1
/*
2
 * SPDX-License-Identifier: ISC
3
 *
4
 * Copyright (c) 2019-2020 Robert Manner <[email protected]>
5
 *
6
 * Permission to use, copy, modify, and distribute this software for any
7
 * purpose with or without fee is hereby granted, provided that the above
8
 * copyright notice and this permission notice appear in all copies.
9
 *
10
 * THE SOFTWARE IS PROVIDED "AS IS" AND THE AUTHOR DISCLAIMS ALL WARRANTIES
11
 * WITH REGARD TO THIS SOFTWARE INCLUDING ALL IMPLIED WARRANTIES OF
12
 * MERCHANTABILITY AND FITNESS. IN NO EVENT SHALL THE AUTHOR BE LIABLE FOR
13
 * ANY SPECIAL, DIRECT, INDIRECT, OR CONSEQUENTIAL DAMAGES OR ANY DAMAGES
14
 * WHATSOEVER RESULTING FROM LOSS OF USE, DATA OR PROFITS, WHETHER IN AN
15
 * ACTION OF CONTRACT, NEGLIGENCE OR OTHER TORTIOUS ACTION, ARISING OUT OF
16
 * OR IN CONNECTION WITH THE USE OR PERFORMANCE OF THIS SOFTWARE.
17
 */
18

19
#include "python_plugin_common.h"
20

21
static struct PluginContext plugin_ctx;
22

23
extern struct sudoers_group_plugin group_plugin;
24

25
#define PY_GROUP_PLUGIN_VERSION SUDO_API_MKVERSION(1, 0)
26

27
#define CALLBACK_PLUGINFUNC(func_name) group_plugin.func_name
28
#define CALLBACK_CFUNC(func_name) python_plugin_group_ ## func_name
29

30
// This also verifies compile time that the name matches the sudo plugin API.
31
#define CALLBACK_PYNAME(func_name) ((void)CALLBACK_PLUGINFUNC(func_name), #func_name)
32

33

34
static int
35
python_plugin_group_init(int version, sudo_printf_t sudo_printf, char *const plugin_options[])
36
{
37
    debug_decl(python_plugin_group_init, PYTHON_DEBUG_CALLBACKS);
38

39
    if (version < SUDO_API_MKVERSION(1, 0)) {
40
        sudo_printf(SUDO_CONV_ERROR_MSG,
41
                    "Error: Python group plugin requires at least plugin API version 1.0\n");
42
        debug_return_int(SUDO_RC_ERROR);
43
    }
44

45
    int rc = SUDO_RC_ERROR;
46

47
    rc = python_plugin_register_logging(NULL, sudo_printf, NULL);
48
    if (rc != SUDO_RC_OK)
49
        debug_return_int(rc);
50

51
    rc = python_plugin_init(&plugin_ctx, plugin_options, (unsigned int)version);
52
    if (rc != SUDO_RC_OK)
53
        debug_return_int(rc);
54

55
    PyObject *py_version = NULL,
56
             *py_plugin_options = NULL,
57
             *py_kwargs = NULL;
58

59
    if ((py_kwargs = PyDict_New()) == NULL ||
60
        (py_version = py_create_version(PY_GROUP_PLUGIN_VERSION)) == NULL ||
61
        (py_plugin_options = py_str_array_to_tuple(plugin_options)) == NULL ||
62
        PyDict_SetItemString(py_kwargs, "args", py_plugin_options) != 0 ||
63
        PyDict_SetItemString(py_kwargs, "version", py_version))
64
    {
65
        py_log_last_error("Failed to construct arguments for plugin constructor call.");
66
        rc = SUDO_RC_ERROR;
67
    } else {
68
        rc = python_plugin_construct_custom(&plugin_ctx, py_kwargs);
69
    }
70

71
    Py_XDECREF(py_version);
72
    Py_XDECREF(py_plugin_options);
73
    Py_XDECREF(py_kwargs);
74
    debug_return_int(rc);
75
}
76

77
static void
78
python_plugin_group_cleanup(void)
79
{
80
    debug_decl(python_plugin_group_cleanup, PYTHON_DEBUG_CALLBACKS);
81
    PyThreadState_Swap(plugin_ctx.py_interpreter);
82
    python_plugin_deinit(&plugin_ctx);
83
}
84

85
static int
86
python_plugin_group_query(const char *user, const char *group, const struct passwd *pwd)
87
{
88
    debug_decl(python_plugin_group_query, PYTHON_DEBUG_CALLBACKS);
89

90
    PyThreadState_Swap(plugin_ctx.py_interpreter);
91

92
    PyObject *py_pwd = py_from_passwd(pwd);
93
    if (py_pwd == NULL) {
94
        debug_return_int(SUDO_RC_ERROR);
95
    }
96

97
    int rc = python_plugin_api_rc_call(&plugin_ctx, CALLBACK_PYNAME(query),
98
                                       Py_BuildValue("(zzO)", user, group, py_pwd));
99
    Py_XDECREF(py_pwd);
100

101
    debug_return_int(rc);
102
}
103

104
sudo_dso_public struct sudoers_group_plugin group_plugin = {
105
    GROUP_API_VERSION,
106
    CALLBACK_CFUNC(init),
107
    CALLBACK_CFUNC(cleanup),
108
    CALLBACK_CFUNC(query)
109
};
110

111