When calling validate() python function, TypeError exception was thrown
("argument list must be a tuple"), because the call does not have
arguments, and python does not accept empty tuple for execution. NULL
must be used instead, which was handled as argument construction failure
previously.
Storing them as "tuple" instead of "set", so they have a fix order.
This makes the output of the list() example stable. ("set" is printed out
in random order)
IO/Group/Policy Python API version is displayed instead of sudo version,
because that is not very meaningful in this context.
They are only displayed in verbose mode.
Example plugins express it more concrete that they are displaying their
version, not the API version.
If the plugin fails to open the file for writing, constructor will raise
an exception and exit before creating the "_log" member variable.
So the destructor will also raise a backtrace. (Which python ignores, but
dumps out to stderr.)
We need to switch from SUDO_EV_WRITE to SUDO_EV_READ for this case.
Also make the tls connect events private to tls_timed_connect()
with their own closure. There is no need to store them in the
client closure.
Now that we call fmt_exit_message() from client_close() we do not
need to try to determine whether the read or write events were
pending in the old base.
We can't tell anyway because the active flag in the event was cleared
when the old sudo event base was destroyed. It is correct to enable
both the read and write events after formatting the ExitMessage.
If both sudoers policy and I/O log plugins are loaded, debug_files
will be empty when the I/O plugin is initialized. This changes the
logic to always increase the reference count if the instance is valid.
If the debug sudoers subsystem is not registered, because it does not
get any file names to deal with (TAILQ_EMPTY(debug_files)), deregistration
of the subsystem outputs a warning:
sudo: sudo_debug_deregister_v1: invalid instance ID -1, max -1
This patch prevents that by only increasing the refcount if the
debug_instance was registered successfully.
Examples are installed by default to "docdir", which refers to
PACKAGE_TARNAME variable which was empty for the python plugin Makefile.in
So the examples were installed to '.../share/doc/examples' instead
of '.../share/doc/sudo/examples'. This also made them be skipped from the
package.
Also the install target now depends on install-doc so the examples
gets installed also (similarly as other examples).
If non root can alter any imported python modules, he is able to run
anything he would like to as root user.
This class is a helper to avoid such situation.
This feature can be disabled with 'DeveloperMode=1' plugin option.
It can be used to disable the enforcement that a plugin (shared object or
an imported python module) must be owned by root and not modifiable by
others.
This can make plugin development easier.
Previous, sudo would always allow unknown user or group IDs if the
sudoers entry permitted it. This included the "ALL" alias.
With this change, the admin must explicitly enable support for unknown IDs.
Reference count calls to sudoers_debug_register and only deregister
sudoers_debug_instance when refcnt reaches 0.
Fixes a problem where the debug system was deregistered when the
sudoers policy is closed even though the iolog plugin is active.
