diff --git a/plugins/python/python_plugin_audit.c b/plugins/python/python_plugin_audit.c index 8676e3e38..cd1f47deb 100644 --- a/plugins/python/python_plugin_audit.c +++ b/plugins/python/python_plugin_audit.c @@ -44,13 +44,6 @@ struct AuditPluginContext (void **)&CALLBACK_PLUGINFUNC(function_name)); \ } while(0) -#define CB_SET_ERROR(errstr) \ - do { \ - const char *cb_error = audit_ctx->base_ctx.callback_error; \ - if (cb_error != NULL && errstr != NULL) { \ - *errstr = cb_error; \ - } \ - } while(0) static int _call_plugin_open(struct AuditPluginContext *audit_ctx, int submit_optind, char * const submit_argv[]) @@ -101,8 +94,8 @@ python_plugin_audit_open(struct AuditPluginContext *audit_ctx, rc = python_plugin_construct(plugin_ctx, PY_AUDIT_PLUGIN_VERSION, settings, user_info, submit_envp, plugin_options); + CALLBACK_SET_ERROR(plugin_ctx, errstr); if (rc != SUDO_RC_OK) { - CB_SET_ERROR(errstr); debug_return_int(rc); } @@ -114,8 +107,7 @@ python_plugin_audit_open(struct AuditPluginContext *audit_ctx, plugin_ctx->call_close = 1; rc = _call_plugin_open(audit_ctx, submit_optind, submit_argv); - - CB_SET_ERROR(errstr); + CALLBACK_SET_ERROR(plugin_ctx, errstr); if (PyErr_Occurred()) { py_log_last_error("Error during calling audit open"); @@ -163,8 +155,7 @@ python_plugin_audit_accept(struct AuditPluginContext *audit_ctx, PyObject *py_args = Py_BuildValue("(ziOOO)", plugin_name, plugin_type, py_command_info, py_run_argv, py_run_envp); rc = python_plugin_api_rc_call(plugin_ctx, CALLBACK_PYNAME(accept), py_args); - - CB_SET_ERROR(errstr); + CALLBACK_SET_ERROR(plugin_ctx, errstr); cleanup: Py_CLEAR(py_command_info); @@ -194,7 +185,7 @@ python_plugin_audit_reject(struct AuditPluginContext *audit_ctx, PyObject *py_args = Py_BuildValue("(zizO)", plugin_name, plugin_type, audit_msg, py_command_info); rc = python_plugin_api_rc_call(plugin_ctx, CALLBACK_PYNAME(reject), py_args); - CB_SET_ERROR(errstr); + CALLBACK_SET_ERROR(plugin_ctx, errstr); cleanup: Py_CLEAR(py_command_info); @@ -223,7 +214,7 @@ python_plugin_audit_error(struct AuditPluginContext *audit_ctx, PyObject *py_args = Py_BuildValue("(zizO)", plugin_name, plugin_type, audit_msg, py_command_info); rc = python_plugin_api_rc_call(plugin_ctx, CALLBACK_PYNAME(error), py_args); - CB_SET_ERROR(errstr); + CALLBACK_SET_ERROR(plugin_ctx, errstr); cleanup: Py_CLEAR(py_command_info); diff --git a/plugins/python/python_plugin_common.c b/plugins/python/python_plugin_common.c index 99cd8e6f3..53be8147c 100644 --- a/plugins/python/python_plugin_common.c +++ b/plugins/python/python_plugin_common.c @@ -138,12 +138,7 @@ python_plugin_handle_plugin_error_exception(PyObject **py_result, struct PluginC sudo_debug_printf(SUDO_DEBUG_INFO, "received sudo.PluginError exception with message '%s'", message == NULL ? "(null)" : message); - if (message != NULL && plugin_ctx->sudo_api_version < SUDO_API_MKVERSION(1, 15)) { - py_sudo_log(SUDO_CONV_ERROR_MSG, "%s", message); - free(message); - } else { - plugin_ctx->callback_error = message; - } + plugin_ctx->callback_error = message; Py_CLEAR(py_type); Py_CLEAR(py_message); diff --git a/plugins/python/python_plugin_common.h b/plugins/python/python_plugin_common.h index 1b11d0fe9..a91dd846e 100644 --- a/plugins/python/python_plugin_common.h +++ b/plugins/python/python_plugin_common.h @@ -30,7 +30,7 @@ struct PluginContext { unsigned int sudo_api_version; // We use this to let the error string live until sudo and the audit plugins - // are using it. Only set for sudo API >= 1.15, otherwise NULL + // are using it. char *callback_error; }; @@ -67,4 +67,14 @@ void python_plugin_mark_callback_optional(struct PluginContext *plugin_ctx, const char *python_plugin_name(struct PluginContext *plugin_ctx); +// sets the callback error stored in plugin_ctx into "errstr" but only if API +// version is enough and "errstr" is valid +#define CALLBACK_SET_ERROR(plugin_ctx, errstr) \ + do { \ + if ((plugin_ctx)->sudo_api_version >= SUDO_API_MKVERSION(1, 15) && errstr != NULL) { \ + if (errstr != NULL) \ + *errstr = (plugin_ctx)->callback_error; \ + } \ + } while(0) + #endif // SUDO_PYTHON_PLUGIN_COMMON_H diff --git a/plugins/python/python_plugin_io.c b/plugins/python/python_plugin_io.c index be40e4490..3c01b09aa 100644 --- a/plugins/python/python_plugin_io.c +++ b/plugins/python/python_plugin_io.c @@ -44,14 +44,6 @@ struct IOPluginContext (void **)&CALLBACK_PLUGINFUNC(function_name)); \ } while(0) -#define IO_CB_SET_ERROR(errstr) \ - do { \ - const char *cb_error = io_ctx->base_ctx.callback_error; \ - if (cb_error != NULL && errstr != NULL) { \ - *errstr = cb_error; \ - } \ - } while(false) - static int _call_plugin_open(struct IOPluginContext *io_ctx, int argc, char * const argv[], char * const command_info[]) @@ -111,8 +103,8 @@ python_plugin_io_open(struct IOPluginContext *io_ctx, rc = python_plugin_construct(plugin_ctx, PY_IO_PLUGIN_VERSION, settings, user_info, user_env, plugin_options); + CALLBACK_SET_ERROR(plugin_ctx, errstr); if (rc != SUDO_RC_OK) { - IO_CB_SET_ERROR(errstr); debug_return_int(rc); } @@ -130,7 +122,7 @@ python_plugin_io_open(struct IOPluginContext *io_ctx, if (argc > 0) // we only call open if there is request for running sg rc = _call_plugin_open(io_ctx, argc, argv, command_info); - IO_CB_SET_ERROR(errstr); + CALLBACK_SET_ERROR(plugin_ctx, errstr); debug_return_int(rc); } @@ -163,10 +155,11 @@ int python_plugin_io_log_ttyin(struct IOPluginContext *io_ctx, const char *buf, unsigned int len, const char **errstr) { debug_decl(python_plugin_io_log_ttyin, PYTHON_DEBUG_CALLBACKS); - PyThreadState_Swap(BASE_CTX(io_ctx)->py_interpreter); - int rc = python_plugin_api_rc_call(BASE_CTX(io_ctx), CALLBACK_PYNAME(log_ttyin), + struct PluginContext *plugin_ctx = BASE_CTX(io_ctx); + PyThreadState_Swap(plugin_ctx->py_interpreter); + int rc = python_plugin_api_rc_call(plugin_ctx, CALLBACK_PYNAME(log_ttyin), Py_BuildValue("(s#)", buf, len)); - IO_CB_SET_ERROR(errstr); + CALLBACK_SET_ERROR(plugin_ctx, errstr); debug_return_int(rc); } @@ -174,10 +167,11 @@ int python_plugin_io_log_ttyout(struct IOPluginContext *io_ctx, const char *buf, unsigned int len, const char **errstr) { debug_decl(python_plugin_io_log_ttyout, PYTHON_DEBUG_CALLBACKS); - PyThreadState_Swap(BASE_CTX(io_ctx)->py_interpreter); - int rc = python_plugin_api_rc_call(BASE_CTX(io_ctx), CALLBACK_PYNAME(log_ttyout), + struct PluginContext *plugin_ctx = BASE_CTX(io_ctx); + PyThreadState_Swap(plugin_ctx->py_interpreter); + int rc = python_plugin_api_rc_call(plugin_ctx, CALLBACK_PYNAME(log_ttyout), Py_BuildValue("(s#)", buf, len)); - IO_CB_SET_ERROR(errstr); + CALLBACK_SET_ERROR(plugin_ctx, errstr); debug_return_int(rc); } @@ -185,10 +179,11 @@ int python_plugin_io_log_stdin(struct IOPluginContext *io_ctx, const char *buf, unsigned int len, const char **errstr) { debug_decl(python_plugin_io_log_stdin, PYTHON_DEBUG_CALLBACKS); - PyThreadState_Swap(BASE_CTX(io_ctx)->py_interpreter); - int rc = python_plugin_api_rc_call(BASE_CTX(io_ctx), CALLBACK_PYNAME(log_stdin), + struct PluginContext *plugin_ctx = BASE_CTX(io_ctx); + PyThreadState_Swap(plugin_ctx->py_interpreter); + int rc = python_plugin_api_rc_call(plugin_ctx, CALLBACK_PYNAME(log_stdin), Py_BuildValue("(s#)", buf, len)); - IO_CB_SET_ERROR(errstr); + CALLBACK_SET_ERROR(plugin_ctx, errstr); debug_return_int(rc); } @@ -196,10 +191,11 @@ int python_plugin_io_log_stdout(struct IOPluginContext *io_ctx, const char *buf, unsigned int len, const char **errstr) { debug_decl(python_plugin_io_log_stdout, PYTHON_DEBUG_CALLBACKS); - PyThreadState_Swap(BASE_CTX(io_ctx)->py_interpreter); - int rc = python_plugin_api_rc_call(BASE_CTX(io_ctx), CALLBACK_PYNAME(log_stdout), + struct PluginContext *plugin_ctx = BASE_CTX(io_ctx); + PyThreadState_Swap(plugin_ctx->py_interpreter); + int rc = python_plugin_api_rc_call(plugin_ctx, CALLBACK_PYNAME(log_stdout), Py_BuildValue("(s#)", buf, len)); - IO_CB_SET_ERROR(errstr); + CALLBACK_SET_ERROR(plugin_ctx, errstr); debug_return_int(rc); } @@ -207,10 +203,11 @@ int python_plugin_io_log_stderr(struct IOPluginContext *io_ctx, const char *buf, unsigned int len, const char **errstr) { debug_decl(python_plugin_io_log_stderr, PYTHON_DEBUG_CALLBACKS); - PyThreadState_Swap(BASE_CTX(io_ctx)->py_interpreter); - int rc = python_plugin_api_rc_call(BASE_CTX(io_ctx), CALLBACK_PYNAME(log_stderr), + struct PluginContext *plugin_ctx = BASE_CTX(io_ctx); + PyThreadState_Swap(plugin_ctx->py_interpreter); + int rc = python_plugin_api_rc_call(plugin_ctx, CALLBACK_PYNAME(log_stderr), Py_BuildValue("(s#)", buf, len)); - IO_CB_SET_ERROR(errstr); + CALLBACK_SET_ERROR(plugin_ctx, errstr); debug_return_int(rc); } @@ -218,10 +215,11 @@ int python_plugin_io_change_winsize(struct IOPluginContext *io_ctx, unsigned int line, unsigned int cols, const char **errstr) { debug_decl(python_plugin_io_change_winsize, PYTHON_DEBUG_CALLBACKS); - PyThreadState_Swap(BASE_CTX(io_ctx)->py_interpreter); - int rc = python_plugin_api_rc_call(BASE_CTX(io_ctx), CALLBACK_PYNAME(change_winsize), + struct PluginContext *plugin_ctx = BASE_CTX(io_ctx); + PyThreadState_Swap(plugin_ctx->py_interpreter); + int rc = python_plugin_api_rc_call(plugin_ctx, CALLBACK_PYNAME(change_winsize), Py_BuildValue("(ii)", line, cols)); - IO_CB_SET_ERROR(errstr); + CALLBACK_SET_ERROR(plugin_ctx, errstr); debug_return_int(rc); } @@ -229,10 +227,11 @@ int python_plugin_io_log_suspend(struct IOPluginContext *io_ctx, int signo, const char **errstr) { debug_decl(python_plugin_io_log_suspend, PYTHON_DEBUG_CALLBACKS); - PyThreadState_Swap(BASE_CTX(io_ctx)->py_interpreter); - int rc = python_plugin_api_rc_call(BASE_CTX(io_ctx), CALLBACK_PYNAME(log_suspend), + struct PluginContext *plugin_ctx = BASE_CTX(io_ctx); + PyThreadState_Swap(plugin_ctx->py_interpreter); + int rc = python_plugin_api_rc_call(plugin_ctx, CALLBACK_PYNAME(log_suspend), Py_BuildValue("(i)", signo)); - IO_CB_SET_ERROR(errstr); + CALLBACK_SET_ERROR(plugin_ctx, errstr); debug_return_int(rc); } diff --git a/plugins/python/python_plugin_policy.c b/plugins/python/python_plugin_policy.c index c32b066d5..970ab2363 100644 --- a/plugins/python/python_plugin_policy.c +++ b/plugins/python/python_plugin_policy.c @@ -42,13 +42,6 @@ extern struct policy_plugin python_policy; (void **)&CALLBACK_PLUGINFUNC(function_name)); \ } while(0) -#define CB_SET_ERROR(errstr) \ - do { \ - const char *cb_error = plugin_ctx.callback_error; \ - if (cb_error != NULL && errstr != NULL) { \ - *errstr = cb_error; \ - } \ - } while(0) static int python_plugin_policy_open(unsigned int version, sudo_conv_t conversation, @@ -74,7 +67,7 @@ python_plugin_policy_open(unsigned int version, sudo_conv_t conversation, rc = python_plugin_construct(&plugin_ctx, PY_POLICY_PLUGIN_VERSION, settings, user_info, user_env, plugin_options); - CB_SET_ERROR(errstr); + CALLBACK_SET_ERROR(&plugin_ctx, errstr); if (rc != SUDO_RC_OK) { debug_return_int(rc); } @@ -124,6 +117,7 @@ python_plugin_policy_check(int argc, char * const argv[], py_result = python_plugin_api_call(&plugin_ctx, CALLBACK_PYNAME(check_policy), Py_BuildValue("(OO)", py_argv, py_env_add)); + CALLBACK_SET_ERROR(&plugin_ctx, errstr); if (py_result == NULL) goto cleanup; @@ -156,7 +150,6 @@ python_plugin_policy_check(int argc, char * const argv[], *user_env_out = py_str_array_from_tuple(py_user_env_out); rc = python_plugin_rc_to_int(py_rc); - CB_SET_ERROR(errstr); cleanup: if (PyErr_Occurred()) { @@ -196,7 +189,7 @@ python_plugin_policy_list(int argc, char * const argv[], int verbose, const char Py_XDECREF(py_argv); - CB_SET_ERROR(errstr); + CALLBACK_SET_ERROR(&plugin_ctx, errstr); debug_return_int(rc); } @@ -222,7 +215,7 @@ python_plugin_policy_validate(const char **errstr) debug_decl(python_plugin_policy_validate, PYTHON_DEBUG_CALLBACKS); PyThreadState_Swap(plugin_ctx.py_interpreter); int rc = python_plugin_api_rc_call(&plugin_ctx, CALLBACK_PYNAME(validate), NULL); - CB_SET_ERROR(errstr); + CALLBACK_SET_ERROR(&plugin_ctx, errstr); debug_return_int(rc); } @@ -254,6 +247,7 @@ python_plugin_policy_init_session(struct passwd *pwd, char **user_env[], const c py_result = python_plugin_api_call(&plugin_ctx, CALLBACK_PYNAME(init_session), Py_BuildValue("(OO)", py_pwd, py_user_env)); + CALLBACK_SET_ERROR(&plugin_ctx, errstr); if (py_result == NULL) goto cleanup; @@ -276,7 +270,6 @@ python_plugin_policy_init_session(struct passwd *pwd, char **user_env[], const c } rc = python_plugin_rc_to_int(py_rc); - CB_SET_ERROR(errstr); cleanup: Py_XDECREF(py_pwd);