Book a Demo!
CoCalc Logo Icon
StoreFeaturesDocsShareSupportNewsAboutPoliciesSign UpSign In
sudo-project
GitHub Repository: sudo-project/sudo
 Path: blob/main/plugins/python/python_plugin_approval.c
1532 views
1
/*

2
 * SPDX-License-Identifier: ISC

3
 *

4
 * Copyright (c) 2020 Robert Manner <[email protected]>

5
 *

6
 * Permission to use, copy, modify, and distribute this software for any

7
 * purpose with or without fee is hereby granted, provided that the above

8
 * copyright notice and this permission notice appear in all copies.

9
 *

10
 * THE SOFTWARE IS PROVIDED "AS IS" AND THE AUTHOR DISCLAIMS ALL WARRANTIES

11
 * WITH REGARD TO THIS SOFTWARE INCLUDING ALL IMPLIED WARRANTIES OF

12
 * MERCHANTABILITY AND FITNESS. IN NO EVENT SHALL THE AUTHOR BE LIABLE FOR

13
 * ANY SPECIAL, DIRECT, INDIRECT, OR CONSEQUENTIAL DAMAGES OR ANY DAMAGES

14
 * WHATSOEVER RESULTING FROM LOSS OF USE, DATA OR PROFITS, WHETHER IN AN

15
 * ACTION OF CONTRACT, NEGLIGENCE OR OTHER TORTIOUS ACTION, ARISING OUT OF

16
 * OR IN CONNECTION WITH THE USE OR PERFORMANCE OF THIS SOFTWARE.

17
 */

18


19
#include "python_plugin_common.h"

20


21
struct ApprovalPluginContext

22
{

23
    struct PluginContext base_ctx;

24
    struct approval_plugin *plugin;

25
};

26


27
#define BASE_CTX(approval_ctx) (&(approval_ctx->base_ctx))

28


29
#define PY_APPROVAL_PLUGIN_VERSION SUDO_API_MKVERSION(1, 0)

30


31
#define CALLBACK_PLUGINFUNC(func_name) approval_ctx->plugin->func_name

32


33
// This also verifies compile time that the name matches the sudo plugin API.

34
#define CALLBACK_PYNAME(func_name) ((void)CALLBACK_PLUGINFUNC(func_name), #func_name)

35


36
sudo_dso_public struct approval_plugin *python_approval_clone(void);

37


38
static int

39
python_plugin_approval_open(struct ApprovalPluginContext *approval_ctx,

40
    unsigned int version, sudo_conv_t conversation, sudo_printf_t sudo_printf,

41
    char * const settings[], char * const user_info[], int submit_optind,

42
    char * const submit_argv[], char * const submit_envp[],

43
    char * const plugin_options[], const char **errstr)

44
{

45
    debug_decl(python_plugin_approval_open, PYTHON_DEBUG_CALLBACKS);

46
    (void) version;

47


48
    int rc = python_plugin_register_logging(conversation, sudo_printf, settings);

49
    if (rc != SUDO_RC_OK) {

50
        debug_return_int(rc);

51
    }

52


53
    struct PluginContext *plugin_ctx = BASE_CTX(approval_ctx);

54


55
    rc = python_plugin_init(plugin_ctx, plugin_options, version);

56
    if (rc != SUDO_RC_OK) {

57
        debug_return_int(rc);

58
    }

59


60
    PyObject *py_kwargs = NULL, *py_submit_optind = NULL,

61
             *py_submit_argv = NULL;

62


63
    if ((py_kwargs = python_plugin_construct_args(version, settings, user_info,

64
                                                  submit_envp, plugin_options)) == NULL ||

65
        (py_submit_optind = PyLong_FromLong(submit_optind)) == NULL ||

66
        (py_submit_argv = py_str_array_to_tuple(submit_argv)) == NULL)

67
    {

68
        py_log_last_error("Failed to construct plugin instance");

69
        rc = SUDO_RC_ERROR;

70
    } else {

71
        PyDict_SetItemString(py_kwargs, "submit_optind", py_submit_optind);

72
        PyDict_SetItemString(py_kwargs, "submit_argv", py_submit_argv);

73


74
        rc = python_plugin_construct_custom(plugin_ctx, py_kwargs);

75
        CALLBACK_SET_ERROR(plugin_ctx, errstr);

76
    }

77


78
    Py_CLEAR(py_kwargs);

79
    Py_CLEAR(py_submit_argv);

80
    Py_CLEAR(py_submit_optind);

81


82
    if (rc != SUDO_RC_OK) {

83
        debug_return_int(rc);

84
    }

85


86
    debug_return_int(rc);

87
}

88


89
static void

90
python_plugin_approval_close(struct ApprovalPluginContext *approval_ctx)

91
{

92
    debug_decl(python_plugin_approval_close, PYTHON_DEBUG_CALLBACKS);

93


94
    struct PluginContext *plugin_ctx = BASE_CTX(approval_ctx);

95
    PyThreadState_Swap(plugin_ctx->py_interpreter);

96
    python_plugin_deinit(plugin_ctx);

97


98
    debug_return;

99
}

100


101
static int

102
python_plugin_approval_check(struct ApprovalPluginContext *approval_ctx,

103
                             char * const command_info[], char * const run_argv[],

104
                             char * const run_envp[], const char **errstr)

105
{

106
    debug_decl(python_plugin_approval_check, PYTHON_DEBUG_CALLBACKS);

107


108
    struct PluginContext *plugin_ctx = BASE_CTX(approval_ctx);

109


110
    PyObject *py_command_info = NULL, *py_run_argv = NULL, *py_run_envp = NULL,

111
        *py_args = NULL;

112


113
    int rc = SUDO_RC_ERROR;

114
    if ((py_command_info = py_str_array_to_tuple(command_info)) != NULL &&

115
        (py_run_argv = py_str_array_to_tuple(run_argv)) != NULL &&

116
        (py_run_envp = py_str_array_to_tuple(run_envp)) != NULL)

117
    {

118
        py_args = Py_BuildValue("(OOO)", py_command_info, py_run_argv, py_run_envp);

119
    }

120


121
    // Note, py_args gets cleared by api_rc_call

122
    rc = python_plugin_api_rc_call(plugin_ctx, CALLBACK_PYNAME(check), py_args);

123
    CALLBACK_SET_ERROR(plugin_ctx, errstr);

124


125
    Py_CLEAR(py_command_info);

126
    Py_CLEAR(py_run_argv);

127
    Py_CLEAR(py_run_envp);

128


129
    debug_return_int(rc);

130
}

131


132
static int

133
python_plugin_approval_show_version(struct ApprovalPluginContext *approval_ctx, int verbose)

134
{

135
    debug_decl(python_plugin_approval_show_version, PYTHON_DEBUG_CALLBACKS);

136


137
    struct PluginContext *plugin_ctx = BASE_CTX(approval_ctx);

138
    PyThreadState_Swap(plugin_ctx->py_interpreter);

139


140
    debug_return_int(python_plugin_show_version(plugin_ctx,

141
        CALLBACK_PYNAME(show_version), verbose, PY_APPROVAL_PLUGIN_VERSION, "approval"));

142
}

143


144
sudo_dso_public struct approval_plugin python_approval;

145


146
// generate symbols for loading multiple approval plugins:

147
#define APPROVAL_SYMBOL_NAME(symbol) symbol

148
#include "python_plugin_approval_multi.inc"

149
#define APPROVAL_SYMBOL_NAME(symbol) symbol##1

150
#include "python_plugin_approval_multi.inc"

151
#define APPROVAL_SYMBOL_NAME(symbol) symbol##2

152
#include "python_plugin_approval_multi.inc"

153
#define APPROVAL_SYMBOL_NAME(symbol) symbol##3

154
#include "python_plugin_approval_multi.inc"

155
#define APPROVAL_SYMBOL_NAME(symbol) symbol##4

156
#include "python_plugin_approval_multi.inc"

157
#define APPROVAL_SYMBOL_NAME(symbol) symbol##5

158
#include "python_plugin_approval_multi.inc"

159
#define APPROVAL_SYMBOL_NAME(symbol) symbol##6

160
#include "python_plugin_approval_multi.inc"

161
#define APPROVAL_SYMBOL_NAME(symbol) symbol##7

162
#include "python_plugin_approval_multi.inc"

163


164
static struct approval_plugin *extra_approval_plugins[] = {

165
    &python_approval1,

166
    &python_approval2,

167
    &python_approval3,

168
    &python_approval4,

169
    &python_approval5,

170
    &python_approval6,

171
    &python_approval7

172
};

173


174
struct approval_plugin *

175
python_approval_clone(void)

176
{

177
    static size_t counter = 0;

178
    struct approval_plugin *next_plugin = NULL;

179


180
    size_t max = sizeof(extra_approval_plugins) / sizeof(*extra_approval_plugins);

181
    if (counter < max) {

182
        next_plugin = extra_approval_plugins[counter];

183
        ++counter;

184
    } else if (counter == max) {

185
        ++counter;

186
        py_sudo_log(SUDO_CONV_ERROR_MSG,

187
                    "sudo: loading more than %d sudo python approval plugins is not supported\n", counter);

188
    }

189


190
    return next_plugin;

191
}

192


193