def __init__(self, plugin_options, user_info, **kwargs):
# For loading multiple times, an optional "Id" can be specified
# as argument to identify the log lines
plugin_id = sudo.options_as_dict(plugin_options).get("Id", "")
self._log_line_prefix = "(AUDIT{}) ".format(plugin_id)
user_info_dict = sudo.options_as_dict(user_info)
user = user_info_dict.get("user", "???")
uid = user_info_dict.get("uid", "???")
self._log("-- Started by user {} ({}) -- ".format(user, uid))
def __init__(self, plugin_options, **kwargs):
# Specify: "py_calls@info" debug option to show the call to this
# constructor and the arguments passed in
# Specifying "plugin@err" debug option will show this message
# (or any more verbose level)
sudo.debug(sudo.DEBUG.ERROR, "My demo purpose plugin shows "
"this ERROR level debug message")
# Specifying "plugin@info" debug option will show this message
# (or any more verbose level)
sudo.debug(sudo.DEBUG.INFO, "My demo purpose plugin shows "
"this INFO level debug message")
# If you raise the level to info or below, the call of the debug
# will also be logged.
# An example output you will see in the debug log file:
# Dec 5 15:19:19 sudo[123040] __init__ @ /.../example_debugging.py:54 debugs:
# Dec 5 15:19:19 sudo[123040] My demo purpose plugin shows this ERROR level debug message
# Specify: "c_calls@diag" debug option to show this call and its
# arguments. If you specify info debug level instead ("c_calls@info"),
# you will also see the python function and line from which you called
# the 'options_as_dict' function.
self.plugin_options = sudo.options_as_dict(plugin_options)
def __init__(self, user_env: Tuple[str, ...], settings: Tuple[str, ...],
version: str, **kwargs):
"""The constructor matches the C sudo plugin API open() call
Other variables you can currently use as arguments are:
user_info: Tuple[str, ...]
plugin_options: Tuple[str, ...]
For their detailed description, see the open() call of the C plugin API
in the sudo manual ("man sudo").
"""
if not version.startswith("1."):
raise sudo.SudoException(
"This plugin plugin is not compatible with python plugin"
"API version {}".format(version))
self.user_env = sudo.options_as_dict(user_env)
self.settings = sudo.options_as_dict(settings)
def accept(self, plugin_name, plugin_type, command_info, run_argv,
run_envp) -> int:
info = sudo.options_as_dict(command_info)
cmd = list(run_argv)
cmd[0] = info.get("command")
self._log("Accepted command: {}".format(" ".join(cmd)))
self._log(" By the plugin: {} (type={})".format(
plugin_name, self.__plugin_type_str(plugin_type)))
self._log(" Environment: " + " ".join(run_envp))
def __init__(self, version: str, plugin_options: tuple, **kwargs):
"""The constructor of the IO plugin.
Other variables you can currently use as arguments are:
user_env: tuple
settings: tuple
user_info: tuple
For their detailed description, see the open() call of the C plugin API
in the sudo manual ("man sudo").
"""
if not version.startswith("1."):
raise sudo.SudoException(
"This plugin plugin is not compatible with python plugin"
"API version {}".format(version))
# convert tuple of "key=value"s to dict
plugin_options = sudo.options_as_dict(plugin_options)
log_path = plugin_options.get("LogPath", "/tmp")
self._open_log_file(path.join(log_path, "sudo.log"))
self._log("", "-- Plugin STARTED --")
def __init__(self, plugin_options, **kwargs):
# Specify: "py_calls@info" debug option to show the call to this
# constructor and the arguments passed in
# Specifying "plugin@err" debug option will show this message
# (or any more verbose level)
sudo.debug(
sudo.DEBUG.ERROR, "My demo purpose plugin shows "
"this ERROR level debug message")
# Specifying "plugin@info" debug option will show this message
# (or any more verbose level)
sudo.debug(
sudo.DEBUG.INFO, "My demo purpose plugin shows "
"this INFO level debug message")
# You can also use python log system, because sudo sets its log handler
# on the root logger.
# Note that the level of python logging is separate than the one set in
# sudo.conf. If using the python logger, each will have effect.
logger = logging.getLogger()
logger.setLevel(logging.INFO)
logger.error("Python log system shows this ERROR level debug message")
logger.info("Python log system shows this INFO level debug message")
# If you raise the level to info or below, the call of the debug
# will also be logged.
# An example output you will see in the debug log file:
# Dec 5 15:19:19 sudo[123040] __init__ @ /.../example_debugging.py:54 debugs:
# Dec 5 15:19:19 sudo[123040] My demo purpose plugin shows this ERROR level debug message
# Specify: "c_calls@diag" debug option to show this call and its
# arguments. If you specify info debug level instead ("c_calls@info"),
# you will also see the python function and line from which you called
# the 'options_as_dict' function.
self.plugin_options = sudo.options_as_dict(plugin_options)
def __init__(self, plugin_options, **kwargs):
sudo.log_info("PATH before: {} (should be empty)".format(sys.path))
sys.path = [sudo.options_as_dict(plugin_options).get("Path")]
sudo.log_info("PATH set: {}".format(sys.path))
def _log_file_path(self):
options_dict = sudo.options_as_dict(self.plugin_options)
log_path = options_dict.get("LogPath", "/tmp")
return path.join(log_path, "sudo_reasons.txt")
def __init__(self, plugin_options, **kwargs):
id = sudo.options_as_dict(plugin_options).get("Id", "")
super().__init__(plugin_options=plugin_options, **kwargs)
self._id = "(APPROVAL {})".format(id)
sudo.log_info("{} Constructed:".format(self._id))
sudo.log_info(json.dumps(self.__dict__, indent=4))