isa/sudo
1
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity
9,975 Commits 1 Branch 0 Tags
9fa6500d6a63f77cb67ea21e8ca8207fc49edce8
Commit Graph

9975 Commits

This Branch
This Branch
All Branches
Author SHA1 Message Date
Robert Manner
9fa6500d6a plugins/python/regress: simplify plugin option creation 2020-02-12 11:16:00 -07:00
Robert Manner
b1d2ccecd0 plugins/python: make storing errstr more explicit 
The error is always stored in plugin_ctx, but it is only set into errstr
if the API version is enough. (Previously it worked the opposite:
we only stored the error if API level was enough.)
 2020-02-12 11:16:00 -07:00
Robert Manner
b165242035 plugins/python/sudo_module: let a reject also supply error message 
Same as sudo.PluginError exception, have a sudo.PluginReject exception
as well. Added common base exception as well.
 2020-02-12 11:16:00 -07:00
Robert Manner
d1f94c857c plugins/python/regress: still some memleak fix 2020-02-12 11:16:00 -07:00
Todd C. Miller
0e4c3c47d1 Move duplicated code to parse plugin debug flags to libsudo_util. 
There's no need for four copies of sudo_debug_parse_flags().
 2020-02-11 15:15:36 -07:00
Todd C. Miller
9e2e79b6fa Add regress test for parsing Defaults lists. 
Currently only env_check, env_delete, env_keep and log_servers are lists.
 2020-02-10 17:58:59 -07:00
Todd C. Miller
009788afae Clarify that approval close happens after auditing. 
Also fix a few typos.
 2020-02-10 15:43:25 -07:00
Todd C. Miller
01a53f2865 Add open and close functions to the approval plugin API. 
We need a close function to be able to to free memory allocated for
errstr.  Unlike the other plugins, the close function is called
immediately after the plugin's check or show_version function.
The plugin does not remain open until the command completes.
 2020-02-10 15:29:48 -07:00
Todd C. Miller
55b61b989f Use unique function names to avoid confusion with front-end functions. 
Also add a missing sudo_debug_enter() after debug registration.
 2020-02-10 14:37:43 -07:00
Todd C. Miller
3911e4f7bf Use Text::Wrap instead of perl's built-in format function. 
This still breaks log filename incorrectly but is a step in the
right direction.
 2020-02-10 09:11:30 -07:00
Todd C. Miller
c2f3f60583 Avoid changing directory when generating the ChangeLog file. 
Instead, pass the repo path to either hg or log2cl.pl
 2020-02-10 08:02:47 -07:00
Robert Manner
2781ec030b src/sudo.c: call audit plugin close when result is a wait status 2020-02-10 05:31:30 -07:00
Robert Manner
0202dc67cc Makefile.in: fix install target for out of source build 
The scriptdir contained a path relative to where the target was started.
The scripts are called like "$scriptdir/script_name" which is fine with
relative path as well, until the current directory is not changed.
But things like
  cd $srcdir && $scriptdir/script_name
fails (if building in separate build directory).
 2020-02-10 05:28:34 -07:00
Robert Manner
ecdaaffd57 doc/sudo_plugin_python: document python audit plugin support 2020-02-10 05:24:16 -07:00
Robert Manner
bd465b3087 doc/sudo_plugin_python: document returning error string 2020-02-10 05:24:16 -07:00
Robert Manner
8f79d5c1c7 doc/sudo_plugin_python: update python manual for constant -> enum changes 2020-02-10 05:24:16 -07:00
Robert Manner
1a1cb54975 plugins/python/regress/check_python_examples: add audit_plugin tests 2020-02-10 05:24:16 -07:00
Robert Manner
52d067b01f plugins/python: add example python audit plugin 2020-02-10 05:24:16 -07:00
Robert Manner
cbf60cff5d plugins/python: add python audit plugin wrapper 2020-02-10 05:24:16 -07:00
Robert Manner
bbbcb39334 plugins/python/example_*.py: document returning error string 2020-02-10 05:24:16 -07:00
Robert Manner
9c4f076f85 plugins/python/regress: add test for callback error msg return 2020-02-10 05:24:16 -07:00
Robert Manner
3dd5f37af7 plugins/python: add support for callback errstr arguments 
Plugins can raise a sudo.PluginError exception to add context message
for the failure.

The callback's errstr gets filled up with the specified message.
But, as sudo expects a string constant (will not free the string),
we store it in the plugin context at least until next callback
invocation.
 2020-02-10 05:24:16 -07:00
Robert Manner
45d2638571 plugins/python/example*.py: pep8 fixes (mainly line too long) 2020-02-10 05:24:16 -07:00
Robert Manner
0f3631cc08 plugins/python/regress: load/unload module for each testcase 
so they can start from clean state. (My problem was optional argument
tests has destroyed the callbacks.)
 2020-02-10 05:24:16 -07:00
Robert Manner
36694fce86 plugins/python/python_plugin_common: close can get custom arguments 
For the audit plugin.
Ensure we do not fail if plugin_ctx->py_instance is NULL (because
plugin init has failed).
 2020-02-10 05:24:16 -07:00
Robert Manner
a7eb9d3412 plugins/python_plugin_io,policy: fix version display in verbose mode 
Unfortunately the test did not catch this mistake, because it only
searches that "Python policy plugin API version" string is present
and does not check the version.
 2020-02-10 05:24:16 -07:00
Robert Manner
99f99e8a56 plugins/python/sudo_python_module.c: fix options_as_dict if no equal sign 
The intented behaviour was that those get skipped, but the PyList_GetItem
sets the interpreter into error state, so python has raised exception.
 2020-02-10 05:24:16 -07:00
Robert Manner
21c02e1732 plugins/python/sudo_python_module.c: use IntEnums instead of constants 
It is a bit more code, but it is more "pythonic" and easier to debug
as the enum values also know their names.

It is also an API break, eg. sudo.RC_OK becomes sudo.RC.OK as sudo.RC will
be the "type" of the enum, but I guess that is acceptable before the
initial release.
 2020-02-10 05:24:16 -07:00
Robert Manner
67ab6fd5d6 plugins/python/python_plugin_policy: add missing debug return 2020-02-10 05:24:16 -07:00
Robert Manner
62524416eb plugins/python/pyhelpers: add helpers for attribute handling 
to simplify code a bit.
 2020-02-10 05:24:16 -07:00
Robert Manner
4110800c14 plugins/python/example_io_plugin: close the file at destroy 
to avoid warning of debug python build.
 2020-02-10 05:24:16 -07:00
Robert Manner
a3a7630ff4 plugins/python: memleak fixes in test 
The main problem was that string array objects were constructed
differently:
- if constructed by the test, then the elements were constant
- if constructed by the plugin, then the elements were allocated

Modified it so that now each array contains allocated strings so
they can be handled similarly. For freeing, I have used the
str_array_free function from the plugin, so I have linked its object
into the test runner.

Happy path is now free of "definitely lost" memleaks, so the test
can be used for valgrind.
 2020-02-10 05:24:16 -07:00
Todd C. Miller
ac61b5655d Use EXIT_SUCCESS and EXIT_FAILURE more consistently. 2020-02-08 12:43:00 -07:00
Todd C. Miller
c5afbf00fc Mark main sudo usage() function __noreturn__. 
This splits the usage printing out into display_usage().
 2020-02-08 12:17:33 -07:00
Todd C. Miller
c92f39ed3d Use json functions from libsudo_util in cvtsudoers. 2020-02-08 09:11:02 -07:00
Todd C. Miller
d25ce46c56 Check localtime() return value; coverity CID 208156 2020-02-07 13:58:31 -07:00
Todd C. Miller
a75992897c Check fseeko() return value; coverity CID 207993 2020-02-07 13:24:11 -07:00
Todd C. Miller
630fc9b17b Make restart and elapsed members of the closure structs not pointers. 
Fixes coverity CID 207992
 2020-02-07 13:12:38 -07:00
Todd C. Miller
9d5f066180 Check return value of sudo_lock_file(); coverity CID 207991 2020-02-07 12:59:52 -07:00
Todd C. Miller
589adfee2d Only keepalive if accept() succeeded; coverity CID 207990 2020-02-07 12:54:53 -07:00
Todd C. Miller
2fe127d108 Move some scripts from the top level src dir to a scripts dir. 2020-02-06 14:30:26 -07:00
Todd C. Miller
aa1ca9c9ba Add sample approval plugin that simply tests for "business hours" 2020-02-06 13:53:09 -07:00
Todd C. Miller
7d5734a317 Add sample approval plugin that simply tests for "business hours" 2020-02-06 12:49:17 -07:00
Todd C. Miller
0972dafb1f Refactor code to alloc and insert a new plugin_container. 
The only outlier is the policy plugin which is not part of a list
since there can only be a single policy plugin.
 2020-02-06 12:49:15 -07:00
Todd C. Miller
ce21233fbe Tech audit_json about approval plugin accept/reject 2020-02-06 12:49:13 -07:00
Todd C. Miller
db17cadaf6 Add an approval plugin type that runs after the policy plugin. 
The basic idea is that the approval plugin adds an additional
layer of policy.  There can be multiple approval plugins.
 2020-02-06 12:49:11 -07:00
Todd C. Miller
084cad2120 plugin documentation fixes: 
o whitespace cleanup
 o show_version doesn't have an errstr argument
 o document runas_user and runas_group in command_info[]
 o add missing .El at before start of audit section
 2020-02-06 12:18:09 -07:00
Todd C. Miller
404b28c4d0 Exported symbol is audit_json 2020-02-05 21:12:49 -07:00
Todd C. Miller
ea377e432b Silence lint warning. 2020-02-05 17:57:24 -07:00
Todd C. Miller
c2faa9e6ef Add runas_user and runas_group (if set) to command_info for audit plugin. 
Otherwise, the audit plugin has to look up the runas name and group
by user or group ID.
 2020-02-05 10:53:50 -07:00