Merge pull request #76 from LeChatP/dev

v3.1.1 Fix regression with path management, please update

Author: LeChatP

Cargo.toml

@@ -4,7 +4,7 @@ members = ["xtask", "rar-common"]
 [package]
 name = "rootasrole"
 # The project version is managed on json file in resources/rootasrole.json
-version = "3.1.0"
+version = "3.1.1"
 rust-version = "1.76.0"
 authors = ["Eddie Billoir <[email protected]>"]
 edition = "2021"
@@ -64,7 +64,7 @@ serde_json = "1.0"
 toml = "0.8"
 
 [dependencies]
-rar-common = { path = "rar-common", version = "3.0.3", package = "rootasrole-core" }
+rar-common = { path = "rar-common", version = "3.1.0", package = "rootasrole-core" }
 log = "0.4"
 libc = "0.2"
 strum = { version = "0.26", features = ["derive"] }

README.md

@@ -14,7 +14,7 @@
 <!-- The project version is managed on json file in resources/rootasrole.json -->
 <!-- markdownlint-restore -->
 
-# RootAsRole (V3.1.0) — A better alternative to `sudo(-rs)`/`su` • ⚡ Blazing fast • 🛡️ Memory-safe • 🔐 Security-oriented
+# RootAsRole (V3.1.1) — A better alternative to `sudo(-rs)`/`su` • ⚡ Blazing fast • 🛡️ Memory-safe • 🔐 Security-oriented
 
 RootAsRole is a Linux/Unix privilege delegation tool based on **Role-Based Access Control (RBAC)**. It empowers administrators to assign precise privileges — not full root — to users and commands.
 

rar-common/Cargo.toml

@@ -1,6 +1,6 @@
 [package]
 name = "rootasrole-core"
-version = "3.1.0"
+version = "3.1.1"
 edition = "2021"
 description = "This core crate contains the RBAC and main features for the RootAsRole project."
 license = "LGPL-3.0-or-later"

src/sr/finder/mod.rs

@@ -125,7 +125,7 @@ impl BestExecSettings {
         }
         result.env = opt_stack
             .calc_temp_env(opt_stack.calc_override_behavior(), &cli.opt_filter)
-            .calc_final_env(env_vars, env_path, cred)?;
+            .calc_final_env(env_vars, opt_stack.calc_path(env_path), cred)?;
         result.auth = opt_stack.calc_authentication();
         result.bounding = opt_stack.calc_bounding();
         result.timeout = opt_stack.calc_timeout();
@@ -386,13 +386,34 @@ mod tests {
 
     #[test]
     fn test_retrieve_settings_no_matching_role() {
-        let cli = dummy_cli();
+        let cli = Cli::builder().cmd_path("/usr/bin/cat".to_string()).build();
         let cred = dummy_cred();
         let data = dummy_dconfigfinder();
         let env_vars = vec![("KEY", "VALUE")];
         let env_path = &["/bin"];
         let result = BestExecSettings::retrieve_settings(&cli, &cred, &data, env_vars, env_path);
+        assert!(!result.is_ok());
+    }
+
+    #[test]
+    fn test_retrieve_settings_with_matching_role() {
+        let cli = dummy_cli();
+        let cred = dummy_cred();
+        let data = dummy_dconfigfinder();
+        let env_vars = vec![("KEY", "VALUE")];
+        let env_path = &["/UNWANTED"];
+        let result = BestExecSettings::retrieve_settings(&cli, &cred, &data, env_vars, env_path);
         assert!(result.is_ok());
+        let settings = result.unwrap();
+        assert_eq!(settings.final_path, PathBuf::from("/usr/bin/ls"));
+        assert_eq!(settings.role, "test");
+        assert_eq!(settings.task, Some("0".to_string()));
+        assert!(!settings.setuid.is_some());
+        assert!(!settings.setgroups.is_some());
+        assert!(settings.caps.is_some());
+        assert!(!settings.env.is_empty());
+        assert!(!settings.env_path.is_empty());
+        assert!(settings.env_path.iter().all(|p| p != "/UNWANTED"));
     }
 
     #[test]

src/sr/finder/options.rs

@@ -289,7 +289,7 @@ impl<'a> DEnvOptions<'a> {
     pub fn calc_final_env(
         &self,
         env_vars: impl IntoIterator<Item = (impl Into<String>, impl Into<String>)>,
-        env_path: &[&str],
+        env_path: impl IntoIterator<Item = impl AsRef<str>>,
         target: &Cred,
     ) -> Result<HashMap<String, String>, Box<dyn Error>> {
         let mut final_set = match self.default_behavior {
@@ -325,11 +325,11 @@ impl<'a> DEnvOptions<'a> {
         }?;
         final_set.insert(
             "PATH".into(),
-            env_path.iter().fold(String::new(), |acc, path| {
+            env_path.into_iter().fold(String::new(), |acc, path| {
                 if acc.is_empty() {
-                    path.to_string()
+                    path.as_ref().to_string()
                 } else {
-                    format!("{}:{}", acc, path)
+                    format!("{}:{}", acc, path.as_ref())
                 }
             }),
         );

xtask/Cargo.toml

@@ -1,7 +1,7 @@
 [package]
 name = "xtask"
 # The project version is managed on json file in resources/rootasrole.json
-version = "3.1.0"
+version = "3.1.1"
 edition = "2021"
 publish = false