If we get SSL_ERROR_WANT_WRITE during SSL_read(), we need to resume
the SSL_read(), not call SSL_write() as we were doing. Likewise
for SSL_ERROR_WANT_READ received from SSL_write().
This introduces a flag so we call the proper callback even when
the I/O direction doesn't match the read/write calls.
They are platform dependant, so their test would fail on some platforms.
While we could create separate plugin for the tests, I like the idea that
the examples are ensured to be working.
I believe this is a good compromise for being able to auto update the
test cases.
Uses lcov and genhtml to generate test coverage. It is meant to be run
in a clean directory. Extra configure options can be added as script
arguments.
Example execution:
mkdir build
cd build
../generate_test_coverage.sh --enable-python
When calling validate() python function, TypeError exception was thrown
("argument list must be a tuple"), because the call does not have
arguments, and python does not accept empty tuple for execution. NULL
must be used instead, which was handled as argument construction failure
previously.
Storing them as "tuple" instead of "set", so they have a fix order.
This makes the output of the list() example stable. ("set" is printed out
in random order)
IO/Group/Policy Python API version is displayed instead of sudo version,
because that is not very meaningful in this context.
They are only displayed in verbose mode.
Example plugins express it more concrete that they are displaying their
version, not the API version.
If the plugin fails to open the file for writing, constructor will raise
an exception and exit before creating the "_log" member variable.
So the destructor will also raise a backtrace. (Which python ignores, but
dumps out to stderr.)
We need to switch from SUDO_EV_WRITE to SUDO_EV_READ for this case.
Also make the tls connect events private to tls_timed_connect()
with their own closure. There is no need to store them in the
client closure.
Fixes sudoedit on macOS 10.15 and above where the root file system
is mounted read-only. See https://support.apple.com/en-us/HT210650.
From Dan Villiom Podlaski Christiansen. Bug #913
Now that we call fmt_exit_message() from client_close() we do not
need to try to determine whether the read or write events were
pending in the old base.
We can't tell anyway because the active flag in the event was cleared
when the old sudo event base was destroyed. It is correct to enable
both the read and write events after formatting the ExitMessage.
Otherwise, LD_LIBRARY_PATH does not work when running the tests.
The GNU linker's --enable-new-dtags can be used to do this.
We don't do this on NetBSD where RPATH already supports LD_LIBRARY_PATH.
If both sudoers policy and I/O log plugins are loaded, debug_files
will be empty when the I/O plugin is initialized. This changes the
logic to always increase the reference count if the instance is valid.
