diff --git a/src/chsr/cli.rs b/src/chsr/cli.rs index 150f0622..b037a318 100644 --- a/src/chsr/cli.rs +++ b/src/chsr/cli.rs @@ -894,9 +894,7 @@ pub fn main(storage: &Storage) -> Result> { } Ok(true) } - Err(e) => { - Err(e) - } + Err(e) => Err(e), } } }, diff --git a/src/database/finder.rs b/src/database/finder.rs index 979d267b..76f71166 100644 --- a/src/database/finder.rs +++ b/src/database/finder.rs @@ -327,7 +327,8 @@ fn final_path(path: &String) -> PathBuf { let result; if let Ok(cannon_path) = std::fs::canonicalize(path) { result = cannon_path; - } else if let Some(env_path) = find_from_envpath(&path.parse().expect("The path is not valid")) { + } else if let Some(env_path) = find_from_envpath(&path.parse().expect("The path is not valid")) + { result = env_path } else { result = path.parse().expect("The path is not valid"); @@ -548,7 +549,8 @@ impl TaskMatcher for Rc> { .borrow() .cred .capabilities - .as_ref().map(|caps| caps.to_capset()); + .as_ref() + .map(|caps| caps.to_capset()); score.caps_min = get_caps_min(&capset); score.security_min = get_security_min(&self.as_ref().borrow().options); let setuid = &self.as_ref().borrow().cred.setuid; @@ -918,9 +920,11 @@ mod tests { fn test_get_cmd_min() { let result = get_cmd_min( &["/bin/ls".to_string(), "-l".to_string(), "-a".to_string()], - &["/bin/l*".into(), + &[ + "/bin/l*".into(), "/bin/ls .*".into(), - "/bin/ls -l -a".into()], + "/bin/ls -l -a".into(), + ], ); assert_eq!(result, CmdMin::Match); } diff --git a/src/database/mod.rs b/src/database/mod.rs index eed23900..7092468e 100644 --- a/src/database/mod.rs +++ b/src/database/mod.rs @@ -9,7 +9,6 @@ use linked_hash_set::LinkedHashSet; use serde::{de, Deserialize, Serialize}; use tracing::debug; - use self::{migration::Migration, options::EnvKey, structs::SConfig, version::Versioning}; use super::config::SettingsFile; diff --git a/src/database/options.rs b/src/database/options.rs index b6e55bf4..c32a0186 100644 --- a/src/database/options.rs +++ b/src/database/options.rs @@ -19,8 +19,7 @@ use super::{ structs::{SConfig, SRole, STask}, }; -#[derive(Debug, Clone, Copy, PartialEq, Eq, Hash)] -#[derive(Default)] +#[derive(Debug, Clone, Copy, PartialEq, Eq, Hash, Default)] pub enum Level { None, #[default] @@ -61,8 +60,6 @@ pub enum TimestampType { UID, } - - #[derive(Serialize, Deserialize, PartialEq, Eq, Debug, Clone)] pub struct STimeout { #[serde(default, rename = "type")] @@ -209,16 +206,6 @@ pub struct Opt { pub level: Level, } - - - - - - - - - - impl Opt { pub fn new(level: Level) -> Self { let mut opt = Self::default(); @@ -876,9 +863,8 @@ mod tests { as_borrow_mut!(config).roles.push(role); let options = OptStack::from_role(config.as_ref().borrow().roles[0].clone()); - let res: Option<(Level, SPathOptions)> = options.find_in_options(|opt| { - opt.path.clone().map(|value| (opt.level, value)) - }); + let res: Option<(Level, SPathOptions)> = + options.find_in_options(|opt| opt.path.clone().map(|value| (opt.level, value))); assert_eq!(res, Some((Level::Role, role_path))); } diff --git a/src/database/structs.rs b/src/database/structs.rs index 89a46177..0086a536 100644 --- a/src/database/structs.rs +++ b/src/database/structs.rs @@ -259,8 +259,6 @@ impl Default for SCommands { } } - - impl Default for SCapabilities { fn default() -> Self { SCapabilities { @@ -472,9 +470,7 @@ impl PartialEq for SActorType { fn eq(&self, other: &str) -> bool { match self { SActorType::Name(name) => name == other, - SActorType::Id(id) => other - .parse().map(|oid: u32| oid == *id) - .unwrap_or(false), + SActorType::Id(id) => other.parse().map(|oid: u32| oid == *id).unwrap_or(false), } } } diff --git a/src/plugin/hierarchy.rs b/src/plugin/hierarchy.rs index c1f57242..d297e7d3 100644 --- a/src/plugin/hierarchy.rs +++ b/src/plugin/hierarchy.rs @@ -16,7 +16,8 @@ pub struct Parents(Vec); fn get_parents(role: &SRole) -> Option> { role._extra_fields - .get("parents").map(|parents| serde_json::from_value::(parents.clone())) + .get("parents") + .map(|parents| serde_json::from_value::(parents.clone())) } fn find_in_parents( diff --git a/src/plugin/ssd.rs b/src/plugin/ssd.rs index 9ba51db1..84951167 100644 --- a/src/plugin/ssd.rs +++ b/src/plugin/ssd.rs @@ -132,7 +132,8 @@ fn check_separation_of_duty(role: &SRole, actor: &Cred) -> PluginResult { fn get_ssd_entry(role: &SRole) -> Option> { role._extra_fields - .get("ssd").map(|ssd| serde_json::from_value::(ssd.clone())) + .get("ssd") + .map(|ssd| serde_json::from_value::(ssd.clone())) } pub fn register() { diff --git a/src/sr/main.rs b/src/sr/main.rs index ed130473..3e238a55 100644 --- a/src/sr/main.rs +++ b/src/sr/main.rs @@ -191,9 +191,9 @@ fn main() -> Result<(), Box> { register_plugins(); let args = add_dashes(); let args = Cli::parse_from(args.iter()); - read_effective(true).unwrap_or_else(|_| { panic!("{}", cap_effective_error("dac_read")) }); + read_effective(true).unwrap_or_else(|_| panic!("{}", cap_effective_error("dac_read"))); let settings = config::get_settings().expect("Failed to get settings"); - read_effective(false).unwrap_or_else(|_| { panic!("{}", cap_effective_error("dac_read")) }); + read_effective(false).unwrap_or_else(|_| panic!("{}", cap_effective_error("dac_read"))); let user = User::from_uid(getuid()) .expect("Failed to get user") .expect("Failed to get user"); @@ -231,7 +231,8 @@ fn main() -> Result<(), Box> { ppid, }; - dac_override_effective(true).unwrap_or_else(|_| { panic!("{}", cap_effective_error("dac_override")) }); + dac_override_effective(true) + .unwrap_or_else(|_| panic!("{}", cap_effective_error("dac_override"))); let config = match settings.clone().as_ref().borrow().storage.method { config::StorageMethod::JSON => { Storage::JSON(read_json_config(settings).expect("Failed to read config")) @@ -249,7 +250,8 @@ fn main() -> Result<(), Box> { let optstack = &execcfg.opt; check_auth(optstack, &config, &user, &args.prompt)?; - dac_override_effective(false).unwrap_or_else(|_| { panic!("{}", cap_effective_error("dac_override")) }); + dac_override_effective(false) + .unwrap_or_else(|_| panic!("{}", cap_effective_error("dac_override"))); if !taskmatch.fully_matching() { println!("You are not allowed to execute this command, this incident will be reported."); @@ -262,10 +264,7 @@ fn main() -> Result<(), Box> { if args.info { println!("Role: {}", execcfg.role().as_ref().borrow().name); - println!( - "Task: {}", - execcfg.task().as_ref().borrow().name - ); + println!("Task: {}", execcfg.task().as_ref().borrow().name); println!( "With capabilities: {}", execcfg @@ -331,16 +330,15 @@ fn main() -> Result<(), Box> { } }); - setgid_effective(true).unwrap_or_else(|_| { panic!("{}", cap_effective_error("setgid")) }); - setuid_effective(true).unwrap_or_else(|_| { panic!("{}", cap_effective_error("setuid")) }); - capctl::cap_set_ids(uid, gid, groups.as_deref()) - .expect("Failed to set ids"); - setgid_effective(false).unwrap_or_else(|_| { panic!("{}", cap_effective_error("setgid")) }); - setuid_effective(false).unwrap_or_else(|_| { panic!("{}", cap_effective_error("setuid")) }); + setgid_effective(true).unwrap_or_else(|_| panic!("{}", cap_effective_error("setgid"))); + setuid_effective(true).unwrap_or_else(|_| panic!("{}", cap_effective_error("setuid"))); + capctl::cap_set_ids(uid, gid, groups.as_deref()).expect("Failed to set ids"); + setgid_effective(false).unwrap_or_else(|_| panic!("{}", cap_effective_error("setgid"))); + setuid_effective(false).unwrap_or_else(|_| panic!("{}", cap_effective_error("setuid"))); //set capabilities if let Some(caps) = execcfg.caps { - setpcap_effective(true).unwrap_or_else(|_| { panic!("{}", cap_effective_error("setpcap")) }); + setpcap_effective(true).unwrap_or_else(|_| panic!("{}", cap_effective_error("setpcap"))); let mut capstate = CapState::empty(); if !optstack.get_bounding().1.is_ignore() { for cap in (!caps).iter() { @@ -353,15 +351,15 @@ fn main() -> Result<(), Box> { for cap in caps.iter() { capctl::ambient::raise(cap).expect("Failed to set ambiant cap"); } - setpcap_effective(false).unwrap_or_else(|_| { panic!("{}", cap_effective_error("setpcap")) }); + setpcap_effective(false).unwrap_or_else(|_| panic!("{}", cap_effective_error("setpcap"))); } else { - setpcap_effective(true).unwrap_or_else(|_| { panic!("{}", cap_effective_error("setpcap")) }); + setpcap_effective(true).unwrap_or_else(|_| panic!("{}", cap_effective_error("setpcap"))); if !optstack.get_bounding().1.is_ignore() { capctl::bounding::clear().expect("Failed to clear bounding cap"); } let capstate = CapState::empty(); capstate.set_current().expect("Failed to set current cap"); - setpcap_effective(false).unwrap_or_else(|_| { panic!("{}", cap_effective_error("setpcap")) }); + setpcap_effective(false).unwrap_or_else(|_| panic!("{}", cap_effective_error("setpcap"))); } //execute command