Full rust rewriting and new functionnalities

[LeChatP]

By rewriting this program entirely in Rust, I could add new features quickly and get almost the same performance as the C version. Rust language is appropriate for our software. And the rewriting was easy.

However, today, I would like to say what differs in this version:

From the most to the least exciting changes

• Full Rust Rewriting, no more C !
  • The sr binary is to execute a task with a role
  • The chsr binary is to modify the configuration and the RootAsRole policy with command line arguments or fancy terminal interface
  • The capable binary determines which capabilities are needed for a program.
• Role hierarchy managed (role parents' tasks will be included)
  • Parent roles and their tasks are Included in partial order comparison.
  • This role will be chosen if a task is less privileged in its parents.
  • TODO: chsr needs to be managed with cursive.
• Static separation of duties (SSD) implemented
  • If one role defines another role as SSD, actors cannot be in this role
  • This is checked on chsr. Configurator no longer needs to check it manually; it will be informed as denied.
  • This is checked on sr. If a user is added to a group that conflicts with SSD, conflicting roles are forbidden.
  • TODO: Editing the configuration of SSD with chsr.
• sr now handles timestamp cookies!
  • This means that sr doesn't require authentication for every command executed before a certain delay. This is entirely configurable like sudo does.
• Thanks to the Aya framework, The capable eBPF program is now in Rust. It simplifies the compilation process, which was the main problem with the C version.
• Capabilities are now entirely documented, thus automatically dumped from the capabilities manual.
• Better Command parsing
  • Binary Path is matched with the extended glob syntax.
    • ** means any path; you could translate it by "anything, everywhere".
    • * means any direct file on the current path here will be relative to the current working directory.
  • The previous meaning of ** was changed to ALL. So ALL means any command and any arguments. This is because the meaning of ** exists in the glob syntax and could be confusing.
  • Paths are now canonicalized.
  • Arguments can use PCRE2 to match. See here to build your regular expression
• Configuration file Versionning management implemented
  • This means that any upgrade of the current configuration will be managed and automatically migrated from one version to another.
• Now, capabilities can be denied from role definition, and their parents are included
• libxml2 is still needed to verify DTD
  • This negatively impacts performance because the program parses two times the configuration file
  • Today, XML rust crates do not provide every needed feature. SXD is the most complete one, so I implemented a part of libxml2 C bindings, but it needs to be completed and could be complex to enhance.
  • One day, I will consider migrating to JSON or YAML... However, I enforce the need for Schema Validation, which is not provided by default.
• Switched to Termion backend for cursive interface.

[codecov]

Codecov Report

Patch coverage: 55.60% and project coverage change: +1.85% 🎉

Comparison is base (4cdafa8) 39.52% compared to head (e9b2d3d) 41.37%.
Report is 7 commits behind head on main.

Additional details and impacted files

@@            Coverage Diff             @@
##             main      #30      +/-   ##
==========================================
+ Coverage   39.52%   41.37%   +1.85%     
==========================================
  Files          22       23       +1     
  Lines        6080     6209     +129     
  Branches      249        0     -249     
==========================================
+ Hits         2403     2569     +166     
- Misses       3585     3640      +55     
+ Partials       92        0      -92     

Flag	Coverage Δ
unittests	41.37% <55.60%> (+3.48%)	⬆️

Flags with carried forward coverage won't be shown. Click here to find out more.

Files Changed	Coverage Δ
src/chsr/checklist.rs	27.42% <ø> (ø)
src/chsr/cli.rs	35.92% <0.00%> (ø)
src/chsr/main.rs	0.00% <0.00%> (ø)
src/chsr/state/actor.rs	5.52% <0.00%> (ø)
src/chsr/state/command.rs	0.00% <0.00%> (ø)
src/chsr/state/common.rs	0.00% <ø> (ø)
src/chsr/state/options.rs	0.00% <ø> (ø)
src/chsr/state/role.rs	0.00% <0.00%> (ø)
src/chsr/state/task.rs	0.00% <0.00%> (ø)
src/sr/main.rs	0.00% <0.00%> (ø)
... and 13 more

... and 5 files with indirect coverage changes

☔ View full report in Codecov by Sentry.
📢 Have feedback on the report? Share it here.

[LeChatP]

Okay, let's create documentation of this new version.