get settings"); + let settings = get_settings(&path).expect("Failed to get settings"); let config = read_json_config(settings.clone(), &path).expect("Failed to read json"); assert!(main( &Storage::JSON(config.clone()), @@ -2690,8 +2641,7 @@ mod tests { "{}.{}", ROOTASROLE, "r_complete_t_t_complete_o_bounding_ignore" ); - let settings = get_settings(&path) - .expect("Failed to get settings"); + let settings = get_settings(&path).expect("Failed to get settings"); let config = read_json_config(settings.clone(), &path).expect("Failed to read json"); assert!(main( &Storage::JSON(config.clone()), @@ -2727,8 +2677,7 @@ mod tests { "{}.{}", ROOTASROLE, "r_complete_t_t_complete_o_bounding_inherit" ); - let settings = get_settings(&path) - .expect("Failed to get settings"); + let settings = get_settings(&path).expect("Failed to get settings"); let config = read_json_config(settings.clone(), &path).expect("Failed to read json"); assert!(main( &Storage::JSON(config.clone()), @@ -2760,12 +2709,8 @@ mod tests { #[test] fn test_r_complete_t_t_complete_o_auth_skip() { setup("r_complete_t_t_complete_o_auth_skip"); - let path = format!( - "{}.{}", - ROOTASROLE, "r_complete_t_t_complete_o_auth_skip" - ); - let settings = get_settings(&path) - .expect("Failed to get settings"); + let path = format!("{}.{}", ROOTASROLE, "r_complete_t_t_complete_o_auth_skip"); + let settings = get_settings(&path).expect("Failed to get settings"); let config = read_json_config(settings.clone(), &path).expect("Failed to read json"); assert!(main( &Storage::JSON(config.clone()), @@ -2853,8 +2798,7 @@ mod tests { "{}.{}", ROOTASROLE, "r_complete_t_t_complete_o_wildcard_denied_set" ); - let settings = get_settings(&path) - .expect("Failed to get settings"); + let settings = get_settings(&path).expect("Failed to get settings"); let config = read_json_config(settings.clone(), &path).expect("Failed to read json"); assert!(main( &Storage::JSON(config.clone()), @@ -2938,8 +2882,7 @@ mod tests { "{}.{}", ROOTASROLE, "r_complete_t_t_complete_o_wildcard_denied_set" ); - let settings = get_settings(&path) - .expect("Failed to get settings"); + let settings = get_settings(&path).expect("Failed to get settings"); let config = read_json_config(settings.clone(), &path).expect("Failed to read json"); assert!(main( &Storage::JSON(config.clone()), diff --git a/src/chsr/cli/pair.rs b/src/chsr/cli/pair.rs index 46af806..ed9a491 100644 --- a/src/chsr/cli/pair.rs +++ b/src/chsr/cli/pair.rs @@ -3,8 +3,8 @@ use std::{collections::HashMap, error::Error, str::FromStr}; use capctl::{Cap, CapSet}; use chrono::Duration; use linked_hash_set::LinkedHashSet; -use pest::iterators::Pair; use log::{debug, warn}; +use pest::iterators::Pair; use crate::cli::data::{RoleType, TaskType}; use rar_common::database::{ diff --git a/src/chsr/main.rs b/src/chsr/main.rs index e6e1518..04e2236 100644 --- a/src/chsr/main.rs +++ b/src/chsr/main.rs @@ -1,12 +1,12 @@ //extern crate sudoers_reader; +use log::{debug, error}; use rar_common::{ database::{read_json_config, save_json}, plugin::register_plugins, util::{drop_effective, read_effective, subsribe}, Storage, }; -use log::{debug, error}; mod cli; mod util; diff --git a/src/sr/main.rs b/src/sr/main.rs index 9a86e2d..4f42ae6 100644 --- a/src/sr/main.rs +++ b/src/sr/main.rs @@ -12,10 +12,10 @@ use rar_common::database::finder::{Cred, FilterMatcher, TaskMatch, TaskMatcher}; use rar_common::database::{options::OptStack, structs::SConfig}; use rar_common::util::escape_parser_string; +use log::{debug, error}; use pam::PAM_PROMPT; use pty_process::blocking::{Command, Pty}; use std::{cell::RefCell, error::Error, io::stdout, os::fd::AsRawFd, rc::Rc}; -use log::{debug, error}; use rar_common::plugin::register_plugins; use rar_common::{ diff --git a/src/sr/pam/mod.rs b/src/sr/pam/mod.rs index e58e4ad..9a6b913 100644 --- a/src/sr/pam/mod.rs +++ b/src/sr/pam/mod.rs @@ -4,9 +4,9 @@ use std::{ ops::Deref, }; +use log::{debug, error, info, warn}; use pam_client2::{Context, ConversationHandler, ErrorCode, Flag}; use pcre2::bytes::RegexBuilder; -use log::{debug, error, info, warn}; use crate::timeout; use rar_common::{ diff --git a/src/sr/timeout.rs b/src/sr/timeout.rs index 1b895fb..2f36782 100644 --- a/src/sr/timeout.rs +++ b/src/sr/timeout.rs @@ -7,13 +7,13 @@ use std::{ }; use chrono::Utc; +use log::debug; use nix::{ libc::dev_t, libc::{pid_t, uid_t}, sys::signal::kill, }; use serde::{Deserialize, Serialize}; -use log::debug; use rar_common::{ database::{ diff --git a/xtask/src/configure.rs b/xtask/src/configure.rs index c896e27..399584d 100644 --- a/xtask/src/configure.rs +++ b/xtask/src/configure.rs @@ -4,9 +4,9 @@ use std::io::{self, BufRead, BufReader, Write}; use std::path::Path; use anyhow::Context; +use log::{info, warn}; use nix::unistd::{getresuid, getuid}; use strum::EnumIs; -use log::{info, warn}; use crate::util::{ files_are_equal, toggle_lock_config, ImmutableLock, OsTarget, SettingsFile, ROOTASROLE, @@ -51,7 +51,7 @@ fn is_running_in_container() -> bool { pub fn check_filesystem() -> io::Result<()> { let config = BufReader::new(File::open(ROOTASROLE)?); let mut config: SettingsFile = serde_json::from_reader(config)?; - + // Get the filesystem type if let Some(fs_type) = get_filesystem_type(ROOTASROLE)? { match fs_type.as_str() { diff --git a/xtask/src/installer/build.rs b/xtask/src/installer/build.rs index d8d0d70..ada5e61 100644 --- a/xtask/src/installer/build.rs +++ b/xtask/src/installer/build.rs @@ -12,7 +12,6 @@ fn build_binary( options: &BuildOptions, additionnal_args: Vec<&str>, ) -> Result<(), anyhow::Error> { - let toolchain = format!("+{}", options.toolchain); let mut args = if options.toolchain == Toolchain::default() { vec!["build", "--bin", name] diff --git a/xtask/src/installer/dependencies.rs b/xtask/src/installer/dependencies.rs index 3cfda9d..428ff2f 100644 --- a/xtask/src/installer/dependencies.rs +++ b/xtask/src/installer/dependencies.rs @@ -2,8 +2,8 @@ use std::process::ExitStatus; use anyhow::Context; use capctl::CapState; -use nix::unistd::geteuid; use log::info; +use nix::unistd::geteuid; use crate::{installer::OsTarget, util::get_os}; diff --git a/xtask/src/installer/install.rs b/xtask/src/installer/install.rs index b765b3f..072cfaa 100644 --- a/xtask/src/installer/install.rs +++ b/xtask/src/installer/install.rs @@ -6,11 +6,11 @@ use std::path::{Path, PathBuf}; use std::str::FromStr; use capctl::{Cap, CapSet}; +use log::{debug, error, info}; use nix::sys::stat::{fchmod, Mode}; use nix::unistd::{Gid, Uid}; use nix::NixPath; use strum::EnumIs; -use log::{debug, error, info}; use crate::installer::Profile; use crate::util::{change_dir_to_git_root, detect_priv_bin, BOLD, RED, RST}; diff --git a/xtask/src/installer/uninstall.rs b/xtask/src/installer/uninstall.rs index 1fc2460..5f59445 100644 --- a/xtask/src/installer/uninstall.rs +++ b/xtask/src/installer/uninstall.rs @@ -1,6 +1,6 @@ use anyhow::Context; -use std::fs; use log::warn; +use std::fs; use crate::util::{files_are_equal, toggle_lock_config, ImmutableLock, ROOTASROLE}; diff --git a/xtask/src/main.rs b/xtask/src/main.rs index 7222e8f..cc64f6e 100644 --- a/xtask/src/main.rs +++ b/xtask/src/main.rs @@ -35,7 +35,10 @@ enum Command { } fn main() { - env_logger::builder().default_format().format_module_path(true).init(); + env_logger::builder() + .default_format() + .format_module_path(true) + .init(); let opts = Options::parse(); use Command::*; let ret = match opts.command { diff --git a/xtask/src/util.rs b/xtask/src/util.rs index 802fe05..0452386 100644 --- a/xtask/src/util.rs +++ b/xtask/src/util.rs @@ -10,11 +10,11 @@ use anyhow::{anyhow, Context}; use capctl::Cap; use capctl::CapState; use clap::ValueEnum; +use log::debug; use nix::libc::{FS_IOC_GETFLAGS, FS_IOC_SETFLAGS}; use serde::{Deserialize, Serialize}; use serde_json::Value; use strum::{Display, EnumIs, EnumIter}; -use log::debug; #[derive(Debug, Clone, ValueEnum, EnumIs, EnumIter, Display, PartialEq, Eq, Hash)] #[clap(rename_all = "lowercase")]