plugins/python: add example python group plugin

2019-11-19 16:54:07 +01:00
parent d8432fca34
commit 523bcbedb6
1 changed files with 42 additions and 0 deletions
--- a/plugins/python/example_group_plugin.py
+++ b/plugins/python/example_group_plugin.py
@@ -0,0 +1,42 @@
+import sudo
+
+from typing import Tuple
+import pwd
+
+
+class SudoGroupPlugin(sudo.Plugin):
+    """Example sudo input/output plugin
+
+    Demonstrates how to use the sudo group plugin API. Typing annotations are
+    just here for the help on the syntax (requires python >= 3.5).
+
+    On detailed description of the functions refer to sudo_plugin manual (man
+    sudo_plugin).
+
+    Most functions can express error or reject through their "int" return value
+    as documented in the manual. The sudo module also has constants for these:
+        sudo.RC_ACCEPT / sudo.RC_OK  1
+        sudo.RC_REJECT               0
+        sudo.RC_ERROR               -1
+        sudo.RC_USAGE_ERROR         -2
+
+    If the function returns "None" (for example does not call return), it will
+    be considered sudo.RC_OK. If an exception is raised, its backtrace will be
+    shown to the user and the plugin function returns sudo.RC_ERROR. If that is
+    not acceptable, catch it.
+    """
+
+    # -- Plugin API functions --
+    def query(self, user: str, group: str, user_pwd: Tuple):
+        """Query if user is part of the specified group.
+
+        Beware that user_pwd can be None if user is not present in the password
+        database. Otherwise it is a tuple convertible to pwd.struct_passwd.
+        """
+        hardcoded_user_groups = {
+            "testgroup": [ "testuser1", "testuser2" ],
+            "mygroup": [ "test" ]
+        }
+
+        group_has_user = user in hardcoded_user_groups.get(group, [])
+        return sudo.RC_ACCEPT if group_has_user else sudo.RC_REJECT