sudo-rs 0.1.0-dev.20230620

A memory safe implementation of sudo and su.
Documentation 
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106

use std::process::exit;

use crate::cli::SudoOptions;
use crate::common::{Context, Environment, Error};
use crate::env::environment;
use crate::exec::ExitReason;
use crate::sudoers::{Authorization, DirChange, Policy, PreJudgementPolicy};

pub trait PolicyPlugin {
    type PreJudgementPolicy: PreJudgementPolicy;
    type Policy: Policy;

    fn init(&mut self) -> Result<Self::PreJudgementPolicy, Error>;
    fn judge(
        &mut self,
        pre: Self::PreJudgementPolicy,
        context: &Context,
    ) -> Result<Self::Policy, Error>;
}

pub trait AuthPlugin {
    fn init(&mut self, context: &Context) -> Result<(), Error>;
    fn authenticate(&mut self, context: &Context) -> Result<(), Error>;
    fn pre_exec(&mut self, context: &Context) -> Result<Environment, Error>;
    fn cleanup(&mut self);
}

pub struct Pipeline<Policy: PolicyPlugin, Auth: AuthPlugin> {
    pub policy: Policy,
    pub authenticator: Auth,
}

impl<Policy: PolicyPlugin, Auth: AuthPlugin> Pipeline<Policy, Auth> {
    pub fn run(&mut self, sudo_options: SudoOptions) -> Result<(), Error> {
        let pre = self.policy.init()?;
        let secure_path: String = pre
            .secure_path()
            .unwrap_or_else(|| std::env::var("PATH").unwrap_or_default());
        let mut context = Context::build_from_options(sudo_options, secure_path)?;

        let policy = self.policy.judge(pre, &context)?;
        let authorization = policy.authorization();

        match authorization {
            Authorization::Forbidden => {
                return Err(Error::auth(&format!(
                    "I'm sorry {}. I'm afraid I can't do that",
                    context.current_user.name
                )));
            }
            Authorization::Allowed { must_authenticate } => {
                self.apply_policy_to_context(&mut context, &policy)?;
                self.authenticator.init(&context)?;
                if must_authenticate {
                    self.authenticator.authenticate(&context)?;
                }
            }
        }

        let additional_env = self.authenticator.pre_exec(&context)?;

        // build environment
        let current_env = std::env::vars_os().collect();
        let target_env =
            environment::get_target_environment(current_env, additional_env, &context, &policy);

        let pid = context.process.pid;

        // run command and return corresponding exit code
        let (reason, emulate_default_handler) = crate::exec::run_command(context, target_env)?;

        self.authenticator.cleanup();

        // Run any clean-up code before this line.
        emulate_default_handler();

        match reason {
            ExitReason::Code(code) => exit(code),
            ExitReason::Signal(signal) => {
                crate::system::kill(pid, signal)?;
            }
        }

        Ok(())
    }

    fn apply_policy_to_context(
        &mut self,
        context: &mut Context,
        policy: &<Policy as PolicyPlugin>::Policy,
    ) -> Result<(), crate::common::Error> {
        // see if the chdir flag is permitted
        match policy.chdir() {
            DirChange::Any => {}
            DirChange::Strict(optdir) => {
                if context.chdir.is_some() {
                    return Err(Error::auth("no permission")); // TODO better user error messages
                } else {
                    context.chdir = optdir.map(std::path::PathBuf::from)
                }
            }
        }

        Ok(())
    }
}