summaryrefslogtreecommitdiffstats
path: root/plugins/python/pyhelpers.c
diff options
context:
space:
mode:
Diffstat (limited to '')
-rw-r--r--plugins/python/pyhelpers.c587
1 files changed, 587 insertions, 0 deletions
diff --git a/plugins/python/pyhelpers.c b/plugins/python/pyhelpers.c
new file mode 100644
index 0000000..2eac8e3
--- /dev/null
+++ b/plugins/python/pyhelpers.c
@@ -0,0 +1,587 @@
+/*
+ * SPDX-License-Identifier: ISC
+ *
+ * Copyright (c) 2019-2020 Robert Manner <robert.manner@oneidentity.com>
+ *
+ * Permission to use, copy, modify, and distribute this software for any
+ * purpose with or without fee is hereby granted, provided that the above
+ * copyright notice and this permission notice appear in all copies.
+ *
+ * THE SOFTWARE IS PROVIDED "AS IS" AND THE AUTHOR DISCLAIMS ALL WARRANTIES
+ * WITH REGARD TO THIS SOFTWARE INCLUDING ALL IMPLIED WARRANTIES OF
+ * MERCHANTABILITY AND FITNESS. IN NO EVENT SHALL THE AUTHOR BE LIABLE FOR
+ * ANY SPECIAL, DIRECT, INDIRECT, OR CONSEQUENTIAL DAMAGES OR ANY DAMAGES
+ * WHATSOEVER RESULTING FROM LOSS OF USE, DATA OR PROFITS, WHETHER IN AN
+ * ACTION OF CONTRACT, NEGLIGENCE OR OTHER TORTIOUS ACTION, ARISING OUT OF
+ * OR IN CONNECTION WITH THE USE OR PERFORMANCE OF THIS SOFTWARE.
+ */
+
+/*
+ * This is an open source non-commercial project. Dear PVS-Studio, please check it.
+ * PVS-Studio Static Code Analyzer for C, C++ and C#: http://www.viva64.com
+ */
+
+#include "pyhelpers.h"
+
+#include <pwd.h>
+#include <signal.h>
+#include <pathnames.h>
+
+static int
+_sudo_printf_default(int msg_type, const char * restrict fmt, ...)
+{
+ FILE *fp = stdout;
+ FILE *ttyfp = NULL;
+ va_list ap;
+ int len;
+
+ if (ISSET(msg_type, SUDO_CONV_PREFER_TTY)) {
+ /* Try writing to /dev/tty first. */
+ ttyfp = fopen(_PATH_TTY, "w");
+ }
+
+ switch (msg_type & 0xff) {
+ case SUDO_CONV_ERROR_MSG:
+ fp = stderr;
+ FALLTHROUGH;
+ case SUDO_CONV_INFO_MSG:
+ va_start(ap, fmt);
+ len = vfprintf(ttyfp ? ttyfp : fp, fmt, ap);
+ va_end(ap);
+ break;
+ default:
+ len = -1;
+ errno = EINVAL;
+ break;
+ }
+
+ if (ttyfp != NULL)
+ fclose(ttyfp);
+
+ return len;
+}
+
+
+struct PythonContext py_ctx = {
+ .sudo_log = &_sudo_printf_default,
+};
+
+
+char *
+py_join_str_list(PyObject *py_str_list, const char *separator)
+{
+ debug_decl(py_join_str_list, PYTHON_DEBUG_INTERNAL);
+
+ char *result = NULL;
+ PyObject *py_separator = NULL;
+ PyObject *py_str = NULL;
+
+ py_separator = PyUnicode_FromString(separator);
+ if (py_separator == NULL)
+ goto cleanup;
+
+ py_str = PyObject_CallMethod(py_separator, "join", "(O)", py_str_list);
+ if (py_str == NULL) {
+ goto cleanup;
+ }
+
+ const char *str = PyUnicode_AsUTF8(py_str);
+ if (str != NULL) {
+ result = strdup(str);
+ }
+
+cleanup:
+ Py_XDECREF(py_str);
+ Py_XDECREF(py_separator);
+
+ debug_return_str(result);
+}
+
+static char *
+py_create_traceback_string(PyObject *py_traceback)
+{
+ debug_decl(py_create_traceback_string, PYTHON_DEBUG_INTERNAL);
+ if (py_traceback == NULL)
+ debug_return_str(strdup(""));
+
+ char* traceback = NULL;
+
+
+ PyObject *py_traceback_module = PyImport_ImportModule("traceback");
+ if (py_traceback_module == NULL) {
+ PyErr_Clear(); // do not care, we just won't show backtrace
+ } else {
+ PyObject *py_traceback_str_list = PyObject_CallMethod(py_traceback_module, "format_tb", "(O)", py_traceback);
+
+ if (py_traceback_str_list != NULL) {
+ traceback = py_join_str_list(py_traceback_str_list, "");
+ Py_DECREF(py_traceback_str_list);
+ }
+
+ Py_CLEAR(py_traceback_module);
+ }
+
+ debug_return_str(traceback ? traceback : strdup(""));
+}
+
+void
+py_log_last_error(const char *context_message)
+{
+ debug_decl(py_log_last_error, PYTHON_DEBUG_INTERNAL);
+ if (!PyErr_Occurred()) {
+ py_sudo_log(SUDO_CONV_ERROR_MSG, "%s\n", context_message);
+ debug_return;
+ }
+
+ PyObject *py_type = NULL, *py_message = NULL, *py_traceback = NULL;
+ PyErr_Fetch(&py_type, &py_message, &py_traceback);
+
+ char *message = py_message ? py_create_string_rep(py_message) : NULL;
+
+ py_sudo_log(SUDO_CONV_ERROR_MSG, "%s%s%s\n",
+ context_message ? context_message : "",
+ context_message && *context_message ? ": " : "",
+ message ? message : "(NULL)");
+ free(message);
+
+ if (py_traceback != NULL) {
+ char *traceback = py_create_traceback_string(py_traceback);
+ py_sudo_log(SUDO_CONV_INFO_MSG, "Traceback:\n%s\n", traceback);
+ free(traceback);
+ }
+
+ Py_XDECREF(py_type);
+ Py_XDECREF(py_message);
+ Py_XDECREF(py_traceback);
+ debug_return;
+}
+
+PyObject *
+py_str_array_to_tuple_with_count(Py_ssize_t count, char * const strings[])
+{
+ debug_decl(py_str_array_to_tuple_with_count, PYTHON_DEBUG_INTERNAL);
+
+ PyObject *py_argv = PyTuple_New(count);
+ if (py_argv == NULL)
+ debug_return_ptr(NULL);
+
+ for (int i = 0; i < count; ++i) {
+ PyObject *py_arg = PyUnicode_FromString(strings[i]);
+ if (py_arg == NULL || PyTuple_SetItem(py_argv, i, py_arg) != 0) {
+ Py_CLEAR(py_argv);
+ break;
+ }
+ }
+
+ debug_return_ptr(py_argv);
+}
+
+PyObject *
+py_str_array_to_tuple(char * const strings[])
+{
+ debug_decl(py_str_array_to_tuple, PYTHON_DEBUG_INTERNAL);
+
+ // find the item count ("strings" ends with NULL terminator):
+ Py_ssize_t count = 0;
+ if (strings != NULL) {
+ while (strings[count] != NULL)
+ ++count;
+ }
+
+ debug_return_ptr(py_str_array_to_tuple_with_count(count, strings));
+}
+
+char **
+py_str_array_from_tuple(PyObject *py_tuple)
+{
+ debug_decl(py_str_array_from_tuple, PYTHON_DEBUG_INTERNAL);
+
+ if (!PyTuple_Check(py_tuple)) {
+ PyErr_Format(PyExc_ValueError, "%s: value error, argument should be a tuple but it is '%s'",
+ __func__, Py_TYPENAME(py_tuple));
+ debug_return_ptr(NULL);
+ }
+
+ Py_ssize_t tuple_size = PyTuple_Size(py_tuple);
+
+ // we need an extra 0 at the end
+ char **result = calloc((size_t)tuple_size + 1, sizeof(char *));
+ if (result == NULL) {
+ debug_return_ptr(NULL);
+ }
+
+ for (int i = 0; i < tuple_size; ++i) {
+ PyObject *py_value = PyTuple_GetItem(py_tuple, i);
+ if (py_value == NULL) {
+ str_array_free(&result);
+ debug_return_ptr(NULL);
+ }
+
+ // Note that it can be an "int" or something else as well
+ char *value = py_create_string_rep(py_value);
+ if (value == NULL) {
+ // conversion error is already set
+ str_array_free(&result);
+ debug_return_ptr(NULL);
+ }
+ result[i] = value;
+ }
+
+ debug_return_ptr(result);
+}
+
+PyObject *
+py_tuple_get(PyObject *py_tuple, Py_ssize_t idx, PyTypeObject *expected_type)
+{
+ debug_decl(py_tuple_get, PYTHON_DEBUG_INTERNAL);
+
+ PyObject *py_item = PyTuple_GetItem(py_tuple, idx);
+ if (py_item == NULL) {
+ debug_return_ptr(NULL);
+ }
+
+ if (!PyObject_TypeCheck(py_item, expected_type)) {
+ PyErr_Format(PyExc_ValueError, "Value error: tuple element %d should "
+ "be a '%s' (but it is '%s')",
+ idx, expected_type->tp_name, Py_TYPENAME(py_item));
+ debug_return_ptr(NULL);
+ }
+
+ debug_return_ptr(py_item);
+}
+
+PyObject *
+py_create_version(unsigned int version)
+{
+ debug_decl(py_create_version, PYTHON_DEBUG_INTERNAL);
+ debug_return_ptr(PyUnicode_FromFormat("%d.%d", SUDO_API_VERSION_GET_MAJOR(version),
+ SUDO_API_VERSION_GET_MINOR(version)));
+}
+
+PyObject *
+py_from_passwd(const struct passwd *pwd)
+{
+ debug_decl(py_from_passwd, PYTHON_DEBUG_INTERNAL);
+
+ if (pwd == NULL) {
+ debug_return_ptr_pynone;
+ }
+
+ // Create a tuple similar and convertible to python "struct_passwd" of "pwd" module
+ debug_return_ptr(
+ Py_BuildValue("(zziizzz)", pwd->pw_name, pwd->pw_passwd,
+ pwd->pw_uid, pwd->pw_gid, pwd->pw_gecos,
+ pwd->pw_dir, pwd->pw_shell)
+ );
+}
+
+char *
+py_create_string_rep(PyObject *py_object)
+{
+ debug_decl(py_create_string_rep, PYTHON_DEBUG_INTERNAL);
+ char *result = NULL;
+
+ if (py_object == NULL)
+ debug_return_ptr(NULL);
+
+ PyObject *py_string = PyObject_Str(py_object);
+ if (py_string != NULL) {
+ const char *bytes = PyUnicode_AsUTF8(py_string);
+ if (bytes != NULL) {
+ /*
+ * Convert from old format w/ numeric value to new without it.
+ * Old: (<DEBUG.ERROR: 2>, 'ERROR level debug message')
+ * New: (DEBUG.ERROR, 'ERROR level debug message')
+ */
+ if (bytes[0] == '(' && bytes[1] == '<') {
+ const char *colon = strchr(bytes + 2, ':');
+ if (colon != NULL && colon[1] == ' ') {
+ const char *cp = colon + 2;
+ while (isdigit((unsigned char)*cp))
+ cp++;
+ if (cp[0] == '>' && (cp[1] == ',' || cp[1] == '\0')) {
+ bytes += 2;
+ if (asprintf(&result, "(%.*s%s", (int)(colon - bytes),
+ bytes, cp + 1) == -1) {
+ result = NULL;
+ goto done;
+ }
+ }
+ }
+ }
+ if (result == NULL)
+ result = strdup(bytes);
+ }
+ }
+
+done:
+ Py_XDECREF(py_string);
+ debug_return_ptr(result);
+}
+
+static void
+_py_debug_python_function(const char *class_name, const char *function_name, const char *message,
+ PyObject *py_args, PyObject *py_kwargs, unsigned int subsystem_id)
+{
+ debug_decl_vars(_py_debug_python_function, subsystem_id);
+
+ if (sudo_debug_needed(SUDO_DEBUG_DIAG)) {
+ char *args_str = NULL;
+ char *kwargs_str = NULL;
+ if (py_args != NULL) {
+ /* Sort by key for consistent output on Python < 3.6 */
+ PyObject *py_args_sorted = NULL;
+ if (PyDict_Check(py_args)) {
+ py_args_sorted = PyDict_Items(py_args);
+ if (py_args_sorted != NULL) {
+ if (PyList_Sort(py_args_sorted) == 0) {
+ py_args = py_args_sorted;
+ }
+ }
+ }
+ args_str = py_create_string_rep(py_args);
+ if (args_str != NULL && strncmp(args_str, "RC.", 3) == 0) {
+ /* Strip leading RC. to match python 3.10 behavior. */
+ memmove(args_str, args_str + 3, strlen(args_str + 3) + 1);
+ }
+ Py_XDECREF(py_args_sorted);
+ }
+ if (py_kwargs != NULL) {
+ /* Sort by key for consistent output on Python < 3.6 */
+ PyObject *py_kwargs_sorted = NULL;
+ if (PyDict_Check(py_kwargs)) {
+ py_kwargs_sorted = PyDict_Items(py_kwargs);
+ if (py_kwargs_sorted != NULL) {
+ if (PyList_Sort(py_kwargs_sorted) == 0) {
+ py_kwargs = py_kwargs_sorted;
+ }
+ }
+ }
+ kwargs_str = py_create_string_rep(py_kwargs);
+ Py_XDECREF(py_kwargs_sorted);
+ }
+
+ sudo_debug_printf(SUDO_DEBUG_DIAG, "%s.%s %s: %s%s%s\n", class_name,
+ function_name, message, args_str ? args_str : "()",
+ kwargs_str ? " " : "", kwargs_str ? kwargs_str : "");
+ free(args_str);
+ free(kwargs_str);
+ }
+}
+
+void
+py_debug_python_call(const char *class_name, const char *function_name,
+ PyObject *py_args, PyObject *py_kwargs,
+ unsigned int subsystem_id)
+{
+ debug_decl_vars(py_debug_python_call, subsystem_id);
+
+ if (subsystem_id == PYTHON_DEBUG_C_CALLS && sudo_debug_needed(SUDO_DEBUG_INFO)) {
+ // at this level we also output the callee python script
+ char *callee_func_name = NULL, *callee_file_name = NULL;
+ long callee_line_number = -1;
+
+ if (py_get_current_execution_frame(&callee_file_name, &callee_line_number, &callee_func_name) == SUDO_RC_OK) {
+ sudo_debug_printf(SUDO_DEBUG_INFO, "%s @ %s:%ld calls C function:\n",
+ callee_func_name, callee_file_name, callee_line_number);
+ }
+
+ free(callee_func_name);
+ free(callee_file_name);
+ }
+
+ _py_debug_python_function(class_name, function_name, "was called with arguments",
+ py_args, py_kwargs, subsystem_id);
+}
+
+void
+py_debug_python_result(const char *class_name, const char *function_name,
+ PyObject *py_result, unsigned int subsystem_id)
+{
+ if (py_result == NULL) {
+ debug_decl_vars(py_debug_python_result, subsystem_id);
+ sudo_debug_printf(SUDO_CONV_ERROR_MSG, "%s.%s call failed\n",
+ class_name, function_name);
+ } else {
+ _py_debug_python_function(class_name, function_name, "returned result",
+ py_result, NULL, subsystem_id);
+ }
+}
+
+void
+str_array_free(char ***array)
+{
+ debug_decl(str_array_free, PYTHON_DEBUG_INTERNAL);
+
+ if (*array == NULL)
+ debug_return;
+
+ for (char **item_ptr = *array; *item_ptr != NULL; ++item_ptr)
+ free(*item_ptr);
+
+ free(*array);
+ *array = NULL;
+
+ debug_return;
+}
+
+int
+py_get_current_execution_frame(char **file_name, long *line_number, char **function_name)
+{
+ *file_name = NULL;
+ *line_number = (long)-1;
+ *function_name = NULL;
+
+ PyObject *py_err_type = NULL, *py_err_value = NULL, *py_err_traceback = NULL;
+ PyErr_Fetch(&py_err_type, &py_err_value, &py_err_traceback);
+
+ PyObject *py_frame = NULL, *py_f_code = NULL,
+ *py_filename = NULL, *py_function_name = NULL;
+
+ PyObject *py_getframe = PySys_GetObject("_getframe");
+ if (py_getframe == NULL)
+ goto cleanup;
+
+ py_frame = PyObject_CallFunction(py_getframe, "i", 0);
+ if (py_frame == NULL)
+ goto cleanup;
+
+ *line_number = py_object_get_optional_attr_number(py_frame, "f_lineno");
+
+ py_f_code = py_object_get_optional_attr(py_frame, "f_code", NULL);
+ if (py_f_code != NULL) {
+ py_filename = py_object_get_optional_attr(py_f_code, "co_filename", NULL);
+ if (py_filename != NULL)
+ *file_name = strdup(PyUnicode_AsUTF8(py_filename));
+
+ py_function_name = py_object_get_optional_attr(py_f_code, "co_name", NULL);
+ if (py_function_name != NULL)
+ *function_name = strdup(PyUnicode_AsUTF8(py_function_name));
+ }
+
+cleanup:
+ Py_CLEAR(py_frame);
+ Py_CLEAR(py_f_code);
+ Py_CLEAR(py_filename);
+ Py_CLEAR(py_function_name);
+
+ // we hide every error happening inside this function
+ PyErr_Restore(py_err_type, py_err_value, py_err_traceback);
+
+ return (*file_name && *function_name && (*line_number >= 0)) ?
+ SUDO_RC_OK : SUDO_RC_ERROR;
+}
+
+void
+py_ctx_reset()
+{
+ memset(&py_ctx, 0, sizeof(py_ctx));
+ py_ctx.sudo_log = &_sudo_printf_default;
+}
+
+int
+py_sudo_conv(int num_msgs, const struct sudo_conv_message msgs[],
+ struct sudo_conv_reply replies[], struct sudo_conv_callback *callback)
+{
+ /* Enable suspend during password entry. */
+ struct sigaction sa, saved_sigtstp;
+ sigemptyset(&sa.sa_mask);
+ sa.sa_flags = SA_RESTART;
+ sa.sa_handler = SIG_DFL;
+ (void) sigaction(SIGTSTP, &sa, &saved_sigtstp);
+
+ int rc = SUDO_RC_ERROR;
+ if (py_ctx.sudo_conv != NULL)
+ rc = py_ctx.sudo_conv((int)num_msgs, msgs, replies, callback);
+
+ /* Restore signal handlers and signal mask. */
+ (void) sigaction(SIGTSTP, &saved_sigtstp, NULL);
+
+ return rc;
+}
+
+PyObject *
+py_object_get_optional_attr(PyObject *py_object, const char *attr, PyObject *py_default)
+{
+ if (PyObject_HasAttrString(py_object, attr)) {
+ return PyObject_GetAttrString(py_object, attr);
+ }
+ Py_XINCREF(py_default); // whatever we return will have its refcount incremented
+ return py_default;
+}
+
+const char *
+py_object_get_optional_attr_string(PyObject *py_object, const char *attr_name)
+{
+ PyObject *py_value = py_object_get_optional_attr(py_object, attr_name, NULL);
+ if (py_value == NULL)
+ return NULL;
+
+ const char *value = PyUnicode_AsUTF8(py_value);
+ Py_CLEAR(py_value); // Note, the object still has reference to the attribute
+ return value;
+}
+
+long
+py_object_get_optional_attr_number(PyObject *py_object, const char *attr_name)
+{
+ PyObject *py_value = py_object_get_optional_attr(py_object, attr_name, NULL);
+ if (py_value == NULL)
+ return -1;
+
+ long value = PyLong_AsLong(py_value);
+ Py_CLEAR(py_value);
+ return value;
+}
+
+void
+py_object_set_attr_number(PyObject *py_object, const char *attr_name, long number)
+{
+ PyObject *py_number = PyLong_FromLong(number);
+ if (py_number == NULL)
+ return;
+
+ PyObject_SetAttrString(py_object, attr_name, py_number);
+ Py_CLEAR(py_number);
+}
+
+void
+py_object_set_attr_string(PyObject *py_object, const char *attr_name, const char *value)
+{
+ PyObject *py_value = PyUnicode_FromString(value);
+ if (py_value == NULL)
+ return;
+
+ PyObject_SetAttrString(py_object, attr_name, py_value);
+ Py_CLEAR(py_value);
+}
+
+PyObject *
+py_dict_create_string_int(size_t count, struct key_value_str_int *key_values)
+{
+ debug_decl(py_dict_create_string_int, PYTHON_DEBUG_INTERNAL);
+
+ PyObject *py_value = NULL;
+ PyObject *py_dict = PyDict_New();
+ if (py_dict == NULL)
+ goto cleanup;
+
+ for (size_t i = 0; i < count; ++i) {
+ py_value = PyLong_FromLong(key_values[i].value);
+ if (py_value == NULL)
+ goto cleanup;
+
+ if (PyDict_SetItemString(py_dict, key_values[i].key, py_value) < 0)
+ goto cleanup;
+
+ Py_CLEAR(py_value);
+ }
+
+cleanup:
+ if (PyErr_Occurred()) {
+ Py_CLEAR(py_dict);
+ }
+ Py_CLEAR(py_value);
+
+ debug_return_ptr(py_dict);
+}