From a88a05c1eb88c2a958ef9f2e26a43c33cc71ca92 Mon Sep 17 00:00:00 2001 From: "Todd C. Miller" Date: Thu, 30 Jan 2020 13:25:38 -0700 Subject: [PATCH] Adapt python plugin to new plugin API changes --- plugins/python/python_plugin_io.c | 16 +- plugins/python/python_plugin_io_multi.inc | 32 ++-- plugins/python/python_plugin_policy.c | 10 +- .../python/regress/check_python_examples.c | 149 +++++++++++------- 4 files changed, 120 insertions(+), 87 deletions(-) diff --git a/plugins/python/python_plugin_io.c b/plugins/python/python_plugin_io.c index 2db8b3690..2375c3531 100644 --- a/plugins/python/python_plugin_io.c +++ b/plugins/python/python_plugin_io.c @@ -80,7 +80,7 @@ python_plugin_io_open(struct IOPluginContext *io_ctx, sudo_printf_t sudo_printf, char * const settings[], char * const user_info[], char * const command_info[], int argc, char * const argv[], char * const user_env[], - char * const plugin_options[]) + char * const plugin_options[], const char **errstr) { debug_decl(python_plugin_io_open, PYTHON_DEBUG_CALLBACKS); @@ -146,7 +146,7 @@ python_plugin_io_show_version(struct IOPluginContext *io_ctx, int verbose) } int -python_plugin_io_log_ttyin(struct IOPluginContext *io_ctx, const char *buf, unsigned int len) +python_plugin_io_log_ttyin(struct IOPluginContext *io_ctx, const char *buf, unsigned int len, const char **errstr) { debug_decl(python_plugin_io_log_ttyin, PYTHON_DEBUG_CALLBACKS); PyThreadState_Swap(BASE_CTX(io_ctx)->py_interpreter); @@ -155,7 +155,7 @@ python_plugin_io_log_ttyin(struct IOPluginContext *io_ctx, const char *buf, unsi } int -python_plugin_io_log_ttyout(struct IOPluginContext *io_ctx, const char *buf, unsigned int len) +python_plugin_io_log_ttyout(struct IOPluginContext *io_ctx, const char *buf, unsigned int len, const char **errstr) { debug_decl(python_plugin_io_log_ttyout, PYTHON_DEBUG_CALLBACKS); PyThreadState_Swap(BASE_CTX(io_ctx)->py_interpreter); @@ -164,7 +164,7 @@ python_plugin_io_log_ttyout(struct IOPluginContext *io_ctx, const char *buf, uns } int -python_plugin_io_log_stdin(struct IOPluginContext *io_ctx, const char *buf, unsigned int len) +python_plugin_io_log_stdin(struct IOPluginContext *io_ctx, const char *buf, unsigned int len, const char **errstr) { debug_decl(python_plugin_io_log_stdin, PYTHON_DEBUG_CALLBACKS); PyThreadState_Swap(BASE_CTX(io_ctx)->py_interpreter); @@ -173,7 +173,7 @@ python_plugin_io_log_stdin(struct IOPluginContext *io_ctx, const char *buf, unsi } int -python_plugin_io_log_stdout(struct IOPluginContext *io_ctx, const char *buf, unsigned int len) +python_plugin_io_log_stdout(struct IOPluginContext *io_ctx, const char *buf, unsigned int len, const char **errstr) { debug_decl(python_plugin_io_log_stdout, PYTHON_DEBUG_CALLBACKS); PyThreadState_Swap(BASE_CTX(io_ctx)->py_interpreter); @@ -182,7 +182,7 @@ python_plugin_io_log_stdout(struct IOPluginContext *io_ctx, const char *buf, uns } int -python_plugin_io_log_stderr(struct IOPluginContext *io_ctx, const char *buf, unsigned int len) +python_plugin_io_log_stderr(struct IOPluginContext *io_ctx, const char *buf, unsigned int len, const char **errstr) { debug_decl(python_plugin_io_log_stderr, PYTHON_DEBUG_CALLBACKS); PyThreadState_Swap(BASE_CTX(io_ctx)->py_interpreter); @@ -191,7 +191,7 @@ python_plugin_io_log_stderr(struct IOPluginContext *io_ctx, const char *buf, uns } int -python_plugin_io_change_winsize(struct IOPluginContext *io_ctx, unsigned int line, unsigned int cols) +python_plugin_io_change_winsize(struct IOPluginContext *io_ctx, unsigned int line, unsigned int cols, const char **errstr) { debug_decl(python_plugin_io_change_winsize, PYTHON_DEBUG_CALLBACKS); PyThreadState_Swap(BASE_CTX(io_ctx)->py_interpreter); @@ -200,7 +200,7 @@ python_plugin_io_change_winsize(struct IOPluginContext *io_ctx, unsigned int lin } int -python_plugin_io_log_suspend(struct IOPluginContext *io_ctx, int signo) +python_plugin_io_log_suspend(struct IOPluginContext *io_ctx, int signo, const char **errstr) { debug_decl(python_plugin_io_log_suspend, PYTHON_DEBUG_CALLBACKS); PyThreadState_Swap(BASE_CTX(io_ctx)->py_interpreter); diff --git a/plugins/python/python_plugin_io_multi.inc b/plugins/python/python_plugin_io_multi.inc index f3ceb2e52..bf776f3e8 100644 --- a/plugins/python/python_plugin_io_multi.inc +++ b/plugins/python/python_plugin_io_multi.inc @@ -16,10 +16,10 @@ CALLBACK_CFUNC(open)( sudo_printf_t sudo_printf, char * const settings[], char * const user_info[], char * const command_info[], int argc, char * const argv[], char * const user_env[], - char * const plugin_options[]) + char * const plugin_options[], const char **errstr) { return python_plugin_io_open(&PLUGIN_CTX, version, conversation, - sudo_printf, settings, user_info, command_info, argc, argv, user_env, plugin_options); + sudo_printf, settings, user_info, command_info, argc, argv, user_env, plugin_options, errstr); } void @@ -35,45 +35,45 @@ CALLBACK_CFUNC(show_version)(int verbose) } int -CALLBACK_CFUNC(log_ttyin)(const char *buf, unsigned int len) +CALLBACK_CFUNC(log_ttyin)(const char *buf, unsigned int len, const char **errstr) { - return python_plugin_io_log_ttyin(&PLUGIN_CTX, buf, len); + return python_plugin_io_log_ttyin(&PLUGIN_CTX, buf, len, errstr); } int -CALLBACK_CFUNC(log_ttyout)(const char *buf, unsigned int len) +CALLBACK_CFUNC(log_ttyout)(const char *buf, unsigned int len, const char **errstr) { - return python_plugin_io_log_ttyout(&PLUGIN_CTX, buf, len); + return python_plugin_io_log_ttyout(&PLUGIN_CTX, buf, len, errstr); } int -CALLBACK_CFUNC(log_stdin)(const char *buf, unsigned int len) +CALLBACK_CFUNC(log_stdin)(const char *buf, unsigned int len, const char **errstr) { - return python_plugin_io_log_stdin(&PLUGIN_CTX, buf, len); + return python_plugin_io_log_stdin(&PLUGIN_CTX, buf, len, errstr); } int -CALLBACK_CFUNC(log_stdout)(const char *buf, unsigned int len) +CALLBACK_CFUNC(log_stdout)(const char *buf, unsigned int len, const char **errstr) { - return python_plugin_io_log_stdout(&PLUGIN_CTX, buf, len); + return python_plugin_io_log_stdout(&PLUGIN_CTX, buf, len, errstr); } int -CALLBACK_CFUNC(log_stderr)(const char *buf, unsigned int len) +CALLBACK_CFUNC(log_stderr)(const char *buf, unsigned int len, const char **errstr) { - return python_plugin_io_log_stderr(&PLUGIN_CTX, buf, len); + return python_plugin_io_log_stderr(&PLUGIN_CTX, buf, len, errstr); } int -CALLBACK_CFUNC(change_winsize)(unsigned int line, unsigned int cols) +CALLBACK_CFUNC(change_winsize)(unsigned int line, unsigned int cols, const char **errstr) { - return python_plugin_io_change_winsize(&PLUGIN_CTX, line, cols); + return python_plugin_io_change_winsize(&PLUGIN_CTX, line, cols, errstr); } int -CALLBACK_CFUNC(log_suspend)(int signo) +CALLBACK_CFUNC(log_suspend)(int signo, const char **errstr) { - return python_plugin_io_log_suspend(&PLUGIN_CTX, signo); + return python_plugin_io_log_suspend(&PLUGIN_CTX, signo, errstr); } struct io_plugin IO_SYMBOL_NAME(python_io) = { diff --git a/plugins/python/python_plugin_policy.c b/plugins/python/python_plugin_policy.c index b041e5b49..f86fd460d 100644 --- a/plugins/python/python_plugin_policy.c +++ b/plugins/python/python_plugin_policy.c @@ -46,7 +46,7 @@ static int python_plugin_policy_open(unsigned int version, sudo_conv_t conversation, sudo_printf_t sudo_printf, char * const settings[], char * const user_info[], char * const user_env[], - char * const plugin_options[]) + char * const plugin_options[], const char **errstr) { debug_decl(python_plugin_policy_open, PYTHON_DEBUG_CALLBACKS); @@ -91,7 +91,7 @@ python_plugin_policy_close(int exit_status, int error) static int python_plugin_policy_check(int argc, char * const argv[], char *env_add[], char **command_info_out[], - char **argv_out[], char **user_env_out[]) + char **argv_out[], char **user_env_out[], const char **errstr) { debug_decl(python_plugin_policy_check, PYTHON_DEBUG_CALLBACKS); int rc = SUDO_RC_ERROR; @@ -167,7 +167,7 @@ cleanup: } static int -python_plugin_policy_list(int argc, char * const argv[], int verbose, const char *list_user) +python_plugin_policy_list(int argc, char * const argv[], int verbose, const char *list_user, const char **errstr) { debug_decl(python_plugin_policy_list, PYTHON_DEBUG_CALLBACKS); @@ -203,7 +203,7 @@ python_plugin_policy_version(int verbose) } int -python_plugin_policy_validate(void) +python_plugin_policy_validate(const char **errstr) { debug_decl(python_plugin_policy_validate, PYTHON_DEBUG_CALLBACKS); PyThreadState_Swap(plugin_ctx.py_interpreter); @@ -221,7 +221,7 @@ python_plugin_policy_invalidate(int remove) } int -python_plugin_policy_init_session(struct passwd *pwd, char **user_env[]) +python_plugin_policy_init_session(struct passwd *pwd, char **user_env[], const char **errstr) { debug_decl(python_plugin_policy_init_session, PYTHON_DEBUG_CALLBACKS); int rc = SUDO_RC_ERROR; diff --git a/plugins/python/regress/check_python_examples.c b/plugins/python/regress/check_python_examples.c index 7ccba5289..1f6255b3d 100644 --- a/plugins/python/regress/check_python_examples.c +++ b/plugins/python/regress/check_python_examples.c @@ -162,11 +162,12 @@ cleanup(int success) int check_example_io_plugin_version_display(int is_verbose) { + const char *errstr = NULL; create_io_plugin_options(data.tmp_dir); VERIFY_INT(python_io->open(SUDO_API_VERSION, fake_conversation, fake_printf, data.settings, data.user_info, data.command_info, data.plugin_argc, data.plugin_argv, data.user_env, - data.plugin_options), SUDO_RC_OK); + data.plugin_options, &errstr), SUDO_RC_OK); VERIFY_INT(python_io->show_version(is_verbose), SUDO_RC_OK); python_io->close(0, 0); // this should not call the python plugin close as there was no command run invocation @@ -188,6 +189,7 @@ check_example_io_plugin_version_display(int is_verbose) int check_example_io_plugin_command_log(void) { + const char *errstr = NULL; create_io_plugin_options(data.tmp_dir); free(data.plugin_argv); @@ -199,15 +201,15 @@ check_example_io_plugin_command_log(void) VERIFY_INT(python_io->open(SUDO_API_VERSION, fake_conversation, fake_printf, data.settings, data.user_info, data.command_info, data.plugin_argc, data.plugin_argv, - data.user_env, data.plugin_options), SUDO_RC_OK); - VERIFY_INT(python_io->log_stdin("some standard input", strlen("some standard input")), SUDO_RC_OK); - VERIFY_INT(python_io->log_stdout("some standard output", strlen("some standard output")), SUDO_RC_OK); - VERIFY_INT(python_io->log_stderr("some standard error", strlen("some standard error")), SUDO_RC_OK); - VERIFY_INT(python_io->log_suspend(SIGTSTP), SUDO_RC_OK); - VERIFY_INT(python_io->log_suspend(SIGCONT), SUDO_RC_OK); - VERIFY_INT(python_io->change_winsize(200, 100), SUDO_RC_OK); - VERIFY_INT(python_io->log_ttyin("some tty input", strlen("some tty input")), SUDO_RC_OK); - VERIFY_INT(python_io->log_ttyout("some tty output", strlen("some tty output")), SUDO_RC_OK); + data.user_env, data.plugin_options, &errstr), SUDO_RC_OK); + VERIFY_INT(python_io->log_stdin("some standard input", strlen("some standard input"), &errstr), SUDO_RC_OK); + VERIFY_INT(python_io->log_stdout("some standard output", strlen("some standard output"), &errstr), SUDO_RC_OK); + VERIFY_INT(python_io->log_stderr("some standard error", strlen("some standard error"), &errstr), SUDO_RC_OK); + VERIFY_INT(python_io->log_suspend(SIGTSTP, &errstr), SUDO_RC_OK); + VERIFY_INT(python_io->log_suspend(SIGCONT, &errstr), SUDO_RC_OK); + VERIFY_INT(python_io->change_winsize(200, 100, &errstr), SUDO_RC_OK); + VERIFY_INT(python_io->log_ttyin("some tty input", strlen("some tty input"), &errstr), SUDO_RC_OK); + VERIFY_INT(python_io->log_ttyout("some tty output", strlen("some tty output"), &errstr), SUDO_RC_OK); python_io->close(1, 0); // successful execution, command returned 1 @@ -223,6 +225,8 @@ typedef struct io_plugin * (io_clone_func)(void); int check_example_io_plugin_command_log_multiple(void) { + const char *errstr = NULL; + // verify multiple python io plugin symbols are available io_clone_func *python_io_clone = (io_clone_func *)sudo_dso_findsym(python_plugin_handle, "python_io_clone"); VERIFY_PTR_NE(python_io_clone, NULL); @@ -247,7 +251,7 @@ check_example_io_plugin_command_log_multiple(void) VERIFY_INT(python_io->open(SUDO_API_VERSION, fake_conversation, fake_printf, data.settings, data.user_info, data.command_info, data.plugin_argc, data.plugin_argv, - data.user_env, data.plugin_options), SUDO_RC_OK); + data.user_env, data.plugin_options, &errstr), SUDO_RC_OK); // For verifying the error message of no more plugin. It should be displayed only once. VERIFY_PTR((*python_io_clone)(), NULL); @@ -267,24 +271,24 @@ check_example_io_plugin_command_log_multiple(void) VERIFY_INT(python_io2->open(SUDO_API_VERSION, fake_conversation, fake_printf, data.settings, data.user_info, data.command_info, data.plugin_argc, data.plugin_argv, - data.user_env, data.plugin_options), SUDO_RC_OK); + data.user_env, data.plugin_options, &errstr), SUDO_RC_OK); - VERIFY_INT(python_io->log_stdin("stdin for plugin 1", strlen("stdin for plugin 1")), SUDO_RC_OK); - VERIFY_INT(python_io2->log_stdin("stdin for plugin 2", strlen("stdin for plugin 2")), SUDO_RC_OK); - VERIFY_INT(python_io->log_stdout("stdout for plugin 1", strlen("stdout for plugin 1")), SUDO_RC_OK); - VERIFY_INT(python_io2->log_stdout("stdout for plugin 2", strlen("stdout for plugin 2")), SUDO_RC_OK); - VERIFY_INT(python_io->log_stderr("stderr for plugin 1", strlen("stderr for plugin 1")), SUDO_RC_OK); - VERIFY_INT(python_io2->log_stderr("stderr for plugin 2", strlen("stderr for plugin 2")), SUDO_RC_OK); - VERIFY_INT(python_io->log_suspend(SIGTSTP), SUDO_RC_OK); - VERIFY_INT(python_io2->log_suspend(SIGSTOP), SUDO_RC_OK); - VERIFY_INT(python_io->log_suspend(SIGCONT), SUDO_RC_OK); - VERIFY_INT(python_io2->log_suspend(SIGCONT), SUDO_RC_OK); - VERIFY_INT(python_io->change_winsize(20, 10), SUDO_RC_OK); - VERIFY_INT(python_io2->change_winsize(30, 40), SUDO_RC_OK); - VERIFY_INT(python_io->log_ttyin("tty input for plugin 1", strlen("tty input for plugin 1")), SUDO_RC_OK); - VERIFY_INT(python_io2->log_ttyin("tty input for plugin 2", strlen("tty input for plugin 2")), SUDO_RC_OK); - VERIFY_INT(python_io->log_ttyout("tty output for plugin 1", strlen("tty output for plugin 1")), SUDO_RC_OK); - VERIFY_INT(python_io2->log_ttyout("tty output for plugin 2", strlen("tty output for plugin 2")), SUDO_RC_OK); + VERIFY_INT(python_io->log_stdin("stdin for plugin 1", strlen("stdin for plugin 1"), &errstr), SUDO_RC_OK); + VERIFY_INT(python_io2->log_stdin("stdin for plugin 2", strlen("stdin for plugin 2"), &errstr), SUDO_RC_OK); + VERIFY_INT(python_io->log_stdout("stdout for plugin 1", strlen("stdout for plugin 1"), &errstr), SUDO_RC_OK); + VERIFY_INT(python_io2->log_stdout("stdout for plugin 2", strlen("stdout for plugin 2"), &errstr), SUDO_RC_OK); + VERIFY_INT(python_io->log_stderr("stderr for plugin 1", strlen("stderr for plugin 1"), &errstr), SUDO_RC_OK); + VERIFY_INT(python_io2->log_stderr("stderr for plugin 2", strlen("stderr for plugin 2"), &errstr), SUDO_RC_OK); + VERIFY_INT(python_io->log_suspend(SIGTSTP, &errstr), SUDO_RC_OK); + VERIFY_INT(python_io2->log_suspend(SIGSTOP, &errstr), SUDO_RC_OK); + VERIFY_INT(python_io->log_suspend(SIGCONT, &errstr), SUDO_RC_OK); + VERIFY_INT(python_io2->log_suspend(SIGCONT, &errstr), SUDO_RC_OK); + VERIFY_INT(python_io->change_winsize(20, 10, &errstr), SUDO_RC_OK); + VERIFY_INT(python_io2->change_winsize(30, 40, &errstr), SUDO_RC_OK); + VERIFY_INT(python_io->log_ttyin("tty input for plugin 1", strlen("tty input for plugin 1"), &errstr), SUDO_RC_OK); + VERIFY_INT(python_io2->log_ttyin("tty input for plugin 2", strlen("tty input for plugin 2"), &errstr), SUDO_RC_OK); + VERIFY_INT(python_io->log_ttyout("tty output for plugin 1", strlen("tty output for plugin 1"), &errstr), SUDO_RC_OK); + VERIFY_INT(python_io2->log_ttyout("tty output for plugin 2", strlen("tty output for plugin 2"), &errstr), SUDO_RC_OK); python_io->close(1, 0); // successful execution, command returned 1 python_io2->close(2, 0); // command returned 2 @@ -300,6 +304,8 @@ check_example_io_plugin_command_log_multiple(void) int check_example_io_plugin_failed_to_start_command(void) { + const char *errstr = NULL; + create_io_plugin_options(data.tmp_dir); free(data.plugin_argv); @@ -311,7 +317,7 @@ check_example_io_plugin_failed_to_start_command(void) VERIFY_INT(python_io->open(SUDO_API_VERSION, fake_conversation, fake_printf, data.settings, data.user_info, data.command_info, data.plugin_argc, data.plugin_argv, - data.user_env, data.plugin_options), SUDO_RC_OK); + data.user_env, data.plugin_options, &errstr), SUDO_RC_OK); python_io->close(0, EPERM); // execve returned with error @@ -325,11 +331,13 @@ check_example_io_plugin_failed_to_start_command(void) int check_example_io_plugin_fails_with_python_backtrace(void) { + const char *errstr = NULL; + create_io_plugin_options("/some/not/writable/directory"); VERIFY_INT(python_io->open(SUDO_API_VERSION, fake_conversation, fake_printf, data.settings, data.user_info, data.command_info, data.plugin_argc, data.plugin_argv, - data.user_env, data.plugin_options), SUDO_RC_ERROR); + data.user_env, data.plugin_options, &errstr), SUDO_RC_ERROR); VERIFY_STDOUT(expected_path("check_example_io_plugin_fails_with_python_backtrace.stdout")); VERIFY_STDERR(expected_path("check_example_io_plugin_fails_with_python_backtrace.stderr")); @@ -412,6 +420,7 @@ check_example_group_plugin_is_able_to_debug(void) int check_example_debugging(const char *debug_spec) { + const char *errstr = NULL; const char *config_path = create_debug_config(debug_spec); VERIFY_NOT_NULL(config_path); VERIFY_INT(sudo_conf_read(config_path, SUDO_CONF_ALL), true); @@ -426,7 +435,7 @@ check_example_debugging(const char *debug_spec) VERIFY_INT(python_io->open(SUDO_API_VERSION, fake_conversation, fake_printf, data.settings, data.user_info, data.command_info, data.plugin_argc, data.plugin_argv, - data.user_env, data.plugin_options), SUDO_RC_OK); + data.user_env, data.plugin_options, &errstr), SUDO_RC_OK); python_io->close(0, 0); VERIFY_STR(data.stderr_str, ""); @@ -441,9 +450,11 @@ check_example_debugging(const char *debug_spec) int check_loading_fails(const char *name) { + const char *errstr = NULL; + VERIFY_INT(python_io->open(SUDO_API_VERSION, fake_conversation, fake_printf, data.settings, data.user_info, data.command_info, data.plugin_argc, data.plugin_argv, - data.user_env, data.plugin_options), SUDO_RC_ERROR); + data.user_env, data.plugin_options, &errstr), SUDO_RC_ERROR); python_io->close(0, 0); VERIFY_STDOUT(expected_path("check_loading_fails_%s.stdout", name)); @@ -498,6 +509,8 @@ check_loading_fails_plugin_is_not_owned_by_root(void) int check_example_conversation_plugin_reason_log(int simulate_suspend, const char *description) { + const char *errstr = NULL; + create_conversation_plugin_options(); free(data.plugin_argv); // have a command run @@ -511,7 +524,7 @@ check_example_conversation_plugin_reason_log(int simulate_suspend, const char *d VERIFY_INT(python_io->open(SUDO_API_VERSION, conversation, fake_printf, data.settings, data.user_info, data.command_info, data.plugin_argc, data.plugin_argv, - data.user_env, data.plugin_options), SUDO_RC_OK); + data.user_env, data.plugin_options, &errstr), SUDO_RC_OK); python_io->close(0, 0); VERIFY_STDOUT(expected_path("check_example_conversation_plugin_reason_log_%s.stdout", description)); @@ -524,6 +537,8 @@ check_example_conversation_plugin_reason_log(int simulate_suspend, const char *d int check_example_conversation_plugin_user_interrupts(void) { + const char *errstr = NULL; + create_conversation_plugin_options(); free(data.plugin_argv); // have a command run @@ -534,7 +549,7 @@ check_example_conversation_plugin_user_interrupts(void) VERIFY_INT(python_io->open(SUDO_API_VERSION, fake_conversation, fake_printf, data.settings, data.user_info, data.command_info, data.plugin_argc, data.plugin_argv, - data.user_env, data.plugin_options), SUDO_RC_REJECT); + data.user_env, data.plugin_options, &errstr), SUDO_RC_REJECT); python_io->close(0, 0); VERIFY_STDOUT(expected_path("check_example_conversation_plugin_user_interrupts.stdout")); @@ -546,10 +561,12 @@ check_example_conversation_plugin_user_interrupts(void) int check_example_policy_plugin_version_display(int is_verbose) { + const char *errstr = NULL; + create_policy_plugin_options(); VERIFY_INT(python_policy->open(SUDO_API_VERSION, fake_conversation, fake_printf, data.settings, - data.user_info, data.user_env, data.plugin_options), + data.user_info, data.user_env, data.plugin_options, &errstr), SUDO_RC_OK); VERIFY_INT(python_policy->show_version(is_verbose), SUDO_RC_OK); @@ -571,6 +588,8 @@ check_example_policy_plugin_version_display(int is_verbose) int check_example_policy_plugin_accepted_execution(void) { + const char *errstr = NULL; + create_policy_plugin_options(); data.plugin_argc = 2; @@ -580,7 +599,7 @@ check_example_policy_plugin_accepted_execution(void) data.user_env = create_str_array(3, "USER_ENV1=VALUE1", "USER_ENV2=value2", NULL); VERIFY_INT(python_policy->open(SUDO_API_VERSION, fake_conversation, fake_printf, data.settings, - data.user_info, data.user_env, data.plugin_options), + data.user_info, data.user_env, data.plugin_options, &errstr), SUDO_RC_OK); char **env_add = create_str_array(3, "REQUESTED_ENV1=VALUE1", "REQUESTED_ENV2=value2", NULL); @@ -588,7 +607,7 @@ check_example_policy_plugin_accepted_execution(void) char **argv_out, **user_env_out, **command_info_out; // free to contain garbage VERIFY_INT(python_policy->check_policy(data.plugin_argc, data.plugin_argv, env_add, - &command_info_out, &argv_out, &user_env_out), + &command_info_out, &argv_out, &user_env_out, &errstr), SUDO_RC_ACCEPT); VERIFY_STR_SET(command_info_out, 4, "command=/bin/whoami", "runas_uid=0", "runas_gid=0", NULL); @@ -596,7 +615,7 @@ check_example_policy_plugin_accepted_execution(void) "REQUESTED_ENV1=VALUE1", "REQUESTED_ENV2=value2", NULL); VERIFY_STR_SET(argv_out, 3, "/bin/whoami", "--help", NULL); - VERIFY_INT(python_policy->init_session(&example_pwd, &user_env_out), SUDO_RC_ACCEPT); + VERIFY_INT(python_policy->init_session(&example_pwd, &user_env_out, &errstr), SUDO_RC_ACCEPT); // init session is able to modify the user env: VERIFY_STR_SET(user_env_out, 6, "USER_ENV1=VALUE1", "USER_ENV2=value2", @@ -617,23 +636,25 @@ check_example_policy_plugin_accepted_execution(void) int check_example_policy_plugin_failed_execution(void) { + const char *errstr = NULL; + create_policy_plugin_options(); data.plugin_argc = 2; data.plugin_argv = create_str_array(3, "/bin/id", "--help", NULL); VERIFY_INT(python_policy->open(SUDO_API_VERSION, fake_conversation, fake_printf, data.settings, - data.user_info, data.user_env, data.plugin_options), + data.user_info, data.user_env, data.plugin_options, &errstr), SUDO_RC_OK); char **argv_out, **user_env_out, **command_info_out; // free to contain garbage VERIFY_INT(python_policy->check_policy(data.plugin_argc, data.plugin_argv, NULL, - &command_info_out, &argv_out, &user_env_out), + &command_info_out, &argv_out, &user_env_out, &errstr), SUDO_RC_ACCEPT); // pwd is unset (user is not part of /etc/passwd) - VERIFY_INT(python_policy->init_session(NULL, &user_env_out), SUDO_RC_ACCEPT); + VERIFY_INT(python_policy->init_session(NULL, &user_env_out, &errstr), SUDO_RC_ACCEPT); python_policy->close(12345, ENOENT); // failed to execute @@ -649,19 +670,21 @@ check_example_policy_plugin_failed_execution(void) int check_example_policy_plugin_denied_execution(void) { + const char *errstr = NULL; + create_policy_plugin_options(); data.plugin_argc = 1; data.plugin_argv = create_str_array(2, "/bin/passwd", NULL); VERIFY_INT(python_policy->open(SUDO_API_VERSION, fake_conversation, fake_printf, data.settings, - data.user_info, data.user_env, data.plugin_options), + data.user_info, data.user_env, data.plugin_options, &errstr), SUDO_RC_OK); char **argv_out, **user_env_out, **command_info_out; // free to contain garbage VERIFY_INT(python_policy->check_policy(data.plugin_argc, data.plugin_argv, NULL, - &command_info_out, &argv_out, &user_env_out), + &command_info_out, &argv_out, &user_env_out, &errstr), SUDO_RC_REJECT); VERIFY_PTR(command_info_out, NULL); @@ -679,41 +702,43 @@ check_example_policy_plugin_denied_execution(void) int check_example_policy_plugin_list(void) { + const char *errstr = NULL; + create_policy_plugin_options(); VERIFY_INT(python_policy->open(SUDO_API_VERSION, fake_conversation, fake_printf, data.settings, - data.user_info, data.user_env, data.plugin_options), + data.user_info, data.user_env, data.plugin_options, &errstr), SUDO_RC_OK); snprintf_append(data.stdout_str, MAX_OUTPUT, "-- minimal --\n"); - VERIFY_INT(python_policy->list(data.plugin_argc, data.plugin_argv, false, NULL), SUDO_RC_OK); + VERIFY_INT(python_policy->list(data.plugin_argc, data.plugin_argv, false, NULL, &errstr), SUDO_RC_OK); snprintf_append(data.stdout_str, MAX_OUTPUT, "\n-- minimal (verbose) --\n"); - VERIFY_INT(python_policy->list(data.plugin_argc, data.plugin_argv, true, NULL), SUDO_RC_OK); + VERIFY_INT(python_policy->list(data.plugin_argc, data.plugin_argv, true, NULL, &errstr), SUDO_RC_OK); snprintf_append(data.stdout_str, MAX_OUTPUT, "\n-- with user --\n"); - VERIFY_INT(python_policy->list(data.plugin_argc, data.plugin_argv, false, "testuser"), SUDO_RC_OK); + VERIFY_INT(python_policy->list(data.plugin_argc, data.plugin_argv, false, "testuser", &errstr), SUDO_RC_OK); snprintf_append(data.stdout_str, MAX_OUTPUT, "\n-- with user (verbose) --\n"); - VERIFY_INT(python_policy->list(data.plugin_argc, data.plugin_argv, true, "testuser"), SUDO_RC_OK); + VERIFY_INT(python_policy->list(data.plugin_argc, data.plugin_argv, true, "testuser", &errstr), SUDO_RC_OK); snprintf_append(data.stdout_str, MAX_OUTPUT, "\n-- with allowed program --\n"); free(data.plugin_argv); data.plugin_argc = 3; data.plugin_argv = create_str_array(4, "/bin/id", "some", "arguments", NULL); - VERIFY_INT(python_policy->list(data.plugin_argc, data.plugin_argv, false, NULL), SUDO_RC_OK); + VERIFY_INT(python_policy->list(data.plugin_argc, data.plugin_argv, false, NULL, &errstr), SUDO_RC_OK); snprintf_append(data.stdout_str, MAX_OUTPUT, "\n-- with allowed program (verbose) --\n"); - VERIFY_INT(python_policy->list(data.plugin_argc, data.plugin_argv, true, NULL), SUDO_RC_OK); + VERIFY_INT(python_policy->list(data.plugin_argc, data.plugin_argv, true, NULL, &errstr), SUDO_RC_OK); snprintf_append(data.stdout_str, MAX_OUTPUT, "\n-- with denied program --\n"); free(data.plugin_argv); data.plugin_argc = 1; data.plugin_argv = create_str_array(2, "/bin/passwd", NULL); - VERIFY_INT(python_policy->list(data.plugin_argc, data.plugin_argv, false, NULL), SUDO_RC_OK); + VERIFY_INT(python_policy->list(data.plugin_argc, data.plugin_argv, false, NULL, &errstr), SUDO_RC_OK); snprintf_append(data.stdout_str, MAX_OUTPUT, "\n-- with denied program (verbose) --\n"); - VERIFY_INT(python_policy->list(data.plugin_argc, data.plugin_argv, true, NULL), SUDO_RC_OK); + VERIFY_INT(python_policy->list(data.plugin_argc, data.plugin_argv, true, NULL, &errstr), SUDO_RC_OK); python_policy->close(0, 0); // there was no execution @@ -726,6 +751,8 @@ check_example_policy_plugin_list(void) int check_example_policy_plugin_validate_invalidate(void) { + const char *errstr = NULL; + // the plugin does not do any meaningful for these, so using log to validate instead const char *config_path = create_debug_config("py_calls@diag"); VERIFY_NOT_NULL(config_path); @@ -734,9 +761,9 @@ check_example_policy_plugin_validate_invalidate(void) create_policy_plugin_options(); VERIFY_INT(python_policy->open(SUDO_API_VERSION, fake_conversation, fake_printf, data.settings, - data.user_info, data.user_env, data.plugin_options), + data.user_info, data.user_env, data.plugin_options, &errstr), SUDO_RC_OK); - VERIFY_INT(python_policy->validate(), SUDO_RC_OK); + VERIFY_INT(python_policy->validate(&errstr), SUDO_RC_OK); python_policy->invalidate(true); python_policy->invalidate(false); @@ -751,10 +778,12 @@ check_example_policy_plugin_validate_invalidate(void) int check_policy_plugin_callbacks_are_optional(void) { + const char *errstr = NULL; + create_debugging_plugin_options(); VERIFY_INT(python_policy->open(SUDO_API_VERSION, fake_conversation, fake_printf, data.settings, - data.user_info, data.user_env, data.plugin_options), + data.user_info, data.user_env, data.plugin_options, &errstr), SUDO_RC_OK); VERIFY_PTR(python_policy->list, NULL); @@ -771,11 +800,13 @@ check_policy_plugin_callbacks_are_optional(void) int check_io_plugin_callbacks_are_optional(void) { + const char *errstr = NULL; + create_debugging_plugin_options(); VERIFY_INT(python_io->open(SUDO_API_VERSION, fake_conversation, fake_printf, data.settings, data.user_info, data.command_info, data.plugin_argc, data.plugin_argv, - data.user_env, data.plugin_options), SUDO_RC_OK); + data.user_env, data.plugin_options, &errstr), SUDO_RC_OK); VERIFY_PTR(python_io->log_stdin, NULL); VERIFY_PTR(python_io->log_stdout, NULL); @@ -792,6 +823,8 @@ check_io_plugin_callbacks_are_optional(void) int check_python_plugins_do_not_affect_each_other(void) { + const char *errstr = NULL; + // We test here that one plugin is not able to effect the environment of another // This is important so they do not ruin or depend on each other's state. free(data.plugin_options); @@ -805,7 +838,7 @@ check_python_plugins_do_not_affect_each_other(void) VERIFY_INT(python_io->open(SUDO_API_VERSION, fake_conversation, fake_printf, data.settings, data.user_info, data.command_info, data.plugin_argc, data.plugin_argv, - data.user_env, data.plugin_options), SUDO_RC_OK); + data.user_env, data.plugin_options, &errstr), SUDO_RC_OK); free(data.plugin_options); data.plugin_options = create_str_array( @@ -817,7 +850,7 @@ check_python_plugins_do_not_affect_each_other(void) ); VERIFY_INT(python_policy->open(SUDO_API_VERSION, fake_conversation, fake_printf, data.settings, - data.user_info, data.user_env, data.plugin_options), SUDO_RC_OK); + data.user_info, data.user_env, data.plugin_options, &errstr), SUDO_RC_OK); python_io->close(0, 0); python_policy->close(0, 0);