Skip to content

Add support for remote sudoers#1539

Merged
bjorn3 merged 4 commits intotrifectatechfoundation:mainfrom
aplopez:remote-sudoers
Apr 15, 2026
Merged

Add support for remote sudoers#1539
bjorn3 merged 4 commits intotrifectatechfoundation:mainfrom
aplopez:remote-sudoers

Conversation

@aplopez
Copy link
Copy Markdown
Contributor

@aplopez aplopez commented Apr 3, 2026
edited
Loading

This PR addresses #1421.

I include four commits in the PR:

  • The support for the @socket directive (done by @squell)
  • The logics for reading the sudoers rules from the socket, and
  • A test for this case.
  • The documentation for @socket.

Some interesting points.

Limiting the "include" level

I replaced the old safety_count parameter (a u8 counter limiting the number of included files) by the IncludeState enum that includes this counter when inclusions are allowed, but also allows to forbid them. This was needed to prevent new inclusions from a socket even if the limit was not reached.

Test

I created an e2e test because I needed to create a socket on the filesystem. Otherwise I would have created a unit test.

Protocol

As we discussed some time ago, to make things simpler, the rules must be provided as text through the socket.

Use of AI

The use of AI was limited to:

  • Help me learn a few things that I had never done before in Rust, such as opening a socket.
  • Understand how some pieces of the existing code work, in particular the test framework.
  • Identify a few C-style pieces of code that I produced (habits!) and get suggestions to make them more rustacean.

All the code was produced by me.

@aplopez aplopez force-pushed the remote-sudoers branch 3 times, most recently from 689d896 to 0642cce Compare April 3, 2026 10:32
@squell squell added this to the External Contribs milestone Apr 3, 2026
bjorn3
bjorn3 requested changes Apr 7, 2026
View reviewed changes
Comment thread src/sudoers/mod.rs Outdated
Comment thread src/sudoers/mod.rs Outdated
Comment thread src/sudoers/mod.rs Outdated
Comment thread src/sudoers/mod.rs Outdated
@squell squell added the C-checker Permission checking logic label Apr 7, 2026
@squell squell mentioned this pull request Apr 14, 2026
Merged
@aplopez aplopez requested a review from bjorn3 April 14, 2026 14:57
@aplopez
Copy link
Copy Markdown
Contributor Author

aplopez commented Apr 15, 2026

I just updated the documentation with the @socket directive.

bjorn3
bjorn3 reviewed Apr 15, 2026
View reviewed changes
Copy link
Copy Markdown
Collaborator

@bjorn3 bjorn3 left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Looks pretty good. Just a couple of small nits.

Comment thread test-framework/e2e-tests/src/sudoers.rs Outdated
Comment thread src/sudoers/mod.rs Outdated
Comment thread src/sudoers/mod.rs Outdated
@aplopez
Add support for remote sudoers rules
1925575 
The directive @socket was previously introduced. This commit
adds the logics behind it to read the sudoers rules from that
socket.
aplopez added 2 commits April 15, 2026 12:36
@aplopez
Add a few tests for @socket
4988ecf 
These tests verify that @socket works properly and that the @include,
@includedir and @socket directives produce an error when read from
a socket.
@aplopez
Add @socket to the documentation
8945438
@bjorn3 bjorn3 merged commit a133f0e into trifectatechfoundation:main Apr 15, 2026
20 checks passed
@bjorn3 bjorn3 linked an issue Apr 15, 2026 that may be closed by this pull request
Implement a plug-in interface to read the sudoers file. #1421
Closed
@bjorn3 bjorn3 mentioned this pull request Apr 15, 2026
Closed
@bjorn3
Copy link
Copy Markdown
Collaborator

bjorn3 commented Apr 15, 2026

Thanks for implementing this!

@squell
Copy link
Copy Markdown
Member

squell commented Apr 15, 2026

🙏 Thanks everybody for the great and patient collaboration.

@aplopez
Copy link
Copy Markdown
Contributor Author

aplopez commented Apr 15, 2026

Thanks for the guidance and patience.

@squell squell mentioned this pull request Apr 22, 2026
Closed
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Reviewers

@bjorn3 bjorn3 bjorn3 approved these changes

Assignees

No one assigned

Labels

C-checker Permission checking logic

Projects

None yet

Milestone

External Contribs

Development

Successfully merging this pull request may close these issues.

Implement a plug-in interface to read the sudoers file.

3 participants

@aplopez @bjorn3 @squell