|
version 1.1.1.5, 2013/10/14 07:56:34
|
version 1.1.1.6, 2014/06/15 16:12:54
|
|
Line 16
|
Line 16
|
| .\" OR IN CONNECTION WITH THE USE OR PERFORMANCE OF THIS SOFTWARE. |
.\" OR IN CONNECTION WITH THE USE OR PERFORMANCE OF THIS SOFTWARE. |
| .\" ADVISED OF THE POSSIBILITY OF SUCH DAMAGE. |
.\" ADVISED OF THE POSSIBILITY OF SUCH DAMAGE. |
| .\" |
.\" |
| .TH "SUDO_PLUGIN" "5" "August 16, 2013" "Sudo @PACKAGE_VERSION@" "OpenBSD Programmer's Manual" | .TH "SUDO_PLUGIN" "5" "December 20, 2013" "Sudo @PACKAGE_VERSION@" "OpenBSD Programmer's Manual" |
| .nh |
.nh |
| .if n .ad l |
.if n .ad l |
| .SH "NAME" |
.SH "NAME" |
|
Line 27 Starting with version 1.8,
|
Line 27 Starting with version 1.8,
|
| \fBsudo\fR |
\fBsudo\fR |
| supports a plugin API |
supports a plugin API |
| for policy and session logging. |
for policy and session logging. |
| |
Plugins may be compiled as dynamic shared objects (the default on |
| |
systems that support them) or compiled statically into the |
| |
\fBsudo\fR |
| |
binary itself. |
| By default, the |
By default, the |
| \fBsudoers\fR |
\fBsudoers\fR |
| policy plugin and an associated I/O logging plugin are used. |
policy plugin and an associated I/O logging plugin are used. |
|
Line 107 to determine the API version the plugin was
|
Line 111 to determine the API version the plugin was
|
| built against. |
built against. |
| .TP 6n |
.TP 6n |
| open |
open |
| .RS |
|
| .nf |
.nf |
| .RS 0n | .RS 6n |
| int (*open)(unsigned int version, sudo_conv_t conversation, |
int (*open)(unsigned int version, sudo_conv_t conversation, |
| sudo_printf_t plugin_printf, char * const settings[], |
sudo_printf_t plugin_printf, char * const settings[], |
| char * const user_info[], char * const user_env[], |
char * const user_info[], char * const user_env[], |
| char * const plugin_options[]); |
char * const plugin_options[]); |
| .RE |
.RE |
| .fi |
.fi |
| |
.RS 6n |
| .sp |
.sp |
| Returns 1 on success, 0 on failure, \-1 if a general error occurred, |
Returns 1 on success, 0 on failure, \-1 if a general error occurred, |
| or \-2 if there was a usage error. |
or \-2 if there was a usage error. |
|
Line 156 settings
|
Line 160 settings
|
| A vector of user-supplied |
A vector of user-supplied |
| \fBsudo\fR |
\fBsudo\fR |
| settings in the form of |
settings in the form of |
| ``name=value'' | \(lqname=value\(rq |
| strings. |
strings. |
| The vector is terminated by a |
The vector is terminated by a |
| \fRNULL\fR |
\fRNULL\fR |
|
Line 171 When parsing
|
Line 175 When parsing
|
| the plugin should split on the |
the plugin should split on the |
| \fBfirst\fR |
\fBfirst\fR |
| equal sign |
equal sign |
| (`=') | (\(oq=\(cq) |
| since the |
since the |
| \fIname\fR |
\fIname\fR |
| field will never include one |
field will never include one |
| itself but the |
itself but the |
| \fIvalue\fR |
\fIvalue\fR |
| might. |
might. |
| .RS | .PP |
| | .RS 6n |
| | .PD 0 |
| .TP 6n |
.TP 6n |
| bsdauth_type=string |
bsdauth_type=string |
| Authentication type, if specified by the |
Authentication type, if specified by the |
| \fB\-a\fR |
\fB\-a\fR |
| flag, to use on |
flag, to use on |
| systems where BSD authentication is supported. |
systems where BSD authentication is supported. |
| |
.PD |
| .TP 6n |
.TP 6n |
| closefrom=number |
closefrom=number |
| If specified, the user has requested via the |
If specified, the user has requested via the |
|
Line 215 plugin is
|
Line 222 plugin is
|
| \fIsubsystem\fR@\fIpriority\fR |
\fIsubsystem\fR@\fIpriority\fR |
| but the plugin is free to use a different |
but the plugin is free to use a different |
| format so long as it does not include a comma |
format so long as it does not include a comma |
| (`,\&'). | (\(oq,\&\(cq). |
| There is not currently a way to specify a set of debug flags specific |
There is not currently a way to specify a set of debug flags specific |
| to the plugin--the flags are shared by |
to the plugin--the flags are shared by |
| \fBsudo\fR |
\fBsudo\fR |
|
Line 271 sudo.conf(@mansectform@).
|
Line 278 sudo.conf(@mansectform@).
|
| network_addrs=list |
network_addrs=list |
| A space-separated list of IP network addresses and netmasks in the |
A space-separated list of IP network addresses and netmasks in the |
| form |
form |
| ``addr/netmask'', | \(lqaddr/netmask\(rq, |
| e.g.\& |
e.g.\& |
| ``192.168.1.2/255.255.255.0''. | \(lq192.168.1.2/255.255.255.0\(rq. |
| The address and netmask pairs may be either IPv4 or IPv6, depending on |
The address and netmask pairs may be either IPv4 or IPv6, depending on |
| what the operating system supports. |
what the operating system supports. |
| If the address contains a colon |
If the address contains a colon |
| (`:\&'), | (\(oq:\&\(cq), |
| it is an IPv6 address, else it is IPv4. |
it is an IPv6 address, else it is IPv4. |
| .TP 6n |
.TP 6n |
| noninteractive=bool |
noninteractive=bool |
|
Line 312 based on the runas user.
|
Line 319 based on the runas user.
|
| .TP 6n |
.TP 6n |
| progname=string |
progname=string |
| The command name that sudo was run as, typically |
The command name that sudo was run as, typically |
| ``sudo'' | \(lqsudo\(rq |
| or |
or |
| ``sudoedit''. | \(lqsudoedit\(rq. |
| .TP 6n |
.TP 6n |
| prompt=string |
prompt=string |
| The prompt to use when requesting a password, if specified via |
The prompt to use when requesting a password, if specified via |
|
Line 388 section.
|
Line 395 section.
|
| .PP |
.PP |
| Additional settings may be added in the future so the plugin should |
Additional settings may be added in the future so the plugin should |
| silently ignore settings that it does not recognize. |
silently ignore settings that it does not recognize. |
| .PP |
|
| .RE |
.RE |
| .PD 0 |
|
| .TP 6n |
.TP 6n |
| user_info |
user_info |
| A vector of information about the user running the command in the form of |
A vector of information about the user running the command in the form of |
| ``name=value'' | \(lqname=value\(rq |
| strings. |
strings. |
| The vector is terminated by a |
The vector is terminated by a |
| \fRNULL\fR |
\fRNULL\fR |
|
Line 405 When parsing
|
Line 410 When parsing
|
| the plugin should split on the |
the plugin should split on the |
| \fBfirst\fR |
\fBfirst\fR |
| equal sign |
equal sign |
| (`=') | (\(oq=\(cq) |
| since the |
since the |
| \fIname\fR |
\fIname\fR |
| field will never include one |
field will never include one |
| itself but the |
itself but the |
| \fIvalue\fR |
\fIvalue\fR |
| might. |
might. |
| .RS | .PP |
| .PD | .RS 6n |
| | .PD 0 |
| .TP 6n |
.TP 6n |
| cols=int |
cols=int |
| The number of columns the user's terminal supports. |
The number of columns the user's terminal supports. |
| If there is no terminal device available, a default value of 80 is used. |
If there is no terminal device available, a default value of 80 is used. |
| |
.PD |
| .TP 6n |
.TP 6n |
| cwd=string |
cwd=string |
| The user's current working directory. |
The user's current working directory. |
|
Line 513 tty=string
|
Line 520 tty=string
|
| The path to the user's terminal device. |
The path to the user's terminal device. |
| If the user has no terminal device associated with the session, |
If the user has no terminal device associated with the session, |
| the value will be empty, as in |
the value will be empty, as in |
| ``\fRtty=\fR''. | \(lq\fRtty=\fR\(rq. |
| .TP 6n |
.TP 6n |
| uid=uid_t |
uid=uid_t |
| The real user ID of the user invoking |
The real user ID of the user invoking |
|
Line 522 The real user ID of the user invoking
|
Line 529 The real user ID of the user invoking
|
| user=string |
user=string |
| The name of the user invoking |
The name of the user invoking |
| \fBsudo\fR. |
\fBsudo\fR. |
| |
.PD 0 |
| .PP |
.PP |
| .RE |
.RE |
| .PD 0 | .PD |
| .TP 6n |
.TP 6n |
| user_env |
user_env |
| The user's environment in the form of a |
The user's environment in the form of a |
| \fRNULL\fR-terminated vector of |
\fRNULL\fR-terminated vector of |
| ``name=value'' | \(lqname=value\(rq |
| strings. |
strings. |
| .sp |
.sp |
| When parsing |
When parsing |
|
Line 537 When parsing
|
Line 545 When parsing
|
| the plugin should split on the |
the plugin should split on the |
| \fBfirst\fR |
\fBfirst\fR |
| equal sign |
equal sign |
| (`=') | (\(oq=\(cq) |
| since the |
since the |
| \fIname\fR |
\fIname\fR |
| field will never include one |
field will never include one |
| itself but the |
itself but the |
| \fIvalue\fR |
\fIvalue\fR |
| might. |
might. |
| .PD | .PD 0 |
| .PP |
.PP |
| .RE |
.RE |
| .PD 0 | .PD |
| .TP 6n |
.TP 6n |
| close |
close |
| .br |
.br |
| .RS |
|
| .nf |
.nf |
| .RS 0n | .RS 6n |
| void (*close)(int exit_status, int error); |
void (*close)(int exit_status, int error); |
| .RE |
.RE |
| .fi |
.fi |
| |
.RS 6n |
| .sp |
.sp |
| The |
The |
| \fBclose\fR() |
\fBclose\fR() |
|
Line 565 function is called when the command being run by
|
Line 573 function is called when the command being run by
|
| finishes. |
finishes. |
| .sp |
.sp |
| The function arguments are as follows: |
The function arguments are as follows: |
| .PD |
|
| .TP 6n |
.TP 6n |
| exit_status |
exit_status |
| The command's exit status, as returned by the |
The command's exit status, as returned by the |
|
Line 606 list, the
|
Line 613 list, the
|
| \fBsudo\fR |
\fBsudo\fR |
| front end may execute the command directly instead of running |
front end may execute the command directly instead of running |
| it as a child process. |
it as a child process. |
| .PP |
|
| .RE |
.RE |
| .PD 0 |
|
| .TP 6n |
.TP 6n |
| show_version |
show_version |
| .RS |
|
| .nf |
.nf |
| .RS 0n | .RS 6n |
| int (*show_version)(int verbose); |
int (*show_version)(int verbose); |
| .RE |
.RE |
| .fi |
.fi |
| |
.RS 6n |
| .sp |
.sp |
| The |
The |
| \fBshow_version\fR() |
\fBshow_version\fR() |
|
Line 633 or
|
Line 638 or
|
| function using |
function using |
| \fRSUDO_CONV_INFO_MSG\fR. |
\fRSUDO_CONV_INFO_MSG\fR. |
| If the user requests detailed version information, the verbose flag will be set. |
If the user requests detailed version information, the verbose flag will be set. |
| .PD |
|
| .PP |
|
| .RE |
.RE |
| .PD 0 |
|
| .TP 6n |
.TP 6n |
| check_policy |
check_policy |
| .RS |
|
| .nf |
.nf |
| .RS 0n | .RS 6n |
| int (*check_policy)(int argc, char * const argv[] |
int (*check_policy)(int argc, char * const argv[] |
| char *env_add[], char **command_info[], |
char *env_add[], char **command_info[], |
| char **argv_out[], char **user_env_out[]); |
char **argv_out[], char **user_env_out[]); |
| .RE |
.RE |
| .fi |
.fi |
| |
.RS 6n |
| .sp |
.sp |
| The |
The |
| \fBcheck_policy\fR() |
\fBcheck_policy\fR() |
|
Line 688 into
|
Line 690 into
|
| \fIargv_out\fR, |
\fIargv_out\fR, |
| separated from the |
separated from the |
| editor and its arguments by a |
editor and its arguments by a |
| ``\fR--\fR'' | \(lq\fR--\fR\(rq |
| element. |
element. |
| The |
The |
| ``\fR--\fR'' | \(lq\fR--\fR\(rq |
| will |
will |
| be removed by |
be removed by |
| \fBsudo\fR |
\fBsudo\fR |
|
Line 722 function with
|
Line 724 function with
|
| to present additional error information to the user. |
to present additional error information to the user. |
| .sp |
.sp |
| The function arguments are as follows: |
The function arguments are as follows: |
| .PD |
|
| .TP 6n |
.TP 6n |
| argc |
argc |
| The number of elements in |
The number of elements in |
|
Line 745 Additional environment variables specified by the user
|
Line 746 Additional environment variables specified by the user
|
| line in the form of a |
line in the form of a |
| \fRNULL\fR-terminated |
\fRNULL\fR-terminated |
| vector of |
vector of |
| ``name=value'' | \(lqname=value\(rq |
| strings. |
strings. |
| The plugin may reject the command if one or more variables |
The plugin may reject the command if one or more variables |
| are not allowed to be set, or it may silently ignore such variables. |
are not allowed to be set, or it may silently ignore such variables. |
|
Line 755 When parsing
|
Line 756 When parsing
|
| the plugin should split on the |
the plugin should split on the |
| \fBfirst\fR |
\fBfirst\fR |
| equal sign |
equal sign |
| (`=') | (\(oq=\(cq) |
| since the |
since the |
| \fIname\fR |
\fIname\fR |
| field will never include one |
field will never include one |
|
Line 765 might.
|
Line 766 might.
|
| .TP 6n |
.TP 6n |
| command_info |
command_info |
| Information about the command being run in the form of |
Information about the command being run in the form of |
| ``name=value'' | \(lqname=value\(rq |
| strings. |
strings. |
| These values are used by |
These values are used by |
| \fBsudo\fR |
\fBsudo\fR |
|
Line 777 which must be terminated with a
|
Line 778 which must be terminated with a
|
| pointer. |
pointer. |
| The following values are recognized by |
The following values are recognized by |
| \fBsudo\fR: |
\fBsudo\fR: |
| .RS | .PP |
| | .RS 6n |
| | .PD 0 |
| .TP 6n |
.TP 6n |
| chroot=string |
chroot=string |
| The root directory to use when running the command. |
The root directory to use when running the command. |
| |
.PD |
| .TP 6n |
.TP 6n |
| closefrom=number |
closefrom=number |
| If specified, |
If specified, |
|
Line 910 on BSD systems.
|
Line 914 on BSD systems.
|
| noexec=bool |
noexec=bool |
| If set, prevent the command from executing other programs. |
If set, prevent the command from executing other programs. |
| .TP 6n |
.TP 6n |
| |
preserve_fds=list |
| |
A comma-separated list of file descriptors that should be |
| |
preserved, regardless of the value of the |
| |
\fIclosefrom\fR |
| |
setting. |
| |
Only available starting with API version 1.5. |
| |
.TP 6n |
| preserve_groups=bool |
preserve_groups=bool |
| If set, |
If set, |
| \fBsudo\fR |
\fBsudo\fR |
|
Line 995 will base the new entry on
|
Line 1006 will base the new entry on
|
| the invoking user's existing entry. |
the invoking user's existing entry. |
| .PP |
.PP |
| Unsupported values will be ignored. |
Unsupported values will be ignored. |
| .PP |
|
| .RE |
.RE |
| .PD 0 |
|
| .TP 6n |
.TP 6n |
| argv_out |
argv_out |
| The |
The |
|
Line 1006 argument vector to pass to the
|
Line 1015 argument vector to pass to the
|
| execve(2) |
execve(2) |
| system call when executing the command. |
system call when executing the command. |
| The plugin is responsible for allocating and populating the vector. |
The plugin is responsible for allocating and populating the vector. |
| .PD |
|
| .TP 6n |
.TP 6n |
| user_env_out |
user_env_out |
| The |
The |
| \fRNULL\fR-terminated |
\fRNULL\fR-terminated |
| environment vector to use when executing the command. |
environment vector to use when executing the command. |
| The plugin is responsible for allocating and populating the vector. |
The plugin is responsible for allocating and populating the vector. |
| |
.PD 0 |
| .PP |
.PP |
| .RE |
.RE |
| .PD 0 | .PD |
| .TP 6n |
.TP 6n |
| list |
list |
| .RS |
|
| .nf |
.nf |
| .RS 0n | .RS 6n |
| int (*list)(int verbose, const char *list_user, |
int (*list)(int verbose, const char *list_user, |
| int argc, char * const argv[]); |
int argc, char * const argv[]); |
| .RE |
.RE |
| .fi |
.fi |
| |
.RS 6n |
| .sp |
.sp |
| List available privileges for the invoking user. |
List available privileges for the invoking user. |
| Returns 1 on success, 0 on failure and \-1 on error. |
Returns 1 on success, 0 on failure and \-1 on error. |
|
Line 1043 or
|
Line 1052 or
|
| \fBplugin_printf\fR() |
\fBplugin_printf\fR() |
| function using |
function using |
| \fRSUDO_CONV_INFO_MSG\fR, |
\fRSUDO_CONV_INFO_MSG\fR, |
| .PD |
|
| .TP 6n |
.TP 6n |
| verbose |
verbose |
| Flag indicating whether to list in verbose mode or not. |
Flag indicating whether to list in verbose mode or not. |
|
Line 1072 execve(2)
|
Line 1080 execve(2)
|
| system call. |
system call. |
| If the command is permitted by the policy, the fully-qualified path |
If the command is permitted by the policy, the fully-qualified path |
| to the command should be displayed along with any command line arguments. |
to the command should be displayed along with any command line arguments. |
| |
.PD 0 |
| .PP |
.PP |
| .RE |
.RE |
| .PD 0 | .PD |
| .TP 6n |
.TP 6n |
| validate |
validate |
| .RS |
|
| .nf |
.nf |
| .RS 0n | .RS 6n |
| int (*validate)(void); |
int (*validate)(void); |
| .RE |
.RE |
| .fi |
.fi |
| |
.RS 6n |
| .sp |
.sp |
| The |
The |
| \fBvalidate\fR() |
\fBvalidate\fR() |
|
Line 1112 function with
|
Line 1121 function with
|
| \fRSUDO_CONF_ERROR_MSG\fR |
\fRSUDO_CONF_ERROR_MSG\fR |
| to present additional |
to present additional |
| error information to the user. |
error information to the user. |
| .PD |
|
| .PP |
|
| .RE |
.RE |
| .PD 0 |
|
| .TP 6n |
.TP 6n |
| invalidate |
invalidate |
| .RS |
|
| .nf |
.nf |
| .RS 0n | .RS 6n |
| void (*invalidate)(int remove); |
void (*invalidate)(int remove); |
| .RE |
.RE |
| .fi |
.fi |
| |
.RS 6n |
| .sp |
.sp |
| The |
The |
| \fBinvalidate\fR() |
\fBinvalidate\fR() |
|
Line 1150 The
|
Line 1156 The
|
| function should be |
function should be |
| \fRNULL\fR |
\fRNULL\fR |
| if the plugin does not support credential caching. |
if the plugin does not support credential caching. |
| .PD |
|
| .PP |
|
| .RE |
.RE |
| .PD 0 |
|
| .TP 6n |
.TP 6n |
| init_session |
init_session |
| .RS |
|
| .nf |
.nf |
| .RS 0n | .RS 6n |
| int (*init_session)(struct passwd *pwd, char **user_envp[); |
int (*init_session)(struct passwd *pwd, char **user_envp[); |
| .RE |
.RE |
| .fi |
.fi |
| |
.RS 6n |
| .sp |
.sp |
| The |
The |
| \fBinit_session\fR() |
\fBinit_session\fR() |
|
Line 1194 argument points to the environment the command will
|
Line 1197 argument points to the environment the command will
|
| run in, in the form of a |
run in, in the form of a |
| \fRNULL\fR-terminated |
\fRNULL\fR-terminated |
| vector of |
vector of |
| ``name=value'' | \(lqname=value\(rq |
| strings. |
strings. |
| This is the same string passed back to the front end via |
This is the same string passed back to the front end via |
| the Policy Plugin's |
the Policy Plugin's |
|
Line 1230 function with
|
Line 1233 function with
|
| \fRSUDO_CONF_ERROR_MSG\fR |
\fRSUDO_CONF_ERROR_MSG\fR |
| to present additional |
to present additional |
| error information to the user. |
error information to the user. |
| .PD |
|
| .PP |
|
| .RE |
.RE |
| .PD 0 |
|
| .TP 6n |
.TP 6n |
| register_hooks |
register_hooks |
| .RS |
|
| .nf |
.nf |
| .RS 0n | .RS 6n |
| void (*register_hooks)(int version, |
void (*register_hooks)(int version, |
| int (*register_hook)(struct sudo_hook *hook)); |
int (*register_hook)(struct sudo_hook *hook)); |
| .RE |
.RE |
| .fi |
.fi |
| |
.RS 6n |
| .sp |
.sp |
| The |
The |
| \fBregister_hooks\fR() |
\fBregister_hooks\fR() |
|
Line 1285 front end doesn't support API
|
Line 1285 front end doesn't support API
|
| version 1.2 or higher, |
version 1.2 or higher, |
| \fRregister_hooks\fR |
\fRregister_hooks\fR |
| will not be called. |
will not be called. |
| .PD |
|
| .PP |
|
| .RE |
.RE |
| .PD 0 |
|
| .TP 6n |
.TP 6n |
| deregister_hooks |
deregister_hooks |
| .RS |
|
| .nf |
.nf |
| .RS 0n | .RS 6n |
| void (*deregister_hooks)(int version, |
void (*deregister_hooks)(int version, |
| int (*deregister_hook)(struct sudo_hook *hook)); |
int (*deregister_hook)(struct sudo_hook *hook)); |
| .RE |
.RE |
| .fi |
.fi |
| |
.RS 6n |
| .sp |
.sp |
| The |
The |
| \fBderegister_hooks\fR() |
\fBderegister_hooks\fR() |
|
Line 1342 version 1.2 or higher,
|
Line 1339 version 1.2 or higher,
|
| \fRderegister_hooks\fR |
\fRderegister_hooks\fR |
| will not be called. |
will not be called. |
| .RE |
.RE |
| .PD |
|
| .PP |
.PP |
| \fIPolicy Plugin Version Macros\fR |
\fIPolicy Plugin Version Macros\fR |
| .nf |
.nf |
|
Line 1443 to determine the API version the plugin was
|
Line 1439 to determine the API version the plugin was
|
| built against. |
built against. |
| .TP 6n |
.TP 6n |
| open |
open |
| .RS |
|
| .nf |
.nf |
| .RS 0n | .RS 6n |
| int (*open)(unsigned int version, sudo_conv_t conversation, |
int (*open)(unsigned int version, sudo_conv_t conversation, |
| sudo_printf_t plugin_printf, char * const settings[], |
sudo_printf_t plugin_printf, char * const settings[], |
| char * const user_info[], int argc, char * const argv[], |
char * const user_info[], int argc, char * const argv[], |
| char * const user_env[], char * const plugin_options[]); |
char * const user_env[], char * const plugin_options[]); |
| .RE |
.RE |
| .fi |
.fi |
| |
.RS 6n |
| .sp |
.sp |
| The |
The |
| \fBopen\fR() |
\fBopen\fR() |
|
Line 1521 settings
|
Line 1517 settings
|
| A vector of user-supplied |
A vector of user-supplied |
| \fBsudo\fR |
\fBsudo\fR |
| settings in the form of |
settings in the form of |
| ``name=value'' | \(lqname=value\(rq |
| strings. |
strings. |
| The vector is terminated by a |
The vector is terminated by a |
| \fRNULL\fR |
\fRNULL\fR |
|
Line 1536 When parsing
|
Line 1532 When parsing
|
| the plugin should split on the |
the plugin should split on the |
| \fBfirst\fR |
\fBfirst\fR |
| equal sign |
equal sign |
| (`=') | (\(oq=\(cq) |
| since the |
since the |
| \fIname\fR |
\fIname\fR |
| field will never include one |
field will never include one |
|
Line 1550 section for a list of all possible settings.
|
Line 1546 section for a list of all possible settings.
|
| .TP 6n |
.TP 6n |
| user_info |
user_info |
| A vector of information about the user running the command in the form of |
A vector of information about the user running the command in the form of |
| ``name=value'' | \(lqname=value\(rq |
| strings. |
strings. |
| The vector is terminated by a |
The vector is terminated by a |
| \fRNULL\fR |
\fRNULL\fR |
|
Line 1561 When parsing
|
Line 1557 When parsing
|
| the plugin should split on the |
the plugin should split on the |
| \fBfirst\fR |
\fBfirst\fR |
| equal sign |
equal sign |
| (`=') | (\(oq=\(cq) |
| since the |
since the |
| \fIname\fR |
\fIname\fR |
| field will never include one |
field will never include one |
|
Line 1592 user_env
|
Line 1588 user_env
|
| The user's environment in the form of a |
The user's environment in the form of a |
| \fRNULL\fR-terminated |
\fRNULL\fR-terminated |
| vector of |
vector of |
| ``name=value'' | \(lqname=value\(rq |
| strings. |
strings. |
| .sp |
.sp |
| When parsing |
When parsing |
|
Line 1600 When parsing
|
Line 1596 When parsing
|
| the plugin should split on the |
the plugin should split on the |
| \fBfirst\fR |
\fBfirst\fR |
| equal sign |
equal sign |
| (`=') | (\(oq=\(cq) |
| since the |
since the |
| \fIname\fR |
\fIname\fR |
| field will never include one |
field will never include one |
|
Line 1633 by the
|
Line 1629 by the
|
| front end before using |
front end before using |
| \fIplugin_options\fR. |
\fIplugin_options\fR. |
| Failure to do so may result in a crash. |
Failure to do so may result in a crash. |
| |
.PD 0 |
| .PP |
.PP |
| .RE |
.RE |
| .PD 0 | .PD |
| .TP 6n |
.TP 6n |
| close |
close |
| .br |
.br |
| .RS |
|
| .nf |
.nf |
| .RS 0n | .RS 6n |
| void (*close)(int exit_status, int error); |
void (*close)(int exit_status, int error); |
| .RE |
.RE |
| .fi |
.fi |
| |
.RS 6n |
| .sp |
.sp |
| The |
The |
| \fBclose\fR() |
\fBclose\fR() |
|
Line 1653 function is called when the command being run by
|
Line 1650 function is called when the command being run by
|
| finishes. |
finishes. |
| .sp |
.sp |
| The function arguments are as follows: |
The function arguments are as follows: |
| .PD |
|
| .TP 6n |
.TP 6n |
| exit_status |
exit_status |
| The command's exit status, as returned by the |
The command's exit status, as returned by the |
|
Line 1675 system call.
|
Line 1671 system call.
|
| If the command was successfully executed, the value of |
If the command was successfully executed, the value of |
| \fRerror\fR |
\fRerror\fR |
| is 0. |
is 0. |
| |
.PD 0 |
| .PP |
.PP |
| .RE |
.RE |
| .PD 0 | .PD |
| .TP 6n |
.TP 6n |
| show_version |
show_version |
| .RS |
|
| .nf |
.nf |
| .RS 0n | .RS 6n |
| int (*show_version)(int verbose); |
int (*show_version)(int verbose); |
| .RE |
.RE |
| .fi |
.fi |
| |
.RS 6n |
| .sp |
.sp |
| The |
The |
| \fBshow_version\fR() |
\fBshow_version\fR() |
|
Line 1702 or
|
Line 1699 or
|
| function using |
function using |
| \fRSUDO_CONV_INFO_MSG\fR. |
\fRSUDO_CONV_INFO_MSG\fR. |
| If the user requests detailed version information, the verbose flag will be set. |
If the user requests detailed version information, the verbose flag will be set. |
| .PD |
|
| .PP |
|
| .RE |
.RE |
| .PD 0 |
|
| .TP 6n |
.TP 6n |
| log_ttyin |
log_ttyin |
| .RS |
|
| .nf |
.nf |
| .RS 0n | .RS 6n |
| int (*log_ttyin)(const char *buf, unsigned int len); |
int (*log_ttyin)(const char *buf, unsigned int len); |
| .RE |
.RE |
| .fi |
.fi |
| |
.RS 6n |
| .sp |
.sp |
| The |
The |
| \fBlog_ttyin\fR() |
\fBlog_ttyin\fR() |
|
Line 1725 Returns 1 if the data should be passed to the command,
|
Line 1719 Returns 1 if the data should be passed to the command,
|
| is rejected (which will terminate the command) or \-1 if an error occurred. |
is rejected (which will terminate the command) or \-1 if an error occurred. |
| .sp |
.sp |
| The function arguments are as follows: |
The function arguments are as follows: |
| .PD |
|
| .TP 6n |
.TP 6n |
| buf |
buf |
| The buffer containing user input. |
The buffer containing user input. |
|
Line 1734 len
|
Line 1727 len
|
| The length of |
The length of |
| \fIbuf\fR |
\fIbuf\fR |
| in bytes. |
in bytes. |
| |
.PD 0 |
| .PP |
.PP |
| .RE |
.RE |
| .PD 0 | .PD |
| .TP 6n |
.TP 6n |
| log_ttyout |
log_ttyout |
| .RS |
|
| .nf |
.nf |
| .RS 0n | .RS 6n |
| int (*log_ttyout)(const char *buf, unsigned int len); |
int (*log_ttyout)(const char *buf, unsigned int len); |
| .RE |
.RE |
| .fi |
.fi |
| |
.RS 6n |
| .sp |
.sp |
| The |
The |
| \fBlog_ttyout\fR() |
\fBlog_ttyout\fR() |
|
Line 1756 Returns 1 if the data should be passed to the user, 0
|
Line 1750 Returns 1 if the data should be passed to the user, 0
|
| (which will terminate the command) or \-1 if an error occurred. |
(which will terminate the command) or \-1 if an error occurred. |
| .sp |
.sp |
| The function arguments are as follows: |
The function arguments are as follows: |
| .PD |
|
| .TP 6n |
.TP 6n |
| buf |
buf |
| The buffer containing command output. |
The buffer containing command output. |
|
Line 1765 len
|
Line 1758 len
|
| The length of |
The length of |
| \fIbuf\fR |
\fIbuf\fR |
| in bytes. |
in bytes. |
| |
.PD 0 |
| .PP |
.PP |
| .RE |
.RE |
| .PD 0 | .PD |
| .TP 6n |
.TP 6n |
| log_stdin |
log_stdin |
| .RS |
|
| .nf |
.nf |
| .RS 0n | .RS 6n |
| int (*log_stdin)(const char *buf, unsigned int len); |
int (*log_stdin)(const char *buf, unsigned int len); |
| .RE |
.RE |
| .fi |
.fi |
| |
.RS 6n |
| .sp |
.sp |
| The |
The |
| \fBlog_stdin\fR() |
\fBlog_stdin\fR() |
|
Line 1789 Returns 1 if the data should be passed to the command,
|
Line 1783 Returns 1 if the data should be passed to the command,
|
| rejected (which will terminate the command) or \-1 if an error occurred. |
rejected (which will terminate the command) or \-1 if an error occurred. |
| .sp |
.sp |
| The function arguments are as follows: |
The function arguments are as follows: |
| .PD |
|
| .TP 6n |
.TP 6n |
| buf |
buf |
| The buffer containing user input. |
The buffer containing user input. |
|
Line 1798 len
|
Line 1791 len
|
| The length of |
The length of |
| \fIbuf\fR |
\fIbuf\fR |
| in bytes. |
in bytes. |
| |
.PD 0 |
| .PP |
.PP |
| .RE |
.RE |
| .PD 0 | .PD |
| .TP 6n |
.TP 6n |
| log_stdout |
log_stdout |
| .RS |
|
| .nf |
.nf |
| .RS 0n | .RS 6n |
| int (*log_stdout)(const char *buf, unsigned int len); |
int (*log_stdout)(const char *buf, unsigned int len); |
| .RE |
.RE |
| .fi |
.fi |
| |
.RS 6n |
| .sp |
.sp |
| The |
The |
| \fBlog_stdout\fR() |
\fBlog_stdout\fR() |
|
Line 1822 Returns 1 if the data should be passed to the user, 0
|
Line 1816 Returns 1 if the data should be passed to the user, 0
|
| rejected (which will terminate the command) or \-1 if an error occurred. |
rejected (which will terminate the command) or \-1 if an error occurred. |
| .sp |
.sp |
| The function arguments are as follows: |
The function arguments are as follows: |
| .PD |
|
| .TP 6n |
.TP 6n |
| buf |
buf |
| The buffer containing command output. |
The buffer containing command output. |
|
Line 1831 len
|
Line 1824 len
|
| The length of |
The length of |
| \fIbuf\fR |
\fIbuf\fR |
| in bytes. |
in bytes. |
| |
.PD 0 |
| .PP |
.PP |
| .RE |
.RE |
| .PD 0 | .PD |
| .TP 6n |
.TP 6n |
| log_stderr |
log_stderr |
| .RS |
|
| .nf |
.nf |
| .RS 0n | .RS 6n |
| int (*log_stderr)(const char *buf, unsigned int len); |
int (*log_stderr)(const char *buf, unsigned int len); |
| .RE |
.RE |
| .fi |
.fi |
| |
.RS 6n |
| .sp |
.sp |
| The |
The |
| \fBlog_stderr\fR() |
\fBlog_stderr\fR() |
|
Line 1855 Returns 1 if the data should be passed to the user, 0
|
Line 1849 Returns 1 if the data should be passed to the user, 0
|
| rejected (which will terminate the command) or \-1 if an error occurred. |
rejected (which will terminate the command) or \-1 if an error occurred. |
| .sp |
.sp |
| The function arguments are as follows: |
The function arguments are as follows: |
| .PD |
|
| .TP 6n |
.TP 6n |
| buf |
buf |
| The buffer containing command output. |
The buffer containing command output. |
|
Line 1864 len
|
Line 1857 len
|
| The length of |
The length of |
| \fIbuf\fR |
\fIbuf\fR |
| in bytes. |
in bytes. |
| |
.PD 0 |
| .PP |
.PP |
| .RE |
.RE |
| .PD 0 | .PD |
| .TP 6n |
.TP 6n |
| register_hooks |
register_hooks |
| See the |
See the |
| \fIPolicy plugin API\fR |
\fIPolicy plugin API\fR |
| section for a description of |
section for a description of |
| \fRregister_hooks\fR. |
\fRregister_hooks\fR. |
| .PD |
|
| .TP 6n |
.TP 6n |
| deregister_hooks |
deregister_hooks |
| See the |
See the |
|
Line 1980 hook_type
|
Line 1973 hook_type
|
| The |
The |
| \fRhook_type\fR |
\fRhook_type\fR |
| field may be one of the following supported hook types: |
field may be one of the following supported hook types: |
| .RS | .PP |
| | .RS 6n |
| | .PD 0 |
| .TP 6n |
.TP 6n |
| \fRSUDO_HOOK_SETENV\fR |
\fRSUDO_HOOK_SETENV\fR |
| The C library |
The C library |
|
Line 1991 The
|
Line 1986 The
|
| \fRhook_fn\fR |
\fRhook_fn\fR |
| field should |
field should |
| be a function that matches the following typedef: |
be a function that matches the following typedef: |
| .RS |
|
| .nf |
.nf |
| .sp |
.sp |
| .RS 0n | .RS 6n |
| typedef int (*sudo_hook_fn_setenv_t)(const char *name, |
typedef int (*sudo_hook_fn_setenv_t)(const char *name, |
| const char *value, int overwrite, void *closure); |
const char *value, int overwrite, void *closure); |
| .RE |
.RE |
| .fi |
.fi |
| |
.RS 6n |
| .sp |
.sp |
| If the registered hook does not match the typedef the results are |
If the registered hook does not match the typedef the results are |
| unspecified. |
unspecified. |
| .PP |
|
| .RE |
.RE |
| .PD 0 | .PD |
| .TP 6n |
.TP 6n |
| \fRSUDO_HOOK_UNSETENV\fR |
\fRSUDO_HOOK_UNSETENV\fR |
| The C library |
The C library |
|
Line 2015 The
|
Line 2009 The
|
| \fRhook_fn\fR |
\fRhook_fn\fR |
| field should |
field should |
| be a function that matches the following typedef: |
be a function that matches the following typedef: |
| .RS |
|
| .nf |
.nf |
| .sp |
.sp |
| .RS 0n | .RS 6n |
| typedef int (*sudo_hook_fn_unsetenv_t)(const char *name, |
typedef int (*sudo_hook_fn_unsetenv_t)(const char *name, |
| void *closure); |
void *closure); |
| .RE |
.RE |
| .fi |
.fi |
| .PD |
|
| .PP |
|
| .RE |
|
| .PD 0 |
|
| .TP 6n |
.TP 6n |
| \fRSUDO_HOOK_GETENV\fR |
\fRSUDO_HOOK_GETENV\fR |
| The C library |
The C library |
|
Line 2037 The
|
Line 2026 The
|
| \fRhook_fn\fR |
\fRhook_fn\fR |
| field should |
field should |
| be a function that matches the following typedef: |
be a function that matches the following typedef: |
| .RS |
|
| .nf |
.nf |
| .sp |
.sp |
| .RS 0n | .RS 6n |
| typedef int (*sudo_hook_fn_getenv_t)(const char *name, |
typedef int (*sudo_hook_fn_getenv_t)(const char *name, |
| char **value, void *closure); |
char **value, void *closure); |
| .RE |
.RE |
| .fi |
.fi |
| |
.RS 6n |
| .sp |
.sp |
| If the registered hook does not match the typedef the results are |
If the registered hook does not match the typedef the results are |
| unspecified. |
unspecified. |
| .PD |
|
| .PP |
|
| .RE |
.RE |
| .PD 0 |
|
| .TP 6n |
.TP 6n |
| \fRSUDO_HOOK_PUTENV\fR |
\fRSUDO_HOOK_PUTENV\fR |
| The C library |
The C library |
|
Line 2062 The
|
Line 2048 The
|
| \fRhook_fn\fR |
\fRhook_fn\fR |
| field should |
field should |
| be a function that matches the following typedef: |
be a function that matches the following typedef: |
| .RS |
|
| .nf |
.nf |
| .sp |
.sp |
| .RS 0n | .RS 6n |
| typedef int (*sudo_hook_fn_putenv_t)(char *string, |
typedef int (*sudo_hook_fn_putenv_t)(char *string, |
| void *closure); |
void *closure); |
| .RE |
.RE |
| .fi |
.fi |
| |
.RS 6n |
| .sp |
.sp |
| If the registered hook does not match the typedef the results are |
If the registered hook does not match the typedef the results are |
| unspecified. |
unspecified. |
| .RE |
.RE |
| .PD | .PD 0 |
| .PP |
.PP |
| .RE |
.RE |
| .PD 0 | .PD |
| .TP 6n |
.TP 6n |
| hook_fn |
hook_fn |
| sudo_hook_fn_t hook_fn; |
sudo_hook_fn_t hook_fn; |
|
Line 2098 is passed as the last function parameter.
|
Line 2084 is passed as the last function parameter.
|
| This can be used to pass arbitrary data to the plugin's hook implementation. |
This can be used to pass arbitrary data to the plugin's hook implementation. |
| .sp |
.sp |
| The function return value may be one of the following: |
The function return value may be one of the following: |
| .RS | .PP |
| .PD | .RS 6n |
| | .PD 0 |
| .TP 6n |
.TP 6n |
| \fRSUDO_HOOK_RET_ERROR\fR |
\fRSUDO_HOOK_RET_ERROR\fR |
| The hook function encountered an error. |
The hook function encountered an error. |
| |
.PD |
| .TP 6n |
.TP 6n |
| \fRSUDO_HOOK_RET_NEXT\fR |
\fRSUDO_HOOK_RET_NEXT\fR |
| The hook completed without error, go on to the next hook (including |
The hook completed without error, go on to the next hook (including |
|
Line 2122 hook that operates on a private copy of
|
Line 2110 hook that operates on a private copy of
|
| the environment but leaves |
the environment but leaves |
| \fRenviron\fR |
\fRenviron\fR |
| unchanged. |
unchanged. |
| |
.PD 0 |
| |
.PP |
| .RE |
.RE |
| |
.PD |
| .PP |
.PP |
| Note that it is very easy to create an infinite loop when hooking |
Note that it is very easy to create an infinite loop when hooking |
| C library functions. |
C library functions. |
|
Line 2186 to the policy plugin.
|
Line 2177 to the policy plugin.
|
| A plugin may also accept a |
A plugin may also accept a |
| \fIrunas_user\fR |
\fIrunas_user\fR |
| in the form of |
in the form of |
| ``user@hostname'' | \(lquser@hostname\(rq |
| which will work with older versions of |
which will work with older versions of |
| \fBsudo\fR. |
\fBsudo\fR. |
| It is anticipated that remote commands will be supported by executing a |
It is anticipated that remote commands will be supported by executing a |
| ``helper'' | \(lqhelper\(rq |
| program. |
program. |
| The policy plugin should setup the execution environment such that the |
The policy plugin should setup the execution environment such that the |
| \fBsudo\fR |
\fBsudo\fR |
|
Line 2386 to determine the API version the group plugin
|
Line 2377 to determine the API version the group plugin
|
| was built against. |
was built against. |
| .TP 6n |
.TP 6n |
| init |
init |
| .RS |
|
| .nf |
.nf |
| .RS 0n | .RS 6n |
| int (*init)(int version, sudo_printf_t plugin_printf, |
int (*init)(int version, sudo_printf_t plugin_printf, |
| char *const argv[]); |
char *const argv[]); |
| .RE |
.RE |
| .fi |
.fi |
| |
.RS 6n |
| .sp |
.sp |
| The |
The |
| \fBinit\fR() |
\fBinit\fR() |
|
Line 2435 If no arguments were given,
|
Line 2426 If no arguments were given,
|
| \fIargv\fR |
\fIargv\fR |
| will be |
will be |
| \fRNULL\fR. |
\fRNULL\fR. |
| |
.PD 0 |
| .PP |
.PP |
| .RE |
.RE |
| .PD 0 | .PD |
| .TP 6n |
.TP 6n |
| cleanup |
cleanup |
| .RS |
|
| .nf |
.nf |
| .RS 0n | .RS 6n |
| void (*cleanup)(); |
void (*cleanup)(); |
| .RE |
.RE |
| .fi |
.fi |
| |
.RS 6n |
| .sp |
.sp |
| The |
The |
| \fBcleanup\fR() |
\fBcleanup\fR() |
|
Line 2454 function is called when
|
Line 2446 function is called when
|
| has finished its |
has finished its |
| group checks. |
group checks. |
| The plugin should free any memory it has allocated and close open file handles. |
The plugin should free any memory it has allocated and close open file handles. |
| .PD |
|
| .PP |
|
| .RE |
.RE |
| .PD 0 |
|
| .TP 6n |
.TP 6n |
| query |
query |
| .br |
.br |
| .RS |
|
| .nf |
.nf |
| .RS 0n | .RS 6n |
| int (*query)(const char *user, const char *group, |
int (*query)(const char *user, const char *group, |
| const struct passwd *pwd); |
const struct passwd *pwd); |
| .RE |
.RE |
| .fi |
.fi |
| |
.RS 6n |
| .sp |
.sp |
| The |
The |
| \fBquery\fR() |
\fBquery\fR() |
|
Line 2477 is a member of
|
Line 2466 is a member of
|
| \fIgroup\fR. |
\fIgroup\fR. |
| .sp |
.sp |
| The function arguments are as follows: |
The function arguments are as follows: |
| .PD |
|
| .TP 6n |
.TP 6n |
| user |
user |
| The name of the user being looked up in the external group database. |
The name of the user being looked up in the external group database. |
|
Line 2497 present in the password database,
|
Line 2485 present in the password database,
|
| \fIpwd\fR |
\fIpwd\fR |
| will be |
will be |
| \fRNULL\fR. |
\fRNULL\fR. |
| |
.PD 0 |
| |
.PP |
| .RE |
.RE |
| |
.PD |
| .PP |
.PP |
| \fIGroup API Version Macros\fR |
\fIGroup API Version Macros\fR |
| .nf |
.nf |
|
Line 2595 The
|
Line 2586 The
|
| entry was added to the |
entry was added to the |
| \fRsettings\fR |
\fRsettings\fR |
| list. |
list. |
| |
.TP 6n |
| |
Version 1.5 (sudo 1.8.9) |
| |
The |
| |
entry was added to the |
| |
\fRcommand_info\fR |
| |
list. |
| .SH "SEE ALSO" |
.SH "SEE ALSO" |
| sudo.conf(@mansectform@), |
sudo.conf(@mansectform@), |
| sudoers(@mansectform@), |
sudoers(@mansectform@), |
|
Line 2610 search the archives.
|
Line 2607 search the archives.
|
| .SH "DISCLAIMER" |
.SH "DISCLAIMER" |
| \fBsudo\fR |
\fBsudo\fR |
| is provided |
is provided |
| ``AS IS'' | \(lqAS IS\(rq |
| and any express or implied warranties, including, but not limited |
and any express or implied warranties, including, but not limited |
| to, the implied warranties of merchantability and fitness for a |
to, the implied warranties of merchantability and fitness for a |
| particular purpose are disclaimed. |
particular purpose are disclaimed. |
![[BACK]](/icons/cvsweb/back.gif){kind=icon}
Return to sudo_plugin.man.in CVS log ![[TXT]](/icons/cvsweb/text.gif){kind=icon}
![[DIR]](/icons/cvsweb/dir.gif){kind=icon}
Up to [ELWIX - Embedded LightWeight unIX -] / embedaddon / sudo / doc