plugins/python: make storing errstr more explicit

The error is always stored in plugin_ctx, but it is only set into errstr if the API version is enough. (Previously it worked the opposite: we only stored the error if API level was enough.)
2020-02-12 15:48:02 +01:00
parent b165242035
commit b1d2ccecd0
5 changed files with 52 additions and 64 deletions
--- a/plugins/python/python_plugin_audit.c
+++ b/plugins/python/python_plugin_audit.c
@@ -44,13 +44,6 @@ struct AuditPluginContext
            (void **)&CALLBACK_PLUGINFUNC(function_name)); \
    } while(0)
 #define CB_SET_ERROR(errstr) \
    do { \
        const char *cb_error = audit_ctx->base_ctx.callback_error; \
        if (cb_error != NULL && errstr != NULL) { \
            *errstr = cb_error; \
        } \
    } while(0)
 static int
 _call_plugin_open(struct AuditPluginContext *audit_ctx, int submit_optind, char * const submit_argv[])
@@ -101,8 +94,8 @@ python_plugin_audit_open(struct AuditPluginContext *audit_ctx,
    rc = python_plugin_construct(plugin_ctx, PY_AUDIT_PLUGIN_VERSION, settings,
                                 user_info, submit_envp, plugin_options);
    CALLBACK_SET_ERROR(plugin_ctx, errstr);
    if (rc != SUDO_RC_OK) {
        CB_SET_ERROR(errstr);
        debug_return_int(rc);
    }
@@ -114,8 +107,7 @@ python_plugin_audit_open(struct AuditPluginContext *audit_ctx,
    plugin_ctx->call_close = 1;
    rc = _call_plugin_open(audit_ctx, submit_optind, submit_argv);
-
+    CALLBACK_SET_ERROR(plugin_ctx, errstr);
    CB_SET_ERROR(errstr);
    if (PyErr_Occurred()) {
        py_log_last_error("Error during calling audit open");
@@ -163,8 +155,7 @@ python_plugin_audit_accept(struct AuditPluginContext *audit_ctx,
    PyObject *py_args = Py_BuildValue("(ziOOO)", plugin_name, plugin_type, py_command_info, py_run_argv, py_run_envp);
    rc = python_plugin_api_rc_call(plugin_ctx, CALLBACK_PYNAME(accept), py_args);
-
+    CALLBACK_SET_ERROR(plugin_ctx, errstr);
    CB_SET_ERROR(errstr);
 cleanup:
    Py_CLEAR(py_command_info);
@@ -194,7 +185,7 @@ python_plugin_audit_reject(struct AuditPluginContext *audit_ctx,
    PyObject *py_args = Py_BuildValue("(zizO)", plugin_name, plugin_type, audit_msg, py_command_info);
    rc = python_plugin_api_rc_call(plugin_ctx, CALLBACK_PYNAME(reject), py_args);
-    CB_SET_ERROR(errstr);
+    CALLBACK_SET_ERROR(plugin_ctx, errstr);
 cleanup:
    Py_CLEAR(py_command_info);
@@ -223,7 +214,7 @@ python_plugin_audit_error(struct AuditPluginContext *audit_ctx,
    PyObject *py_args = Py_BuildValue("(zizO)", plugin_name, plugin_type, audit_msg, py_command_info);
    rc = python_plugin_api_rc_call(plugin_ctx, CALLBACK_PYNAME(error), py_args);
-    CB_SET_ERROR(errstr);
+    CALLBACK_SET_ERROR(plugin_ctx, errstr);
 cleanup:
    Py_CLEAR(py_command_info);
--- a/plugins/python/python_plugin_common.c
+++ b/plugins/python/python_plugin_common.c
@@ -138,12 +138,7 @@ python_plugin_handle_plugin_error_exception(PyObject **py_result, struct PluginC
        sudo_debug_printf(SUDO_DEBUG_INFO, "received sudo.PluginError exception with message '%s'",
                          message == NULL ? "(null)" : message);
-        if (message != NULL && plugin_ctx->sudo_api_version < SUDO_API_MKVERSION(1, 15)) {
+        plugin_ctx->callback_error = message;
            py_sudo_log(SUDO_CONV_ERROR_MSG, "%s", message);
            free(message);
        } else {
            plugin_ctx->callback_error = message;
        }
        Py_CLEAR(py_type);
        Py_CLEAR(py_message);
--- a/plugins/python/python_plugin_common.h
+++ b/plugins/python/python_plugin_common.h
@@ -30,7 +30,7 @@ struct PluginContext {
    unsigned int sudo_api_version;
    // We use this to let the error string live until sudo and the audit plugins
-    // are using it. Only set for sudo API >= 1.15, otherwise NULL
+    // are using it.
    char *callback_error;
 };
@@ -67,4 +67,14 @@ void python_plugin_mark_callback_optional(struct PluginContext *plugin_ctx,
 const char *python_plugin_name(struct PluginContext *plugin_ctx);
 // sets the callback error stored in plugin_ctx into "errstr" but only if API
 // version is enough and "errstr" is valid
 #define CALLBACK_SET_ERROR(plugin_ctx, errstr) \
    do { \
        if ((plugin_ctx)->sudo_api_version >= SUDO_API_MKVERSION(1, 15) && errstr != NULL) { \
            if (errstr != NULL) \
                *errstr = (plugin_ctx)->callback_error; \
        } \
    } while(0)
 #endif // SUDO_PYTHON_PLUGIN_COMMON_H
--- a/plugins/python/python_plugin_io.c
+++ b/plugins/python/python_plugin_io.c
@@ -44,14 +44,6 @@ struct IOPluginContext
            (void **)&CALLBACK_PLUGINFUNC(function_name)); \
    } while(0)
 #define IO_CB_SET_ERROR(errstr) \
    do { \
        const char *cb_error = io_ctx->base_ctx.callback_error; \
        if (cb_error != NULL && errstr != NULL) { \
            *errstr = cb_error; \
        } \
    } while(false)
 static int
 _call_plugin_open(struct IOPluginContext *io_ctx, int argc, char * const argv[], char * const command_info[])
@@ -111,8 +103,8 @@ python_plugin_io_open(struct IOPluginContext *io_ctx,
    rc = python_plugin_construct(plugin_ctx, PY_IO_PLUGIN_VERSION,
                                 settings, user_info, user_env, plugin_options);
    CALLBACK_SET_ERROR(plugin_ctx, errstr);
    if (rc != SUDO_RC_OK) {
        IO_CB_SET_ERROR(errstr);
        debug_return_int(rc);
    }
@@ -130,7 +122,7 @@ python_plugin_io_open(struct IOPluginContext *io_ctx,
    if (argc > 0)  // we only call open if there is request for running sg
        rc = _call_plugin_open(io_ctx, argc, argv, command_info);
-    IO_CB_SET_ERROR(errstr);
+    CALLBACK_SET_ERROR(plugin_ctx, errstr);
    debug_return_int(rc);
 }
@@ -163,10 +155,11 @@ int
 python_plugin_io_log_ttyin(struct IOPluginContext *io_ctx, const char *buf, unsigned int len, const char **errstr)
 {
    debug_decl(python_plugin_io_log_ttyin, PYTHON_DEBUG_CALLBACKS);
-    PyThreadState_Swap(BASE_CTX(io_ctx)->py_interpreter);
+    struct PluginContext *plugin_ctx = BASE_CTX(io_ctx);
-    int rc = python_plugin_api_rc_call(BASE_CTX(io_ctx), CALLBACK_PYNAME(log_ttyin),
+    PyThreadState_Swap(plugin_ctx->py_interpreter);
    int rc = python_plugin_api_rc_call(plugin_ctx, CALLBACK_PYNAME(log_ttyin),
                                       Py_BuildValue("(s#)", buf, len));
-    IO_CB_SET_ERROR(errstr);
+    CALLBACK_SET_ERROR(plugin_ctx, errstr);
    debug_return_int(rc);
 }
@@ -174,10 +167,11 @@ int
 python_plugin_io_log_ttyout(struct IOPluginContext *io_ctx, const char *buf, unsigned int len, const char **errstr)
 {
    debug_decl(python_plugin_io_log_ttyout, PYTHON_DEBUG_CALLBACKS);
-    PyThreadState_Swap(BASE_CTX(io_ctx)->py_interpreter);
+    struct PluginContext *plugin_ctx = BASE_CTX(io_ctx);
-    int rc = python_plugin_api_rc_call(BASE_CTX(io_ctx), CALLBACK_PYNAME(log_ttyout),
+    PyThreadState_Swap(plugin_ctx->py_interpreter);
    int rc = python_plugin_api_rc_call(plugin_ctx, CALLBACK_PYNAME(log_ttyout),
                                       Py_BuildValue("(s#)", buf, len));
-    IO_CB_SET_ERROR(errstr);
+    CALLBACK_SET_ERROR(plugin_ctx, errstr);
    debug_return_int(rc);
 }
@@ -185,10 +179,11 @@ int
 python_plugin_io_log_stdin(struct IOPluginContext *io_ctx, const char *buf, unsigned int len, const char **errstr)
 {
    debug_decl(python_plugin_io_log_stdin, PYTHON_DEBUG_CALLBACKS);
-    PyThreadState_Swap(BASE_CTX(io_ctx)->py_interpreter);
+    struct PluginContext *plugin_ctx = BASE_CTX(io_ctx);
-    int rc = python_plugin_api_rc_call(BASE_CTX(io_ctx), CALLBACK_PYNAME(log_stdin),
+    PyThreadState_Swap(plugin_ctx->py_interpreter);
    int rc = python_plugin_api_rc_call(plugin_ctx, CALLBACK_PYNAME(log_stdin),
                                               Py_BuildValue("(s#)", buf, len));
-    IO_CB_SET_ERROR(errstr);
+    CALLBACK_SET_ERROR(plugin_ctx, errstr);
    debug_return_int(rc);
 }
@@ -196,10 +191,11 @@ int
 python_plugin_io_log_stdout(struct IOPluginContext *io_ctx, const char *buf, unsigned int len, const char **errstr)
 {
    debug_decl(python_plugin_io_log_stdout, PYTHON_DEBUG_CALLBACKS);
-    PyThreadState_Swap(BASE_CTX(io_ctx)->py_interpreter);
+    struct PluginContext *plugin_ctx = BASE_CTX(io_ctx);
-    int rc = python_plugin_api_rc_call(BASE_CTX(io_ctx), CALLBACK_PYNAME(log_stdout),
+    PyThreadState_Swap(plugin_ctx->py_interpreter);
    int rc = python_plugin_api_rc_call(plugin_ctx, CALLBACK_PYNAME(log_stdout),
                                               Py_BuildValue("(s#)", buf, len));
-    IO_CB_SET_ERROR(errstr);
+    CALLBACK_SET_ERROR(plugin_ctx, errstr);
    debug_return_int(rc);
 }
@@ -207,10 +203,11 @@ int
 python_plugin_io_log_stderr(struct IOPluginContext *io_ctx, const char *buf, unsigned int len, const char **errstr)
 {
    debug_decl(python_plugin_io_log_stderr, PYTHON_DEBUG_CALLBACKS);
-    PyThreadState_Swap(BASE_CTX(io_ctx)->py_interpreter);
+    struct PluginContext *plugin_ctx = BASE_CTX(io_ctx);
-    int rc = python_plugin_api_rc_call(BASE_CTX(io_ctx), CALLBACK_PYNAME(log_stderr),
+    PyThreadState_Swap(plugin_ctx->py_interpreter);
    int rc = python_plugin_api_rc_call(plugin_ctx, CALLBACK_PYNAME(log_stderr),
                                               Py_BuildValue("(s#)", buf, len));
-    IO_CB_SET_ERROR(errstr);
+    CALLBACK_SET_ERROR(plugin_ctx, errstr);
    debug_return_int(rc);
 }
@@ -218,10 +215,11 @@ int
 python_plugin_io_change_winsize(struct IOPluginContext *io_ctx, unsigned int line, unsigned int cols, const char **errstr)
 {
    debug_decl(python_plugin_io_change_winsize, PYTHON_DEBUG_CALLBACKS);
-    PyThreadState_Swap(BASE_CTX(io_ctx)->py_interpreter);
+    struct PluginContext *plugin_ctx = BASE_CTX(io_ctx);
-    int rc = python_plugin_api_rc_call(BASE_CTX(io_ctx), CALLBACK_PYNAME(change_winsize),
+    PyThreadState_Swap(plugin_ctx->py_interpreter);
    int rc = python_plugin_api_rc_call(plugin_ctx, CALLBACK_PYNAME(change_winsize),
                                       Py_BuildValue("(ii)", line, cols));
-    IO_CB_SET_ERROR(errstr);
+    CALLBACK_SET_ERROR(plugin_ctx, errstr);
    debug_return_int(rc);
 }
@@ -229,10 +227,11 @@ int
 python_plugin_io_log_suspend(struct IOPluginContext *io_ctx, int signo, const char **errstr)
 {
    debug_decl(python_plugin_io_log_suspend, PYTHON_DEBUG_CALLBACKS);
-    PyThreadState_Swap(BASE_CTX(io_ctx)->py_interpreter);
+    struct PluginContext *plugin_ctx = BASE_CTX(io_ctx);
-    int rc = python_plugin_api_rc_call(BASE_CTX(io_ctx), CALLBACK_PYNAME(log_suspend),
+    PyThreadState_Swap(plugin_ctx->py_interpreter);
    int rc = python_plugin_api_rc_call(plugin_ctx, CALLBACK_PYNAME(log_suspend),
                                       Py_BuildValue("(i)", signo));
-    IO_CB_SET_ERROR(errstr);
+    CALLBACK_SET_ERROR(plugin_ctx, errstr);
    debug_return_int(rc);
 }
--- a/plugins/python/python_plugin_policy.c
+++ b/plugins/python/python_plugin_policy.c
@@ -42,13 +42,6 @@ extern struct policy_plugin python_policy;
            (void **)&CALLBACK_PLUGINFUNC(function_name)); \
    } while(0)
 #define CB_SET_ERROR(errstr) \
    do { \
        const char *cb_error = plugin_ctx.callback_error; \
        if (cb_error != NULL && errstr != NULL) { \
            *errstr = cb_error; \
        } \
    } while(0)
 static int
 python_plugin_policy_open(unsigned int version, sudo_conv_t conversation,
@@ -74,7 +67,7 @@ python_plugin_policy_open(unsigned int version, sudo_conv_t conversation,
    rc = python_plugin_construct(&plugin_ctx, PY_POLICY_PLUGIN_VERSION, settings,
                                 user_info, user_env, plugin_options);
-    CB_SET_ERROR(errstr);
+    CALLBACK_SET_ERROR(&plugin_ctx, errstr);
    if (rc != SUDO_RC_OK) {
        debug_return_int(rc);
    }
@@ -124,6 +117,7 @@ python_plugin_policy_check(int argc, char * const argv[],
    py_result = python_plugin_api_call(&plugin_ctx, CALLBACK_PYNAME(check_policy),
                                      Py_BuildValue("(OO)", py_argv, py_env_add));
    CALLBACK_SET_ERROR(&plugin_ctx, errstr);
    if (py_result == NULL)
        goto cleanup;
@@ -156,7 +150,6 @@ python_plugin_policy_check(int argc, char * const argv[],
        *user_env_out = py_str_array_from_tuple(py_user_env_out);
    rc = python_plugin_rc_to_int(py_rc);
    CB_SET_ERROR(errstr);
 cleanup:
    if (PyErr_Occurred()) {
@@ -196,7 +189,7 @@ python_plugin_policy_list(int argc, char * const argv[], int verbose, const char
    Py_XDECREF(py_argv);
-    CB_SET_ERROR(errstr);
+    CALLBACK_SET_ERROR(&plugin_ctx, errstr);
    debug_return_int(rc);
 }
@@ -222,7 +215,7 @@ python_plugin_policy_validate(const char **errstr)
    debug_decl(python_plugin_policy_validate, PYTHON_DEBUG_CALLBACKS);
    PyThreadState_Swap(plugin_ctx.py_interpreter);
    int rc = python_plugin_api_rc_call(&plugin_ctx, CALLBACK_PYNAME(validate), NULL);
-    CB_SET_ERROR(errstr);
+    CALLBACK_SET_ERROR(&plugin_ctx, errstr);
    debug_return_int(rc);
 }
@@ -254,6 +247,7 @@ python_plugin_policy_init_session(struct passwd *pwd, char **user_env[], const c
    py_result = python_plugin_api_call(&plugin_ctx, CALLBACK_PYNAME(init_session),
        Py_BuildValue("(OO)", py_pwd, py_user_env));
    CALLBACK_SET_ERROR(&plugin_ctx, errstr);
    if (py_result == NULL)
        goto cleanup;
@@ -276,7 +270,6 @@ python_plugin_policy_init_session(struct passwd *pwd, char **user_env[], const c
    }
    rc = python_plugin_rc_to_int(py_rc);
    CB_SET_ERROR(errstr);
 cleanup:
    Py_XDECREF(py_pwd);