chsr: bugfix

src/chsr/cli.pest

@@ -79,8 +79,9 @@ command_operations       = _{ cmd_keyword ~ (cmd_setpolicy | cmd_checklisting) }
 cmd_setpolicy = { setpolicy ~ cmd_policy }
 cmd_policy    =  { "allow-all" | "deny-all" }
 
-cmd_checklisting = { (whitelist | blacklist) ~ ((add | del) ~ cmd | purge) }
-cmd         = @{ name }
+cmd_checklisting = { (whitelist | blacklist) ~ ((add | del) ~ quoted_cmd | purge) }
+quoted_cmd  = _{ NOT_ESCAPE_QUOTE ~ cmd ~ NOT_ESCAPE_QUOTE | cmd }
+cmd         = @{ ANY+ }
 
 // ========================
 // credentials
@@ -190,6 +191,6 @@ opt_timeout_max_usage    =  { ASCII_DIGIT+ }
 assignment   =  _{ "=" | WHITESPACE }
 help = { "-h" | "--help" }
 
-NOT_ESCAPE_QUOTE = @{ !"\\" ~ "\"" }
+NOT_ESCAPE_QUOTE = @{ !"\\" ~ ("\""|"'") }
 
 WHITESPACE = _{ (!NOT_ESCAPE_QUOTE) ~ SEPARATOR+ }

src/chsr/cli.rs

@@ -433,7 +433,7 @@ fn match_pair(pair: &Pair<Rule>, inputs: &mut Inputs) {
         }
         // === commands ===
         Rule::cmd => {
-            inputs.cmd_id = Some(pair.as_str().to_string());
+            inputs.cmd_id = Some(pair.as_str().to_string().trim_matches('\'').to_string());
         }
         // === credentials ===
         Rule::capability => {

src/database/version.rs

@@ -34,35 +34,6 @@ impl<T: Default + Debug> Default for Versioning<T> {
     }
 }
 
-impl Versioning<SConfig> {
-    pub fn deserialize<'de, D>(deserializer: D) -> Result<SConfig, D::Error>
-    where
-        D: Deserializer<'de>,
-    {
-        // Deserialize into the intermediate representation
-        let mut intermediate: Versioning<SConfig> =
-            <Self as Deserialize>::deserialize(deserializer)?;
-        // Check version and perform migrations if necessary
-        if Migration::migrate(
-            &intermediate.version,
-            &mut intermediate.data,
-            JSON_MIGRATIONS,
-        )
-        .and_then(|b| {
-            intermediate.version = version::PACKAGE_VERSION.to_owned().parse()?;
-            debug!("Migrated from {}", intermediate.version);
-            Ok(b)
-        })
-        .is_err()
-        {
-            return Err(serde::de::Error::custom("Failed to migrate data"));
-        }
-
-        // Return the migrated data
-        Ok(intermediate.data)
-    }
-}
-
 pub(crate) const JSON_MIGRATIONS: &[Migration<SConfig>] = &[];
 
 pub(crate) const SETTINGS_MIGRATIONS: &[Migration<SettingsFile>] = &[];

src/descriptions.rs

@@ -42,7 +42,7 @@ pub fn get_capability_description(cap : &Cap) -> &'static str {
         Cap::SYS_PACCT => r#"Use acct(2)."#,
         Cap::SYS_PTRACE => r#"• Trace arbitrary processes using ptrace(2); • apply get_robust_list(2) to arbitrary processes; • transfer data to or from the memory of arbitrary processes using process_vm_readv(2) and process_vm_writev(2); • inspect processes using kcmp(2)."#,
         Cap::SYS_RAWIO => r#"• Perform I/O port operations (iopl(2) and ioperm(2)); • access /proc/kcore; • employ the FIBMAP ioctl(2) operation; • open devices for accessing x86 model-specific registers (MSRs, see msr(4)); • update /proc/sys/vm/mmap_min_addr; • create memory mappings at addresses below the value specified by /proc/sys/vm/mmap_min_addr; • map files in /proc/bus/pci; • open /dev/mem and /dev/kmem; • perform various SCSI device commands; • perform certain operations on hpsa(4) and cciss(4) devices; • perform a range of device-specific operations on other devices."#,
-        Cap::SYS_RESOURCE => r#"• Use reserved space on ext2 filesystems; • make ioctl(2) calls controlling ext3 journaling; • override disk quota limits; • increase resource limits (see setrlimit(2)); • override RLIMIT_NPROC resource limit; • override maximum number of consoles on console allocation; • override maximum number of keymaps; • allow more than 64hz interrupts from the real-time clock; • raise msg_qbytes limit for a System V message queue above the limit in /proc/sys/kernel/msgmnb (see msgop(2) and msgctl(2)); • allow the RLIMIT_NOFILE resource limit on the number of \"in- flight\" file descriptors to be bypassed when passing file descriptors to another process via a UNIX domain socket (see unix(7)); • override the /proc/sys/fs/pipe-size-max limit when setting the capacity of a pipe using the F_SETPIPE_SZ fcntl(2) command; • use F_SETPIPE_SZ to increase the capacity of a pipe above the limit specified by /proc/sys/fs/pipe-max-size; • override /proc/sys/fs/mqueue/queues_max, /proc/sys/fs/mqueue/msg_max, and /proc/sys/fs/mqueue/msgsize_max limits when creating POSIX message queues (see mq_overview(7)); • employ the prctl(2) PR_SET_MM operation; • set /proc/pid/oom_score_adj to a value lower than the value last set by a process with CAP_SYS_RESOURCE."#,
+        Cap::SYS_RESOURCE => r#"• Use reserved space on ext2 filesystems; • make ioctl(2) calls controlling ext3 journaling; • override disk quota limits; • increase resource limits (see setrlimit(2)); • override RLIMIT_NPROC resource limit; • override maximum number of consoles on console allocation; • override maximum number of keymaps; • allow more than 64hz interrupts from the real-time clock; • raise msg_qbytes limit for a System V message queue above the limit in /proc/sys/kernel/msgmnb (see msgop(2) and msgctl(2)); • allow the RLIMIT_NOFILE resource limit on the number of \"in-flight\" file descriptors to be bypassed when passing file descriptors to another process via a UNIX domain socket (see unix(7)); • override the /proc/sys/fs/pipe-size-max limit when setting the capacity of a pipe using the F_SETPIPE_SZ fcntl(2) command; • use F_SETPIPE_SZ to increase the capacity of a pipe above the limit specified by /proc/sys/fs/pipe-max-size; • override /proc/sys/fs/mqueue/queues_max, /proc/sys/fs/mqueue/msg_max, and /proc/sys/fs/mqueue/msgsize_max limits when creating POSIX message queues (see mq_overview(7)); • employ the prctl(2) PR_SET_MM operation; • set /proc/pid/oom_score_adj to a value lower than the value last set by a process with CAP_SYS_RESOURCE."#,
         Cap::SYS_TIME => r#"Set system clock (settimeofday(2), stime(2), adjtimex(2)); set real-time (hardware) clock."#,
         Cap::SYS_TTY_CONFIG => r#"Use vhangup(2); employ various privileged ioctl(2) operations on virtual terminals."#,
         Cap::SYSLOG => r#"(since Linux 2.6.37) • Perform privileged syslog(2) operations. See syslog(2) for information on which operations require privilege. • View kernel addresses exposed via /proc and other interfaces when /proc/sys/kernel/kptr_restrict has the value 1. (See the discussion of the kptr_restrict in proc(5).)"#,

src/util.rs

@@ -72,20 +72,6 @@ pub fn warn_if_mutable(file: &File, return_err: bool) -> Result<(), Box<dyn Erro
     Ok(())
 }
 
-pub fn capset_to_string(set: &CapSet) -> String {
-    set.iter()
-        .fold(String::new(), |mut acc, cap| {
-            acc.push_str(&format!("CAP_{:?} ", cap));
-            acc
-        })
-        .trim_end()
-        .to_string()
-}
-
-pub fn capset_to_vec(set: &capctl::CapSet) -> Vec<String> {
-    set.iter().map(|cap| cap.to_string()).collect()
-}
-
 //parse string iterator to capset
 pub fn parse_capset_iter<'a, I>(iter: I) -> Result<CapSet, ParseCapError>
 where