We should already have displayed a more useful error message.
Otherwise, we can get two "error in event loop" warnings if
the TLS handshake fails (in addition to other error messages).
PyArg_ParseTuple sets the py_config_tuple pointer, but it does not
increment the reference count, so by decrementing, we end up freeing
the argument passed in.
On each plugin initialization we create a separate python interpreter
which gets stored in the plugin_ctx. The main interpreter is
stored in py_ctx and is used for creating more interpreters (if more plugins
get loaded) and final python deinitialization.
The "traceback" module import and the ImportBlocker initialization was
moved, because it has to happen inside the plugin specific interpreters.
The closure pointer in sudo_conv_callback was being filled in with
a struct getpass_closure ** instead of a struct getpass_closure *.
The bug was introduced in the fix for Bug #910; previously the
closure variable was a struct getpass_closure, not a pointer.
Fix from Michael Norton; Bug #914.
Adapted the default sudo_printf from sudoers plugin to be able to print
errors before plugin open() gets called. (This is used by the multiple io
plugin loading to display error for too much plugin load.)
Since this makes us always have a sudo_log, I have removed the logic about
whether it is available or not.
Separate sudo io plugin symbols are created which stores wrapper
functions adding the context of which python plugin the callback is
about.
These sudo io plugin "slots" get generated with macros by the preprocessor.
This makes sudo support loading multiple python IO plugins like this:
(note the differences in the symbol names)
Plugin python_io python_plugin.so ModulePath=... ClassName=SudoIOPlugin1
Plugin python_io1 python_plugin.so ModulePath=... ClassName=SudoIOPlugin2
Plugin python_io2 python_plugin.so ModulePath=... ClassName=SudoIOPlugin3
If we get SSL_ERROR_WANT_WRITE during SSL_read(), we need to resume
the SSL_read(), not call SSL_write() as we were doing. Likewise
for SSL_ERROR_WANT_READ received from SSL_write().
This introduces a flag so we call the proper callback even when
the I/O direction doesn't match the read/write calls.
They are platform dependant, so their test would fail on some platforms.
While we could create separate plugin for the tests, I like the idea that
the examples are ensured to be working.
I believe this is a good compromise for being able to auto update the
test cases.
When calling validate() python function, TypeError exception was thrown
("argument list must be a tuple"), because the call does not have
arguments, and python does not accept empty tuple for execution. NULL
must be used instead, which was handled as argument construction failure
previously.
Storing them as "tuple" instead of "set", so they have a fix order.
This makes the output of the list() example stable. ("set" is printed out
in random order)
IO/Group/Policy Python API version is displayed instead of sudo version,
because that is not very meaningful in this context.
They are only displayed in verbose mode.
Example plugins express it more concrete that they are displaying their
version, not the API version.
If the plugin fails to open the file for writing, constructor will raise
an exception and exit before creating the "_log" member variable.
So the destructor will also raise a backtrace. (Which python ignores, but
dumps out to stderr.)
