The error is always stored in plugin_ctx, but it is only set into errstr
if the API version is enough. (Previously it worked the opposite:
we only stored the error if API level was enough.)
Plugins can raise a sudo.PluginError exception to add context message
for the failure.
The callback's errstr gets filled up with the specified message.
But, as sudo expects a string constant (will not free the string),
we store it in the plugin context at least until next callback
invocation.
Unfortunately the test did not catch this mistake, because it only
searches that "Python policy plugin API version" string is present
and does not check the version.
On each plugin initialization we create a separate python interpreter
which gets stored in the plugin_ctx. The main interpreter is
stored in py_ctx and is used for creating more interpreters (if more plugins
get loaded) and final python deinitialization.
The "traceback" module import and the ImportBlocker initialization was
moved, because it has to happen inside the plugin specific interpreters.
Separate sudo io plugin symbols are created which stores wrapper
functions adding the context of which python plugin the callback is
about.
These sudo io plugin "slots" get generated with macros by the preprocessor.
This makes sudo support loading multiple python IO plugins like this:
(note the differences in the symbol names)
Plugin python_io python_plugin.so ModulePath=... ClassName=SudoIOPlugin1
Plugin python_io1 python_plugin.so ModulePath=... ClassName=SudoIOPlugin2
Plugin python_io2 python_plugin.so ModulePath=... ClassName=SudoIOPlugin3
IO/Group/Policy Python API version is displayed instead of sudo version,
because that is not very meaningful in this context.
They are only displayed in verbose mode.
Example plugins express it more concrete that they are displaying their
version, not the API version.
