Merge pull request #60 from LeChatP/develop

New step for making sr available on official repos

Cargo.toml

@@ -4,7 +4,7 @@ members = ["xtask", "rar-common"]
 [package]
 name = "rootasrole"
 # The project version is managed on json file in resources/rootasrole.json
-version = "3.0.1"
+version = "3.0.2"
 rust-version = "1.76.0"
 authors = ["Eddie Billoir <[email protected]>"]
 edition = "2021"
@@ -51,56 +51,44 @@ unexpected_cfgs = { level = "allow", check-cfg = ['cfg(tarpaulin_include)'] }
 
 
 [build-dependencies]
-reqwest = { version = "0.12.4", features = ["blocking", "json"] }
-pcre2 = "0.2.4"
-regex = "1.9.1"
-serde = { version = "1.0.200" }
-serde_json = "1.0.116"
+serde_json = "1.0.128"
 toml = "0.8.13"
 
 [dependencies]
 rar-common = { path = "rar-common", version = "3.0.0", package = "rootasrole-core" }
 tracing = "0.1.40"
 tracing-subscriber = "0.3.18"
-libc = "0.2.155"
+libc = "0.2.159"
 strum = { version = "0.26.3", features = ["derive"] }
 semver = { version = "1.0.23", features = ["serde"] }
-nix = { version = "0.29.0", features = ["user","process", "signal", "fs"] } 
-#sudoers-reader = { path = "sudoers-reader" }
+nix = { version = "0.29.0", features = ["user","process", "signal", "fs"] }
 capctl = "0.2.4"
 pcre2 = { version = "0.2.7", optional = true }
-serde = { version = "1.0.202", features=["rc"] }
-serde_json = "1.0.117"
+serde = { version = "1.0.210", features=["rc"] }
+serde_json = "1.0.128"
 ciborium = "0.2.2"
 glob = "0.3.1"
 pam-client = { version = "0.5.0", git = "https://gitlab.com/LeChatP/rust-pam-client.git" }
-pam-sys = "1.0.0-alpha5"
-bitflags = { version = "2.5.0" }
+pam-sys = { version = "1.0.0-alpha.5", git = "https://github.com/LeChatP/pam-sys.git" }
+bitflags = { version = "2.6.0" }
 shell-words = "1.1.0"
 syslog-tracing = "0.3.0"
 linked_hash_set = { version = "0.1.4" }
 derivative = "2.2.0"
 sha2 = "0.10.8"
-sha1 = "0.10.6"
-#md5 = "0.7.0"
 chrono = "0.4.38"
 pty-process = "0.4.0"
-once_cell = "1.19.0"
-pest = "2.7.8"
-pest_derive = "2.7.8"
-#phf = { version = "0.11.2", features = ["macros"] }
-const_format = "0.2.32"
+once_cell = "1.20.2"
+pest = "2.7.14"
+pest_derive = "2.7.14"
+const_format = "0.2.33"
 hex = "0.4.3"
 
 [dev-dependencies]
 env_logger = "0.11.5"
 test-log = { version = "0.2.12", features = ["trace"] }
 tracing = "0.1.37"
 tracing-subscriber = { version = "0.3.16", default-features = false, features = ["env-filter", "fmt"] }
-pest-test-gen = "0.1.7"
-pest-test = "0.1.6"
-lazy_static = "1.4.0"
-toml = "0.8.19"
 
 
 [package.metadata.deb]
@@ -121,6 +109,7 @@ preserve-symlinks = true
 conf-files = ["/etc/pam.d/sr", "/etc/security/rootasrole.json"]
 maintainer-scripts = "target/release/"
 extended-description = "RootAsRole is a project to allow Linux/Unix administrators to delegate their administrative tasks access rights to multiple co-administrators through RBAC model and Linux Capabilities features."
+changelog = "target/debian/changelog"
 
 [package.metadata.generate-rpm]
 assets = [

README.md

@@ -16,7 +16,7 @@
 <!-- The project version is managed on json file in resources/rootasrole.json -->
 <!-- markdownlint-restore -->
 
-# RootAsRole (V3.0.1) : A memory-safe and security-oriented alternative to sudo/su commands
+# RootAsRole (V3.0.2) : A memory-safe and security-oriented alternative to sudo/su commands
 
 **RootAsRole** is a project to allow Linux/Unix administrators to delegate their administrative tasks access rights to users. Its main features are :
 

rar-common/Cargo.toml

@@ -1,14 +1,14 @@
 [package]
 name = "rootasrole-core"
-version = "3.0.1"
+version = "3.0.2"
 edition = "2021"
 description = "This core crate contains the RBAC and main features for the RootAsRole project."
 license = "GPL-3.0-or-later"
 
 [dependencies]
 tracing = "0.1.40"
 tracing-subscriber = "0.3.18"
-libc = "0.2.155"
+libc = "0.2.159"
 strum = { version = "0.26.3", features = ["derive"] }
 semver = { version = "1.0.23", features = ["serde"] }
 nix = { version = "0.29.0", features = ["user","process", "signal", "fs"] } 
@@ -17,7 +17,6 @@ capctl = "0.2.4"
 pcre2 = { version = "0.2.7", optional = true }
 serde = { version = "1.0.202", features=["rc"] }
 serde_json = "1.0.117"
-ciborium = "0.2.2"
 glob = { version = "0.3.1", optional = true }
 bitflags = { version = "2.5.0" }
 shell-words = "1.1.0"
@@ -34,9 +33,6 @@ env_logger = "0.11.5"
 test-log = { version = "0.2.12", features = ["trace"] }
 tracing = "0.1.37"
 tracing-subscriber = { version = "0.3.16", default-features = false, features = ["env-filter", "fmt"] }
-lazy_static = "1.4.0"
-serde = { version = "1.0.202", features=["rc"] }
-toml = "0.8.19"
 
 [features]
 pcre2 = ["dep:pcre2"]

rar-common/src/util.rs

@@ -190,47 +190,52 @@ fn remove_outer_quotes(input: &str) -> String {
 
 pub fn parse_conf_command(command: &SCommand) -> Result<Vec<String>, Box<dyn Error>> {
     match command {
-        SCommand::Simple(command) => Ok(shell_words::split(command)?),
-        SCommand::Complex(command) => {
-            if let Some(array) = command.as_array() {
-                let mut result = Vec::new();
-                if !array.iter().all(|item| {
-                    // if it is a string
-                    item.is_string() && {
-                        //add to result
-                        result.push(item.as_str().unwrap().to_string());
-                        true // continue
-                    }
-                }) {
-                    // if any of the items is not a string
-                    return Err("Invalid command".into());
-                }
-                Ok(result)
-            } else {
-                // call PluginManager
-                #[cfg(feature = "finder")]
-                {
-                    let res = PluginManager::notify_complex_command_parser(command);
-                    debug!("Parsed command {:?}", res);
-                    res
-                }
-                #[cfg(not(feature = "finder"))]
-                {
-                    Err("Invalid command".into())
-                }
-            }
-        }
+        SCommand::Simple(command) => parse_simple_command(command),
+        SCommand::Complex(command) => parse_complex_command(command),
     }
 }
 
-pub fn find_from_envpath<P>(exe_name: &P) -> Option<PathBuf>
-where
-    P: AsRef<Path>,
-{
+fn parse_simple_command(command: &str) -> Result<Vec<String>, Box<dyn Error>> {
+    shell_words::split(command).map_err(Into::into)
+}
+
+fn parse_complex_command(command: &serde_json::Value) -> Result<Vec<String>, Box<dyn Error>> {
+    if let Some(array) = command.as_array() {
+        let result: Result<Vec<String>, _> = array
+            .iter()
+            .map(|item| {
+                item.as_str()
+                    .map(|s| s.to_string())
+                    .ok_or_else(|| "Invalid command".into())
+            })
+            .collect();
+        result
+    } else {
+        parse_complex_command_with_finder(command)
+    }
+}
+
+#[cfg(feature = "finder")]
+fn parse_complex_command_with_finder(
+    command: &serde_json::Value,
+) -> Result<Vec<String>, Box<dyn Error>> {
+    let res = PluginManager::notify_complex_command_parser(command);
+    debug!("Parsed command {:?}", res);
+    res
+}
+
+#[cfg(not(feature = "finder"))]
+fn parse_complex_command_with_finder(
+    _command: &serde_json::Value,
+) -> Result<Vec<String>, Box<dyn Error>> {
+    Err("Invalid command".into())
+}
+
+pub fn find_from_envpath<P: AsRef<Path>>(exe_name: P) -> Option<PathBuf> {
     env::var_os("PATH").and_then(|paths| {
         env::split_paths(&paths)
             .filter_map(|dir| {
-                let full_path = dir.join(exe_name);
+                let full_path = dir.join(&exe_name);
                 if full_path.is_file() {
                     Some(full_path)
                 } else {
@@ -241,20 +246,14 @@ where
     })
 }
 
-pub fn final_path(path: &String) -> PathBuf {
-    let result;
-    if let Some(env_path) = find_from_envpath(&path) {
-        result = env_path
-    } else if let Ok(cannon_path) = std::fs::canonicalize(path) {
-        result = cannon_path;
+pub fn final_path(path: &str) -> PathBuf {
+    if let Some(env_path) = find_from_envpath(path) {
+        env_path
+    } else if let Ok(canon_path) = std::fs::canonicalize(path) {
+        canon_path
     } else {
-        result = path.parse().expect("The path is not valid");
+        PathBuf::from(path)
     }
-    result
-        .to_str()
-        .expect("The path is not valid")
-        .parse()
-        .expect("The path is not valid")
 }
 
 #[cfg(debug_assertions)]

rar-common/src/version.rs

@@ -1,4 +1,4 @@
 // This file is generated by build.rs
 // Do not edit this file directly
 // Instead edit build.rs and run cargo build
-pub const PACKAGE_VERSION: &'static str = "3.0.1";
+pub const PACKAGE_VERSION: &str = "3.0.2";

resources/man/en_US.md

@@ -1,5 +1,5 @@
-% RootAsRole(8) System Manager's Manual
-% Version 3.0.0
+% RootAsRole(8) RootAsRole 3.0.0 | System Manager's Manual
+% Eddie Billoir <[email protected]>
 % September 2024
 
 # NAME
@@ -84,9 +84,6 @@ For help, please visit <https://github.com/LeChatP/RootAsRole/discussions> or <h
 
 This program is provided "as is" without any warranty, to the extent permitted by law. The authors disclaim any responsibility for the quality or suitability of the program for a particular purpose. You use this program at your own risk. In case of problems, you are responsible for any necessary repairs or corrections. For more details, please refer to the GNU GPL version 3 or later <https://gnu.org/licenses/gpl.html>.
 
-# AUTHOR
-This manual was written by Eddie BILLOIR <[email protected]>
-
 # LICENSE
 GPLv3+: GNU GPL version 3 or later <https://gnu.org/licenses/gpl.html>.
 

resources/man/fr_FR.md

@@ -1,5 +1,5 @@
-% RootAsRole(8) Manuel de l'administrateur système
-% Version 3.0.0
+% RootAsRole(8) RootAsRole 3.0.0 | Manuel de l'administrateur système
+%
 % Septembre 2024
 
 # NAME