def open(self, argv, command_info): try: conv_timeout = 120 # in seconds sudo.log_info("Please provide your reason " "for executing {}".format(argv)) # We ask two questions, the second is not visible on screen, # so the user can hide a hidden message in case of criminals are # forcing him for running the command. # You can either specify the arguments in strict order (timeout # being optional), or use named arguments. message1 = sudo.ConvMessage(sudo.CONV.PROMPT_ECHO_ON, "Reason: ", conv_timeout) message2 = sudo.ConvMessage(msg="Secret reason: ", timeout=conv_timeout, msg_type=sudo.CONV.PROMPT_MASK) reply1, reply2 = sudo.conv(message1, message2, on_suspend=self.on_conversation_suspend, on_resume=self.on_conversation_resume) with open(self._log_file_path(), "a") as file: print("Executed", ' '.join(argv), file=file) print("Reason:", reply1, file=file) print("Hidden reason:", reply2, file=file) except sudo.ConversationInterrupted: sudo.log_error("You did not answer in time") return sudo.RC.REJECT
def close(self, exit_status: int, error: int) -> None: if error == 0: sudo.log_info("The command returned with exit_status {}".format( exit_status)) else: error_name = errno.errorcode.get(error, "???") sudo.log_error( "Failed to execute command, execve syscall returned " "{} ({})".format(error, error_name))
def list(self, argv: Tuple[str, ...], is_verbose: int, user: str): cmd = argv[0] if argv else None as_user_text = "as user '{}'".format(user) if user else "" if cmd: allowed_text = "" if self._is_command_allowed(cmd) else "NOT " sudo.log_info("You are {}allowed to execute command '{}'{}" .format(allowed_text, cmd, as_user_text)) if not cmd or is_verbose: sudo.log_info("Only the following commands are allowed:", ", ".join(self._allowed_commands), as_user_text)
def check(self, command_info: tuple, run_argv: tuple, run_env: tuple) -> int: error_msg = "" now = datetime.now() if now.weekday() >= 5: error_msg = "That is not allowed on the weekend!" if now.hour < 8 or now.hour > 17: error_msg = "That is not allowed outside the business hours!" if error_msg: sudo.log_info(error_msg) raise sudo.PluginReject(error_msg)
def __init__(self, plugin_options, **kwargs): sudo.log_info("PATH before: {} (should be empty)".format(sys.path)) sys.path = [sudo.options_as_dict(plugin_options).get("Path")] sudo.log_info("PATH set: {}".format(sys.path))
def on_conversation_resume(self, signum): # This is just an example of how to do something on conversation # resume. You can skip specifying 'on_resume' argument if there # is no need sudo.log_info("conversation resume: signal was", self._signal_name(signum))
def on_conversation_suspend(self, signum): # This is just an example of how to do something on conversation # suspend. You can skip specifying 'on_suspend' argument if there # is no need sudo.log_info("conversation suspend: signal", self._signal_name(signum))
def _log(self, string): # For the example, we just log to output (this could be a file) sudo.log_info(self._log_line_prefix, string)
def show_version(self, is_verbose: bool) -> int: version_str = " (version=1.0)" if is_verbose else "" sudo.log_info("Python Example Audit Plugin" + version_str)
def __init__(self, plugin_options, **kwargs): id = sudo.options_as_dict(plugin_options).get("Id", "") super().__init__(plugin_options=plugin_options, **kwargs) self._id = "(APPROVAL {})".format(id) sudo.log_info("{} Constructed:".format(self._id)) sudo.log_info(json.dumps(self.__dict__, indent=4))
def show_version(self, *args): sudo.log_info("{} Show version was called with arguments: " "{}".format(self._id, args))
def check(self, *args): sudo.log_info("{} Check was called with arguments: " "{}".format(self._id, args))
def __del__(self): sudo.log_info("{} Destructed successfully".format(self._id))
def show_version(self, is_verbose: int): sudo.log_info("Python Policy Plugin version: {}".format(VERSION)) if is_verbose: sudo.log_info("Python interpreter version:", sys.version)
def _open_log_file(self, log_path): sudo.log_info("Example sudo python plugin will log to", log_path) self._log_file = open(log_path, "a")
def show_version(self, is_verbose: int) -> int: sudo.log_info("Python Example IO Plugin version: {}".format(VERSION)) if is_verbose: sudo.log_info("Python interpreter version:", sys.version)