Exemple #1
0
    def open(self, argv, command_info):
        try:
            conv_timeout = 120  # in seconds
            sudo.log_info("Please provide your reason "
                          "for executing {}".format(argv))

            # We ask two questions, the second is not visible on screen,
            # so the user can hide a hidden message in case of criminals are
            # forcing him for running the command.
            # You can either specify the arguments in strict order (timeout
            # being optional), or use named arguments.
            message1 = sudo.ConvMessage(sudo.CONV.PROMPT_ECHO_ON, "Reason: ",
                                        conv_timeout)
            message2 = sudo.ConvMessage(msg="Secret reason: ",
                                        timeout=conv_timeout,
                                        msg_type=sudo.CONV.PROMPT_MASK)
            reply1, reply2 = sudo.conv(message1,
                                       message2,
                                       on_suspend=self.on_conversation_suspend,
                                       on_resume=self.on_conversation_resume)

            with open(self._log_file_path(), "a") as file:
                print("Executed", ' '.join(argv), file=file)
                print("Reason:", reply1, file=file)
                print("Hidden reason:", reply2, file=file)

        except sudo.ConversationInterrupted:
            sudo.log_error("You did not answer in time")
            return sudo.RC.REJECT
 def close(self, exit_status: int, error: int) -> None:
     if error == 0:
         sudo.log_info("The command returned with exit_status {}".format(
             exit_status))
     else:
         error_name = errno.errorcode.get(error, "???")
         sudo.log_error(
             "Failed to execute command, execve syscall returned "
             "{} ({})".format(error, error_name))
    def check_policy(self, argv: Tuple[str, ...], env_add: Tuple[str, ...]):
        cmd = argv[0]
        # Example for a simple reject:
        if not self._is_command_allowed(cmd):
            sudo.log_error("You are not allowed to run this command!")
            return sudo.RC_REJECT

        # The environment the command will be executed with (we allow any here)
        user_env_out = sudo.options_from_dict(self.user_env) + env_add

        try:
            command_info_out = sudo.options_from_dict({
                "command": self._find_on_path(cmd),  # Absolute path of command
                "runas_uid": self._runas_uid(),      # The user id
                "runas_gid": self._runas_gid(),      # The group id
            })
        except SudoPluginError as error:
            sudo.log_error(str(error))
            return sudo.RC_ERROR

        return (sudo.RC_ACCEPT, command_info_out, argv, user_env_out)