less coupling: restrict the information that build_context can use

trifectatechfoundation · Jan 15, 2025 · 6356167 · 6356167
1 parent 202797a
commit 6356167
Show file tree

Hide file tree

Showing 3 changed files with 15 additions and 10 deletions.
diff --git a/src/sudo/mod.rs b/src/sudo/mod.rs
@@ -6,8 +6,8 @@ use crate::log::dev_info;
 use crate::system::interface::UserId;
 use crate::system::kernel::kernel_check;
 use crate::system::timestamp::RecordScope;
-use crate::system::User;
 use crate::system::{time::Duration, timestamp::SessionRecordFile, Process};
+use crate::system::{Hostname, User};
 use cli::help;
 #[cfg(test)]
 pub use cli::SudoAction;

diff --git a/src/sudo/pipeline.rs b/src/sudo/pipeline.rs
@@ -53,7 +53,12 @@ impl<Policy: PolicyPlugin, Auth: AuthPlugin> Pipeline<Policy, Auth> {
             )
         }
 
-        let mut context = build_context(ctx_opts, &pre)?;
+        // chicken-and-egg: context must already have incorporated from the context:
+        // - host
+        // - current user
+        // - target user
+        // to be able to resolve the command correctly
+        let mut context = build_context(ctx_opts, pre.secure_path())?;
 
         let policy = self.policy.judge(pre, &context)?;
 
@@ -117,7 +122,7 @@ impl<Policy: PolicyPlugin, Auth: AuthPlugin> Pipeline<Policy, Auth> {
 
     pub fn run_validate(mut self, cmd_opts: SudoValidateOptions) -> Result<(), Error> {
         let pre = self.policy.init()?;
-        let context = build_context(cmd_opts.into(), &pre)?;
+        let context = build_context(cmd_opts.into(), pre.secure_path())?;
 
         match pre.validate_authorization() {
             Authorization::Forbidden => {
@@ -207,12 +212,12 @@ impl<Policy: PolicyPlugin, Auth: AuthPlugin> Pipeline<Policy, Auth> {
 
 fn build_context(
     cmd_opts: OptionsForContext,
-    pre: &dyn PreJudgementPolicy,
+    secure_path: Option<String>,
 ) -> Result<Context, Error> {
-    let secure_path: String = pre
-        .secure_path()
-        .unwrap_or_else(|| std::env::var("PATH").unwrap_or_default());
-    Context::build_from_options(cmd_opts, secure_path)
+    Context::build_from_options(
+        cmd_opts,
+        secure_path.unwrap_or_else(|| std::env::var("PATH").unwrap_or_default()),
+    )
 }
 
 /// This should determine what the authentication status for the given record

diff --git a/src/sudo/pipeline/list.rs b/src/sudo/pipeline/list.rs
@@ -4,7 +4,7 @@ use crate::{
     common::{Context, Error},
     pam::CLIConverser,
     sudo::{cli::SudoListOptions, pam::PamAuthenticator, SudoersPolicy},
-    sudoers::{Authorization, ListRequest, Policy, Request, Sudoers},
+    sudoers::{Authorization, ListRequest, Policy, PreJudgementPolicy, Request, Sudoers},
     system::{interface::UserId, User},
 };
 
@@ -25,7 +25,7 @@ impl Pipeline<SudoersPolicy, PamAuthenticator<CLIConverser>> {
         let original_command = cmd_opts.positional_args.first().cloned();
 
         let sudoers = self.policy.init()?;
-        let context = super::build_context(cmd_opts.into(), &sudoers)?;
+        let context = super::build_context(cmd_opts.into(), sudoers.secure_path())?;
 
         if original_command.is_some() && !context.command.resolved {
             return Err(Error::CommandNotFound(context.command.command));