mir/sudo
2
0
Fork 0
mirror of https://github.com/sudo-project/sudo.git synced 2025-09-01 14:55:12 +00:00
Code Issues Releases Wiki Activity

Add an approval plugin type that runs after the policy plugin.

Browse Source 
The basic idea is that the approval plugin adds an additional
layer of policy.  There can be multiple approval plugins.
This commit is contained in:
Todd C. Miller
2020-02-06 12:49:11 -07:00
parent 084cad2120
commit db17cadaf6
6 changed files with 800 additions and 48 deletions
Download Patch File Download Diff File Expand all files Collapse all files

30
src/load_plugins.c
View File

@@ -243,7 +243,9 @@ cleanup:
static bool
sudo_load_plugin(struct plugin_container *policy_plugin,
struct plugin_container_list *io_plugins,
struct plugin_container_list *audit_plugins, struct plugin_info *info)
struct plugin_container_list *audit_plugins,
struct plugin_container_list *approval_plugins,
struct plugin_info *info)
{
struct plugin_container *container = NULL;
struct generic_plugin *plugin;
@@ -330,6 +332,20 @@ sudo_load_plugin(struct plugin_container *policy_plugin,
goto done;
TAILQ_INSERT_TAIL(audit_plugins, container, entries);
break;
case SUDO_APPROVAL_PLUGIN:
if (plugin_exists(approval_plugins, info)) {
plugin = sudo_plugin_try_to_clone(handle, info->symbol_name);
if (plugin == NULL) {
sudo_warnx(U_("ignoring duplicate approval plugin \"%s\" in %s, line %d"),
info->symbol_name, _PATH_SUDO_CONF, info->lineno);
ret = true;
goto done;
}
}
if ((container = new_container(handle, path, plugin, info)) == NULL)
goto done;
TAILQ_INSERT_TAIL(approval_plugins, container, entries);
break;
default:
sudo_warnx(U_("error in %s, line %d while loading plugin \"%s\""),
_PATH_SUDO_CONF, info->lineno, info->symbol_name);
@@ -370,7 +386,8 @@ free_plugin_info(struct plugin_info *info)
bool
sudo_load_plugins(struct plugin_container *policy_plugin,
struct plugin_container_list *io_plugins,
struct plugin_container_list *audit_plugins)
struct plugin_container_list *audit_plugins,
struct plugin_container_list *approval_plugins)
{
struct plugin_container *container;
struct plugin_info_list *plugins;
@@ -381,7 +398,8 @@ sudo_load_plugins(struct plugin_container *policy_plugin,
/* Walk the plugin list from sudo.conf, if any and free it. */
plugins = sudo_conf_plugins();
TAILQ_FOREACH_SAFE(info, plugins, entries, next) {
ret = sudo_load_plugin(policy_plugin, io_plugins, audit_plugins, info);
ret = sudo_load_plugin(policy_plugin, io_plugins, audit_plugins,
approval_plugins, info);
if (!ret)
goto done;
free_plugin_info(info);
@@ -407,7 +425,8 @@ sudo_load_plugins(struct plugin_container *policy_plugin,
goto done;
}
/* info->options = NULL; */
ret = sudo_load_plugin(policy_plugin, io_plugins, audit_plugins, info);
ret = sudo_load_plugin(policy_plugin, io_plugins, audit_plugins,
approval_plugins, info);
free_plugin_info(info);
if (!ret)
goto done;
@@ -427,7 +446,8 @@ sudo_load_plugins(struct plugin_container *policy_plugin,
goto done;
}
/* info->options = NULL; */
ret = sudo_load_plugin(policy_plugin, io_plugins, audit_plugins, info);
ret = sudo_load_plugin(policy_plugin, io_plugins, audit_plugins,
approval_plugins, info);
free_plugin_info(info);
if (!ret)
goto done;